<p>My recent encounter with a bug in the <strong>Firefox iOS</strong> app led to the assignment of <a target="_blank" href="https://www.cve.org/CVERecord?id=CVE-2024-0953"><strong>CVE-2024–0953</strong></a>. This blog post narrates the journey of uncovering this vulnerability</p>
<p>As QR codes become more popular in today’s digital age, it’s essential to ensure that the technology used to scan them is secure and free from critical vulnerabilities. I have discovered an open redirect vulnerability in the QR code scanner feature of the <strong>Firefox iOS</strong> app. Known as <a target="_blank" href="https://www.cve.org/CVERecord?id=CVE-2024-0953"><strong>CVE-2024–0953</strong></a>, this vulnerability can potentially cause harm to the app’s users and their online security.</p>
<p>It all started with a simple action: After scanning a QR code, the app immediately navigates to the website specified in the code without any form of user confirmation. This unexpected behavior can lead to users accidentally accessing malicious or unwanted content.</p>
<p><strong>Video POC</strong></p>
<div class="embed-wrapper"><div class="embed-loading"><div class="loadingRow"></div><div class="loadingRow"></div></div><a class="embed-card" href="https://youtube.com/shorts/VLx3TPUezkk">https://youtube.com/shorts/VLx3TPUezkk</a></div>
<p> </p>
<p>In recognition of the efforts to uncover and report this vulnerability, I was awarded <strong>$250</strong> from the Firefox team.</p>
<p><img src="https://cdn.hashnode.com/res/hashnode/image/upload/v1708358952172/bd73060f-7bcb-4354-9518-b448010a243d.png" alt class="image--center mx-auto" /></p>


My recent encounter with a bug in the **Firefox iOS** app led to the assignment of [**CVE-2024–0953**](https://www.cve.org/CVERecord?id=CVE-2024-0953). This blog post narrates the journey of uncovering this vulnerability

As QR codes become more popular in today’s digital age, it’s essential to ensure that the technology used to scan them is secure and free from critical vulnerabilities. I have discovered an open redirect vulnerability in the QR code scanner feature of the **Firefox iOS** app. Known as [**CVE-2024–0953**](https://www.cve.org/CVERecord?id=CVE-2024-0953), this vulnerability can potentially cause harm to the app’s users and their online security.

It all started with a simple action: After scanning a QR code, the app immediately navigates to the website specified in the code without any form of user confirmation. This unexpected behavior can lead to users accidentally accessing malicious or unwanted content.

**Video POC**

%[https://youtube.com/shorts/VLx3TPUezkk] 

In recognition of the efforts to uncover and report this vulnerability, I was awarded **$250** from the Firefox team.

![](https://cdn.hashnode.com/res/hashnode/image/upload/v1708358952172/bd73060f-7bcb-4354-9518-b448010a243d.png align="center")

Firefox iOS Open Redirect Vulnerability

Unveiling CVE-2024–0953: Firefox iOS Open Redirect Vulnerability

🔍 Bug Bounty Adventures 🛡️ Tech Insights 🚀 Dive into cybersecurity and tech discoveries at Lohith Gowda's Blog!
