URL Spoofing Vulnerability in Focus for iOS by Mozilla
CVE-2024-8399

4.7MEDIUM

Key Information:

Vendor: Mozilla
Status: Focus For iOS
Vendor: CVE Published:; 3 September 2024

What is CVE-2024-8399?

A vulnerability has been identified in Focus for iOS that allows malicious websites to exploit JavaScript links to manipulate the URL displayed in the Focus navigation bar. This misrepresentation can lead users to believe they are navigating to a trusted site, while they are actually being directed to a potentially harmful domain. This issue affects versions of Focus for iOS prior to 130, highlighting the need for users to update to the latest version to mitigate the risk associated with this vulnerability.

Affected Version(s)

Focus for iOS < 130

References

https://bugzilla.mozilla.org/show_bug.cgi?id=1863838

https://www.mozilla.org/security/advisories/mfsa2024-42/

CVSS V3.1

Score:

4.7

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 3, 2024