Firefox
Source repositories
CVEs (3,179)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2020-12418 | Med | 0.42 | 6.5 | 0.03 | Jul 9, 2020 | Manipulating individual parts of a URL object could have caused an out-of-bounds read, leaking process memory to malicious JavaScript. This vulnerability affects Firefox ESR < 68.10, Firefox < 78, and Thunderbird < 68.10.0. | ||
| CVE-2020-12415 | Med | 0.42 | 6.5 | 0.01 | Jul 9, 2020 | When "%2F" was present in a manifest URL, Firefox's AppCache behavior may have become confused and allowed a manifest to be served from a subdirectory. This could cause the appcache to be used to service requests for the top level directory. This vulnerability affects Firefox <… | ||
| CVE-2020-12408 | Med | 0.42 | 6.5 | 0.01 | Jul 9, 2020 | When browsing a document hosted on an IP address, an attacker could insert certain characters to flip domain and path information in the address bar. This vulnerability affects Firefox < 77. | ||
| CVE-2020-12407 | Med | 0.42 | 6.5 | 0.01 | Jul 9, 2020 | Mozilla Developer Nicolas Silva found that when using WebRender, Firefox would under certain conditions leak arbitrary GPU memory to the visible screen. The leaked memory content was visible to the user, but not observable from web content. This vulnerability affects Firefox <… | ||
| CVE-2020-12424 | Med | 0.42 | 6.5 | 0.01 | Jul 9, 2020 | When constructing a permission prompt for WebRTC, a URI was supplied from the content process. This URI was untrusted, and could have been the URI of an origin that was previously granted permission; bypassing the prompt. This vulnerability affects Firefox < 78. | ||
| CVE-2020-6808 | Med | 0.42 | 6.5 | 0.01 | Mar 25, 2020 | When a JavaScript URL (javascript:) is evaluated and the result is a string, this string is parsed to create an HTML document, which is then presented. Previously, this document's URL (as reported by the document.location property, for example) was the originating javascript:… | ||
| CVE-2011-2669 | Med | 0.42 | 6.5 | 0.01 | Jan 21, 2020 | Mozilla Firefox prior to 3.6 has a DoS vulnerability due to an issue in the validation of certificates. | ||
| CVE-2019-17023 | Med | 0.42 | 6.5 | 0.01 | Jan 8, 2020 | After a HelloRetryRequest has been sent, the client may negotiate a lower protocol that TLS 1.3, resulting in an invalid state transition in the TLS State Machine. If the client gets into this state, incoming Application Data records will be ignored. This vulnerability affects… | ||
| CVE-2019-17020 | Med | 0.42 | 6.5 | 0.01 | Jan 8, 2020 | If an XML file is served with a Content Security Policy and the XML file includes an XSL stylesheet, the Content Security Policy will not be applied to the contents of the XSL stylesheet. If the XSL sheet e.g. includes JavaScript, it would bypass any of the restrictions of the… | ||
| CVE-2019-11765 | Med | 0.42 | 6.5 | 0.01 | Jan 8, 2020 | A compromised content process could send a message to the parent process that would cause the 'Click to Play' permission prompt to be shown. However, due to lack of validation from the parent process, if the user accepted the permission request an attacker-controlled permission… | ||
| CVE-2013-1689 | Med | 0.42 | 6.5 | 0.01 | Dec 10, 2019 | Mozilla Firefox 20.0a1 and earlier allows remote attackers to cause a denial of service (crash), related to event handling with frames. | ||
| CVE-2019-11750 | Med | 0.42 | 6.5 | 0.01 | Sep 27, 2019 | A type confusion vulnerability exists in Spidermonkey, which results in a non-exploitable crash. This vulnerability affects Firefox < 69 and Firefox ESR < 68.1. | ||
| CVE-2019-11748 | Med | 0.42 | 6.5 | 0.01 | Sep 27, 2019 | WebRTC in Firefox will honor persisted permissions given to sites for access to microphone and camera resources even when in a third-party context. In light of recent high profile vulnerabilities in other software, a decision was made to no longer persist these permissions. This… | ||
| CVE-2019-11747 | Med | 0.42 | 6.5 | 0.01 | Sep 27, 2019 | The "Forget about this site" feature in the History pane is intended to remove all saved user data that indicates a user has visited a site. This includes removing any HTTP Strict Transport Security (HSTS) settings received from sites that use it. Due to a bug, sites on the… | ||
| CVE-2019-11742 | Med | 0.42 | 6.5 | 0.02 | Sep 27, 2019 | A same-origin policy violation occurs allowing the theft of cross-origin images through a combination of SVG filters and a <canvas> element due to an error in how same-origin policy is applied to cached image content. The resulting same-origin policy violation could allow… | ||
| CVE-2019-9816 | Med | 0.42 | 5.9 | 0.06 | Jul 23, 2019 | A possible vulnerability exists where type confusion can occur when manipulating JavaScript objects in object groups, allowing for the bypassing of security checks within these groups. *Note: this vulnerability has only been demonstrated with UnboxedObjects, which are disabled… | ||
| CVE-2019-11725 | Med | 0.42 | 6.5 | 0.01 | Jul 23, 2019 | When a user navigates to site marked as unsafe by the Safebrowsing API, warning messages are displayed and navigation is interrupted but resources from the same site loaded through websockets are not blocked, leading to the loading of unsafe resources and bypassing safebrowsing… | ||
| CVE-2019-11721 | Med | 0.42 | 6.5 | 0.01 | Jul 23, 2019 | The unicode latin 'kra' character can be used to spoof a standard 'k' character in the addressbar. This allows for domain spoofing attacks as do not display as punycode text, allowing for user confusion. This vulnerability affects Firefox < 68. | ||
| CVE-2019-11702 | Med | 0.42 | 6.5 | 0.01 | Jul 23, 2019 | A hyperlink using protocols associated with Internet Explorer, such as IE.HTTP:, can be used to open local files at a known location with Internet Explorer if a user approves execution when prompted. *Note: this issue only occurs on Windows. Other operating systems are… | ||
| CVE-2019-11700 | Med | 0.42 | 6.5 | 0.01 | Jul 23, 2019 | A hyperlink using the res: protocol can be used to open local files at a known location in Internet Explorer if a user approves execution when prompted. *Note: this issue only occurs on Windows. Other operating systems are unaffected.*. This vulnerability affects Firefox < 67. |
- risk 0.42cvss 6.5epss 0.03
Manipulating individual parts of a URL object could have caused an out-of-bounds read, leaking process memory to malicious JavaScript. This vulnerability affects Firefox ESR < 68.10, Firefox < 78, and Thunderbird < 68.10.0.
- risk 0.42cvss 6.5epss 0.01
When "%2F" was present in a manifest URL, Firefox's AppCache behavior may have become confused and allowed a manifest to be served from a subdirectory. This could cause the appcache to be used to service requests for the top level directory. This vulnerability affects Firefox <…
- risk 0.42cvss 6.5epss 0.01
When browsing a document hosted on an IP address, an attacker could insert certain characters to flip domain and path information in the address bar. This vulnerability affects Firefox < 77.
- risk 0.42cvss 6.5epss 0.01
Mozilla Developer Nicolas Silva found that when using WebRender, Firefox would under certain conditions leak arbitrary GPU memory to the visible screen. The leaked memory content was visible to the user, but not observable from web content. This vulnerability affects Firefox <…
- risk 0.42cvss 6.5epss 0.01
When constructing a permission prompt for WebRTC, a URI was supplied from the content process. This URI was untrusted, and could have been the URI of an origin that was previously granted permission; bypassing the prompt. This vulnerability affects Firefox < 78.
- risk 0.42cvss 6.5epss 0.01
When a JavaScript URL (javascript:) is evaluated and the result is a string, this string is parsed to create an HTML document, which is then presented. Previously, this document's URL (as reported by the document.location property, for example) was the originating javascript:…
- risk 0.42cvss 6.5epss 0.01
Mozilla Firefox prior to 3.6 has a DoS vulnerability due to an issue in the validation of certificates.
- risk 0.42cvss 6.5epss 0.01
After a HelloRetryRequest has been sent, the client may negotiate a lower protocol that TLS 1.3, resulting in an invalid state transition in the TLS State Machine. If the client gets into this state, incoming Application Data records will be ignored. This vulnerability affects…
- risk 0.42cvss 6.5epss 0.01
If an XML file is served with a Content Security Policy and the XML file includes an XSL stylesheet, the Content Security Policy will not be applied to the contents of the XSL stylesheet. If the XSL sheet e.g. includes JavaScript, it would bypass any of the restrictions of the…
- risk 0.42cvss 6.5epss 0.01
A compromised content process could send a message to the parent process that would cause the 'Click to Play' permission prompt to be shown. However, due to lack of validation from the parent process, if the user accepted the permission request an attacker-controlled permission…
- risk 0.42cvss 6.5epss 0.01
Mozilla Firefox 20.0a1 and earlier allows remote attackers to cause a denial of service (crash), related to event handling with frames.
- risk 0.42cvss 6.5epss 0.01
A type confusion vulnerability exists in Spidermonkey, which results in a non-exploitable crash. This vulnerability affects Firefox < 69 and Firefox ESR < 68.1.
- risk 0.42cvss 6.5epss 0.01
WebRTC in Firefox will honor persisted permissions given to sites for access to microphone and camera resources even when in a third-party context. In light of recent high profile vulnerabilities in other software, a decision was made to no longer persist these permissions. This…
- risk 0.42cvss 6.5epss 0.01
The "Forget about this site" feature in the History pane is intended to remove all saved user data that indicates a user has visited a site. This includes removing any HTTP Strict Transport Security (HSTS) settings received from sites that use it. Due to a bug, sites on the…
- risk 0.42cvss 6.5epss 0.02
A same-origin policy violation occurs allowing the theft of cross-origin images through a combination of SVG filters and a <canvas> element due to an error in how same-origin policy is applied to cached image content. The resulting same-origin policy violation could allow…
- risk 0.42cvss 5.9epss 0.06
A possible vulnerability exists where type confusion can occur when manipulating JavaScript objects in object groups, allowing for the bypassing of security checks within these groups. *Note: this vulnerability has only been demonstrated with UnboxedObjects, which are disabled…
- risk 0.42cvss 6.5epss 0.01
When a user navigates to site marked as unsafe by the Safebrowsing API, warning messages are displayed and navigation is interrupted but resources from the same site loaded through websockets are not blocked, leading to the loading of unsafe resources and bypassing safebrowsing…
- risk 0.42cvss 6.5epss 0.01
The unicode latin 'kra' character can be used to spoof a standard 'k' character in the addressbar. This allows for domain spoofing attacks as do not display as punycode text, allowing for user confusion. This vulnerability affects Firefox < 68.
- risk 0.42cvss 6.5epss 0.01
A hyperlink using protocols associated with Internet Explorer, such as IE.HTTP:, can be used to open local files at a known location with Internet Explorer if a user approves execution when prompted. *Note: this issue only occurs on Windows. Other operating systems are…
- risk 0.42cvss 6.5epss 0.01
A hyperlink using the res: protocol can be used to open local files at a known location in Internet Explorer if a user approves execution when prompted. *Note: this issue only occurs on Windows. Other operating systems are unaffected.*. This vulnerability affects Firefox < 67.
Page 71 of 159