CVE-2021-23956

An ambiguous file picker design could have confused users who intended to select and upload a single file into uploading a whole directory. This was addressed by adding a new prompt. This vulnerability affects Firefox 85...

Security Vulnerabilities fixed in Firefox 85 — Mozilla

If a user clicked into a specifically crafted PDF, the PDF reader could be confused into leaking cross-origin information, when said information is served as chunked data. Using the new logical assignment operators in a JavaScript switch statement could have caused a type confusion, leading to a...

UBUNTU-CVE-2021-23956

An ambiguous file picker design could have confused users who intended to select and upload a single file into uploading a whole directory. This was addressed by adding a new prompt. This vulnerability affects Firefox 85...

Security Bulletin: Multiple vulnerabilities of Mozilla Firefox (less than Firefox 68.11.0 ESR) hava affected Synthetic Playback Agent 8.1.4.0-8.1.4 IF11 + ICAM2019.3.0 - 2020.2.0

Summary Synthetic Playback Agent has addressed the following vulnerabilities: CVE-2020-15649, CVE-2020-15650 Vulnerability Details CVEID: CVE-2020-15649 DESCRIPTION: Mozilla Firefox could allow a remote attacker to bypass security restrictions. By persuading a victim to install a specially crafte...

CVE-2020-15650

Given an installed malicious file picker application, an attacker was able to overwrite local files and thus overwrite Firefox settings but not access the previous profile. Note: This issue only affected Firefox for Android. Other operating systems are unaffected.. This vulnerability affects...

CVE-2020-15649

Given an installed malicious file picker application, an attacker was able to steal and upload local files of their choosing, regardless of the actually files picked. Note: This issue only affected Firefox for Android. Other operating systems are unaffected.. This vulnerability affects Firefox ES...

CVE-2020-15650

Given an installed malicious file picker application, an attacker was able to overwrite local files and thus overwrite Firefox settings but not access the previous profile. Note: This issue only affected Firefox for Android. Other operating systems are unaffected.. This vulnerability affects...

CVE-2020-15650

Given an installed malicious file picker application, an attacker was able to overwrite local files and thus overwrite Firefox settings but not access the previous profile. Note: This issue only affected Firefox for Android. Other operating systems are unaffected.. This vulnerability affects...

CVE-2020-15649

Given an installed malicious file picker application, an attacker was able to steal and upload local files of their choosing, regardless of the actually files picked. Note: This issue only affected Firefox for Android. Other operating systems are unaffected.. This vulnerability affects Firefox ES...

CVE-2020-15650

Given an installed malicious file picker application, an attacker was able to overwrite local files and thus overwrite Firefox settings but not access the previous profile. Note: This issue only affected Firefox for Android. Other operating systems are unaffected.. This vulnerability affects...

Code injection

Given an installed malicious file picker application, an attacker was able to steal and upload local files of their choosing, regardless of the actually files picked. Note: This issue only affected Firefox for Android. Other operating systems are unaffected.. This vulnerability affects Firefox ES...

CVE-2020-15650

Given an installed malicious file picker application, an attacker was able to overwrite local files and thus overwrite Firefox settings but not access the previous profile. Note: This issue only affected Firefox for Android. Other operating systems are unaffected.. This vulnerability affects...

CVE-2020-15649

CVE-2020-15649 : Mozilla Firefox ESR versions earlier than 68.11 are affected. A malicious file picker application could cause the browser to steal and upload local files of the user’s choosing, independent of the actual files selected. The issue is described as affecting Firefox for Android and ...

CVE-2020-15650

Given an installed malicious file picker application, an attacker was able to overwrite local files and thus overwrite Firefox settings but not access the previous profile. Note: This issue only affected Firefox for Android. Other operating systems are unaffected.. This vulnerability affects...

CVE-2020-15650

Given an installed malicious file picker application, an attacker was able to overwrite local files and thus overwrite Firefox settings but not access the previous profile. Note: This issue only affected Firefox for Android. Other operating systems are unaffected.. This vulnerability affects...

Authorization Bypass

firefox for android is vulnerable to authorization bypass. The vulnerability exists as local files can be stolen or uploaded through a file picker application...

CMS Made Simple <= 2.2.14 Multiple XSS Vulnerabilities

CMS Made Simple is prone to multiple cross-site scripting XSS vulnerabilities. SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Mail.ru: Private file read through file attachment

my.com MyMail application for Android could be tricked by malicious local application selected as a file picker by user to copy the file from application folder to insecure location...

CVE-2020-13660

CMS Made Simple through 2.2.14 allows XSS via a crafted File Picker profile name...

Cross site scripting

CMS Made Simple through 2.2.14 allows XSS via a crafted File Picker profile name...