CVE-2024-1563

Summary

An attacker could have executed unauthorized scripts on top origin sites using a JavaScript URI when opening an external URL with a custom Firefox scheme and a timeout race condition. This vulnerability affects Focus for iOS < 122.

Affected Software

VendorProductVersion RangeStatus
MozillaFocus for iOSunspecified < 122affected

Weaknesses

  • UXSS exploit using a timeout after externally opening the application from a custom Focus scheme

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

CVE Program Container

Additional References

References