Lucene search
K
Database
Vendors
Products
Timeline
Vulnerabilities
Perimeter Scanner
Scanning
Projects
Scanner
Agent Scanning
API Scanning
Manual Audit
Email
Webhook
Resources
Documents
Blog
Glossary
FAQ
Plugins
Pricing
Contacts
About Us
Partners
Branding Guideline
Settings
Sign in
MozillaFirefox

180 matches found

CVE
CVEadded 2023/12/19 2:15 p.m.103 views

CVE-2023-6867

The timing of a button click causing a popup to disappear was approximately the same length as the anti-clickjacking delay on permission prompts. It was possible to use this fact to surprise users by luring them to click where the permission grant button would be about to appear. This vulnerability...

6.1CVSS6.3AI score0.00749EPSS
CVE
CVEadded 2023/07/05 10:15 a.m.102 views

CVE-2023-37212

Memory safety bugs present in Firefox 114. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox

8.8CVSS8.9AI score0.00249EPSS
CVE
CVEadded 2023/06/02 5:15 p.m.101 views

CVE-2023-23604

A duplicate SystemPrincipal object could be created when parsing a non-system html document via DOMParser::ParseFromSafeString. This could have lead to bypassing web security checks. This vulnerability affects Firefox

6.5CVSS5.8AI score0.00028EPSS
CVE
CVEadded 2023/06/02 5:15 p.m.101 views

CVE-2023-25740

After downloading a Windows .scf script from the local filesystem, an attacker could supply a remote path that would lead to unexpected network requests from the operating system. This also had the potential to leak NTLM credentials to the resource.This bug only affects Firefox for Windows. Other o...

8.8CVSS7.7AI score0.00231EPSS
CVE
CVEadded 2023/12/19 2:15 p.m.101 views

CVE-2023-6873

Memory safety bugs present in Firefox 120. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox

8.8CVSS8.9AI score0.00353EPSS
CVE
CVEadded 2023/06/02 5:15 p.m.100 views

CVE-2023-29543

An attacker could have caused memory corruption and a potentially exploitable use-after-free of a pointer in a global object's debugger vector. This vulnerability affects Firefox for Android < 112, Firefox < 112, and Focus for Android

8.8CVSS8.2AI score0.00163EPSS
CVE
CVEadded 2023/12/19 2:15 p.m.100 views

CVE-2023-6869

A <dialog> element could have been manipulated to paint content outside of a sandboxed iframe. This could allow untrusted content to display under the guise of trusted content. This vulnerability affects Firefox

6.5CVSS6.5AI score0.00179EPSS
CVE
CVEadded 2023/06/02 5:15 p.m.97 views

CVE-2023-29538

Under specific circumstances a WebExtension may have received a jar:file:/// URI instead of a moz-extension:/// URI during a load request. This leaked directory paths on the user's machine. This vulnerability affects Firefox for Android < 112, Firefox < 112, and Focus for Android

4.3CVSS5.2AI score0.00124EPSS
CVE
CVEadded 2023/06/02 5:15 p.m.96 views

CVE-2023-29544

If multiple instances of resource exhaustion occurred at the incorrect time, the garbage collector could have caused memory corruption and a potentially exploitable crash. This vulnerability affects Firefox for Android < 112, Firefox < 112, and Focus for Android

6.5CVSS6.9AI score0.0015EPSS
CVE
CVEadded 2023/06/19 11:15 a.m.95 views

CVE-2023-29546

When recording the screen while in Private Browsing on Firefox for Android the address bar and keyboard were not hidden, potentially leaking sensitive information. This bug only affects Firefox for Android. Other operating systems are unaffected. This vulnerability affects Firefox for Android < ...

6.5CVSS6.1AI score0.00292EPSS
CVE
CVEadded 2023/07/05 10:15 a.m.95 views

CVE-2023-37204

A website could have obscured the fullscreen notification by using an option element by introducing lag via an expensive computational function. This could have led to user confusion and possible spoofing attacks. This vulnerability affects Firefox

6.5CVSS6.4AI score0.00167EPSS
CVE
CVEadded 2023/07/05 10:15 a.m.94 views

CVE-2023-3482

When Firefox is configured to block storage of all cookies, it was still possible to store data in localstorage by using an iframe with a source of 'about:blank'. This could have led to malicious websites storing tracking data without permission. This vulnerability affects Firefox

6.5CVSS6.4AI score0.00199EPSS
CVE
CVEadded 2023/07/05 10:15 a.m.94 views

CVE-2023-37206

Uploading files which contain symlinks may have allowed an attacker to trick a user into submitting sensitive data to a malicious website. This vulnerability affects Firefox

6.5CVSS6.4AI score0.00175EPSS
CVE
CVEadded 2023/12/19 2:15 p.m.92 views

CVE-2023-6871

Under certain conditions, Firefox did not display a warning when a user attempted to navigate to a new protocol handler. This vulnerability affects Firefox

4.3CVSS5.2AI score0.00167EPSS
CVE
CVEadded 2023/10/25 6:17 p.m.90 views

CVE-2023-5758

When opening a page in reader mode, the redirect URL could have caused attacker-controlled script to execute in a reflected Cross-Site Scripting (XSS) attack. This vulnerability affects Firefox for iOS

6.1CVSS5.5AI score0.00297EPSS
CVE
CVEadded 2023/07/05 10:15 a.m.88 views

CVE-2023-37203

Insufficient validation in the Drag and Drop API in conjunction with social engineering, may have allowed an attacker to trick end-users into creating a shortcut to local system files. This could have been leveraged to execute arbitrary code. This vulnerability affects Firefox

7.8CVSS7.6AI score0.00049EPSS
CVE
CVEadded 2023/06/19 11:15 a.m.87 views

CVE-2023-29534

Different techniques existed to obscure the fullscreen notification in Firefox and Focus for Android. These could have led to potential user confusion and spoofing attacks. This bug only affects Firefox and Focus for Android. Other versions of Firefox are unaffected. This vulnerability affects Fire...

9.1CVSS8.5AI score0.00436EPSS
CVE
CVEadded 2023/12/19 2:15 p.m.87 views

CVE-2023-6866

TypedArrays can be fallible and lacked proper exception handling. This could lead to abuse in other APIs which expect TypedArrays to always succeed. This vulnerability affects Firefox

8.8CVSS7.8AI score0.00931EPSS
CVE
CVEadded 2023/02/16 10:15 p.m.86 views

CVE-2020-12413

The Raccoon attack is a timing attack on DHE ciphersuites inherit in the TLS specification. To mitigate this vulnerability, Firefox disabled support for DHE ciphersuites.

5.9CVSS5.5AI score0.0012EPSS
CVE
CVEadded 2023/07/05 10:15 a.m.86 views

CVE-2023-37210

A website could prevent a user from exiting full-screen mode via alert and prompt calls. This could lead to user confusion and possible spoofing attacks. This vulnerability affects Firefox

6.5CVSS6.4AI score0.0014EPSS
CVE
CVEadded 2023/07/05 10:15 a.m.85 views

CVE-2023-37205

The use of RTL Arabic characters in the address bar may have allowed for URL spoofing. This vulnerability affects Firefox

6.5CVSS6.5AI score0.00199EPSS
CVE
CVEadded 2023/11/21 3:15 p.m.85 views

CVE-2023-6213

Memory safety bugs present in Firefox 119. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox

8.8CVSS8.9AI score0.00224EPSS
CVE
CVEadded 2023/07/05 10:15 a.m.84 views

CVE-2023-37209

A use-after-free condition existed in NotifyOnHistoryReload where a LoadingSessionHistoryEntry object was freed and a reference to that object remained. This resulted in a potentially exploitable condition when the reference to that object was later reused. This vulnerability affects Firefox

8.8CVSS8AI score0.00243EPSS
CVE
CVEadded 2023/06/19 11:15 a.m.77 views

CVE-2019-25136

A compromised child process could have injected XBL Bindings into privileged CSS rules, resulting in arbitrary code execution and a sandbox escape. This vulnerability affects Firefox

10CVSS9AI score0.00325EPSS
CVE
CVEadded 2023/12/19 2:15 p.m.77 views

CVE-2023-6868

In some instances, the user-agent would allow push requests which lacked a valid VAPID even though the push manager subscription defined one. This could allow empty messages to be sent from unauthorized parties.This bug only affects Firefox on Android. This vulnerability affects Firefox

4.3CVSS4.5AI score0.00128EPSS
CVE
CVEadded 2023/07/12 2:15 p.m.59 views

CVE-2023-37456

The session restore helper crashed whenever there was no parameter sent to the message handler. This vulnerability affects Firefox for iOS

6.5CVSS5.8AI score0.00586EPSS
CVE
CVEadded 2023/02/16 10:15 p.m.58 views

CVE-2019-17003

Scanning a QR code that contained a javascript: URL would have resulted in the Javascript being executed.

6.1CVSS6.3AI score0.00652EPSS
CVE
CVEadded 2023/11/21 3:15 p.m.55 views

CVE-2023-49060

An attacker could have accessed internal pages or data by ex-filtrating a security key from ReaderMode via the referrerpolicy attribute. This vulnerability affects Firefox for iOS

9.8CVSS8.7AI score0.00461EPSS
CVE
CVEadded 2023/07/12 2:15 p.m.43 views

CVE-2023-37455

The permission request prompt from the site in the background tab was overlaid on top of the site in the foreground tab. This vulnerability affects Firefox for iOS

5.4CVSS4.9AI score0.0019EPSS
CVE
CVEadded 2023/11/21 3:15 p.m.42 views

CVE-2023-49061

An attacker could have performed HTML template injection via Reader Mode and exfiltrated user information. This vulnerability affects Firefox for iOS

6.1CVSS6AI score0.002EPSS
Total number of security vulnerabilities180