reader-mode

1 article
sort: new top best
clear filter
bug-bounty498 google355 xss301 microsoft298 facebook263 rce211 exploit200 malware171 apple164 cve136 account-takeover115 bragging-post102 privilege-escalation95 csrf90 phishing86 browser75 writeup74 authentication-bypass69 supply-chain68 dos66 stored-xss65 reflected-xss57 ssrf56 reverse-engineering55 react52 access-control51 input-validation49 cross-site-scripting48 aws47 cloudflare47 docker46 web-security46 lfi46 sql-injection45 smart-contract45 ethereum44 web-application44 web343 defi43 ctf43 oauth43 node43 pentest40 race-condition39 idor37 open-source37 cloud37 burp-suite36 info-disclosure36 auth-bypass35
0 7/10
FireFox IOS QR code reader XSS(CVE-2019-17003)
vulnerability

Firefox iOS QR code scanner fails to sanitize javascript: URIs, allowing XSS attacks across multiple contexts including reader mode, local files, and internal pages, while also bypassing Content Security Policy restrictions. The vulnerability was fixed by removing javascript URI support from the address bar in later versions.

xss cve-2019-17003 qr-code javascript-uri firefox-ios webkit reader-mode csp-bypass local-file-access internal-pages mobile-browser
CVE-2019-17003 Firefox iOS Opera Mini WebKit Mozilla
payatu.com · devanshbatham/Awesome-Bugbounty-Writeups · 23 hours ago · details