EUVD-2026-35837

UXSS in Focus for iOS / Klar Webkit navigation. This vulnerability was fixed in Focus for iOS 151.3.1 and Klar for iOS 151.3.1...

CVE-2023-29538

Under specific circumstances a WebExtension may have received a jar:file:/// URI instead of a moz-extension:/// URI during a load request. This leaked directory paths on the user's machine. This vulnerability affects Firefox for Android 112, Firefox 112, and Focus for Android 112...

CVE-2024-10474

Focus was incorrectly allowing internal links to utilize the app scheme used for deeplinking, which could result in links potentially circumventing some URL safety checks This vulnerability affects Focus for iOS 132...

CVE-2025-3859

Websites directing users to long URLs that caused eliding to occur in the location view could leverage the truncating behavior to potentially trick users into thinking they were on a different webpage. This vulnerability was fixed in Focus 138...

CVE-2025-3859

Summary: CVE-2025-3859 affects Mozilla Firefox Focus for iOS (pre-138 builds). The vulnerability arises from a long URL truncation/eliding behavior in the address/location bar, which can mislead users into thinking they are on a different webpage. This is tied to the Firefox Focus/iOS truncation ...

CVE-2025-1941

CVE-2025-1941 concerns Mozilla Firefox before version 136, with an authentication-bypass in an opt-in focus setting. The initial description states bypass under certain circumstances but provides no specific root-cause or exploit details. Connected documents corroborate Firefox < 136 as affect...

CVE-2020-11853

Arbitrary code execution vulnerability affecting multiple Micro Focus products. 1. Operation Bridge Manager affecting version: 2020.05, 2019.11, 2019.05, 2018.11, 2018.05, versions 10.6x and 10.1x and older versions. 2. Application Performance Management affecting versions : 9.51, 9.50 and 9.40...

SUSE CVE-2025-0245

Under certain circumstances, a user opt-in setting that Focus should require authentication before use could have been be bypassed. This vulnerability was fixed in Firefox 134...

PT-2024-4554 · Unknown · Focus For Ios

Name of the Vulnerable Software and Affected Versions: Focus for iOS versions prior to 126 Description: The issue is related to the file scheme of URLs being hidden, potentially allowing spoofing of a website's address in the location bar. This could enable a remote attacker to conduct spoofing...

UBUNTU-CVE-2024-2609

The permission prompt input delay could expire while the window is not in focus. This makes it vulnerable to clickjacking by malicious websites. This vulnerability affects Firefox 124, Firefox ESR 115.10, and Thunderbird 115.10...

PT-2024-21332 · Unknown · Focus For Ios

Name of the Vulnerable Software and Affected Versions: Focus for iOS versions prior to 123 Description: This issue allows an attacker to conduct a Universal Cross-Site Scripting UXSS attack on a victim website using a 302 redirect, provided the victim has a link to the attacker's website...

SUSE CVE-2007-3511

The focus handling for the onkeydown event in Mozilla Firefox 1.5.0.12, 2.0.0.4 and other versions before 2.0.0.8, and SeaMonkey before 1.1.5 allows remote attackers to change field focus and copy keystrokes via the "for" attribute in a label, which bypasses the focus prevention, as demonstrated ...

CVE-2007-2841

...

CVE-2016-1657

The WebContentsImpl::FocusLocationBarByDefault function in content/browser/webcontents/webcontentsimpl.cc in Google Chrome before 50.0.2661.75 mishandles focus for certain about:blank pages, which allows remote attackers to spoof the address bar via a crafted URL...

webkit: stale pointer issue with focusing

Use-after-free vulnerability in WebKit, as used in Apple Safari before 4.1.3 and 5.0.x before 5.0.3, Google Chrome before 6.0.472.53, and webkitgtk before 1.2.6, allows remote attackers to execute arbitrary code or cause a denial of service application crash via vectors involving element focus...

GlassFish Enterprise Server 2.1 - Admin Console sysnetregistration.jsf URI Cross-Site Scripting

GlassFish Enterprise Server 2.1 - Admin Console sysnetregistration.jsf URI Cross-Site Scripting source: https://www.securityfocus.com/bid/34824/info GlassFish Enterprise Server is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied input...

PHPGKit 0.9 - connexion.php Remote File Inclusion

PHPGKit 0.9 - connexion.php Remote File Inclusion source: https://www.securityfocus.com/bid/28526/info PhpGKit is prone to a remote file-include vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this issue to execute malicious PHP code in the context...

Joomla! Component JD-Wiki 1.0.2 - 'wantedpages.php?MosConfig_absolute_path' Remote File Inclusion

source: https://www.securityfocus.com/bid/24342/info JD-Wiki is prone to multiple remote file-include vulnerabilities because it fails to properly sanitize user-supplied input. An attacker can exploit these issues to include arbitrary remote files containing malicious PHP code and execute it in t...