20 matches found
CVE-2024-1563
CVE-2024-1563 affects Mozilla Firefox for iOS Focus prior to version 122. The issue is a timeout race condition involving opening an external URL with a custom Firefox scheme, allowing an attacker to run unauthorized scripts on the top-origin page via a JavaScript URI. Connected documents confirm...
CVE-2024-26284
Focus for iOS is affected by a UXSS vulnerability that can be triggered via a 302 redirect if a victim site links to the attacker’s site. The issue is described for all Focus for iOS versions prior to 123, with remediation implemented in Focus for iOS 123 and later. The root cause involves improp...
CVE-2022-26485
CVE-2022-26485 is a Mozilla/firefox-family use-after-free vulnerability triggered by removing an XSLT parameter during processing. Affected products include Firefox < 97.0.2, Firefox ESR < 91.6.1, Firefox for Android < 97.3.0, Thunderbird < 91.6.2, and Focus
CVE-2022-26486
CVE-2022-26486 describes a use-after-free in the WebGPU IPC framework leading to a sandbox escape. Affected products and versions (per connected docs): Firefox < 97.0.2; Firefox ESR < 91.6.1; Firefox for Android < 97.3.0; Thunderbird < 91.6.2; Focus
CVE-2023-25743
The provided documents confirm CVE-2023-25743 affects Firefox Focus and describes a vulnerability where there is a lack of in-app notification when entering fullscreen mode. This could allow a malicious website to spoof the browser chrome. The root cause is the missing fullscreen notification in ...
CVE-2023-6870
CVE-2023-6870 affects Firefox on Android (Android Firefox/Focus) and is triggered by applications that spawn a Toast notification in a background thread, potentially obscuring the fullscreen notification used by Firefox. The issue is tied to Android UI prompts and could lead to spoofing of the br...
CVE-2023-29546
CVE-2023-29546 affects Firefox for Android (and Focus for Android) with
CVE-2023-29534
CVE-2023-29534 affects Firefox for Android and Focus for Android, with versions earlier than 112 at risk. The issue stems from multiple techniques used to obscure the fullscreen notification, which could lead to user confusion and spoofing. The connected documents indicate the vulnerability is li...
CVE-2024-5022
CVE-2024-5022 affects Mozilla Focus for iOS. The vulnerability arises from the file scheme being hidden, enabling spoofing of the address shown in the location bar. Affected versions are Focus for iOS prior to 126. The issue is described across multiple sources (including Red Hat and CNVD) as a s...
CVE-2025-3859
Summary: CVE-2025-3859 affects Mozilla Firefox Focus for iOS (pre-138 builds). The vulnerability arises from a long URL truncation/eliding behavior in the address/location bar, which can mislead users into thinking they are on a different webpage. This is tied to the Firefox Focus/iOS truncation ...
CVE-2024-10474
The CVE-2024-10474 entry concerns Mozilla Focus for iOS (pre-132). The issue is that internal links could use the app scheme for deeplinking, potentially bypassing URL safety checks and enabling link spoofing. Connected sources confirm Focus for iOS
CVE-2024-8399
The CVE-2024-8399 issue affects Mozilla Focus for iOS prior to version 130, where Javascript links could spoof the navigation bar URL. Root cause: improper handling of Javascript links in the Focus navigation UI. Impact: spoofed URL addresses in the navigation bar; no broader system compromise st...
CVE-2024-0606
CVE-2024-0606 affects Mozilla Focus for iOS before version 122. The issue is a UXSS vulnerability where an attacker can execute unauthorized scripts on a legitimate site by opening a javascript: URI via window.open(), leading to unauthorized actions within the user’s loaded webpage. Connected sou...
CVE-2024-0605
The CVE-2024-0605 issue affects Mozilla Focus for iOS prior to version 122. A race condition arises when using a javascript: URI with setTimeout, enabling an attacker to run unauthorized scripts on top-origin sites via the URL bar, potentially leading to arbitrary code execution or unauthorized a...
CVE-2026-8945
CVE-2026-8945 is described across multiple sources as a sandbox escape in Firefox and Firefox Focus for Android, with the vulnerability fixed in Firefox 151. The connected documents confirm the issue affected Firefox on Android devices and state the fix is part of Firefox 151 releases. The exact ...
CVE-2025-55031
CVE-2025-55031 affects Firefox for iOS and Firefox Focus for iOS prior to version 142. A malicious page can trigger FIDO/hybrid passkey transport by passing FIDO links to the OS, and an attacker within Bluetooth range could coerce a user into using their passkey to sign into the attacker’s machin...
CVE-2025-55032
Mozilla Focus for iOS contains a vulnerability where Content-Disposition headers of type Attachment are not respected, causing content to display inline and enabling cross-site scripting (XSS) for Focus for iOS versions prior to 142. Multiple connected sources corroborate this issue and point to ...
CVE-2026-2919
CVE-2026-2919 affects Focus for iOS. The issue arises from malicious scripts manipulating navigation and iframe behavior to display attacker-controlled or spoofed content under a trusted domain without user interaction. Impact stated as UI could present a spoofed domain; vulnerability fixed in Fo...
CVE-2025-10290
Mozilla Focus for iOS contains a vulnerability where opening links via the contextual menu for certain URL schemes would fail to load and the toolbar would not refresh, enabling spoofing of websites if users are coerced into long-pressing and opening a link. Affected versions are Focus for iOS
CVE-2025-55033
The CVE describes a Cross-Site Scripting (XSS) issue in Mozilla Focus for iOS prior to version 142. The vulnerability arises when dragging JavaScript links to the URL bar, which can cause arbitrary script execution. Affected product: Focus for iOS (versions