CVE-2024-8399 — Authentication Bypass by Spoofing in Mozilla Focus FOR IOS

CWE-290 — Authentication Bypass by Spoofing4 documents4 sources

Severity

4.7MEDIUMNVD

EPSS

0.2%

top 55.05%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mozilla Focus FOR IOS Mozilla Firefox Focus

Timeline

PublishedSep 3

Description

Websites could utilize Javascript links to spoof URL addresses in the Focus navigation bar This vulnerability affects Focus for iOS < 130.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages2 packages

▶CVEListV5mozilla/focus_for_iosunspecified — 130

▶NVDmozilla/firefox_focus< 130.0

🔴Vulnerability Details

CVEList

CVE-2024-8399: Websites could utilize Javascript links to spoof URL addresses in the Focus navigation bar This vulnerability affects Focus for iOS < 130↗2024-09-03

▶

GHSA

GHSA-5h7r-mv43-gm2c: Websites could utilize Javascript links to spoof URL addresses in the Focus navigation bar This vulnerability affects Focus for iOS < 130↗2024-09-03

▶

📋Vendor Advisories

Mozilla

Mozilla Foundation Security Advisory 2024-42: CVE-2024-8399↗

▶