CVE-2024-0605

high

Description

Using a javascript: URI with a setTimeout race condition, an attacker can execute unauthorized scripts on top origin sites in urlbar. This bypasses security measures, potentially leading to arbitrary code execution or unauthorized actions within the user's loaded webpage. This vulnerability affects Focus for iOS < 122.

References

https://www.mozilla.org/security/advisories/mfsa2024-03/

https://bugzilla.mozilla.org/show_bug.cgi?id=1855575

Details

Source: Mitre, NVD

Published: 2024-01-22

Updated: 2024-01-30

Risk Information

CVSS v2

Base Score: 7.6

Vector: CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C

Severity: High

CVSS v3

Base Score: 7.5

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H