Mozilla Focus For Ios
12 CVEs affecting Mozilla Focus For Ios. Latest disclosed: 2026-03-09. Critical: 0, High: 0.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2026-2919 | Medium | 4.3 | 2026-03-09 | Malicious scripts could display attacker-controlled web content under spoofed domains in Focus for iOS by stalling a _self navigation to an invalid port and tr… |
CVE-2025-10290 | | 2025-09-16 | Opening links via the contextual menu in Focus iOS for certain URL schemes would fail to load but would not refresh the toolbar correctly, allowing attackers t… | |
CVE-2025-55033 | | 2025-08-19 | Dragging JavaScript links to the URL bar in Focus for iOS could be utilized to run malicious scripts, potentially resulting in XSS attacks. This vulnerability… | |
CVE-2025-55032 | | 2025-08-19 | Focus for iOS would not respect a Content-Disposition header of type Attachment and would incorrectly display the content inline, potentially allowing for XSS… | |
CVE-2025-55031 | | 2025-08-19 | Malicious pages could use Firefox for iOS to pass FIDO: links to the OS and trigger the hybrid passkey transport. An attacker within Bluetooth range could have… | |
CVE-2024-10474 | | 2024-10-29 | Focus was incorrectly allowing internal links to utilize the app scheme used for deeplinking, which could result in links potentially circumventing some URL sa… | |
CVE-2024-8399 | | 2024-09-03 | Websites could utilize Javascript links to spoof URL addresses in the Focus navigation bar This vulnerability affects Focus for iOS < 130. | |
CVE-2024-5022 | | 2024-05-17 | The file scheme of URLs would be hidden, resulting in potential spoofing of a website's address in the location bar This vulnerability affects Focus for iOS <… | |
CVE-2024-1563 | | 2024-02-22 | An attacker could have executed unauthorized scripts on top origin sites using a JavaScript URI when opening an external URL with a custom Firefox scheme and a… | |
CVE-2024-26284 | | 2024-02-22 | Utilizing a 302 redirect, an attacker could have conducted a Universal Cross-Site Scripting (UXSS) on a victim website, if the victim had a link to the attacke… | |
CVE-2024-0606 | | 2024-01-22 | An attacker could execute unauthorized script on a legitimate site through UXSS using window.open() by opening a javascript URI leading to unauthorized actions… | |
CVE-2024-0605 | | 2024-01-22 | Using a javascript: URI with a setTimeout race condition, an attacker can execute unauthorized scripts on top origin sites in urlbar. This bypasses security me… |