VDB
CVE-2024-10474
CVE-2024-10474
PUBLISHED
CVSS 9.100000381469727 CRITICAL
Focus was incorrectly allowing internal links to utilize the app scheme used for deeplinking, which could result in links potentially circumventing some URL safety checks This vulnerability affects Focus for iOS < 132.
EPSS 0.30% · 53.4th percentile
Risk Scores
CVSS 3.1
9.100000381469727
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
EPSS Score
0.30%
53.4th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Mozilla | Focus for iOS | *, unspecified |
| mozilla | firefox_focus | 0, 0 |
| mozilla | focus_for_ios | 0, 0 |
Exploit Intelligence
Timeline
- Jan 21, 1970 Nuclei Template
- Jan 21, 1970 Fix Commit
- Oct 29, 2024 Coalition ESS Score
- Oct 29, 2024 Coalition ESS Score
- Oct 29, 2024 CVE Published
- Oct 30, 2024 EPSS Score
- Nov 6, 2024 Coalition ESS Score
- Nov 17, 2024 EPSS Score
- Dec 6, 2024 EPSS Score
- Dec 24, 2024 EPSS Score
- Jan 12, 2025 EPSS Score
- Jan 30, 2025 EPSS Score
References
- https://bugzilla.mozilla.org/show_bug.cgi?id=1863832 url
- https://www.mozilla.org/security/advisories/mfsa2024-60/ url
- https://nvd.nist.gov/vuln/detail/CVE-2024-10474 advisory
- https://www.mozilla.org/security/advisories/mfsa2024-60 url
- https://www.mozilla.org/en-US/security/advisories/mfsa2024-57/ advisory
- https://www.mozilla.org/en-US/security/advisories/mfsa2024-56/ advisory
- https://www.mozilla.org/en-US/security/advisories/mfsa2024-58/ advisory
- https://www.mozilla.org/en-US/security/advisories/mfsa2024-59/ advisory
- https://www.mozilla.org/en-US/security/advisories/mfsa2024-60/ advisory
- https://www.mozilla.org/en-US/security/advisories/mfsa2024-55/ advisory