CVE-2024-1563

CWE-3675 documents5 sources

Severity

8.1HIGH

EPSS

0.4%

top 37.86%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mozilla Focus FOR IOS Mozilla Firefox Focus

Timeline

PublishedFeb 22

Latest updateNov 19

Description

An attacker could have executed unauthorized scripts on top origin sites using a JavaScript URI when opening an external URL with a custom Firefox scheme and a timeout race condition. This vulnerability affects Focus for iOS < 122.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 2.2 | Impact: 5.9

Affected Packages2 packages

▶NVDmozilla/firefox_focus< 122.0

▶CVEListV5mozilla/focus_for_iosunspecified — 122

🔴Vulnerability Details

GHSA

GHSA-783m-f4c2-pgqr: An attacker could have executed unauthorized scripts on top origin sites using a JavaScript URI when opening an external URL with a custom Firefox sch↗2024-02-22

▶

CVEList

CVE-2024-1563: An attacker could have executed unauthorized scripts on top origin sites using a JavaScript URI when opening an external URL with a custom Firefox sch↗2024-02-22

▶

📋Vendor Advisories

Red Hat

kernel: net/smc: do not leave a dangling sk pointer in __smc_create()↗2024-11-19

▶

Mozilla

Mozilla Foundation Security Advisory 2024-09: CVE-2024-1563↗

▶