Mozilla Foundation Security Advisory 2024-60
Security Vulnerabilities fixed in Focus for iOS 132
- Announced
- October 28, 2024
- Impact
- moderate
- Products
- Focus for iOS
- Fixed in
-
- Focus for iOS 132
#CVE-2024-10474: Don't allow web content to open firefox-focus URLs
- Reporter
- James Lee
- Impact
- moderate
Description
Focus was incorrectly allowing internal links to utilize the app scheme used for deeplinking, which could result in links potentially circumventing some URL safety checks