CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
AI Score
Confidence
Low
EPSS
Percentile
9.0%
An attacker could have executed unauthorized scripts on top origin sites using a JavaScript URI when opening an external URL with a custom Firefox scheme.
Using an AMP url with a canonical element, an attacker could have executed JavaScript from an opened bookmarked page.
Upon scanning a JavaScript URI with the QR code scanner, an attacker could have executed unauthorized scripts on the current top origin sites in the URL bar.
Vendor | Product | Version | CPE |
---|---|---|---|
mozilla | firefox_for_ios | * | cpe:2.3:a:mozilla:firefox_for_ios:*:*:*:*:*:*:*:* |