JavaScript Execution Vulnerability in Mozilla Products
CVE-2019-17003

6.1MEDIUM

Key Information:

Vendor: Mozilla
Status: Firefox For iOS
Vendor: CVE Published:; 16 February 2023

Summary

A vulnerability in Mozilla Firefox allows for the execution of JavaScript when scanning a QR code containing a javascript: URL. This could potentially enable attackers to run malicious scripts, compromising user data or altering browser behavior. Users are recommended to update to the latest version to mitigate the risk associated with this issue.

Affected Version(s)

Firefox for iOS next of 25

References

https://bugzilla.mozilla.org/show_bug.cgi?id=CVE-2019-17003

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Feb 16, 2023
Vulnerability Reserved
Sep 30, 2019