A critical vulnerability has been identified in Mozilla Firefox for iOS which allows a malicious website to bypass security restrictions and download files directly to a user's device. An attacker could exploit this flaw by tricking a user into visiting a specially crafted webpage, potentially leading to malware infection or the delivery of other harmful content. Due to the high severity, immediate action is required to update all affected browsers.

This vulnerability exists in the way Firefox for iOS handles sandboxed iframes. The 'sandbox' attribute is a security mechanism designed to restrict the actions of embedded content on a webpage, such as preventing automatic downloads. An attacker can create a malicious webpage with a specially crafted iframe that bypasses these sandbox restrictions, allowing it to initiate a file download to the user's device without their consent. Exploitation simply requires a user on a vulnerable device to navigate to the attacker's webpage.

This vulnerability is rated as critical severity with a CVSS score of 9.8, posing a significant risk to the organization. Successful exploitation could lead to "drive-by download" attacks, where malware, ransomware, or spyware is installed on corporate or personal iOS devices. This could result in the theft of sensitive corporate data, compromise of user credentials, and an initial foothold for attackers to move laterally across the corporate network. The potential for data breaches and system compromise presents a severe financial and reputational risk.

Immediate Action: Update all instances of Mozilla Firefox for iOS to version 141 or later. Prioritize this update for all managed corporate and BYOD devices to eliminate the vulnerability. Ensure mobile device management (MDM) policies enforce the deployment of this update immediately.

Proactive Monitoring: Security teams should monitor for signs of exploitation. This includes reviewing web proxy and firewall logs for unusual file downloads originating from iOS devices, particularly from untrusted websites. Utilize Mobile Threat Defense (MTD) or EDR solutions to detect suspicious file creation or anomalous behavior originating from the Firefox for iOS application.

Compensating Controls: If immediate patching is not feasible, implement the following controls:

• Use a web filtering solution to block access to uncategorized and known malicious websites.
• Instruct users to use an alternative, secure browser on their iOS devices until Firefox can be patched.
• Enforce network security policies that restrict downloads of certain high-risk file types on mobile devices.

Public Exploit Available: false

Given the critical severity of this vulnerability (CVSS 9.8), organizations must treat its remediation as the highest priority. The risk of a remote, unauthenticated attacker delivering a malicious payload through a common web browser is exceptionally high. Although this CVE is not currently on the CISA KEV list, its potential impact warrants immediate action. We strongly recommend identifying all vulnerable instances of Firefox for iOS within the environment and updating them to a patched version without delay.