Lucene search

Mozilla FoundationMFSA2024-36

HistoryAug 05, 2024 - 12:00 a.m.

Security Vulnerabilities fixed in Firefox for iOS 129 — Mozilla

2024-08-0500:00:00

Mozilla Foundation

www.mozilla.org

firefox

ios

cross-site scripting

qr code scanner

vulnerabilities

download link

javascript commands.

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

AI Score

6.4

Confidence

High

EPSS

0.001

Percentile

17.7%

JSON

Long pressing on a download link could potentially provide a means for cross-site scripting
The contextual menu for links could provide an opportunity for cross-site scripting attacks
When a user scans a QR Code with the QR Code Scanner feature, the user is not prompted before being navigated to the page specified in the code. This may surprise the user and potentially direct them to unwanted content.
Long pressing on a download link could potentially allow Javascript commands to be executed within the browser

Affected configurations

Vulners

Node

mozillafirefox_for_iosRange<129

VendorProductVersionCPE
mozillafirefox_for_ios*cpe:2.3:a:mozilla:firefox_for_ios:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
mozilla	firefox_for_ios	*	cpe:2.3:a:mozilla:firefox_for_ios::::::::

References

bugzilla.mozilla.org/show_bug.cgi?id=1837916

bugzilla.mozilla.org/show_bug.cgi?id=1874907

bugzilla.mozilla.org/show_bug.cgi?id=1874910

bugzilla.mozilla.org/show_bug.cgi?id=1874964

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

AI Score

6.4

Confidence

High

EPSS

0.001

Percentile

17.7%

JSON

Related for MFSA2024-36