VYPR

Firefox

by Mozilla Corporation

Source repositories

CVEs (3,179)

  • CVE-2021-29987MedAug 17, 2021
    risk 0.42cvss 6.5epss 0.01

    After requesting multiple permissions, and closing the first permission panel, subsequent permission panels will be displayed in a different position but still record a click in the default location, making it possible to trick a user into accepting a permission they did not…

  • CVE-2021-29983MedAug 17, 2021
    risk 0.42cvss 6.5epss 0.01

    Firefox for Android could get stuck in fullscreen mode and not exit it even after normal interactions that should cause it to exit. *Note: This issue only affected Firefox for Android. Other operating systems are unaffected.*. This vulnerability affects Firefox < 91.

  • CVE-2021-29982MedAug 17, 2021
    risk 0.42cvss 6.5epss 0.01

    Due to incorrect JIT optimization, we incorrectly interpreted data from the wrong type of object, resulting in the potential leak of a single bit of memory. This vulnerability affects Firefox < 91 and Thunderbird < 91.

  • CVE-2021-29975MedAug 5, 2021
    risk 0.42cvss 6.5epss 0.01

    Through a series of DOM manipulations, a message, over which the attacker had control of the text but not HTML or formatting, could be overlaid on top of another domain (with the new domain correctly shown in the address bar) resulting in possible user confusion. This…

  • CVE-2021-29951MedJun 24, 2021
    risk 0.42cvss 6.5epss 0.02

    The Mozilla Maintenance Service granted SERVICE_START access to BUILTIN|Users which, in a domain network, grants normal remote users access to start or stop the service. This could be used to prevent the browser update service from operating (if an attacker spammed the 'Stop'…

  • CVE-2021-29945MedJun 24, 2021
    risk 0.42cvss 6.5epss 0.01

    The WebAssembly JIT could miscalculate the size of a return type, which could lead to a null read and result in a crash. *Note: This issue only affected x86-32 platforms. Other platforms are unaffected.*. This vulnerability affects Firefox ESR < 78.10, Thunderbird < 78.10, and…

  • CVE-2021-23998MedJun 24, 2021
    risk 0.42cvss 6.5epss 0.01

    Through complicated navigations with new windows, an HTTP page could have inherited a secure lock icon from an HTTPS page. This vulnerability affects Firefox ESR < 78.10, Thunderbird < 78.10, and Firefox < 88.

  • CVE-2021-23996MedJun 24, 2021
    risk 0.42cvss 6.5epss 0.01

    By utilizing 3D CSS in conjunction with Javascript, content could have been rendered outside the webpage's viewport, resulting in a spoofing attack that could have been used for phishing or other attacks on a user. This vulnerability affects Firefox < 88.

  • CVE-2007-5967MedMay 17, 2021
    risk 0.42cvss 6.5epss 0.00

    A flaw in Mozilla's embedded certificate code might allow web sites to install root certificates on devices without user approval.

  • CVE-2021-23986MedMar 31, 2021
    risk 0.42cvss 6.5epss 0.00

    A malicious extension with the 'search' permission could have installed a new search engine whose favicon referenced a cross-origin URL. The response to this cross-origin request could have been read by the extension, allowing a same-origin policy bypass by the extension, which…

  • CVE-2021-23985MedMar 31, 2021
    risk 0.42cvss 6.5epss 0.01

    If an attacker is able to alter specific about:config values (for example malware running on the user's computer), the Devtools remote debugging feature could have been enabled in a way that was unnoticable to the user. This would have allowed a remote attacker (able to make a…

  • CVE-2021-23984MedMar 31, 2021
    risk 0.42cvss 6.5epss 0.01

    A malicious extension could have opened a popup window lacking an address bar. The title of the popup lacking an address bar should not be fully controllable, but in this situation was. This could have been used to spoof a website and attempt to trick the user into providing…

  • CVE-2021-23983MedMar 31, 2021
    risk 0.42cvss 6.5epss 0.01

    By causing a transition on a parent node by removing a CSS rule, an invalid property for a marker could have been applied, resulting in memory corruption and a potentially exploitable crash. This vulnerability affects Firefox < 87.

  • CVE-2021-23982MedMar 31, 2021
    risk 0.42cvss 6.5epss 0.01

    Using techniques that built on the slipstream research, a malicious webpage could have scanned both an internal network's hosts as well as services running on the user's local machine utilizing WebRTC connections. This vulnerability affects Firefox ESR < 78.9, Firefox < 87, and…

  • CVE-2021-23958MedFeb 26, 2021
    risk 0.42cvss 6.5epss 0.01

    The browser could have been confused into transferring a screen sharing state into another tab, which would leak unintended information. This vulnerability affects Firefox < 85.

  • CVE-2021-23956MedFeb 26, 2021
    risk 0.42cvss 6.5epss 0.01

    An ambiguous file picker design could have confused users who intended to select and upload a single file into uploading a whole directory. This was addressed by adding a new prompt. This vulnerability affects Firefox < 85.

  • CVE-2021-23975MedFeb 26, 2021
    risk 0.42cvss 6.5epss 0.01

    The developer page about:memory has a Measure function for exploring what object types the browser has allocated and their sizes. When this function was invoked we incorrectly called the sizeof function, instead of using the API method that checks for invalid pointers. This…

  • CVE-2021-23973MedFeb 26, 2021
    risk 0.42cvss 6.5epss 0.01

    When trying to load a cross-origin resource in an audio/video context a decoding error may have resulted, and the content of that error may have revealed information about the resource. This vulnerability affects Firefox < 86, Thunderbird < 78.8, and Firefox ESR < 78.8.

  • CVE-2021-23971MedFeb 26, 2021
    risk 0.42cvss 6.5epss 0.01

    When processing a redirect with a conflicting Referrer-Policy, Firefox would have adopted the redirect's Referrer-Policy. This would have potentially resulted in more information than intended by the original origin being provided to the destination of the redirect. This…

  • CVE-2021-23970MedFeb 26, 2021
    risk 0.42cvss 6.5epss 0.01

    Context-specific code was included in a shared jump table; resulting in assertions being triggered in multithreaded wasm code. This vulnerability affects Firefox < 86.

Page 69 of 159