CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
AI Score
Confidence
High
EPSS
Percentile
17.7%
Long pressing on a download link could potentially provide a means for cross-site scripting
The contextual menu for links could provide an opportunity for cross-site scripting attacks
When a user scans a QR Code with the QR Code Scanner feature, the user is not prompted before being navigated to the page specified in the code. This may surprise the user and potentially direct them to unwanted content.
Long pressing on a download link could potentially allow Javascript commands to be executed within the browser
Vendor | Product | Version | CPE |
---|---|---|---|
mozilla | firefox_for_ios | * | cpe:2.3:a:mozilla:firefox_for_ios:*:*:*:*:*:*:*:* |