PT-2024-18134 · Mozilla+1 · Firefox+1
James Lee
·
Published
2024-02-22
·
Updated
2024-02-22
·
CVE-2024-1563
CVSS v3.1
8.1
High
| Vector | AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Focus for iOS versions prior to 122
Description
An attacker could have executed unauthorized scripts on top origin sites using a JavaScript URI when opening an external URL with a custom Firefox scheme and a timeout race condition.
Recommendations
For Focus for iOS versions prior to 122, update to version 122 or later to resolve the issue. As a temporary workaround, consider restricting the use of custom Firefox schemes when opening external URLs to minimize the risk of exploitation.
Fix
Time Of Check To Time Of Use
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Firefox
Focus