Closed
Bug 1868002
Opened 1 year ago
Closed 1 year ago
Firefox URI can run javascript URI on iOS Firefox
Categories
(Firefox for iOS :: General, defect)
Firefox for iOS
General
Tracking
()
RESOLVED
DUPLICATE
of bug 1850158
People
(Reporter: proof131072, Unassigned)
References
Details
(Keywords: reporter-external, sec-moderate, Whiteboard: [reporter-external] [client-bounty-form] [verif?])
Attachments
(1 file)
62 bytes,
text/html
|
Details |
We are able to run javascript URI through firefox URI. Please test this and open on iOS Chrome or other applications (this can be done without user interaction on Apple's default apps)
<a href="firefox://open-url?url=javascript:alert(1)"/>test</a>
Flags: sec-bounty?
Updated•1 year ago
|
Group: firefox-core-security → mobile-core-security
Component: Security → General
Product: Firefox → Firefox for iOS
Summary: Firefox URI cAn run javascript URI on iOS Firefox → Firefox URI can run javascript URI on iOS Firefox
Comment 2•1 year ago
|
||
Isn't this basically the same thing as bug 1868003?
Flags: needinfo?(proof131072)
This is only about running javascript: URI while 1868003 is injecting js to "other tab with site including reader mode" https://bugzilla.mozilla.org/show_bug.cgi?id=1868003#c5
Flags: needinfo?(proof131072)
This is using the same deeplink path firefox://open-url
as 1850158 to trigger running javascript. I would see this as a duplicate
See Also: → CVE-2024-26283
Updated•1 year ago
|
Keywords: sec-moderate
Updated•11 months ago
|
Flags: sec-bounty? → sec-bounty-
Updated•9 months ago
|
Keywords: reporter-external
Updated•2 months ago
|
Group: core-security-release
You need to log in
before you can comment on or make changes to this bug.
Description
•