Firefox
Source repositories
CVEs (3,179)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2021-43543 | Med | 0.40 | 6.1 | 0.01 | Dec 8, 2021 | Documents loaded with the CSP sandbox directive could have escaped the sandbox's script restriction by embedding additional content. This vulnerability affects Thunderbird < 91.4.0, Firefox ESR < 91.4.0, and Firefox < 95. | ||
| CVE-2021-43532 | Med | 0.40 | 6.1 | 0.01 | Dec 8, 2021 | The 'Copy Image Link' context menu action would copy the final image URL after redirects. By embedding an image that triggered authentication flows - in conjunction with a Content Security Policy that stopped a redirection chain in the middle - the final image URL could be one… | ||
| CVE-2021-43530 | Med | 0.40 | 6.1 | 0.01 | Dec 8, 2021 | A Universal XSS vulnerability was present in Firefox for Android resulting from improper sanitization when processing a URL scanned from a QR code. *This bug only affects Firefox for Android. Other operating systems are unaffected.*. This vulnerability affects Firefox < 94. | ||
| CVE-2021-29953 | Med | 0.40 | 6.1 | 0.01 | Jun 24, 2021 | A malicious webpage could have forced a Firefox for Android user into executing attacker-controlled JavaScript in the context of another domain, resulting in a Universal Cross-Site Scripting vulnerability. *Note: This issue only affected Firefox for Android. Other operating… | ||
| CVE-2021-29944 | Med | 0.40 | 6.1 | 0.01 | Jun 24, 2021 | Lack of escaping allowed HTML injection when a webpage was viewed in Reader View. While a Content Security Policy prevents direct code execution, HTML injection is still possible. *Note: This issue only affected Firefox for Android. Other operating systems are unaffected.*. This… | ||
| CVE-2011-3656 | Med | 0.40 | 6.1 | 0.01 | Jun 2, 2021 | Cross-site scripting (XSS) vulnerability in Mozilla Firefox before 3.6.24 and 4.x through 7 allows remote attackers to inject arbitrary web script or HTML via vectors involving HTTP 0.9 errors, non-default ports, and content-sniffing. | ||
| CVE-2021-23959 | Med | 0.40 | 6.1 | 0.01 | Feb 26, 2021 | An XSS bug in internal error pages could have led to various spoofing attacks, including other error pages and the address bar. Note: This issue only affected Firefox for Android. Other operating systems are unaffected. This vulnerability affects Firefox < 85. | ||
| CVE-2021-23955 | Med | 0.40 | 6.1 | 0.01 | Feb 26, 2021 | The browser could have been confused into transferring a pointer lock state into another tab, which could have lead to clickjacking attacks. This vulnerability affects Firefox < 85. | ||
| CVE-2021-23974 | Med | 0.40 | 6.1 | 0.01 | Feb 26, 2021 | The DOMParser API did not properly process '' elements for escaping. This could be used as an mXSS vector to bypass an HTML Sanitizer. This vulnerability affects Firefox < 86. | ||
| CVE-2020-26979 | Med | 0.40 | 6.1 | 0.01 | Jan 7, 2021 | When a user typed a URL in the address bar or the search bar and quickly hit the enter key, a website could sometimes capture that event and then redirect the user before navigation occurred to the desired, entered address. To construct a convincing spoof the attacker would have… | ||
| CVE-2020-26978 | Med | 0.40 | 6.1 | 0.01 | Jan 7, 2021 | Using techniques that built on the slipstream research, a malicious webpage could have exposed both an internal network's hosts as well as services running on the user's local machine. This vulnerability affects Firefox < 84, Thunderbird < 78.6, and Firefox ESR < 78.6. | ||
| CVE-2020-26962 | Med | 0.40 | 6.1 | 0.01 | Dec 9, 2020 | Cross-origin iframes that contained a login form could have been recognized by the login autofill service, and populated. This could have been used in clickjacking attacks, as well as be read across partitions in dynamic first party isolation. This vulnerability affects Firefox… | ||
| CVE-2020-26958 | Med | 0.40 | 6.1 | 0.01 | Dec 9, 2020 | Firefox did not block execution of scripts with incorrect MIME types when the response was intercepted and cached through a ServiceWorker. This could lead to a cross-site script inclusion vulnerability, or a Content Security Policy bypass. This vulnerability affects Firefox <… | ||
| CVE-2020-26956 | Med | 0.40 | 6.1 | 0.01 | Dec 9, 2020 | In some cases, removing HTML elements during sanitization would keep existing SVG event handlers and therefore lead to XSS. This vulnerability affects Firefox < 83, Firefox ESR < 78.5, and Thunderbird < 78.5. | ||
| CVE-2020-26951 | Med | 0.40 | 6.1 | 0.01 | Dec 9, 2020 | A parsing and event loading mismatch in Firefox's SVG code could have allowed load events to fire, even after sanitization. An attacker already capable of exploiting an XSS vulnerability in privileged internal pages could have used this attack to bypass our built-in sanitizer.… | ||
| CVE-2020-15677 | Med | 0.40 | 6.1 | 0.02 | Oct 1, 2020 | By exploiting an Open Redirect vulnerability on a website, an attacker could have spoofed the site displayed in the download file dialog to show the original site (the one suffering from the open redirect) rather than the site the file was actually downloaded from. This… | ||
| CVE-2020-15676 | Med | 0.40 | 6.1 | 0.02 | Oct 1, 2020 | Firefox sometimes ran the onload handler for SVG elements that the DOM sanitizer decided to remove, resulting in JavaScript being executed after pasting attacker-controlled data into a contenteditable element. This vulnerability affects Firefox < 81, Thunderbird < 78.3, and… | ||
| CVE-2020-6798 | Med | 0.40 | 6.1 | 0.02 | Mar 2, 2020 | If a template tag was used in a select tag, the parser could be confused and allow JavaScript parsing and execution when it should not be allowed. A site that relied on the browser behaving correctly could suffer a cross-site scripting vulnerability as a result. In general, this… | ||
| CVE-2011-2670 | Med | 0.40 | 6.1 | 0.01 | Jan 13, 2020 | Mozilla Firefox before 3.6 is vulnerable to XSS via the rendering of Cascading Style Sheets | ||
| CVE-2019-17022 | Med | 0.40 | 6.1 | 0.02 | Jan 8, 2020 | When pasting a <style> tag from the clipboard into a rich text editor, the CSS sanitizer does not escape < and > characters. Because the resulting string is pasted directly into the text node of the element this does not result in a direct injection into the webpage;… |
- risk 0.40cvss 6.1epss 0.01
Documents loaded with the CSP sandbox directive could have escaped the sandbox's script restriction by embedding additional content. This vulnerability affects Thunderbird < 91.4.0, Firefox ESR < 91.4.0, and Firefox < 95.
- risk 0.40cvss 6.1epss 0.01
The 'Copy Image Link' context menu action would copy the final image URL after redirects. By embedding an image that triggered authentication flows - in conjunction with a Content Security Policy that stopped a redirection chain in the middle - the final image URL could be one…
- risk 0.40cvss 6.1epss 0.01
A Universal XSS vulnerability was present in Firefox for Android resulting from improper sanitization when processing a URL scanned from a QR code. *This bug only affects Firefox for Android. Other operating systems are unaffected.*. This vulnerability affects Firefox < 94.
- risk 0.40cvss 6.1epss 0.01
A malicious webpage could have forced a Firefox for Android user into executing attacker-controlled JavaScript in the context of another domain, resulting in a Universal Cross-Site Scripting vulnerability. *Note: This issue only affected Firefox for Android. Other operating…
- risk 0.40cvss 6.1epss 0.01
Lack of escaping allowed HTML injection when a webpage was viewed in Reader View. While a Content Security Policy prevents direct code execution, HTML injection is still possible. *Note: This issue only affected Firefox for Android. Other operating systems are unaffected.*. This…
- risk 0.40cvss 6.1epss 0.01
Cross-site scripting (XSS) vulnerability in Mozilla Firefox before 3.6.24 and 4.x through 7 allows remote attackers to inject arbitrary web script or HTML via vectors involving HTTP 0.9 errors, non-default ports, and content-sniffing.
- risk 0.40cvss 6.1epss 0.01
An XSS bug in internal error pages could have led to various spoofing attacks, including other error pages and the address bar. Note: This issue only affected Firefox for Android. Other operating systems are unaffected. This vulnerability affects Firefox < 85.
- risk 0.40cvss 6.1epss 0.01
The browser could have been confused into transferring a pointer lock state into another tab, which could have lead to clickjacking attacks. This vulnerability affects Firefox < 85.
- risk 0.40cvss 6.1epss 0.01
The DOMParser API did not properly process '' elements for escaping. This could be used as an mXSS vector to bypass an HTML Sanitizer. This vulnerability affects Firefox < 86.
- risk 0.40cvss 6.1epss 0.01
When a user typed a URL in the address bar or the search bar and quickly hit the enter key, a website could sometimes capture that event and then redirect the user before navigation occurred to the desired, entered address. To construct a convincing spoof the attacker would have…
- risk 0.40cvss 6.1epss 0.01
Using techniques that built on the slipstream research, a malicious webpage could have exposed both an internal network's hosts as well as services running on the user's local machine. This vulnerability affects Firefox < 84, Thunderbird < 78.6, and Firefox ESR < 78.6.
- risk 0.40cvss 6.1epss 0.01
Cross-origin iframes that contained a login form could have been recognized by the login autofill service, and populated. This could have been used in clickjacking attacks, as well as be read across partitions in dynamic first party isolation. This vulnerability affects Firefox…
- risk 0.40cvss 6.1epss 0.01
Firefox did not block execution of scripts with incorrect MIME types when the response was intercepted and cached through a ServiceWorker. This could lead to a cross-site script inclusion vulnerability, or a Content Security Policy bypass. This vulnerability affects Firefox <…
- risk 0.40cvss 6.1epss 0.01
In some cases, removing HTML elements during sanitization would keep existing SVG event handlers and therefore lead to XSS. This vulnerability affects Firefox < 83, Firefox ESR < 78.5, and Thunderbird < 78.5.
- risk 0.40cvss 6.1epss 0.01
A parsing and event loading mismatch in Firefox's SVG code could have allowed load events to fire, even after sanitization. An attacker already capable of exploiting an XSS vulnerability in privileged internal pages could have used this attack to bypass our built-in sanitizer.…
- risk 0.40cvss 6.1epss 0.02
By exploiting an Open Redirect vulnerability on a website, an attacker could have spoofed the site displayed in the download file dialog to show the original site (the one suffering from the open redirect) rather than the site the file was actually downloaded from. This…
- risk 0.40cvss 6.1epss 0.02
Firefox sometimes ran the onload handler for SVG elements that the DOM sanitizer decided to remove, resulting in JavaScript being executed after pasting attacker-controlled data into a contenteditable element. This vulnerability affects Firefox < 81, Thunderbird < 78.3, and…
- risk 0.40cvss 6.1epss 0.02
If a template tag was used in a select tag, the parser could be confused and allow JavaScript parsing and execution when it should not be allowed. A site that relied on the browser behaving correctly could suffer a cross-site scripting vulnerability as a result. In general, this…
- risk 0.40cvss 6.1epss 0.01
Mozilla Firefox before 3.6 is vulnerable to XSS via the rendering of Cascading Style Sheets
- risk 0.40cvss 6.1epss 0.02
When pasting a <style> tag from the clipboard into a rich text editor, the CSS sanitizer does not escape < and > characters. Because the resulting string is pasted directly into the text node of the element this does not result in a direct injection into the webpage;…
Page 76 of 159