JavaScript Execution Vulnerability in Firefox for iOS
CVE-2024-26282

7.1HIGH

Key Information:

Vendor: Mozilla
Status: Firefox For iOS
Vendor: CVE Published:; 22 February 2024

What is CVE-2024-26282?

A security issue has been identified in Firefox for iOS, where attackers can exploit AMP URLs containing a canonical element to execute arbitrary JavaScript from bookmarked pages. This could lead to potential data leakage or manipulation if successfully targeted. Users are advised to update to the latest version to ensure their protection against this security flaw.

Affected Version(s)

Firefox for iOS < 123

References

https://bugzilla.mozilla.org/show_bug.cgi?id=1863788

https://www.mozilla.org/security/advisories/mfsa2024-08/

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

Low

Integrity:

High

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 22, 2024
Vulnerability Reserved
Feb 15, 2024

Credit

Muneaki Nishimura