When a user scans a QR Code with the QR Code Scanner feature, the user is not prompted before being navigated to the page specified in the code. This may surprise the user and potentially direct them to unwanted content.
Max CVSS
6.1
EPSS Score
0.05%
Published
2024-02-05
Updated
2024-02-09
Some WASM source files could have caused a crash when loaded in devtools. This vulnerability affects Firefox < 122.
Max CVSS
6.5
EPSS Score
0.05%
Published
2024-01-23
Updated
2024-01-30
In specific HSTS configurations an attacker could have bypassed HSTS on a subdomain. This vulnerability affects Firefox < 122, Firefox ESR < 115.7, and Thunderbird < 115.7.
Max CVSS
6.5
EPSS Score
0.06%
Published
2024-01-23
Updated
2024-02-02
A use-after-free crash could have occurred on macOS if a Firefox update were being applied on a very busy system. This could have resulted in an exploitable crash. This vulnerability affects Firefox < 122.
Max CVSS
6.5
EPSS Score
0.05%
Published
2024-01-23
Updated
2024-01-30
When a parent page loaded a child in an iframe with `unsafe-inline`, the parent Content Security Policy could have overridden the child Content Security Policy. This vulnerability affects Firefox < 122, Firefox ESR < 115.7, and Thunderbird < 115.7.
Max CVSS
6.5
EPSS Score
0.06%
Published
2024-01-23
Updated
2024-02-02
A Linux user opening the print preview dialog could have caused the browser to crash. This vulnerability affects Firefox < 122, Firefox ESR < 115.7, and Thunderbird < 115.7.
Max CVSS
6.5
EPSS Score
0.06%
Published
2024-01-23
Updated
2024-02-02
An out of bounds write in ANGLE could have allowed an attacker to corrupt memory leading to a potentially exploitable crash. This vulnerability affects Firefox < 122, Firefox ESR < 115.7, and Thunderbird < 115.7.
Max CVSS
6.5
EPSS Score
0.06%
Published
2024-01-23
Updated
2024-02-02
An attacker could have performed HTML template injection via Reader Mode and exfiltrated user information. This vulnerability affects Firefox for iOS < 120.
Max CVSS
6.1
EPSS Score
0.05%
Published
2023-11-21
Updated
2023-11-28
The session restore helper crashed whenever there was no parameter sent to the message handler. This vulnerability affects Firefox for iOS < 115.
Max CVSS
6.5
EPSS Score
0.05%
Published
2023-07-12
Updated
2023-07-20
A website could prevent a user from exiting full-screen mode via alert and prompt calls. This could lead to user confusion and possible spoofing attacks. This vulnerability affects Firefox < 115.
Max CVSS
6.5
EPSS Score
0.05%
Published
2023-07-05
Updated
2024-01-07
A website could have obscured the fullscreen notification by using a URL with a scheme handled by an external program, such as a mailto URL. This could have led to user confusion and possible spoofing attacks. This vulnerability affects Firefox < 115, Firefox ESR < 102.13, and Thunderbird < 102.13.
Max CVSS
6.5
EPSS Score
0.09%
Published
2023-07-05
Updated
2023-07-12
Uploading files which contain symlinks may have allowed an attacker to trick a user into submitting sensitive data to a malicious website. This vulnerability affects Firefox < 115.
Max CVSS
6.5
EPSS Score
0.06%
Published
2023-07-05
Updated
2024-01-07
The use of RTL Arabic characters in the address bar may have allowed for URL spoofing. This vulnerability affects Firefox < 115.
Max CVSS
6.5
EPSS Score
0.05%
Published
2023-07-05
Updated
2024-01-07
A website could have obscured the fullscreen notification by using an option element by introducing lag via an expensive computational function. This could have led to user confusion and possible spoofing attacks. This vulnerability affects Firefox < 115.
Max CVSS
6.5
EPSS Score
0.05%
Published
2023-07-05
Updated
2024-01-07
When choosing a site-isolated process for a document loaded from a data: URL that was the result of a redirect, Firefox would load that document in the same process as the site that issued the redirect. This bypassed the site-isolation protections against Spectre-like attacks on sites that host an "open redirect". Firefox no longer follows HTTP redirects to data: URLs. This vulnerability affects Firefox < 114.
Max CVSS
6.1
EPSS Score
0.05%
Published
2023-06-19
Updated
2024-01-07
A type checking bug would have led to invalid code being compiled. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11.
Max CVSS
6.5
EPSS Score
0.07%
Published
2023-06-02
Updated
2024-01-07
Documents were incorrectly assuming an ordering of principal objects when ensuring we were loading an appropriately privileged principal. In certain circumstances it might have been possible to cause a document to be loaded with a higher privileged principal than intended. This vulnerability affects Firefox < 113.
Max CVSS
6.5
EPSS Score
0.05%
Published
2023-06-19
Updated
2024-01-07
An out-of-bound read could have led to a crash in the RLBox Expat driver. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11.
Max CVSS
6.5
EPSS Score
0.07%
Published
2023-06-02
Updated
2024-01-07
Under certain circumstances, a call to the <code>bind</code> function may have resulted in the incorrect realm. This may have created a vulnerability relating to JavaScript-implemented sandboxes such as SES. This vulnerability affects Firefox for Android < 112, Firefox < 112, and Focus for Android < 112.
Max CVSS
6.5
EPSS Score
0.05%
Published
2023-06-02
Updated
2023-06-09
A wrong lowering instruction in the ARM64 Ion compiler resulted in a wrong optimization result. This vulnerability affects Firefox < 112, Focus for Android < 112, Firefox ESR < 102.10, Firefox for Android < 112, and Thunderbird < 102.10.
Max CVSS
6.5
EPSS Score
0.05%
Published
2023-06-02
Updated
2023-06-09
When a secure cookie existed in the Firefox cookie jar an insecure cookie for the same domain could have been created, when it should have silently failed. This could have led to a desynchronization in expected results when reading from the secure cookie. This vulnerability affects Firefox for Android < 112, Firefox < 112, and Focus for Android < 112.
Max CVSS
6.5
EPSS Score
0.05%
Published
2023-06-02
Updated
2023-06-09
When recording the screen while in Private Browsing on Firefox for Android the address bar and keyboard were not hidden, potentially leaking sensitive information. *This bug only affects Firefox for Android. Other operating systems are unaffected.* This vulnerability affects Firefox for Android < 112 and Focus for Android < 112.
Max CVSS
6.5
EPSS Score
0.09%
Published
2023-06-19
Updated
2023-06-27
Similar to CVE-2023-28163, this time when choosing 'Save Link As', suggested filenames containing environment variable names would have resolved those in the context of the current user. *This bug only affects Firefox and Thunderbird on Windows. Other versions of Firefox and Thunderbird are unaffected.* This vulnerability affects Firefox < 112, Firefox ESR < 102.10, and Thunderbird < 102.10.
Max CVSS
6.5
EPSS Score
0.05%
Published
2023-06-19
Updated
2023-06-27
If multiple instances of resource exhaustion occurred at the incorrect time, the garbage collector could have caused memory corruption and a potentially exploitable crash. This vulnerability affects Firefox for Android < 112, Firefox < 112, and Focus for Android < 112.
Max CVSS
6.5
EPSS Score
0.05%
Published
2023-06-02
Updated
2023-06-09
Using a redirect embedded into <code>sourceMappingUrls</code> could allow for navigation to external protocol links in sandboxed iframes without <code>allow-top-navigation-to-custom-protocols</code>. This vulnerability affects Firefox for Android < 112, Firefox < 112, and Focus for Android < 112.
Max CVSS
6.1
EPSS Score
0.05%
Published
2023-06-02
Updated
2023-06-09
424 vulnerabilities found
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!