Second-Order Alert: Incorrectly Allowing Internal Links to Utilize App Scheme for Deeplinking Could Bypass URL Safety Checks

CVE-2024-10474

6.5MEDIUM

Key Information

Vendor
Mozilla
Status
Focus For iOS
Vendor
CVE Published:
29 October 2024

Summary

Focus was incorrectly allowing internal links to utilize the app scheme used for deeplinking, which could result in links potentially circumventing some URL safety checks This vulnerability affects Focus for iOS < 132.

Affected Version(s)

Focus for iOS < 132

Refferences

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
None
Integrity:
High
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Collectors

NVD DatabaseMitre Database

Credit

James Lee
.