CWE-939 - Improper Authorization in Handler for Custom URL Scheme

Description

The software uses a handler for a custom URL scheme, but it does not properly restrict which actors can invoke the handler using the scheme.

Multiple vulnerabilities in IBM Cloud Pak for Multicloud Management 2025-01-31
Critical Yes Public exploit

Multiple vulnerabilities in Foxit PDF Reader and Editor for Mac 2024-12-18
High Yes

Multiple vulnerabilities in Foxit PDF Reader and Editor for Windows 2024-12-18
High Yes

Improper Authorization in Handler for Custom URL Scheme in Shonen Jump+ App for Android 2024-12-16
Low Yes

Multiple vulnerabilities in Oracle Linux 2024-10-16
Critical Yes Public exploit

Oracle Solaris update for third-party components 2024-10-15
High Yes Public exploit

Improper Authorization in Handler for Custom URL Scheme in @cosme App 2024-09-17
Low Yes

Multiple vulnerabilities in Mozilla Thunderbird 2024-09-09
High Yes Public exploit

Multiple vulnerabilities in Mozilla Thunderbird 115 2024-09-09
High Yes Public exploit

Multiple vulnerabilities in Mozilla Firefox and Firefox ESR 2024-09-03
High Yes Public exploit