CVE-2024-10474

Focus was incorrectly allowing internal links to utilize the app scheme used for deeplinking, which could result in links potentially circumventing some URL safety checks This vulnerability affects Focus for iOS < 132.

CVSS v3 6.5 MEDIUM

6.5^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 2.8 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact NONE

Integrity Impact HIGH

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://bugzilla.mozilla.org/show_bug.cgi?id=1863832	Issue Tracking Permissions Required
https://www.mozilla.org/security/advisories/mfsa2024-60/	Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:mozilla:firefox_focus:*:*:*:*:*:iphone_os:*:*

History

13 Mar 2025, 20:15

Type	Values Removed	Values Added
CWE		CWE-287

Information

Published : 2024-10-29 13:15

Updated : 2025-03-13 20:15

NVD link : CVE-2024-10474

Mitre link : CVE-2024-10474

CVE.ORG link : CVE-2024-10474

JSON object : View

Products Affected

mozilla

firefox_focus

CWE

NVD-CWE-noinfo CWE-287

Improper Authentication

{"id": "CVE-2024-10474", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 2.8}, {"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.1, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.2, "exploitabilityScore": 3.9}]}, "published": "2024-10-29T13:15:04.513", "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1863832", "tags": ["Issue Tracking", "Permissions Required"], "source": "security@mozilla.org"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2024-60/", "tags": ["Vendor Advisory"], "source": "security@mozilla.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}, {"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-287"}]}], "descriptions": [{"lang": "en", "value": "Focus was incorrectly allowing internal links to utilize the app scheme used for deeplinking, which could result in links potentially circumventing some URL safety checks This vulnerability affects Focus for iOS < 132."}, {"lang": "es", "value": " Focus permit\u00eda incorrectamente que los enlaces internos utilizaran el esquema de aplicaci\u00f3n usado para enlaces profundos, lo que podr\u00eda resultar en enlaces que potencialmente eludieran algunos controles de seguridad de URL. Esta vulnerabilidad afecta a Focus para iOS < 132."}], "lastModified": "2025-03-13T20:15:16.680", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:mozilla:firefox_focus:*:*:*:*:*:iphone_os:*:*", "vulnerable": true, "matchCriteriaId": "2DC764CC-C2FB-4DC1-9D70-1641904A0F63", "versionEndExcluding": "132.0"}], "operator": "OR"}]}], "sourceIdentifier": "security@mozilla.org"}