Vulnerabilities

CVE-2024-0606

by Fred · 22/01/2024

An attacker could execute unauthorized script on a legitimate site through UXSS using window.open() by opening a javascript URI leading to unauthorized actions within the user’s loaded webpage. This vulnerability affects Focus for iOS < 122. More information : https://bugzilla.mozilla.org/show_bug.cgi?id=1855030

Attack vector : NETWORK
Attack complexity : LOW
Privileges required : NONE
User interaction : REQUIRED
Confidentiality impact : LOW
Integrity impact : LOW
Base score : 6.1
Base severity : MEDIUM
Exploitability score : 2.8
Impact score : 2.7

Similar

Tags: Cybersecurity Alert