CVE-2019-17003

Summary

Scanning a QR code that contained a javascript: URL would have resulted in the Javascript being executed.

Affected Software

VendorProductVersion RangeStatus
MozillaFirefox for iOSunspecified <= 25unknown
MozillaFirefox for iOSnext of 25 < unspecifiedunaffected

Weaknesses

  • Improper parsing of QR codes in address bar could lead to XSS

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References