Mozilla Foundation Security Advisory 2024-17

Security Vulnerabilities fixed in Firefox for iOS 124

Announced

April 2, 2024

Impact

moderate

Products

Firefox for iOS

Fixed in

Firefox for iOS 124

#CVE-2024-31393: Javascript URLs would load when dragged to address bar

Reporter: Muneaki Nishimura
Impact: moderate

Description

Dragging Javascript URLs to the address bar could cause them to be loaded, bypassing restrictions and security protections

References

Bug 1879739

#CVE-2024-31392: Firefox on iOS would show pages with mixed content secure

Reporter: Chaykin Artem
Impact: low

Description

If an insecure element was added to a page after a delay, Firefox would not replace the secure icon with a mixed content security status

References

Bug 1875925

Firefox for Desktop

Firefox for Android

Firefox for iOS

Firefox Focus

Firefox Blog

Release Notes

Mozilla Monitor

Facebook Container

Pocket

Mozilla VPN

Firefox Relay

MDN Plus

Fakespot

Mozilla Manifesto

Mozilla Foundation

Leadership

Get involved

Careers

Mozilla Blog

Impact

Firefox Developer Edition

MDN Web Docs

Mozilla Innovation Projects

Common Voice

Mozilla Foundation Security Advisory 2024-17

Security Vulnerabilities fixed in Firefox for iOS 124

#CVE-2024-31393: Javascript URLs would load when dragged to address bar

Description

References

#CVE-2024-31392: Firefox on iOS would show pages with mixed content secure

Description

References