bug-bounty480
google300
xss277
microsoft250
facebook213
rce160
apple150
exploit137
bragging-post102
account-takeover98
malware94
csrf84
cve80
privilege-escalation75
stored-xss65
authentication-bypass64
writeup61
reflected-xss57
browser55
react54
cloudflare51
ssrf51
dos50
phishing50
access-control49
input-validation48
cross-site-scripting48
node47
docker46
aws46
smart-contract45
sql-injection45
ethereum44
supply-chain44
defi43
web-security43
web-application41
oauth41
web339
burp-suite36
lfi35
vulnerability-disclosure34
idor34
html-injection33
race-condition32
smart-contract-vulnerability32
clickjacking31
reverse-engineering31
information-disclosure30
csp-bypass30
0
7/10
vulnerability
CVE-2019-17004 is a semi-universal XSS vulnerability in Firefox for iOS that allowed attackers to execute JavaScript on arbitrary origins by exploiting insufficient checks on JavaScript execution via Location response headers, originating from the bookmarklets functionality. The vulnerability was also found in Brave for iOS and both vendors patched it after responsible disclosure.
uxss
xss
same-origin-policy-bypass
ios
firefox
brave-browser
javascript-execution
location-header-injection
bookmarklets
browser-vulnerability
cve-2019-17004
CVE-2019-17004
Firefox for iOS
Brave for iOS
Safari
Chrome
Mozilla
Cliqz