Ce mail provient de l'extérieur, restons vigilants

=====================================================================

                                 CERT-Renater

                      Note d'Information No. 2024/VULN450
_____________________________________________________________________

DATE                : 30/10/2024

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S): Systems running Focus for iOS versions prior to
                                      132.

=====================================================================
https://www.mozilla.org/en-US/security/advisories/mfsa2024-60/
_____________________________________________________________________


Mozilla Foundation Security Advisory 2024-60
Security Vulnerabilities fixed in Focus for iOS 132

Announced
    October 28, 2024
Impact
    moderate
Products
    Focus for iOS
Fixed in

        Focus for iOS 132

#CVE-2024-10474: Don't allow web content to open firefox-focus URLs

Reporter
    James Lee
Impact
    moderate

Description

Focus was incorrectly allowing internal links to utilize the app
scheme used for deeplinking, which could result in links potentially
circumventing some URL safety checks


References

    Bug 1863832




=========================================================
+ CERT-RENATER        |    tel : 01-53-94-20-44         +
+ 23/25 Rue Daviel    |    fax : 01-53-94-20-41         +
+ 75013 Paris         |   email:cert@support.renater.fr +
=========================================================