Search criteria
56 vulnerabilities found for firefox_focus by mozilla
FKIE_CVE-2025-10290
Vulnerability from fkie_nvd - Published: 2025-09-16 13:15 - Updated: 2025-09-19 20:56
Severity ?
Summary
Opening links via the contextual menu in Focus iOS for certain URL schemes would fail to load but would not refresh the toolbar correctly, allowing attackers to spoof websites if users were coerced into opening a link explicitly through a long-press This vulnerability affects Focus for iOS < 143.0.
References
| URL | Tags | ||
|---|---|---|---|
| security@mozilla.org | https://bugzilla.mozilla.org/show_bug.cgi?id=1975566 | Issue Tracking, Permissions Required | |
| security@mozilla.org | https://www.mozilla.org/security/advisories/mfsa2025-76/ | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| mozilla | firefox_focus | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mozilla:firefox_focus:*:*:*:*:*:iphone_os:*:*",
"matchCriteriaId": "F0689DCB-CA40-4BEA-945D-D74C7351ED2D",
"versionEndExcluding": "143.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Opening links via the contextual menu in Focus iOS for certain URL schemes would fail to load but would not refresh the toolbar correctly, allowing attackers to spoof websites if users were coerced into opening a link explicitly through a long-press This vulnerability affects Focus for iOS \u003c 143.0."
}
],
"id": "CVE-2025-10290",
"lastModified": "2025-09-19T20:56:01.570",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2025-09-16T13:15:41.520",
"references": [
{
"source": "security@mozilla.org",
"tags": [
"Issue Tracking",
"Permissions Required"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1975566"
},
{
"source": "security@mozilla.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2025-76/"
}
],
"sourceIdentifier": "security@mozilla.org",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-451"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
FKIE_CVE-2025-55032
Vulnerability from fkie_nvd - Published: 2025-08-19 21:15 - Updated: 2025-08-21 18:38
Severity ?
Summary
Focus for iOS would not respect a Content-Disposition header of type Attachment and would incorrectly display the content inline, potentially allowing for XSS attacks This vulnerability affects Focus for iOS < 142.
References
| URL | Tags | ||
|---|---|---|---|
| security@mozilla.org | https://bugzilla.mozilla.org/show_bug.cgi?id=1976296 | Issue Tracking, Permissions Required | |
| security@mozilla.org | https://www.mozilla.org/security/advisories/mfsa2025-69/ | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| mozilla | firefox_focus | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mozilla:firefox_focus:*:*:*:*:*:iphone_os:*:*",
"matchCriteriaId": "667BB2C7-17E5-4D04-AA9A-1CBE726492AF",
"versionEndExcluding": "142.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Focus for iOS would not respect a Content-Disposition header of type Attachment and would incorrectly display the content inline, potentially allowing for XSS attacks This vulnerability affects Focus for iOS \u003c 142."
},
{
"lang": "es",
"value": "Focus para iOS no respetar\u00eda un encabezado Content-Disposition de tipo Attachment y mostrar\u00eda incorrectamente el contenido en l\u00ednea, lo que potencialmente permitir\u00eda ataques XSS. Esta vulnerabilidad afecta a Focus para iOS \u0026lt; 142."
}
],
"id": "CVE-2025-55032",
"lastModified": "2025-08-21T18:38:45.300",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2025-08-19T21:15:28.470",
"references": [
{
"source": "security@mozilla.org",
"tags": [
"Issue Tracking",
"Permissions Required"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1976296"
},
{
"source": "security@mozilla.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2025-69/"
}
],
"sourceIdentifier": "security@mozilla.org",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-601"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
FKIE_CVE-2025-55031
Vulnerability from fkie_nvd - Published: 2025-08-19 21:15 - Updated: 2025-08-21 18:38
Severity ?
Summary
Malicious pages could use Firefox for iOS to pass FIDO: links to the OS and trigger the hybrid passkey transport. An attacker within Bluetooth range could have used this to trick the user into using their passkey to log the attacker's computer into the target account. This vulnerability affects Firefox for iOS < 142 and Focus for iOS < 142.
References
| URL | Tags | ||
|---|---|---|---|
| security@mozilla.org | https://bugzilla.mozilla.org/show_bug.cgi?id=1979499 | Issue Tracking, Permissions Required | |
| security@mozilla.org | https://bugzilla.mozilla.org/show_bug.cgi?id=1979804 | Issue Tracking, Permissions Required | |
| security@mozilla.org | https://www.mozilla.org/security/advisories/mfsa2025-68/ | Vendor Advisory | |
| security@mozilla.org | https://www.mozilla.org/security/advisories/mfsa2025-69/ | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| mozilla | firefox | * | |
| mozilla | firefox_focus | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:iphone_os:*:*",
"matchCriteriaId": "7EE372C2-99CB-45F5-9F6B-0862D02C6374",
"versionEndExcluding": "142.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:firefox_focus:*:*:*:*:*:iphone_os:*:*",
"matchCriteriaId": "667BB2C7-17E5-4D04-AA9A-1CBE726492AF",
"versionEndExcluding": "142.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Malicious pages could use Firefox for iOS to pass FIDO: links to the OS and trigger the hybrid passkey transport. An attacker within Bluetooth range could have used this to trick the user into using their passkey to log the attacker\u0027s computer into the target account. This vulnerability affects Firefox for iOS \u003c 142 and Focus for iOS \u003c 142."
},
{
"lang": "es",
"value": "Las p\u00e1ginas maliciosas podr\u00edan usar Firefox para iOS para transferir enlaces FIDO al sistema operativo y activar el transporte de claves de acceso h\u00edbridas. Un atacante dentro del alcance de Bluetooth podr\u00eda haber usado esto para enga\u00f1ar al usuario y que usara su clave de acceso para iniciar sesi\u00f3n en la cuenta objetivo. Esta vulnerabilidad afecta a Firefox para iOS (versi\u00f3n anterior a la 142) y Focus (versi\u00f3n anterior a la 142)."
}
],
"id": "CVE-2025-55031",
"lastModified": "2025-08-21T18:38:56.970",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2025-08-19T21:15:28.340",
"references": [
{
"source": "security@mozilla.org",
"tags": [
"Issue Tracking",
"Permissions Required"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1979499"
},
{
"source": "security@mozilla.org",
"tags": [
"Issue Tracking",
"Permissions Required"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1979804"
},
{
"source": "security@mozilla.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2025-68/"
},
{
"source": "security@mozilla.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2025-69/"
}
],
"sourceIdentifier": "security@mozilla.org",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-601"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
FKIE_CVE-2025-55033
Vulnerability from fkie_nvd - Published: 2025-08-19 21:15 - Updated: 2025-08-21 18:38
Severity ?
Summary
Dragging JavaScript links to the URL bar in Focus for iOS could be utilized to run malicious scripts, potentially resulting in XSS attacks This vulnerability affects Focus for iOS < 142.
References
| URL | Tags | ||
|---|---|---|---|
| security@mozilla.org | https://bugzilla.mozilla.org/show_bug.cgi?id=1913825 | Issue Tracking, Permissions Required | |
| security@mozilla.org | https://www.mozilla.org/security/advisories/mfsa2025-69/ | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| mozilla | firefox_focus | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mozilla:firefox_focus:*:*:*:*:*:iphone_os:*:*",
"matchCriteriaId": "667BB2C7-17E5-4D04-AA9A-1CBE726492AF",
"versionEndExcluding": "142.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Dragging JavaScript links to the URL bar in Focus for iOS could be utilized to run malicious scripts, potentially resulting in XSS attacks This vulnerability affects Focus for iOS \u003c 142."
},
{
"lang": "es",
"value": "Arrastrar enlaces de JavaScript a la barra de URL en Focus para iOS podr\u00eda utilizarse para ejecutar scripts maliciosos, lo que podr\u00eda provocar ataques XSS. Esta vulnerabilidad afecta a Focus para iOS \u0026lt; 142."
}
],
"id": "CVE-2025-55033",
"lastModified": "2025-08-21T18:38:38.157",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2025-08-19T21:15:28.617",
"references": [
{
"source": "security@mozilla.org",
"tags": [
"Issue Tracking",
"Permissions Required"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1913825"
},
{
"source": "security@mozilla.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2025-69/"
}
],
"sourceIdentifier": "security@mozilla.org",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
FKIE_CVE-2025-3859
Vulnerability from fkie_nvd - Published: 2025-04-30 17:15 - Updated: 2025-05-12 19:43
Severity ?
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
Summary
Websites directing users to long URLs that caused eliding to occur in the location view could leverage the truncating behavior to potentially trick users into thinking they were on a different webpage This vulnerability affects Focus < 138.
References
| URL | Tags | ||
|---|---|---|---|
| security@mozilla.org | https://bugzilla.mozilla.org/show_bug.cgi?id=1951533 | Issue Tracking | |
| security@mozilla.org | https://www.mozilla.org/security/advisories/mfsa2025-33/ | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| mozilla | firefox_focus | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mozilla:firefox_focus:*:*:*:*:*:iphone_os:*:*",
"matchCriteriaId": "21D51C03-5A00-4D70-9FB7-9ED9898A7358",
"versionEndExcluding": "138.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Websites directing users to long URLs that caused eliding to occur in the location view could leverage the truncating behavior to potentially trick users into thinking they were on a different webpage This vulnerability affects Focus \u003c 138."
},
{
"lang": "es",
"value": "Los sitios web que dirigen a los usuarios a URL largas que provocan la omisi\u00f3n de direcciones en la vista de ubicaci\u00f3n podr\u00edan aprovechar el comportamiento de truncamiento para enga\u00f1ar potencialmente a los usuarios y hacerles pensar que estaban en una p\u00e1gina web diferente. Esta vulnerabilidad afecta a Focus \u0026lt; 138."
}
],
"id": "CVE-2025-3859",
"lastModified": "2025-05-12T19:43:47.097",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2025-04-30T17:15:50.903",
"references": [
{
"source": "security@mozilla.org",
"tags": [
"Issue Tracking"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1951533"
},
{
"source": "security@mozilla.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2025-33/"
}
],
"sourceIdentifier": "security@mozilla.org",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-601"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-451"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
FKIE_CVE-2024-10474
Vulnerability from fkie_nvd - Published: 2024-10-29 13:15 - Updated: 2025-03-13 20:15
Severity ?
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
9.1 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
9.1 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Summary
Focus was incorrectly allowing internal links to utilize the app scheme used for deeplinking, which could result in links potentially circumventing some URL safety checks This vulnerability affects Focus for iOS < 132.
References
| URL | Tags | ||
|---|---|---|---|
| security@mozilla.org | https://bugzilla.mozilla.org/show_bug.cgi?id=1863832 | Issue Tracking, Permissions Required | |
| security@mozilla.org | https://www.mozilla.org/security/advisories/mfsa2024-60/ | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| mozilla | firefox_focus | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mozilla:firefox_focus:*:*:*:*:*:iphone_os:*:*",
"matchCriteriaId": "2DC764CC-C2FB-4DC1-9D70-1641904A0F63",
"versionEndExcluding": "132.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Focus was incorrectly allowing internal links to utilize the app scheme used for deeplinking, which could result in links potentially circumventing some URL safety checks This vulnerability affects Focus for iOS \u003c 132."
},
{
"lang": "es",
"value": " Focus permit\u00eda incorrectamente que los enlaces internos utilizaran el esquema de aplicaci\u00f3n usado para enlaces profundos, lo que podr\u00eda resultar en enlaces que potencialmente eludieran algunos controles de seguridad de URL. Esta vulnerabilidad afecta a Focus para iOS \u0026lt; 132."
}
],
"id": "CVE-2024-10474",
"lastModified": "2025-03-13T20:15:16.680",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.2,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2024-10-29T13:15:04.513",
"references": [
{
"source": "security@mozilla.org",
"tags": [
"Issue Tracking",
"Permissions Required"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1863832"
},
{
"source": "security@mozilla.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2024-60/"
}
],
"sourceIdentifier": "security@mozilla.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-287"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
FKIE_CVE-2024-8399
Vulnerability from fkie_nvd - Published: 2024-09-03 20:15 - Updated: 2025-03-19 16:15
Severity ?
4.7 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N
4.7 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N
4.7 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N
Summary
Websites could utilize Javascript links to spoof URL addresses in the Focus navigation bar This vulnerability affects Focus for iOS < 130.
References
| URL | Tags | ||
|---|---|---|---|
| security@mozilla.org | https://bugzilla.mozilla.org/show_bug.cgi?id=1863838 | Permissions Required | |
| security@mozilla.org | https://www.mozilla.org/security/advisories/mfsa2024-42/ | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| mozilla | firefox_focus | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mozilla:firefox_focus:*:*:*:*:*:iphone_os:*:*",
"matchCriteriaId": "EB3A1EE9-A7ED-4783-8456-22CF69AABE7F",
"versionEndExcluding": "130.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Websites could utilize Javascript links to spoof URL addresses in the Focus navigation bar This vulnerability affects Focus for iOS \u003c 130."
},
{
"lang": "es",
"value": "Los sitios web podr\u00edan utilizar enlaces de Javascript para falsificar direcciones URL en la barra de navegaci\u00f3n de Focus. Esta vulnerabilidad afecta a Focus para iOS \u0026lt; 130."
}
],
"id": "CVE-2024-8399",
"lastModified": "2025-03-19T16:15:29.910",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2024-09-03T20:15:09.430",
"references": [
{
"source": "security@mozilla.org",
"tags": [
"Permissions Required"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1863838"
},
{
"source": "security@mozilla.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2024-42/"
}
],
"sourceIdentifier": "security@mozilla.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-290"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
FKIE_CVE-2024-5022
Vulnerability from fkie_nvd - Published: 2024-05-17 19:15 - Updated: 2025-04-04 14:25
Severity ?
Summary
The file scheme of URLs would be hidden, resulting in potential spoofing of a website's address in the location bar This vulnerability affects Focus for iOS < 126.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| mozilla | firefox_focus | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mozilla:firefox_focus:*:*:*:*:*:iphone_os:*:*",
"matchCriteriaId": "4A474B93-4C7B-4010-9326-B0CD19E0963E",
"versionEndExcluding": "126.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The file scheme of URLs would be hidden, resulting in potential spoofing of a website\u0027s address in the location bar This vulnerability affects Focus for iOS \u003c 126."
},
{
"lang": "es",
"value": " El esquema de archivos de las URL estar\u00eda oculto, lo que dar\u00eda como resultado una posible falsificaci\u00f3n de la direcci\u00f3n de un sitio web en la barra de direcciones. Esta vulnerabilidad afecta a Focus para iOS \u0026lt; 126."
}
],
"id": "CVE-2024-5022",
"lastModified": "2025-04-04T14:25:28.007",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 2.5,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2024-05-17T19:15:07.537",
"references": [
{
"source": "security@mozilla.org",
"tags": [
"Issue Tracking"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1874560"
},
{
"source": "security@mozilla.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2024-24/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1874560"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2024-24/"
}
],
"sourceIdentifier": "security@mozilla.org",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2024-1563
Vulnerability from fkie_nvd - Published: 2024-02-22 15:15 - Updated: 2025-03-27 15:15
Severity ?
8.1 (High) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
8.1 (High) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
8.1 (High) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
An attacker could have executed unauthorized scripts on top origin sites using a JavaScript URI when opening an external URL with a custom Firefox scheme and a timeout race condition. This vulnerability affects Focus for iOS < 122.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| mozilla | firefox_focus | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mozilla:firefox_focus:*:*:*:*:*:iphone_os:*:*",
"matchCriteriaId": "1A58D0C0-C066-47B1-A280-2CA46F2F5AA3",
"versionEndExcluding": "122.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An attacker could have executed unauthorized scripts on top origin sites using a JavaScript URI when opening an external URL with a custom Firefox scheme and a timeout race condition. This vulnerability affects Focus for iOS \u003c 122."
},
{
"lang": "es",
"value": "Un atacante podr\u00eda haber ejecutado scripts no autorizados en sitios de origen principales utilizando un URI de JavaScript al abrir una URL externa con un esquema personalizado de Firefox y una condici\u00f3n de ejecuci\u00f3n de tiempo de espera. Esta vulnerabilidad afecta a Focus para iOS \u0026lt; 122."
}
],
"id": "CVE-2024-1563",
"lastModified": "2025-03-27T15:15:48.940",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 5.9,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2024-02-22T15:15:08.480",
"references": [
{
"source": "security@mozilla.org",
"tags": [
"Issue Tracking"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1863831"
},
{
"source": "security@mozilla.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2024-09/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1863831"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2024-09/"
}
],
"sourceIdentifier": "security@mozilla.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-367"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-367"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
FKIE_CVE-2024-26284
Vulnerability from fkie_nvd - Published: 2024-02-22 15:15 - Updated: 2025-03-28 19:15
Severity ?
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Summary
Utilizing a 302 redirect, an attacker could have conducted a Universal Cross-Site Scripting (UXSS) on a victim website, if the victim had a link to the attacker's website. This vulnerability affects Focus for iOS < 123.
References
| URL | Tags | ||
|---|---|---|---|
| security@mozilla.org | https://bugzilla.mozilla.org/show_bug.cgi?id=1860075 | Exploit, Issue Tracking, Vendor Advisory | |
| security@mozilla.org | https://www.mozilla.org/security/advisories/mfsa2024-10/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.mozilla.org/show_bug.cgi?id=1860075 | Exploit, Issue Tracking, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.mozilla.org/security/advisories/mfsa2024-10/ | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| mozilla | firefox_focus | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mozilla:firefox_focus:*:*:*:*:*:iphone_os:*:*",
"matchCriteriaId": "DA672FAD-5187-4BAF-AA20-8D1D06D57288",
"versionEndExcluding": "123.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Utilizing a 302 redirect, an attacker could have conducted a Universal Cross-Site Scripting (UXSS) on a victim website, if the victim had a link to the attacker\u0027s website. This vulnerability affects Focus for iOS \u003c 123."
},
{
"lang": "es",
"value": "8Utilizando una redirecci\u00f3n 302, un atacante podr\u00eda haber realizado un Universal Cross-Site Scripting (UXSS) en el sitio web de una v\u00edctima, si la v\u00edctima tuviera un enlace al sitio web del atacante. Esta vulnerabilidad afecta a Focus para iOS \u0026lt; 123."
}
],
"id": "CVE-2024-26284",
"lastModified": "2025-03-28T19:15:19.807",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2024-02-22T15:15:08.780",
"references": [
{
"source": "security@mozilla.org",
"tags": [
"Exploit",
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1860075"
},
{
"source": "security@mozilla.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2024-10/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1860075"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2024-10/"
}
],
"sourceIdentifier": "security@mozilla.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
CVE-2025-10290 (GCVE-0-2025-10290)
Vulnerability from cvelistv5 – Published: 2025-09-16 12:26 – Updated: 2025-10-30 16:11
VLAI?
Summary
Opening links via the contextual menu in Focus iOS for certain URL schemes would fail to load but would not refresh the toolbar correctly, allowing attackers to spoof websites if users were coerced into opening a link explicitly through a long-press This vulnerability affects Focus for iOS < 143.0.
Severity ?
6.5 (Medium)
CWE
- CWE-451 - User Interface (UI) Misrepresentation of Critical Information
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Mozilla | Focus for iOS |
Affected:
unspecified , < 143.0
(custom)
|
Credits
Renwa
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-10290",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-16T17:30:14.447776Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-451",
"description": "CWE-451 User Interface (UI) Misrepresentation of Critical Information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-16T18:26:56.722Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Focus for iOS",
"vendor": "Mozilla",
"versions": [
{
"lessThan": "143.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Renwa"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Opening links via the contextual menu in Focus iOS for certain URL schemes would fail to load but would not refresh the toolbar correctly, allowing attackers to spoof websites if users were coerced into opening a link explicitly through a long-press This vulnerability affects Focus for iOS \u003c 143.0."
}
],
"value": "Opening links via the contextual menu in Focus iOS for certain URL schemes would fail to load but would not refresh the toolbar correctly, allowing attackers to spoof websites if users were coerced into opening a link explicitly through a long-press This vulnerability affects Focus for iOS \u003c 143.0."
}
],
"providerMetadata": {
"dateUpdated": "2025-10-30T16:11:44.986Z",
"orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"shortName": "mozilla"
},
"references": [
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1975566"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2025-76/"
}
],
"title": "Opening links via the contextual menu in Focus for iOS would not update the toolbar UI correctly, allowing attackers to spoof websites"
}
},
"cveMetadata": {
"assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"assignerShortName": "mozilla",
"cveId": "CVE-2025-10290",
"datePublished": "2025-09-16T12:26:39.308Z",
"dateReserved": "2025-09-11T17:59:15.574Z",
"dateUpdated": "2025-10-30T16:11:44.986Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-55033 (GCVE-0-2025-55033)
Vulnerability from cvelistv5 – Published: 2025-08-19 20:52 – Updated: 2025-10-30 16:11
VLAI?
Summary
Dragging JavaScript links to the URL bar in Focus for iOS could be utilized to run malicious scripts, potentially resulting in XSS attacks This vulnerability affects Focus for iOS < 142.
Severity ?
6.1 (Medium)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Mozilla | Focus for iOS |
Affected:
unspecified , < 142
(custom)
|
Credits
Muneaki Nishimura
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-55033",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-20T14:00:44.408015Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-20T15:16:49.367Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Focus for iOS",
"vendor": "Mozilla",
"versions": [
{
"lessThan": "142",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Muneaki Nishimura"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Dragging JavaScript links to the URL bar in Focus for iOS could be utilized to run malicious scripts, potentially resulting in XSS attacks This vulnerability affects Focus for iOS \u003c 142."
}
],
"value": "Dragging JavaScript links to the URL bar in Focus for iOS could be utilized to run malicious scripts, potentially resulting in XSS attacks This vulnerability affects Focus for iOS \u003c 142."
}
],
"providerMetadata": {
"dateUpdated": "2025-10-30T16:11:06.059Z",
"orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"shortName": "mozilla"
},
"references": [
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1913825"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2025-69/"
}
],
"title": "Drag and drop gestures in Focus for iOS could allow JavaScript links to be executed incorrectly"
}
},
"cveMetadata": {
"assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"assignerShortName": "mozilla",
"cveId": "CVE-2025-55033",
"datePublished": "2025-08-19T20:52:51.056Z",
"dateReserved": "2025-08-05T13:26:34.686Z",
"dateUpdated": "2025-10-30T16:11:06.059Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-55032 (GCVE-0-2025-55032)
Vulnerability from cvelistv5 – Published: 2025-08-19 20:52 – Updated: 2025-10-30 16:11
VLAI?
Summary
Focus for iOS would not respect a Content-Disposition header of type Attachment and would incorrectly display the content inline, potentially allowing for XSS attacks This vulnerability affects Focus for iOS < 142.
Severity ?
6.1 (Medium)
CWE
- CWE-601 - URL Redirection to Untrusted Site ('Open Redirect')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Mozilla | Focus for iOS |
Affected:
unspecified , < 142
(custom)
|
Credits
Renwa
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-55032",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-20T14:00:59.308632Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-601",
"description": "CWE-601 URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-20T15:16:57.127Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Focus for iOS",
"vendor": "Mozilla",
"versions": [
{
"lessThan": "142",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Renwa"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Focus for iOS would not respect a Content-Disposition header of type Attachment and would incorrectly display the content inline, potentially allowing for XSS attacks This vulnerability affects Focus for iOS \u003c 142."
}
],
"value": "Focus for iOS would not respect a Content-Disposition header of type Attachment and would incorrectly display the content inline, potentially allowing for XSS attacks This vulnerability affects Focus for iOS \u003c 142."
}
],
"providerMetadata": {
"dateUpdated": "2025-10-30T16:11:02.847Z",
"orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"shortName": "mozilla"
},
"references": [
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1976296"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2025-69/"
}
],
"title": "Focus incorrectly ignores Content-Disposition headers for some MIME types"
}
},
"cveMetadata": {
"assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"assignerShortName": "mozilla",
"cveId": "CVE-2025-55032",
"datePublished": "2025-08-19T20:52:50.397Z",
"dateReserved": "2025-08-05T13:26:34.686Z",
"dateUpdated": "2025-10-30T16:11:02.847Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-55031 (GCVE-0-2025-55031)
Vulnerability from cvelistv5 – Published: 2025-08-19 20:52 – Updated: 2025-10-30 16:11
VLAI?
Summary
Malicious pages could use Firefox for iOS to pass FIDO: links to the OS and trigger the hybrid passkey transport. An attacker within Bluetooth range could have used this to trick the user into using their passkey to log the attacker's computer into the target account. This vulnerability affects Firefox for iOS < 142 and Focus for iOS < 142.
Severity ?
9.8 (Critical)
CWE
- CWE-601 - URL Redirection to Untrusted Site ('Open Redirect')
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Mozilla | Firefox for iOS |
Affected:
unspecified , < 142
(custom)
|
|||||||
|
|||||||||
Credits
Hafiizh
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-55031",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-20T14:01:38.460614Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-601",
"description": "CWE-601 URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-20T15:17:12.739Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Firefox for iOS",
"vendor": "Mozilla",
"versions": [
{
"lessThan": "142",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "Focus for iOS",
"vendor": "Mozilla",
"versions": [
{
"lessThan": "142",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Hafiizh"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Malicious pages could use Firefox for iOS to pass FIDO: links to the OS and trigger the hybrid passkey transport. An attacker within Bluetooth range could have used this to trick the user into using their passkey to log the attacker\u0027s computer into the target account. This vulnerability affects Firefox for iOS \u003c 142 and Focus for iOS \u003c 142."
}
],
"value": "Malicious pages could use Firefox for iOS to pass FIDO: links to the OS and trigger the hybrid passkey transport. An attacker within Bluetooth range could have used this to trick the user into using their passkey to log the attacker\u0027s computer into the target account. This vulnerability affects Firefox for iOS \u003c 142 and Focus for iOS \u003c 142."
}
],
"providerMetadata": {
"dateUpdated": "2025-10-30T16:11:09.283Z",
"orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"shortName": "mozilla"
},
"references": [
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1979499"
},
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1979804"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2025-68/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2025-69/"
}
],
"title": "Passkey phishing within Bluetooth range"
}
},
"cveMetadata": {
"assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"assignerShortName": "mozilla",
"cveId": "CVE-2025-55031",
"datePublished": "2025-08-19T20:52:49.748Z",
"dateReserved": "2025-08-05T13:26:34.686Z",
"dateUpdated": "2025-10-30T16:11:09.283Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-3859 (GCVE-0-2025-3859)
Vulnerability from cvelistv5 – Published: 2025-04-30 16:30 – Updated: 2025-05-12 15:49
VLAI?
Summary
Websites directing users to long URLs that caused eliding to occur in the location view could leverage the truncating behavior to potentially trick users into thinking they were on a different webpage This vulnerability affects Focus < 138.
Severity ?
4.3 (Medium)
CWE
- Firefox Focus elide URL allows address bar spoofing
Assigner
References
Credits
James Lee
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-3859",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-30T17:13:54.226201Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-451",
"description": "CWE-451 User Interface (UI) Misrepresentation of Critical Information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-12T15:49:52.650Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Focus",
"vendor": "Mozilla",
"versions": [
{
"lessThan": "138",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "James Lee"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Websites directing users to long URLs that caused eliding to occur in the location view could leverage the truncating behavior to potentially trick users into thinking they were on a different webpage This vulnerability affects Focus \u003c 138."
}
],
"value": "Websites directing users to long URLs that caused eliding to occur in the location view could leverage the truncating behavior to potentially trick users into thinking they were on a different webpage This vulnerability affects Focus \u003c 138."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Firefox Focus elide URL allows address bar spoofing",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-30T16:30:18.670Z",
"orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"shortName": "mozilla"
},
"references": [
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1951533"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2025-33/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"assignerShortName": "mozilla",
"cveId": "CVE-2025-3859",
"datePublished": "2025-04-30T16:30:18.670Z",
"dateReserved": "2025-04-21T16:01:02.407Z",
"dateUpdated": "2025-05-12T15:49:52.650Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-10474 (GCVE-0-2024-10474)
Vulnerability from cvelistv5 – Published: 2024-10-29 12:19 – Updated: 2025-03-13 19:11
VLAI?
Summary
Focus was incorrectly allowing internal links to utilize the app scheme used for deeplinking, which could result in links potentially circumventing some URL safety checks This vulnerability affects Focus for iOS < 132.
Severity ?
9.1 (Critical)
CWE
- Don't allow web content to open firefox-focus URLs
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Mozilla | Focus for iOS |
Affected:
unspecified , < 132
(custom)
|
Credits
James Lee
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:mozilla:focus_for_ios:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "focus_for_ios",
"vendor": "mozilla",
"versions": [
{
"lessThan": "132",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-10474",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-29T13:58:46.853408Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "CWE-287 Improper Authentication",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-13T19:11:52.222Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Focus for iOS",
"vendor": "Mozilla",
"versions": [
{
"lessThan": "132",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "James Lee"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Focus was incorrectly allowing internal links to utilize the app scheme used for deeplinking, which could result in links potentially circumventing some URL safety checks This vulnerability affects Focus for iOS \u003c 132."
}
],
"value": "Focus was incorrectly allowing internal links to utilize the app scheme used for deeplinking, which could result in links potentially circumventing some URL safety checks This vulnerability affects Focus for iOS \u003c 132."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Don\u0027t allow web content to open firefox-focus URLs",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-29T12:19:20.120Z",
"orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"shortName": "mozilla"
},
"references": [
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1863832"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2024-60/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"assignerShortName": "mozilla",
"cveId": "CVE-2024-10474",
"datePublished": "2024-10-29T12:19:20.120Z",
"dateReserved": "2024-10-28T18:38:28.355Z",
"dateUpdated": "2025-03-13T19:11:52.222Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-8399 (GCVE-0-2024-8399)
Vulnerability from cvelistv5 – Published: 2024-09-03 20:07 – Updated: 2025-03-19 15:24
VLAI?
Summary
Websites could utilize Javascript links to spoof URL addresses in the Focus navigation bar This vulnerability affects Focus for iOS < 130.
Severity ?
4.7 (Medium)
CWE
- iOS Firefox Focus javascript URI address bar spoofing
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Mozilla | Focus for iOS |
Affected:
unspecified , < 130
(custom)
|
Credits
James Lee
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-8399",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-03T20:50:22.886276Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-290",
"description": "CWE-290 Authentication Bypass by Spoofing",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-19T15:24:15.482Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Focus for iOS",
"vendor": "Mozilla",
"versions": [
{
"lessThan": "130",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "James Lee"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Websites could utilize Javascript links to spoof URL addresses in the Focus navigation bar This vulnerability affects Focus for iOS \u003c 130."
}
],
"value": "Websites could utilize Javascript links to spoof URL addresses in the Focus navigation bar This vulnerability affects Focus for iOS \u003c 130."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "iOS Firefox Focus javascript URI address bar spoofing",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-03T20:07:38.036Z",
"orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"shortName": "mozilla"
},
"references": [
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1863838"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2024-42/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"assignerShortName": "mozilla",
"cveId": "CVE-2024-8399",
"datePublished": "2024-09-03T20:07:38.036Z",
"dateReserved": "2024-09-03T17:48:07.569Z",
"dateUpdated": "2025-03-19T15:24:15.482Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-5022 (GCVE-0-2024-5022)
Vulnerability from cvelistv5 – Published: 2024-05-17 18:42 – Updated: 2024-10-28 20:14
VLAI?
Summary
The file scheme of URLs would be hidden, resulting in potential spoofing of a website's address in the location bar This vulnerability affects Focus for iOS < 126.
Severity ?
4.4 (Medium)
CWE
- URLs with file scheme could have been used to spoof addresses in the location bar
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Mozilla | Focus for iOS |
Affected:
unspecified , < 126
(custom)
|
Credits
James Lee
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-5022",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-16T12:58:10.876388Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-noinfo Not enough information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-28T20:14:31.596Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T20:55:10.438Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1874560"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2024-24/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Focus for iOS",
"vendor": "Mozilla",
"versions": [
{
"lessThan": "126",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "James Lee"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The file scheme of URLs would be hidden, resulting in potential spoofing of a website\u0027s address in the location bar This vulnerability affects Focus for iOS \u003c 126."
}
],
"value": "The file scheme of URLs would be hidden, resulting in potential spoofing of a website\u0027s address in the location bar This vulnerability affects Focus for iOS \u003c 126."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "URLs with file scheme could have been used to spoof addresses in the location bar",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-17T18:42:24.791Z",
"orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"shortName": "mozilla"
},
"references": [
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1874560"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2024-24/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"assignerShortName": "mozilla",
"cveId": "CVE-2024-5022",
"datePublished": "2024-05-17T18:42:24.791Z",
"dateReserved": "2024-05-16T17:39:36.052Z",
"dateUpdated": "2024-10-28T20:14:31.596Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-1563 (GCVE-0-2024-1563)
Vulnerability from cvelistv5 – Published: 2024-02-22 14:56 – Updated: 2025-03-27 15:05
VLAI?
Summary
An attacker could have executed unauthorized scripts on top origin sites using a JavaScript URI when opening an external URL with a custom Firefox scheme and a timeout race condition. This vulnerability affects Focus for iOS < 122.
Severity ?
8.1 (High)
CWE
- UXSS exploit using a timeout after externally opening the application from a custom Focus scheme
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Mozilla | Focus for iOS |
Affected:
unspecified , < 122
(custom)
|
Credits
James Lee
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-1563",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-02-22T18:07:37.490603Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-367",
"description": "CWE-367 Time-of-check Time-of-use (TOCTOU) Race Condition",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-27T15:05:38.068Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T18:40:21.368Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1863831"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2024-09/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Focus for iOS",
"vendor": "Mozilla",
"versions": [
{
"lessThan": "122",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "James Lee"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An attacker could have executed unauthorized scripts on top origin sites using a JavaScript URI when opening an external URL with a custom Firefox scheme and a timeout race condition. This vulnerability affects Focus for iOS \u003c 122."
}
],
"value": "An attacker could have executed unauthorized scripts on top origin sites using a JavaScript URI when opening an external URL with a custom Firefox scheme and a timeout race condition. This vulnerability affects Focus for iOS \u003c 122."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "UXSS exploit using a timeout after externally opening the application from a custom Focus scheme",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-02-22T14:56:42.888Z",
"orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"shortName": "mozilla"
},
"references": [
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1863831"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2024-09/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"assignerShortName": "mozilla",
"cveId": "CVE-2024-1563",
"datePublished": "2024-02-22T14:56:42.888Z",
"dateReserved": "2024-02-15T19:38:27.164Z",
"dateUpdated": "2025-03-27T15:05:38.068Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-26284 (GCVE-0-2024-26284)
Vulnerability from cvelistv5 – Published: 2024-02-22 14:56 – Updated: 2025-03-28 18:30
VLAI?
Summary
Utilizing a 302 redirect, an attacker could have conducted a Universal Cross-Site Scripting (UXSS) on a victim website, if the victim had a link to the attacker's website. This vulnerability affects Focus for iOS < 123.
Severity ?
6.1 (Medium)
CWE
- UXSS exploit via 302 Redirect
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Mozilla | Focus for iOS |
Affected:
unspecified , < 123
(custom)
|
Credits
James Lee
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-26284",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-02-22T16:59:26.828962Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-28T18:30:43.012Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:07:19.131Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1860075"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2024-10/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Focus for iOS",
"vendor": "Mozilla",
"versions": [
{
"lessThan": "123",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "James Lee"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Utilizing a 302 redirect, an attacker could have conducted a Universal Cross-Site Scripting (UXSS) on a victim website, if the victim had a link to the attacker\u0027s website. This vulnerability affects Focus for iOS \u003c 123."
}
],
"value": "Utilizing a 302 redirect, an attacker could have conducted a Universal Cross-Site Scripting (UXSS) on a victim website, if the victim had a link to the attacker\u0027s website. This vulnerability affects Focus for iOS \u003c 123."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "UXSS exploit via 302 Redirect",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-02-22T14:56:42.004Z",
"orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"shortName": "mozilla"
},
"references": [
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1860075"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2024-10/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"assignerShortName": "mozilla",
"cveId": "CVE-2024-26284",
"datePublished": "2024-02-22T14:56:42.004Z",
"dateReserved": "2024-02-15T19:27:47.711Z",
"dateUpdated": "2025-03-28T18:30:43.012Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-10290 (GCVE-0-2025-10290)
Vulnerability from nvd – Published: 2025-09-16 12:26 – Updated: 2025-10-30 16:11
VLAI?
Summary
Opening links via the contextual menu in Focus iOS for certain URL schemes would fail to load but would not refresh the toolbar correctly, allowing attackers to spoof websites if users were coerced into opening a link explicitly through a long-press This vulnerability affects Focus for iOS < 143.0.
Severity ?
6.5 (Medium)
CWE
- CWE-451 - User Interface (UI) Misrepresentation of Critical Information
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Mozilla | Focus for iOS |
Affected:
unspecified , < 143.0
(custom)
|
Credits
Renwa
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-10290",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-16T17:30:14.447776Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-451",
"description": "CWE-451 User Interface (UI) Misrepresentation of Critical Information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-16T18:26:56.722Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Focus for iOS",
"vendor": "Mozilla",
"versions": [
{
"lessThan": "143.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Renwa"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Opening links via the contextual menu in Focus iOS for certain URL schemes would fail to load but would not refresh the toolbar correctly, allowing attackers to spoof websites if users were coerced into opening a link explicitly through a long-press This vulnerability affects Focus for iOS \u003c 143.0."
}
],
"value": "Opening links via the contextual menu in Focus iOS for certain URL schemes would fail to load but would not refresh the toolbar correctly, allowing attackers to spoof websites if users were coerced into opening a link explicitly through a long-press This vulnerability affects Focus for iOS \u003c 143.0."
}
],
"providerMetadata": {
"dateUpdated": "2025-10-30T16:11:44.986Z",
"orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"shortName": "mozilla"
},
"references": [
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1975566"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2025-76/"
}
],
"title": "Opening links via the contextual menu in Focus for iOS would not update the toolbar UI correctly, allowing attackers to spoof websites"
}
},
"cveMetadata": {
"assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"assignerShortName": "mozilla",
"cveId": "CVE-2025-10290",
"datePublished": "2025-09-16T12:26:39.308Z",
"dateReserved": "2025-09-11T17:59:15.574Z",
"dateUpdated": "2025-10-30T16:11:44.986Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-55033 (GCVE-0-2025-55033)
Vulnerability from nvd – Published: 2025-08-19 20:52 – Updated: 2025-10-30 16:11
VLAI?
Summary
Dragging JavaScript links to the URL bar in Focus for iOS could be utilized to run malicious scripts, potentially resulting in XSS attacks This vulnerability affects Focus for iOS < 142.
Severity ?
6.1 (Medium)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Mozilla | Focus for iOS |
Affected:
unspecified , < 142
(custom)
|
Credits
Muneaki Nishimura
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-55033",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-20T14:00:44.408015Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-20T15:16:49.367Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Focus for iOS",
"vendor": "Mozilla",
"versions": [
{
"lessThan": "142",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Muneaki Nishimura"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Dragging JavaScript links to the URL bar in Focus for iOS could be utilized to run malicious scripts, potentially resulting in XSS attacks This vulnerability affects Focus for iOS \u003c 142."
}
],
"value": "Dragging JavaScript links to the URL bar in Focus for iOS could be utilized to run malicious scripts, potentially resulting in XSS attacks This vulnerability affects Focus for iOS \u003c 142."
}
],
"providerMetadata": {
"dateUpdated": "2025-10-30T16:11:06.059Z",
"orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"shortName": "mozilla"
},
"references": [
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1913825"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2025-69/"
}
],
"title": "Drag and drop gestures in Focus for iOS could allow JavaScript links to be executed incorrectly"
}
},
"cveMetadata": {
"assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"assignerShortName": "mozilla",
"cveId": "CVE-2025-55033",
"datePublished": "2025-08-19T20:52:51.056Z",
"dateReserved": "2025-08-05T13:26:34.686Z",
"dateUpdated": "2025-10-30T16:11:06.059Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-55032 (GCVE-0-2025-55032)
Vulnerability from nvd – Published: 2025-08-19 20:52 – Updated: 2025-10-30 16:11
VLAI?
Summary
Focus for iOS would not respect a Content-Disposition header of type Attachment and would incorrectly display the content inline, potentially allowing for XSS attacks This vulnerability affects Focus for iOS < 142.
Severity ?
6.1 (Medium)
CWE
- CWE-601 - URL Redirection to Untrusted Site ('Open Redirect')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Mozilla | Focus for iOS |
Affected:
unspecified , < 142
(custom)
|
Credits
Renwa
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-55032",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-20T14:00:59.308632Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-601",
"description": "CWE-601 URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-20T15:16:57.127Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Focus for iOS",
"vendor": "Mozilla",
"versions": [
{
"lessThan": "142",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Renwa"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Focus for iOS would not respect a Content-Disposition header of type Attachment and would incorrectly display the content inline, potentially allowing for XSS attacks This vulnerability affects Focus for iOS \u003c 142."
}
],
"value": "Focus for iOS would not respect a Content-Disposition header of type Attachment and would incorrectly display the content inline, potentially allowing for XSS attacks This vulnerability affects Focus for iOS \u003c 142."
}
],
"providerMetadata": {
"dateUpdated": "2025-10-30T16:11:02.847Z",
"orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"shortName": "mozilla"
},
"references": [
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1976296"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2025-69/"
}
],
"title": "Focus incorrectly ignores Content-Disposition headers for some MIME types"
}
},
"cveMetadata": {
"assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"assignerShortName": "mozilla",
"cveId": "CVE-2025-55032",
"datePublished": "2025-08-19T20:52:50.397Z",
"dateReserved": "2025-08-05T13:26:34.686Z",
"dateUpdated": "2025-10-30T16:11:02.847Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-55031 (GCVE-0-2025-55031)
Vulnerability from nvd – Published: 2025-08-19 20:52 – Updated: 2025-10-30 16:11
VLAI?
Summary
Malicious pages could use Firefox for iOS to pass FIDO: links to the OS and trigger the hybrid passkey transport. An attacker within Bluetooth range could have used this to trick the user into using their passkey to log the attacker's computer into the target account. This vulnerability affects Firefox for iOS < 142 and Focus for iOS < 142.
Severity ?
9.8 (Critical)
CWE
- CWE-601 - URL Redirection to Untrusted Site ('Open Redirect')
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Mozilla | Firefox for iOS |
Affected:
unspecified , < 142
(custom)
|
|||||||
|
|||||||||
Credits
Hafiizh
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-55031",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-20T14:01:38.460614Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-601",
"description": "CWE-601 URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-20T15:17:12.739Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Firefox for iOS",
"vendor": "Mozilla",
"versions": [
{
"lessThan": "142",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "Focus for iOS",
"vendor": "Mozilla",
"versions": [
{
"lessThan": "142",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Hafiizh"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Malicious pages could use Firefox for iOS to pass FIDO: links to the OS and trigger the hybrid passkey transport. An attacker within Bluetooth range could have used this to trick the user into using their passkey to log the attacker\u0027s computer into the target account. This vulnerability affects Firefox for iOS \u003c 142 and Focus for iOS \u003c 142."
}
],
"value": "Malicious pages could use Firefox for iOS to pass FIDO: links to the OS and trigger the hybrid passkey transport. An attacker within Bluetooth range could have used this to trick the user into using their passkey to log the attacker\u0027s computer into the target account. This vulnerability affects Firefox for iOS \u003c 142 and Focus for iOS \u003c 142."
}
],
"providerMetadata": {
"dateUpdated": "2025-10-30T16:11:09.283Z",
"orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"shortName": "mozilla"
},
"references": [
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1979499"
},
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1979804"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2025-68/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2025-69/"
}
],
"title": "Passkey phishing within Bluetooth range"
}
},
"cveMetadata": {
"assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"assignerShortName": "mozilla",
"cveId": "CVE-2025-55031",
"datePublished": "2025-08-19T20:52:49.748Z",
"dateReserved": "2025-08-05T13:26:34.686Z",
"dateUpdated": "2025-10-30T16:11:09.283Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-3859 (GCVE-0-2025-3859)
Vulnerability from nvd – Published: 2025-04-30 16:30 – Updated: 2025-05-12 15:49
VLAI?
Summary
Websites directing users to long URLs that caused eliding to occur in the location view could leverage the truncating behavior to potentially trick users into thinking they were on a different webpage This vulnerability affects Focus < 138.
Severity ?
4.3 (Medium)
CWE
- Firefox Focus elide URL allows address bar spoofing
Assigner
References
Credits
James Lee
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-3859",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-30T17:13:54.226201Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-451",
"description": "CWE-451 User Interface (UI) Misrepresentation of Critical Information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-12T15:49:52.650Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Focus",
"vendor": "Mozilla",
"versions": [
{
"lessThan": "138",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "James Lee"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Websites directing users to long URLs that caused eliding to occur in the location view could leverage the truncating behavior to potentially trick users into thinking they were on a different webpage This vulnerability affects Focus \u003c 138."
}
],
"value": "Websites directing users to long URLs that caused eliding to occur in the location view could leverage the truncating behavior to potentially trick users into thinking they were on a different webpage This vulnerability affects Focus \u003c 138."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Firefox Focus elide URL allows address bar spoofing",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-30T16:30:18.670Z",
"orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"shortName": "mozilla"
},
"references": [
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1951533"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2025-33/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"assignerShortName": "mozilla",
"cveId": "CVE-2025-3859",
"datePublished": "2025-04-30T16:30:18.670Z",
"dateReserved": "2025-04-21T16:01:02.407Z",
"dateUpdated": "2025-05-12T15:49:52.650Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-10474 (GCVE-0-2024-10474)
Vulnerability from nvd – Published: 2024-10-29 12:19 – Updated: 2025-03-13 19:11
VLAI?
Summary
Focus was incorrectly allowing internal links to utilize the app scheme used for deeplinking, which could result in links potentially circumventing some URL safety checks This vulnerability affects Focus for iOS < 132.
Severity ?
9.1 (Critical)
CWE
- Don't allow web content to open firefox-focus URLs
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Mozilla | Focus for iOS |
Affected:
unspecified , < 132
(custom)
|
Credits
James Lee
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:mozilla:focus_for_ios:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "focus_for_ios",
"vendor": "mozilla",
"versions": [
{
"lessThan": "132",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-10474",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-29T13:58:46.853408Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "CWE-287 Improper Authentication",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-13T19:11:52.222Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Focus for iOS",
"vendor": "Mozilla",
"versions": [
{
"lessThan": "132",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "James Lee"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Focus was incorrectly allowing internal links to utilize the app scheme used for deeplinking, which could result in links potentially circumventing some URL safety checks This vulnerability affects Focus for iOS \u003c 132."
}
],
"value": "Focus was incorrectly allowing internal links to utilize the app scheme used for deeplinking, which could result in links potentially circumventing some URL safety checks This vulnerability affects Focus for iOS \u003c 132."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Don\u0027t allow web content to open firefox-focus URLs",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-29T12:19:20.120Z",
"orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"shortName": "mozilla"
},
"references": [
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1863832"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2024-60/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"assignerShortName": "mozilla",
"cveId": "CVE-2024-10474",
"datePublished": "2024-10-29T12:19:20.120Z",
"dateReserved": "2024-10-28T18:38:28.355Z",
"dateUpdated": "2025-03-13T19:11:52.222Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-8399 (GCVE-0-2024-8399)
Vulnerability from nvd – Published: 2024-09-03 20:07 – Updated: 2025-03-19 15:24
VLAI?
Summary
Websites could utilize Javascript links to spoof URL addresses in the Focus navigation bar This vulnerability affects Focus for iOS < 130.
Severity ?
4.7 (Medium)
CWE
- iOS Firefox Focus javascript URI address bar spoofing
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Mozilla | Focus for iOS |
Affected:
unspecified , < 130
(custom)
|
Credits
James Lee
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-8399",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-03T20:50:22.886276Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-290",
"description": "CWE-290 Authentication Bypass by Spoofing",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-19T15:24:15.482Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Focus for iOS",
"vendor": "Mozilla",
"versions": [
{
"lessThan": "130",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "James Lee"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Websites could utilize Javascript links to spoof URL addresses in the Focus navigation bar This vulnerability affects Focus for iOS \u003c 130."
}
],
"value": "Websites could utilize Javascript links to spoof URL addresses in the Focus navigation bar This vulnerability affects Focus for iOS \u003c 130."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "iOS Firefox Focus javascript URI address bar spoofing",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-03T20:07:38.036Z",
"orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"shortName": "mozilla"
},
"references": [
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1863838"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2024-42/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"assignerShortName": "mozilla",
"cveId": "CVE-2024-8399",
"datePublished": "2024-09-03T20:07:38.036Z",
"dateReserved": "2024-09-03T17:48:07.569Z",
"dateUpdated": "2025-03-19T15:24:15.482Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-5022 (GCVE-0-2024-5022)
Vulnerability from nvd – Published: 2024-05-17 18:42 – Updated: 2024-10-28 20:14
VLAI?
Summary
The file scheme of URLs would be hidden, resulting in potential spoofing of a website's address in the location bar This vulnerability affects Focus for iOS < 126.
Severity ?
4.4 (Medium)
CWE
- URLs with file scheme could have been used to spoof addresses in the location bar
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Mozilla | Focus for iOS |
Affected:
unspecified , < 126
(custom)
|
Credits
James Lee
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-5022",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-16T12:58:10.876388Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-noinfo Not enough information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-28T20:14:31.596Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T20:55:10.438Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1874560"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2024-24/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Focus for iOS",
"vendor": "Mozilla",
"versions": [
{
"lessThan": "126",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "James Lee"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The file scheme of URLs would be hidden, resulting in potential spoofing of a website\u0027s address in the location bar This vulnerability affects Focus for iOS \u003c 126."
}
],
"value": "The file scheme of URLs would be hidden, resulting in potential spoofing of a website\u0027s address in the location bar This vulnerability affects Focus for iOS \u003c 126."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "URLs with file scheme could have been used to spoof addresses in the location bar",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-17T18:42:24.791Z",
"orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"shortName": "mozilla"
},
"references": [
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1874560"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2024-24/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"assignerShortName": "mozilla",
"cveId": "CVE-2024-5022",
"datePublished": "2024-05-17T18:42:24.791Z",
"dateReserved": "2024-05-16T17:39:36.052Z",
"dateUpdated": "2024-10-28T20:14:31.596Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-1563 (GCVE-0-2024-1563)
Vulnerability from nvd – Published: 2024-02-22 14:56 – Updated: 2025-03-27 15:05
VLAI?
Summary
An attacker could have executed unauthorized scripts on top origin sites using a JavaScript URI when opening an external URL with a custom Firefox scheme and a timeout race condition. This vulnerability affects Focus for iOS < 122.
Severity ?
8.1 (High)
CWE
- UXSS exploit using a timeout after externally opening the application from a custom Focus scheme
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Mozilla | Focus for iOS |
Affected:
unspecified , < 122
(custom)
|
Credits
James Lee
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-1563",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-02-22T18:07:37.490603Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-367",
"description": "CWE-367 Time-of-check Time-of-use (TOCTOU) Race Condition",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-27T15:05:38.068Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T18:40:21.368Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1863831"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2024-09/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Focus for iOS",
"vendor": "Mozilla",
"versions": [
{
"lessThan": "122",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "James Lee"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An attacker could have executed unauthorized scripts on top origin sites using a JavaScript URI when opening an external URL with a custom Firefox scheme and a timeout race condition. This vulnerability affects Focus for iOS \u003c 122."
}
],
"value": "An attacker could have executed unauthorized scripts on top origin sites using a JavaScript URI when opening an external URL with a custom Firefox scheme and a timeout race condition. This vulnerability affects Focus for iOS \u003c 122."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "UXSS exploit using a timeout after externally opening the application from a custom Focus scheme",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-02-22T14:56:42.888Z",
"orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"shortName": "mozilla"
},
"references": [
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1863831"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2024-09/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"assignerShortName": "mozilla",
"cveId": "CVE-2024-1563",
"datePublished": "2024-02-22T14:56:42.888Z",
"dateReserved": "2024-02-15T19:38:27.164Z",
"dateUpdated": "2025-03-27T15:05:38.068Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-26284 (GCVE-0-2024-26284)
Vulnerability from nvd – Published: 2024-02-22 14:56 – Updated: 2025-03-28 18:30
VLAI?
Summary
Utilizing a 302 redirect, an attacker could have conducted a Universal Cross-Site Scripting (UXSS) on a victim website, if the victim had a link to the attacker's website. This vulnerability affects Focus for iOS < 123.
Severity ?
6.1 (Medium)
CWE
- UXSS exploit via 302 Redirect
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Mozilla | Focus for iOS |
Affected:
unspecified , < 123
(custom)
|
Credits
James Lee
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-26284",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-02-22T16:59:26.828962Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-28T18:30:43.012Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:07:19.131Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1860075"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2024-10/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Focus for iOS",
"vendor": "Mozilla",
"versions": [
{
"lessThan": "123",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "James Lee"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Utilizing a 302 redirect, an attacker could have conducted a Universal Cross-Site Scripting (UXSS) on a victim website, if the victim had a link to the attacker\u0027s website. This vulnerability affects Focus for iOS \u003c 123."
}
],
"value": "Utilizing a 302 redirect, an attacker could have conducted a Universal Cross-Site Scripting (UXSS) on a victim website, if the victim had a link to the attacker\u0027s website. This vulnerability affects Focus for iOS \u003c 123."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "UXSS exploit via 302 Redirect",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-02-22T14:56:42.004Z",
"orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"shortName": "mozilla"
},
"references": [
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1860075"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2024-10/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"assignerShortName": "mozilla",
"cveId": "CVE-2024-26284",
"datePublished": "2024-02-22T14:56:42.004Z",
"dateReserved": "2024-02-15T19:27:47.711Z",
"dateUpdated": "2025-03-28T18:30:43.012Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}