Firefox For Security Vulnerabilities
The ShmemCharMapHashEntry() code was susceptible to potentially undefined behavior by bypassing the move semantics for one of its data members. This vulnerability affects Firefox <...
6.7AI Score
A bug in popup notifications' interaction with WebAuthn made it easier for an attacker to trick a user into granting permissions. This vulnerability affects Firefox < 126, Firefox ESR < 115.11, and Thunderbird <...
5.9AI Score
Different techniques existed to obscure the fullscreen notification in Firefox for Android. These could have lead to potential user confusion and spoofing attacks. This bug only affects Firefox for Android. Other versions of Firefox are unaffected. This vulnerability affects Firefox <...
6.5AI Score
Web application manifests were stored by using an insecure MD5 hash which allowed for a hash collision to overwrite another application's manifest. This could have been exploited to run arbitrary code in another application's context. This issue only affects Firefox for Android. Other versions of.....
6.9AI Score
The JIT created incorrect code for arguments in certain cases. This led to potential use-after-free crashes during garbage collection. This vulnerability affects Firefox < 125, Firefox ESR < 115.10, and Thunderbird <...
5.8AI Score
0.0004EPSS
Dragging Javascript URLs to the address bar could cause them to be loaded, bypassing restrictions and security protections This vulnerability affects Firefox for iOS <...
6.8AI Score
0.0004EPSS
If an insecure element was added to a page after a delay, Firefox would not replace the secure icon with a mixed content security status This vulnerability affects Firefox for iOS <...
6.6AI Score
0.0004EPSS
To harden ICU against exploitation, the behavior for out-of-memory conditions was changed to crash instead of attempt to continue. This vulnerability affects Firefox ESR < 115.9 and Thunderbird <...
6.8AI Score
0.0004EPSS
Using an AMP url with a canonical element, an attacker could have executed JavaScript from an opened bookmarked page. This vulnerability affects Firefox for iOS <...
6.5AI Score
0.0004EPSS
An attacker could have executed unauthorized scripts on top origin sites using a JavaScript URI when opening an external URL with a custom Firefox scheme. This vulnerability affects Firefox for iOS <...
6.5AI Score
0.0004EPSS
Upon scanning a JavaScript URI with the QR code scanner, an attacker could have executed unauthorized scripts on the current top origin sites in the URL bar. This vulnerability affects Firefox for iOS <...
6.7AI Score
0.0004EPSS
The incorrect object was checked for NULL in the built-in profiler, potentially leading to invalid memory access and undefined behavior. Note: This issue only affects the application when the profiler is running. This vulnerability affects Firefox <...
6.8AI Score
0.0004EPSS
When a user scans a QR Code with the QR Code Scanner feature, the user is not prompted before being navigated to the page specified in the code. This may surprise the user and potentially direct them to unwanted...
6.1CVSS
7.5AI Score
0.0005EPSS
A bug in popup notifications delay calculation could have made it possible for an attacker to trick a user into granting permissions. This vulnerability affects Firefox < 122, Firefox ESR < 115.7, and Thunderbird <...
8.8CVSS
6.5AI Score
0.001EPSS
It was possible for certain browser prompts and dialogs to be activated or dismissed unintentionally by the user due to an incorrect timestamp used to prevent input after page load. This vulnerability affects Firefox < 122, Firefox ESR < 115.7, and Thunderbird <...
4.3CVSS
6.5AI Score
0.001EPSS
EncryptingOutputStream was susceptible to exposing uninitialized data. This issue could only be abused in order to write data to a local disk which may have implications for private browsing mode. This vulnerability affects Firefox ESR < 115.6 and Firefox <...
6.5CVSS
6.5AI Score
0.001EPSS
An attacker could have performed HTML template injection via Reader Mode and exfiltrated user information. This vulnerability affects Firefox for iOS <...
6.1CVSS
6.7AI Score
0.0005EPSS
An attacker could have accessed internal pages or data by ex-filtrating a security key from ReaderMode via the referrerpolicy attribute. This vulnerability affects Firefox for iOS <...
9.8CVSS
6.6AI Score
0.001EPSS
When opening a page in reader mode, the redirect URL could have caused attacker-controlled script to execute in a reflected Cross-Site Scripting (XSS) attack. This vulnerability affects Firefox for iOS <...
6.1CVSS
5.5AI Score
0.001EPSS
It was possible for certain browser prompts and dialogs to be activated or dismissed unintentionally by the user due to an insufficient activation-delay. This vulnerability affects Firefox < 119, Firefox ESR < 115.4, and Thunderbird <...
4.3CVSS
5.3AI Score
0.001EPSS
When checking if the Browsing Context had been discarded in HttpBaseChannel, if the load group was not available then it was assumed to have already been discarded which was not always the case for private channels after the private session had ended. This vulnerability affects Firefox < 117,...
7.5CVSS
7AI Score
0.001EPSS
Due to large allocation checks in Angle for glsl shaders being too lenient a buffer overflow could have occured when allocating too much private shader memory on mac OS. This bug only affects Firefox on macOS. Other operating systems are unaffected. This vulnerability affects Firefox < 117,...
8.8CVSS
8.1AI Score
0.001EPSS
When creating a callback over IPC for showing the Color Picker window, multiple of the same callbacks could have been created at a time and eventually all simultaneously destroyed as soon as one of the callbacks finished. This could have led to a use-after-free causing a potentially exploitable...
6.5CVSS
6.6AI Score
0.001EPSS
When creating a callback over IPC for showing the File Picker window, multiple of the same callbacks could have been created at a time and eventually all simultaneously destroyed as soon as one of the callbacks finished. This could have led to a use-after-free causing a potentially exploitable...
6.5CVSS
6.6AI Score
0.001EPSS
A bug in popup notifications delay calculation could have made it possible for an attacker to trick a user into granting permissions. This vulnerability affects Firefox < 116, Firefox ESR < 102.14, and Firefox ESR <...
8.8CVSS
8.5AI Score
0.001EPSS
In some circumstances, a stale value could have been used for a global variable in WASM JIT analysis. This resulted in incorrect compilation and a potentially exploitable crash in the content process. This vulnerability affects Firefox < 116, Firefox ESR < 102.14, and Firefox ESR <...
5.3CVSS
6.6AI Score
0.001EPSS
The session restore helper crashed whenever there was no parameter sent to the message handler. This vulnerability affects Firefox for iOS <...
6.5CVSS
5.8AI Score
0.0005EPSS
The permission request prompt from the site in the background tab was overlaid on top of the site in the foreground tab. This vulnerability affects Firefox for iOS <...
5.4CVSS
4.9AI Score
0.0005EPSS
The use of RTL Arabic characters in the address bar may have allowed for URL spoofing. This vulnerability affects Firefox <...
6.5CVSS
5.8AI Score
0.001EPSS
When choosing a site-isolated process for a document loaded from a data: URL that was the result of a redirect, Firefox would load that document in the same process as the site that issued the redirect. This bypassed the site-isolation protections against Spectre-like attacks on sites that host an....
6.1CVSS
6.7AI Score
0.001EPSS
The error page for sites with invalid TLS certificates was missing the activation-delay Firefox uses to protect prompts and permission dialogs from attacks that exploit human response time delays. If a malicious page elicited user clicks in precise locations immediately before navigating to a site....
3.1CVSS
5.2AI Score
0.001EPSS
When recording the screen while in Private Browsing on Firefox for Android the address bar and keyboard were not hidden, potentially leaking sensitive information. This bug only affects Firefox for Android. Other operating systems are unaffected. This vulnerability affects Firefox for Android <....
6.5CVSS
6.2AI Score
0.001EPSS
Different techniques existed to obscure the fullscreen notification in Firefox and Focus for Android. These could have led to potential user confusion and spoofing attacks. This bug only affects Firefox and Focus for Android. Other versions of Firefox are unaffected. This vulnerability affects...
9.1CVSS
8.5AI Score
0.001EPSS
A potential use-after-free in libaudio was fixed by disabling the AAudio backend when running on Android API below version 30. This bug only affects Firefox for Android. Other versions of Firefox are unaffected. This vulnerability affects Firefox for Android <...
7.5CVSS
7.1AI Score
0.0005EPSS
An attacker could have caused an out of bounds memory access using WebGL APIs, leading to memory corruption and a potentially exploitable crash. This bug only affects Firefox and Thunderbird for macOS. Other operating systems are unaffected. This vulnerability affects Firefox < 112, Firefox ESR ...
9.8CVSS
8.9AI Score
0.001EPSS
A missing delay in popup notifications could have made it possible for an attacker to trick a user into granting permissions. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird <...
8.8CVSS
7.8AI Score
0.001EPSS
Memory safety bugs present in Firefox 111. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox for Android < 112, Firefox < 112, and Focus for Android &...
8.8CVSS
8.8AI Score
0.001EPSS
An attacker could have caused memory corruption and a potentially exploitable use-after-free of a pointer in a global object's debugger vector. This vulnerability affects Firefox for Android < 112, Firefox < 112, and Focus for Android <...
8.8CVSS
8.1AI Score
0.001EPSS
Multiple race conditions in the font initialization could have led to memory corruption and execution of attacker-controlled code. This vulnerability affects Firefox for Android < 112, Firefox < 112, and Focus for Android <...
7.5CVSS
7.3AI Score
0.001EPSS
Firefox did not properly handle downloads of files ending in .desktop, which can be interpreted to run attacker-controlled commands. This bug only affects Firefox for Linux on certain Distributions. Other operating systems are unaffected, and Mozilla is unable to enumerate all affected Linux...
8.8CVSS
7.8AI Score
0.001EPSS
A website could have obscured the fullscreen notification by using a combination of window.open, fullscreen requests, window.name assignments, and setInterval calls. This could have led to user confusion and possible spoofing attacks. This vulnerability affects Firefox < 112, Focus for Android &...
4.3CVSS
5.2AI Score
0.001EPSS
When a secure cookie existed in the Firefox cookie jar an insecure cookie for the same domain could have been created, when it should have silently failed. This could have led to a desynchronization in expected results when reading from the secure cookie. This vulnerability affects Firefox for...
6.5CVSS
6.4AI Score
0.001EPSS
If multiple instances of resource exhaustion occurred at the incorrect time, the garbage collector could have caused memory corruption and a potentially exploitable crash. This vulnerability affects Firefox for Android < 112, Firefox < 112, and Focus for Android <...
6.5CVSS
6.7AI Score
0.001EPSS
If temporary "one-time" permissions, such as the ability to use the Camera, were granted to a document loaded using a file: URL, that permission persisted in that tab for all other documents loaded from a file: URL. This is potentially dangerous if the local files came from different sources, such....
8.8CVSS
7.8AI Score
0.001EPSS
Under specific circumstances a WebExtension may have received a jar:file:/// URI instead of a moz-extension:/// URI during a load request. This leaked directory paths on the user's machine. This vulnerability affects Firefox for Android < 112, Firefox < 112, and Focus for Android <...
4.3CVSS
5.2AI Score
0.001EPSS
When handling the filename directive in the Content-Disposition header, the filename would be truncated if the filename contained a NULL character. This could have led to reflected file download attacks potentially tricking users to install malware. This vulnerability affects Firefox < 112, Focu...
8.8CVSS
7.8AI Score
0.001EPSS
Using a redirect embedded into sourceMappingUrls could allow for navigation to external protocol links in sandboxed iframes without allow-top-navigation-to-custom-protocols. This vulnerability affects Firefox for Android < 112, Firefox < 112, and Focus for Android <...
6.1CVSS
6.1AI Score
0.001EPSS
Memory safety bugs present in Firefox 111 and Firefox ESR 102.9. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 112, Focus for Android < 112, Fir...
8.8CVSS
8.9AI Score
0.001EPSS
An attacker could cause the memory manager to incorrectly free a pointer that addresses attacker-controlled memory, resulting in an assertion, memory corruption, or a potentially exploitable crash. This vulnerability affects Firefox < 112, Focus for Android < 112, Firefox ESR < 102.10, Fir...
8.8CVSS
8AI Score
0.001EPSS
The fullscreen notification could have been hidden on Firefox for Android by using download popups, resulting in potential user confusion or spoofing attacks. This bug only affects Firefox for Android. Other operating systems are unaffected.. This vulnerability affects Firefox <...
4.3CVSS
4.8AI Score
0.001EPSS