Risk | Medium |
Patch available | YES |
Number of vulnerabilities | 2 |
CVE-ID | CVE-2024-53975 CVE-2024-53976 |
CWE-ID | CWE-451 |
Exploitation vector | Network |
Public exploit | N/A |
Vulnerable software |
Firefox for iOS Mobile applications / Apps for mobile phones |
Vendor | Mozilla |
Security Bulletin
This security bulletin contains information about 2 vulnerabilities.
EUVDB-ID: #VU100968
Risk: Medium
CVSSv3.1: 4.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-53975
CWE-ID:
CWE-451 - User Interface (UI) Misrepresentation of Critical Information (Clickjacking, spoofing)
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform spoofing attack.
The vulnerability exists due to incorrect processing of user-supplied data. A remote attacker can spoof the SSL padlock icon in the location URL bar.
MitigationInstall updates from vendor's website.
Vulnerable software versionsFirefox for iOS: 100.1 - 132.1
CPE2.3http://bugzilla.mozilla.org/show_bug.cgi?id=1843467
http://www.mozilla.org/security/advisories/mfsa2024-66/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to perform certain actions on the device.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU100969
Risk: Medium
CVSSv3.1: 4.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-53976
CWE-ID:
CWE-451 - User Interface (UI) Misrepresentation of Critical Information (Clickjacking, spoofing)
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform spoofing attack.
The vulnerability exists due to an error which causes the location URL to be hidden in the URL bar. A remote attacker can perform spoofing attack.
Install updates from vendor's website.
Vulnerable software versionsFirefox for iOS: 100.1 - 132.1
CPE2.3http://bugzilla.mozilla.org/show_bug.cgi?id=1905749
http://www.mozilla.org/security/advisories/mfsa2024-66/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to perform certain actions on the device.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.