Unveiling CVE-2024–0953: Firefox iOS Open Redirect Vulnerability

Unveiling CVE-2024–0953: Firefox iOS Open Redirect Vulnerability

My recent encounter with a bug in the Firefox iOS app led to the assignment of CVE-2024–0953. This blog post narrates the journey of uncovering this vulnerability

As QR codes become more popular in today’s digital age, it’s essential to ensure that the technology used to scan them is secure and free from critical vulnerabilities. I have discovered an open redirect vulnerability in the QR code scanner feature of the Firefox iOS app. Known as CVE-2024–0953, this vulnerability can potentially cause harm to the app’s users and their online security.

It all started with a simple action: After scanning a QR code, the app immediately navigates to the website specified in the code without any form of user confirmation. This unexpected behavior can lead to users accidentally accessing malicious or unwanted content.

Video POC

In recognition of the efforts to uncover and report this vulnerability, I was awarded $250 from the Firefox team.