CVE-2024-10474 — Improper Authentication in Mozilla Focus FOR IOS

CWE-287 — Improper Authentication5 documents5 sources

Severity

6.5MEDIUMNVD

EPSS

0.3%

top 46.92%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mozilla Focus FOR IOS Mozilla Firefox Focus

Timeline

PublishedOct 29

Description

Focus was incorrectly allowing internal links to utilize the app scheme used for deeplinking, which could result in links potentially circumventing some URL safety checks This vulnerability affects Focus for iOS < 132.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

▶CVEListV5mozilla/focus_for_iosunspecified — 132

▶NVDmozilla/firefox_focus< 132.0

🔴Vulnerability Details

GHSA

GHSA-cvp2-5m4q-66qv: Focus was incorrectly allowing internal links to utilize the app scheme used for deeplinking, which could result in links potentially circumventing so↗2024-10-29

▶

CVEList

CVE-2024-10474: Focus was incorrectly allowing internal links to utilize the app scheme used for deeplinking, which could result in links potentially circumventing so↗2024-10-29

▶

📋Vendor Advisories

Debian

CVE-2024-10474: firefox - Focus was incorrectly allowing internal links to utilize the app scheme used for...↗2024

▶

Mozilla

Mozilla Foundation Security Advisory 2024-60: CVE-2024-10474↗

▶