54 matches found
CVE-2021-29973
Password autofill was enabled without user interaction on insecure websites on Firefox for Android. This was corrected to require user interaction with the page before a user's password would be entered by the browser's autofill functionality This bug only affects Firefox for Android. Other...
CVE-2025-1940
A select option could partially obscure the confirmation prompt shown before launching external apps. This could be used to trick a user in to launching an external app unexpectedly. This issue only affects Android versions of Firefox. This vulnerability affects Firefox 136...
UBUNTU-CVE-2025-1940
A select option could partially obscure the confirmation prompt shown before launching external apps. This could be used to trick a user in to launching an external app unexpectedly. This issue only affects Android versions of Firefox. This vulnerability affects Firefox 136...
SUSE CVE-2023-29549
Under certain circumstances, a call to the bind function may have resulted in the incorrect realm. This may have created a vulnerability relating to JavaScript-implemented sandboxes such as SES. This vulnerability affects Firefox for Android 112, Firefox 112, and Focus for Android 112...
CVE-2024-9395
A specially crafted filename containing a large number of spaces could obscure the file's extension when displayed in the download dialog. This bug only affects Firefox for Android. Other versions of Firefox are unaffected. This vulnerability affects Firefox 131...
CVE-2024-7523
A select option could partially obscure security prompts. This could be used by a malicious site to trick a user into granting permissions. This issue only affects Android versions of Firefox. This vulnerability affects Firefox 129...
UBUNTU-CVE-2024-7523
A select option could partially obscure security prompts. This could be used by a malicious site to trick a user into granting permissions. This issue only affects Android versions of Firefox. This vulnerability affects Firefox 129...
CVE-2024-4766
Different techniques existed to obscure the fullscreen notification in Firefox for Android. These could have led to potential user confusion and spoofing attacks. This bug only affects Firefox for Android. Other versions of Firefox are unaffected. This vulnerability affects Firefox 126...
CVE-2024-4765
Web application manifests were stored by using an insecure MD5 hash which allowed for a hash collision to overwrite another application's manifest. This could have been exploited to run arbitrary code in another application's context. This issue only affects Firefox for Android. Other versions of...
CVE-2023-6870
Applications which spawn a Toast notification in a background thread may have obscured fullscreen notifications displayed by Firefox. This issue only affects Android versions of Firefox and Firefox Focus. This vulnerability affects Firefox 121...
UBUNTU-CVE-2023-6870
Applications which spawn a Toast notification in a background thread may have obscured fullscreen notifications displayed by Firefox. This issue only affects Android versions of Firefox and Firefox Focus. This vulnerability affects Firefox 121...
SUSE CVE-2023-29540
Using a redirect embedded into sourceMappingUrls could allow for navigation to external protocol links in sandboxed iframes without allow-top-navigation-to-custom-protocols. This vulnerability affects Firefox for Android 112, Firefox 112, and Focus for Android 112...
CVE-2023-29538
Under specific circumstances a WebExtension may have received a jar:file:/// URI instead of a moz-extension:/// URI during a load request. This leaked directory paths on the user's machine. This vulnerability affects Firefox for Android 112, Firefox 112, and Focus for Android 112...
CVE-2023-28159
The fullscreen notification could have been hidden on Firefox for Android by using download popups, resulting in potential user confusion or spoofing attacks. This bug only affects Firefox for Android. Other operating systems are unaffected.. This vulnerability affects Firefox 111...
CVE-2023-29540
Using a redirect embedded into sourceMappingUrls could allow for navigation to external protocol links in sandboxed iframes without allow-top-navigation-to-custom-protocols. This vulnerability affects Firefox for Android 112, Firefox 112, and Focus for Android 112...
DEBIAN-CVE-2023-29550
Memory safety bugs present in Firefox 111 and Firefox ESR 102.9. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox 112, Focus for Android 112, Firefox ESR...
CVE-2023-23600
Per origin notification permissions were being stored in a way that didn't take into account what browsing context the permission was granted in. This lead to the possibility of notifications to be displayed during different browsing sessions. This bug only affects Firefox for Android. Other...
UBUNTU-CVE-2023-29551
Memory safety bugs present in Firefox 111. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox for Android 112, Firefox 112, and Focus for Android 112...
UBUNTU-CVE-2023-29540
Using a redirect embedded into sourceMappingUrls could allow for navigation to external protocol links in sandboxed iframes without allow-top-navigation-to-custom-protocols. This vulnerability affects Firefox for Android 112, Firefox 112, and Focus for Android 112...
UBUNTU-CVE-2023-29538
Under specific circumstances a WebExtension may have received a jar:file:/// URI instead of a moz-extension:/// URI during a load request. This leaked directory paths on the user's machine. This vulnerability affects Firefox for Android 112, Firefox 112, and Focus for Android 112...