Lucene search
K
MozillaFirefox Focus

20 matches found

CVE
CVE
added 2024/02/22 2:56 p.m.8150 views

CVE-2024-1563

CVE-2024-1563 affects Mozilla Firefox for iOS Focus prior to version 122. The issue is a timeout race condition involving opening an external URL with a custom Firefox scheme, allowing an attacker to run unauthorized scripts on the top-origin page via a JavaScript URI. Connected documents confirm...

8.1CVSS6.2AI score0.00387EPSS
CVE
CVE
added 2024/02/22 2:56 p.m.7499 views

CVE-2024-26284

Focus for iOS is affected by a UXSS vulnerability that can be triggered via a 302 redirect if a victim site links to the attacker’s site. The issue is described for all Focus for iOS versions prior to 123, with remediation implemented in Focus for iOS 123 and later. The root cause involves improp...

6.1CVSS5.8AI score0.00324EPSS
CVE
CVE
added 2022/12/22 12:0 a.m.1614 views

CVE-2022-26485

CVE-2022-26485 is a Mozilla/firefox-family use-after-free vulnerability triggered by removing an XSLT parameter during processing. Affected products include Firefox < 97.0.2, Firefox ESR < 91.6.1, Firefox for Android < 97.3.0, Thunderbird < 91.6.2, and Focus

8.8CVSS8.5AI score0.14261EPSS
In wild
CVE
CVE
added 2022/12/22 12:0 a.m.1574 views

CVE-2022-26486

CVE-2022-26486 describes a use-after-free in the WebGPU IPC framework leading to a sandbox escape. Affected products and versions (per connected docs): Firefox < 97.0.2; Firefox ESR < 91.6.1; Firefox for Android < 97.3.0; Thunderbird < 91.6.2; Focus

9.6CVSS8.8AI score0.02349EPSS
In wild
CVE
CVE
added 2023/06/02 12:0 a.m.183 views

CVE-2023-25743

The provided documents confirm CVE-2023-25743 affects Firefox Focus and describes a vulnerability where there is a lack of in-app notification when entering fullscreen mode. This could allow a malicious website to spoof the browser chrome. The root cause is the missing fullscreen notification in ...

7.5CVSS7.2AI score0.00649EPSS
CVE
CVE
added 2023/12/19 1:38 p.m.144 views

CVE-2023-6870

CVE-2023-6870 affects Firefox on Android (Android Firefox/Focus) and is triggered by applications that spawn a Toast notification in a background thread, potentially obscuring the fullscreen notification used by Firefox. The issue is tied to Android UI prompts and could lead to spoofing of the br...

4.3CVSS4.6AI score0.0038EPSS
CVE
CVE
added 2023/06/19 10:13 a.m.119 views

CVE-2023-29546

CVE-2023-29546 affects Firefox for Android (and Focus for Android) with

6.5CVSS6.1AI score0.00492EPSS
CVE
CVE
added 2023/06/19 10:11 a.m.110 views

CVE-2023-29534

CVE-2023-29534 affects Firefox for Android and Focus for Android, with versions earlier than 112 at risk. The issue stems from multiple techniques used to obscure the fullscreen notification, which could lead to user confusion and spoofing. The connected documents indicate the vulnerability is li...

9.1CVSS8.5AI score0.007EPSS
CVE
CVE
added 2024/05/17 6:42 p.m.61 views

CVE-2024-5022

CVE-2024-5022 affects Mozilla Focus for iOS. The vulnerability arises from the file scheme being hidden, enabling spoofing of the address shown in the location bar. Affected versions are Focus for iOS prior to 126. The issue is described across multiple sources (including Red Hat and CNVD) as a s...

4.4CVSS6.3AI score0.00132EPSS
CVE
CVE
added 2025/04/30 4:30 p.m.60 views

CVE-2025-3859

Summary: CVE-2025-3859 affects Mozilla Firefox Focus for iOS (pre-138 builds). The vulnerability arises from a long URL truncation/eliding behavior in the address/location bar, which can mislead users into thinking they are on a different webpage. This is tied to the Firefox Focus/iOS truncation ...

6.1CVSS5.8AI score0.00172EPSS
CVE
CVE
added 2024/10/29 12:19 p.m.58 views

CVE-2024-10474

The CVE-2024-10474 entry concerns Mozilla Focus for iOS (pre-132). The issue is that internal links could use the app scheme for deeplinking, potentially bypassing URL safety checks and enabling link spoofing. Connected sources confirm Focus for iOS

9.1CVSS6.7AI score0.00301EPSS
CVE
CVE
added 2024/09/03 8:7 p.m.58 views

CVE-2024-8399

The CVE-2024-8399 issue affects Mozilla Focus for iOS prior to version 130, where Javascript links could spoof the navigation bar URL. Root cause: improper handling of Javascript links in the Focus navigation UI. Impact: spoofed URL addresses in the navigation bar; no broader system compromise st...

4.7CVSS6.6AI score0.00256EPSS
CVE
CVE
added 2024/01/22 6:23 p.m.57 views

CVE-2024-0606

CVE-2024-0606 affects Mozilla Focus for iOS before version 122. The issue is a UXSS vulnerability where an attacker can execute unauthorized scripts on a legitimate site by opening a javascript: URI via window.open(), leading to unauthorized actions within the user’s loaded webpage. Connected sou...

6.1CVSS6.1AI score0.00283EPSS
CVE
CVE
added 2024/01/22 6:23 p.m.53 views

CVE-2024-0605

The CVE-2024-0605 issue affects Mozilla Focus for iOS prior to version 122. A race condition arises when using a javascript: URI with setTimeout, enabling an attacker to run unauthorized scripts on top-origin sites via the URL bar, potentially leading to arbitrary code execution or unauthorized a...

7.5CVSS7.5AI score0.00387EPSS
CVE
CVE
added 2026/05/19 12:29 p.m.29 views

CVE-2026-8945

CVE-2026-8945 is described across multiple sources as a sandbox escape in Firefox and Firefox Focus for Android, with the vulnerability fixed in Firefox 151. The connected documents confirm the issue affected Firefox on Android devices and state the fix is part of Firefox 151 releases. The exact ...

7.5CVSS5.8AI score0.00369EPSS
CVE
CVE
added 2025/08/19 8:52 p.m.24 views

CVE-2025-55031

CVE-2025-55031 affects Firefox for iOS and Firefox Focus for iOS prior to version 142. A malicious page can trigger FIDO/hybrid passkey transport by passing FIDO links to the OS, and an attacker within Bluetooth range could coerce a user into using their passkey to sign into the attacker’s machin...

9.8CVSS5.8AI score0.00386EPSS
CVE
CVE
added 2025/08/19 8:52 p.m.21 views

CVE-2025-55032

Mozilla Focus for iOS contains a vulnerability where Content-Disposition headers of type Attachment are not respected, causing content to display inline and enabling cross-site scripting (XSS) for Focus for iOS versions prior to 142. Multiple connected sources corroborate this issue and point to ...

6.1CVSS5.8AI score0.00147EPSS
CVE
CVE
added 2026/03/09 1:27 p.m.21 views

CVE-2026-2919

CVE-2026-2919 affects Focus for iOS. The issue arises from malicious scripts manipulating navigation and iframe behavior to display attacker-controlled or spoofed content under a trusted domain without user interaction. Impact stated as UI could present a spoofed domain; vulnerability fixed in Fo...

4.3CVSS5.8AI score0.00184EPSS
CVE
CVE
added 2025/09/16 12:26 p.m.18 views

CVE-2025-10290

Mozilla Focus for iOS contains a vulnerability where opening links via the contextual menu for certain URL schemes would fail to load and the toolbar would not refresh, enabling spoofing of websites if users are coerced into long-pressing and opening a link. Affected versions are Focus for iOS

6.5CVSS5.8AI score0.00236EPSS
CVE
CVE
added 2025/08/19 8:52 p.m.18 views

CVE-2025-55033

The CVE describes a Cross-Site Scripting (XSS) issue in Mozilla Focus for iOS prior to version 142. The vulnerability arises when dragging JavaScript links to the URL bar, which can cause arbitrary script execution. Affected product: Focus for iOS (versions

6.1CVSS5.8AI score0.00155EPSS