Lucene search

Mozilla FoundationMFSA2024-08

HistoryFeb 19, 2024 - 12:00 a.m.

Security Vulnerabilities fixed in Firefox for iOS 123 — Mozilla

2024-02-1900:00:00

Mozilla Foundation

www.mozilla.org

mozilla

ios

javascript

qr code

unauthorized scripts

amp url

top origin sites

custom firefox scheme

security vulnerabilities

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

7.1

Confidence

Low

EPSS

Percentile

9.0%

JSON

An attacker could have executed unauthorized scripts on top origin sites using a JavaScript URI when opening an external URL with a custom Firefox scheme.
Using an AMP url with a canonical element, an attacker could have executed JavaScript from an opened bookmarked page.
Upon scanning a JavaScript URI with the QR code scanner, an attacker could have executed unauthorized scripts on the current top origin sites in the URL bar.

Affected configurations

Vulners

Node

mozillafirefox_for_iosRange<123

VendorProductVersionCPE
mozillafirefox_for_ios*cpe:2.3:a:mozilla:firefox_for_ios:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
mozilla	firefox_for_ios	*	cpe:2.3:a:mozilla:firefox_for_ios::::::::

References

bugzilla.mozilla.org/show_bug.cgi?id=1850158

bugzilla.mozilla.org/show_bug.cgi?id=1863788

bugzilla.mozilla.org/show_bug.cgi?id=1868005

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

7.1

Confidence

Low

EPSS

Percentile

9.0%

JSON

Related for MFSA2024-08