Mozilla Firefox before 49.0 allows remote attackers to bypass the Same Origin Policy via a crafted fragment identifier in the SRC attribute of an IFRAME element, leading to insufficient restrictions on link-color information after a document is resized.
Max CVSS
8.8
EPSS Score
0.89%
Published
2016-09-22
Updated
2017-07-30
The mozilla::a11y::HyperTextAccessible::GetChildOffset function in the accessibility implementation in Mozilla Firefox before 49.0 allows remote attackers to execute arbitrary code via a crafted web site.
Max CVSS
8.8
EPSS Score
0.98%
Published
2016-09-22
Updated
2017-07-30
Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2 do not ensure that the user approves the fullscreen and pointerlock settings, which allows remote attackers to cause a denial of service (UI outage), or conduct clickjacking or spoofing attacks, via a crafted web site.
Max CVSS
8.8
EPSS Score
1.44%
Published
2016-06-13
Updated
2018-10-30
Mozilla Firefox before 47.0 allows remote attackers to spoof permission notifications via a crafted web site that rapidly triggers permission requests, as demonstrated by the microphone permission or the geolocation permission.
Max CVSS
6.5
EPSS Score
0.36%
Published
2016-06-13
Updated
2018-10-30
Mozilla Firefox before 47.0 allows remote attackers to bypass the Same Origin Policy and modify the location.host property via an invalid data: URL.
Max CVSS
6.5
EPSS Score
0.48%
Published
2016-06-13
Updated
2018-10-30
Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2 allow remote attackers to spoof the address bar via a SELECT element with a persistent menu.
Max CVSS
6.5
EPSS Score
0.94%
Published
2016-06-13
Updated
2018-10-30
The Firefox Health Reports (aka FHR or about:healthreport) feature in Mozilla Firefox before 46.0 does not properly restrict the origin of events, which makes it easier for remote attackers to modify sharing preferences by leveraging access to the remote-report IFRAME element.
Max CVSS
4.3
EPSS Score
0.91%
Published
2016-04-30
Updated
2017-07-01
Mozilla Firefox before 46.0 allows remote attackers to bypass the Content Security Policy (CSP) protection mechanism via the multipart/x-mixed-replace content type.
Max CVSS
6.5
EPSS Score
0.62%
Published
2016-04-30
Updated
2017-07-01
The lockscreen feature in Mozilla Firefox OS before 2.5 does not properly restrict failed authentication attempts, which makes it easier for physically proximate attackers to obtain access by entering many passcode guesses.
Max CVSS
4.6
EPSS Score
0.07%
Published
2016-01-09
Updated
2016-01-14
9 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!