Lucene search
K
MozillaFocus

16 matches found

CVE
CVE
added 2023/06/02 12:0 a.m.1155 views

CVE-2023-29540

CVE-2023-29540 is a vulnerability in Mozilla Firefox affecting Firefox for Android and Focus for Android prior to version 112. It arises from a redirect embedded in sourceMappingUrls that could navigate to external protocol links inside sandboxed iframes without allow-top-navigation-to-custom-pro...

6.1CVSS6.2AI score0.00315EPSS
CVE
CVE
added 2023/06/02 12:0 a.m.230 views

CVE-2023-29536

The CVE-2023-29536 entry applies to Mozilla products (Firefox, Focus, Thunderbird, Firefox ESR, and Firefox for Android) with memory-management weakness in freeing a pointer to attacker-controlled memory. Impacted versions include Firefox <112, Focus for Android <112, Firefox ESR <102.10...

8.8CVSS8.1AI score0.00702EPSS
CVE
CVE
added 2023/06/02 12:0 a.m.224 views

CVE-2023-29539

Concrete details found: CVE-2023-29539 (Content-Disposition filename truncation on NULL) affects Firefox family and Thunderbird; root cause is NULL character in filename causing truncation and potential Reflected File Download. Connected documents (Astra Linux bulletin, Debian/CentOS advisories) ...

8.8CVSS7.9AI score0.00737EPSS
CVE
CVE
added 2023/06/02 12:0 a.m.211 views

CVE-2023-29541

The CVE-2023-29541 issue concerns Firefox on Linux (and Thunderbird) where downloads of files ending with .desktop could be interpreted as commands, enabling attacker-controlled execution. Public advisories show affected products as Firefox (Linux) older than 112, Thunderbird older than 102.10, a...

8.8CVSS7.9AI score0.00737EPSS
CVE
CVE
added 2023/06/02 12:0 a.m.182 views

CVE-2023-29550

CVE-2023-29550 corresponds to memory-safety bugs in Mozilla Firefox 111 and Firefox ESR 102.9 (affecting Firefox < 112, Focus for Android < 112, ESR < 102.10, Firefox for Android < 112, Thunderbird

8.8CVSS9.1AI score0.00702EPSS
CVE
CVE
added 2023/06/02 12:0 a.m.169 views

CVE-2023-29533

CVE-2023-29533 affects Firefox (pre-112, ESR pre-102.10, Android-focused builds pre-112) and Thunderbird (

4.3CVSS5.4AI score0.00564EPSS
CVE
CVE
added 2023/06/02 12:0 a.m.166 views

CVE-2023-29548

CVE-2023-29548 concerns a wrong lowering instruction in the ARM64 Ion compiler that yields an incorrect optimization result. The vulnerability affects Firefox (<112), Focus for Android (<112), Firefox ESR (<102.10), Firefox for Android (<112), and Thunderbird (

6.5CVSS6.6AI score0.00689EPSS
CVE
CVE
added 2023/06/02 12:0 a.m.163 views

CVE-2023-29535

CVE-2023-29535: The vulnerability arises from a garbage collector compaction issue in Firefox/related products where a weak map could be accessed before proper tracing, leading to memory corruption and a potentially exploitable crash. Affected software per documents includes Firefox (and derivati...

6.5CVSS7.3AI score0.00741EPSS
CVE
CVE
added 2023/06/02 12:0 a.m.151 views

CVE-2023-29547

The CVE-2023-29547 issue affects Mozilla Firefox and Firefox-based products: when a secure cookie existed in the Firefox cookie jar, an insecure cookie for the same domain could be created instead of silently failing, causing desynchronization when reading the secure cookie. Affected versions inc...

6.5CVSS6.5AI score0.00469EPSS
CVE
CVE
added 2023/06/02 12:0 a.m.142 views

CVE-2023-29537

CVE-2023-29537 concerns multiple race conditions in font initialization that could cause memory corruption and allow attacker-controlled code execution. Affected products include Mozilla Firefox on Android, Firefox versions before 112, and Focus for Android before 112. The vulnerability’s root ca...

7.5CVSS7.4AI score0.00552EPSS
CVE
CVE
added 2023/06/02 12:0 a.m.142 views

CVE-2023-29551

CVE-2023-29551 corresponds to memory safety bugs in Mozilla Firefox 111 that affected Firefox for Android < 112, Firefox < 112, and Focus for Android

8.8CVSS8.8AI score0.00521EPSS
CVE
CVE
added 2023/06/02 12:0 a.m.135 views

CVE-2023-29544

CVE-2023-29544 describes a memory corruption vulnerability in the Firefox garbage collector that can trigger a potentially exploitable crash when multiple resource-exhaustion instances occur at the wrong time. Affected products include Firefox for Android and Focus for Android, specifically versi...

6.5CVSS6.9AI score0.00448EPSS
CVE
CVE
added 2023/06/02 12:0 a.m.135 views

CVE-2023-29549

CVE-2023-29549 : The issue arises when a call to bind may end up in the wrong realm, creating a vulnerability for JavaScript-based sandboxes such as SES in Firefox-based browsers. Affected products include Firefox for Android <112, Firefox <112, and Focus for Android

6.5CVSS6.4AI score0.00327EPSS
CVE
CVE
added 2023/06/02 12:0 a.m.132 views

CVE-2023-29543

CVE-2023-29543 affects Mozilla Firefox and Focus for Android prior to version 112, caused by a memory-corruption/use-after-free in a global object’s debugger vector. Affected products include Firefox for Android <112, Firefox <112, and Focus for Android

8.8CVSS8.2AI score0.00521EPSS
CVE
CVE
added 2023/06/02 12:0 a.m.124 views

CVE-2023-29538

CVE-2023-29538 affects Firefox (and Focus) on Android: under specific WebExtension load circumstances a jar:file:/// URI could be exposed instead of moz-extension:///, leaking local directory paths. Affected: Firefox for Android <112, Firefox <112, and Focus for Android

4.3CVSS5.2AI score0.00397EPSS
CVE
CVE
added 2026/06/09 8:52 p.m.22 views

CVE-2026-11799

CVE-2026-11799 concerns a UXSS flaw in Focus for iOS and Klar WebKit navigation. The affected components are Focus for iOS and Klar for iOS, with a root cause not explicitly detailed in the provided documents beyond the UXSS classification. The vulnerability is rated HIGH (CVSS 3.1: AV:N/AC:L/PR:...

7.5CVSS5.5AI score0.00216EPSS