Lucene search
+L

380 matches found

Vulnrichment
Vulnrichment
added 2025/06/24 12:28 p.m.2 views

CVE-2025-6431 The prompt in Firefox for Android that asks before opening a link in an external application could be bypassed

When a link can be opened in an external application, Firefox for Android will, by default, prompt the user before doing so. An attacker could have bypassed this prompt, potentially exposing the user to security vulnerabilities or privacy leaks in external applications. This bug only affects...

5.8AI score0.0021EPSS
Exploits0References2
Debian CVE
Debian CVE
added 2025/06/24 12:28 p.m.7 views

CVE-2025-6431

When a link can be opened in an external application, Firefox for Android will, by default, prompt the user before doing so. An attacker could have bypassed this prompt, potentially exposing the user to security vulnerabilities or privacy leaks in external applications. This bug only affects...

6.5CVSS5.5AI score0.0021EPSS
Exploits0
CVE
CVE
added 2025/06/24 12:28 p.m.52 views

CVE-2025-6431

The connected documents confirm CVE-2025-6431 affects Firefox for Android and describes a bypass where the prompt to open a link in an external application could be bypassed, potentially exposing users to security/privacy risks in external apps. The vulnerability is limited to Firefox for Android...

6.5CVSS5.8AI score0.0021EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2025/06/24 12:28 p.m.8 views

CVE-2025-6431 The prompt in Firefox for Android that asks before opening a link in an external application could be bypassed

When a link can be opened in an external application, Firefox for Android will, by default, prompt the user before doing so. An attacker could have bypassed this prompt, potentially exposing the user to security vulnerabilities or privacy leaks in external applications. This bug only affects...

0.0021EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2025/06/24 12:28 p.m.5 views

CVE-2025-6431

When a link can be opened in an external application, Firefox for Android will, by default, prompt the user before doing so. An attacker could have bypassed this prompt, potentially exposing the user to security vulnerabilities or privacy leaks in external applications. This bug only affects...

6.5CVSS5.8AI score0.0021EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2025/06/24 12:28 p.m.3 views

CVE-2025-6428

When a URL was provided in a link querystring parameter, Firefox for Android would follow that URL instead of the correct URL, potentially leading to phishing attacks. This bug only affects Firefox for Android. Other versions of Firefox are unaffected.. This vulnerability was fixed in Firefox 140...

4.3CVSS5.8AI score0.00189EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2025/06/24 12:0 a.m.4 views

PT-2025-26725

Name of the Vulnerable Software and Affected Versions: Firefox for Android versions prior to 140 Description: The issue allows an attacker to potentially lead to phishing attacks by following a provided URL in a link querystring parameter instead of the correct URL. This affects Firefox for...

9.8CVSS7.9AI score0.09348EPSS
Exploits3References326
Positive Technologies
Positive Technologies
added 2025/06/24 12:0 a.m.5 views

PT-2025-26728

Name of the Vulnerable Software and Affected Versions: Firefox for Android versions prior to 140 Description: The issue allows an attacker to bypass the default prompt that appears when a link can be opened in an external application, potentially exposing the user to security risks or privacy lea...

9.8CVSS8AI score0.09348EPSS
Exploits3References327
RedhatCVE
RedhatCVE
added 2025/05/23 7:17 a.m.9 views

CVE-2024-8897

Under certain conditions, an attacker with the ability to redirect users to a malicious site via an open redirect on a trusted site, may be able to spoof the address bar contents. This can lead to a malicious site to appear to have the same URL as the trusted site. This bug only affects Firefox f...

6.1CVSS5.6AI score0.06894EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 5:26 a.m.7 views

CVE-2023-25747

A potential use-after-free in libaudio was fixed by disabling the AAudio backend when running on Android API below version 30. This bug only affects Firefox for Android. Other versions of Firefox are unaffected. This vulnerability affects Firefox for Android 110.1.0...

7.5CVSS6.6AI score0.00603EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 3:40 a.m.9 views

CVE-2023-29549

Under certain circumstances, a call to the bind function may have resulted in the incorrect realm. This may have created a vulnerability relating to JavaScript-implemented sandboxes such as SES. This vulnerability affects Firefox for Android 112, Firefox 112, and Focus for Android 112...

6.5CVSS6.1AI score0.00327EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 12:17 a.m.6 views

CVE-2022-45413

Using the S.browserfallbackurl parameter parameter, an attacker could redirect a user to a URL and cause SameSite=Strict cookies to be sent. This issue only affects Firefox for Android. Other operating systems are not affected.. This vulnerability affects Firefox 107...

6.1CVSS6.1AI score0.00435EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 11:50 p.m.7 views

CVE-2022-22758

When clicking on a tel: link, USSD codes, specified after a \ character, would be included in the phone number. On certain phones, or on certain carriers, if the number was dialed this could perform actions on a user's account, similar to a cross-site request forgery attack. This bug only affects...

8.8CVSS6.1AI score0.00364EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 11:41 p.m.4 views

CVE-2022-40961

During startup, a graphics driver with an unexpected name could lead to a stack-buffer overflow causing a potentially exploitable crash. This issue only affects Firefox for Android. Other operating systems are not affected.. This vulnerability affects Firefox 105...

6.5CVSS6.5AI score0.00628EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 10:47 p.m.6 views

CVE-2022-29910

When closed or sent to the background, Firefox for Android would not properly record and persist HSTS settings. Note: This issue only affected Firefox for Android. Other operating systems are unaffected.. This vulnerability affects Firefox 100...

6.1CVSS6.2AI score0.00354EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 10:8 p.m.8 views

CVE-2022-22762

Under certain circumstances, a JavaScript alert or prompt could have been shown while another website was displayed underneath it. This could have been abused to trick the user. This bug only affects Firefox for Android. Other operating systems are unaffected.. This vulnerability affects Firefox ...

4.3CVSS6.1AI score0.0037EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 9:54 p.m.11 views

CVE-2022-34469

When a TLS Certificate error occurs on a domain protected by the HSTS header, the browser should not allow the user to bypass the certificate error. On Firefox for Android, the user was presented with the option to bypass the error; this could only have been done by the user explicitly. This bug...

8.8CVSS8.8AI score0.00366EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 9:24 p.m.4 views

CVE-2021-29944

Lack of escaping allowed HTML injection when a webpage was viewed in Reader View. While a Content Security Policy prevents direct code execution, HTML injection is still possible. Note: This issue only affected Firefox for Android. Other operating systems are unaffected.. This vulnerability affec...

6.1CVSS6.5AI score0.00702EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 7:19 p.m.6 views

CVE-2021-23959

An XSS bug in internal error pages could have led to various spoofing attacks, including other error pages and the address bar. Note: This issue only affected Firefox for Android. Other operating systems are unaffected. This vulnerability affects Firefox 85...

6.1CVSS5.4AI score0.00567EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 6:50 p.m.7 views

CVE-2021-43530

A Universal XSS vulnerability was present in Firefox for Android resulting from improper sanitization when processing a URL scanned from a QR code. This bug only affects Firefox for Android. Other operating systems are unaffected.. This vulnerability affects Firefox 94...

6.1CVSS5.5AI score0.01392EPSS
Exploits1
Rows per page
Query Builder