Medium severity6.1NVD Advisory· Published Jan 22, 2024· Updated Jun 17, 2026
CVE-2024-0606
CVE-2024-0606
Description
An attacker could execute unauthorized script on a legitimate site through UXSS using window.open() by opening a javascript URI leading to unauthorized actions within the user's loaded webpage. This vulnerability affects Focus for iOS < 122.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2<122+ 1 more
- (no CPE)range: <122
- (no CPE)range: unspecified
Patches
Vulnerability mechanics
References
2- www.mozilla.org/security/advisories/mfsa2024-03/nvdVendor Advisory
- bugzilla.mozilla.org/show_bug.cginvdIssue TrackingPermissions Required
News mentions
0No linked articles in our index yet.