Mozilla

Firefox Focus

19 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.5

CVE-2025-10290

  • EPSS 0.03%
  • Published 16.09.2025 12:26:39
  • Last modified 19.09.2025 20:56:01

Opening links via the contextual menu in Focus iOS for certain URL schemes would fail to load but would not refresh the toolbar correctly, allowing attackers to spoof websites if users were coerced into opening a link explicitly through a long-press ...

6.1

CVE-2025-55033

  • EPSS 0.03%
  • Published 19.08.2025 20:52:51
  • Last modified 21.08.2025 18:38:38

Dragging JavaScript links to the URL bar in Focus for iOS could be utilized to run malicious scripts, potentially resulting in XSS attacks This vulnerability affects Focus for iOS < 142.

6.1

CVE-2025-55032

Media report
  • EPSS 0.03%
  • Published 19.08.2025 20:52:50
  • Last modified 21.08.2025 18:38:45

Focus for iOS would not respect a Content-Disposition header of type Attachment and would incorrectly display the content inline, potentially allowing for XSS attacks This vulnerability affects Focus for iOS < 142.

9.8

CVE-2025-55031

  • EPSS 0.06%
  • Published 19.08.2025 20:52:49
  • Last modified 21.08.2025 18:38:56

Malicious pages could use Firefox for iOS to pass FIDO: links to the OS and trigger the hybrid passkey transport. An attacker within Bluetooth range could have used this to trick the user into using their passkey to log the attacker's computer into t...

6.1

CVE-2025-3859

  • EPSS 0.03%
  • Published 30.04.2025 16:30:18
  • Last modified 12.05.2025 19:43:47

Websites directing users to long URLs that caused eliding to occur in the location view could leverage the truncating behavior to potentially trick users into thinking they were on a different webpage This vulnerability affects Focus < 138.

6.5

CVE-2024-10474

  • EPSS 0.1%
  • Published 29.10.2024 13:15:04
  • Last modified 13.03.2025 20:15:16

Focus was incorrectly allowing internal links to utilize the app scheme used for deeplinking, which could result in links potentially circumventing some URL safety checks This vulnerability affects Focus for iOS < 132.

6.5

CVE-2024-9391

  • EPSS 0.11%
  • Published 01.10.2024 16:15:10
  • Last modified 04.04.2025 14:39:26

A user who enables full-screen mode on a specially crafted web page could potentially be prevented from exiting full screen mode. This may allow spoofing of other sites as the address bar is no longer visible. *This bug only affects Firefox Focus fo...

4.7

CVE-2024-8399

  • EPSS 0.09%
  • Published 03.09.2024 20:15:09
  • Last modified 19.03.2025 16:15:29

Websites could utilize Javascript links to spoof URL addresses in the Focus navigation bar This vulnerability affects Focus for iOS < 130.

4.4

CVE-2024-5022

  • EPSS 0.21%
  • Published 17.05.2024 19:15:07
  • Last modified 04.04.2025 14:25:28

The file scheme of URLs would be hidden, resulting in potential spoofing of a website's address in the location bar This vulnerability affects Focus for iOS < 126.

6.1

CVE-2024-26284

Exploit
  • EPSS 0.65%
  • Published 22.02.2024 15:15:08
  • Last modified 28.03.2025 19:15:19

Utilizing a 302 redirect, an attacker could have conducted a Universal Cross-Site Scripting (UXSS) on a victim website, if the victim had a link to the attacker's website. This vulnerability affects Focus for iOS < 123.