Cross-Site Scripting Vulnerability in Firefox for iOS by Mozilla
CVE-2024-43113

6.1MEDIUM

Key Information:

Vendor: Mozilla
Status: Firefox For iOS
Vendor: CVE Published:; 6 August 2024

Summary

A cross-site scripting (XSS) vulnerability has been discovered in Firefox for iOS, where the contextual menu for links may allow malicious actors to execute scripts in the context of the user's browser session. This could result in the manipulation of web content or unauthorized actions performed on behalf of the user. Affected users running versions of Firefox for iOS below 129 should update to the latest version to mitigate any potential risks associated with this vulnerability.

Affected Version(s)

Firefox for iOS < 129

References

https://bugzilla.mozilla.org/show_bug.cgi?id=1874964

https://www.mozilla.org/security/advisories/mfsa2024-36/

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Aug 6, 2024

Credit

James Lee