VYPR

Firefox for Android

by Mozilla Corporation

Source repositories

CVEs (89)

  • CVE-2022-36317MedDec 22, 2022
    risk 0.42cvss 6.5epss 0.00

    When visiting a website with an overly long URL, the user interface would start to hang. Due to session restore, this could lead to a permanent Denial of Service.*This bug only affects Firefox for Android. Other operating systems are unaffected.*. This vulnerability affects…

  • CVE-2021-29983MedAug 17, 2021
    risk 0.42cvss 6.5epss 0.01

    Firefox for Android could get stuck in fullscreen mode and not exit it even after normal interactions that should cause it to exit. *Note: This issue only affected Firefox for Android. Other operating systems are unaffected.*. This vulnerability affects Firefox < 91.

  • CVE-2020-26977MedJan 7, 2021
    risk 0.42cvss 6.5epss 0.01

    By attempting to connect a website using an unresponsive port, an attacker could have controlled the content of a tab while the URL bar displayed the original domain. *Note: This issue only affects Firefox for Android. Other operating systems are unaffected.*. This vulnerability…

  • CVE-2020-26975MedJan 7, 2021
    risk 0.42cvss 6.5epss 0.01

    When a malicious application installed on the user's device broadcast an Intent to Firefox for Android, arbitrary headers could have been specified, leading to attacks such as abusing ambient authority or session fixation. This was resolved by only allowing certain safe-listed…

  • CVE-2020-26957MedDec 9, 2020
    risk 0.42cvss 6.5epss 0.01

    OneCRL was non-functional in the new Firefox for Android due to a missing service initialization. This could result in a failure to enforce some certificate revocations. *Note: This issue only affected Firefox for Android. Other operating systems are unaffected.*. This…

  • CVE-2020-26955MedDec 9, 2020
    risk 0.42cvss 6.5epss 0.01

    When a user downloaded a file in Firefox for Android, if a cookie is set, it would have been re-sent during a subsequent file download operation on the same domain, regardless of whether the original and subsequent request were in private and non-private browsing modes. *Note:…

  • CVE-2020-15666MedOct 1, 2020
    risk 0.42cvss 6.5epss 0.01

    When trying to load a non-video in an audio/video context the exact status code (200, 302, 404, 500, 412, 403, etc.) was disclosed via the MediaError Message. This level of information leakage is inconsistent with the standardized onerror/onsuccess disclosure and can lead to…

  • CVE-2020-15664MedOct 1, 2020
    risk 0.42cvss 6.5epss 0.01

    By holding a reference to the eval() function from an about:blank window, a malicious webpage could have gained access to the InstallTrigger object which would allow them to prompt the user to install an extension. Combined with user confusion, this could result in an unintended…

  • CVE-2023-29540MedJun 2, 2023
    risk 0.40cvss 6.1epss 0.00

    Using a redirect embedded into sourceMappingUrls could allow for navigation to external protocol links in sandboxed iframes without allow-top-navigation-to-custom-protocols. This vulnerability affects Firefox for Android < 112, Firefox < 112, and Focus…

  • CVE-2022-45413MedDec 22, 2022
    risk 0.40cvss 6.1epss 0.00

    Using the S.browser_fallback_url parameter parameter, an attacker could redirect a user to a URL and cause SameSite=Strict cookies to be sent.*This issue only affects Firefox for Android. Other operating systems are not affected.*. This vulnerability affects…

  • CVE-2022-29910MedDec 22, 2022
    risk 0.40cvss 6.1epss 0.00

    When closed or sent to the background, Firefox for Android would not properly record and persist HSTS settings.*Note: This issue only affected Firefox for Android. Other operating systems are unaffected.*. This vulnerability affects Firefox < 100.

  • CVE-2021-43530MedDec 8, 2021
    risk 0.40cvss 6.1epss 0.01

    A Universal XSS vulnerability was present in Firefox for Android resulting from improper sanitization when processing a URL scanned from a QR code. *This bug only affects Firefox for Android. Other operating systems are unaffected.*. This vulnerability affects Firefox < 94.

  • CVE-2021-29953MedJun 24, 2021
    risk 0.40cvss 6.1epss 0.01

    A malicious webpage could have forced a Firefox for Android user into executing attacker-controlled JavaScript in the context of another domain, resulting in a Universal Cross-Site Scripting vulnerability. *Note: This issue only affected Firefox for Android. Other operating…

  • CVE-2021-29944MedJun 24, 2021
    risk 0.40cvss 6.1epss 0.01

    Lack of escaping allowed HTML injection when a webpage was viewed in Reader View. While a Content Security Policy prevents direct code execution, HTML injection is still possible. *Note: This issue only affected Firefox for Android. Other operating systems are unaffected.*. This…

  • CVE-2021-23959MedFeb 26, 2021
    risk 0.40cvss 6.1epss 0.01

    An XSS bug in internal error pages could have led to various spoofing attacks, including other error pages and the address bar. Note: This issue only affected Firefox for Android. Other operating systems are unaffected. This vulnerability affects Firefox < 85.

  • CVE-2020-15650MedAug 10, 2020
    risk 0.36cvss 5.5epss 0.01

    Given an installed malicious file picker application, an attacker was able to overwrite local files and thus overwrite Firefox settings (but not access the previous profile). *Note: This issue only affected Firefox for Android. Other operating systems are unaffected.*. This…

  • CVE-2020-15649MedAug 10, 2020
    risk 0.36cvss 5.5epss 0.01

    Given an installed malicious file picker application, an attacker was able to steal and upload local files of their choosing, regardless of the actually files picked. *Note: This issue only affected Firefox for Android. Other operating systems are unaffected.*. This…

  • CVE-2023-29546MedJun 19, 2023
    risk 0.35cvss 6.5epss 0.00

    When recording the screen while in Private Browsing on Firefox for Android the address bar and keyboard were not hidden, potentially leaking sensitive information. *This bug only affects Firefox for Android. Other operating systems are unaffected.* This vulnerability affects…

  • CVE-2021-29965MedJun 24, 2021
    risk 0.35cvss 5.3epss 0.01

    A malicious website that causes an HTTP Authentication dialog to be spawned could trick the built-in password manager to suggest passwords for the currently active website instead of the website that triggered the dialog. *This bug only affects Firefox for Android. Other…

  • CVE-2021-23977MedFeb 26, 2021
    risk 0.35cvss 5.3epss 0.01

    Firefox for Android suffered from a time-of-check-time-of-use vulnerability that allowed a malicious application to read sensitive data from application directories. Note: This issue is only affected Firefox for Android. Other operating systems are unaffected. This vulnerability…