VYPR

Firefox for iOS

by Mozilla Corporation

CVEs (58)

  • CVE-2024-26283Feb 22, 2024
    risk 0.00cvss epss 0.00

    An attacker could have executed unauthorized scripts on top origin sites using a JavaScript URI when opening an external URL with a custom Firefox scheme. This vulnerability affects Firefox for iOS < 123.

  • CVE-2024-0953Feb 5, 2024
    risk 0.00cvss epss 0.00

    When a user scans a QR Code with the QR Code Scanner feature, the user is not prompted before being navigated to the page specified in the code. This may surprise the user and potentially direct them to unwanted content. This vulnerability affects Firefox for iOS < 129.

  • CVE-2023-49061Nov 21, 2023
    risk 0.00cvss epss 0.00

    An attacker could have performed HTML template injection via Reader Mode and exfiltrated user information. This vulnerability affects Firefox for iOS < 120.

  • CVE-2023-49060Nov 21, 2023
    risk 0.00cvss epss 0.01

    An attacker could have accessed internal pages or data by ex-filtrating a security key from ReaderMode via the `referrerpolicy` attribute. This vulnerability affects Firefox for iOS < 120.

  • CVE-2023-5758Oct 24, 2023
    risk 0.00cvss epss 0.00

    When opening a page in reader mode, the redirect URL could have caused attacker-controlled script to execute in a reflected Cross-Site Scripting (XSS) attack. This vulnerability affects Firefox for iOS < 119.

  • CVE-2023-37456Jul 12, 2023
    risk 0.00cvss epss 0.00

    The session restore helper crashed whenever there was no parameter sent to the message handler. This vulnerability affects Firefox for iOS < 115.

  • CVE-2023-37455Jul 12, 2023
    risk 0.00cvss epss 0.00

    The permission request prompt from the site in the background tab was overlaid on top of the site in the foreground tab. This vulnerability affects Firefox for iOS < 115.

  • CVE-2019-17003Feb 16, 2023
    risk 0.00cvss epss 0.00

    Scanning a QR code that contained a javascript: URL would have resulted in the Javascript being executed.

  • CVE-2022-31746Dec 22, 2022
    risk 0.00cvss epss 0.00

    Internal URLs are protected by a secret UUID key, which could have been leaked to web page through the Referrer header. This vulnerability affects Firefox for iOS < 102.

  • CVE-2022-1887Dec 22, 2022
    risk 0.00cvss epss 0.01

    The search term could have been specified externally to trigger SQL injection. This vulnerability affects Firefox for iOS < 101.

  • CVE-2021-29958Jun 24, 2021
    risk 0.00cvss epss 0.01

    When a download was initiated, the client did not check whether it was in normal or private browsing mode, which led to private mode cookies being shared in normal browsing mode. This vulnerability affects Firefox for iOS < 34.

  • CVE-2020-15647Aug 10, 2020
    risk 0.00cvss epss 0.01

    A Content Provider in Firefox for Android allowed local files accessible by the browser to be read by a remote webpage, leading to sensitive data disclosure, including cookies for other origins. This vulnerability affects Firefox for < Android.

  • CVE-2020-15651Aug 10, 2020
    risk 0.00cvss epss 0.01

    A unicode RTL order character in the downloaded file name can be used to change the file's name during the download UI flow to change the file extension. This vulnerability affects Firefox for iOS < 28.

  • CVE-2020-15661Aug 10, 2020
    risk 0.00cvss epss 0.01

    A rogue webpage could override the injected WKUserScript used by the logins autofill, this exploit could result in leaking a password for the current domain. This vulnerability affects Firefox for iOS < 28.

  • CVE-2020-15662Aug 10, 2020
    risk 0.00cvss epss 0.01

    A rogue webpage could override the injected WKUserScript used by the download feature, this exploit could result in the user downloading an unintended file. This vulnerability affects Firefox for iOS < 28.

  • CVE-2020-12414Jul 9, 2020
    risk 0.00cvss epss 0.01

    IndexedDB should be cleared when leaving private browsing mode and it is not, the API for WKWebViewConfiguration was being used incorrectly and requires the private instance of this object be deleted when leaving private mode. This vulnerability affects Firefox for iOS < 27.

  • CVE-2020-12404Jul 9, 2020
    risk 0.00cvss epss 0.01

    For native-to-JS bridging the app requires a unique token to be passed that ensures non-app code can't call the bridging functions. That token could leak when used for downloading files. This vulnerability affects Firefox for iOS < 26.

  • CVE-2020-6830May 26, 2020
    risk 0.00cvss epss 0.01

    For native-to-JS bridging, the app requires a unique token to be passed that ensures non-app code can't call the bridging functions. That token was being used for JS-to-native also, but it isn't needed in this case, and its usage was also leaking this token. This vulnerability…

Page 3 of 3