OpenCVE

Focus was incorrectly allowing internal links to utilize the app scheme used for deeplinking, which could result in links potentially circumventing some URL safety checks This vulnerability affects Focus for iOS < 132.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable yes

Technical Impact total

Vendors	Products
Mozilla	Firefox Focus Focus For Ios

Configuration 1 [-]

cpe:2.3:a:mozilla:firefox_focus:*:*:*:*:*:iphone_os:*:*

No data.

References

Link	Providers
https://bugzilla.mozilla.org/show_bug.cgi?id=1863832
https://www.mozilla.org/security/advisories/mfsa2024-60/

History

Mon, 04 Nov 2024 14:00:00 +0000

Type	Values Removed	Values Added
First Time appeared		Mozilla firefox Focus
Weaknesses		NVD-CWE-noinfo
CPEs		cpe:2.3:a:mozilla:firefox_focus::::::iphone_os::*
Vendors & Products		Mozilla firefox Focus

Tue, 29 Oct 2024 14:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Mozilla Mozilla focus For Ios
CPEs		cpe:2.3:a:mozilla:focus_for_ios::::::::
Vendors & Products		Mozilla Mozilla focus For Ios
Metrics		cvssV3_1 `{'score': 9.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N'}` ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Tue, 29 Oct 2024 12:30:00 +0000

Type	Values Removed	Values Added
Description		Focus was incorrectly allowing internal links to utilize the app scheme used for deeplinking, which could result in links potentially circumventing some URL safety checks This vulnerability affects Focus for iOS < 132.
References		https://bugzilla.mozilla.org/show_bug.cgi?id=1863832 https://www.mozilla.org/security/advisories/mfsa2024-60/

MITRE

Status: PUBLISHED

Assigner: mozilla

Published: 2024-10-29T12:19:20.120Z

Updated: 2024-10-29T14:02:10.171Z

Reserved: 2024-10-28T18:38:28.355Z

Link: CVE-2024-10474

Vulnrichment

Updated: 2024-10-29T14:02:02.344Z

NVD

Status : Analyzed

Published: 2024-10-29T13:15:04.513

Modified: 2024-11-04T13:34:48.513

Link: CVE-2024-10474

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-10474", "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "state": "PUBLISHED", "assignerShortName": "mozilla", "dateReserved": "2024-10-28T18:38:28.355Z", "datePublished": "2024-10-29T12:19:20.120Z", "dateUpdated": "2024-10-29T14:02:10.171Z"}, "containers": {"cna": {"affected": [{"product": "Focus for iOS", "vendor": "Mozilla", "versions": [{"lessThan": "132", "status": "affected", "version": "unspecified", "versionType": "custom"}]}], "descriptions": [{"lang": "en", "value": "Focus was incorrectly allowing internal links to utilize the app scheme used for deeplinking, which could result in links potentially circumventing some URL safety checks This vulnerability affects Focus for iOS < 132.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "Focus was incorrectly allowing internal links to utilize the app scheme used for deeplinking, which could result in links potentially circumventing some URL safety checks This vulnerability affects Focus for iOS < 132."}]}], "problemTypes": [{"descriptions": [{"description": "Don't allow web content to open firefox-focus URLs", "lang": "en", "type": "text"}]}], "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1863832"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2024-60/"}], "credits": [{"lang": "en", "value": "James Lee"}], "providerMetadata": {"orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "shortName": "mozilla", "dateUpdated": "2024-10-29T12:19:20.120Z"}}, "adp": [{"affected": [{"vendor": "mozilla", "product": "focus_for_ios", "cpes": ["cpe:2.3:a:mozilla:focus_for_ios:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThan": "132", "versionType": "custom"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.1, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2024-10-29T13:58:46.853408Z", "id": "CVE-2024-10474", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-29T14:02:10.171Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.1, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2024-10474", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-10-29T13:58:46.853408Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:mozilla:focus_for_ios:*:*:*:*:*:*:*:*"], "vendor": "mozilla", "product": "focus_for_ios", "versions": [{"status": "affected", "version": "0", "lessThan": "132", "versionType": "custom"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-29T14:02:02.344Z"}}], "cna": {"credits": [{"lang": "en", "value": "James Lee"}], "affected": [{"vendor": "Mozilla", "product": "Focus for iOS", "versions": [{"status": "affected", "version": "unspecified", "lessThan": "132", "versionType": "custom"}]}], "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1863832"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2024-60/"}], "descriptions": [{"lang": "en", "value": "Focus was incorrectly allowing internal links to utilize the app scheme used for deeplinking, which could result in links potentially circumventing some URL safety checks This vulnerability affects Focus for iOS < 132.", "supportingMedia": [{"type": "text/html", "value": "Focus was incorrectly allowing internal links to utilize the app scheme used for deeplinking, which could result in links potentially circumventing some URL safety checks This vulnerability affects Focus for iOS < 132.", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "text", "description": "Don't allow web content to open firefox-focus URLs"}]}], "providerMetadata": {"orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "shortName": "mozilla", "dateUpdated": "2024-10-29T12:19:20.120Z"}}}, "cveMetadata": {"cveId": "CVE-2024-10474", "state": "PUBLISHED", "dateUpdated": "2024-10-29T14:02:10.171Z", "dateReserved": "2024-10-28T18:38:28.355Z", "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "datePublished": "2024-10-29T12:19:20.120Z", "assignerShortName": "mozilla"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:mozilla:firefox_focus:*:*:*:*:*:iphone_os:*:*", "matchCriteriaId": "2DC764CC-C2FB-4DC1-9D70-1641904A0F63", "versionEndExcluding": "132.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Focus was incorrectly allowing internal links to utilize the app scheme used for deeplinking, which could result in links potentially circumventing some URL safety checks This vulnerability affects Focus for iOS < 132."}, {"lang": "es", "value": " Focus permit\u00eda incorrectamente que los enlaces internos utilizaran el esquema de aplicaci\u00f3n usado para enlaces profundos, lo que podr\u00eda resultar en enlaces que potencialmente eludieran algunos controles de seguridad de URL. Esta vulnerabilidad afecta a Focus para iOS < 132."}], "id": "CVE-2024-10474", "lastModified": "2024-11-04T13:34:48.513", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 9.1, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.2, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2024-10-29T13:15:04.513", "references": [{"source": "security@mozilla.org", "tags": ["Issue Tracking", "Permissions Required"], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1863832"}, {"source": "security@mozilla.org", "tags": ["Vendor Advisory"], "url": "https://www.mozilla.org/security/advisories/mfsa2024-60/"}], "sourceIdentifier": "security@mozilla.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}