Lohith Gowda's Blog

Lohith Gowda's Blog

Unveiling CVE-2024–0953: Firefox iOS Open Redirect Vulnerability

UpdatedFebruary 20, 2024

•1 min read

Unveiling CVE-2024–0953: Firefox iOS Open Redirect Vulnerability

Staff Application Security Engineer

My recent encounter with a bug in the Firefox iOS app led to the assignment of CVE-2024–0953. This blog post narrates the journey of uncovering this vulnerability

As QR codes become more popular in today’s digital age, it’s essential to ensure that the technology used to scan them is secure and free from critical vulnerabilities. I have discovered an open redirect vulnerability in the QR code scanner feature of the Firefox iOS app. Known as CVE-2024–0953, this vulnerability can potentially cause harm to the app’s users and their online security.

It all started with a simple action: After scanning a QR code, the app immediately navigates to the website specified in the code without any form of user confirmation. This unexpected behavior can lead to users accidentally accessing malicious or unwanted content.

Video POC

https://youtube.com/shorts/VLx3TPUezkk

In recognition of the efforts to uncover and report this vulnerability, I was awarded $250 from the Firefox team.

#cve-20240953 #cybersecurity-1 #appsec #bugbounty #firefox

488 views

Comments

Join the discussion

No comments yet. Be the first to comment.

More from this blog

Git Exposure: How a Simple Oversight Led to a Critical Security Flaw

In my recent exploration of web applications, I came across a significant security issue that I believe deserves attention. This discovery involved a popular application responsible for managing various user services. While I can't divulge the applic...

Aug 12, 20242 min read533

Git Exposure: How a Simple Oversight Led to a Critical Security Flaw

Securing the Cloud: From S3 Credentials to RDS Database Access

I recently went on a bit of adventure with an application used for webinar and 1:1 meetings. It's a start-up based in Bangalore, and guess what? It ended with me accessing the RDS database! Let me take you through how it all happened. Discovering the...

Apr 18, 20243 min read612

Securing the Cloud: From S3 Credentials to RDS Database Access

How I Got Free Travel on Namma Metro

As someone who uses public transportation regularly, I rely on it to get me where I need to go quickly and efficiently. That’s why I was surprised to learn that I could travel for free on Namma Metro due to a critical bug that I discovered. Namma Met...

Mar 16, 20232 min read453

How I Got Free Travel on Namma Metro

Securing Cloudflare: Addressing the Password Policy Bypass Issue

After a small break on bug bounty, I started hunting on the Cloudflare Bug Bounty program. This write-up is about the Password Policy Restriction Bypass. Almost Every organization follows a strong password policy on their application. Sometimes It de...

Sep 30, 20222 min read158

Securing Cloudflare: Addressing the Password Policy Bypass Issue

L

Lohith Gowda's Blog

10 posts

🔍 Bug Bounty Adventures 🛡️ Tech Insights 🚀 Dive into cybersecurity and tech discoveries at Lohith Gowda's Blog!