Firefox
Source repositories
CVEs (3,179)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-11695 | Med | 0.35 | 5.4 | 0.00 | Nov 26, 2024 | A crafted URL containing Arabic script and whitespace characters could have hidden the true origin of the page, resulting in a potential spoofing attack. This vulnerability affects Firefox < 133, Firefox ESR < 128.5, Thunderbird < 133, and Thunderbird < 128.5. | ||
| CVE-2023-6857 | Med | 0.35 | 5.3 | 0.01 | Dec 19, 2023 | When resolving a symlink, a race may occur where the buffer passed to `readlink` may actually be smaller than necessary. *This bug only affects Firefox on Unix-based operating systems (Android, Linux, MacOS). Windows is unaffected.* This vulnerability affects Firefox ESR <… | ||
| CVE-2023-6206 | Med | 0.35 | 5.4 | 0.01 | Nov 21, 2023 | The black fade animation when exiting fullscreen is roughly the length of the anti-clickjacking delay on permission prompts. It was possible to use this fact to surprise users by luring them to click where the permission grant button would be about to appear. This vulnerability… | ||
| CVE-2023-5723 | Med | 0.35 | 5.3 | 0.01 | Oct 25, 2023 | An attacker with temporary script access to a site could have set a cookie containing invalid characters using `document.cookie` that could have led to unknown errors. This vulnerability affects Firefox < 119. | ||
| CVE-2023-5722 | Med | 0.35 | 5.3 | 0.01 | Oct 25, 2023 | Using iterative requests an attacker was able to learn the size of an opaque response, as well as the contents of a server-supplied Vary header. This vulnerability affects Firefox < 119. | ||
| CVE-2023-4046 | Med | 0.35 | 5.3 | 0.01 | Aug 1, 2023 | In some circumstances, a stale value could have been used for a global variable in WASM JIT analysis. This resulted in incorrect compilation and a potentially exploitable crash in the content process. This vulnerability affects Firefox < 116, Firefox ESR < 102.14, and Firefox… | ||
| CVE-2023-25730 | Med | 0.35 | 5.4 | 0.01 | Jun 2, 2023 | A background script invoking requestFullscreen and then blocking the main thread could force the browser into fullscreen mode indefinitely, resulting in potential user confusion or spoofing attacks. This vulnerability affects Firefox < 110, Thunderbird < 102.8, and… | ||
| CVE-2022-28286 | Med | 0.35 | 5.4 | 0.01 | Dec 22, 2022 | Due to a layout change, iframe contents could have been rendered outside of its border. This could have led to user confusion or spoofing attacks. This vulnerability affects Thunderbird < 91.8, Firefox < 99, and Firefox ESR < 91.8. | ||
| CVE-2021-29965 | Med | 0.35 | 5.3 | 0.01 | Jun 24, 2021 | A malicious website that causes an HTTP Authentication dialog to be spawned could trick the built-in password manager to suggest passwords for the currently active website instead of the website that triggered the dialog. *This bug only affects Firefox for Android. Other… | ||
| CVE-2021-29955 | Med | 0.35 | 5.3 | 0.02 | Jun 24, 2021 | A transient execution vulnerability, named Floating Point Value Injection (FPVI) allowed an attacker to leak arbitrary memory addresses and may have also enabled JIT type confusion attacks. (A related vulnerability, Speculative Code Store Bypass (SCSB), did not affect Firefox.).… | ||
| CVE-2021-23977 | Med | 0.35 | 5.3 | 0.01 | Feb 26, 2021 | Firefox for Android suffered from a time-of-check-time-of-use vulnerability that allowed a malicious application to read sensitive data from application directories. Note: This issue is only affected Firefox for Android. Other operating systems are unaffected. This vulnerability… | ||
| CVE-2020-6829 | Med | 0.35 | 5.3 | 0.01 | Oct 28, 2020 | When performing EC scalar point multiplication, the wNAF point multiplication algorithm was used; which leaked partial information about the nonce used during signature generation. Given an electro-magnetic trace of a few signature generations, the private key could have been… | ||
| CVE-2020-15680 | Med | 0.35 | 5.3 | 0.01 | Oct 22, 2020 | If a valid external protocol handler was referenced in an image tag, the resulting broken image size could be distinguished from a broken image size of a non-existent protocol handler. This allowed an attacker to successfully probe whether an external protocol handler was… | ||
| CVE-2020-12405 | Med | 0.35 | 5.3 | 0.01 | Jul 9, 2020 | When browsing a malicious page, a race condition in our SharedWorkerService could occur and lead to a potentially exploitable crash. This vulnerability affects Thunderbird < 68.9.0, Firefox < 77, and Firefox ESR < 68.9. | ||
| CVE-2020-6813 | Med | 0.35 | 5.3 | 0.01 | Mar 25, 2020 | When protecting CSS blocks with the nonce feature of Content Security Policy, the @import statement in the CSS block could allow an attacker to inject arbitrary styles, bypassing the intent of the Content Security Policy. This vulnerability affects Firefox < 74. | ||
| CVE-2020-6812 | Med | 0.35 | 5.3 | 0.02 | Mar 25, 2020 | The first time AirPods are connected to an iPhone, they become named after the user's name by default (e.g. Jane Doe's AirPods.) Websites with camera or microphone permission are able to enumerate device names, disclosing the user's name. To resolve this issue, Firefox added a… | ||
| CVE-2019-17021 | Med | 0.35 | 5.3 | 0.02 | Jan 8, 2020 | During the initialization of a new content process, a race condition occurs that can allow a content process to disclose heap addresses from the parent process. *Note: this issue only occurs on Windows. Other operating systems are unaffected.*. This vulnerability affects Firefox… | ||
| CVE-2019-17018 | Med | 0.35 | 5.3 | 0.01 | Jan 8, 2020 | When in Private Browsing Mode on Windows 10, the Windows keyboard may retain word suggestions to improve the accuracy of the keyboard. This vulnerability affects Firefox < 72. | ||
| CVE-2019-11761 | Med | 0.35 | 5.4 | 0.01 | Jan 8, 2020 | By using a form with a data URI it was possible to gain access to the privileged JSONView object that had been cloned into content. Impact from exposing this object appears to be minimal, however it was a bypass of existing defense in depth mechanisms. This vulnerability affects… | ||
| CVE-2019-9817 | Med | 0.35 | 5.3 | 0.01 | Jul 23, 2019 | Images from a different domain can be read using a canvas object in some circumstances. This could be used to steal image data from a different site in violation of same-origin policy. This vulnerability affects Thunderbird < 60.7, Firefox < 67, and Firefox ESR < 60.7. |
- risk 0.35cvss 5.4epss 0.00
A crafted URL containing Arabic script and whitespace characters could have hidden the true origin of the page, resulting in a potential spoofing attack. This vulnerability affects Firefox < 133, Firefox ESR < 128.5, Thunderbird < 133, and Thunderbird < 128.5.
- risk 0.35cvss 5.3epss 0.01
When resolving a symlink, a race may occur where the buffer passed to `readlink` may actually be smaller than necessary. *This bug only affects Firefox on Unix-based operating systems (Android, Linux, MacOS). Windows is unaffected.* This vulnerability affects Firefox ESR <…
- risk 0.35cvss 5.4epss 0.01
The black fade animation when exiting fullscreen is roughly the length of the anti-clickjacking delay on permission prompts. It was possible to use this fact to surprise users by luring them to click where the permission grant button would be about to appear. This vulnerability…
- risk 0.35cvss 5.3epss 0.01
An attacker with temporary script access to a site could have set a cookie containing invalid characters using `document.cookie` that could have led to unknown errors. This vulnerability affects Firefox < 119.
- risk 0.35cvss 5.3epss 0.01
Using iterative requests an attacker was able to learn the size of an opaque response, as well as the contents of a server-supplied Vary header. This vulnerability affects Firefox < 119.
- risk 0.35cvss 5.3epss 0.01
In some circumstances, a stale value could have been used for a global variable in WASM JIT analysis. This resulted in incorrect compilation and a potentially exploitable crash in the content process. This vulnerability affects Firefox < 116, Firefox ESR < 102.14, and Firefox…
- risk 0.35cvss 5.4epss 0.01
A background script invoking requestFullscreen and then blocking the main thread could force the browser into fullscreen mode indefinitely, resulting in potential user confusion or spoofing attacks. This vulnerability affects Firefox < 110, Thunderbird < 102.8, and…
- risk 0.35cvss 5.4epss 0.01
Due to a layout change, iframe contents could have been rendered outside of its border. This could have led to user confusion or spoofing attacks. This vulnerability affects Thunderbird < 91.8, Firefox < 99, and Firefox ESR < 91.8.
- risk 0.35cvss 5.3epss 0.01
A malicious website that causes an HTTP Authentication dialog to be spawned could trick the built-in password manager to suggest passwords for the currently active website instead of the website that triggered the dialog. *This bug only affects Firefox for Android. Other…
- risk 0.35cvss 5.3epss 0.02
A transient execution vulnerability, named Floating Point Value Injection (FPVI) allowed an attacker to leak arbitrary memory addresses and may have also enabled JIT type confusion attacks. (A related vulnerability, Speculative Code Store Bypass (SCSB), did not affect Firefox.).…
- risk 0.35cvss 5.3epss 0.01
Firefox for Android suffered from a time-of-check-time-of-use vulnerability that allowed a malicious application to read sensitive data from application directories. Note: This issue is only affected Firefox for Android. Other operating systems are unaffected. This vulnerability…
- risk 0.35cvss 5.3epss 0.01
When performing EC scalar point multiplication, the wNAF point multiplication algorithm was used; which leaked partial information about the nonce used during signature generation. Given an electro-magnetic trace of a few signature generations, the private key could have been…
- risk 0.35cvss 5.3epss 0.01
If a valid external protocol handler was referenced in an image tag, the resulting broken image size could be distinguished from a broken image size of a non-existent protocol handler. This allowed an attacker to successfully probe whether an external protocol handler was…
- risk 0.35cvss 5.3epss 0.01
When browsing a malicious page, a race condition in our SharedWorkerService could occur and lead to a potentially exploitable crash. This vulnerability affects Thunderbird < 68.9.0, Firefox < 77, and Firefox ESR < 68.9.
- risk 0.35cvss 5.3epss 0.01
When protecting CSS blocks with the nonce feature of Content Security Policy, the @import statement in the CSS block could allow an attacker to inject arbitrary styles, bypassing the intent of the Content Security Policy. This vulnerability affects Firefox < 74.
- risk 0.35cvss 5.3epss 0.02
The first time AirPods are connected to an iPhone, they become named after the user's name by default (e.g. Jane Doe's AirPods.) Websites with camera or microphone permission are able to enumerate device names, disclosing the user's name. To resolve this issue, Firefox added a…
- risk 0.35cvss 5.3epss 0.02
During the initialization of a new content process, a race condition occurs that can allow a content process to disclose heap addresses from the parent process. *Note: this issue only occurs on Windows. Other operating systems are unaffected.*. This vulnerability affects Firefox…
- risk 0.35cvss 5.3epss 0.01
When in Private Browsing Mode on Windows 10, the Windows keyboard may retain word suggestions to improve the accuracy of the keyboard. This vulnerability affects Firefox < 72.
- risk 0.35cvss 5.4epss 0.01
By using a form with a data URI it was possible to gain access to the privileged JSONView object that had been cloned into content. Impact from exposing this object appears to be minimal, however it was a bypass of existing defense in depth mechanisms. This vulnerability affects…
- risk 0.35cvss 5.3epss 0.01
Images from a different domain can be read using a canvas object in some circumstances. This could be used to steal image data from a different site in violation of same-origin policy. This vulnerability affects Thunderbird < 60.7, Firefox < 67, and Firefox ESR < 60.7.
Page 82 of 159