{"id":"CVE-2024-0606","details":"An attacker could execute unauthorized script on a legitimate site through UXSS using window.open() by opening a javascript URI leading to unauthorized actions within the user's loaded webpage. This vulnerability affects Focus for iOS \u003c 122.","modified":"2026-04-12T10:19:55.087260Z","published":"2024-01-22T19:15:09.487Z","references":[{"type":"ADVISORY","url":"https://www.mozilla.org/security/advisories/mfsa2024-03/"},{"type":"REPORT","url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1855030"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/mozilla-mobile/focus-ios","events":[{"introduced":"0"},{"fixed":"663105e603aa724c61d7a1620216958da9e3366b"}],"database_specific":{"cpe":"cpe:2.3:a:mozilla:firefox_focus:*:*:*:*:*:iphone_os:*:*","source":"CPE_FIELD","extracted_events":[{"introduced":"0"},{"fixed":"122.0"}]}}],"versions":["8.1.1","8.1.6","v2.0","v3.1","v3.9","v7.0.3","v8.0","v8.0-b1","v8.0-b2","v8.1-b1"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-0606.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}]}