Firefox for Android
Source repositories
CVEs (89)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2020-15670 | 0.00 | — | 0.01 | Oct 1, 2020 | Mozilla developers reported memory safety bugs present in Firefox for Android 79. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox <… | |||
| CVE-2020-15671 | 0.00 | — | 0.00 | Oct 1, 2020 | When typing in a password under certain conditions, a race may have occured where the InputContext was not being correctly set for the input field, resulting in the typed password being saved to the keyboard dictionary. This vulnerability affects Firefox for Android < 80. | |||
| CVE-2020-15649 | 0.00 | — | 0.01 | Aug 10, 2020 | Given an installed malicious file picker application, an attacker was able to steal and upload local files of their choosing, regardless of the actually files picked. *Note: This issue only affected Firefox for Android. Other operating systems are unaffected.*. This… | |||
| CVE-2020-15650 | 0.00 | — | 0.01 | Aug 10, 2020 | Given an installed malicious file picker application, an attacker was able to overwrite local files and thus overwrite Firefox settings (but not access the previous profile). *Note: This issue only affected Firefox for Android. Other operating systems are unaffected.*. This… | |||
| CVE-2020-6827 | 0.00 | — | 0.01 | Apr 24, 2020 | When following a link that opened an intent://-schemed URL, causing a custom tab to be opened, Firefox for Android could be tricked into displaying the incorrect URI. *Note: This issue only affects Firefox for Android. Other operating systems are unaffected.*. This… | |||
| CVE-2020-6828 | 0.00 | — | 0.01 | Apr 24, 2020 | A malicious Android application could craft an Intent that would have been processed by Firefox for Android and potentially result in a file overwrite in the user's profile directory. One exploitation vector for this would be to supply a user.js file providing arbitrary… | |||
| CVE-2018-12400 | 0.00 | — | 0.02 | Feb 28, 2019 | In private browsing mode on Firefox for Android, favicons are cached in the cache/icons folder as they are in non-private mode. This allows information leakage of sites visited during private browsing sessions. *Note: this issue only affects Firefox for Android. Desktop versions… | |||
| CVE-2018-12391 | 0.00 | — | 0.02 | Feb 28, 2019 | During HTTP Live Stream playback on Firefox for Android, audio data can be accessed across origins in violation of security policies. Because the problem is in the underlying Android service, this issue is addressed by treating all HLS streams as cross-origin and opaque to… | |||
| CVE-2018-12382 | 0.00 | — | 0.02 | Oct 18, 2018 | The displayed addressbar URL can be spoofed on Firefox for Android using a javascript: URI in concert with JavaScript to insert text before the loaded domain name, scrolling the loaded domain out of view to the right. This can lead to user confusion. *This vulnerability only… |
- CVE-2020-15670Oct 1, 2020risk 0.00cvss —epss 0.01
Mozilla developers reported memory safety bugs present in Firefox for Android 79. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox <…
- CVE-2020-15671Oct 1, 2020risk 0.00cvss —epss 0.00
When typing in a password under certain conditions, a race may have occured where the InputContext was not being correctly set for the input field, resulting in the typed password being saved to the keyboard dictionary. This vulnerability affects Firefox for Android < 80.
- CVE-2020-15649Aug 10, 2020risk 0.00cvss —epss 0.01
Given an installed malicious file picker application, an attacker was able to steal and upload local files of their choosing, regardless of the actually files picked. *Note: This issue only affected Firefox for Android. Other operating systems are unaffected.*. This…
- CVE-2020-15650Aug 10, 2020risk 0.00cvss —epss 0.01
Given an installed malicious file picker application, an attacker was able to overwrite local files and thus overwrite Firefox settings (but not access the previous profile). *Note: This issue only affected Firefox for Android. Other operating systems are unaffected.*. This…
- CVE-2020-6827Apr 24, 2020risk 0.00cvss —epss 0.01
When following a link that opened an intent://-schemed URL, causing a custom tab to be opened, Firefox for Android could be tricked into displaying the incorrect URI. *Note: This issue only affects Firefox for Android. Other operating systems are unaffected.*. This…
- CVE-2020-6828Apr 24, 2020risk 0.00cvss —epss 0.01
A malicious Android application could craft an Intent that would have been processed by Firefox for Android and potentially result in a file overwrite in the user's profile directory. One exploitation vector for this would be to supply a user.js file providing arbitrary…
- CVE-2018-12400Feb 28, 2019risk 0.00cvss —epss 0.02
In private browsing mode on Firefox for Android, favicons are cached in the cache/icons folder as they are in non-private mode. This allows information leakage of sites visited during private browsing sessions. *Note: this issue only affects Firefox for Android. Desktop versions…
- CVE-2018-12391Feb 28, 2019risk 0.00cvss —epss 0.02
During HTTP Live Stream playback on Firefox for Android, audio data can be accessed across origins in violation of security policies. Because the problem is in the underlying Android service, this issue is addressed by treating all HLS streams as cross-origin and opaque to…
- CVE-2018-12382Oct 18, 2018risk 0.00cvss —epss 0.02
The displayed addressbar URL can be spoofed on Firefox for Android using a javascript: URI in concert with JavaScript to insert text before the loaded domain name, scrolling the loaded domain out of view to the right. This can lead to user confusion. *This vulnerability only…
Page 5 of 5