CVE-2024-26284 — Cross-site Scripting in Mozilla Focus FOR IOS

CWE-79 — Cross-site Scripting4 documents4 sources

Severity

6.1MEDIUMNVD

EPSS

0.5%

top 34.07%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mozilla Focus FOR IOS Mozilla Firefox Focus

Timeline

PublishedFeb 22

Description

Utilizing a 302 redirect, an attacker could have conducted a Universal Cross-Site Scripting (UXSS) on a victim website, if the victim had a link to the attacker's website. This vulnerability affects Focus for iOS < 123.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages2 packages

▶CVEListV5mozilla/focus_for_iosunspecified — 123

▶NVDmozilla/firefox_focus< 123.0

🔴Vulnerability Details

CVEList

CVE-2024-26284: Utilizing a 302 redirect, an attacker could have conducted a Universal Cross-Site Scripting (UXSS) on a victim website, if the victim had a link to th↗2024-02-22

▶

GHSA

GHSA-3q83-x89h-m869: Utilizing a 302 redirect, an attacker could have conducted a Universal Cross-Site Scripting (UXSS) on a victim website, if the victim had a link to th↗2024-02-22

▶

📋Vendor Advisories

Mozilla

Mozilla Foundation Security Advisory 2024-10: CVE-2024-26284↗

▶