PT-2024-21331 · Mozilla · Firefox
Muneaki Nishimura
·
Published
2024-02-22
·
Updated
2024-08-29
·
CVE-2024-26283
CVSS v3.1
7.8
High
| Vector | AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Firefox for iOS versions prior to 123
Description
An attacker could execute unauthorized scripts on top origin sites using a JavaScript URI when opening an external URL with a custom Firefox scheme.
Recommendations
For Firefox for iOS versions prior to 123, update to version 123 or later to resolve the issue. As a temporary workaround, consider restricting the use of custom Firefox schemes when opening external URLs to minimize the risk of exploitation.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Firefox