CVSS: 9.1EPSS: 0%CPEs: 3EXPL: 0CVE-2024-10474
https://notcve.org/view.php?id=CVE-2024-10474
29 Oct 2024 — Focus was incorrectly allowing internal links to utilize the app scheme used for deeplinking, which could result in links potentially circumventing some URL safety checks This vulnerability affects Focus for iOS < 132. • https://bugzilla.mozilla.org/show_bug.cgi?id=1863832 • CWE-287: Improper Authentication •
CVSS: 5.0EPSS: 0%CPEs: 2EXPL: 0CVE-2024-8399
https://notcve.org/view.php?id=CVE-2024-8399
03 Sep 2024 — Websites could utilize Javascript links to spoof URL addresses in the Focus navigation bar This vulnerability affects Focus for iOS < 130. • https://bugzilla.mozilla.org/show_bug.cgi?id=1863838 • CWE-290: Authentication Bypass by Spoofing •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-5022
https://notcve.org/view.php?id=CVE-2024-5022
17 May 2024 — The file scheme of URLs would be hidden, resulting in potential spoofing of a website's address in the location bar This vulnerability affects Focus for iOS < 126. El esquema de archivos de las URL estaría oculto, lo que daría como resultado una posible falsificación de la dirección de un sitio web en la barra de direcciones. Esta vulnerabilidad afecta a Focus para iOS < 126. • https://bugzilla.mozilla.org/show_bug.cgi?id=1874560 •
CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-1563
https://notcve.org/view.php?id=CVE-2024-1563
22 Feb 2024 — An attacker could have executed unauthorized scripts on top origin sites using a JavaScript URI when opening an external URL with a custom Firefox scheme and a timeout race condition. This vulnerability affects Focus for iOS < 122. Un atacante podría haber ejecutado scripts no autorizados en sitios de origen principales utilizando un URI de JavaScript al abrir una URL externa con un esquema personalizado de Firefox y una condición de ejecución de tiempo de espera. Esta vulnerabilidad afecta a Focus para iOS... • https://bugzilla.mozilla.org/show_bug.cgi?id=1863831 • CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-26284
https://notcve.org/view.php?id=CVE-2024-26284
22 Feb 2024 — Utilizing a 302 redirect, an attacker could have conducted a Universal Cross-Site Scripting (UXSS) on a victim website, if the victim had a link to the attacker's website. This vulnerability affects Focus for iOS < 123. 8Utilizando una redirección 302, un atacante podría haber realizado un Universal Cross-Site Scripting (UXSS) en el sitio web de una víctima, si la víctima tuviera un enlace al sitio web del atacante. Esta vulnerabilidad afecta a Focus para iOS < 123. • https://bugzilla.mozilla.org/show_bug.cgi?id=1860075 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-0606
https://notcve.org/view.php?id=CVE-2024-0606
22 Jan 2024 — An attacker could execute unauthorized script on a legitimate site through UXSS using window.open() by opening a javascript URI leading to unauthorized actions within the user's loaded webpage. This vulnerability affects Focus for iOS < 122. Un atacante podría ejecutar un script no autorizado en un sitio legítimo a través de UXSS usando window.open() abriendo un URI de JavaScript que conduzca a acciones no autorizadas dentro de la página web cargada por el usuario. Esta vulnerabilidad afecta a Focus para iO... • https://bugzilla.mozilla.org/show_bug.cgi?id=1855030 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.6EPSS: 0%CPEs: 1EXPL: 0CVE-2024-0605
https://notcve.org/view.php?id=CVE-2024-0605
22 Jan 2024 — Using a javascript: URI with a setTimeout race condition, an attacker can execute unauthorized scripts on top origin sites in urlbar. This bypasses security measures, potentially leading to arbitrary code execution or unauthorized actions within the user's loaded webpage. This vulnerability affects Focus for iOS < 122. Usando un javascript: URI con una condición de ejecución setTimeout, un atacante puede ejecutar scripts no autorizados en los principales sitios de origen en urlbar. Esto elude las medidas de... • https://bugzilla.mozilla.org/show_bug.cgi?id=1855575 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 5.0EPSS: 0%CPEs: 3EXPL: 0CVE-2023-6870 – Gentoo Linux Security Advisory 202401-10
https://notcve.org/view.php?id=CVE-2023-6870
19 Dec 2023 — Applications which spawn a Toast notification in a background thread may have obscured fullscreen notifications displayed by Firefox. *This issue only affects Android versions of Firefox and Firefox Focus.* This vulnerability affects Firefox < 121. Las aplicaciones que generan una notificación Toast en un hilo en segundo plano pueden haber oscurecido las notificaciones en pantalla completa mostradas por Firefox. *Este problema solo afecta a las versiones Firefox y Firefox Focus de Android.* Esta vulnerabili... • https://bugzilla.mozilla.org/show_bug.cgi?id=1823316 •
CVSS: 10.0EPSS: 7%CPEs: 25EXPL: 2CVE-2023-5217 – Google Chromium libvpx Heap Buffer Overflow Vulnerability
https://notcve.org/view.php?id=CVE-2023-5217
28 Sep 2023 — Heap buffer overflow in vp8 encoding in libvpx in Google Chrome prior to 117.0.5938.132 and libvpx 1.13.1 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) El desbordamiento del búfer en la codificación vp8 en libvpx en Google Chrome anterior a 117.0.5938.132 y libvpx 1.13.1 permitía a un atacante remoto explotar potencialmente la corrupción del montón a través de una página HTML manipulada. (Severidad de seguridad de Chrome: alta) A... • https://github.com/UT-Security/cve-2023-5217-poc • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2023-29546
https://notcve.org/view.php?id=CVE-2023-29546
19 Jun 2023 — When recording the screen while in Private Browsing on Firefox for Android the address bar and keyboard were not hidden, potentially leaking sensitive information. *This bug only affects Firefox for Android. Other operating systems are unaffected.* This vulnerability affects Firefox for Android < 112 and Focus for Android < 112. • https://bugzilla.mozilla.org/show_bug.cgi?id=1780842 •