CVE-2023-21438

Improper logic in HomeScreen prior to SMR Feb-2023 Release 1 allows physical attacker to access App preview protected by Secure Folder...

Input validation

Improper logic in HomeScreen prior to SMR Feb-2023 Release 1 allows physical attacker to access App preview protected by Secure Folder...

CVE-2023-21438

CVE-2023-21438 : Samsung Mobile devices with affected HomeScreen prior to SMR Feb-2023 Release 1 expose a logic flaw that lets a physical attacker access an App preview guarded by Secure Folder. The issue is described as improper logic in HomeScreen, enabling access to protected previews. Public ...

CVE-2023-21438

Improper logic in HomeScreen prior to SMR Feb-2023 Release 1 allows physical attacker to access App preview protected by Secure Folder...

Addressbar spoofing through stored data url shortcuts on Firefox for Android — Mozilla

Security researcher Muneaki Nishimura reported an issue with displayed URLs and bookmarks on Firefox for Android. If a data: URL is opened from a stored shortcut on the homescreen or from a BOOKMARK intent from another installed Android application, the addressbar continues to show the data: url...

CVE-2015-8510

Cross-site scripting XSS vulnerability in the internationalization feature in the default homescreen app in Mozilla Firefox OS before 2.5 allows user-assisted remote attackers to inject arbitrary web script or HTML via a crafted web site that is mishandled during "Add to home screen" bookmarking...

Cross site scripting

Cross-site scripting XSS vulnerability in the internationalization feature in the default homescreen app in Mozilla Firefox OS before 2.5 allows user-assisted remote attackers to inject arbitrary web script or HTML via a crafted web site that is mishandled during "Add to home screen" bookmarking...

CVE-2015-8510

Cross-site scripting XSS vulnerability in the internationalization feature in the default homescreen app in Mozilla Firefox OS before 2.5 allows user-assisted remote attackers to inject arbitrary web script or HTML via a crafted web site that is mishandled during "Add to home screen" bookmarking...

HTML injection in homescreen app bypassing DOM sanitizer — Mozilla

Mozilla fixed a bug in the l10n localization of the default homescreen app of Firefox OS reported by security researcher Muneaki Nishimura. Exploiting this issue requires tricking the user into bookmarking a specially crafted web page via the 'Add to home screen' functionality. As a result, an...

Lockscreen passcode bypass due to race condition — Mozilla

Shally Li was first to report a race condition in the lockscreen of Firefox OS that can be used to bypass the passcode lock of a Firefox OS device. Under certain circumstances on a locked device, the user will be dropped directly to the homescreen instead of being presented with the passcode inpu...