Race Condition Vulnerability in Focus for iOS by Mozilla
CVE-2024-0605

7.5HIGH

Key Information:

Vendor

Mozilla
Status
Focus For iOS
Vendor
CVE Published:
22 January 2024

What is CVE-2024-0605?

A vulnerability in Focus for iOS allows attackers to exploit a race condition involving a javascript: URI and a setTimeout function. This exploitation can lead to unauthorized script execution on top origin sites in the URL bar, effectively bypassing existing security measures. As a result, attackers can gain the ability to execute arbitrary code or perform unauthorized actions on the user's webpage. This poses significant risks to user data integrity and web security for users running the affected versions of Focus for iOS.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Focus for iOS < 122

References

https://bugzilla.mozilla.org/show_bug.cgi?id=1855575
https://www.mozilla.org/security/advisories/mfsa2024-03/

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

James Lee
JSON
.