Unveiling CVE-2024–0953: Firefox iOS Open Redirect Vulnerability
As a Senior Security Engineer, I am responsible for conducting vulnerability assessments, penetration testing, and secure code reviews across Web, API, Network, and Cloud applications. With over 6.5 years of experience in Ethical Hacking, I excel in discovering new bugs and vulnerabilities, safeguarding digital infrastructures and assets for various sectors.
My recent encounter with a bug in the Firefox iOS app led to the assignment of CVE-2024–0953. This blog post narrates the journey of uncovering this vulnerability
As QR codes become more popular in today’s digital age, it’s essential to ensure that the technology used to scan them is secure and free from critical vulnerabilities. I have discovered an open redirect vulnerability in the QR code scanner feature of the Firefox iOS app. Known as CVE-2024–0953, this vulnerability can potentially cause harm to the app’s users and their online security.
It all started with a simple action: After scanning a QR code, the app immediately navigates to the website specified in the code without any form of user confirmation. This unexpected behavior can lead to users accidentally accessing malicious or unwanted content.
Video POC
In recognition of the efforts to uncover and report this vulnerability, I was awarded $250 from the Firefox team.
