CVE-2025-14111 Rarlab RAR App com.rarlab.rar path traversal

A security vulnerability has been detected in Rarlab RAR App up to 7.11 Build 127 on Android. This affects an unknown part of the component com.rarlab.rar. Such manipulation leads to path traversal. It is possible to launch the attack remotely. Attacks of this nature are highly complex. It is...

EUVD-2025-25231

Malicious code in bioql PyPI...

CVE-2025-8364

A crafted URL using a blob: URI could have hidden the true origin of the page, resulting in a potential spoofing attack. Note: This issue only affected Android operating systems. Other operating systems are unaffected.. This vulnerability was fixed in Firefox 141...

CVE-2025-8364

A crafted URL using a blob: URI could have hidden the true origin of the page, resulting in a potential spoofing attack. Note: This issue only affected Android operating systems. Other operating systems are unaffected.. This vulnerability was fixed in Firefox 141...

CVE-2025-8364

Summary: CVE-2025-8364 affects Mozilla Firefox for Android (pre-141) due to a crafted blob: URI that can hide the page’s true origin, enabling potential spoofing. The issue is Android-only; other OSes are unaffected. Affected component is the browser’s handling of blob: URLs, with the root cause ...

CVE-2021-23976

When accepting a malicious intent from other installed apps, Firefox for Android accepted manifests from arbitrary file paths and allowed declaring webapp manifests for other origins. This could be used to gain fullscreen access for UI spoofing and could also lead to cross-origin attacks on...

CVE-2025-0246

When using an invalid protocol scheme, an attacker could spoof the address bar. Note: This issue only affected Android operating systems. Other operating systems are unaffected. Note: This issue is a different issue from CVE-2025-0244. This vulnerability affects Firefox 134...

CVE-2025-0244

When redirecting to an invalid protocol scheme, an attacker could spoof the address bar. Note: This issue only affected Android operating systems. Other operating systems are unaffected.. This vulnerability was fixed in Firefox 134...

CVE-2024-9391

A user who enables full-screen mode on a specially crafted web page could potentially be prevented from exiting full screen mode. This may allow spoofing of other sites as the address bar is no longer visible. This bug only affects Firefox Focus for Android. Other versions of Firefox are...

SUSE CVE-2024-4766

Different techniques existed to obscure the fullscreen notification in Firefox for Android. These could have led to potential user confusion and spoofing attacks. This bug only affects Firefox for Android. Other versions of Firefox are unaffected. This vulnerability affects Firefox 126...

SUSE CVE-2020-26954

When accepting a malicious intent from other installed apps, Firefox for Android accepted manifests from arbitrary file paths and allowed declaring webapp manifests for other origins. This could be used to gain fullscreen access for UI spoofing and could also lead to cross-origin attacks on...

SUSE CVE-2021-23977

Firefox for Android suffered from a time-of-check-time-of-use vulnerability that allowed a malicious application to read sensitive data from application directories. Note: This issue is only affected Firefox for Android. Other operating systems are unaffected. This vulnerability affects Firefox 8...

CVE-2022-29910

When closed or sent to the background, Firefox for Android would not properly record and persist HSTS settings.Note: This issue only affected Firefox for Android. Other operating systems are unaffected.. This vulnerability affects Firefox 100...

PT-2022-11569 · Mozilla +1 · Firefox +1

Name of the Vulnerable Software and Affected Versions: Firefox versions prior to 92 Description: The issue arises when a domain name contains a Right-to-Left RTL character, causing the domain to be rendered to the right of the path. This can lead to user confusion and potentially facilitate...

PT-2021-7412 · Mozilla +1 · Firefox For Android +1

Name of the Vulnerable Software and Affected Versions: Firefox for Android versions prior to 94 Description: A Universal XSS issue exists due to improper sanitization when processing a URL scanned from a QR code, allowing a remote attacker to conduct a cross-site scripting XSS attack. This issue...

UBUNTU-CVE-2021-29962

Firefox for Android would become unstable and hard-to-recover when a website opened too many popups. This bug only affects Firefox for Android. Other operating systems are unaffected.. This vulnerability affects Firefox 89...

CVE-2021-23959

An XSS bug in internal error pages could have led to various spoofing attacks, including other error pages and the address bar. Note: This issue only affected Firefox for Android. Other operating systems are unaffected. This vulnerability affects Firefox 85...