Mozilla Foundation Security Advisory 2024-36

Security Vulnerabilities fixed in Firefox for iOS 129

Announced
August 5, 2024
Impact
moderate
Products
Firefox for iOS
Fixed in
  • Firefox for iOS 129

#CVE-2024-43112: iOS Firefox Download UXSS

Reporter
James Lee
Impact
moderate
Description

Long pressing on a download link could potentially provide a means for cross-site scripting

References

#CVE-2024-43113: The Context Menu for iOS Firefox can over ride on any origin allowing UXSS everywhere with bug id 1874910

Reporter
James Lee
Impact
moderate
Description

The contextual menu for links could provide an opportunity for cross-site scripting attacks

References

#CVE-2024-0953: QR Code Scanner does not prompt before navigating user

Reporter
Lohith Gowda M
Impact
low
Description

When a user scans a QR Code with the QR Code Scanner feature, the user is not prompted before being navigated to the page specified in the code. This may surprise the user and potentially direct them to unwanted content.

References

#CVE-2024-43111: iOS Firefox allows to run javascript with download

Reporter
James Lee
Impact
low
Description

Long pressing on a download link could potentially allow Javascript commands to be executed within the browser

References