Using a javascript: URI with a setTimeout race condition, an attacker can execute unauthorized scripts on top origin sites in urlbar. This bypasses security measures, potentially leading to arbitrary code execution or unauthorized actions within the user's loaded webpage. This vulnerability affects Focus for iOS < 122.

Related CVEs

CVE-2024-0605

Key Information

GHSA ID

GHSA-wph3-4v72-8x34

Published

January 22, 2024 9:31 PM

Last Modified

June 20, 2025 9:31 PM

CVSS Score

7.5 /10

Primary Ecosystem

Unknown

Primary Package

Unknown

GitHub Reviewed

✗ No

Dataset

Last updated: September 22, 2025 6:29 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.