Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2024-10474

Focus was incorrectly allowing internal links to utilize the app scheme used for deeplinking, which could result in links potentially circumventing some URL safety checks This vulnerability affects Focus for iOS < 132.

Published

2024-10-29T13:15:04.513

Last Modified

2025-03-13T20:15:16.680

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 6.5 (MEDIUM)

Weaknesses

Type: Primary
NVD-CWE-noinfo
Type: Secondary
CWE-287

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	mozilla	firefox_focus	< 132.0	Yes

References

https://bugzilla.mozilla.org/show_bug.cgi?id=1863832 Issue Tracking, Permissions Required ([email protected])
https://www.mozilla.org/security/advisories/mfsa2024-60/ Vendor Advisory ([email protected])