VYPR

Firefox

by Mozilla Corporation

Source repositories

CVEs (3,179)

  • CVE-2020-15665MedOct 1, 2020
    risk 0.28cvss 4.3epss 0.01

    Firefox did not reset the address bar after the beforeunload dialog was shown if the user chose to remain on the page. This could have resulted in an incorrect URL being shown when used in conjunction with other unexpected browser behaviors. This vulnerability affects Firefox <…

  • CVE-2020-12412MedJul 9, 2020
    risk 0.28cvss 4.3epss 0.01

    By navigating a tab using the history API, an attacker could cause the address bar to display the incorrect domain (with the https:// scheme, a blocked port number such as '1', and without a lock icon) while controlling the page contents. This vulnerability affects Firefox < 70.

  • CVE-2020-6810MedMar 25, 2020
    risk 0.28cvss 4.3epss 0.01

    After a website had entered fullscreen mode, it could have used a previously opened popup to obscure the notification that indicates the browser is in fullscreen mode. Combined with spoofing the browser chrome, this could have led to confusing the user about the current origin…

  • CVE-2020-6797MedMar 2, 2020
    risk 0.28cvss 4.3epss 0.01

    By downloading a file with the .fileloc extension, a semi-privileged extension could launch an arbitrary application on the user's computer. The attacker is restricted as they are unable to download non-quarantined files or supply command line arguments to the application,…

  • CVE-2013-5594MedFeb 18, 2020
    risk 0.28cvss 4.3epss 0.01

    Mozilla Firefox before 25 allows modification of anonymous content of pluginProblem.xml binding

  • CVE-2019-17002MedJan 8, 2020
    risk 0.28cvss 4.3epss 0.01

    If upgrade-insecure-requests was specified in the Content Security Policy, and a link was dragged and dropped from that page, the link was not upgraded to https. This vulnerability affects Firefox < 70.

  • CVE-2019-11754MedSep 27, 2019
    risk 0.28cvss 4.3epss 0.01

    When the pointer lock is enabled by a website though requestPointerLock(), no user notification is given. This could allow a malicious website to hijack the mouse pointer and confuse users. This vulnerability affects Firefox < 69.0.1.

  • CVE-2019-11749MedSep 27, 2019
    risk 0.28cvss 4.3epss 0.01

    A vulnerability exists in WebRTC where malicious web content can use probing techniques on the getUserMedia API using constraints to reveal device properties of cameras on the system without triggering a user prompt or notification. This allows for the potential fingerprinting…

  • CVE-2019-11695MedJul 23, 2019
    risk 0.28cvss 4.3epss 0.01

    A custom cursor defined by scripting on a site can position itself over the addressbar to spoof the actual cursor when it should not be allowed outside of the primary web content area. This could be used by a malicious site to trick users into clicking on permission prompts,…

  • CVE-2019-9807MedApr 26, 2019
    risk 0.28cvss 4.3epss 0.01

    When arbitrary text is sent over an FTP connection and a page reload is initiated, it is possible to create a modal alert message with this text as the content. This could potentially be used for social engineering attacks. This vulnerability affects Firefox < 66.

  • CVE-2018-18511MedApr 26, 2019
    risk 0.28cvss 4.3epss 0.02

    Cross-origin images can be read from a canvas element in violation of the same-origin policy using the transferFromImageBitmap method. *Note: This only affects Firefox 65. Previous versions are unaffected.*. This vulnerability affects Firefox < 65.0.1.

  • CVE-2018-12399MedFeb 28, 2019
    risk 0.28cvss 4.3epss 0.01

    When a new protocol handler is registered, the API accepts a title argument which can be used to mislead users about which domain is registering the new protocol. This may result in the user approving a protocol handler that they otherwise would not have. This vulnerability…

  • CVE-2018-12367MedOct 18, 2018
    risk 0.28cvss 4.3epss 0.02

    In the previous mitigations for Spectre, the resolution or precision of various methods was reduced to counteract the ability to measure precise time intervals. In that work PerformanceNavigationTiming was not adjusted but it was found that it could be used as a precision timer.…

  • CVE-2018-12358MedOct 18, 2018
    risk 0.28cvss 4.3epss 0.01

    Service workers can use redirection to avoid the tainting of cross-origin resources in some instances, allowing a malicious site to read responses which are supposed to be opaque. This vulnerability affects Firefox < 61.

  • CVE-2018-5172MedJun 11, 2018
    risk 0.28cvss 4.3epss 0.02

    The Live Bookmarks page and the PDF viewer can run injected script content if a user pastes script from the clipboard into them while viewing RSS feeds or PDF files. This could allow a malicious site to socially engineer a user to copy and paste malicious script content that…

  • CVE-2018-5167MedJun 11, 2018
    risk 0.28cvss 4.3epss 0.01

    The web console and JavaScript debugger do not sanitize all output that can be hyperlinked. Both will display "chrome:" links as active, clickable hyperlinks in their output. Web sites should not be able to directly link to internal chrome pages. Additionally, the JavaScript…

  • CVE-2018-5108MedJun 11, 2018
    risk 0.28cvss 4.3epss 0.01

    A Blob URL can violate origin attribute segregation, allowing it to be accessed from a private browsing tab and for data to be passed between the private browsing tab and a normal tab. This could allow for the leaking of private information specific to the private browsing…

  • CVE-2017-5453MedJun 11, 2018
    risk 0.28cvss 4.3epss 0.01

    A mechanism to inject static HTML into the RSS reader preview page due to a failure to escape characters sent as URL parameters for a feed's "TITLE" element. This vulnerability allows for spoofing but no scripted content can be run. This vulnerability affects Firefox < 53.

  • CVE-2017-5452MedJun 11, 2018
    risk 0.28cvss 4.3epss 0.01

    Malicious sites can display a spoofed addressbar on a page when the existing location bar on the new page is scrolled out of view if an HTML editable page element is user selected. Note: This attack only affects Firefox for Android. Other operating systems are not affected. This…

  • CVE-2017-5451MedJun 11, 2018
    risk 0.28cvss 4.3epss 0.02

    A mechanism to spoof the addressbar through the user interaction on the addressbar and the "onblur" event. The event could be used by script to affect text display to make the loaded site appear to be different from the one actually loaded within the addressbar. This…

Page 93 of 159