Firefox
Source repositories
CVEs (3,179)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-2610 | Med | 0.40 | 6.1 | 0.01 | Mar 19, 2024 | Using a markup injection an attacker could have stolen nonce values. This could have been used to bypass strict content security policies. This vulnerability affects Firefox < 124, Firefox ESR < 115.9, and Thunderbird < 115.9. | ||
| CVE-2024-2609 | Med | 0.40 | 6.1 | 0.01 | Mar 19, 2024 | The permission prompt input delay could expire while the window is not in focus. This makes it vulnerable to clickjacking by malicious websites. This vulnerability affects Firefox < 124, Firefox ESR < 115.10, and Thunderbird < 115.10. | ||
| CVE-2024-1551 | Med | 0.40 | 6.1 | 0.01 | Feb 20, 2024 | Set-Cookie response headers were being incorrectly honored in multipart HTTP responses. If an attacker could control the Content-Type response header, as well as control part of the response body, they could inject Set-Cookie response headers that would have been honored by the… | ||
| CVE-2024-1550 | Med | 0.40 | 6.1 | 0.01 | Feb 20, 2024 | A malicious website could have used a combination of exiting fullscreen mode and `requestPointerLock` to cause the user's mouse to be re-positioned unexpectedly, which could have led to user confusion and inadvertently granting permissions they did not intend to grant. This… | ||
| CVE-2024-1549 | Med | 0.40 | 6.1 | 0.01 | Feb 20, 2024 | If a website set a large custom cursor, portions of the cursor could have overlapped with the permission dialog, potentially resulting in user confusion and unexpected granted permissions. This vulnerability affects Firefox < 123, Firefox ESR < 115.8, and Thunderbird < 115.8. | ||
| CVE-2023-6867 | Med | 0.40 | 6.1 | 0.01 | Dec 19, 2023 | The timing of a button click causing a popup to disappear was approximately the same length as the anti-clickjacking delay on permission prompts. It was possible to use this fact to surprise users by luring them to click where the permission grant button would be about to… | ||
| CVE-2023-34415 | Med | 0.40 | 6.1 | 0.00 | Jun 19, 2023 | When choosing a site-isolated process for a document loaded from a data: URL that was the result of a redirect, Firefox would load that document in the same process as the site that issued the redirect. This bypassed the site-isolation protections against Spectre-like attacks on… | ||
| CVE-2023-29540 | Med | 0.40 | 6.1 | 0.00 | Jun 2, 2023 | Using a redirect embedded into sourceMappingUrls could allow for navigation to external protocol links in sandboxed iframes without allow-top-navigation-to-custom-protocols. This vulnerability affects Firefox for Android < 112, Firefox < 112, and Focus… | ||
| CVE-2022-45418 | Med | 0.40 | 6.1 | 0.01 | Dec 22, 2022 | If a custom mouse cursor is specified in CSS, under certain circumstances the cursor could have been drawn over the browser UI, resulting in potential user confusion or spoofing attacks. This vulnerability affects Firefox ESR < 102.5, Thunderbird < 102.5, and Firefox < 107. | ||
| CVE-2022-45413 | Med | 0.40 | 6.1 | 0.00 | Dec 22, 2022 | Using the S.browser_fallback_url parameter parameter, an attacker could redirect a user to a URL and cause SameSite=Strict cookies to be sent.*This issue only affects Firefox for Android. Other operating systems are not affected.*. This vulnerability affects… | ||
| CVE-2022-45411 | Med | 0.40 | 6.1 | 0.01 | Dec 22, 2022 | Cross-Site Tracing occurs when a server will echo a request back via the Trace method, allowing an XSS attack to access to authorization headers and cookies inaccessible to JavaScript (such as cookies protected by HTTPOnly). To mitigate this attack, browsers placed limits on… | ||
| CVE-2022-40956 | Med | 0.40 | 6.1 | 0.01 | Dec 22, 2022 | When injecting an HTML base element, some requests would ignore the CSP's base-uri settings and accept the injected element's base instead. This vulnerability affects Firefox ESR < 102.3, Thunderbird < 102.3, and Firefox < 105. | ||
| CVE-2022-36316 | Med | 0.40 | 6.1 | 0.00 | Dec 22, 2022 | When using the Performance API, an attacker was able to notice subtle differences between PerformanceEntries and thus learn whether the target URL had been subject to a redirect. This vulnerability affects Firefox < 103. | ||
| CVE-2022-34475 | Med | 0.40 | 6.1 | 0.00 | Dec 22, 2022 | SVG <use> tags that referenced a same-origin document could have resulted in script execution if attacker input was sanitized via the HTML Sanitizer API. This would have required the attacker to reference a same-origin JavaScript file containing the script to… | ||
| CVE-2022-34474 | Med | 0.40 | 6.1 | 0.00 | Dec 22, 2022 | Even when an iframe was sandboxed with allow-top-navigation-by-user-activation, if it received a redirect header to an external protocol the browser would process the redirect and prompt the user as appropriate. This vulnerability affects Firefox < 102. | ||
| CVE-2022-34473 | Med | 0.40 | 6.1 | 0.00 | Dec 22, 2022 | The HTML Sanitizer should have sanitized the href attribute of SVG <use> tags; however it incorrectly did not sanitize xlink:href attributes. This vulnerability affects Firefox < 102. | ||
| CVE-2022-29912 | Med | 0.40 | 6.1 | 0.01 | Dec 22, 2022 | Requests initiated through reader mode did not properly omit cookies with a SameSite attribute. This vulnerability affects Thunderbird < 91.9, Firefox ESR < 91.9, and Firefox < 100. | ||
| CVE-2022-29911 | Med | 0.40 | 6.1 | 0.01 | Dec 22, 2022 | An improper implementation of the new iframe sandbox keyword allow-top-navigation-by-user-activation could lead to script execution without allow-scripts being present. This vulnerability affects Thunderbird < 91.9, Firefox ESR < 91.9, and Firefox < 100. | ||
| CVE-2022-29910 | Med | 0.40 | 6.1 | 0.00 | Dec 22, 2022 | When closed or sent to the background, Firefox for Android would not properly record and persist HSTS settings.*Note: This issue only affected Firefox for Android. Other operating systems are unaffected.*. This vulnerability affects Firefox < 100. | ||
| CVE-2021-43544 | Med | 0.40 | 6.1 | 0.01 | Dec 8, 2021 | When receiving a URL through a SEND intent, Firefox would have searched for the text, but subsequent usages of the address bar might have caused the URL to load unintentionally, which could lead to XSS and spoofing attacks. *This bug only affects Firefox for Android. Other… |
- risk 0.40cvss 6.1epss 0.01
Using a markup injection an attacker could have stolen nonce values. This could have been used to bypass strict content security policies. This vulnerability affects Firefox < 124, Firefox ESR < 115.9, and Thunderbird < 115.9.
- risk 0.40cvss 6.1epss 0.01
The permission prompt input delay could expire while the window is not in focus. This makes it vulnerable to clickjacking by malicious websites. This vulnerability affects Firefox < 124, Firefox ESR < 115.10, and Thunderbird < 115.10.
- risk 0.40cvss 6.1epss 0.01
Set-Cookie response headers were being incorrectly honored in multipart HTTP responses. If an attacker could control the Content-Type response header, as well as control part of the response body, they could inject Set-Cookie response headers that would have been honored by the…
- risk 0.40cvss 6.1epss 0.01
A malicious website could have used a combination of exiting fullscreen mode and `requestPointerLock` to cause the user's mouse to be re-positioned unexpectedly, which could have led to user confusion and inadvertently granting permissions they did not intend to grant. This…
- risk 0.40cvss 6.1epss 0.01
If a website set a large custom cursor, portions of the cursor could have overlapped with the permission dialog, potentially resulting in user confusion and unexpected granted permissions. This vulnerability affects Firefox < 123, Firefox ESR < 115.8, and Thunderbird < 115.8.
- risk 0.40cvss 6.1epss 0.01
The timing of a button click causing a popup to disappear was approximately the same length as the anti-clickjacking delay on permission prompts. It was possible to use this fact to surprise users by luring them to click where the permission grant button would be about to…
- risk 0.40cvss 6.1epss 0.00
When choosing a site-isolated process for a document loaded from a data: URL that was the result of a redirect, Firefox would load that document in the same process as the site that issued the redirect. This bypassed the site-isolation protections against Spectre-like attacks on…
- risk 0.40cvss 6.1epss 0.00
Using a redirect embedded into sourceMappingUrls could allow for navigation to external protocol links in sandboxed iframes without allow-top-navigation-to-custom-protocols. This vulnerability affects Firefox for Android < 112, Firefox < 112, and Focus…
- risk 0.40cvss 6.1epss 0.01
If a custom mouse cursor is specified in CSS, under certain circumstances the cursor could have been drawn over the browser UI, resulting in potential user confusion or spoofing attacks. This vulnerability affects Firefox ESR < 102.5, Thunderbird < 102.5, and Firefox < 107.
- risk 0.40cvss 6.1epss 0.00
Using the S.browser_fallback_url parameter parameter, an attacker could redirect a user to a URL and cause SameSite=Strict cookies to be sent.*This issue only affects Firefox for Android. Other operating systems are not affected.*. This vulnerability affects…
- risk 0.40cvss 6.1epss 0.01
Cross-Site Tracing occurs when a server will echo a request back via the Trace method, allowing an XSS attack to access to authorization headers and cookies inaccessible to JavaScript (such as cookies protected by HTTPOnly). To mitigate this attack, browsers placed limits on…
- risk 0.40cvss 6.1epss 0.01
When injecting an HTML base element, some requests would ignore the CSP's base-uri settings and accept the injected element's base instead. This vulnerability affects Firefox ESR < 102.3, Thunderbird < 102.3, and Firefox < 105.
- risk 0.40cvss 6.1epss 0.00
When using the Performance API, an attacker was able to notice subtle differences between PerformanceEntries and thus learn whether the target URL had been subject to a redirect. This vulnerability affects Firefox < 103.
- risk 0.40cvss 6.1epss 0.00
SVG <use> tags that referenced a same-origin document could have resulted in script execution if attacker input was sanitized via the HTML Sanitizer API. This would have required the attacker to reference a same-origin JavaScript file containing the script to…
- risk 0.40cvss 6.1epss 0.00
Even when an iframe was sandboxed with allow-top-navigation-by-user-activation, if it received a redirect header to an external protocol the browser would process the redirect and prompt the user as appropriate. This vulnerability affects Firefox < 102.
- risk 0.40cvss 6.1epss 0.00
The HTML Sanitizer should have sanitized the href attribute of SVG <use> tags; however it incorrectly did not sanitize xlink:href attributes. This vulnerability affects Firefox < 102.
- risk 0.40cvss 6.1epss 0.01
Requests initiated through reader mode did not properly omit cookies with a SameSite attribute. This vulnerability affects Thunderbird < 91.9, Firefox ESR < 91.9, and Firefox < 100.
- risk 0.40cvss 6.1epss 0.01
An improper implementation of the new iframe sandbox keyword allow-top-navigation-by-user-activation could lead to script execution without allow-scripts being present. This vulnerability affects Thunderbird < 91.9, Firefox ESR < 91.9, and Firefox < 100.
- risk 0.40cvss 6.1epss 0.00
When closed or sent to the background, Firefox for Android would not properly record and persist HSTS settings.*Note: This issue only affected Firefox for Android. Other operating systems are unaffected.*. This vulnerability affects Firefox < 100.
- risk 0.40cvss 6.1epss 0.01
When receiving a URL through a SEND intent, Firefox would have searched for the text, but subsequent usages of the address bar might have caused the URL to load unintentionally, which could lead to XSS and spoofing attacks. *This bug only affects Firefox for Android. Other…
Page 75 of 159