Main Vulnerability Database SB2024101606

SB2024101606 - Spoofing attack in Firefox for iOS

Published: October 16, 2024

Security Bulletin ID SB2024101606

Severity

Low

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Data manipulation

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Multiple Interpretations of UI Input (CVE-ID: CVE-2024-10004)

The vulnerability allows a remote attacker to perform spoofing attack.

The vulnerability exists an unspecified error. Opening an external link to an HTTP website when Firefox iOS was previously closed and had an HTTPS tab open could in some cases result in the padlock icon showing an HTTPS indicator incorrectly.

Remediation

Install update from vendor's website.

References

https://bugzilla.mozilla.org/show_bug.cgi?id=1904885
https://www.mozilla.org/security/advisories/mfsa2024-54/