CVE-2024-0605

Source
https://nvd.nist.gov/vuln/detail/CVE-2024-0605
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-0605.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2024-0605
Published
2024-01-22T19:15:09Z
Modified
2025-01-15T05:04:35.405887Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

Using a javascript: URI with a setTimeout race condition, an attacker can execute unauthorized scripts on top origin sites in urlbar. This bypasses security measures, potentially leading to arbitrary code execution or unauthorized actions within the user's loaded webpage. This vulnerability affects Focus for iOS < 122.

References

Affected packages

Git / github.com/mozilla-mobile/focus-ios

Affected ranges

Type
GIT
Repo
https://github.com/mozilla-mobile/focus-ios
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed

Affected versions

8.*

8.1.1
8.1.6

v2.*

v2.0

v3.*

v3.1
v3.9

v7.*

v7.0.3

v8.*

v8.0
v8.0-b1
v8.0-b2
v8.1-b1