Using a javascript: URI with a setTimeout race condition, an attacker can execute unauthorized scripts on top origin sites in urlbar. This bypasses security measures, potentially leading to arbitrary code execution or unauthorized actions within the user's loaded webpage. This vulnerability affects Focus for iOS < 122.
References
Link | Resource |
---|---|
https://bugzilla.mozilla.org/show_bug.cgi?id=1855575 | Issue Tracking Permissions Required |
https://www.mozilla.org/security/advisories/mfsa2024-03/ | Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mozilla
Published: 2024-01-22T18:23:24.614Z
Updated: 2024-01-22T18:23:24.614Z
Reserved: 2024-01-16T16:14:25.975Z
Link: CVE-2024-0605
JSON object: View
NVD Information
Status : Analyzed
Published: 2024-01-22T19:15:09.423
Modified: 2024-01-30T15:19:19.787
Link: CVE-2024-0605
JSON object: View
Redhat Information
No data.
CWE