Lucene search
K
Database
Vendors
Products
Timeline
Vulnerabilities
Perimeter Scanner
Scanning
Projects
Scanner
Agent Scanning
API Scanning
Manual Audit
Email
Webhook
Resources
Documents
Blog
Glossary
FAQ
Plugins
Pricing
Contacts
About Us
Partners
Branding Guideline
Settings
Sign in
MozillaFirefox

181 matches found

CVE
CVEadded 2023/06/02 5:15 p.m.74 views

CVE-2023-25741

When dragging and dropping an image cross-origin, the image's size could potentially be leaked. This behavior was shipped in 109 and caused web compatibility problems as well as this security concern, so the behavior was disabled until further review. This vulnerability affects Firefox

6.5CVSS6AI score0.00186EPSS
CVE
CVEadded 2023/06/02 5:15 p.m.73 views

CVE-2023-29549

Under certain circumstances, a call to the bind function may have resulted in the incorrect realm. This may have created a vulnerability relating to JavaScript-implemented sandboxes such as SES. This vulnerability affects Firefox for Android < 112, Firefox < 112, and Focus for Android

6.5CVSS6.4AI score0.0006EPSS
CVE
CVEadded 2023/06/19 11:15 a.m.72 views

CVE-2023-25736

An invalid downcast from nsHTMLDocument to nsIContent could have lead to undefined behavior. This vulnerability affects Firefox

9.8CVSS8.6AI score0.00314EPSS
CVE
CVEadded 2023/12/19 2:15 p.m.72 views

CVE-2023-6872

Browser tab titles were being leaked by GNOME to system logs. This could potentially expose the browsing habits of users running in a private tab. This vulnerability affects Firefox

6.5CVSS6.5AI score0.00329EPSS
CVE
CVEadded 2023/06/02 5:15 p.m.71 views

CVE-2023-23604

A duplicate SystemPrincipal object could be created when parsing a non-system html document via DOMParser::ParseFromSafeString. This could have lead to bypassing web security checks. This vulnerability affects Firefox

6.5CVSS5.8AI score0.00028EPSS
CVE
CVEadded 2023/12/19 2:15 p.m.71 views

CVE-2023-6869

A <dialog> element could have been manipulated to paint content outside of a sandboxed iframe. This could allow untrusted content to display under the guise of trusted content. This vulnerability affects Firefox

6.5CVSS6.5AI score0.00183EPSS
CVE
CVEadded 2023/06/02 5:15 p.m.70 views

CVE-2023-25740

After downloading a Windows .scf script from the local filesystem, an attacker could supply a remote path that would lead to unexpected network requests from the operating system. This also had the potential to leak NTLM credentials to the resource.This bug only affects Firefox for Windows. Other o...

8.8CVSS7.7AI score0.00231EPSS
CVE
CVEadded 2023/06/02 5:15 p.m.70 views

CVE-2023-29543

An attacker could have caused memory corruption and a potentially exploitable use-after-free of a pointer in a global object's debugger vector. This vulnerability affects Firefox for Android < 112, Firefox < 112, and Focus for Android

8.8CVSS8.2AI score0.00163EPSS
CVE
CVEadded 2023/07/05 10:15 a.m.70 views

CVE-2023-37212

Memory safety bugs present in Firefox 114. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox

8.8CVSS8.9AI score0.0019EPSS
CVE
CVEadded 2023/12/19 2:15 p.m.70 views

CVE-2023-6867

The timing of a button click causing a popup to disappear was approximately the same length as the anti-clickjacking delay on permission prompts. It was possible to use this fact to surprise users by luring them to click where the permission grant button would be about to appear. This vulnerability...

6.1CVSS6.3AI score0.00813EPSS
CVE
CVEadded 2023/12/19 2:15 p.m.69 views

CVE-2023-6873

Memory safety bugs present in Firefox 120. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox

8.8CVSS8.9AI score0.00353EPSS
CVE
CVEadded 2023/06/02 5:15 p.m.66 views

CVE-2023-29538

Under specific circumstances a WebExtension may have received a jar:file:/// URI instead of a moz-extension:/// URI during a load request. This leaked directory paths on the user's machine. This vulnerability affects Firefox for Android < 112, Firefox < 112, and Focus for Android

4.3CVSS5.2AI score0.00095EPSS
CVE
CVEadded 2023/06/02 5:15 p.m.65 views

CVE-2023-29544

If multiple instances of resource exhaustion occurred at the incorrect time, the garbage collector could have caused memory corruption and a potentially exploitable crash. This vulnerability affects Firefox for Android < 112, Firefox < 112, and Focus for Android

6.5CVSS6.9AI score0.0015EPSS
CVE
CVEadded 2023/06/19 11:15 a.m.64 views

CVE-2023-29546

When recording the screen while in Private Browsing on Firefox for Android the address bar and keyboard were not hidden, potentially leaking sensitive information. This bug only affects Firefox for Android. Other operating systems are unaffected. This vulnerability affects Firefox for Android < ...

6.5CVSS6.1AI score0.00292EPSS
CVE
CVEadded 2023/07/05 10:15 a.m.64 views

CVE-2023-37204

A website could have obscured the fullscreen notification by using an option element by introducing lag via an expensive computational function. This could have led to user confusion and possible spoofing attacks. This vulnerability affects Firefox

6.5CVSS6.4AI score0.00128EPSS
CVE
CVEadded 2023/07/05 10:15 a.m.63 views

CVE-2023-3482

When Firefox is configured to block storage of all cookies, it was still possible to store data in localstorage by using an iframe with a source of 'about:blank'. This could have led to malicious websites storing tracking data without permission. This vulnerability affects Firefox

6.5CVSS6.4AI score0.00152EPSS
CVE
CVEadded 2023/07/05 10:15 a.m.62 views

CVE-2023-37206

Uploading files which contain symlinks may have allowed an attacker to trick a user into submitting sensitive data to a malicious website. This vulnerability affects Firefox

6.5CVSS6.4AI score0.00133EPSS
CVE
CVEadded 2023/12/19 2:15 p.m.62 views

CVE-2023-6871

Under certain conditions, Firefox did not display a warning when a user attempted to navigate to a new protocol handler. This vulnerability affects Firefox

4.3CVSS5.2AI score0.00167EPSS
CVE
CVEadded 2023/12/19 2:15 p.m.58 views

CVE-2023-6866

TypedArrays can be fallible and lacked proper exception handling. This could lead to abuse in other APIs which expect TypedArrays to always succeed. This vulnerability affects Firefox

8.8CVSS7.8AI score0.00931EPSS
CVE
CVEadded 2023/02/16 10:15 p.m.56 views

CVE-2019-17003

Scanning a QR code that contained a javascript: URL would have resulted in the Javascript being executed.

6.1CVSS6.3AI score0.00523EPSS
CVE
CVEadded 2023/06/19 11:15 a.m.56 views

CVE-2023-29534

Different techniques existed to obscure the fullscreen notification in Firefox and Focus for Android. These could have led to potential user confusion and spoofing attacks. This bug only affects Firefox and Focus for Android. Other versions of Firefox are unaffected. This vulnerability affects Fire...

9.1CVSS8.5AI score0.00436EPSS
CVE
CVEadded 2023/07/12 2:15 p.m.56 views

CVE-2023-37456

The session restore helper crashed whenever there was no parameter sent to the message handler. This vulnerability affects Firefox for iOS

6.5CVSS5.8AI score0.0033EPSS
CVE
CVEadded 2023/07/05 10:15 a.m.55 views

CVE-2023-37203

Insufficient validation in the Drag and Drop API in conjunction with social engineering, may have allowed an attacker to trick end-users into creating a shortcut to local system files. This could have been leveraged to execute arbitrary code. This vulnerability affects Firefox

7.8CVSS7.6AI score0.00037EPSS
CVE
CVEadded 2023/07/05 10:15 a.m.55 views

CVE-2023-37210

A website could prevent a user from exiting full-screen mode via alert and prompt calls. This could lead to user confusion and possible spoofing attacks. This vulnerability affects Firefox

6.5CVSS6.4AI score0.00107EPSS
CVE
CVEadded 2023/07/05 10:15 a.m.53 views

CVE-2023-37209

A use-after-free condition existed in NotifyOnHistoryReload where a LoadingSessionHistoryEntry object was freed and a reference to that object remained. This resulted in a potentially exploitable condition when the reference to that object was later reused. This vulnerability affects Firefox

8.8CVSS8AI score0.00186EPSS
CVE
CVEadded 2023/11/21 3:15 p.m.53 views

CVE-2023-49060

An attacker could have accessed internal pages or data by ex-filtrating a security key from ReaderMode via the referrerpolicy attribute. This vulnerability affects Firefox for iOS

9.8CVSS8.7AI score0.00461EPSS
CVE
CVEadded 2023/11/21 3:15 p.m.53 views

CVE-2023-6213

Memory safety bugs present in Firefox 119. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox

8.8CVSS8.9AI score0.00224EPSS
CVE
CVEadded 2023/07/05 10:15 a.m.52 views

CVE-2023-37205

The use of RTL Arabic characters in the address bar may have allowed for URL spoofing. This vulnerability affects Firefox

6.5CVSS6.5AI score0.00152EPSS
CVE
CVEadded 2023/12/19 2:15 p.m.47 views

CVE-2023-6868

In some instances, the user-agent would allow push requests which lacked a valid VAPID even though the push manager subscription defined one. This could allow empty messages to be sent from unauthorized parties.This bug only affects Firefox on Android. This vulnerability affects Firefox

4.3CVSS4.5AI score0.00128EPSS
CVE
CVEadded 2023/07/12 2:15 p.m.42 views

CVE-2023-37455

The permission request prompt from the site in the background tab was overlaid on top of the site in the foreground tab. This vulnerability affects Firefox for iOS

5.4CVSS4.9AI score0.0019EPSS
CVE
CVEadded 2023/11/21 3:15 p.m.41 views

CVE-2023-49061

An attacker could have performed HTML template injection via Reader Mode and exfiltrated user information. This vulnerability affects Firefox for iOS

6.1CVSS6AI score0.002EPSS
Total number of security vulnerabilities181