380 matches found
CVE-2025-6431 The prompt in Firefox for Android that asks before opening a link in an external application could be bypassed
When a link can be opened in an external application, Firefox for Android will, by default, prompt the user before doing so. An attacker could have bypassed this prompt, potentially exposing the user to security vulnerabilities or privacy leaks in external applications. This bug only affects...
CVE-2025-6431
When a link can be opened in an external application, Firefox for Android will, by default, prompt the user before doing so. An attacker could have bypassed this prompt, potentially exposing the user to security vulnerabilities or privacy leaks in external applications. This bug only affects...
CVE-2025-6431
The connected documents confirm CVE-2025-6431 affects Firefox for Android and describes a bypass where the prompt to open a link in an external application could be bypassed, potentially exposing users to security/privacy risks in external apps. The vulnerability is limited to Firefox for Android...
CVE-2025-6431 The prompt in Firefox for Android that asks before opening a link in an external application could be bypassed
When a link can be opened in an external application, Firefox for Android will, by default, prompt the user before doing so. An attacker could have bypassed this prompt, potentially exposing the user to security vulnerabilities or privacy leaks in external applications. This bug only affects...
CVE-2025-6431
When a link can be opened in an external application, Firefox for Android will, by default, prompt the user before doing so. An attacker could have bypassed this prompt, potentially exposing the user to security vulnerabilities or privacy leaks in external applications. This bug only affects...
CVE-2025-6428
When a URL was provided in a link querystring parameter, Firefox for Android would follow that URL instead of the correct URL, potentially leading to phishing attacks. This bug only affects Firefox for Android. Other versions of Firefox are unaffected.. This vulnerability was fixed in Firefox 140...
PT-2025-26725
Name of the Vulnerable Software and Affected Versions: Firefox for Android versions prior to 140 Description: The issue allows an attacker to potentially lead to phishing attacks by following a provided URL in a link querystring parameter instead of the correct URL. This affects Firefox for...
PT-2025-26728
Name of the Vulnerable Software and Affected Versions: Firefox for Android versions prior to 140 Description: The issue allows an attacker to bypass the default prompt that appears when a link can be opened in an external application, potentially exposing the user to security risks or privacy lea...
CVE-2024-8897
Under certain conditions, an attacker with the ability to redirect users to a malicious site via an open redirect on a trusted site, may be able to spoof the address bar contents. This can lead to a malicious site to appear to have the same URL as the trusted site. This bug only affects Firefox f...
CVE-2023-25747
A potential use-after-free in libaudio was fixed by disabling the AAudio backend when running on Android API below version 30. This bug only affects Firefox for Android. Other versions of Firefox are unaffected. This vulnerability affects Firefox for Android 110.1.0...
CVE-2023-29549
Under certain circumstances, a call to the bind function may have resulted in the incorrect realm. This may have created a vulnerability relating to JavaScript-implemented sandboxes such as SES. This vulnerability affects Firefox for Android 112, Firefox 112, and Focus for Android 112...
CVE-2022-45413
Using the S.browserfallbackurl parameter parameter, an attacker could redirect a user to a URL and cause SameSite=Strict cookies to be sent. This issue only affects Firefox for Android. Other operating systems are not affected.. This vulnerability affects Firefox 107...
CVE-2022-22758
When clicking on a tel: link, USSD codes, specified after a \ character, would be included in the phone number. On certain phones, or on certain carriers, if the number was dialed this could perform actions on a user's account, similar to a cross-site request forgery attack. This bug only affects...
CVE-2022-40961
During startup, a graphics driver with an unexpected name could lead to a stack-buffer overflow causing a potentially exploitable crash. This issue only affects Firefox for Android. Other operating systems are not affected.. This vulnerability affects Firefox 105...
CVE-2022-29910
When closed or sent to the background, Firefox for Android would not properly record and persist HSTS settings. Note: This issue only affected Firefox for Android. Other operating systems are unaffected.. This vulnerability affects Firefox 100...
CVE-2022-22762
Under certain circumstances, a JavaScript alert or prompt could have been shown while another website was displayed underneath it. This could have been abused to trick the user. This bug only affects Firefox for Android. Other operating systems are unaffected.. This vulnerability affects Firefox ...
CVE-2022-34469
When a TLS Certificate error occurs on a domain protected by the HSTS header, the browser should not allow the user to bypass the certificate error. On Firefox for Android, the user was presented with the option to bypass the error; this could only have been done by the user explicitly. This bug...
CVE-2021-29944
Lack of escaping allowed HTML injection when a webpage was viewed in Reader View. While a Content Security Policy prevents direct code execution, HTML injection is still possible. Note: This issue only affected Firefox for Android. Other operating systems are unaffected.. This vulnerability affec...
CVE-2021-23959
An XSS bug in internal error pages could have led to various spoofing attacks, including other error pages and the address bar. Note: This issue only affected Firefox for Android. Other operating systems are unaffected. This vulnerability affects Firefox 85...
CVE-2021-43530
A Universal XSS vulnerability was present in Firefox for Android resulting from improper sanitization when processing a URL scanned from a QR code. This bug only affects Firefox for Android. Other operating systems are unaffected.. This vulnerability affects Firefox 94...