CVE-2024-0605

Summary

Using a javascript: URI with a setTimeout race condition, an attacker can execute unauthorized scripts on top origin sites in urlbar. This bypasses security measures, potentially leading to arbitrary code execution or unauthorized actions within the user's loaded webpage. This vulnerability affects Focus for iOS < 122.

Affected Software

VendorProductVersion RangeStatus
MozillaFocus for iOSunspecified < 122affected

Weaknesses

  • JavaScript URI running on top origin sites

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References