CVE-2024-0605

CWE-362Race Condition4 documents4 sources
Severity
7.5HIGH
EPSS
0.0%
top 89.38%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Mozilla Focus FOR IOSMozilla Firefox Focus
Timeline
PublishedJan 22

Description

Using a javascript: URI with a setTimeout race condition, an attacker can execute unauthorized scripts on top origin sites in urlbar. This bypasses security measures, potentially leading to arbitrary code execution or unauthorized actions within the user's loaded webpage. This vulnerability affects Focus for iOS < 122.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.6 | Impact: 5.9

Affected Packages2 packages

CVEListV5mozilla/focus_for_iosunspecified122

🔴Vulnerability Details

2
GHSA
GHSA-wph3-4v72-8x34: Using a javascript: URI with a setTimeout race condition, an attacker can execute unauthorized scripts on top origin sites in urlbar2024-01-22
CVEList
CVE-2024-0605: Using a javascript: URI with a setTimeout race condition, an attacker can execute unauthorized scripts on top origin sites in urlbar2024-01-22

📋Vendor Advisories

1
Mozilla
Mozilla Foundation Security Advisory 2024-03: CVE-2024-0605
CVE-2024-0605 (HIGH CVSS 7.5) | Using a javascript: URI with a setT | cvebase.io