CVE-2024-0605 Information

Description

Using a javascript: URI with a setTimeout race condition an attacker can execute unauthorized scripts on top origin sites in urlbar. This bypasses security measures potentially leading to arbitrary code execution or unauthorized actions within the user’s loaded webpage. This vulnerability affects Focus for iOS < 122.

Reference

https://bugzilla.mozilla.org/show_bug.cgi?id=1855575 https://www.mozilla.org/security/advisories/mfsa2024-03/ Using a javascript: URI with a setTimeout race condition an attacker can execute unauthorized scripts on top origin sites in urlbar. This bypasses security measures potentially leading to arbitrary code execution or unauthorized actions within the user’s loaded webpage. This vulnerability affects Focus for iOS < 122.