Unauthorized Script Execution Vulnerability in Focus for iOS by Mozilla
CVE-2024-0606

6.1MEDIUM

Key Information:

Vendor: Mozilla
Status: Focus for iOS
Vendor: CVE Published:; 22 January 2024

Summary

A security flaw in Focus for iOS allows attackers to execute unauthorized scripts on legitimate sites by leveraging window.open() in connection with JavaScript URIs. This exploitation can lead to unauthorized actions on the user's webpage, potentially compromising user data and privacy. The affected versions include all versions prior to 122, necessitating users to update to ensure robust security against such attacks.

Affected Version(s)

Focus for iOS < 122

References

https://bugzilla.mozilla.org/show_bug.cgi?id=1855030

https://www.mozilla.org/security/advisories/mfsa2024-03/

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Jan 22, 2024
Vulnerability Reserved
Jan 16, 2024

Credit

James Lee