VYPR

Firefox

by Mozilla Corporation

Source repositories

CVEs (3,179)

  • CVE-2023-28159MedJun 2, 2023
    risk 0.28cvss 4.3epss 0.00

    The fullscreen notification could have been hidden on Firefox for Android by using download popups, resulting in potential user confusion or spoofing attacks. *This bug only affects Firefox for Android. Other operating systems are unaffected.*. This vulnerability affects…

  • CVE-2023-25750MedJun 2, 2023
    risk 0.28cvss 4.3epss 0.00

    Under certain circumstances, a ServiceWorker's offline cache may have leaked to the file system when using private browsing mode. This vulnerability affects Firefox < 111.

  • CVE-2023-25749MedJun 2, 2023
    risk 0.28cvss 4.3epss 0.00

    Android applications with unpatched vulnerabilities can be launched from a browser using Intents, exposing users to these vulnerabilities. Firefox will now confirm with users that they want to launch an external application before doing so. *This bug only affects Firefox for…

  • CVE-2023-25748MedJun 2, 2023
    risk 0.28cvss 4.3epss 0.00

    By displaying a prompt with a long description, the fullscreen notification could have been hidden, resulting in potential user confusion or spoofing attacks. *This bug only affects Firefox for Android. Other operating systems are unaffected.*. This vulnerability affects…

  • CVE-2022-46877MedDec 22, 2022
    risk 0.28cvss 4.3epss 0.01

    By confusing the browser, the fullscreen notification could have been delayed or suppressed, resulting in potential user confusion or spoofing attacks. This vulnerability affects Firefox < 108.

  • CVE-2022-45417MedDec 22, 2022
    risk 0.28cvss 4.3epss 0.00

    Service Workers did not detect Private Browsing Mode correctly in all cases, which could have led to Service Workers being written to disk for websites visited in Private Browsing Mode. This would not have persisted them in a state where they would run again, but it would have…

  • CVE-2022-38474MedDec 22, 2022
    risk 0.28cvss 4.3epss 0.00

    A website that had permission to access the microphone could record audio without the audio notification being shown. This bug does not allow the attacker to bypass the permission prompt - it only affects the notification shown once permission has been granted.*This bug…

  • CVE-2022-36315MedDec 22, 2022
    risk 0.28cvss 4.3epss 0.00

    When loading a script with Subresource Integrity, attackers with an injection capability could trigger the reuse of previously cached entries with incorrect, different integrity metadata. This vulnerability affects Firefox < 103.

  • CVE-2022-34472MedDec 22, 2022
    risk 0.28cvss 4.3epss 0.01

    If there was a PAC URL set and the server that hosts the PAC was not reachable, OCSP requests would have been blocked, resulting in incorrect error pages being shown. This vulnerability affects Firefox < 102, Firefox ESR < 91.11, Thunderbird < 102, and Thunderbird < 91.11.

  • CVE-2022-31745MedDec 22, 2022
    risk 0.28cvss 4.3epss 0.00

    If array shift operations are not used, the Garbage Collector may have become confused about valid objects. This vulnerability affects Firefox < 101.

  • CVE-2022-29915MedDec 22, 2022
    risk 0.28cvss 4.3epss 0.00

    The Performance API did not properly hide the fact whether a request cross-origin resource has observed redirects. This vulnerability affects Firefox < 100.

  • CVE-2022-26383MedDec 22, 2022
    risk 0.28cvss 4.3epss 0.01

    When resizing a popup after requesting fullscreen access, the popup would not display the fullscreen notification. This vulnerability affects Firefox < 98, Firefox ESR < 91.7, and Thunderbird < 91.7.

  • CVE-2022-26382MedDec 22, 2022
    risk 0.28cvss 4.3epss 0.00

    While the text displayed in Autofill tooltips cannot be directly read by JavaScript, the text was rendered using page fonts. Side-channel attacks on the text by using specially crafted fonts could have lead to this text being inferred by the webpage. This vulnerability affects…

  • CVE-2022-22762MedDec 22, 2022
    risk 0.28cvss 4.3epss 0.00

    Under certain circumstances, a JavaScript alert (or prompt) could have been shown while another website was displayed underneath it. This could have been abused to trick the user. *This bug only affects Firefox for Android. Other operating systems are unaffected.*. This…

  • CVE-2022-22749MedDec 22, 2022
    risk 0.28cvss 4.3epss 0.00

    When scanning QR codes, Firefox for Android would have allowed navigation to some URLs that do not point to web content.*This bug only affects Firefox for Android. Other operating systems are unaffected.*. This vulnerability affects Firefox < 96.

  • CVE-2022-22743MedDec 22, 2022
    risk 0.28cvss 4.3epss 0.01

    When navigating from inside an iframe while requesting fullscreen access, an attacker-controlled tab could have made the browser unable to leave fullscreen mode. This vulnerability affects Firefox ESR < 91.5, Firefox < 96, and Thunderbird < 91.5.

  • CVE-2021-4221MedDec 22, 2022
    risk 0.28cvss 4.3epss 0.00

    If a domain name contained a RTL character, it would cause the domain to be rendered to the right of the path. This could lead to user confusion and spoofing attacks. *This bug only affects Firefox for Android. Other operating systems are unaffected.**Note*: Due to a…

  • CVE-2021-43546MedDec 8, 2021
    risk 0.28cvss 4.3epss 0.01

    It was possible to recreate previous cursor spoofing attacks against users with a zoomed native cursor. This vulnerability affects Thunderbird < 91.4.0, Firefox ESR < 91.4.0, and Firefox < 95.

  • CVE-2021-43538MedDec 8, 2021
    risk 0.28cvss 4.3epss 0.01

    By misusing a race in our notification code, an attacker could have forcefully hidden the notification for pages that had received full screen and pointer lock access, which could have been used for spoofing attacks. This vulnerability affects Thunderbird < 91.4.0, Firefox ESR <…

  • CVE-2021-43533MedDec 8, 2021
    risk 0.28cvss 4.3epss 0.01

    When parsing internationalized domain names, high bits of the characters in the URLs were sometimes stripped, resulting in inconsistencies that could lead to user confusion or attacks such as phishing. This vulnerability affects Firefox < 94.

Page 91 of 159