QR Code Scanner May Direct Users to Unwanted Content Without Prompt
CVE-2024-0953

6.1MEDIUM

Key Information:

Vendor: Mozilla
Status: Firefox For iOS
Vendor: CVE Published:; 5 February 2024

Summary

When a user scans a QR Code with the QR Code Scanner feature, the user is not prompted before being navigated to the page specified in the code. This may surprise the user and potentially direct them to unwanted content. This vulnerability affects Firefox for iOS < 129.

Affected Version(s)

Firefox for iOS < 129

References

https://bugzilla.mozilla.org/show_bug.cgi?id=1837916

https://www.mozilla.org/security/advisories/mfsa2024-36/

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Feb 5, 2024
Vulnerability Reserved
Jan 26, 2024

Credit

Lohith Gowda M