CVE-2024-10474

6.5

Medium

Published:29 Oct 2024

Last updated:17 Jun 2026

Source:security@mozilla.org

Modified

Weakness (CWE)

CWE-287Improper Authentication

CVSS Vector

v3.1

Attack Vector: Network
Attack Complexity: Low
Privileges Required: None
User Interaction: Required
Scope: Unchanged
Confidentiality: None
Integrity: High
Availability: None

View on MITRE Find PoC on GitHub

Description

Focus was incorrectly allowing internal links to utilize the app scheme used for deeplinking, which could result in links potentially circumventing some URL safety checks This vulnerability affects Focus for iOS < 132.

References

security@mozilla.org

https://bugzilla.mozilla.org/show_bug.cgi?id=1863832

security@mozilla.org

https://www.mozilla.org/security/advisories/mfsa2024-60/