Ce mail provient de l'extérieur, restons vigilants ===================================================================== CERT-Renater Note d'Information No. 2025/VULN536 _____________________________________________________________________ DATE : 21/08/2025 HARDWARE PLATFORM(S): / OPERATING SYSTEM(S): Systems running Focus for iOS versions prior to 142. ===================================================================== https://www.mozilla.org/en-US/security/advisories/mfsa2025-69/ _____________________________________________________________________ Mozilla Foundation Security Advisory 2025-69 Security Vulnerabilities fixed in Focus for iOS 142 Announced August 19, 2025 Impact high Products Focus for iOS Fixed in Focus for iOS 142 #CVE-2025-55032: Focus incorrectly ignores Content-Disposition headers for some MIME types Reporter Renwa Impact high Description Focus for iOS would not respect a Content-Disposition header of type Attachment and would incorrectly display the content inline, potentially allowing for XSS attacks References Bug 1976296 #CVE-2025-55033: Drag and drop gestures in Focus for iOS could allow JavaScript links to be executed incorrectly Reporter Muneaki Nishimura Impact moderate Description Dragging JavaScript links to the URL bar in Focus for iOS could be utilized to run malicious scripts, potentially resulting in XSS attacks References Bug 1913825 #CVE-2025-55031: Passkey phishing within Bluetooth range Reporter Hafiizh Impact moderate Description Malicious pages could use Focus for iOS to pass FIDO: links to the OS and trigger the hybrid passkey transport. An attacker within Bluetooth range could have used this to trick the user into using their passkey to log the attacker's computer into the target account. References Bug 1979804 Bug 1979499 ========================================================= + CERT-RENATER | tel : 01-53-94-20-44 + + 23/25 Rue Daviel | fax : 01-53-94-20-41 + + 75013 Paris | email:cert@support.renater.fr + =========================================================