Multiple Interpretations of UI Input in Firefox for iOS - CVE-2024-10004

 

Multiple Interpretations of UI Input in Firefox for iOS - CVE-2024-10004

Published: October 16, 2024


Vulnerability identifier: #VU98703
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2024-10004
CWE-ID: CWE-450
Exploitation vector: Remote access
Exploit availability: No public exploit available
Vendor: Mozilla
Affected software:
Firefox for iOS

Detailed vulnerability description

The vulnerability allows a remote attacker to perform spoofing attack.

The vulnerability exists an unspecified error. Opening an external link to an HTTP website when Firefox iOS was previously closed and had an HTTPS tab open could in some cases result in the padlock icon showing an HTTPS indicator incorrectly.


How to mitigate CVE-2024-10004

Install updates from vendor's website.

Sources