# Unveiling CVE-2024–0953: Firefox iOS Open Redirect Vulnerability

My recent encounter with a bug in the **Firefox iOS** app led to the assignment of [**CVE-2024–0953**](https://www.cve.org/CVERecord?id=CVE-2024-0953). This blog post narrates the journey of uncovering this vulnerability

As QR codes become more popular in today’s digital age, it’s essential to ensure that the technology used to scan them is secure and free from critical vulnerabilities. I have discovered an open redirect vulnerability in the QR code scanner feature of the **Firefox iOS** app. Known as [**CVE-2024–0953**](https://www.cve.org/CVERecord?id=CVE-2024-0953), this vulnerability can potentially cause harm to the app’s users and their online security.

It all started with a simple action: After scanning a QR code, the app immediately navigates to the website specified in the code without any form of user confirmation. This unexpected behavior can lead to users accidentally accessing malicious or unwanted content.

**Video POC**

%[https://youtube.com/shorts/VLx3TPUezkk] 

In recognition of the efforts to uncover and report this vulnerability, I was awarded **$250** from the Firefox team.

![](https://cdn.hashnode.com/res/hashnode/image/upload/v1708358952172/bd73060f-7bcb-4354-9518-b448010a243d.png align="center")
