Firefox
Source repositories
CVEs (3,179)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-2032 | Med | 0.28 | 4.3 | 0.00 | Feb 16, 2026 | Malicious scripts that interrupt new tab page loading could cause desynchronization between the address bar and page content, allowing the attacker to spoof arbitrary HTML under a trusted domain. This vulnerability was fixed in Firefox for iOS 147.2.1. | ||
| CVE-2026-0887 | Med | 0.28 | 4.3 | 0.00 | Jan 13, 2026 | Clickjacking issue, information disclosure in the PDF Viewer component. This vulnerability was fixed in Firefox 147, Firefox ESR 140.7, Thunderbird 147, and Thunderbird 140.7. | ||
| CVE-2025-8364 | Med | 0.28 | 4.3 | 0.00 | Aug 19, 2025 | A crafted URL using a blob: URI could have hidden the true origin of the page, resulting in a potential spoofing attack. *Note: This issue only affected Android operating systems. Other operating systems are unaffected.*. This vulnerability was fixed in Firefox 141. | ||
| CVE-2025-6434 | Med | 0.28 | 4.3 | 0.00 | Jun 24, 2025 | The exception page for the HTTPS-Only feature, displayed when a website is opened via HTTP, lacked an anti-clickjacking delay, potentially allowing an attacker to trick a user into granting an exception and loading a webpage over HTTP. This vulnerability was fixed in Firefox 140… | ||
| CVE-2025-6428 | Med | 0.28 | 4.3 | 0.00 | Jun 24, 2025 | When a URL was provided in a link querystring parameter, Firefox for Android would follow that URL instead of the correct URL, potentially leading to phishing attacks. *This bug only affects Firefox for Android. Other versions of Firefox are unaffected.*. This vulnerability was… | ||
| CVE-2025-5266 | Med | 0.28 | 4.3 | 0.00 | May 27, 2025 | Script elements loading cross-origin resources generated load and error events which leaked information enabling XS-Leaks attacks. This vulnerability was fixed in Firefox 139, Firefox ESR 128.11, Thunderbird 139, and Thunderbird 128.11. | ||
| CVE-2025-5263 | Med | 0.28 | 4.3 | 0.00 | May 27, 2025 | Error handling for script execution was incorrectly isolated from web content, which could have allowed cross-origin leak attacks. This vulnerability was fixed in Firefox 139, Firefox ESR 115.24, Firefox ESR 128.11, Thunderbird 139, and Thunderbird 128.11. | ||
| CVE-2025-5020 | Med | 0.28 | 4.3 | 0.00 | May 21, 2025 | Opening maliciously-crafted URLs in Firefox from other apps such as Safari could have allowed attackers to spoof website addresses if the URLs utilized non-HTTP schemes used internally by the Firefox iOS client. This vulnerability was fixed in Firefox for iOS 139. | ||
| CVE-2025-27425 | Med | 0.28 | 4.3 | 0.00 | Mar 4, 2025 | Scanning certain QR codes that included text with a website URL could allow the URL to be opened without presenting the user with a confirmation alert first. This vulnerability was fixed in Firefox for iOS 136. | ||
| CVE-2025-27424 | Med | 0.28 | 4.3 | 0.00 | Mar 4, 2025 | Websites redirecting to a non-HTTP scheme URL could allow a website address to be spoofed for a malicious page. This vulnerability was fixed in Firefox for iOS 136. | ||
| CVE-2025-1935 | Med | 0.28 | 4.3 | 0.00 | Mar 4, 2025 | A web page could trick a user into setting that site as the default handler for a custom URL protocol. This vulnerability was fixed in Firefox 136, Firefox ESR 128.8, Thunderbird 136, and Thunderbird 128.8. | ||
| CVE-2025-1019 | Med | 0.28 | 4.3 | 0.00 | Feb 4, 2025 | The z-order of the browser windows could be manipulated to hide the fullscreen notification. This could potentially be leveraged to perform a spoofing attack. This vulnerability was fixed in Firefox 135 and Thunderbird 135. | ||
| CVE-2025-23108 | Med | 0.28 | 4.3 | 0.00 | Jan 11, 2025 | Opening Javascript links in a new tab via long-press in the Firefox iOS client could result in a malicious script spoofing the URL of the new tab. This vulnerability was fixed in Firefox for iOS 134. | ||
| CVE-2024-11701 | Med | 0.28 | 4.3 | 0.00 | Nov 26, 2024 | The incorrect domain may have been displayed in the address bar during an interrupted navigation attempt. This could have led to user confusion and possible spoofing attacks. This vulnerability affects Firefox < 133 and Thunderbird < 133. | ||
| CVE-2024-11692 | Med | 0.28 | 4.3 | 0.00 | Nov 26, 2024 | An attacker could cause a select dropdown to be shown over another tab; this could have led to user confusion and possible spoofing attacks. This vulnerability affects Firefox < 133, Firefox ESR < 128.5, Thunderbird < 133, and Thunderbird < 128.5. | ||
| CVE-2024-6614 | Med | 0.28 | 4.3 | 0.00 | Jul 9, 2024 | The frame iterator could get stuck in a loop when encountering certain wasm frames leading to incorrect stack traces. This vulnerability affects Firefox < 128 and Thunderbird < 128. | ||
| CVE-2024-6610 | Med | 0.28 | 4.3 | 0.00 | Jul 9, 2024 | Form validation popups could capture escape key presses. Therefore, spamming form validation messages could be used to prevent users from exiting full-screen mode. This vulnerability affects Firefox < 128 and Thunderbird < 128. | ||
| CVE-2024-6608 | Med | 0.28 | 4.3 | 0.00 | Jul 9, 2024 | It was possible to move the cursor using pointerlock from an iframe. This allowed moving the cursor outside of the viewport and the Firefox window. This vulnerability affects Firefox < 128 and Thunderbird < 128. | ||
| CVE-2024-5697 | Med | 0.28 | 4.3 | 0.00 | Jun 11, 2024 | A website was able to detect when a user took a screenshot of a page using the built-in Screenshot functionality in Firefox. This vulnerability affects Firefox < 127. | ||
| CVE-2024-5690 | Med | 0.28 | 4.3 | 0.01 | Jun 11, 2024 | By monitoring the time certain operations take, an attacker could have guessed which external protocol handlers were functional on a user's system. This vulnerability affects Firefox < 127, Firefox ESR < 115.12, and Thunderbird < 115.12. |
- risk 0.28cvss 4.3epss 0.00
Malicious scripts that interrupt new tab page loading could cause desynchronization between the address bar and page content, allowing the attacker to spoof arbitrary HTML under a trusted domain. This vulnerability was fixed in Firefox for iOS 147.2.1.
- risk 0.28cvss 4.3epss 0.00
Clickjacking issue, information disclosure in the PDF Viewer component. This vulnerability was fixed in Firefox 147, Firefox ESR 140.7, Thunderbird 147, and Thunderbird 140.7.
- risk 0.28cvss 4.3epss 0.00
A crafted URL using a blob: URI could have hidden the true origin of the page, resulting in a potential spoofing attack. *Note: This issue only affected Android operating systems. Other operating systems are unaffected.*. This vulnerability was fixed in Firefox 141.
- risk 0.28cvss 4.3epss 0.00
The exception page for the HTTPS-Only feature, displayed when a website is opened via HTTP, lacked an anti-clickjacking delay, potentially allowing an attacker to trick a user into granting an exception and loading a webpage over HTTP. This vulnerability was fixed in Firefox 140…
- risk 0.28cvss 4.3epss 0.00
When a URL was provided in a link querystring parameter, Firefox for Android would follow that URL instead of the correct URL, potentially leading to phishing attacks. *This bug only affects Firefox for Android. Other versions of Firefox are unaffected.*. This vulnerability was…
- risk 0.28cvss 4.3epss 0.00
Script elements loading cross-origin resources generated load and error events which leaked information enabling XS-Leaks attacks. This vulnerability was fixed in Firefox 139, Firefox ESR 128.11, Thunderbird 139, and Thunderbird 128.11.
- risk 0.28cvss 4.3epss 0.00
Error handling for script execution was incorrectly isolated from web content, which could have allowed cross-origin leak attacks. This vulnerability was fixed in Firefox 139, Firefox ESR 115.24, Firefox ESR 128.11, Thunderbird 139, and Thunderbird 128.11.
- risk 0.28cvss 4.3epss 0.00
Opening maliciously-crafted URLs in Firefox from other apps such as Safari could have allowed attackers to spoof website addresses if the URLs utilized non-HTTP schemes used internally by the Firefox iOS client. This vulnerability was fixed in Firefox for iOS 139.
- risk 0.28cvss 4.3epss 0.00
Scanning certain QR codes that included text with a website URL could allow the URL to be opened without presenting the user with a confirmation alert first. This vulnerability was fixed in Firefox for iOS 136.
- risk 0.28cvss 4.3epss 0.00
Websites redirecting to a non-HTTP scheme URL could allow a website address to be spoofed for a malicious page. This vulnerability was fixed in Firefox for iOS 136.
- risk 0.28cvss 4.3epss 0.00
A web page could trick a user into setting that site as the default handler for a custom URL protocol. This vulnerability was fixed in Firefox 136, Firefox ESR 128.8, Thunderbird 136, and Thunderbird 128.8.
- risk 0.28cvss 4.3epss 0.00
The z-order of the browser windows could be manipulated to hide the fullscreen notification. This could potentially be leveraged to perform a spoofing attack. This vulnerability was fixed in Firefox 135 and Thunderbird 135.
- risk 0.28cvss 4.3epss 0.00
Opening Javascript links in a new tab via long-press in the Firefox iOS client could result in a malicious script spoofing the URL of the new tab. This vulnerability was fixed in Firefox for iOS 134.
- risk 0.28cvss 4.3epss 0.00
The incorrect domain may have been displayed in the address bar during an interrupted navigation attempt. This could have led to user confusion and possible spoofing attacks. This vulnerability affects Firefox < 133 and Thunderbird < 133.
- risk 0.28cvss 4.3epss 0.00
An attacker could cause a select dropdown to be shown over another tab; this could have led to user confusion and possible spoofing attacks. This vulnerability affects Firefox < 133, Firefox ESR < 128.5, Thunderbird < 133, and Thunderbird < 128.5.
- risk 0.28cvss 4.3epss 0.00
The frame iterator could get stuck in a loop when encountering certain wasm frames leading to incorrect stack traces. This vulnerability affects Firefox < 128 and Thunderbird < 128.
- risk 0.28cvss 4.3epss 0.00
Form validation popups could capture escape key presses. Therefore, spamming form validation messages could be used to prevent users from exiting full-screen mode. This vulnerability affects Firefox < 128 and Thunderbird < 128.
- risk 0.28cvss 4.3epss 0.00
It was possible to move the cursor using pointerlock from an iframe. This allowed moving the cursor outside of the viewport and the Firefox window. This vulnerability affects Firefox < 128 and Thunderbird < 128.
- risk 0.28cvss 4.3epss 0.00
A website was able to detect when a user took a screenshot of a page using the built-in Screenshot functionality in Firefox. This vulnerability affects Firefox < 127.
- risk 0.28cvss 4.3epss 0.01
By monitoring the time certain operations take, an attacker could have guessed which external protocol handlers were functional on a user's system. This vulnerability affects Firefox < 127, Firefox ESR < 115.12, and Thunderbird < 115.12.
Page 89 of 159