Help us improve your Mozilla experience

In addition to Cookies necessary for this site to function, we’d like your permission to set some additional Cookies to better understand your browsing needs and improve your experience. Rest assured — we value your privacy.

Cookie settings
Mozilla
  • Firefox browsers

    • Firefox for Desktop

    • Firefox for iOS

    • Firefox for Android

    • Firefox Focus

    • Firefox blog
  • Products

    • Mozilla VPN

    • Mozilla Monitor

    • Firefox Relay

    • Pocket

    • MDN Plus

    • Fakespot

    • Thunderbird

    All products

  • About us

    Our Mission

    • About Mozilla

    • The Mozilla Manifesto

    • Get Involved

    • Blog

    Our Work

    • Mozilla Foundation

    • Mozilla.ai

    • Mozilla Ventures

    • Mozilla Advertising

    • Mozilla Builders

    • Mozilla New Products

Menu

  • Mozilla Security

Mozilla Security

  • Advisories
  • Known Vulnerabilities
  • Mozilla Security Blog
  • Security Bug Bounty
  • Third-party Injection Policy

Client Bug Bounty

  • Frequently Asked Questions
  • Hall of Fame

Web Bug Bounty

  • Eligible Websites
  • Frequently Asked Questions
  • Hall of Fame

Mozilla Foundation Security Advisory 2024-24

Security Vulnerabilities fixed in Focus for iOS 126

Announced
May 16, 2024
Impact
high
Products
Focus for iOS
Fixed in
  • Focus for iOS 126

#CVE-2024-5022: URLs with file scheme could have been used to spoof addresses in the location bar

Reporter
James Lee
Impact
high
Description

The file scheme of URLs would be hidden, resulting in potential spoofing of a website's address in the location bar

References
  • Bug 1874560

Mozilla Advertising

Privacy-first advertising solutions for brands, publishers, and platforms.

Learn more about Mozilla Advertising

Company

  • Leadership
  • Press Center
  • Careers
  • Contact

Support

  • Product Help
  • File a Bug
  • Localize Mozilla

Developers

  • Developer Edition
  • Enterprise
  • Tools
  • MDN
  • Firefox Release Notes

Follow @Mozilla

  • Bluesky (@mozilla.org)
  • Instagram (@mozilla)
  • LinkedIn (@mozilla)
  • TikTok (@mozilla)
  • Spotify (@mozilla)

Follow @Firefox

  • Bluesky (@firefox.com)
  • Instagram (@firefox)
  • YouTube (@firefoxchannel)
  • TikTok (@firefox)
Donate

Visit Mozilla Corporation’s not-for-profit parent, the Mozilla Foundation.
Portions of this content are ©1998–2025 by individual mozilla.org contributors. Content available under a Creative Commons license.

  • Website Privacy Notice
  • Cookies
  • Legal
  • Community Participation Guidelines
  • About this site