PT-2024-3798 · Mozilla · Firefox
Chaykin Artem
·
Published
2024-04-02
·
Updated
2024-10-30
·
CVE-2024-31392
CVSS v3.1
7.5
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N |
Name of the Vulnerable Software and Affected Versions
Firefox for iOS versions prior to 124
Description
The issue is related to the browser's handling of insecure elements added to a page after a delay, which could lead to a mixed content security status not being properly indicated. This could potentially allow a remote attacker to add an insecure element to a webpage after a certain time delay, exploiting the lack of protection for the webpage structure.
Recommendations
For Firefox for iOS versions prior to 124, update to version 124 or later to resolve the issue.
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Firefox