CVE-2025-10859: 
Mozilla Firefox vulnerability analysis and mitigation

CVE-2025-10859 is a privacy vulnerability discovered in Firefox for iOS versions prior to 143.1. The vulnerability was disclosed on September 28, 2025, and affects the browser's Incognito mode functionality. The issue was reported by security researcher Muneaki Nishimura (Mozilla Advisory).

The vulnerability stems from incorrect sharing of cookie storage for non-HTML temporary documents with normal browsing content. This implementation flaw allows information from private browsing tabs to persist and be accessible even after the user has closed all private tabs. The vulnerability has been assigned a CVSS 3.1 base score of 4.0 (Medium) with the vector string CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N. It has been classified under CWE-359 (Exposure of Private Personal Information to an Unauthorized Actor) (NVD).

The vulnerability compromises the privacy expectations of Firefox for iOS users by potentially exposing private browsing data to regular browsing sessions. This means that information users believed to be temporary and private could be accessed after closing private browsing sessions, effectively breaking the privacy guarantees of Incognito mode (Mozilla Advisory).

Mozilla has addressed this vulnerability in Firefox for iOS version 143.1. Users are advised to update their Firefox iOS application to this version or later to protect their private browsing data (Mozilla Advisory).