VYPR

Firefox for Android

by Mozilla Corporation

Source repositories

CVEs (89)

  • CVE-2020-6829MedOct 28, 2020
    risk 0.35cvss 5.3epss 0.01

    When performing EC scalar point multiplication, the wNAF point multiplication algorithm was used; which leaked partial information about the nonce used during signature generation. Given an electro-magnetic trace of a few signature generations, the private key could have been…

  • CVE-2018-12400MedFeb 28, 2019
    risk 0.35cvss 5.3epss 0.02

    In private browsing mode on Firefox for Android, favicons are cached in the cache/icons folder as they are in non-private mode. This allows information leakage of sites visited during private browsing sessions. *Note: this issue only affects Firefox for Android. Desktop versions…

  • CVE-2018-12382MedOct 18, 2018
    risk 0.35cvss 5.3epss 0.02

    The displayed addressbar URL can be spoofed on Firefox for Android using a javascript: URI in concert with JavaScript to insert text before the loaded domain name, scrolling the loaded domain out of view to the right. This can lead to user confusion. *This vulnerability only…

  • CVE-2017-5463MedJun 11, 2018
    risk 0.35cvss 5.3epss 0.01

    Android intents can be used to launch Firefox for Android in reader mode with a user specified URL. This allows an attacker to spoof the contents of the addressbar as displayed to users. Note: This attack only affects Firefox for Android. Other operating systems are not…

  • CVE-2025-8041MedAug 19, 2025
    risk 0.34cvss 5.3epss 0.00

    In the address bar, Firefox for Android truncated the display of URLs from the end instead of prioritizing the origin. This vulnerability was fixed in Firefox 141.

  • CVE-2020-12401MedOct 8, 2020
    risk 0.31cvss 4.7epss 0.00

    During ECDSA signature generation, padding applied in the nonce designed to ensure constant-time scalar multiplication was removed, resulting in variable-time execution dependent on secret data. This vulnerability affects Firefox < 80 and Firefox for Android < 80.

  • CVE-2020-12400MedOct 8, 2020
    risk 0.31cvss 4.7epss 0.00

    When converting coordinates from projective to affine, the modular inversion was not performed in constant time, resulting in a possible timing-based side channel attack. This vulnerability affects Firefox < 80 and Firefox for Android < 80.

  • CVE-2020-6827MedApr 24, 2020
    risk 0.31cvss 4.7epss 0.01

    When following a link that opened an intent://-schemed URL, causing a custom tab to be opened, Firefox for Android could be tricked into displaying the incorrect URI. *Note: This issue only affects Firefox for Android. Other operating systems are unaffected.*. This…

  • CVE-2025-6428MedJun 24, 2025
    risk 0.28cvss 4.3epss 0.00

    When a URL was provided in a link querystring parameter, Firefox for Android would follow that URL instead of the correct URL, potentially leading to phishing attacks. *This bug only affects Firefox for Android. Other versions of Firefox are unaffected.*. This vulnerability was…

  • CVE-2023-29538MedJun 2, 2023
    risk 0.28cvss 4.3epss 0.00

    Under specific circumstances a WebExtension may have received a jar:file:/// URI instead of a moz-extension:/// URI during a load request. This leaked directory paths on the user's machine. This vulnerability affects Firefox for Android < 112, Firefox <…

  • CVE-2023-29533MedJun 2, 2023
    risk 0.28cvss 4.3epss 0.01

    A website could have obscured the fullscreen notification by using a combination of window.open, fullscreen requests, window.name assignments, and setInterval calls. This could have led to user confusion and possible spoofing attacks. This…

  • CVE-2023-28159MedJun 2, 2023
    risk 0.28cvss 4.3epss 0.00

    The fullscreen notification could have been hidden on Firefox for Android by using download popups, resulting in potential user confusion or spoofing attacks. *This bug only affects Firefox for Android. Other operating systems are unaffected.*. This vulnerability affects…

  • CVE-2023-25749MedJun 2, 2023
    risk 0.28cvss 4.3epss 0.00

    Android applications with unpatched vulnerabilities can be launched from a browser using Intents, exposing users to these vulnerabilities. Firefox will now confirm with users that they want to launch an external application before doing so. *This bug only affects Firefox for…

  • CVE-2023-25748MedJun 2, 2023
    risk 0.28cvss 4.3epss 0.00

    By displaying a prompt with a long description, the fullscreen notification could have been hidden, resulting in potential user confusion or spoofing attacks. *This bug only affects Firefox for Android. Other operating systems are unaffected.*. This vulnerability affects…

  • CVE-2022-38474MedDec 22, 2022
    risk 0.28cvss 4.3epss 0.00

    A website that had permission to access the microphone could record audio without the audio notification being shown. This bug does not allow the attacker to bypass the permission prompt - it only affects the notification shown once permission has been granted.*This bug…

  • CVE-2022-22762MedDec 22, 2022
    risk 0.28cvss 4.3epss 0.00

    Under certain circumstances, a JavaScript alert (or prompt) could have been shown while another website was displayed underneath it. This could have been abused to trick the user. *This bug only affects Firefox for Android. Other operating systems are unaffected.*. This…

  • CVE-2022-22749MedDec 22, 2022
    risk 0.28cvss 4.3epss 0.00

    When scanning QR codes, Firefox for Android would have allowed navigation to some URLs that do not point to web content.*This bug only affects Firefox for Android. Other operating systems are unaffected.*. This vulnerability affects Firefox < 96.

  • CVE-2021-4221MedDec 22, 2022
    risk 0.28cvss 4.3epss 0.00

    If a domain name contained a RTL character, it would cause the domain to be rendered to the right of the path. This could lead to user confusion and spoofing attacks. *This bug only affects Firefox for Android. Other operating systems are unaffected.**Note*: Due to a…

  • CVE-2021-29963MedJun 24, 2021
    risk 0.28cvss 4.3epss 0.00

    Address bar search suggestions in private browsing mode were re-using session data from normal mode. *This bug only affects Firefox for Android. Other operating systems are unaffected.*. This vulnerability affects Firefox < 89.

  • CVE-2021-29962MedJun 24, 2021
    risk 0.28cvss 4.3epss 0.01

    Firefox for Android would become unstable and hard-to-recover when a website opened too many popups. *This bug only affects Firefox for Android. Other operating systems are unaffected.*. This vulnerability affects Firefox < 89.

Page 4 of 5