Closed Bug 1868002 Opened 1 year ago Closed 1 year ago

Firefox URI can run javascript URI on iOS Firefox

Categories

(Firefox for iOS :: General, defect)

defect

Tracking

()

RESOLVED DUPLICATE of bug 1850158

People

(Reporter: proof131072, Unassigned)

References

Details

(Keywords: reporter-external, sec-moderate, Whiteboard: [reporter-external] [client-bounty-form] [verif?])

Attachments

(1 file)

We are able to run javascript URI through firefox URI. Please test this and open on iOS Chrome or other applications (this can be done without user interaction on Apple's default apps)

<a href="firefox://open-url?url=javascript:alert(1)"/>test</a>

Flags: sec-bounty?
Attached file 1868002.html
Group: firefox-core-security → mobile-core-security
Component: Security → General
Product: Firefox → Firefox for iOS
Summary: Firefox URI cAn run javascript URI on iOS Firefox → Firefox URI can run javascript URI on iOS Firefox

Isn't this basically the same thing as bug 1868003?

Flags: needinfo?(proof131072)

This is only about running javascript: URI while 1868003 is injecting js to "other tab with site including reader mode" https://bugzilla.mozilla.org/show_bug.cgi?id=1868003#c5

Flags: needinfo?(proof131072)

This is using the same deeplink path firefox://open-url as 1850158 to trigger running javascript. I would see this as a duplicate

See Also: → CVE-2024-26283
Status: NEW → RESOLVED
Closed: 1 year ago
Duplicate of bug: CVE-2024-26283
Resolution: --- → DUPLICATE
Group: mobile-core-security → core-security-release

This is the only duplicate as far as I can tell.

Flags: sec-bounty? → sec-bounty-
Group: core-security-release
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: