Race Condition Vulnerability in Focus for iOS by Mozilla
CVE-2024-0605

7.5HIGH

Key Information:

Vendor: Mozilla
Status: Focus for iOS
Vendor: CVE Published:; 22 January 2024

Summary

A vulnerability in Focus for iOS allows attackers to exploit a race condition involving a javascript: URI and a setTimeout function. This exploitation can lead to unauthorized script execution on top origin sites in the URL bar, effectively bypassing existing security measures. As a result, attackers can gain the ability to execute arbitrary code or perform unauthorized actions on the user's webpage. This poses significant risks to user data integrity and web security for users running the affected versions of Focus for iOS.

Affected Version(s)

Focus for iOS < 122

References

https://bugzilla.mozilla.org/show_bug.cgi?id=1855575

https://www.mozilla.org/security/advisories/mfsa2024-03/

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Jan 22, 2024
Vulnerability Reserved
Jan 16, 2024

Credit

James Lee