When a user scans a QR Code with the QR Code Scanner feature, the user is not prompted before being navigated to the page specified in the code. This may surprise the user and potentially direct them to unwanted content.
Max CVSS
6.1
EPSS Score
0.05%
Published
2024-02-05
Updated
2024-02-09
Some WASM source files could have caused a crash when loaded in devtools. This vulnerability affects Firefox < 122.
Max CVSS
6.5
EPSS Score
0.05%
Published
2024-01-23
Updated
2024-01-30
In specific HSTS configurations an attacker could have bypassed HSTS on a subdomain. This vulnerability affects Firefox < 122, Firefox ESR < 115.7, and Thunderbird < 115.7.
Max CVSS
6.5
EPSS Score
0.06%
Published
2024-01-23
Updated
2024-02-02
A use-after-free crash could have occurred on macOS if a Firefox update were being applied on a very busy system. This could have resulted in an exploitable crash. This vulnerability affects Firefox < 122.
Max CVSS
6.5
EPSS Score
0.05%
Published
2024-01-23
Updated
2024-01-30
When a parent page loaded a child in an iframe with `unsafe-inline`, the parent Content Security Policy could have overridden the child Content Security Policy. This vulnerability affects Firefox < 122, Firefox ESR < 115.7, and Thunderbird < 115.7.
Max CVSS
6.5
EPSS Score
0.06%
Published
2024-01-23
Updated
2024-02-02
A Linux user opening the print preview dialog could have caused the browser to crash. This vulnerability affects Firefox < 122, Firefox ESR < 115.7, and Thunderbird < 115.7.
Max CVSS
6.5
EPSS Score
0.06%
Published
2024-01-23
Updated
2024-02-02
In some circumstances, JIT compiled code could have dereferenced a wild pointer value. This could have led to an exploitable crash. This vulnerability affects Firefox < 122.
Max CVSS
7.5
EPSS Score
0.05%
Published
2024-01-23
Updated
2024-01-29
An unchecked return value in TLS handshake code could have caused a potentially exploitable crash. This vulnerability affects Firefox < 122, Firefox ESR < 115.9, and Thunderbird < 115.9.
Max CVSS
7.5
EPSS Score
0.10%
Published
2024-01-23
Updated
2024-03-25
An out of bounds write in ANGLE could have allowed an attacker to corrupt memory leading to a potentially exploitable crash. This vulnerability affects Firefox < 122, Firefox ESR < 115.7, and Thunderbird < 115.7.
Max CVSS
6.5
EPSS Score
0.06%
Published
2024-01-23
Updated
2024-02-02
An attacker could have performed HTML template injection via Reader Mode and exfiltrated user information. This vulnerability affects Firefox for iOS < 120.
Max CVSS
6.1
EPSS Score
0.05%
Published
2023-11-21
Updated
2023-11-28
The session restore helper crashed whenever there was no parameter sent to the message handler. This vulnerability affects Firefox for iOS < 115.
Max CVSS
6.5
EPSS Score
0.05%
Published
2023-07-12
Updated
2023-07-20
The permission request prompt from the site in the background tab was overlaid on top of the site in the foreground tab. This vulnerability affects Firefox for iOS < 115.
Max CVSS
5.4
EPSS Score
0.05%
Published
2023-07-12
Updated
2023-07-20
A website could prevent a user from exiting full-screen mode via alert and prompt calls. This could lead to user confusion and possible spoofing attacks. This vulnerability affects Firefox < 115.
Max CVSS
6.5
EPSS Score
0.05%
Published
2023-07-05
Updated
2024-01-07
When opening Diagcab files, Firefox did not warn the user that these files may contain malicious code. This vulnerability affects Firefox < 115, Firefox ESR < 102.13, and Thunderbird < 102.13.
Max CVSS
7.8
EPSS Score
0.06%
Published
2023-07-05
Updated
2023-07-12
A website could have obscured the fullscreen notification by using a URL with a scheme handled by an external program, such as a mailto URL. This could have led to user confusion and possible spoofing attacks. This vulnerability affects Firefox < 115, Firefox ESR < 102.13, and Thunderbird < 102.13.
Max CVSS
6.5
EPSS Score
0.11%
Published
2023-07-05
Updated
2023-07-12
Uploading files which contain symlinks may have allowed an attacker to trick a user into submitting sensitive data to a malicious website. This vulnerability affects Firefox < 115.
Max CVSS
6.5
EPSS Score
0.06%
Published
2023-07-05
Updated
2024-01-07
The use of RTL Arabic characters in the address bar may have allowed for URL spoofing. This vulnerability affects Firefox < 115.
Max CVSS
6.5
EPSS Score
0.05%
Published
2023-07-05
Updated
2024-01-07
A website could have obscured the fullscreen notification by using an option element by introducing lag via an expensive computational function. This could have led to user confusion and possible spoofing attacks. This vulnerability affects Firefox < 115.
Max CVSS
6.5
EPSS Score
0.05%
Published
2023-07-05
Updated
2024-01-07
Insufficient validation in the Drag and Drop API in conjunction with social engineering, may have allowed an attacker to trick end-users into creating a shortcut to local system files. This could have been leveraged to execute arbitrary code. This vulnerability affects Firefox < 115.
Max CVSS
7.8
EPSS Score
0.05%
Published
2023-07-05
Updated
2024-01-07
When choosing a site-isolated process for a document loaded from a data: URL that was the result of a redirect, Firefox would load that document in the same process as the site that issued the redirect. This bypassed the site-isolation protections against Spectre-like attacks on sites that host an "open redirect". Firefox no longer follows HTTP redirects to data: URLs. This vulnerability affects Firefox < 114.
Max CVSS
6.1
EPSS Score
0.05%
Published
2023-06-19
Updated
2024-01-07
Protocol handlers `ms-cxh` and `ms-cxh-full` could have been leveraged to trigger a denial of service. *Note: This attack only affects Windows. Other operating systems are not affected.* This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11.
Max CVSS
7.5
EPSS Score
0.08%
Published
2023-06-19
Updated
2024-01-07
A type checking bug would have led to invalid code being compiled. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11.
Max CVSS
6.5
EPSS Score
0.07%
Published
2023-06-02
Updated
2024-01-07
Documents were incorrectly assuming an ordering of principal objects when ensuring we were loading an appropriately privileged principal. In certain circumstances it might have been possible to cause a document to be loaded with a higher privileged principal than intended. This vulnerability affects Firefox < 113.
Max CVSS
6.5
EPSS Score
0.05%
Published
2023-06-19
Updated
2024-01-07
A maliciously crafted favicon could have led to an out of memory crash. This vulnerability affects Firefox < 113.
Max CVSS
7.5
EPSS Score
0.05%
Published
2023-06-19
Updated
2024-01-07
Service workers could reveal script base URL due to dynamic `import()`. This vulnerability affects Firefox < 113.
Max CVSS
5.3
EPSS Score
0.05%
Published
2023-06-19
Updated
2024-01-07
1083 vulnerabilities found
1 2 3 4 5 6 ...... 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!