PatchSiren cyber security CVE debrief
CVE-2026-11799 Mozilla CVE debrief
CVE-2026-11799 is a UXSS (User Experience Security issue, potentially leading to Spoofing) vulnerability affecting Focus for iOS and Klar for iOS. The issue is related to Webkit navigation. The vulnerability was fixed in Focus for iOS 151.3.1 and Klar for iOS 151.3.1. The CVSS score for this vulnerability is 7.5, indicating a HIGH severity level. The vulnerability was published on [cve-org](https://www.cve.org/CVERecord?id=CVE-2026-11799) on 2026-06-09T21:17:03.410Z and modified on 2026-06-10T20:14:36.697Z. Additional details can be found on [nvd](https://nvd.nist.gov/vuln/detail/CVE-2026-11799).
- Vendor
- Mozilla
- Product
- Focus for iOS
- CVSS
- HIGH 7.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-09
- Original CVE updated
- 2026-06-10
- Advisory published
- 2026-06-09
- Advisory updated
- 2026-06-10
Who should care
Users of Focus for iOS and Klar for iOS, particularly those using versions prior to 151.3.1, should update their applications to the latest version to mitigate this vulnerability.
Technical summary
The vulnerability, identified as CVE-2026-11799, is a UXSS issue in Focus for iOS / Klar Webkit navigation. It has been assigned a CVSS score of 7.5, indicating a HIGH severity level. The issue was fixed in Focus for iOS 151.3.1 and Klar for iOS 151.3.1. For more technical details, refer to [ref-4](https://bugzilla.mozilla.org/show_bug.cgi?id=1975667) and [ref-5](https://www.mozilla.org/security/advisories/mfsa2026-55/).
Defensive priority
HIGH
Recommended defensive actions
- Update Focus for iOS to version 151.3.1 or later.
- Update Klar for iOS to version 151.3.1 or later.
Evidence notes
The vendor for this vulnerability is listed as Unknown Vendor, but evidence suggests a connection to Mozilla.
Official resources
CVE-2026-11799 was published on 2026-06-09T21:17:03.410Z and modified on 2026-06-10T20:14:36.697Z.