Mozilla Foundation Security Advisory 2024-17

Security Vulnerabilities fixed in Firefox for iOS 124

Announced
April 2, 2024
Impact
moderate
Products
Firefox for iOS
Fixed in
  • Firefox for iOS 124

#CVE-2024-31393: Javascript URLs would load when dragged to address bar

Reporter
Muneaki Nishimura
Impact
moderate
Description

Dragging Javascript URLs to the address bar could cause them to be loaded, bypassing restrictions and security protections

References

#CVE-2024-31392: Firefox on iOS would show pages with mixed content secure

Reporter
Chaykin Artem
Impact
low
Description

If an insecure element was added to a page after a delay, Firefox would not replace the secure icon with a mixed content security status

References