Lucene search

[email protected]CVE-2024-0606

HistoryJan 22, 2024 - 7:15 p.m.

CVE-2024-0606

2024-01-2219:15:09

CWE-79

[email protected]

web.nvd.nist.gov

cve-2024-0606

attacker

unauthorized script

uxss

window.open()

javascript uri

vulnerability

focus for ios

nvd

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

6.1 Medium

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

16.8%

JSON

An attacker could execute unauthorized script on a legitimate site through UXSS using window.open() by opening a javascript URI leading to unauthorized actions within the user’s loaded webpage. This vulnerability affects Focus for iOS < 122.

Affected configurations

Vulners

NVD

Node

mozillafocusRange≤122

VendorProductVersionCPE
mozillafocus*cpe:2.3:a:mozilla:focus:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
mozilla	focus	*	cpe:2.3:a:mozilla:focus::::::::

CNA Affected

[
  {
    "product": "Focus for iOS",
    "vendor": "Mozilla",
    "versions": [
      {
        "lessThan": "122",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]

References

bugzilla.mozilla.org/show_bug.cgi?id=1855030

www.mozilla.org/security/advisories/mfsa2024-03/

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

6.1 Medium

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

16.8%

JSON

Related for CVE-2024-0606

prion1 cvelist1 nvd1 mozilla1