External Protocol Navigation Vulnerability in Firefox and Focus for Android

External Protocol Navigation Vulnerability in Firefox and Focus for Android

CVE-2023-29540 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Using a redirect embedded into <code>sourceMappingUrls</code> could allow for navigation to external protocol links in sandboxed iframes without <code>allow-top-navigation-to-custom-protocols</code>. This vulnerability affects Firefox for Android < 112, Firefox < 112, and Focus for Android < 112.

Learn more about our Cis Benchmark Audit For Google Android.