Lucene search
K
Database
Vendors
Products
Timeline
Vulnerabilities
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
MozillaFirefox

16 matches found

CVE
CVEadded 2024/04/16 4:15 p.m.1056 views

CVE-2024-3302

There was no limit to the number of HTTP/2 CONTINUATION frames that would be processed. A server could abuse this to create an Out of Memory condition in the browser. This vulnerability affects Firefox < 125, Firefox ESR < 115.10, and Thunderbird < 115.10.

3.7CVSS5.6AI score0.00097EPSS
CVE
CVEadded 2023/06/19 11:15 a.m.531 views

CVE-2023-34414

The error page for sites with invalid TLS certificates was missing theactivation-delay Firefox uses to protect prompts and permission dialogsfrom attacks that exploit human response time delays. If a maliciouspage elicited user clicks in precise locations immediately beforenavigating to a site with...

3.1CVSS5.6AI score0.00058EPSS
CVE
CVEadded 2022/12/22 8:15 p.m.335 views

CVE-2022-42931

Logins saved by Firefox should be managed by the Password Manager component which uses encryption to save files on-disk. Instead, the username (not password) was saved by the Form Manager to an unencrypted file on disk. This vulnerability affects Firefox < 106.

3.3CVSS4.9AI score0.00027EPSS
CVE
CVEadded 2023/09/11 9:15 a.m.234 views

CVE-2023-4579

Search queries in the default search engine could appear to have been the currently navigated URL if the search query itself was a well formed URL. This could have led to a site spoofing another if it had been maliciously set as the default search engine. This vulnerability affects Firefox < 117...

3.1CVSS5AI score0.00128EPSS
CVE
CVEadded 2021/06/24 2:15 p.m.230 views

CVE-2021-24000

A race condition with requestPointerLock() and setTimeout() could have resulted in a user interacting with one tab when they believed they were on a separate tab. In conjunction with certain elements (such as <input type="file">) this could have led to an attack where a user was confused abou...

3.1CVSS5AI score0.00234EPSS
CVE
CVEadded 2025/01/07 4:15 p.m.214 views

CVE-2025-0245

Under certain circumstances, a user opt-in setting that Focus should require authentication before use could have been be bypassed. This vulnerability affects Firefox < 134.

3.3CVSS6.6AI score0.00038EPSS
CVE
CVEadded 2020/05/26 5:15 p.m.134 views

CVE-2020-12394

A logic flaw in our location bar implementation could have allowed a local attacker to spoof the current location by selecting a different origin and removing focus from the input element. This vulnerability affects Firefox < 76.

3.3CVSS4.8AI score0.00139EPSS
CVE
CVEadded 2024/03/19 12:15 p.m.102 views

CVE-2024-2606

Passing invalid data could have led to invalid wasm values being created, such as arbitrary integers turning into pointer values. This vulnerability affects Firefox < 124.

3.7CVSS5.8AI score0.00198EPSS
CVE
CVEadded 2011/09/29 12:55 a.m.100 views

CVE-2011-2372

Mozilla Firefox before 3.6.23 and 4.x through 6, Thunderbird before 7.0, and SeaMonkey before 2.4 do not prevent the starting of a download in response to the holding of the Enter key, which allows user-assisted remote attackers to bypass intended access restrictions via a crafted web site.

3.5CVSS9.1AI score0.00429EPSS
CVE
CVEadded 2018/06/11 9:29 p.m.80 views

CVE-2017-5387

The existence of a specifically requested local file can be found due to the double firing of the "onerror" when the "source" attribute on a "<track>" tag refers to a file that does not exist if the source page is loaded locally. This vulnerability affects Firefox < 51.

3.3CVSS5.1AI score0.00126EPSS
CVE
CVEadded 2015/08/16 1:59 a.m.70 views

CVE-2015-4481

Race condition in the Mozilla Maintenance Service in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 on Windows allows local users to write to arbitrary files and consequently gain privileges via vectors involving a hard link to a log file during an update.

3.3CVSS8.5AI score0.00251EPSS
CVE
CVEadded 2009/02/04 7:30 p.m.60 views

CVE-2009-0358

Mozilla Firefox 3.x before 3.0.6 does not properly implement the (1) no-store and (2) no-cache Cache-Control directives, which allows local users to obtain sensitive information by using the (a) back button or (b) history list of the victim's browser, as demonstrated by reading the response page of...

3.3CVSS8.5AI score0.00192EPSS
CVE
CVEadded 2007/02/26 7:28 p.m.58 views

CVE-2007-0775

Multiple unspecified vulnerabilities in the layout engine in Mozilla Firefox before 1.5.0.10 and 2.x before 2.0.0.2, Thunderbird before 1.5.0.10, and SeaMonkey before 1.0.8 allow remote attackers to cause a denial of service (crash) and potentially execute arbitrary code via certain vectors.

3.7CVSS7.6AI score0.20376EPSS
CVE
CVEadded 2020/10/01 7:15 p.m.57 views

CVE-2020-15671

When typing in a password under certain conditions, a race may have occured where the InputContext was not being correctly set for the input field, resulting in the typed password being saved to the keyboard dictionary. This vulnerability affects Firefox for Android < 80.

3.1CVSS4.6AI score0.00141EPSS
CVE
CVEadded 2025/03/04 2:15 p.m.56 views

CVE-2025-1939

Android apps can load web pages using the Custom Tabs feature. This feature supports a transition animation that could have been used to trick a user into granting sensitive permissions by hiding what the user was actually clicking. This vulnerability affects Firefox < 136.

3.9CVSS6.5AI score0.00014EPSS
CVE
CVEadded 2018/06/11 9:29 p.m.44 views

CVE-2016-9062

Private browsing mode leaves metadata information, such as URLs, for sites visited in "browser.db" and "browser.db-wal" files within the Firefox profile after the mode is exited. Note: This issue only affects Firefox for Android. Other versions and operating systems are unaffected. This vulnerabili...

3.3CVSS5.6AI score0.0008EPSS