Firefox For Security Vulnerabilities
A file with a long filename could have had its filename truncated to remove the valid extension, leaving a malicious extension in its place. This could potentially led to user confusion and the execution of malicious code.Note: This issue was originally included in the advisories for Thunderbird...
8.8CVSS
8.6AI Score
0.006EPSS
Service Workers did not detect Private Browsing Mode correctly in all cases, which could have led to Service Workers being written to disk for websites visited in Private Browsing Mode. This would not have persisted them in a state where they would run again, but it would have leaked Private...
4.3CVSS
5.6AI Score
0.001EPSS
If Firefox was installed to a world-writable directory, a local privilege escalation could occur when Firefox searched the current directory for system libraries. However the install directory is not world-writable by default.This bug only affects Firefox for Windows in a non-default installation.....
7CVSS
6.3AI Score
0.0004EPSS
When a user loaded a Web Extensions context menu, the Web Extension could access the post-redirect URL of the element clicked. If the Web Extension lacked the WebRequest permission for the hosts involved in the redirect, this would be a same-origin-violation leaking data the Web Extension should...
4.3CVSS
4.4AI Score
0.001EPSS
By displaying a form validity message in the correct location at the same time as a permission prompt (such as for geolocation), the validity message could have obscured the prompt, resulting in the user potentially being tricked into granting the permission. This vulnerability affects Firefox <...
4.3CVSS
5.6AI Score
0.002EPSS
A Universal XSS vulnerability was present in Firefox for Android resulting from improper sanitization when processing a URL scanned from a QR code. This bug only affects Firefox for Android. Other operating systems are unaffected.. This vulnerability affects Firefox <...
6.1CVSS
5.6AI Score
0.001EPSS
Microsoft introduced a new feature in Windows 10 known as Cloud Clipboard which, if enabled, will record data copied to the clipboard to the cloud, and make it available on other computers in certain scenarios. Applications that wish to prevent copied data from being recorded in Cloud History must....
6.5CVSS
6.6AI Score
0.001EPSS
When receiving a URL through a SEND intent, Firefox would have searched for the text, but subsequent usages of the address bar might have caused the URL to load unintentionally, which could lead to XSS and spoofing attacks. This bug only affects Firefox for Android. Other operating systems are...
6.1CVSS
5.4AI Score
0.001EPSS
By misusing a race in our notification code, an attacker could have forcefully hidden the notification for pages that had received full screen and pointer lock access, which could have been used for spoofing attacks. This vulnerability affects Thunderbird < 91.4.0, Firefox ESR < 91.4.0, and.....
4.3CVSS
6AI Score
0.001EPSS
Using XMLHttpRequest, an attacker could have identified installed applications by probing error messages for loading external protocols. This vulnerability affects Thunderbird < 91.4.0, Firefox ESR < 91.4.0, and Firefox <...
6.5CVSS
7.1AI Score
0.004EPSS
When invoking protocol handlers for external protocols, a supplied parameter URL containing spaces was not properly escaped. This vulnerability affects Thunderbird < 91.4.0, Firefox ESR < 91.4.0, and Firefox <...
6.5CVSS
7.1AI Score
0.002EPSS
WebExtensions with the correct permissions were able to create and install ServiceWorkers for third-party websites that would not have been uninstalled with the extension. This vulnerability affects Firefox <...
6.5CVSS
6.2AI Score
0.001EPSS
Firefox for Android allowed navigations through the intent:// protocol, which could be used to cause crashes and UI spoofs. This bug only affects Firefox for Android. Other operating systems are unaffected.. This vulnerability affects Firefox <...
8.1CVSS
7.2AI Score
0.001EPSS
Firefox incorrectly accepted a newline in a HTTP/3 header, interpretting it as two separate headers. This allowed for a header splitting attack against servers using HTTP/3. This vulnerability affects Firefox < 91.0.1 and Thunderbird <...
8.1CVSS
7.1AI Score
0.002EPSS
When delegating navigations to the operating system, Firefox would accept the mk scheme which might allow attackers to launch pages and execute scripts in Internet Explorer in unprivileged mode. This bug only affects Firefox for Windows. Other operating systems are unaffected.. This vulnerability.....
6.5CVSS
6.3AI Score
0.002EPSS
Firefox for Android could get stuck in fullscreen mode and not exit it even after normal interactions that should cause it to exit. Note: This issue only affected Firefox for Android. Other operating systems are unaffected.. This vulnerability affects Firefox <...
6.5CVSS
5.7AI Score
0.001EPSS
Password autofill was enabled without user interaction on insecure websites on Firefox for Android. This was corrected to require user interaction with the page before a user's password would be entered by the browser's autofill functionality This bug only affects Firefox for Android. Other...
8.8CVSS
8AI Score
0.002EPSS
If a user had granted a permission to a webpage and saved that grant, any webpage running on the same host - irrespective of scheme or port - would be granted that permission. This bug only affects Firefox for Android. Other operating systems are unaffected.. This vulnerability affects Firefox <...
9.8CVSS
8.7AI Score
0.002EPSS
A malicious website that causes an HTTP Authentication dialog to be spawned could trick the built-in password manager to suggest passwords for the currently active website instead of the website that triggered the dialog. This bug only affects Firefox for Android. Other operating systems are...
5.3CVSS
4.8AI Score
0.001EPSS
When Web Render components were destructed, a race condition could have caused undefined behavior, and we presume that with enough effort may have been exploitable to run arbitrary code. This vulnerability affects Firefox < 88.0.1 and Firefox for Android <...
7.5CVSS
6.9AI Score
0.002EPSS
When a download was initiated, the client did not check whether it was in normal or private browsing mode, which led to private mode cookies being shared in normal browsing mode. This vulnerability affects Firefox for iOS <...
4.3CVSS
3.9AI Score
0.001EPSS
A malicious webpage could have forced a Firefox for Android user into executing attacker-controlled JavaScript in the context of another domain, resulting in a Universal Cross-Site Scripting vulnerability. Note: This issue only affected Firefox for Android. Other operating systems are unaffected......
6.1CVSS
5.5AI Score
0.001EPSS
By utilizing 3D CSS in conjunction with Javascript, content could have been rendered outside the webpage's viewport, resulting in a spoofing attack that could have been used for phishing or other attacks on a user. This vulnerability affects Firefox <...
6.5CVSS
5.9AI Score
0.001EPSS
Firefox used to cache the last filename used for printing a file. When generating a filename for printing, Firefox usually suggests the web page title. The caching and suggestion techniques combined may have lead to the title of a website visited during private browsing mode being stored on disk......
4.3CVSS
4.6AI Score
0.001EPSS
Lack of escaping allowed HTML injection when a webpage was viewed in Reader View. While a Content Security Policy prevents direct code execution, HTML injection is still possible. Note: This issue only affected Firefox for Android. Other operating systems are unaffected.. This vulnerability...
6.1CVSS
6AI Score
0.001EPSS
Address bar search suggestions in private browsing mode were re-using session data from normal mode. This bug only affects Firefox for Android. Other operating systems are unaffected.. This vulnerability affects Firefox <...
4.3CVSS
4.2AI Score
0.001EPSS
Firefox for Android would become unstable and hard-to-recover when a website opened too many popups. This bug only affects Firefox for Android. Other operating systems are unaffected.. This vulnerability affects Firefox <...
4.3CVSS
4AI Score
0.001EPSS
By causing a transition on a parent node by removing a CSS rule, an invalid property for a marker could have been applied, resulting in memory corruption and a potentially exploitable crash. This vulnerability affects Firefox <...
6.5CVSS
6.2AI Score
0.001EPSS
If an attacker is able to alter specific about:config values (for example malware running on the user's computer), the Devtools remote debugging feature could have been enabled in a way that was unnoticable to the user. This would have allowed a remote attacker (able to make a direct network...
6.5CVSS
5.8AI Score
0.003EPSS
An XSS bug in internal error pages could have led to various spoofing attacks, including other error pages and the address bar. Note: This issue only affected Firefox for Android. Other operating systems are unaffected. This vulnerability affects Firefox <...
6.1CVSS
5.5AI Score
0.001EPSS
Navigations through the Android-specific intent URL scheme could have been misused to escape iframe sandbox. Note: This issue only affected Firefox for Android. Other operating systems are unaffected. This vulnerability affects Firefox <...
7.4CVSS
6.8AI Score
0.001EPSS
Firefox for Android suffered from a time-of-check-time-of-use vulnerability that allowed a malicious application to read sensitive data from application directories. Note: This issue is only affected Firefox for Android. Other operating systems are unaffected. This vulnerability affects Firefox <...
5.3CVSS
4.3AI Score
0.002EPSS
The DOMParser API did not properly process '' elements for escaping. This could be used as an mXSS vector to bypass an HTML Sanitizer. This vulnerability affects Firefox <...
6.1CVSS
5.6AI Score
0.001EPSS
One phishing tactic on the web is to provide a link with HTTP Auth. For example 'https://[email protected]'. To mitigate this type of attack, Firefox will display a warning dialog; however, this warning dialog would not have been displayed if evil.com used a redirect that was cached.....
8.8CVSS
8AI Score
0.002EPSS
The developer page about:memory has a Measure function for exploring what object types the browser has allocated and their sizes. When this function was invoked we incorrectly called the sizeof function, instead of using the API method that checks for invalid pointers. This vulnerability affects...
6.5CVSS
5.8AI Score
0.001EPSS
When accepting a malicious intent from other installed apps, Firefox for Android accepted manifests from arbitrary file paths and allowed declaring webapp manifests for other origins. This could be used to gain fullscreen access for UI spoofing and could also lead to cross-origin attacks on...
8.1CVSS
5.1AI Score
0.002EPSS
By attempting to connect a website using an unresponsive port, an attacker could have controlled the content of a tab while the URL bar displayed the original domain. Note: This issue only affects Firefox for Android. Other operating systems are unaffected.. This vulnerability affects Firefox <....
6.5CVSS
5.8AI Score
0.001EPSS
When a HTTPS pages was embedded in a HTTP page, and there was a service worker registered for the former, the service worker could have intercepted the request for the secure page despite the iframe not being a secure context due to the (insecure) framing. This vulnerability affects Firefox <...
6.5CVSS
6.5AI Score
0.006EPSS
When a malicious application installed on the user's device broadcast an Intent to Firefox for Android, arbitrary headers could have been specified, leading to attacks such as abusing ambient authority or session fixation. This was resolved by only allowing certain safe-listed headers. Note: This.....
6.5CVSS
6AI Score
0.001EPSS
When an extension with the proxy permission registered to receive , the proxy.onRequest callback was not triggered for view-source URLs. While web content cannot navigate to such URLs, a user opening View Source could have inadvertently leaked their IP address. This vulnerability affects Firefox &l...
4.3CVSS
5.2AI Score
0.001EPSS
If the Remote Debugging via USB feature was enabled in Firefox for Android on an Android version prior to Android 6.0, untrusted apps could have connected to the feature and operated with the privileges of the browser to read and interact with web content. The feature was implemented as a unix...
6.8CVSS
6.2AI Score
0.002EPSS
When a user downloaded a file in Firefox for Android, if a cookie is set, it would have been re-sent during a subsequent file download operation on the same domain, regardless of whether the original and subsequent request were in private and non-private browsing modes. Note: This issue only...
6.5CVSS
6.2AI Score
0.001EPSS
OneCRL was non-functional in the new Firefox for Android due to a missing service initialization. This could result in a failure to enforce some certificate revocations. Note: This issue only affected Firefox for Android. Other operating systems are unaffected.. This vulnerability affects Firefox.....
6.5CVSS
5.8AI Score
0.001EPSS
Searching for a single word from the address bar caused an mDNS request to be sent on the local network searching for a hostname consisting of that string; resulting in an information leak. Note: This issue only affected Windows operating systems. Other operating systems are unaffected.. This...
6.5CVSS
6.1AI Score
0.001EPSS
When accepting a malicious intent from other installed apps, Firefox for Android accepted manifests from arbitrary file paths and allowed declaring webapp manifests for other origins. This could be used to gain fullscreen access for UI spoofing and could also lead to cross-origin attacks on...
4.3CVSS
5.2AI Score
0.001EPSS
Some websites have a feature "Show Password" where clicking a button will change a password field into a textbook field, revealing the typed password. If, when using a software keyboard that remembers user input, a user typed their password and used that feature, the type of the password field was....
6.5CVSS
6.5AI Score
0.001EPSS
When listening for page changes with a Mutation Observer, a malicious web page could confuse Firefox Screenshots into interacting with elements other than those that it injected into the page. This would lead to internal errors and unexpected behavior in the Screenshots code. This vulnerability...
6.5CVSS
6.5AI Score
0.001EPSS
When performing EC scalar point multiplication, the wNAF point multiplication algorithm was used; which leaked partial information about the nonce used during signature generation. Given an electro-magnetic trace of a few signature generations, the private key could have been computed. This...
5.3CVSS
5.7AI Score
0.001EPSS
During ECDSA signature generation, padding applied in the nonce designed to ensure constant-time scalar multiplication was removed, resulting in variable-time execution dependent on secret data. This vulnerability affects Firefox < 80 and Firefox for Android <...
4.7CVSS
5.7AI Score
0.0005EPSS
When converting coordinates from projective to affine, the modular inversion was not performed in constant time, resulting in a possible timing-based side channel attack. This vulnerability affects Firefox < 80 and Firefox for Android <...
4.7CVSS
5.6AI Score
0.0004EPSS