Today, the team at v12 released a video showing a PoC of Universal Account Takeover affecting Firefox Focus of iOS version. (media.infosec.exchange)

submitted 1 day ago* (last edited 1 day ago) by AmmarSpaces@infosec.exchange to c/firefox@lemmy.world

10 comments fedilink hide all child comments

Today, the team at v12 released a video showing a PoC of Universal Account Takeover affecting Firefox Focus of iOS version.

The PoC were released because it is been almost a year the vuln reported, but it is not patched yet.

The video below is demonstration of the vulnerability. We can see that,your X, Google, Reddit, can be taken over only in one click of a link.

Vulnerability explanation and the partly PoC can be seen here:
https://github.com/v12-security/pocs/tree/main/firefox

@firefox

#cybersecurity #infosec #0day #firefox

you are viewing a single comment's thread
view the rest of the comments

[-] XLE@piefed.social 2 points 1 day ago

It's a Firefox Focus for iOS exclusive:

Firefox Focus is a single-window browser with no tab model. We believe that loading the next document into _self collapses the navigation into the same browsing context that already holds the previous origin, and the race condition then exploits the resulting ambiguity about which origin the committed navigation belongs to. Opening in any other target breaks the origin-inheritance behavior and the attack fails.

[-] victorz@lemmy.world 1 points 1 day ago

Firefox Focus doesn't have tabs on iOS? It does on Android.

[-] XLE@piefed.social 1 points 1 day ago

Apparently, Focus shipped on Android in single window mode too, but they enabled tabs in 2017.

this post was submitted on 09 Jun 2026

28 points (100.0% liked)

Firefox

7259 readers

146 users here now

A community for discussion about Mozilla Firefox.

founded 3 years ago

MODERATORS

lightbeam24@lemmy.world