Lucene search
Mozilla FoundationMFSA2024-08HistoryFeb 19, 2024 - 12:00 a.m.
Security Vulnerabilities fixed in Firefox for iOS 123 — Mozilla
2024-02-1900:00:00
Mozilla Foundation
www.mozilla.org
7
mozilla
ios
javascript
qr code
unauthorized scripts
amp url
top origin sites
custom firefox scheme
security vulnerabilities
An attacker could have executed unauthorized scripts on top origin sites using a JavaScript URI when opening an external URL with a custom Firefox scheme.
Using an AMP url with a canonical element, an attacker could have executed JavaScript from an opened bookmarked page.
Upon scanning a JavaScript URI with the QR code scanner, an attacker could have executed unauthorized scripts on the current top origin sites in the URL bar.
Affected configurations
Node
mozillafirefoxRange<123
| CPE | Name | Operator | Version |
|---|---|---|---|
| firefox for ios | lt | 123 |
Related
nvd
nvd
cnvd
cnvd
Mozilla Firefox for iOS cross-site scripting vulnerability (CNVD-2024-12554)
2024-03-01 00:00:00
Mozilla Firefox for iOS Cross-Site Scripting Vulnerability
2024-03-01 00:00:00
Mozilla Firefox for iOS cross-site scripting vulnerability (CNVD-2024-12553)
2024-03-01 00:00:00
prion
prion
Information disclosure
2024-02-22 15:15:00
Design/Logic Flaw
2024-02-22 15:15:00
Code injection
2024-02-22 15:15:00
cvelist
cvelist
debiancve
debiancve
cve
cve