CVE-2024-0953
Severity Score
6.1
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
1
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
Track
*SSVC
Descriptions
When a user scans a QR Code with the QR Code Scanner feature, the user is not prompted before being navigated to the page specified in the code. This may surprise the user and potentially direct them to unwanted content.
Cuando un usuario escanea un código QR con la función Escáner de código QR, no se le pregunta al usuario antes de navegar a la página especificada en el código. Esto puede sorprender al usuario y potencialmente dirigirlo a contenido no deseado.
When a user scans a QR Code with the QR Code Scanner feature, the user is not prompted before being navigated to the page specified in the code. This may surprise the user and potentially direct them to unwanted content. This vulnerability affects Firefox for iOS < 129.
*Credits:
Lohith Gowda M
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:Track
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2024-01-26 CVE Reserved
- 2024-02-05 CVE Published
- 2024-02-10 EPSS Updated
- 2024-08-06 CVE Updated
- 2024-08-06 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-601: URL Redirection to Untrusted Site ('Open Redirect')
CAPEC
References (2)
| URL | Tag | Source |
|---|---|---|
| https://www.mozilla.org/security/advisories/mfsa2024-36 |
| URL | Date | SRC |
|---|---|---|
| https://bugzilla.mozilla.org/show_bug.cgi?id=1837916 | 2024-08-06 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|