124 matches found
CVE-2024-38313
In certain scenarios a malicious website could attempt to display a fake location URL bar which could mislead users as to the actual website address This vulnerability affects Firefox for iOS 127...
CVE-2024-38313
In certain scenarios a malicious website could attempt to display a fake location URL bar which could mislead users as to the actual website address This vulnerability affects Firefox for iOS 127...
CVE-2024-38313
CVE-2024-38313 describes a spoofing vulnerability in Firefox for iOS where, in certain scenarios, a malicious website could attempt to display a fake location URL bar to mislead users about the actual website address. The vulnerability is documented to affect Firefox for iOS versions prior to 127...
PT-2024-4477 · Mozilla +1 · Firefox For Ios +1
Name of the Vulnerable Software and Affected Versions: Firefox for iOS versions prior to 127 Description: The issue is related to errors in presenting information to the user interface, potentially allowing a remote attacker to conduct a spoofing attack by replacing the URL in the location string...
CVE-2024-31392
If an insecure element was added to a page after a delay, Firefox would not replace the secure icon with a mixed content security status This vulnerability affects Firefox for iOS 124...
CVE-2024-31393
Dragging Javascript URLs to the address bar could cause them to be loaded, bypassing restrictions and security protections This vulnerability affects Firefox for iOS 124...
CVE-2024-26282
Using an AMP url with a canonical element, an attacker could have executed JavaScript from an opened bookmarked page. This vulnerability affects Firefox for iOS 123...
CVE-2024-26281
Upon scanning a JavaScript URI with the QR code scanner, an attacker could have executed unauthorized scripts on the current top origin sites in the URL bar. This vulnerability affects Firefox for iOS 123...
CVE-2023-49060
An attacker could have accessed internal pages or data by ex-filtrating a security key from ReaderMode via the referrerpolicy attribute. This vulnerability affects Firefox for iOS 120...
CVE-2023-5758
When opening a page in reader mode, the redirect URL could have caused attacker-controlled script to execute in a reflected Cross-Site Scripting XSS attack. This vulnerability affects Firefox for iOS 119...
CVE-2023-37455
The permission request prompt from the site in the background tab was overlaid on top of the site in the foreground tab. This vulnerability affects Firefox for iOS 115...
Session fixation
The session restore helper crashed whenever there was no parameter sent to the message handler. This vulnerability affects Firefox for iOS 115...
CVE-2023-37455
The permission request prompt from the site in the background tab was overlaid on top of the site in the foreground tab. This vulnerability affects Firefox for iOS 115...
CVE-2022-1887
The search term could have been specified externally to trigger SQL injection. This vulnerability affects Firefox for iOS 101...
CVE-2022-1887
The search term could have been specified externally to trigger SQL injection. This vulnerability affects Firefox for iOS 101...
CVE-2022-31746
Internal URLs are protected by a secret UUID key, which could have been leaked to web page through the Referrer header. This vulnerability affects Firefox for iOS 102...
The vulnerability of the Mozilla Firefox browser for iOS, related to insufficient protection of registration data, allows a hacker to gain access to user passwords for the current domain.
The vulnerability of the Mozilla Firefox browser for iOS is related to insufficient protection of registration data. Exploiting this vulnerability can allow a malicious actor to gain access to user passwords for the current domain...
Code injection
When a download was initiated, the client did not check whether it was in normal or private browsing mode, which led to private mode cookies being shared in normal browsing mode. This vulnerability affects Firefox for iOS 34...
CVE-2021-29958
When a download was initiated, the client did not check whether it was in normal or private browsing mode, which led to private mode cookies being shared in normal browsing mode. This vulnerability affects Firefox for iOS 34...
CVE-2020-15661
A rogue webpage could override the injected WKUserScript used by the logins autofill, this exploit could result in leaking a password for the current domain. This vulnerability affects Firefox for iOS 28...