VYPR

Firefox

by Mozilla Corporation

Source repositories

CVEs (3,179)

  • CVE-2024-11695MedNov 26, 2024
    risk 0.35cvss 5.4epss 0.00

    A crafted URL containing Arabic script and whitespace characters could have hidden the true origin of the page, resulting in a potential spoofing attack. This vulnerability affects Firefox < 133, Firefox ESR < 128.5, Thunderbird < 133, and Thunderbird < 128.5.

  • CVE-2023-6857MedDec 19, 2023
    risk 0.35cvss 5.3epss 0.01

    When resolving a symlink, a race may occur where the buffer passed to `readlink` may actually be smaller than necessary. *This bug only affects Firefox on Unix-based operating systems (Android, Linux, MacOS). Windows is unaffected.* This vulnerability affects Firefox ESR <…

  • CVE-2023-6206MedNov 21, 2023
    risk 0.35cvss 5.4epss 0.01

    The black fade animation when exiting fullscreen is roughly the length of the anti-clickjacking delay on permission prompts. It was possible to use this fact to surprise users by luring them to click where the permission grant button would be about to appear. This vulnerability…

  • CVE-2023-5723MedOct 25, 2023
    risk 0.35cvss 5.3epss 0.01

    An attacker with temporary script access to a site could have set a cookie containing invalid characters using `document.cookie` that could have led to unknown errors. This vulnerability affects Firefox < 119.

  • CVE-2023-5722MedOct 25, 2023
    risk 0.35cvss 5.3epss 0.01

    Using iterative requests an attacker was able to learn the size of an opaque response, as well as the contents of a server-supplied Vary header. This vulnerability affects Firefox < 119.

  • CVE-2023-4046MedAug 1, 2023
    risk 0.35cvss 5.3epss 0.01

    In some circumstances, a stale value could have been used for a global variable in WASM JIT analysis. This resulted in incorrect compilation and a potentially exploitable crash in the content process. This vulnerability affects Firefox < 116, Firefox ESR < 102.14, and Firefox…

  • CVE-2023-25730MedJun 2, 2023
    risk 0.35cvss 5.4epss 0.01

    A background script invoking requestFullscreen and then blocking the main thread could force the browser into fullscreen mode indefinitely, resulting in potential user confusion or spoofing attacks. This vulnerability affects Firefox < 110, Thunderbird < 102.8, and…

  • CVE-2022-28286MedDec 22, 2022
    risk 0.35cvss 5.4epss 0.01

    Due to a layout change, iframe contents could have been rendered outside of its border. This could have led to user confusion or spoofing attacks. This vulnerability affects Thunderbird < 91.8, Firefox < 99, and Firefox ESR < 91.8.

  • CVE-2021-29965MedJun 24, 2021
    risk 0.35cvss 5.3epss 0.01

    A malicious website that causes an HTTP Authentication dialog to be spawned could trick the built-in password manager to suggest passwords for the currently active website instead of the website that triggered the dialog. *This bug only affects Firefox for Android. Other…

  • CVE-2021-29955MedJun 24, 2021
    risk 0.35cvss 5.3epss 0.02

    A transient execution vulnerability, named Floating Point Value Injection (FPVI) allowed an attacker to leak arbitrary memory addresses and may have also enabled JIT type confusion attacks. (A related vulnerability, Speculative Code Store Bypass (SCSB), did not affect Firefox.).…

  • CVE-2021-23977MedFeb 26, 2021
    risk 0.35cvss 5.3epss 0.01

    Firefox for Android suffered from a time-of-check-time-of-use vulnerability that allowed a malicious application to read sensitive data from application directories. Note: This issue is only affected Firefox for Android. Other operating systems are unaffected. This vulnerability…

  • CVE-2020-6829MedOct 28, 2020
    risk 0.35cvss 5.3epss 0.01

    When performing EC scalar point multiplication, the wNAF point multiplication algorithm was used; which leaked partial information about the nonce used during signature generation. Given an electro-magnetic trace of a few signature generations, the private key could have been…

  • CVE-2020-15680MedOct 22, 2020
    risk 0.35cvss 5.3epss 0.01

    If a valid external protocol handler was referenced in an image tag, the resulting broken image size could be distinguished from a broken image size of a non-existent protocol handler. This allowed an attacker to successfully probe whether an external protocol handler was…

  • CVE-2020-12405MedJul 9, 2020
    risk 0.35cvss 5.3epss 0.01

    When browsing a malicious page, a race condition in our SharedWorkerService could occur and lead to a potentially exploitable crash. This vulnerability affects Thunderbird < 68.9.0, Firefox < 77, and Firefox ESR < 68.9.

  • CVE-2020-6813MedMar 25, 2020
    risk 0.35cvss 5.3epss 0.01

    When protecting CSS blocks with the nonce feature of Content Security Policy, the @import statement in the CSS block could allow an attacker to inject arbitrary styles, bypassing the intent of the Content Security Policy. This vulnerability affects Firefox < 74.

  • CVE-2020-6812MedMar 25, 2020
    risk 0.35cvss 5.3epss 0.02

    The first time AirPods are connected to an iPhone, they become named after the user's name by default (e.g. Jane Doe's AirPods.) Websites with camera or microphone permission are able to enumerate device names, disclosing the user's name. To resolve this issue, Firefox added a…

  • CVE-2019-17021MedJan 8, 2020
    risk 0.35cvss 5.3epss 0.02

    During the initialization of a new content process, a race condition occurs that can allow a content process to disclose heap addresses from the parent process. *Note: this issue only occurs on Windows. Other operating systems are unaffected.*. This vulnerability affects Firefox…

  • CVE-2019-17018MedJan 8, 2020
    risk 0.35cvss 5.3epss 0.01

    When in Private Browsing Mode on Windows 10, the Windows keyboard may retain word suggestions to improve the accuracy of the keyboard. This vulnerability affects Firefox < 72.

  • CVE-2019-11761MedJan 8, 2020
    risk 0.35cvss 5.4epss 0.01

    By using a form with a data URI it was possible to gain access to the privileged JSONView object that had been cloned into content. Impact from exposing this object appears to be minimal, however it was a bypass of existing defense in depth mechanisms. This vulnerability affects…

  • CVE-2019-9817MedJul 23, 2019
    risk 0.35cvss 5.3epss 0.01

    Images from a different domain can be read using a canvas object in some circumstances. This could be used to steal image data from a different site in violation of same-origin policy. This vulnerability affects Thunderbird < 60.7, Firefox < 67, and Firefox ESR < 60.7.

Page 82 of 159