CVE-2024-0953 — Open Redirect in Mozilla Firefox FOR IOS

CWE-601 — Open Redirect6 documents6 sources

Severity

6.1MEDIUMNVD

EPSS

0.2%

top 60.59%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mozilla Firefox FOR IOS

Timeline

PublishedFeb 5

Latest updateJun 18

Description

When a user scans a QR Code with the QR Code Scanner feature, the user is not prompted before being navigated to the page specified in the code. This may surprise the user and potentially direct them to unwanted content. This vulnerability affects Firefox for iOS < 129.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages1 packages

▶CVEListV5mozilla/firefox_for_iosunspecified — 129

🔴Vulnerability Details

GHSA

GHSA-whq9-vwxq-6f23: When a user scans a QR Code with the QR Code Scanner feature, the user is not prompted before being navigated to the page specified in the code↗2024-02-05

▶

CVEList

CVE-2024-0953: When a user scans a QR Code with the QR Code Scanner feature, the user is not prompted before being navigated to the page specified in the code↗2024-02-05

▶

📋Vendor Advisories

Debian

CVE-2024-0953: firefox - When a user scans a QR Code with the QR Code Scanner feature, the user is not pr...↗2024

▶

Mozilla

Mozilla Foundation Security Advisory 2024-36: CVE-2024-0953↗

▶

💬Community

Bugzilla

Firefox for iOS QR Code Scanner Open Redirect↗2024-06-18

▶