An attacker could have executed unauthorized scripts on top origin sites using a JavaScript URI when opening an external URL with a custom Firefox scheme.
Using an AMP url with a canonical element, an attacker could have executed JavaScript from an opened bookmarked page.
Upon scanning a JavaScript URI with the QR code scanner, an attacker could have executed unauthorized scripts on the current top origin sites in the URL bar.
CPE | Name | Operator | Version |
---|---|---|---|
firefox for ios | lt | 123 |