Description
UXSS in Focus for iOS / Klar Webkit navigation. This vulnerability was fixed in Focus for iOS 151.3.1 and Klar for iOS 151.3.1.
Published: 2026-06-09
Score: n/a
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

Based on the description, it is inferred that the vulnerability is an instance of untrusted cross‑site scripting that permits an attacker to inject and execute arbitrary JavaScript within the context of Focus for iOS or Klar for iOS when the WebKit component renders a web page. This can lead to arbitrary code execution in the app, theft of user data, session hijacking, or modifying app behavior without user consent.

Affected Systems

The affected items are Mozilla's Focus for iOS and Klar for iOS. Any installation of these apps prior to version 151.3.1 contains the flaw; the issue was addressed in the 151.3.1 release. No other versions are listed as affected.

Risk and Exploitability

Based on the description, it is inferred that the flaw is exploitable from any web page loaded by the app’s WebKit. An attacker can embed malicious JavaScript which will run with the app's privileges. There is no publicly known exploitation (KEV not listed) and no EPSS data is available, but the lack of exploitation data does not reduce the potential impact of a client‑side XSS that can compromise user data. Because the issue is client‑side, an end‑user only needs to open a malicious URL through the app, making the attack vector straightforward. Applying the vendor‑supplied patch removes the vulnerability.

Generated by OpenCVE AI on June 9, 2026 at 23:03 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the vendor‑supplied update to Focus for iOS 151.3.1 or later and Klar for iOS 151.3.1 or later.
  • If updates cannot be deployed immediately, configure the apps to block external navigation or white‑list trusted URLs so that WebKit cannot load untrusted content.
  • Reduce exposure by disabling or restricting the WebView component when it is not required for the app's core functions.
  • Monitor user traffic for anomalous page loads in the app and alert security staff to potential exploitation attempts.

Generated by OpenCVE AI on June 9, 2026 at 23:03 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 09 Jun 2026 21:15:00 +0000

Type Values Removed Values Added
Description UXSS in Focus for iOS / Klar Webkit navigation. This vulnerability was fixed in Focus for iOS 151.3.1 and Klar for iOS 151.3.1.
Title UXSS in Focus for iOS / Klar Webkit navigation
References

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: mozilla

Published:

Updated: 2026-06-09T20:52:02.036Z

Reserved: 2026-06-09T13:59:49.244Z

Link: CVE-2026-11799

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-06-09T21:17:03.410

Modified: 2026-06-09T21:17:03.410

Link: CVE-2026-11799

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-09T23:15:16Z

Weaknesses

No weakness.