CVE-2024-26283Improper Neutralization of Script in Attributes in a Web Page in Mozilla Firefox FOR IOS

CWE-83Improper Neutralization of Script in Attributes in a Web Page5 documents5 sources
Severity
7.8HIGHNVD
EPSS
0.1%
top 67.88%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Mozilla Firefox FOR IOSMozilla Firefox
Timeline
PublishedFeb 22

Description

An attacker could have executed unauthorized scripts on top origin sites using a JavaScript URI when opening an external URL with a custom Firefox scheme. This vulnerability affects Firefox for iOS < 123.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages2 packages

NVDmozilla/firefox< 123.0
CVEListV5mozilla/firefox_for_iosunspecified123

🔴Vulnerability Details

2
GHSA
GHSA-37wm-h7xg-q6w9: An attacker could have executed unauthorized scripts on top origin sites using a JavaScript URI when opening an external URL with a custom Firefox sch2024-02-22
CVEList
CVE-2024-26283: An attacker could have executed unauthorized scripts on top origin sites using a JavaScript URI when opening an external URL with a custom Firefox sch2024-02-22

📋Vendor Advisories

2
Debian
CVE-2024-26283: firefox - An attacker could have executed unauthorized scripts on top origin sites using a...2024
Mozilla
Mozilla Foundation Security Advisory 2024-08: CVE-2024-26283
CVE-2024-26283 — Mozilla Firefox FOR IOS vulnerability | cvebase