Security Advisory

CVE-2024-0606

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2024-01-22 18:23:25

Last updated 2025-06-20 18:39:54

Assigner mozilla

State PUBLISHED

Description

An attacker could execute unauthorized script on a legitimate site through UXSS using window.open() by opening a javascript URI leading to unauthorized actions within the users loaded webpage. This vulnerability affects Focus for iOS < 122.

← Browse all CVEs View on cve.org ↗