VYPR

Firefox

by Mozilla Corporation

Source repositories

CVEs (3,179)

  • CVE-2024-5689MedJun 11, 2024
    risk 0.28cvss 4.3epss 0.00

    In addition to detecting when a user was taking a screenshot (XXX), a website was able to overlay the 'My Shots' button that appeared, and direct the user to a replica Firefox Screenshots page that could be used for phishing. This vulnerability affects Firefox < 127.

  • CVE-2024-4767MedMay 14, 2024
    risk 0.28cvss 4.3epss 0.00

    If the `browser.privatebrowsing.autostart` preference is enabled, IndexedDB files were not properly deleted when the window was closed. This preference is disabled by default in Firefox. This vulnerability affects Firefox < 126, Firefox ESR < 115.11, and Thunderbird < 115.11.

  • CVE-2024-4766MedMay 14, 2024
    risk 0.28cvss 4.3epss 0.00

    Different techniques existed to obscure the fullscreen notification in Firefox for Android. These could have led to potential user confusion and spoofing attacks. *This bug only affects Firefox for Android. Other versions of Firefox are unaffected.* This vulnerability affects…

  • CVE-2024-1548MedFeb 20, 2024
    risk 0.28cvss 4.3epss 0.01

    A website could have obscured the fullscreen notification by using a dropdown select input element. This could have led to user confusion and possible spoofing attacks. This vulnerability affects Firefox < 123, Firefox ESR < 115.8, and Thunderbird < 115.8.

  • CVE-2024-0749MedJan 23, 2024
    risk 0.28cvss 4.3epss 0.00

    A phishing site could have repurposed an `about:` dialog to show phishing content with an incorrect origin in the address bar. This vulnerability affects Firefox < 122 and Thunderbird < 115.7.

  • CVE-2024-0748MedJan 23, 2024
    risk 0.28cvss 4.3epss 0.00

    A compromised content process could have updated the document URI. This could have allowed an attacker to set an arbitrary URI in the address bar or history. This vulnerability affects Firefox < 122.

  • CVE-2024-0742MedJan 23, 2024
    risk 0.28cvss 4.3epss 0.01

    It was possible for certain browser prompts and dialogs to be activated or dismissed unintentionally by the user due to an incorrect timestamp used to prevent input after page load. This vulnerability affects Firefox < 122, Firefox ESR < 115.7, and Thunderbird < 115.7.

  • CVE-2023-6871MedDec 19, 2023
    risk 0.28cvss 4.3epss 0.00

    Under certain conditions, Firefox did not display a warning when a user attempted to navigate to a new protocol handler. This vulnerability affects Firefox < 121.

  • CVE-2023-6870MedDec 19, 2023
    risk 0.28cvss 4.3epss 0.00

    Applications which spawn a Toast notification in a background thread may have obscured fullscreen notifications displayed by Firefox. *This issue only affects Android versions of Firefox and Firefox Focus.* This vulnerability affects Firefox < 121.

  • CVE-2023-6868MedDec 19, 2023
    risk 0.28cvss 4.3epss 0.00

    In some instances, the user-agent would allow push requests which lacked a valid VAPID even though the push manager subscription defined one. This could allow empty messages to be sent from unauthorized parties. *This bug only affects Firefox on Android.* This vulnerability…

  • CVE-2023-6135MedDec 19, 2023
    risk 0.28cvss 4.3epss 0.01

    Multiple NSS NIST curves were susceptible to a side-channel attack known as "Minerva". This attack could potentially allow an attacker to recover the private key. This vulnerability affects Firefox < 121.

  • CVE-2023-5729MedOct 25, 2023
    risk 0.28cvss 4.3epss 0.01

    A malicious web site can enter fullscreen mode while simultaneously triggering a WebAuthn prompt. This could have obscured the fullscreen notification and could have been leveraged in a spoofing attack. This vulnerability affects Firefox < 119.

  • CVE-2023-5726MedOct 25, 2023
    risk 0.28cvss 4.3epss 0.01

    A website could have obscured the full screen notification by using the file open dialog. This could have led to user confusion and possible spoofing attacks. *Note: This issue only affected macOS operating systems. Other operating systems are unaffected.* This vulnerability…

  • CVE-2023-5725MedOct 25, 2023
    risk 0.28cvss 4.3epss 0.01

    A malicious installed WebExtension could open arbitrary URLs, which under the right circumstance could be leveraged to collect sensitive user data. This vulnerability affects Firefox < 119, Firefox ESR < 115.4, and Thunderbird < 115.4.1.

  • CVE-2023-5721MedOct 25, 2023
    risk 0.28cvss 4.3epss 0.01

    It was possible for certain browser prompts and dialogs to be activated or dismissed unintentionally by the user due to an insufficient activation-delay. This vulnerability affects Firefox < 119, Firefox ESR < 115.4, and Thunderbird < 115.4.1.

  • CVE-2023-4581MedSep 11, 2023
    risk 0.28cvss 4.3epss 0.01

    Excel `.xll` add-in files did not have a blocklist entry in Firefox's executable blocklist which allowed them to be downloaded without any warning of their potential harm. This vulnerability affects Firefox < 117, Firefox ESR < 102.15, Firefox ESR < 115.2, Thunderbird < 102.15,…

  • CVE-2023-32212MedJun 2, 2023
    risk 0.28cvss 4.3epss 0.01

    An attacker could have positioned a `datalist` element to obscure the address bar. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11.

  • CVE-2023-32205MedJun 2, 2023
    risk 0.28cvss 4.3epss 0.01

    In multiple cases browser prompts could have been obscured by popups controlled by content. These could have led to potential user confusion and spoofing attacks. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11.

  • CVE-2023-29538MedJun 2, 2023
    risk 0.28cvss 4.3epss 0.00

    Under specific circumstances a WebExtension may have received a jar:file:/// URI instead of a moz-extension:/// URI during a load request. This leaked directory paths on the user's machine. This vulnerability affects Firefox for Android < 112, Firefox <…

  • CVE-2023-29533MedJun 2, 2023
    risk 0.28cvss 4.3epss 0.01

    A website could have obscured the fullscreen notification by using a combination of window.open, fullscreen requests, window.name assignments, and setInterval calls. This could have led to user confusion and possible spoofing attacks. This…

Page 90 of 159