Mozilla pushed Firefox for iOS 151.2 on June 1 to fix two security vulnerabilities in Reader View, both rated high severity.

Reader View is the stripped-down reading mode that removes ads, menus, and images from a webpage and shows you plain text. A lot of people use it without thinking much about it. These bugs lived inside that feature.

The first flaw, tracked as CVE-2026-9308, came down to how Reader View built its HTML template. It was swapping in page content before it finished replacing some internal placeholders. A malicious page could exploit that ordering to inject arbitrary JavaScript.

firefox-ios-cve-patch-151-2-1

The second bug, CVE-2026-9309, was a missing HTML escape in Reader View’s handling of JSON-LD metadata, a type of structured data that sites embed in pages. So basically, it had the same result: a crafted page could inject markup and run JavaScript it had no business running.

firefox-ios-cve-patch-151-2-2

Mozilla’s advisory describes the impact of both as high. And there’s no mention of either vulnerability being exploited in the wild. So this doesn’t appear to be an emergency situation. Still, the fix is already out.

The Mozilla advisory credits Muneaki Nishimura as the reporter for both CVE-2026-9308 and CVE-2026-9309.

To get the fix, open the App Store, search for Firefox, and install the update if you don’t already have version 151.2. You can also check your current version by going to Firefox Settings > About Firefox.

That said, other than these security fixes, it’s not immediately clear if the update adds any other features. The release notes just mention “behind-the-scenes updates”.

firefox-151-2-ios-release-notes

The browser recently gained Chrome-like adaptive URL autofill, but only on desktop for now, with no timeline for mobile support.

We stand out from the tech-media crowd because we break news stories; we mainly bring you stuff that you won’t find anywhere in the mainstream tech media. Our stories have been picked up by some of the world’s most popular websites and media outlets—more info is available here.
user-profile user-profile

Dwayne Cubbins
2728 Posts

I cover fast-moving stories across apps, online platforms, and everyday tech — phones, wearables, consoles, and whatever else people are fighting with this week. Bugs, rollouts, scams, policy enforcement, and the occasional internet-culture rabbit hole are all fair game. My goal is simple — make confusing tech news readable. When I'm not working, I'm working out or chilling with my dog. Got a tip? You can find me on X @dcubbins.

Next article View Article
Apple

PSA: Chrome on iOS now lets you import data from Safari — here's how

Chrome on iOS now lets you import data from Safari, and yes, it finally works without weird workarounds. According to the app's version history log on the App Store...
Jun 03, 2026 2 Min Read