VYPR

Firefox for Android

by Mozilla Corporation

Source repositories

CVEs (89)

  • CVE-2020-15670Oct 1, 2020
    risk 0.00cvss epss 0.01

    Mozilla developers reported memory safety bugs present in Firefox for Android 79. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox <…

  • CVE-2020-15671Oct 1, 2020
    risk 0.00cvss epss 0.00

    When typing in a password under certain conditions, a race may have occured where the InputContext was not being correctly set for the input field, resulting in the typed password being saved to the keyboard dictionary. This vulnerability affects Firefox for Android < 80.

  • CVE-2020-15649Aug 10, 2020
    risk 0.00cvss epss 0.01

    Given an installed malicious file picker application, an attacker was able to steal and upload local files of their choosing, regardless of the actually files picked. *Note: This issue only affected Firefox for Android. Other operating systems are unaffected.*. This…

  • CVE-2020-15650Aug 10, 2020
    risk 0.00cvss epss 0.01

    Given an installed malicious file picker application, an attacker was able to overwrite local files and thus overwrite Firefox settings (but not access the previous profile). *Note: This issue only affected Firefox for Android. Other operating systems are unaffected.*. This…

  • CVE-2020-6827Apr 24, 2020
    risk 0.00cvss epss 0.01

    When following a link that opened an intent://-schemed URL, causing a custom tab to be opened, Firefox for Android could be tricked into displaying the incorrect URI. *Note: This issue only affects Firefox for Android. Other operating systems are unaffected.*. This…

  • CVE-2020-6828Apr 24, 2020
    risk 0.00cvss epss 0.01

    A malicious Android application could craft an Intent that would have been processed by Firefox for Android and potentially result in a file overwrite in the user's profile directory. One exploitation vector for this would be to supply a user.js file providing arbitrary…

  • CVE-2018-12400Feb 28, 2019
    risk 0.00cvss epss 0.02

    In private browsing mode on Firefox for Android, favicons are cached in the cache/icons folder as they are in non-private mode. This allows information leakage of sites visited during private browsing sessions. *Note: this issue only affects Firefox for Android. Desktop versions…

  • CVE-2018-12391Feb 28, 2019
    risk 0.00cvss epss 0.02

    During HTTP Live Stream playback on Firefox for Android, audio data can be accessed across origins in violation of security policies. Because the problem is in the underlying Android service, this issue is addressed by treating all HLS streams as cross-origin and opaque to…

  • CVE-2018-12382Oct 18, 2018
    risk 0.00cvss epss 0.02

    The displayed addressbar URL can be spoofed on Firefox for Android using a javascript: URI in concert with JavaScript to insert text before the loaded domain name, scrolling the loaded domain out of view to the right. This can lead to user confusion. *This vulnerability only…

Page 5 of 5