CVE-2024-10474
MEDIUMFirefox Focus < 132.0 - Improper Authentication via Deeplink Scheme Bypass
Title source: llmDescription
Focus was incorrectly allowing internal links to utilize the app scheme used for deeplinking, which could result in links potentially circumventing some URL safety checks This vulnerability affects Focus for iOS < 132.
References (2)
Core 2
Core References
Issue Tracking, Permissions Required
https://bugzilla.mozilla.org/show_bug.cgi?id=1863832
Vendor Advisory
https://www.mozilla.org/security/advisories/mfsa2024-60/
Scores
CVSS v3
6.5
EPSS
0.0030
EPSS Percentile
53.1%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
yes
Technical Impact
total
Details
CWE
CWE-287
Status
published
Products (1)
mozilla/firefox_focus
< 132.0
Published
Oct 29, 2024
Tracked Since
Feb 18, 2026