CVE-2024-10474 | THREATINT

Description

Focus was incorrectly allowing internal links to utilize the app scheme used for deeplinking, which could result in links potentially circumventing some URL safety checks This vulnerability affects Focus for iOS < 132.

PUBLISHED Reserved 2024-10-28 | Published 2024-10-29 | Updated 2025-03-13 | Assigner mozilla

Problem types

Don't allow web content to open firefox-focus URLs

Product status

Any version before 132

affected

Credits

James Lee

References

bugzilla.mozilla.org/show_bug.cgi?id=1863832

www.mozilla.org/security/advisories/mfsa2024-60/

cve.org (CVE-2024-10474)

nvd.nist.gov (CVE-2024-10474)

Download JSON