← voltar
CVE-2024-0605

CVE-2024-0605

CVSS 7.5 HIGHEPSS 0.4%CWE-362
Using a javascript: URI with a setTimeout race condition, an attacker can execute unauthorized scripts on top origin sites in urlbar. This bypasses security measures, potentially leading to arbitrary code execution or unauthorized actions within the user's loaded webpage. This vulnerability affects Focus for iOS < 122.
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
Produtos afetados
Mozilla · Focus for iOS

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://bugzilla.mozilla.org/show_bug.cgi?id=1855575https://www.mozilla.org/security/advisories/mfsa2024-03/