Firefox For Security Vulnerabilities
An unexpected message in the WebGPU IPC framework could lead to a use-after-free and exploitable sandbox escape. We have had reports of attacks in the wild abusing this flaw. This vulnerability affects Firefox < 97.0.2, Firefox ESR < 91.6.1, Firefox for Android < 97.3.0, Thunderbird < 9...
Under certain circumstances, a JavaScript alert (or prompt) could have been shown while another website was displayed underneath it. This could have been abused to trick the user. This bug only affects Firefox for Android. Other operating systems are unaffected.. This vulnerability affects Firefox....
4.3CVSS
4.7AI Score
0.001EPSS
When clicking on a tel: link, USSD codes, specified after a * character, would be included in the phone number. On certain phones, or on certain carriers, if the number was dialed this could perform actions on a user's account, similar to a cross-site request forgery attack.This bug only affects...
8.8CVSS
8.2AI Score
0.002EPSS
When scanning QR codes, Firefox for Android would have allowed navigation to some URLs that do not point to web content.This bug only affects Firefox for Android. Other operating systems are unaffected.. This vulnerability affects Firefox <...
4.3CVSS
3.9AI Score
0.001EPSS
By generally accepting and passing resource handles across processes, a compromised content process might have confused higher privileged processes to interact with handles that the unprivileged process should not have access to.This bug only affects Firefox for Windows and MacOS. Other operating.....
6.5CVSS
6.9AI Score
0.002EPSS
Securitypolicyviolation events could have leaked cross-origin information for frame-ancestors violations. This vulnerability affects Firefox ESR < 91.5, Firefox < 96, and Thunderbird <...
6.5CVSS
7.1AI Score
0.001EPSS
A race condition could have allowed bypassing the fullscreen notification which could have lead to a fullscreen window spoof being unnoticed.This bug only affects Firefox for Windows. Other operating systems are unaffected.. This vulnerability affects Firefox ESR < 91.5, Firefox < 96, and...
5.9CVSS
6.1AI Score
0.001EPSS
The constructed curl command from the "Copy as curl" feature in DevTools was not properly escaped for PowerShell. This could have lead to command injection if pasted into a Powershell prompt.This bug only affects Thunderbird for Windows. Other operating systems are unaffected.. This vulnerability.....
8.8CVSS
8.5AI Score
0.001EPSS
If Firefox was installed to a world-writable directory, a local privilege escalation could occur when Firefox searched the current directory for system libraries. However the install directory is not world-writable by default.This bug only affects Firefox for Windows in a non-default installation.....
7CVSS
6.3AI Score
0.0004EPSS
An attacker could have sent a message to the parent process where the contents were used to double-index into a JavaScript object, leading to prototype pollution and ultimately attacker-controlled JavaScript executing in the privileged parent process. This vulnerability affects Firefox ESR <...
8.8CVSS
7.8AI Score
0.002EPSS
If an attacker was able to corrupt the methods of an Array object in JavaScript via prototype pollution, they could have achieved execution of attacker-controlled JavaScript code in a privileged context. This vulnerability affects Firefox ESR < 91.9.1, Firefox < 100.0.2, Firefox for Android &...
8.8CVSS
8AI Score
0.003EPSS
The search term could have been specified externally to trigger SQL injection. This vulnerability affects Firefox for iOS <...
9.8CVSS
9.2AI Score
0.002EPSS
If a domain name contained a RTL character, it would cause the domain to be rendered to the right of the path. This could lead to user confusion and spoofing attacks. This bug only affects Firefox for Android. Other operating systems are unaffected.Note: Due to a clerical error this advisory was...
4.3CVSS
5.3AI Score
0.001EPSS
Mozilla Necko, as used in Firefox, SeaMonkey, and other applications, performs DNS prefetching of domain names contained in links within local HTML documents, which makes it easier for remote attackers to determine the network location of the application's user by logging DNS requests. NOTE: the...
6.3AI Score
0.002EPSS
Unspecified vulnerability in Wikipedia Toolbar extension before 0.5.9.2 for Firefox allows user-assisted remote attackers to execute arbitrary JavaScript with Chrome privileges via vectors involving unspecified Toolbar buttons and the eval function. NOTE: the provenance of this information is...
6.9AI Score
0.006EPSS
Mozilla Firefox before 3.6 Beta 3 does not properly handle overlong UTF-8 encoding, which makes it easier for remote attackers to bypass cross-site scripting (XSS) protection mechanisms via a crafted string, a different vulnerability than...
8.1AI Score
0.002EPSS
Argument injection vulnerability in (1) src/content/js/connection/sftp.js and (2) src/content/js/connection/controlSocket.js.in in FireFTP Extension 1.0.5 for Firefox allows remote authenticated SFTP users to cause victims to alter permissions, delete, download, or move the wrong file via a...
6.6AI Score
0.018EPSS
The file download dialog in Mozilla Firefox 0.10.1 and 1.0 for Windows uses the Content-Type HTTP header to determine the file type, but saves the original file extension when "Save to Disk" is selected, which allows remote attackers to hide the real file types of downloaded...
7.1AI Score
0.002EPSS
The file download dialog in Mozilla Firefox 0.10.1 and 1.0 for Windows allows remote attackers to hide the real file types of downloaded files via the Content-Type HTTP header and a filename containing whitespace, dots, or ASCII byte...
7.1AI Score
0.002EPSS
content/unity-api.js in the unity-firefox-extension extension 2.4.1 for Firefox exposes the toDataURL function in an API call, which allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted...
6.1AI Score
0.002EPSS
Cross-site scripting (XSS) vulnerability in the Sage add-on 1.3.10 and earlier for Firefox allows remote attackers to inject arbitrary web script or HTML via a crafted feed, a different vulnerability than...
5.5AI Score
0.018EPSS
Multiple cross-site scripting (XSS) vulnerabilities in Mozilla Firefox 3.0.1 through 3.0.3 allow remote attackers to inject arbitrary web script or HTML via an ftp:// URL for an HTML document within a (1) JPG, (2) PDF, or (3) TXT file. NOTE: the provenance of this information is unknown; the...
5.5AI Score
0.001EPSS
When a user loaded a Web Extensions context menu, the Web Extension could access the post-redirect URL of the element clicked. If the Web Extension lacked the WebRequest permission for the hosts involved in the redirect, this would be a same-origin-violation leaking data the Web Extension should...
4.3CVSS
4.4AI Score
0.001EPSS
A Universal XSS vulnerability was present in Firefox for Android resulting from improper sanitization when processing a URL scanned from a QR code. This bug only affects Firefox for Android. Other operating systems are unaffected.. This vulnerability affects Firefox <...
6.1CVSS
5.6AI Score
0.001EPSS
By displaying a form validity message in the correct location at the same time as a permission prompt (such as for geolocation), the validity message could have obscured the prompt, resulting in the user potentially being tricked into granting the permission. This vulnerability affects Firefox <...
4.3CVSS
6.1AI Score
0.002EPSS
When receiving a URL through a SEND intent, Firefox would have searched for the text, but subsequent usages of the address bar might have caused the URL to load unintentionally, which could lead to XSS and spoofing attacks. This bug only affects Firefox for Android. Other operating systems are...
6.1CVSS
5.4AI Score
0.001EPSS
By misusing a race in our notification code, an attacker could have forcefully hidden the notification for pages that had received full screen and pointer lock access, which could have been used for spoofing attacks. This vulnerability affects Thunderbird < 91.4.0, Firefox ESR < 91.4.0, and.....
4.3CVSS
6.4AI Score
0.002EPSS
Using XMLHttpRequest, an attacker could have identified installed applications by probing error messages for loading external protocols. This vulnerability affects Thunderbird < 91.4.0, Firefox ESR < 91.4.0, and Firefox <...
6.5CVSS
7.3AI Score
0.006EPSS
When invoking protocol handlers for external protocols, a supplied parameter URL containing spaces was not properly escaped. This vulnerability affects Thunderbird < 91.4.0, Firefox ESR < 91.4.0, and Firefox <...
6.5CVSS
7.3AI Score
0.002EPSS
WebExtensions with the correct permissions were able to create and install ServiceWorkers for third-party websites that would not have been uninstalled with the extension. This vulnerability affects Firefox <...
6.5CVSS
6.7AI Score
0.001EPSS
Microsoft introduced a new feature in Windows 10 known as Cloud Clipboard which, if enabled, will record data copied to the clipboard to the cloud, and make it available on other computers in certain scenarios. Applications that wish to prevent copied data from being recorded in Cloud History must....
6.5CVSS
6.7AI Score
0.001EPSS
Firefox for Android allowed navigations through the intent:// protocol, which could be used to cause crashes and UI spoofs. This bug only affects Firefox for Android. Other operating systems are unaffected.. This vulnerability affects Firefox <...
8.1CVSS
7.2AI Score
0.001EPSS
When delegating navigations to the operating system, Firefox would accept the mk scheme which might allow attackers to launch pages and execute scripts in Internet Explorer in unprivileged mode. This bug only affects Firefox for Windows. Other operating systems are unaffected.. This vulnerability.....
6.5CVSS
6.5AI Score
0.003EPSS
Firefox incorrectly accepted a newline in a HTTP/3 header, interpretting it as two separate headers. This allowed for a header splitting attack against servers using HTTP/3. This vulnerability affects Firefox < 91.0.1 and Thunderbird <...
8.1CVSS
7.7AI Score
0.002EPSS
Firefox for Android could get stuck in fullscreen mode and not exit it even after normal interactions that should cause it to exit. Note: This issue only affected Firefox for Android. Other operating systems are unaffected.. This vulnerability affects Firefox <...
6.5CVSS
6.4AI Score
0.001EPSS
Password autofill was enabled without user interaction on insecure websites on Firefox for Android. This was corrected to require user interaction with the page before a user's password would be entered by the browser's autofill functionality This bug only affects Firefox for Android. Other...
8.8CVSS
8.3AI Score
0.002EPSS
If a user had granted a permission to a webpage and saved that grant, any webpage running on the same host - irrespective of scheme or port - would be granted that permission. This bug only affects Firefox for Android. Other operating systems are unaffected.. This vulnerability affects Firefox <...
9.8CVSS
8.7AI Score
0.002EPSS
A malicious website that causes an HTTP Authentication dialog to be spawned could trick the built-in password manager to suggest passwords for the currently active website instead of the website that triggered the dialog. This bug only affects Firefox for Android. Other operating systems are...
5.3CVSS
5AI Score
0.001EPSS
When a download was initiated, the client did not check whether it was in normal or private browsing mode, which led to private mode cookies being shared in normal browsing mode. This vulnerability affects Firefox for iOS <...
4.3CVSS
4AI Score
0.001EPSS
A malicious webpage could have forced a Firefox for Android user into executing attacker-controlled JavaScript in the context of another domain, resulting in a Universal Cross-Site Scripting vulnerability. Note: This issue only affected Firefox for Android. Other operating systems are unaffected......
6.1CVSS
5.7AI Score
0.001EPSS
Address bar search suggestions in private browsing mode were re-using session data from normal mode. This bug only affects Firefox for Android. Other operating systems are unaffected.. This vulnerability affects Firefox <...
4.3CVSS
4.2AI Score
0.001EPSS
Firefox used to cache the last filename used for printing a file. When generating a filename for printing, Firefox usually suggests the web page title. The caching and suggestion techniques combined may have lead to the title of a website visited during private browsing mode being stored on disk......
4.3CVSS
5.2AI Score
0.001EPSS
Firefox for Android would become unstable and hard-to-recover when a website opened too many popups. This bug only affects Firefox for Android. Other operating systems are unaffected.. This vulnerability affects Firefox <...
4.3CVSS
4.1AI Score
0.001EPSS
When Web Render components were destructed, a race condition could have caused undefined behavior, and we presume that with enough effort may have been exploitable to run arbitrary code. This vulnerability affects Firefox < 88.0.1 and Firefox for Android <...
7.5CVSS
6.8AI Score
0.002EPSS
By utilizing 3D CSS in conjunction with Javascript, content could have been rendered outside the webpage's viewport, resulting in a spoofing attack that could have been used for phishing or other attacks on a user. This vulnerability affects Firefox <...
6.5CVSS
6.2AI Score
0.001EPSS
Lack of escaping allowed HTML injection when a webpage was viewed in Reader View. While a Content Security Policy prevents direct code execution, HTML injection is still possible. Note: This issue only affected Firefox for Android. Other operating systems are unaffected.. This vulnerability...
6.1CVSS
6.4AI Score
0.001EPSS
Out of bounds write in ANGLE in Google Chrome prior to 91.0.4472.101 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML...
8.8CVSS
5.9AI Score
0.008EPSS
By causing a transition on a parent node by removing a CSS rule, an invalid property for a marker could have been applied, resulting in memory corruption and a potentially exploitable crash. This vulnerability affects Firefox <...
6.5CVSS
7AI Score
0.001EPSS
If an attacker is able to alter specific about:config values (for example malware running on the user's computer), the Devtools remote debugging feature could have been enabled in a way that was unnoticable to the user. This would have allowed a remote attacker (able to make a direct network...
6.5CVSS
6.5AI Score
0.003EPSS
Firefox for Android suffered from a time-of-check-time-of-use vulnerability that allowed a malicious application to read sensitive data from application directories. Note: This issue is only affected Firefox for Android. Other operating systems are unaffected. This vulnerability affects Firefox <...
5.3CVSS
5.3AI Score
0.002EPSS