VYPR

Firefox

by Mozilla Corporation

Source repositories

CVEs (3,179)

  • CVE-2019-11727MedJul 23, 2019
    risk 0.35cvss 5.3epss 0.02

    A vulnerability exists where it possible to force Network Security Services (NSS) to sign CertificateVerify with PKCS#1 v1.5 signatures when those are the only ones advertised by server in CertificateRequest in TLS 1.3. PKCS#1 v1.5 signatures should not be used for TLS 1.3…

  • CVE-2019-11718MedJul 23, 2019
    risk 0.35cvss 5.3epss 0.01

    Activity Stream can display content from sent from the Snippet Service website. This content is written to innerHTML on the Activity Stream page without sanitization, allowing for a potential access to other information available to the Activity Stream, such as browsing history,…

  • CVE-2019-11717MedJul 23, 2019
    risk 0.35cvss 5.3epss 0.02

    A vulnerability exists where the caret ("^") character is improperly escaped constructing some URIs due to it being used as a separator, allowing for possible spoofing of origin attributes. This vulnerability affects Firefox ESR < 60.8, Firefox < 68, and Thunderbird < 60.8.

  • CVE-2019-11698MedJul 23, 2019
    risk 0.35cvss 5.3epss 0.01

    If a crafted hyperlink is dragged and dropped to the bookmark bar or sidebar and the resulting bookmark is subsequently dragged and dropped into the web content area, an arbitrary query of a user's browser history can be run and transmitted to the content page via drop event…

  • CVE-2019-9801MedApr 26, 2019
    risk 0.35cvss 5.3epss 0.01

    Firefox will accept any registered Program ID as an external protocol handler and offer to launch this local application when given a matching URL on Windows operating systems. This should only happen if the program has specifically registered itself as a "URL Handler" in the…

  • CVE-2019-9797MedApr 26, 2019
    risk 0.35cvss 5.3epss 0.01

    Cross-origin images can be read in violation of the same-origin policy by exporting an image after using createImageBitmap to read the image and then rendering the resulting bitmap image within a canvas element. This vulnerability affects Firefox < 66.

  • CVE-2018-12403MedFeb 28, 2019
    risk 0.35cvss 5.3epss 0.02

    If a site is loaded over a HTTPS connection but loads a favicon resource over HTTP, the mixed content warning is not displayed to users. This vulnerability affects Firefox < 63.

  • CVE-2018-12400MedFeb 28, 2019
    risk 0.35cvss 5.3epss 0.02

    In private browsing mode on Firefox for Android, favicons are cached in the cache/icons folder as they are in non-private mode. This allows information leakage of sites visited during private browsing sessions. *Note: this issue only affects Firefox for Android. Desktop versions…

  • CVE-2018-12382MedOct 18, 2018
    risk 0.35cvss 5.3epss 0.02

    The displayed addressbar URL can be spoofed on Firefox for Android using a javascript: URI in concert with JavaScript to insert text before the loaded domain name, scrolling the loaded domain out of view to the right. This can lead to user confusion. *This vulnerability only…

  • CVE-2018-12381MedOct 18, 2018
    risk 0.35cvss 5.3epss 0.02

    Manually dragging and dropping an Outlook email message into the browser will trigger a page navigation when the message's mail columns are incorrectly interpreted as a URL. *Note: this issue only affects Windows operating systems with Outlook installed. Other operating systems…

  • CVE-2018-5173MedJun 11, 2018
    risk 0.35cvss 5.3epss 0.02

    The filename appearing in the "Downloads" panel improperly renders some Unicode characters, allowing for the file name to be spoofed. This can be used to obscure the file extension of potentially executable files from user view in the panel. Note: the dialog to open the file…

  • CVE-2018-5168MedJun 11, 2018
    risk 0.35cvss 5.3epss 0.02

    Sites can bypass security checks on permissions to install lightweight themes by manipulating the "baseURI" property of the theme element. This could allow a malicious site to install a theme without user interaction which could contain offensive or embarrassing images. This…

  • CVE-2018-5165MedJun 11, 2018
    risk 0.35cvss 5.3epss 0.02

    In 32-bit versions of Firefox, the Adobe Flash plugin setting for "Enable Adobe Flash protected mode" is unchecked by default even though the Adobe Flash sandbox is actually enabled. The displayed state is the reverse of the true setting, resulting in user confusion. This could…

  • CVE-2018-5142MedJun 11, 2018
    risk 0.35cvss 5.3epss 0.01

    If Media Capture and Streams API permission is requested from documents with "data:" or "blob:" URLs, the permission notifications do not properly display the originating domain. The notification states "Unknown protocol" as the requestee, leading to user confusion about which…

  • CVE-2018-5140MedJun 11, 2018
    risk 0.35cvss 5.3epss 0.01

    Image for moz-icons can be accessed through the "moz-icon:" protocol through script in web content even when otherwise prohibited. This could allow for information leakage of which applications are associated with specific MIME types by a malicious page. This vulnerability…

  • CVE-2018-5138MedJun 11, 2018
    risk 0.35cvss 5.3epss 0.01

    A spoofing vulnerability can occur when a malicious site with an extremely long domain name is opened in an Android Custom Tab (a browser panel inside another app) and the default browser is Firefox for Android. This could allow an attacker to spoof which page is actually loaded…

  • CVE-2018-5121MedJun 11, 2018
    risk 0.35cvss 5.3epss 0.01

    Low descenders on some Tibetan characters in several fonts on OS X are clipped when rendered in the addressbar. When used as part of an Internationalized Domain Name (IDN) this can be used for domain name spoofing attacks. Note: This attack only affects OS X operating systems.…

  • CVE-2018-5119MedJun 11, 2018
    risk 0.35cvss 5.3epss 0.02

    The reader view will display cross-origin content when CORS headers are set to prohibit the loading of cross-origin content by a site. This could allow access to content that should be restricted in reader view. This vulnerability affects Firefox < 58.

  • CVE-2018-5118MedJun 11, 2018
    risk 0.35cvss 5.3epss 0.02

    The screenshot images displayed in the Activity Stream page displayed when a new tab is opened is created from the meta tags of websites. An issue was discovered where the page could attempt to create these images through "file:" URLs from the local file system. This loading is…

  • CVE-2018-5117MedJun 11, 2018
    risk 0.35cvss 5.3epss 0.02

    If right-to-left text is used in the addressbar with left-to-right alignment, it is possible in some circumstances to scroll this text to spoof the displayed URL. This issue could result in the wrong URL being displayed as a location, which can mislead users to believe they are…

Page 83 of 159