Firefox for Android
Source repositories
CVEs (95)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2022-26486 | Cri | 0.75 | 9.6 | 0.02 | KEV | Dec 22, 2022 | An unexpected message in the WebGPU IPC framework could lead to a use-after-free and exploitable sandbox escape. We have had reports of attacks in the wild abusing this flaw. This vulnerability affects Firefox < 97.0.2, Firefox ESR < 91.6.1, Firefox for Android < 97.3.0,… | |
| CVE-2022-26485 | Hig | 0.70 | 8.8 | 0.14 | KEV | Dec 22, 2022 | Removing an XSLT parameter during processing could have lead to an exploitable use-after-free. We have had reports of attacks in the wild abusing this flaw. This vulnerability affects Firefox < 97.0.2, Firefox ESR < 91.6.1, Firefox for Android < 97.3.0, Thunderbird < 91.6.2, and… | |
| CVE-2026-2800 | Cri | 0.64 | 9.8 | 0.00 | Feb 24, 2026 | Spoofing issue in the WebAuthn component in Firefox for Android. This vulnerability was fixed in Firefox 148 and Thunderbird 148. | ||
| CVE-2025-8042 | Cri | 0.64 | 9.8 | 0.00 | Aug 19, 2025 | Firefox for Android allowed a sandboxed iframe without the `allow-downloads` attribute to start downloads. This vulnerability was fixed in Firefox 141. | ||
| CVE-2021-29971 | Cri | 0.64 | 9.8 | 0.01 | Aug 5, 2021 | If a user had granted a permission to a webpage and saved that grant, any webpage running on the same host - irrespective of scheme or port - would be granted that permission. *This bug only affects Firefox for Android. Other operating systems are unaffected.*. This… | ||
| CVE-2022-1802 | Hig | 0.59 | 8.8 | 0.27 | Dec 22, 2022 | If an attacker was able to corrupt the methods of an Array object in JavaScript via prototype pollution, they could have achieved execution of attacker-controlled JavaScript code in a privileged context. This vulnerability affects Firefox ESR < 91.9.1, Firefox < 100.0.2, Firefox… | ||
| CVE-2022-1529 | Hig | 0.59 | 8.8 | 0.17 | Dec 22, 2022 | An attacker could have sent a message to the parent process where the contents were used to double-index into a JavaScript object, leading to prototype pollution and ultimately attacker-controlled JavaScript executing in the privileged parent process. This vulnerability affects… | ||
| CVE-2023-29551 | Hig | 0.57 | 8.8 | 0.01 | Jun 2, 2023 | Memory safety bugs present in Firefox 111. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox for Android < 112, Firefox < 112, and Focus… | ||
| CVE-2023-29550 | Hig | 0.57 | 8.8 | 0.01 | Jun 2, 2023 | Memory safety bugs present in Firefox 111 and Firefox ESR 102.9. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 112, Focus for… | ||
| CVE-2023-29543 | Hig | 0.57 | 8.8 | 0.01 | Jun 2, 2023 | An attacker could have caused memory corruption and a potentially exploitable use-after-free of a pointer in a global object's debugger vector. This vulnerability affects Firefox for Android < 112, Firefox < 112, and Focus for Android < 112. | ||
| CVE-2023-29541 | Hig | 0.57 | 8.8 | 0.01 | Jun 2, 2023 | Firefox did not properly handle downloads of files ending in .desktop, which can be interpreted to run attacker-controlled commands. *This bug only affects Firefox for Linux on certain Distributions. Other operating systems are unaffected, and Mozilla is unable… | ||
| CVE-2023-29539 | Hig | 0.57 | 8.8 | 0.01 | Jun 2, 2023 | When handling the filename directive in the Content-Disposition header, the filename would be truncated if the filename contained a NULL character. This could have led to reflected file download attacks potentially tricking users to install malware. This vulnerability affects… | ||
| CVE-2023-29536 | Hig | 0.57 | 8.8 | 0.01 | Jun 2, 2023 | An attacker could cause the memory manager to incorrectly free a pointer that addresses attacker-controlled memory, resulting in an assertion, memory corruption, or a potentially exploitable crash. This vulnerability affects Firefox < 112, Focus for Android < 112, Firefox ESR <… | ||
| CVE-2022-22758 | Hig | 0.57 | 8.8 | 0.00 | Dec 22, 2022 | When clicking on a tel: link, USSD codes, specified after a \* character, would be included in the phone number. On certain phones, or on certain carriers, if the number was dialed this could perform actions on a user's account, similar to a cross-site request… | ||
| CVE-2021-29973 | Hig | 0.57 | 8.8 | 0.01 | Aug 5, 2021 | Password autofill was enabled without user interaction on insecure websites on Firefox for Android. This was corrected to require user interaction with the page before a user's password would be entered by the browser's autofill functionality *This bug only affects Firefox for… | ||
| CVE-2020-15670 | Hig | 0.57 | 8.8 | 0.01 | Oct 1, 2020 | Mozilla developers reported memory safety bugs present in Firefox for Android 79. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox <… | ||
| CVE-2018-12391 | Hig | 0.57 | 8.8 | 0.02 | Feb 28, 2019 | During HTTP Live Stream playback on Firefox for Android, audio data can be accessed across origins in violation of security policies. Because the problem is in the underlying Android service, this issue is addressed by treating all HLS streams as cross-origin and opaque to… | ||
| CVE-2024-4765 | Hig | 0.53 | 8.1 | 0.00 | May 14, 2024 | Web application manifests were stored by using an insecure MD5 hash which allowed for a hash collision to overwrite another application's manifest. This could have been exploited to run arbitrary code in another application's context. *This issue only affects Firefox for… | ||
| CVE-2022-34469 | Hig | 0.53 | 8.1 | 0.00 | Dec 22, 2022 | When a TLS Certificate error occurs on a domain protected by the HSTS header, the browser should not allow the user to bypass the certificate error. On Firefox for Android, the user was presented with the option to bypass the error; this could only have been done by the user… | ||
| CVE-2021-29993 | Hig | 0.53 | 8.1 | 0.01 | Nov 3, 2021 | Firefox for Android allowed navigations through the `intent://` protocol, which could be used to cause crashes and UI spoofs. *This bug only affects Firefox for Android. Other operating systems are unaffected.*. This vulnerability affects Firefox < 92. |
- risk 0.75cvss 9.6epss 0.02
An unexpected message in the WebGPU IPC framework could lead to a use-after-free and exploitable sandbox escape. We have had reports of attacks in the wild abusing this flaw. This vulnerability affects Firefox < 97.0.2, Firefox ESR < 91.6.1, Firefox for Android < 97.3.0,…
- risk 0.70cvss 8.8epss 0.14
Removing an XSLT parameter during processing could have lead to an exploitable use-after-free. We have had reports of attacks in the wild abusing this flaw. This vulnerability affects Firefox < 97.0.2, Firefox ESR < 91.6.1, Firefox for Android < 97.3.0, Thunderbird < 91.6.2, and…
- risk 0.64cvss 9.8epss 0.00
Spoofing issue in the WebAuthn component in Firefox for Android. This vulnerability was fixed in Firefox 148 and Thunderbird 148.
- risk 0.64cvss 9.8epss 0.00
Firefox for Android allowed a sandboxed iframe without the `allow-downloads` attribute to start downloads. This vulnerability was fixed in Firefox 141.
- risk 0.64cvss 9.8epss 0.01
If a user had granted a permission to a webpage and saved that grant, any webpage running on the same host - irrespective of scheme or port - would be granted that permission. *This bug only affects Firefox for Android. Other operating systems are unaffected.*. This…
- risk 0.59cvss 8.8epss 0.27
If an attacker was able to corrupt the methods of an Array object in JavaScript via prototype pollution, they could have achieved execution of attacker-controlled JavaScript code in a privileged context. This vulnerability affects Firefox ESR < 91.9.1, Firefox < 100.0.2, Firefox…
- risk 0.59cvss 8.8epss 0.17
An attacker could have sent a message to the parent process where the contents were used to double-index into a JavaScript object, leading to prototype pollution and ultimately attacker-controlled JavaScript executing in the privileged parent process. This vulnerability affects…
- risk 0.57cvss 8.8epss 0.01
Memory safety bugs present in Firefox 111. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox for Android < 112, Firefox < 112, and Focus…
- risk 0.57cvss 8.8epss 0.01
Memory safety bugs present in Firefox 111 and Firefox ESR 102.9. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 112, Focus for…
- risk 0.57cvss 8.8epss 0.01
An attacker could have caused memory corruption and a potentially exploitable use-after-free of a pointer in a global object's debugger vector. This vulnerability affects Firefox for Android < 112, Firefox < 112, and Focus for Android < 112.
- risk 0.57cvss 8.8epss 0.01
Firefox did not properly handle downloads of files ending in .desktop, which can be interpreted to run attacker-controlled commands. *This bug only affects Firefox for Linux on certain Distributions. Other operating systems are unaffected, and Mozilla is unable…
- risk 0.57cvss 8.8epss 0.01
When handling the filename directive in the Content-Disposition header, the filename would be truncated if the filename contained a NULL character. This could have led to reflected file download attacks potentially tricking users to install malware. This vulnerability affects…
- risk 0.57cvss 8.8epss 0.01
An attacker could cause the memory manager to incorrectly free a pointer that addresses attacker-controlled memory, resulting in an assertion, memory corruption, or a potentially exploitable crash. This vulnerability affects Firefox < 112, Focus for Android < 112, Firefox ESR <…
- risk 0.57cvss 8.8epss 0.00
When clicking on a tel: link, USSD codes, specified after a \* character, would be included in the phone number. On certain phones, or on certain carriers, if the number was dialed this could perform actions on a user's account, similar to a cross-site request…
- risk 0.57cvss 8.8epss 0.01
Password autofill was enabled without user interaction on insecure websites on Firefox for Android. This was corrected to require user interaction with the page before a user's password would be entered by the browser's autofill functionality *This bug only affects Firefox for…
- risk 0.57cvss 8.8epss 0.01
Mozilla developers reported memory safety bugs present in Firefox for Android 79. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox <…
- risk 0.57cvss 8.8epss 0.02
During HTTP Live Stream playback on Firefox for Android, audio data can be accessed across origins in violation of security policies. Because the problem is in the underlying Android service, this issue is addressed by treating all HLS streams as cross-origin and opaque to…
- risk 0.53cvss 8.1epss 0.00
Web application manifests were stored by using an insecure MD5 hash which allowed for a hash collision to overwrite another application's manifest. This could have been exploited to run arbitrary code in another application's context. *This issue only affects Firefox for…
- risk 0.53cvss 8.1epss 0.00
When a TLS Certificate error occurs on a domain protected by the HSTS header, the browser should not allow the user to bypass the certificate error. On Firefox for Android, the user was presented with the option to bypass the error; this could only have been done by the user…
- risk 0.53cvss 8.1epss 0.01
Firefox for Android allowed navigations through the `intent://` protocol, which could be used to cause crashes and UI spoofs. *This bug only affects Firefox for Android. Other operating systems are unaffected.*. This vulnerability affects Firefox < 92.
Page 1 of 5