CVE-2025-27426: 
NixOS vulnerability analysis and mitigation

A security vulnerability identified as CVE-2025-27426 affects Firefox for iOS versions below 136. The vulnerability was discovered by a researcher named Renwa and was publicly disclosed on February 24, 2025. This security flaw specifically impacts the mobile version of Firefox running on iOS devices (Mozilla Advisory).

The vulnerability is classified as a URL Redirection to Untrusted Site ('Open Redirect') issue, identified under CWE-601. According to the CVSS 3.1 scoring system, it received a base score of 5.4 (Medium), with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N. This indicates that the vulnerability can be exploited over the network, requires low attack complexity, needs no privileges, but does require user interaction (NVD).

The vulnerability allows malicious websites to spoof the website URL in Firefox's address bar through a server-side redirect to an internal error page. This could potentially lead to convincing phishing attacks where users might believe they are on a legitimate website when they are actually on a malicious one (Mozilla Advisory).

Mozilla has addressed this vulnerability in Firefox for iOS version 136. Users are strongly advised to update their Firefox iOS application to version 136 or later to protect against this security flaw (Mozilla Advisory).