Firefox For Android Security Vulnerabilities
Web application manifests were stored by using an insecure MD5 hash which allowed for a hash collision to overwrite another application's manifest. This could have been exploited to run arbitrary code in another application's context. This issue only affects Firefox for Android. Other versions of.....
6.9AI Score
Different techniques existed to obscure the fullscreen notification in Firefox for Android. These could have lead to potential user confusion and spoofing attacks. This bug only affects Firefox for Android. Other versions of Firefox are unaffected. This vulnerability affects Firefox <...
6.5AI Score
When recording the screen while in Private Browsing on Firefox for Android the address bar and keyboard were not hidden, potentially leaking sensitive information. This bug only affects Firefox for Android. Other operating systems are unaffected. This vulnerability affects Firefox for Android <....
6.5CVSS
6.2AI Score
0.001EPSS
Different techniques existed to obscure the fullscreen notification in Firefox and Focus for Android. These could have led to potential user confusion and spoofing attacks. This bug only affects Firefox and Focus for Android. Other versions of Firefox are unaffected. This vulnerability affects...
9.1CVSS
8.5AI Score
0.001EPSS
A potential use-after-free in libaudio was fixed by disabling the AAudio backend when running on Android API below version 30. This bug only affects Firefox for Android. Other versions of Firefox are unaffected. This vulnerability affects Firefox for Android <...
7.5CVSS
7.1AI Score
0.0005EPSS
Memory safety bugs present in Firefox 111. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox for Android < 112, Firefox < 112, and Focus for Android &...
8.8CVSS
8.8AI Score
0.001EPSS
An attacker could have caused memory corruption and a potentially exploitable use-after-free of a pointer in a global object's debugger vector. This vulnerability affects Firefox for Android < 112, Firefox < 112, and Focus for Android <...
8.8CVSS
8.1AI Score
0.001EPSS
Multiple race conditions in the font initialization could have led to memory corruption and execution of attacker-controlled code. This vulnerability affects Firefox for Android < 112, Firefox < 112, and Focus for Android <...
7.5CVSS
7.3AI Score
0.001EPSS
Firefox did not properly handle downloads of files ending in .desktop, which can be interpreted to run attacker-controlled commands. This bug only affects Firefox for Linux on certain Distributions. Other operating systems are unaffected, and Mozilla is unable to enumerate all affected Linux...
8.8CVSS
7.8AI Score
0.001EPSS
A website could have obscured the fullscreen notification by using a combination of window.open, fullscreen requests, window.name assignments, and setInterval calls. This could have led to user confusion and possible spoofing attacks. This vulnerability affects Firefox < 112, Focus for Android &...
4.3CVSS
5.2AI Score
0.001EPSS
When a secure cookie existed in the Firefox cookie jar an insecure cookie for the same domain could have been created, when it should have silently failed. This could have led to a desynchronization in expected results when reading from the secure cookie. This vulnerability affects Firefox for...
6.5CVSS
6.4AI Score
0.001EPSS
If multiple instances of resource exhaustion occurred at the incorrect time, the garbage collector could have caused memory corruption and a potentially exploitable crash. This vulnerability affects Firefox for Android < 112, Firefox < 112, and Focus for Android <...
6.5CVSS
6.7AI Score
0.001EPSS
Under specific circumstances a WebExtension may have received a jar:file:/// URI instead of a moz-extension:/// URI during a load request. This leaked directory paths on the user's machine. This vulnerability affects Firefox for Android < 112, Firefox < 112, and Focus for Android <...
4.3CVSS
5.2AI Score
0.001EPSS
When handling the filename directive in the Content-Disposition header, the filename would be truncated if the filename contained a NULL character. This could have led to reflected file download attacks potentially tricking users to install malware. This vulnerability affects Firefox < 112, Focu...
8.8CVSS
7.8AI Score
0.001EPSS
Using a redirect embedded into sourceMappingUrls could allow for navigation to external protocol links in sandboxed iframes without allow-top-navigation-to-custom-protocols. This vulnerability affects Firefox for Android < 112, Firefox < 112, and Focus for Android <...
6.1CVSS
6.1AI Score
0.001EPSS
Memory safety bugs present in Firefox 111 and Firefox ESR 102.9. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 112, Focus for Android < 112, Fir...
8.8CVSS
8.9AI Score
0.001EPSS
An attacker could cause the memory manager to incorrectly free a pointer that addresses attacker-controlled memory, resulting in an assertion, memory corruption, or a potentially exploitable crash. This vulnerability affects Firefox < 112, Focus for Android < 112, Firefox ESR < 102.10, Fir...
8.8CVSS
8AI Score
0.001EPSS
The fullscreen notification could have been hidden on Firefox for Android by using download popups, resulting in potential user confusion or spoofing attacks. This bug only affects Firefox for Android. Other operating systems are unaffected.. This vulnerability affects Firefox <...
4.3CVSS
4.8AI Score
0.001EPSS
Under certain circumstances, a call to the bind function may have resulted in the incorrect realm. This may have created a vulnerability relating to JavaScript-implemented sandboxes such as SES. This vulnerability affects Firefox for Android < 112, Firefox < 112, and Focus for Android <...
6.5CVSS
6.3AI Score
0.001EPSS
A wrong lowering instruction in the ARM64 Ion compiler resulted in a wrong optimization result. This vulnerability affects Firefox < 112, Focus for Android < 112, Firefox ESR < 102.10, Firefox for Android < 112, and Thunderbird <...
6.5CVSS
6.4AI Score
0.001EPSS
Following a Garbage Collector compaction, weak maps may have been accessed before they were correctly traced. This resulted in memory corruption and a potentially exploitable crash. This vulnerability affects Firefox < 112, Focus for Android < 112, Firefox ESR < 102.10, Firefox for Android...
6.5CVSS
7AI Score
0.001EPSS
Android applications with unpatched vulnerabilities can be launched from a browser using Intents, exposing users to these vulnerabilities. Firefox will now confirm with users that they want to launch an external application before doing so. This bug only affects Firefox for Android. Other versions....
4.3CVSS
4.9AI Score
0.001EPSS
By displaying a prompt with a long description, the fullscreen notification could have been hidden, resulting in potential user confusion or spoofing attacks. This bug only affects Firefox for Android. Other operating systems are unaffected.. This vulnerability affects Firefox <...
4.3CVSS
4.1AI Score
0.001EPSS
Per origin notification permissions were being stored in a way that didn't take into account what browsing context the permission was granted in. This lead to the possibility of notifications to be displayed during different browsing sessions.This bug only affects Firefox for Android. Other...
6.5CVSS
5.8AI Score
0.001EPSS
If a domain name contained a RTL character, it would cause the domain to be rendered to the right of the path. This could lead to user confusion and spoofing attacks. This bug only affects Firefox for Android. Other operating systems are unaffected.Note: Due to a clerical error this advisory was...
4.3CVSS
4.1AI Score
0.001EPSS
Removing an XSLT parameter during processing could have lead to an exploitable use-after-free. We have had reports of attacks in the wild abusing this flaw. This vulnerability affects Firefox < 97.0.2, Firefox ESR < 91.6.1, Firefox for Android < 97.3.0, Thunderbird < 91.6.2, and Focus &...
An attacker could have sent a message to the parent process where the contents were used to double-index into a JavaScript object, leading to prototype pollution and ultimately attacker-controlled JavaScript executing in the privileged parent process. This vulnerability affects Firefox ESR <...
8.8CVSS
7.8AI Score
0.002EPSS
If an attacker was able to corrupt the methods of an Array object in JavaScript via prototype pollution, they could have achieved execution of attacker-controlled JavaScript code in a privileged context. This vulnerability affects Firefox ESR < 91.9.1, Firefox < 100.0.2, Firefox for Android &...
8.8CVSS
7.8AI Score
0.002EPSS
An unexpected message in the WebGPU IPC framework could lead to a use-after-free and exploitable sandbox escape. We have had reports of attacks in the wild abusing this flaw. This vulnerability affects Firefox < 97.0.2, Firefox ESR < 91.6.1, Firefox for Android < 97.3.0, Thunderbird < 9...
When scanning QR codes, Firefox for Android would have allowed navigation to some URLs that do not point to web content.This bug only affects Firefox for Android. Other operating systems are unaffected.. This vulnerability affects Firefox <...
4.3CVSS
3.9AI Score
0.001EPSS
When a TLS Certificate error occurs on a domain protected by the HSTS header, the browser should not allow the user to bypass the certificate error. On Firefox for Android, the user was presented with the option to bypass the error; this could only have been done by the user explicitly. This bug...
8.1CVSS
7.3AI Score
0.001EPSS
Using the S.browser_fallback_url parameter parameter, an attacker could redirect a user to a URL and cause SameSite=Strict cookies to be sent.This issue only affects Firefox for Android. Other operating systems are not affected.. This vulnerability affects Firefox <...
6.1CVSS
6.7AI Score
0.001EPSS
When visiting a website with an overly long URL, the user interface would start to hang. Due to session restore, this could lead to a permanent Denial of Service.This bug only affects Firefox for Android. Other operating systems are unaffected.. This vulnerability affects Firefox <...
6.5CVSS
5.8AI Score
0.001EPSS
Under certain circumstances, a JavaScript alert (or prompt) could have been shown while another website was displayed underneath it. This could have been abused to trick the user. This bug only affects Firefox for Android. Other operating systems are unaffected.. This vulnerability affects Firefox....
4.3CVSS
4AI Score
0.001EPSS
A website that had permission to access the microphone could record audio without the audio notification being shown. This bug does not allow the attacker to bypass the permission prompt - it only affects the notification shown once permission has been granted.This bug only affects Firefox for...
4.3CVSS
5.3AI Score
0.001EPSS
When closed or sent to the background, Firefox for Android would not properly record and persist HSTS settings.Note: This issue only affected Firefox for Android. Other operating systems are unaffected.. This vulnerability affects Firefox <...
6.1CVSS
5.6AI Score
0.001EPSS
During startup, a graphics driver with an unexpected name could lead to a stack-buffer overflow causing a potentially exploitable crash.This issue only affects Firefox for Android. Other operating systems are not affected.. This vulnerability affects Firefox <...
6.5CVSS
6.2AI Score
0.001EPSS
When clicking on a tel: link, USSD codes, specified after a * character, would be included in the phone number. On certain phones, or on certain carriers, if the number was dialed this could perform actions on a user's account, similar to a cross-site request forgery attack.This bug only affects...
8.8CVSS
7.9AI Score
0.002EPSS
A Universal XSS vulnerability was present in Firefox for Android resulting from improper sanitization when processing a URL scanned from a QR code. This bug only affects Firefox for Android. Other operating systems are unaffected.. This vulnerability affects Firefox <...
6.1CVSS
5.6AI Score
0.001EPSS
When receiving a URL through a SEND intent, Firefox would have searched for the text, but subsequent usages of the address bar might have caused the URL to load unintentionally, which could lead to XSS and spoofing attacks. This bug only affects Firefox for Android. Other operating systems are...
6.1CVSS
5.4AI Score
0.001EPSS
Firefox for Android allowed navigations through the intent:// protocol, which could be used to cause crashes and UI spoofs. This bug only affects Firefox for Android. Other operating systems are unaffected.. This vulnerability affects Firefox <...
8.1CVSS
7.2AI Score
0.001EPSS
Firefox for Android could get stuck in fullscreen mode and not exit it even after normal interactions that should cause it to exit. Note: This issue only affected Firefox for Android. Other operating systems are unaffected.. This vulnerability affects Firefox <...
6.5CVSS
5.7AI Score
0.001EPSS
Password autofill was enabled without user interaction on insecure websites on Firefox for Android. This was corrected to require user interaction with the page before a user's password would be entered by the browser's autofill functionality This bug only affects Firefox for Android. Other...
8.8CVSS
8AI Score
0.002EPSS
If a user had granted a permission to a webpage and saved that grant, any webpage running on the same host - irrespective of scheme or port - would be granted that permission. This bug only affects Firefox for Android. Other operating systems are unaffected.. This vulnerability affects Firefox <...
9.8CVSS
8.7AI Score
0.002EPSS
When Web Render components were destructed, a race condition could have caused undefined behavior, and we presume that with enough effort may have been exploitable to run arbitrary code. This vulnerability affects Firefox < 88.0.1 and Firefox for Android <...
7.5CVSS
6.9AI Score
0.002EPSS
A malicious website that causes an HTTP Authentication dialog to be spawned could trick the built-in password manager to suggest passwords for the currently active website instead of the website that triggered the dialog. This bug only affects Firefox for Android. Other operating systems are...
5.3CVSS
4.8AI Score
0.001EPSS
A malicious webpage could have forced a Firefox for Android user into executing attacker-controlled JavaScript in the context of another domain, resulting in a Universal Cross-Site Scripting vulnerability. Note: This issue only affected Firefox for Android. Other operating systems are unaffected......
6.1CVSS
5.5AI Score
0.001EPSS
Lack of escaping allowed HTML injection when a webpage was viewed in Reader View. While a Content Security Policy prevents direct code execution, HTML injection is still possible. Note: This issue only affected Firefox for Android. Other operating systems are unaffected.. This vulnerability...
6.1CVSS
6AI Score
0.001EPSS
Address bar search suggestions in private browsing mode were re-using session data from normal mode. This bug only affects Firefox for Android. Other operating systems are unaffected.. This vulnerability affects Firefox <...
4.3CVSS
4.2AI Score
0.001EPSS
Firefox for Android would become unstable and hard-to-recover when a website opened too many popups. This bug only affects Firefox for Android. Other operating systems are unaffected.. This vulnerability affects Firefox <...
4.3CVSS
4AI Score
0.001EPSS