A Content Provider in Firefox for Android allowed local files accessible by the browser to be read by a remote webpage, leading to sensitive data disclosure, including cookies for other origins. This vulnerability affects Firefox for < Android.
Max CVSS
7.4
EPSS Score
0.17%
Published
2020-08-10
Updated
2020-08-12
Due to confusion processing a hyphen character in Date.parse(), a one-byte out of bounds read could have occurred, leading to potential information disclosure. This vulnerability affects Firefox < 78.
Max CVSS
6.5
EPSS Score
0.18%
Published
2020-07-09
Updated
2023-01-30
For native-to-JS bridging, the app requires a unique token to be passed that ensures non-app code can't call the bridging functions. That token was being used for JS-to-native also, but it isn't needed in this case, and its usage was also leaking this token. This vulnerability affects Firefox for iOS < 25.
Max CVSS
7.5
EPSS Score
0.18%
Published
2020-05-26
Updated
2020-05-28
The first time AirPods are connected to an iPhone, they become named after the user's name by default (e.g. Jane Doe's AirPods.) Websites with camera or microphone permission are able to enumerate device names, disclosing the user's name. To resolve this issue, Firefox added a special case that renames devices containing the substring 'AirPods' to simply 'AirPods'. This vulnerability affects Thunderbird < 68.6, Firefox < 74, Firefox < ESR68.6, and Firefox ESR < 68.6.
Max CVSS
5.3
EPSS Score
0.20%
Published
2020-03-25
Updated
2023-02-23
When in Private Browsing Mode on Windows 10, the Windows keyboard may retain word suggestions to improve the accuracy of the keyboard. This vulnerability affects Firefox < 72.
Max CVSS
5.3
EPSS Score
0.09%
Published
2020-01-08
Updated
2020-01-13
When importing a curve25519 private key in PKCS#8format with leading 0x00 bytes, it is possible to trigger an out-of-bounds read in the Network Security Services (NSS) library. This could lead to information disclosure. This vulnerability affects Firefox ESR < 60.8, Firefox < 68, and Thunderbird < 60.8.
Max CVSS
7.5
EPSS Score
0.56%
Published
2019-07-23
Updated
2020-09-30
In private browsing mode on Firefox for Android, favicons are cached in the cache/icons folder as they are in non-private mode. This allows information leakage of sites visited during private browsing sessions. *Note: this issue only affects Firefox for Android. Desktop versions of Firefox are unaffected.*. This vulnerability affects Firefox < 63.
Max CVSS
5.3
EPSS Score
0.56%
Published
2019-02-28
Updated
2019-03-01
A WebExtension can request access to local files without the warning prompt stating that the extension will "Access your data for all websites" being displayed to the user. This allows extensions to run content scripts in local pages without permission warnings when a local file is opened. This vulnerability affects Firefox ESR < 60.3 and Firefox < 63.
Max CVSS
7.1
EPSS Score
0.06%
Published
2019-02-28
Updated
2019-03-01
dDecrypted S/MIME parts hidden with CSS or the plaintext HTML tag can leak plaintext when included in a HTML reply/forward. This vulnerability affects Thunderbird < 52.9.
Max CVSS
6.5
EPSS Score
0.39%
Published
2018-10-18
Updated
2019-10-03
Decrypted S/MIME parts, when included in HTML crafted for an attack, can leak plaintext when included in a a HTML reply/forward. This vulnerability affects Thunderbird < 52.9.
Max CVSS
6.5
EPSS Score
0.41%
Published
2018-10-18
Updated
2019-10-03
A compromised IPC child process can escape the content sandbox and list the names of arbitrary files on the file system without user consent or interaction. This could result in exposure of private local files. This vulnerability affects Thunderbird < 60, Thunderbird < 52.9, Firefox ESR < 60.1, Firefox ESR < 52.9, and Firefox < 61.
Max CVSS
6.5
EPSS Score
0.23%
Published
2018-10-18
Updated
2018-12-03
A hardware vulnerability in GPU memory modules allows attackers to accelerate micro-architectural attacks through the use of the JavaScript WebGL API.
Max CVSS
5.8
EPSS Score
0.12%
Published
2018-05-04
Updated
2019-10-03
In Apache Spark 2.1.0 to 2.1.2, 2.2.0 to 2.2.1, and 2.3.0, it's possible for a malicious user to construct a URL pointing to a Spark cluster's UI's job and stage info pages, and if a user can be tricked into accessing the URL, can be used to cause script to execute and expose information from the user's view of the Spark UI. While some browsers like recent versions of Chrome and Safari are able to block this type of attack, current versions of Firefox (and possibly others) do not.
Max CVSS
5.4
EPSS Score
0.05%
Published
2018-07-12
Updated
2019-02-28
If a text string that happens to be a filename in the operating system's native format is dragged and dropped onto the addressbar the specified local file will be opened. This is contrary to policy and is what would happen if the string were the equivalent "file:" URL. This vulnerability affects Firefox < 60.
Max CVSS
7.5
EPSS Score
0.28%
Published
2018-06-11
Updated
2018-08-03
If a URL using the "file:" protocol is dragged and dropped onto an open tab that is running in a different child process the tab will open a local file corresponding to the dropped URL, contrary to policy. One way to make the target tab open more reliably in a separate process is to open it with the "noopener" keyword. This vulnerability affects Firefox < 60.
Max CVSS
7.5
EPSS Score
0.45%
Published
2018-06-11
Updated
2018-08-03
Same-origin protections for the PDF viewer can be bypassed, allowing a malicious site to intercept messages meant for the viewer. This could allow the site to retrieve PDF files restricted to viewing by an authenticated user on a third-party website. This vulnerability affects Firefox ESR < 52.8 and Firefox < 60.
Max CVSS
7.5
EPSS Score
0.32%
Published
2018-06-11
Updated
2019-03-13
Image for moz-icons can be accessed through the "moz-icon:" protocol through script in web content even when otherwise prohibited. This could allow for information leakage of which applications are associated with specific MIME types by a malicious page. This vulnerability affects Firefox < 59.
Max CVSS
5.3
EPSS Score
0.34%
Published
2018-06-11
Updated
2018-08-02
A legacy extension's non-contentaccessible, defined resources can be loaded by an arbitrary web page through script. This script does this by using a maliciously crafted path string to reference the resources. Note: this vulnerability does not affect WebExtensions. This vulnerability affects Firefox < 59.
Max CVSS
7.5
EPSS Score
0.35%
Published
2018-06-11
Updated
2018-08-10
WebExtensions may use "view-source:" URLs to view local "file:" URL content, as well as content stored in "about:cache", bypassing restrictions that only allow WebExtensions to view specific content. This vulnerability affects Firefox < 59.
Max CVSS
7.5
EPSS Score
0.25%
Published
2018-06-11
Updated
2018-08-08
If the "app.support.baseURL" preference is changed by a malicious local program to contain HTML and script content, this content is not sanitized. It will be executed if a user loads "chrome://browser/content/preferences/in-content/preferences.xul" directly in a tab and executes a search. This stored preference is also executed whenever an EME video player plugin displays a CDM-disabled message as a notification message. This vulnerability affects Firefox < 59.
Max CVSS
6.5
EPSS Score
0.39%
Published
2018-06-11
Updated
2018-08-03
The Find API for WebExtensions can search some privileged pages, such as "about:debugging", if these pages are open in a tab. This could allow a malicious WebExtension to search for otherwise protected data if a user has it open. This vulnerability affects Firefox < 59.
Max CVSS
6.5
EPSS Score
0.27%
Published
2018-06-11
Updated
2018-08-07
Under certain circumstances the "fetch()" API can return transient local copies of resources that were sent with a "no-store" or "no-cache" cache header instead of downloading a copy from the network as it should. This can result in previously stored, locally cached data of a website being accessible to users if they share a common profile while browsing. This vulnerability affects Firefox ESR < 52.7 and Firefox < 59.
Max CVSS
5.9
EPSS Score
0.22%
Published
2018-06-11
Updated
2019-03-08
The reader view will display cross-origin content when CORS headers are set to prohibit the loading of cross-origin content by a site. This could allow access to content that should be restricted in reader view. This vulnerability affects Firefox < 58.
Max CVSS
5.3
EPSS Score
0.30%
Published
2018-06-11
Updated
2018-06-25
The screenshot images displayed in the Activity Stream page displayed when a new tab is opened is created from the meta tags of websites. An issue was discovered where the page could attempt to create these images through "file:" URLs from the local file system. This loading is blocked by the sandbox but could expose local data if combined with another attack that escapes sandbox protections. This vulnerability affects Firefox < 58.
Max CVSS
5.3
EPSS Score
0.28%
Published
2018-06-11
Updated
2018-06-25
If an HTTP authentication prompt is triggered by a background network request from a page or extension, it is displayed over the currently loaded foreground page. Although the prompt contains the real domain making the request, this can result in user confusion about the originating site of the authentication request and may cause users to mistakenly send private credential information to a third party site. This vulnerability affects Firefox < 58.
Max CVSS
7.5
EPSS Score
0.30%
Published
2018-06-11
Updated
2018-06-25
103 vulnerabilities found
1 2 3 4 5
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!