CVE-2024-0953: 
Mozilla Firefox vulnerability analysis and mitigation

CVE-2024-0953 is a security vulnerability discovered in Firefox for iOS versions prior to 129, affecting the QR Code Scanner feature. The vulnerability was identified where users scanning QR codes were not prompted for confirmation before being navigated to the specified webpage, potentially exposing them to unwanted or malicious content (Mozilla Advisory, NVD).

The vulnerability is classified as a URL Redirection to Untrusted Site (CWE-601) with a CVSS v3.1 score of 6.1 (Medium), vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N. The issue stems from the QR Code Scanner feature directly navigating to scanned URLs without implementing user confirmation prompts, unlike other mobile browsers that implement this security measure (NVD).

When exploited, this vulnerability could lead to users being unexpectedly directed to unwanted or potentially malicious websites without their explicit consent. This creates a risk where users might be less careful about scanning QR codes in questionable locations, assuming they would get a chance to inspect the URL before it opens (Mozilla Advisory).

The vulnerability has been fixed in Firefox for iOS version 129. Users are advised to update to this version or later to receive the security fix. The update implements a confirmation prompt before navigating to URLs from scanned QR codes (Mozilla Advisory).