September 11, 2025
Proactive Defense: The Importance of Incident Response Planning in Cybersecurity
Android Users Targeted by Chameleon Banking Trojan Using Fake CRM App
August 7, 2024
Victim Case Study
August 7, 2024
Android Users Targeted by Chameleon Banking Trojan Using Fake CRM App
August 7, 2024
Victim Case Study
August 7, 2024
Severity
Medium
Analysis Summary
CVE-2024-43111 CVSS:6.5
Mozilla Firefox for iOS could allow a remote attacker to bypass security restrictions, caused by the long pressing on a download link. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to allow Javascript commands to be executed within the browser.
CVE-2024-43112 CVSS:6.1
Mozilla Firefox for iOS is vulnerable to universal cross-site scripting, caused by long pressing on a download link. A remote attacker could exploit this vulnerability to inject malicious script into a Web page which would be executed in a victim's Web browser within the security context of the hosting Web site, once the page is viewed. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials.
CVE-2024-43113 CVSS:6.1
Mozilla Firefox for iOS is vulnerable to universal cross-site scripting, caused by improper validation of user-supplied input by the contextual menu for links. A remote attacker could exploit this vulnerability to inject malicious script into a Web page which would be executed in a victim's Web browser within the security context of the hosting Web site, once the page is viewed. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials.
Impact
- Security Bypass
- Cross-Site Scripting
Indicators of Compromise
CVE
- CVE-2024-43111
- CVE-2024-43112
- CVE-2024-43113
Affected Vendors
Mozilla
Affected Products
- Mozilla Firefox for iOS - 128.0
Remediation
Refer to Mozilla Foundation Security Advisory for patch, upgrade or suggested workaround information.