Ce mail provient de l'extérieur, restons vigilants

=====================================================================

                            CERT-Renater

                Note d'Information No. 2026/VULN284
_____________________________________________________________________

DATE                : 10/03/2026

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S): Systems running Mozilla Focus for iOS versions
                                    prior to 148.2.

=====================================================================
https://www.mozilla.org/en-US/security/advisories/mfsa2026-18/
_____________________________________________________________________


Mozilla Foundation Security Advisory 2026-18
Security Vulnerabilities fixed in Focus for iOS 148.2

Announced
    March 2, 2026
Impact
    high
Products
    Focus for iOS
Fixed in

        Focus for iOS 148.2

#CVE-2026-2919: Attacker-controlled content shown under spoofed
domains in Focus for iOS via stalled navigation and iframe redirect

Reporter
    Renwa Hiwa
Impact
    high

Description

Malicious scripts could display attacker-controlled web content under
spoofed domains in Focus for iOS by stalling a _self navigation to an
invalid port and triggering an iframe redirect, causing the UI to
display a trusted domain without user interaction.


References

    Bug 1975842


=========================================================
+ CERT-RENATER        |    tel : 01-53-94-20-44         +
+ 23/25 Rue Daviel    |    fax : 01-53-94-20-41         +
+ 75013 Paris         |   email:cert@support.renater.fr +
=========================================================