Focus

This hub aggregates every CVE we track for Focus, a product in the consumer software space. Use it to gauge the current risk picture and drill into individual advisories.

Severity distribution

Monthly trend

The 15 most recently published vulnerabilities affecting Focus.

• CVE-2026-11799UXSS in Focus for iOS / Klar Webkit navigation7.5Jun 9, 2026
• CVE-2025-11720Spoofing risk in Android custom tabs8.1Oct 14, 2025
• CVE-2025-55031Passkey phishing within Bluetooth range9.8Aug 19, 2025
• CVE-2025-3859Firefox Focus elide URL allows address bar spoofing6.1Apr 30, 2025
• CVE-2025-1941Lock screen setting bypass in Firefox Focus for Android9.1Mar 4, 2025
• CVE-2025-0245Lock screen setting bypass in Firefox Focus for Android3.3Jan 7, 2025
• CVE-2024-9391A user who enables full-screen mode on a specially crafted web page could potentially be prevented from exiting full screen mode. This may allow spoofing of other sites as the address bar is no lo...6.5Oct 1, 2024
• CVE-2024-5022The file scheme of URLs would be hidden, resulting in potential spoofing of a website's address in the location bar This vulnerability affects Focus for iOS < 126.4.4May 17, 2024
• CVE-2023-6871Under certain conditions, Firefox did not display a warning when a user attempted to navigate to a new protocol handler. This vulnerability affects Firefox < 121.4.3Dec 19, 2023
• CVE-2023-6870Applications which spawn a Toast notification in a background thread may have obscured fullscreen notifications displayed by Firefox. *This issue only affects Android versions of Firefox and Firef...4.3Dec 19, 2023
• CVE-2023-5217Heap buffer overflow in vp8 encoding in libvpx in Google Chrome prior to 117.0.5938.132 and libvpx 1.13.1 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (...KEV8.8Sep 28, 2023
• CVE-2023-1999Use after free in libwebp5.3Jun 20, 2023
• CVE-2023-29545Similar to CVE-2023-28163, this time when choosing 'Save Link As', suggested filenames containing environment variable names would have resolved those in the context of the current user. *This bu...6.5Jun 19, 2023
• CVE-2023-29542A newline in a filename could have been used to bypass the file extension security mechanisms that replace malicious file extensions such as .lnk with .download. This could have led to accidental ...9.8Jun 19, 2023
• CVE-2023-29532A local attacker can trick the Mozilla Maintenance Service into applying an unsigned update file by pointing the service at an update file on a malicious SMB server. The update file can be replaced...5.5Jun 19, 2023