Today, the team at v12 released a video showing a PoC of Universal Account Takeover affecting Firefox Focus of iOS version.

The PoC were released because it is been almost a year the vuln reported, but it is not patched yet.

The video below is demonstration of the vulnerability. We can see that,your X, Google, Reddit, can be taken over only in one click of a link.

Vulnerability explanation and the partly PoC can be seen here:
https://github.com/v12-security/pocs/tree/main/firefox

@firefox

#cybersecurity #infosec #0day #firefox

  • moonpiedumplings@programming.dev
    221·
    9 days ago

    This is bad, but I don’t really care.

    On iOS, all browsers are forced to use the safari/webkit browser engine, which simply isn’t as modern in terms of security as actual firefox. There is a reason this bug only affects firefox on iOS, and that’s probably why.

    Blame Apple. Not Mozilla.

    • XLE@piefed.socialEnglish
      53·
      9 days ago

      This is absolutely on Mozilla.

      First and foremost, Mozilla knew the bug was present for 11 months and they failed to fix it. They should have pulled the plug on the app, plain and simple.

      The linked document is explicit that it is most likely the way Firefox Focus is engineered that allows the exploit to occur.

      And you said it yourself: every iOS browser is WebKit. But obviously only this one browser was coded poorly.

  • mannycalavera@feddit.uk
    6·
    9 days ago

    Aren’t all browsers on IOS simply Safari on a wrapper because Apple are cunts? So is this a Firefox wrapping thing? Or a shitty Apple thing?

    • XLE@piefed.socialEnglish
      2·
      9 days ago

      It’s a Firefox Focus for iOS exclusive:

      Firefox Focus is a single-window browser with no tab model. We believe that loading the next document into _self collapses the navigation into the same browsing context that already holds the previous origin, and the race condition then exploits the resulting ambiguity about which origin the committed navigation belongs to. Opening in any other target breaks the origin-inheritance behavior and the attack fails.