VYPR

Firefox

by Mozilla Corporation

Source repositories

CVEs (3,179)

  • CVE-2021-43531MedDec 8, 2021
    risk 0.28cvss 4.3epss 0.00

    When a user loaded a Web Extensions context menu, the Web Extension could access the post-redirect URL of the element clicked. If the Web Extension lacked the WebRequest permission for the hosts involved in the redirect, this would be a same-origin-violation leaking data the Web…

  • CVE-2021-38509MedDec 8, 2021
    risk 0.28cvss 4.3epss 0.02

    Due to an unusual sequence of attacker-controlled events, a Javascript alert() dialog with arbitrary (although unstyled) contents could be displayed over top an uncontrolled webpage of the attacker's choosing. This vulnerability affects Firefox < 94, Thunderbird < 91.3, and…

  • CVE-2021-38508MedDec 8, 2021
    risk 0.28cvss 4.3epss 0.02

    By displaying a form validity message in the correct location at the same time as a permission prompt (such as for geolocation), the validity message could have obscured the prompt, resulting in the user potentially being tricked into granting the permission. This vulnerability…

  • CVE-2021-38506MedDec 8, 2021
    risk 0.28cvss 4.3epss 0.01

    Through a series of navigations, Firefox could have entered fullscreen mode without notification or warning to the user. This could lead to spoofing attacks on the browser UI including phishing. This vulnerability affects Firefox < 94, Thunderbird < 91.3, and Firefox ESR < 91.3.

  • CVE-2021-29974MedAug 5, 2021
    risk 0.28cvss 4.3epss 0.01

    When network partitioning was enabled, e.g. as a result of Enhanced Tracking Protection settings, a TLS error page would allow the user to override an error on a domain which had specified HTTP Strict Transport Security (which implies that the error should not be override-able.)…

  • CVE-2021-29963MedJun 24, 2021
    risk 0.28cvss 4.3epss 0.00

    Address bar search suggestions in private browsing mode were re-using session data from normal mode. *This bug only affects Firefox for Android. Other operating systems are unaffected.*. This vulnerability affects Firefox < 89.

  • CVE-2021-29962MedJun 24, 2021
    risk 0.28cvss 4.3epss 0.01

    Firefox for Android would become unstable and hard-to-recover when a website opened too many popups. *This bug only affects Firefox for Android. Other operating systems are unaffected.*. This vulnerability affects Firefox < 89.

  • CVE-2021-29961MedJun 24, 2021
    risk 0.28cvss 4.3epss 0.01

    When styling and rendering an oversized `` element, Firefox did not apply correct clipping which allowed an attacker to paint over the user interface. This vulnerability affects Firefox < 89.

  • CVE-2021-29960MedJun 24, 2021
    risk 0.28cvss 4.3epss 0.01

    Firefox used to cache the last filename used for printing a file. When generating a filename for printing, Firefox usually suggests the web page title. The caching and suggestion techniques combined may have lead to the title of a website visited during private browsing mode…

  • CVE-2021-29959MedJun 24, 2021
    risk 0.28cvss 4.3epss 0.01

    When a user has already allowed a website to access microphone and camera, disabling camera sharing would not fully prevent the website from re-enabling it without an additional prompt. This was only possible if the website kept recording with the microphone until re-enabling…

  • CVE-2021-24001MedJun 24, 2021
    risk 0.28cvss 4.3epss 0.01

    A compromised content process could have performed session history manipulations it should not have been able to due to testing infrastructure that was not restricted to testing-only configurations. This vulnerability affects Firefox < 88.

  • CVE-2021-23963MedFeb 26, 2021
    risk 0.28cvss 4.3epss 0.01

    When sharing geolocation during an active WebRTC share, Firefox could have reset the webRTC sharing state in the user interface, leading to loss of control over the currently granted permission. This vulnerability affects Firefox < 85.

  • CVE-2021-23953MedFeb 26, 2021
    risk 0.28cvss 4.3epss 0.01

    If a user clicked into a specifically crafted PDF, the PDF reader could be confused into leaking cross-origin information, when said information is served as chunked data. This vulnerability affects Firefox < 85, Thunderbird < 78.7, and Firefox ESR < 78.7.

  • CVE-2021-23969MedFeb 26, 2021
    risk 0.28cvss 4.3epss 0.01

    As specified in the W3C Content Security Policy draft, when creating a violation report, "User agents need to ensure that the source file is the URL requested by the page, pre-redirects. If that’s not possible, user agents need to strip the URL down to an origin to avoid…

  • CVE-2021-23968MedFeb 26, 2021
    risk 0.28cvss 4.3epss 0.01

    If Content Security Policy blocked frame navigation, the full destination of a redirect served in the frame was reported in the violation report; as opposed to the original frame URI. This could be used to leak sensitive information contained in such URIs. This vulnerability…

  • CVE-2020-35111MedJan 7, 2021
    risk 0.28cvss 4.3epss 0.01

    When an extension with the proxy permission registered to receive <all_urls>, the proxy.onRequest callback was not triggered for view-source URLs. While web content cannot navigate to such URLs, a user opening View Source could have inadvertently leaked their IP address. This…

  • CVE-2020-26963MedDec 9, 2020
    risk 0.28cvss 4.3epss 0.01

    Repeated calls to the history and location interfaces could have been used to hang the browser. This was addressed by introducing rate-limiting to these API calls. This vulnerability affects Firefox < 83.

  • CVE-2020-26954MedDec 9, 2020
    risk 0.28cvss 4.3epss 0.01

    When accepting a malicious intent from other installed apps, Firefox for Android accepted manifests from arbitrary file paths and allowed declaring webapp manifests for other origins. This could be used to gain fullscreen access for UI spoofing and could also lead to…

  • CVE-2020-26953MedDec 9, 2020
    risk 0.28cvss 4.3epss 0.01

    It was possible to cause the browser to enter fullscreen mode without displaying the security UI; thus making it possible to attempt a phishing attack or otherwise confuse the user. This vulnerability affects Firefox < 83, Firefox ESR < 78.5, and Thunderbird < 78.5.

  • CVE-2020-15668MedOct 1, 2020
    risk 0.28cvss 4.3epss 0.01

    A lock was missing when accessing a data structure and importing certificate information into the trust database. This vulnerability affects Firefox < 80 and Firefox for Android < 80.

Page 92 of 159