CVE-2024-10474

CVE Database · CVE-2024-10474

CVE-2024-10474

· MEDIUMModified

CVSS v3.1

6.5

EPSS

0.30%

Published

Oct 29, 2024

Modified

Mar 13, 2025

Public PoC / Exploit (1)

All weaponized →

TrickestTrickest PoC index

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

Focus was incorrectly allowing internal links to utilize the app scheme used for deeplinking, which could result in links potentially circumventing some URL safety checks This vulnerability affects Focus for iOS < 132.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

Weaknesses (CWE)

CWE-287

Affected Products (1)

mozilla · firefox_focus (up to 132.0)vulnerable

References (2)

https://bugzilla.mozilla.org/show_bug.cgi?id=1863832

Issue TrackingPermissions Required

https://www.mozilla.org/security/advisories/mfsa2024-60/

Vendor Advisory

KEV Catalog EPSS Scores Vendors All CVEs