Firefox
Source repositories
CVEs (3,179)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2020-15665 | Med | 0.28 | 4.3 | 0.01 | Oct 1, 2020 | Firefox did not reset the address bar after the beforeunload dialog was shown if the user chose to remain on the page. This could have resulted in an incorrect URL being shown when used in conjunction with other unexpected browser behaviors. This vulnerability affects Firefox <… | ||
| CVE-2020-12412 | Med | 0.28 | 4.3 | 0.01 | Jul 9, 2020 | By navigating a tab using the history API, an attacker could cause the address bar to display the incorrect domain (with the https:// scheme, a blocked port number such as '1', and without a lock icon) while controlling the page contents. This vulnerability affects Firefox < 70. | ||
| CVE-2020-6810 | Med | 0.28 | 4.3 | 0.01 | Mar 25, 2020 | After a website had entered fullscreen mode, it could have used a previously opened popup to obscure the notification that indicates the browser is in fullscreen mode. Combined with spoofing the browser chrome, this could have led to confusing the user about the current origin… | ||
| CVE-2020-6797 | Med | 0.28 | 4.3 | 0.01 | Mar 2, 2020 | By downloading a file with the .fileloc extension, a semi-privileged extension could launch an arbitrary application on the user's computer. The attacker is restricted as they are unable to download non-quarantined files or supply command line arguments to the application,… | ||
| CVE-2013-5594 | Med | 0.28 | 4.3 | 0.01 | Feb 18, 2020 | Mozilla Firefox before 25 allows modification of anonymous content of pluginProblem.xml binding | ||
| CVE-2019-17002 | Med | 0.28 | 4.3 | 0.01 | Jan 8, 2020 | If upgrade-insecure-requests was specified in the Content Security Policy, and a link was dragged and dropped from that page, the link was not upgraded to https. This vulnerability affects Firefox < 70. | ||
| CVE-2019-11754 | Med | 0.28 | 4.3 | 0.01 | Sep 27, 2019 | When the pointer lock is enabled by a website though requestPointerLock(), no user notification is given. This could allow a malicious website to hijack the mouse pointer and confuse users. This vulnerability affects Firefox < 69.0.1. | ||
| CVE-2019-11749 | Med | 0.28 | 4.3 | 0.01 | Sep 27, 2019 | A vulnerability exists in WebRTC where malicious web content can use probing techniques on the getUserMedia API using constraints to reveal device properties of cameras on the system without triggering a user prompt or notification. This allows for the potential fingerprinting… | ||
| CVE-2019-11695 | Med | 0.28 | 4.3 | 0.01 | Jul 23, 2019 | A custom cursor defined by scripting on a site can position itself over the addressbar to spoof the actual cursor when it should not be allowed outside of the primary web content area. This could be used by a malicious site to trick users into clicking on permission prompts,… | ||
| CVE-2019-9807 | Med | 0.28 | 4.3 | 0.01 | Apr 26, 2019 | When arbitrary text is sent over an FTP connection and a page reload is initiated, it is possible to create a modal alert message with this text as the content. This could potentially be used for social engineering attacks. This vulnerability affects Firefox < 66. | ||
| CVE-2018-18511 | Med | 0.28 | 4.3 | 0.02 | Apr 26, 2019 | Cross-origin images can be read from a canvas element in violation of the same-origin policy using the transferFromImageBitmap method. *Note: This only affects Firefox 65. Previous versions are unaffected.*. This vulnerability affects Firefox < 65.0.1. | ||
| CVE-2018-12399 | Med | 0.28 | 4.3 | 0.01 | Feb 28, 2019 | When a new protocol handler is registered, the API accepts a title argument which can be used to mislead users about which domain is registering the new protocol. This may result in the user approving a protocol handler that they otherwise would not have. This vulnerability… | ||
| CVE-2018-12367 | Med | 0.28 | 4.3 | 0.02 | Oct 18, 2018 | In the previous mitigations for Spectre, the resolution or precision of various methods was reduced to counteract the ability to measure precise time intervals. In that work PerformanceNavigationTiming was not adjusted but it was found that it could be used as a precision timer.… | ||
| CVE-2018-12358 | Med | 0.28 | 4.3 | 0.01 | Oct 18, 2018 | Service workers can use redirection to avoid the tainting of cross-origin resources in some instances, allowing a malicious site to read responses which are supposed to be opaque. This vulnerability affects Firefox < 61. | ||
| CVE-2018-5172 | Med | 0.28 | 4.3 | 0.02 | Jun 11, 2018 | The Live Bookmarks page and the PDF viewer can run injected script content if a user pastes script from the clipboard into them while viewing RSS feeds or PDF files. This could allow a malicious site to socially engineer a user to copy and paste malicious script content that… | ||
| CVE-2018-5167 | Med | 0.28 | 4.3 | 0.01 | Jun 11, 2018 | The web console and JavaScript debugger do not sanitize all output that can be hyperlinked. Both will display "chrome:" links as active, clickable hyperlinks in their output. Web sites should not be able to directly link to internal chrome pages. Additionally, the JavaScript… | ||
| CVE-2018-5108 | Med | 0.28 | 4.3 | 0.01 | Jun 11, 2018 | A Blob URL can violate origin attribute segregation, allowing it to be accessed from a private browsing tab and for data to be passed between the private browsing tab and a normal tab. This could allow for the leaking of private information specific to the private browsing… | ||
| CVE-2017-5453 | Med | 0.28 | 4.3 | 0.01 | Jun 11, 2018 | A mechanism to inject static HTML into the RSS reader preview page due to a failure to escape characters sent as URL parameters for a feed's "TITLE" element. This vulnerability allows for spoofing but no scripted content can be run. This vulnerability affects Firefox < 53. | ||
| CVE-2017-5452 | Med | 0.28 | 4.3 | 0.01 | Jun 11, 2018 | Malicious sites can display a spoofed addressbar on a page when the existing location bar on the new page is scrolled out of view if an HTML editable page element is user selected. Note: This attack only affects Firefox for Android. Other operating systems are not affected. This… | ||
| CVE-2017-5451 | Med | 0.28 | 4.3 | 0.02 | Jun 11, 2018 | A mechanism to spoof the addressbar through the user interaction on the addressbar and the "onblur" event. The event could be used by script to affect text display to make the loaded site appear to be different from the one actually loaded within the addressbar. This… |
- risk 0.28cvss 4.3epss 0.01
Firefox did not reset the address bar after the beforeunload dialog was shown if the user chose to remain on the page. This could have resulted in an incorrect URL being shown when used in conjunction with other unexpected browser behaviors. This vulnerability affects Firefox <…
- risk 0.28cvss 4.3epss 0.01
By navigating a tab using the history API, an attacker could cause the address bar to display the incorrect domain (with the https:// scheme, a blocked port number such as '1', and without a lock icon) while controlling the page contents. This vulnerability affects Firefox < 70.
- risk 0.28cvss 4.3epss 0.01
After a website had entered fullscreen mode, it could have used a previously opened popup to obscure the notification that indicates the browser is in fullscreen mode. Combined with spoofing the browser chrome, this could have led to confusing the user about the current origin…
- risk 0.28cvss 4.3epss 0.01
By downloading a file with the .fileloc extension, a semi-privileged extension could launch an arbitrary application on the user's computer. The attacker is restricted as they are unable to download non-quarantined files or supply command line arguments to the application,…
- risk 0.28cvss 4.3epss 0.01
Mozilla Firefox before 25 allows modification of anonymous content of pluginProblem.xml binding
- risk 0.28cvss 4.3epss 0.01
If upgrade-insecure-requests was specified in the Content Security Policy, and a link was dragged and dropped from that page, the link was not upgraded to https. This vulnerability affects Firefox < 70.
- risk 0.28cvss 4.3epss 0.01
When the pointer lock is enabled by a website though requestPointerLock(), no user notification is given. This could allow a malicious website to hijack the mouse pointer and confuse users. This vulnerability affects Firefox < 69.0.1.
- risk 0.28cvss 4.3epss 0.01
A vulnerability exists in WebRTC where malicious web content can use probing techniques on the getUserMedia API using constraints to reveal device properties of cameras on the system without triggering a user prompt or notification. This allows for the potential fingerprinting…
- risk 0.28cvss 4.3epss 0.01
A custom cursor defined by scripting on a site can position itself over the addressbar to spoof the actual cursor when it should not be allowed outside of the primary web content area. This could be used by a malicious site to trick users into clicking on permission prompts,…
- risk 0.28cvss 4.3epss 0.01
When arbitrary text is sent over an FTP connection and a page reload is initiated, it is possible to create a modal alert message with this text as the content. This could potentially be used for social engineering attacks. This vulnerability affects Firefox < 66.
- risk 0.28cvss 4.3epss 0.02
Cross-origin images can be read from a canvas element in violation of the same-origin policy using the transferFromImageBitmap method. *Note: This only affects Firefox 65. Previous versions are unaffected.*. This vulnerability affects Firefox < 65.0.1.
- risk 0.28cvss 4.3epss 0.01
When a new protocol handler is registered, the API accepts a title argument which can be used to mislead users about which domain is registering the new protocol. This may result in the user approving a protocol handler that they otherwise would not have. This vulnerability…
- risk 0.28cvss 4.3epss 0.02
In the previous mitigations for Spectre, the resolution or precision of various methods was reduced to counteract the ability to measure precise time intervals. In that work PerformanceNavigationTiming was not adjusted but it was found that it could be used as a precision timer.…
- risk 0.28cvss 4.3epss 0.01
Service workers can use redirection to avoid the tainting of cross-origin resources in some instances, allowing a malicious site to read responses which are supposed to be opaque. This vulnerability affects Firefox < 61.
- risk 0.28cvss 4.3epss 0.02
The Live Bookmarks page and the PDF viewer can run injected script content if a user pastes script from the clipboard into them while viewing RSS feeds or PDF files. This could allow a malicious site to socially engineer a user to copy and paste malicious script content that…
- risk 0.28cvss 4.3epss 0.01
The web console and JavaScript debugger do not sanitize all output that can be hyperlinked. Both will display "chrome:" links as active, clickable hyperlinks in their output. Web sites should not be able to directly link to internal chrome pages. Additionally, the JavaScript…
- risk 0.28cvss 4.3epss 0.01
A Blob URL can violate origin attribute segregation, allowing it to be accessed from a private browsing tab and for data to be passed between the private browsing tab and a normal tab. This could allow for the leaking of private information specific to the private browsing…
- risk 0.28cvss 4.3epss 0.01
A mechanism to inject static HTML into the RSS reader preview page due to a failure to escape characters sent as URL parameters for a feed's "TITLE" element. This vulnerability allows for spoofing but no scripted content can be run. This vulnerability affects Firefox < 53.
- risk 0.28cvss 4.3epss 0.01
Malicious sites can display a spoofed addressbar on a page when the existing location bar on the new page is scrolled out of view if an HTML editable page element is user selected. Note: This attack only affects Firefox for Android. Other operating systems are not affected. This…
- risk 0.28cvss 4.3epss 0.02
A mechanism to spoof the addressbar through the user interaction on the addressbar and the "onblur" event. The event could be used by script to affect text display to make the loaded site appear to be different from the one actually loaded within the addressbar. This…
Page 93 of 159