CVE-2024-0605

Using a javascript: URI with a setTimeout race condition, an attacker can execute unauthorized scripts on top origin sites in urlbar. This bypasses security measures, potentially leading to arbitrary code execution or unauthorized actions within the user's loaded webpage. This vulnerability affects Focus for iOS < 122.

Published: Jan 22, 2024
Updated: Jan 31, 2024
CVE: CVE-2024-0605
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 7.5
AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

CWEs:

CWE-362

Affected Software
References

Software	From	Fixed in
mozilla / firefox_focus	-	122.0

https://bugzilla.mozilla.org/show_bug.cgi?id=1855575
https://www.mozilla.org/security/advisories/mfsa2024-03/

Vulnerability Database

289,697

CVE-2024-0605