Today, the team at v12 released a video showing a PoC of Universal Account Takeover affecting Firefox Focus of iOS version. (media.infosec.exchange)

submitted 13 hours ago* (last edited 13 hours ago) by AmmarSpaces@infosec.exchange to c/firefox@lemmy.world

8 comments fedilink hide all child comments

Today, the team at v12 released a video showing a PoC of Universal Account Takeover affecting Firefox Focus of iOS version.

The PoC were released because it is been almost a year the vuln reported, but it is not patched yet.

The video below is demonstration of the vulnerability. We can see that,your X, Google, Reddit, can be taken over only in one click of a link.

Vulnerability explanation and the partly PoC can be seen here:
https://github.com/v12-security/pocs/tree/main/firefox

@firefox

#cybersecurity #infosec #0day #firefox

you are viewing a single comment's thread
view the rest of the comments

[-] moonpiedumplings@programming.dev 20 points 11 hours ago

This is bad, but I don't really care.

On iOS, all browsers are forced to use the safari/webkit browser engine, which simply isn't as modern in terms of security as actual firefox. There is a reason this bug only affects firefox on iOS, and that's probably why.

Blame Apple. Not Mozilla.

[-] XLE@piefed.social 4 points 6 hours ago

This is absolutely on Mozilla.

First and foremost, Mozilla knew the bug was present for 11 months and they failed to fix it. They should have pulled the plug on the app, plain and simple.

The linked document is explicit that it is most likely the way Firefox Focus is engineered that allows the exploit to occur.

And you said it yourself: every iOS browser is WebKit. But obviously only this one browser was coded poorly.

this post was submitted on 09 Jun 2026

28 points (100.0% liked)

Firefox

7256 readers

50 users here now

A community for discussion about Mozilla Firefox.

founded 3 years ago

MODERATORS

lightbeam24@lemmy.world