URL Spoofing Vulnerability in Focus for iOS by Mozilla
CVE-2024-8399

4.7MEDIUM

Key Information:

Vendor: Mozilla
Status: Firefox Focus
Vendor: CVE Published:; 3 September 2024

Summary

A vulnerability has been identified in Focus for iOS that allows malicious websites to exploit JavaScript links to manipulate the URL displayed in the Focus navigation bar. This misrepresentation can lead users to believe they are navigating to a trusted site, while they are actually being directed to a potentially harmful domain. This issue affects versions of Focus for iOS prior to 130, highlighting the need for users to update to the latest version to mitigate the risk associated with this vulnerability.

References

https://bugzilla.mozilla.org/show_bug.cgi?id=1863838

https://www.mozilla.org/security/advisories/mfsa2024-42/

CVSS V3.1

Score:

4.7

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Sep 3, 2024