Lucene search

[email protected]NVD:CVE-2024-8399

HistorySep 03, 2024 - 8:15 p.m.

CVE-2024-8399

2024-09-0320:15:09

[email protected]

web.nvd.nist.gov

websites

javascript

spoof

url

focus

ios

CVSS3

4.7

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N

EPSS

0.001

Percentile

17.7%

JSON

Websites could utilize Javascript links to spoof URL addresses in the Focus navigation bar This vulnerability affects Focus for iOS < 130.

Affected configurations

Nvd

Node

mozillafirefox_focusRange<130.0iphone_os

VendorProductVersionCPE
mozillafirefox_focus*cpe:2.3:a:mozilla:firefox_focus:*:*:*:*:*:iphone_os:*:*

Vendor	Product	Version	CPE
mozilla	firefox_focus	*	cpe:2.3:a:mozilla:firefox_focus::::::iphone_os::*

References

bugzilla.mozilla.org/show_bug.cgi?id=1863838

www.mozilla.org/security/advisories/mfsa2024-42/

CVSS3

4.7

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N

EPSS

0.001

Percentile

17.7%

JSON

Related for NVD:CVE-2024-8399

cvelist1 vulnrichment1 mozilla1 cve1