CVE-2024-0606
published 2024-01-22CVE-2024-0606: An attacker could execute unauthorized script on a legitimate site through UXSS using window.open() by opening a javascript URI leading to unauthorized actions…
medium6.1CVSS 3.1
AVNACLPRNUIRSCCLILAN
An attacker could execute unauthorized script on a legitimate site through UXSS using window.open() by opening a javascript URI leading to unauthorized actions within the user's loaded webpage. This vulnerability affects Focus for iOS < 122.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| mozilla | firefox | — | — |
| mozilla | firefox_focus | < 122.0 | 122.0 |
| mozilla | focus_for_ios | >= unspecified < 122 | 122 |