Mozilla Foundation Security Advisory 2024-36
Security Vulnerabilities fixed in Firefox for iOS 129
- Announced
- August 5, 2024
- Impact
- moderate
- Products
- Firefox for iOS
- Fixed in
-
- Firefox for iOS 129
#CVE-2024-43112: iOS Firefox Download UXSS
- Reporter
- James Lee
- Impact
- moderate
Description
Long pressing on a download link could potentially provide a means for cross-site scripting
References
#CVE-2024-43113: The Context Menu for iOS Firefox can over ride on any origin allowing UXSS everywhere with bug id 1874910
- Reporter
- James Lee
- Impact
- moderate
Description
The contextual menu for links could provide an opportunity for cross-site scripting attacks
References
#CVE-2024-0953: QR Code Scanner does not prompt before navigating user
- Reporter
- Lohith Gowda M
- Impact
- low
Description
When a user scans a QR Code with the QR Code Scanner feature, the user is not prompted before being navigated to the page specified in the code. This may surprise the user and potentially direct them to unwanted content.
References
#CVE-2024-43111: iOS Firefox allows to run javascript with download
- Reporter
- James Lee
- Impact
- low
Description
Long pressing on a download link could potentially allow Javascript commands to be executed within the browser