CVE-2024-0605 – This vulnerability allows attackers to execute ... (How to Fix)

Q: How do I fix CVE-2024-0605?

1. Open the App Store on iOS. 2. Search for Firefox Focus. 3. Tap Update to version 122 or later. 4. Restart the browser.

Q: What is the severity of CVE-2024-0605?

CVE-2024-0605 has a CVSS score of 7.5 (HIGH). This vulnerability allows attackers to execute unauthorized JavaScript on websites by exploiting a race condition with javascript: URIs in the URL bar. It bypasses security measures in Firefox Focus for iOS, potentially enabling arbitrary code execution. Only users of Firefox Focus for iOS versions below 122 are affected.

📋 TL;DR

This vulnerability allows attackers to execute unauthorized JavaScript on websites by exploiting a race condition with javascript: URIs in the URL bar. It bypasses security measures in Firefox Focus for iOS, potentially enabling arbitrary code execution. Only users of Firefox Focus for iOS versions below 122 are affected.

💻 Affected Systems

Products:

Firefox Focus for iOS

Versions: All versions < 122

Operating Systems: iOS

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects Firefox Focus browser on iOS devices.

📦 What is this software?

Firefox Focus by Mozilla

View all CVEs affecting Firefox Focus →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete compromise of user sessions, data theft, and arbitrary code execution within the browser context.

🟠

Likely Case

Session hijacking, credential theft, and unauthorized actions on visited websites.

🟢

If Mitigated

Limited impact with proper browser sandboxing and updated versions.

🌐 Internet-Facing: HIGH

🏢 Internal Only: LOW

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: MEDIUM

Requires user interaction (visiting malicious site) but no authentication needed.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 122

Vendor Advisory: https://www.mozilla.org/security/advisories/mfsa2024-03/

Restart Required: Yes

Instructions:

1. Open the App Store on iOS. 2. Search for Firefox Focus. 3. Tap Update to version 122 or later. 4. Restart the browser.

🔧 Temporary Workarounds

Disable JavaScript

ios

Temporarily disable JavaScript execution in browser settings

🧯 If You Can't Patch

Discontinue use of Firefox Focus for iOS
Switch to alternative browsers like Safari or Chrome

🔍 How to Verify

Check if Vulnerable:

Check Firefox Focus version in iOS Settings > Firefox Focus > Version

Check Version:

Not applicable - check via iOS app settings

Verify Fix Applied:

Confirm version is 122 or higher in app settings

📡 Detection & Monitoring

Log Indicators:

Unusual javascript: URI patterns in browser logs
Multiple rapid setTimeout calls

Network Indicators:

Suspicious redirects to javascript: URIs

SIEM Query:

Not applicable for mobile browser vulnerabilities

📊 Metadata

CVE ID: CVE-2024-0605

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE: CWE-362

Published: January 22, 2024

Last Updated: June 20, 2025

🔗 References

https://bugzilla.mozilla.org/show_bug.cgi?id=1855575 Issue Tracking,Permissions Required
https://www.mozilla.org/security/advisories/mfsa2024-03/ Vendor Advisory
https://bugzilla.mozilla.org/show_bug.cgi?id=1855575 Issue Tracking,Permissions Required
https://www.mozilla.org/security/advisories/mfsa2024-03/ Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-0605, you might also want to check these: