All the vulnerabilites related to Mozilla - Firefox for iOS
cve-2024-10004
Vulnerability from cvelistv5
Published
2024-10-15 21:29
Modified
2024-10-16 19:18
Severity ?
EPSS score ?
Summary
Opening an external link to an HTTP website when Firefox iOS was previously closed and had an HTTPS tab open could in some cases result in the padlock icon showing an HTTPS indicator incorrectly This vulnerability affects Firefox for iOS < 131.2.
References
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Mozilla | Firefox for iOS |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:mozilla:firefox:*:*:*:*:*:iphone_os:*:*",
"cpe:2.3:a:mozilla:firefox:*:*:*:*:*:ipad_os:*:*"
],
"defaultStatus": "unknown",
"product": "firefox",
"vendor": "mozilla",
"versions": [
{
"lessThan": "131.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-10004",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-16T19:18:14.288936Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1021",
"description": "CWE-1021 Improper Restriction of Rendered UI Layers or Frames",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-16T19:18:25.692Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Firefox for iOS",
"vendor": "Mozilla",
"versions": [
{
"lessThan": "131.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Erik van Straten"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Opening an external link to an HTTP website when Firefox iOS was previously closed and had an HTTPS tab open could in some cases result in the padlock icon showing an HTTPS indicator incorrectly This vulnerability affects Firefox for iOS \u003c 131.2."
}
],
"value": "Opening an external link to an HTTP website when Firefox iOS was previously closed and had an HTTPS tab open could in some cases result in the padlock icon showing an HTTPS indicator incorrectly This vulnerability affects Firefox for iOS \u003c 131.2."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Opening external link to HTTP website could show an HTTPS padlock icon incorrectly",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-15T21:29:01.383Z",
"orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"shortName": "mozilla"
},
"references": [
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1904885"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2024-54/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"assignerShortName": "mozilla",
"cveId": "CVE-2024-10004",
"datePublished": "2024-10-15T21:29:01.383Z",
"dateReserved": "2024-10-15T17:26:20.137Z",
"dateUpdated": "2024-10-16T19:18:25.692Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-12414
Vulnerability from cvelistv5
Published
2020-07-09 14:56
Modified
2024-08-04 11:56
Severity ?
EPSS score ?
Summary
IndexedDB should be cleared when leaving private browsing mode and it is not, the API for WKWebViewConfiguration was being used incorrectly and requires the private instance of this object be deleted when leaving private mode. This vulnerability affects Firefox for iOS < 27.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.mozilla.org/security/advisories/mfsa2020-23/ | x_refsource_MISC | |
| https://bugzilla.mozilla.org/show_bug.cgi?id=1646756 | x_refsource_MISC |
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Mozilla | Firefox for iOS |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T11:56:51.933Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2020-23/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1646756"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Firefox for iOS",
"vendor": "Mozilla",
"versions": [
{
"lessThan": "27",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "IndexedDB should be cleared when leaving private browsing mode and it is not, the API for WKWebViewConfiguration was being used incorrectly and requires the private instance of this object be deleted when leaving private mode. This vulnerability affects Firefox for iOS \u003c 27."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "IndexedDB persists in private browsing mode",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-07-09T14:56:06",
"orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"shortName": "mozilla"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2020-23/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1646756"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@mozilla.org",
"ID": "CVE-2020-12414",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Firefox for iOS",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "27"
}
]
}
}
]
},
"vendor_name": "Mozilla"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IndexedDB should be cleared when leaving private browsing mode and it is not, the API for WKWebViewConfiguration was being used incorrectly and requires the private instance of this object be deleted when leaving private mode. This vulnerability affects Firefox for iOS \u003c 27."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "IndexedDB persists in private browsing mode"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.mozilla.org/security/advisories/mfsa2020-23/",
"refsource": "MISC",
"url": "https://www.mozilla.org/security/advisories/mfsa2020-23/"
},
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1646756",
"refsource": "MISC",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1646756"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"assignerShortName": "mozilla",
"cveId": "CVE-2020-12414",
"datePublished": "2020-07-09T14:56:06",
"dateReserved": "2020-04-28T00:00:00",
"dateUpdated": "2024-08-04T11:56:51.933Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-26282
Vulnerability from cvelistv5
Published
2024-02-22 14:56
Modified
2024-11-06 23:09
Severity ?
EPSS score ?
Summary
Using an AMP url with a canonical element, an attacker could have executed JavaScript from an opened bookmarked page. This vulnerability affects Firefox for iOS < 123.
References
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Mozilla | Firefox for iOS |
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-26282",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-02-22T18:20:57.704888Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-06T23:09:35.424Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:07:19.173Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1863788"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2024-08/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Firefox for iOS",
"vendor": "Mozilla",
"versions": [
{
"lessThan": "123",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Muneaki Nishimura"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Using an AMP url with a canonical element, an attacker could have executed JavaScript from an opened bookmarked page. This vulnerability affects Firefox for iOS \u003c 123."
}
],
"value": "Using an AMP url with a canonical element, an attacker could have executed JavaScript from an opened bookmarked page. This vulnerability affects Firefox for iOS \u003c 123."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "UXSS through a canonical element",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-02-22T14:56:44.758Z",
"orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"shortName": "mozilla"
},
"references": [
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1863788"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2024-08/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"assignerShortName": "mozilla",
"cveId": "CVE-2024-26282",
"datePublished": "2024-02-22T14:56:44.758Z",
"dateReserved": "2024-02-15T19:27:47.710Z",
"dateUpdated": "2024-11-06T23:09:35.424Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-43111
Vulnerability from cvelistv5
Published
2024-08-06 15:55
Modified
2024-08-07 14:35
Severity ?
EPSS score ?
Summary
Long pressing on a download link could potentially allow Javascript commands to be executed within the browser This vulnerability affects Firefox for iOS < 129.
References
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Mozilla | Firefox for iOS |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:mozilla:firefox_for_ios:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "firefox_for_ios",
"vendor": "mozilla",
"versions": [
{
"lessThan": "129",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-43111",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-07T13:59:25.715707Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-07T14:35:04.587Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Firefox for iOS",
"vendor": "Mozilla",
"versions": [
{
"lessThan": "129",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "James Lee"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Long pressing on a download link could potentially allow Javascript commands to be executed within the browser This vulnerability affects Firefox for iOS \u003c 129."
}
],
"value": "Long pressing on a download link could potentially allow Javascript commands to be executed within the browser This vulnerability affects Firefox for iOS \u003c 129."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "iOS Firefox allows to run javascript with download",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-06T15:55:14.910Z",
"orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"shortName": "mozilla"
},
"references": [
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1874907"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2024-36/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"assignerShortName": "mozilla",
"cveId": "CVE-2024-43111",
"datePublished": "2024-08-06T15:55:14.910Z",
"dateReserved": "2024-08-05T23:57:50.339Z",
"dateUpdated": "2024-08-07T14:35:04.587Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-15662
Vulnerability from cvelistv5
Published
2020-08-10 17:43
Modified
2024-08-04 13:22
Severity ?
EPSS score ?
Summary
A rogue webpage could override the injected WKUserScript used by the download feature, this exploit could result in the user downloading an unintended file. This vulnerability affects Firefox for iOS < 28.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.mozilla.org/security/advisories/mfsa2020-34/ | x_refsource_MISC | |
| https://bugzilla.mozilla.org/show_bug.cgi?id=1653827 | x_refsource_MISC |
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Mozilla | Firefox for iOS |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T13:22:30.615Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2020-34/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1653827"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Firefox for iOS",
"vendor": "Mozilla",
"versions": [
{
"lessThan": "28",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A rogue webpage could override the injected WKUserScript used by the download feature, this exploit could result in the user downloading an unintended file. This vulnerability affects Firefox for iOS \u003c 28."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Download JS user script can be overidden",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-08-10T17:43:23",
"orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"shortName": "mozilla"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2020-34/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1653827"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@mozilla.org",
"ID": "CVE-2020-15662",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Firefox for iOS",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "28"
}
]
}
}
]
},
"vendor_name": "Mozilla"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A rogue webpage could override the injected WKUserScript used by the download feature, this exploit could result in the user downloading an unintended file. This vulnerability affects Firefox for iOS \u003c 28."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Download JS user script can be overidden"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.mozilla.org/security/advisories/mfsa2020-34/",
"refsource": "MISC",
"url": "https://www.mozilla.org/security/advisories/mfsa2020-34/"
},
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1653827",
"refsource": "MISC",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1653827"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"assignerShortName": "mozilla",
"cveId": "CVE-2020-15662",
"datePublished": "2020-08-10T17:43:23",
"dateReserved": "2020-07-10T00:00:00",
"dateUpdated": "2024-08-04T13:22:30.615Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-26283
Vulnerability from cvelistv5
Published
2024-02-22 14:56
Modified
2024-08-29 13:55
Severity ?
EPSS score ?
Summary
An attacker could have executed unauthorized scripts on top origin sites using a JavaScript URI when opening an external URL with a custom Firefox scheme. This vulnerability affects Firefox for iOS < 123.
References
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Mozilla | Firefox for iOS |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:07:19.281Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1850158"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2024-08/"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:mozilla:firefox:-:*:*:*:*:iphone_os:*:*"
],
"defaultStatus": "unknown",
"product": "firefox",
"vendor": "mozilla",
"versions": [
{
"lessThan": "123",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:mozilla:firefox:-:*:*:*:*:ipados:*:*"
],
"defaultStatus": "unknown",
"product": "firefox",
"vendor": "mozilla",
"versions": [
{
"lessThan": "123",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-26283",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-03-15T20:32:46.624546Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-83",
"description": "CWE-83 Improper Neutralization of Script in Attributes in a Web Page",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-29T13:55:40.992Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Firefox for iOS",
"vendor": "Mozilla",
"versions": [
{
"lessThan": "123",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Muneaki Nishimura"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An attacker could have executed unauthorized scripts on top origin sites using a JavaScript URI when opening an external URL with a custom Firefox scheme. This vulnerability affects Firefox for iOS \u003c 123."
}
],
"value": "An attacker could have executed unauthorized scripts on top origin sites using a JavaScript URI when opening an external URL with a custom Firefox scheme. This vulnerability affects Firefox for iOS \u003c 123."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Address bar spoofing using Firefox custom open URL scheme",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-02-22T14:56:43.860Z",
"orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"shortName": "mozilla"
},
"references": [
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1850158"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2024-08/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"assignerShortName": "mozilla",
"cveId": "CVE-2024-26283",
"datePublished": "2024-02-22T14:56:43.860Z",
"dateReserved": "2024-02-15T19:27:47.710Z",
"dateUpdated": "2024-08-29T13:55:40.992Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-29958
Vulnerability from cvelistv5
Published
2021-06-24 13:16
Modified
2024-08-03 22:18
Severity ?
EPSS score ?
Summary
When a download was initiated, the client did not check whether it was in normal or private browsing mode, which led to private mode cookies being shared in normal browsing mode. This vulnerability affects Firefox for iOS < 34.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.mozilla.org/security/advisories/mfsa2021-25/ | x_refsource_MISC | |
| https://bugzilla.mozilla.org/show_bug.cgi?id=1670127 | x_refsource_MISC |
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Mozilla | Firefox for iOS |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T22:18:03.205Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2021-25/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1670127"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Firefox for iOS",
"vendor": "Mozilla",
"versions": [
{
"lessThan": "34",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "When a download was initiated, the client did not check whether it was in normal or private browsing mode, which led to private mode cookies being shared in normal browsing mode. This vulnerability affects Firefox for iOS \u003c 34."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "File download shares private browsing mode cookies",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-06-24T13:16:48",
"orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"shortName": "mozilla"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2021-25/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1670127"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@mozilla.org",
"ID": "CVE-2021-29958",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Firefox for iOS",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "34"
}
]
}
}
]
},
"vendor_name": "Mozilla"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "When a download was initiated, the client did not check whether it was in normal or private browsing mode, which led to private mode cookies being shared in normal browsing mode. This vulnerability affects Firefox for iOS \u003c 34."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "File download shares private browsing mode cookies"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.mozilla.org/security/advisories/mfsa2021-25/",
"refsource": "MISC",
"url": "https://www.mozilla.org/security/advisories/mfsa2021-25/"
},
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1670127",
"refsource": "MISC",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1670127"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"assignerShortName": "mozilla",
"cveId": "CVE-2021-29958",
"datePublished": "2021-06-24T13:16:48",
"dateReserved": "2021-04-01T00:00:00",
"dateUpdated": "2024-08-03T22:18:03.205Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-43112
Vulnerability from cvelistv5
Published
2024-08-06 15:55
Modified
2024-08-07 15:26
Severity ?
EPSS score ?
Summary
Long pressing on a download link could potentially provide a means for cross-site scripting This vulnerability affects Firefox for iOS < 129.
References
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Mozilla | Firefox for iOS |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-43112",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-07T15:26:03.415503Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-07T15:26:16.578Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Firefox for iOS",
"vendor": "Mozilla",
"versions": [
{
"lessThan": "129",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "James Lee"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Long pressing on a download link could potentially provide a means for cross-site scripting This vulnerability affects Firefox for iOS \u003c 129."
}
],
"value": "Long pressing on a download link could potentially provide a means for cross-site scripting This vulnerability affects Firefox for iOS \u003c 129."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "iOS Firefox Download UXSS",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-06T15:55:13.378Z",
"orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"shortName": "mozilla"
},
"references": [
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1874910"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2024-36/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"assignerShortName": "mozilla",
"cveId": "CVE-2024-43112",
"datePublished": "2024-08-06T15:55:13.378Z",
"dateReserved": "2024-08-05T23:57:50.339Z",
"dateUpdated": "2024-08-07T15:26:16.578Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-15661
Vulnerability from cvelistv5
Published
2020-08-10 17:43
Modified
2024-08-04 13:22
Severity ?
EPSS score ?
Summary
A rogue webpage could override the injected WKUserScript used by the logins autofill, this exploit could result in leaking a password for the current domain. This vulnerability affects Firefox for iOS < 28.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.mozilla.org/security/advisories/mfsa2020-34/ | x_refsource_MISC | |
| https://bugzilla.mozilla.org/show_bug.cgi?id=1654131 | x_refsource_MISC |
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Mozilla | Firefox for iOS |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T13:22:30.630Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2020-34/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1654131"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Firefox for iOS",
"vendor": "Mozilla",
"versions": [
{
"lessThan": "28",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A rogue webpage could override the injected WKUserScript used by the logins autofill, this exploit could result in leaking a password for the current domain. This vulnerability affects Firefox for iOS \u003c 28."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Login JS user script can be overidden",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-08-10T17:43:23",
"orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"shortName": "mozilla"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2020-34/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1654131"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@mozilla.org",
"ID": "CVE-2020-15661",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Firefox for iOS",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "28"
}
]
}
}
]
},
"vendor_name": "Mozilla"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A rogue webpage could override the injected WKUserScript used by the logins autofill, this exploit could result in leaking a password for the current domain. This vulnerability affects Firefox for iOS \u003c 28."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Login JS user script can be overidden"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.mozilla.org/security/advisories/mfsa2020-34/",
"refsource": "MISC",
"url": "https://www.mozilla.org/security/advisories/mfsa2020-34/"
},
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1654131",
"refsource": "MISC",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1654131"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"assignerShortName": "mozilla",
"cveId": "CVE-2020-15661",
"datePublished": "2020-08-10T17:43:23",
"dateReserved": "2020-07-10T00:00:00",
"dateUpdated": "2024-08-04T13:22:30.630Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-15651
Vulnerability from cvelistv5
Published
2020-08-10 17:43
Modified
2024-08-04 13:22
Severity ?
EPSS score ?
Summary
A unicode RTL order character in the downloaded file name can be used to change the file's name during the download UI flow to change the file extension. This vulnerability affects Firefox for iOS < 28.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.mozilla.org/security/advisories/mfsa2020-34/ | x_refsource_MISC | |
| https://bugzilla.mozilla.org/show_bug.cgi?id=1649160 | x_refsource_MISC |
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Mozilla | Firefox for iOS |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T13:22:30.401Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2020-34/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1649160"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Firefox for iOS",
"vendor": "Mozilla",
"versions": [
{
"lessThan": "28",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A unicode RTL order character in the downloaded file name can be used to change the file\u0027s name during the download UI flow to change the file extension. This vulnerability affects Firefox for iOS \u003c 28."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Download Feature: unicode RTLO char can fake the file extension",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-08-10T17:43:24",
"orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"shortName": "mozilla"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2020-34/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1649160"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@mozilla.org",
"ID": "CVE-2020-15651",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Firefox for iOS",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "28"
}
]
}
}
]
},
"vendor_name": "Mozilla"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A unicode RTL order character in the downloaded file name can be used to change the file\u0027s name during the download UI flow to change the file extension. This vulnerability affects Firefox for iOS \u003c 28."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Download Feature: unicode RTLO char can fake the file extension"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.mozilla.org/security/advisories/mfsa2020-34/",
"refsource": "MISC",
"url": "https://www.mozilla.org/security/advisories/mfsa2020-34/"
},
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1649160",
"refsource": "MISC",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1649160"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"assignerShortName": "mozilla",
"cveId": "CVE-2020-15651",
"datePublished": "2020-08-10T17:43:24",
"dateReserved": "2020-07-10T00:00:00",
"dateUpdated": "2024-08-04T13:22:30.401Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-1887
Vulnerability from cvelistv5
Published
2022-12-22 00:00
Modified
2024-08-03 00:17
Severity ?
EPSS score ?
Summary
The search term could have been specified externally to trigger SQL injection. This vulnerability affects Firefox for iOS < 101.
References
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Mozilla | Firefox for iOS |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:17:00.994Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2022-23/"
},
{
"tags": [
"x_transferred"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1767205"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Firefox for iOS",
"vendor": "Mozilla",
"versions": [
{
"lessThan": "101",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The search term could have been specified externally to trigger SQL injection. This vulnerability affects Firefox for iOS \u003c 101."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "SQL injection in history tab",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-12-22T00:00:00",
"orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"shortName": "mozilla"
},
"references": [
{
"url": "https://www.mozilla.org/security/advisories/mfsa2022-23/"
},
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1767205"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"assignerShortName": "mozilla",
"cveId": "CVE-2022-1887",
"datePublished": "2022-12-22T00:00:00",
"dateReserved": "2022-05-25T00:00:00",
"dateUpdated": "2024-08-03T00:17:00.994Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-17003
Vulnerability from cvelistv5
Published
2023-02-16 00:00
Modified
2024-08-05 01:24
Severity ?
EPSS score ?
Summary
Scanning a QR code that contained a javascript: URL would have resulted in the Javascript being executed.
References
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Mozilla | Firefox for iOS |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T01:24:48.597Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=CVE-2019-17003"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Firefox for iOS",
"vendor": "Mozilla",
"versions": [
{
"lessThanOrEqual": "25",
"status": "unknown",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "unspecified",
"status": "unaffected",
"version": "next of 25",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Scanning a QR code that contained a javascript: URL would have resulted in the Javascript being executed."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": " Improper parsing of QR codes in address bar could lead to XSS",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-02-16T00:00:00",
"orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"shortName": "mozilla"
},
"references": [
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=CVE-2019-17003"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.0.9"
}
}
},
"cveMetadata": {
"assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"assignerShortName": "mozilla",
"cveId": "CVE-2019-17003",
"datePublished": "2023-02-16T00:00:00",
"dateReserved": "2019-09-30T00:00:00",
"dateUpdated": "2024-08-05T01:24:48.597Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-37455
Vulnerability from cvelistv5
Published
2023-07-12 13:46
Modified
2024-11-07 15:04
Severity ?
EPSS score ?
Summary
The permission request prompt from the site in the background tab was overlaid on top of the site in the foreground tab. This vulnerability affects Firefox for iOS < 115.
References
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Mozilla | Firefox for iOS |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T17:16:30.083Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1786934"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2023-25/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-37455",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-07T15:04:34.074547Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-07T15:04:41.964Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Firefox for iOS",
"vendor": "Mozilla",
"versions": [
{
"lessThan": "115",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Kazuki Nomoto"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The permission request prompt from the site in the background tab was overlaid on top of the site in the foreground tab. This vulnerability affects Firefox for iOS \u003c 115."
}
],
"value": "The permission request prompt from the site in the background tab was overlaid on top of the site in the foreground tab. This vulnerability affects Firefox for iOS \u003c 115."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Media permission request prompt showing from background tab",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-07-12T13:46:07.164Z",
"orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"shortName": "mozilla"
},
"references": [
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1786934"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2023-25/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"assignerShortName": "mozilla",
"cveId": "CVE-2023-37455",
"datePublished": "2023-07-12T13:46:07.164Z",
"dateReserved": "2023-07-06T12:47:25.162Z",
"dateUpdated": "2024-11-07T15:04:41.964Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-0953
Vulnerability from cvelistv5
Published
2024-02-05 16:48
Modified
2024-10-27 22:12
Severity ?
EPSS score ?
Summary
When a user scans a QR Code with the QR Code Scanner feature, the user is not prompted before being navigated to the page specified in the code. This may surprise the user and potentially direct them to unwanted content. This vulnerability affects Firefox for iOS < 129.
References
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Mozilla | Firefox for iOS |
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-0953",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-02-05T20:24:03.153967Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-601",
"description": "CWE-601 URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-27T22:12:29.342Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T18:26:28.978Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1837916"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Firefox for iOS",
"vendor": "Mozilla",
"versions": [
{
"lessThan": "129",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Lohith Gowda M"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "When a user scans a QR Code with the QR Code Scanner feature, the user is not prompted before being navigated to the page specified in the code. This may surprise the user and potentially direct them to unwanted content. This vulnerability affects Firefox for iOS \u003c 129."
}
],
"value": "When a user scans a QR Code with the QR Code Scanner feature, the user is not prompted before being navigated to the page specified in the code. This may surprise the user and potentially direct them to unwanted content. This vulnerability affects Firefox for iOS \u003c 129."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "QR Code Scanner does not prompt before navigating user",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-06T15:55:14.502Z",
"orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"shortName": "mozilla"
},
"references": [
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1837916"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2024-36/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"assignerShortName": "mozilla",
"cveId": "CVE-2024-0953",
"datePublished": "2024-02-05T16:48:33.899Z",
"dateReserved": "2024-01-26T16:12:18.955Z",
"dateUpdated": "2024-10-27T22:12:29.342Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-12404
Vulnerability from cvelistv5
Published
2020-07-09 14:44
Modified
2024-08-04 11:56
Severity ?
EPSS score ?
Summary
For native-to-JS bridging the app requires a unique token to be passed that ensures non-app code can't call the bridging functions. That token could leak when used for downloading files. This vulnerability affects Firefox for iOS < 26.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.mozilla.org/security/advisories/mfsa2020-19/ | x_refsource_MISC | |
| https://bugzilla.mozilla.org/show_bug.cgi?id=1631739 | x_refsource_MISC |
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Mozilla | Firefox for iOS |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T11:56:51.728Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2020-19/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1631739"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Firefox for iOS",
"vendor": "Mozilla",
"versions": [
{
"lessThan": "26",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "For native-to-JS bridging the app requires a unique token to be passed that ensures non-app code can\u0027t call the bridging functions. That token could leak when used for downloading files. This vulnerability affects Firefox for iOS \u003c 26."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Native-to-JS bridging security token exploit",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-07-09T14:44:16",
"orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"shortName": "mozilla"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2020-19/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1631739"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@mozilla.org",
"ID": "CVE-2020-12404",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Firefox for iOS",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "26"
}
]
}
}
]
},
"vendor_name": "Mozilla"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "For native-to-JS bridging the app requires a unique token to be passed that ensures non-app code can\u0027t call the bridging functions. That token could leak when used for downloading files. This vulnerability affects Firefox for iOS \u003c 26."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Native-to-JS bridging security token exploit"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.mozilla.org/security/advisories/mfsa2020-19/",
"refsource": "MISC",
"url": "https://www.mozilla.org/security/advisories/mfsa2020-19/"
},
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1631739",
"refsource": "MISC",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1631739"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"assignerShortName": "mozilla",
"cveId": "CVE-2020-12404",
"datePublished": "2020-07-09T14:44:16",
"dateReserved": "2020-04-28T00:00:00",
"dateUpdated": "2024-08-04T11:56:51.728Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-49061
Vulnerability from cvelistv5
Published
2023-11-21 14:28
Modified
2024-08-02 21:46
Severity ?
EPSS score ?
Summary
An attacker could have performed HTML template injection via Reader Mode and exfiltrated user information. This vulnerability affects Firefox for iOS < 120.
References
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Mozilla | Firefox for iOS |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T21:46:29.100Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1861420"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2023-51/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Firefox for iOS",
"vendor": "Mozilla",
"versions": [
{
"lessThan": "120",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Muneaki Nishimura"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An attacker could have performed HTML template injection via Reader Mode and exfiltrated user information. This vulnerability affects Firefox for iOS \u003c 120."
}
],
"value": "An attacker could have performed HTML template injection via Reader Mode and exfiltrated user information. This vulnerability affects Firefox for iOS \u003c 120."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "HTML injection in %READER-BYLINE% of ReaderMode",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-21T14:28:55.728Z",
"orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"shortName": "mozilla"
},
"references": [
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1861420"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2023-51/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"assignerShortName": "mozilla",
"cveId": "CVE-2023-49061",
"datePublished": "2023-11-21T14:28:55.728Z",
"dateReserved": "2023-11-20T15:00:28.168Z",
"dateUpdated": "2024-08-02T21:46:29.100Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-31392
Vulnerability from cvelistv5
Published
2024-04-03 15:19
Modified
2024-10-30 16:15
Severity ?
EPSS score ?
Summary
If an insecure element was added to a page after a delay, Firefox would not replace the secure icon with a mixed content security status This vulnerability affects Firefox for iOS < 124.
References
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Mozilla | Firefox for iOS |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:mozilla:firefox:*:*:*:*:*:iphone_os:*:*"
],
"defaultStatus": "unknown",
"product": "firefox",
"vendor": "mozilla",
"versions": [
{
"lessThan": "124",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-31392",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-30T16:15:24.002365Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-noinfo Not enough information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-30T16:15:31.793Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T01:52:56.841Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1875925"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2024-17/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Firefox for iOS",
"vendor": "Mozilla",
"versions": [
{
"lessThan": "124",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Chaykin Artem"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "If an insecure element was added to a page after a delay, Firefox would not replace the secure icon with a mixed content security status This vulnerability affects Firefox for iOS \u003c 124."
}
],
"value": "If an insecure element was added to a page after a delay, Firefox would not replace the secure icon with a mixed content security status This vulnerability affects Firefox for iOS \u003c 124."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Firefox on iOS would show pages with mixed content secure",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-04-03T15:19:14.608Z",
"orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"shortName": "mozilla"
},
"references": [
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1875925"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2024-17/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"assignerShortName": "mozilla",
"cveId": "CVE-2024-31392",
"datePublished": "2024-04-03T15:19:14.608Z",
"dateReserved": "2024-04-02T17:33:52.111Z",
"dateUpdated": "2024-10-30T16:15:31.793Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-26281
Vulnerability from cvelistv5
Published
2024-02-22 14:56
Modified
2024-11-20 16:31
Severity ?
EPSS score ?
Summary
Upon scanning a JavaScript URI with the QR code scanner, an attacker could have executed unauthorized scripts on the current top origin sites in the URL bar. This vulnerability affects Firefox for iOS < 123.
References
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Mozilla | Firefox for iOS |
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-26281",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-02-22T17:07:34.853334Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-20T16:31:49.439Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:07:19.537Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1868005"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2024-08/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Firefox for iOS",
"vendor": "Mozilla",
"versions": [
{
"lessThan": "123",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "James Lee"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Upon scanning a JavaScript URI with the QR code scanner, an attacker could have executed unauthorized scripts on the current top origin sites in the URL bar. This vulnerability affects Firefox for iOS \u003c 123."
}
],
"value": "Upon scanning a JavaScript URI with the QR code scanner, an attacker could have executed unauthorized scripts on the current top origin sites in the URL bar. This vulnerability affects Firefox for iOS \u003c 123."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "QR code scanner allowed executing a JavaScript URI",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-02-22T14:56:45.803Z",
"orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"shortName": "mozilla"
},
"references": [
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1868005"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2024-08/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"assignerShortName": "mozilla",
"cveId": "CVE-2024-26281",
"datePublished": "2024-02-22T14:56:45.803Z",
"dateReserved": "2024-02-15T19:27:47.710Z",
"dateUpdated": "2024-11-20T16:31:49.439Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-38313
Vulnerability from cvelistv5
Published
2024-06-13 20:01
Modified
2024-08-02 04:04
Severity ?
EPSS score ?
Summary
In certain scenarios a malicious website could attempt to display a fake location URL bar which could mislead users as to the actual website address This vulnerability affects Firefox for iOS < 127.
References
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Mozilla | Firefox for iOS |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-38313",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-14T16:23:38.608898Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-14T16:24:07.846Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T04:04:25.077Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1878489"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2024-27/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Firefox for iOS",
"vendor": "Mozilla",
"versions": [
{
"lessThan": "127",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Muneaki Nishimura"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "In certain scenarios a malicious website could attempt to display a fake location URL bar which could mislead users as to the actual website address This vulnerability affects Firefox for iOS \u003c 127."
}
],
"value": "In certain scenarios a malicious website could attempt to display a fake location URL bar which could mislead users as to the actual website address This vulnerability affects Firefox for iOS \u003c 127."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Location URL bar could be visually spoofed with a fake toolbar",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-13T20:01:13.281Z",
"orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"shortName": "mozilla"
},
"references": [
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1878489"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2024-27/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"assignerShortName": "mozilla",
"cveId": "CVE-2024-38313",
"datePublished": "2024-06-13T20:01:13.281Z",
"dateReserved": "2024-06-13T18:40:29.768Z",
"dateUpdated": "2024-08-02T04:04:25.077Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-43113
Vulnerability from cvelistv5
Published
2024-08-06 15:55
Modified
2024-08-07 13:32
Severity ?
EPSS score ?
Summary
The contextual menu for links could provide an opportunity for cross-site scripting attacks This vulnerability affects Firefox for iOS < 129.
References
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Mozilla | Firefox for iOS |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-43113",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-07T13:31:39.812437Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-07T13:32:03.863Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Firefox for iOS",
"vendor": "Mozilla",
"versions": [
{
"lessThan": "129",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "James Lee"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The contextual menu for links could provide an opportunity for cross-site scripting attacks This vulnerability affects Firefox for iOS \u003c 129."
}
],
"value": "The contextual menu for links could provide an opportunity for cross-site scripting attacks This vulnerability affects Firefox for iOS \u003c 129."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "The Context Menu for iOS Firefox can over ride on any origin allowing UXSS everywhere with bug id 1874910",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-06T15:55:13.829Z",
"orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"shortName": "mozilla"
},
"references": [
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1874964"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2024-36/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"assignerShortName": "mozilla",
"cveId": "CVE-2024-43113",
"datePublished": "2024-08-06T15:55:13.829Z",
"dateReserved": "2024-08-05T23:57:50.339Z",
"dateUpdated": "2024-08-07T13:32:03.863Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-31393
Vulnerability from cvelistv5
Published
2024-04-03 15:19
Modified
2024-08-02 01:52
Severity ?
EPSS score ?
Summary
Dragging Javascript URLs to the address bar could cause them to be loaded, bypassing restrictions and security protections This vulnerability affects Firefox for iOS < 124.
References
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Mozilla | Firefox for iOS |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-31393",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-04-03T18:14:32.126837Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:37:00.516Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T01:52:56.878Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1879739"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2024-17/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Firefox for iOS",
"vendor": "Mozilla",
"versions": [
{
"lessThan": "124",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Muneaki Nishimura"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Dragging Javascript URLs to the address bar could cause them to be loaded, bypassing restrictions and security protections This vulnerability affects Firefox for iOS \u003c 124."
}
],
"value": "Dragging Javascript URLs to the address bar could cause them to be loaded, bypassing restrictions and security protections This vulnerability affects Firefox for iOS \u003c 124."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Javascript URLs would load when dragged to address bar",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-04-03T15:19:14.045Z",
"orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"shortName": "mozilla"
},
"references": [
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1879739"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2024-17/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"assignerShortName": "mozilla",
"cveId": "CVE-2024-31393",
"datePublished": "2024-04-03T15:19:14.045Z",
"dateReserved": "2024-04-02T17:33:52.111Z",
"dateUpdated": "2024-08-02T01:52:56.878Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-38312
Vulnerability from cvelistv5
Published
2024-06-13 20:01
Modified
2024-10-30 18:39
Severity ?
EPSS score ?
Summary
When browsing private tabs, some data related to location history or webpage thumbnails could be persisted incorrectly within the sandboxed app bundle after app termination This vulnerability affects Firefox for iOS < 127.
References
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Mozilla | Firefox for iOS |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T04:04:25.248Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1878578"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2024-27/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-38312",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-05T19:02:31.503642Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-922",
"description": "CWE-922 Insecure Storage of Sensitive Information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-30T18:39:21.542Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Firefox for iOS",
"vendor": "Mozilla",
"versions": [
{
"lessThan": "127",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Adam Berry"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "When browsing private tabs, some data related to location history or webpage thumbnails could be persisted incorrectly within the sandboxed app bundle after app termination This vulnerability affects Firefox for iOS \u003c 127."
}
],
"value": "When browsing private tabs, some data related to location history or webpage thumbnails could be persisted incorrectly within the sandboxed app bundle after app termination This vulnerability affects Firefox for iOS \u003c 127."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Private tabs could result in residual data related to browsing history in app bundle",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-13T20:01:13.543Z",
"orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"shortName": "mozilla"
},
"references": [
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1878578"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2024-27/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"assignerShortName": "mozilla",
"cveId": "CVE-2024-38312",
"datePublished": "2024-06-13T20:01:13.543Z",
"dateReserved": "2024-06-13T18:40:29.768Z",
"dateUpdated": "2024-10-30T18:39:21.542Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-6830
Vulnerability from cvelistv5
Published
2020-05-26 17:06
Modified
2024-08-04 09:11
Severity ?
EPSS score ?
Summary
For native-to-JS bridging, the app requires a unique token to be passed that ensures non-app code can't call the bridging functions. That token was being used for JS-to-native also, but it isn't needed in this case, and its usage was also leaking this token. This vulnerability affects Firefox for iOS < 25.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.mozilla.org/security/advisories/mfsa2020-15/ | x_refsource_MISC | |
| https://bugzilla.mozilla.org/show_bug.cgi?id=1632387 | x_refsource_MISC |
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Mozilla | Firefox for iOS |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T09:11:05.047Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2020-15/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1632387"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Firefox for iOS",
"vendor": "Mozilla",
"versions": [
{
"lessThan": "25",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "For native-to-JS bridging, the app requires a unique token to be passed that ensures non-app code can\u0027t call the bridging functions. That token was being used for JS-to-native also, but it isn\u0027t needed in this case, and its usage was also leaking this token. This vulnerability affects Firefox for iOS \u003c 25."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Native-to-JS bridging security token exploit",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-05-26T17:06:52",
"orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"shortName": "mozilla"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2020-15/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1632387"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@mozilla.org",
"ID": "CVE-2020-6830",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Firefox for iOS",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "25"
}
]
}
}
]
},
"vendor_name": "Mozilla"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "For native-to-JS bridging, the app requires a unique token to be passed that ensures non-app code can\u0027t call the bridging functions. That token was being used for JS-to-native also, but it isn\u0027t needed in this case, and its usage was also leaking this token. This vulnerability affects Firefox for iOS \u003c 25."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Native-to-JS bridging security token exploit"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.mozilla.org/security/advisories/mfsa2020-15/",
"refsource": "MISC",
"url": "https://www.mozilla.org/security/advisories/mfsa2020-15/"
},
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1632387",
"refsource": "MISC",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1632387"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"assignerShortName": "mozilla",
"cveId": "CVE-2020-6830",
"datePublished": "2020-05-26T17:06:52",
"dateReserved": "2020-01-10T00:00:00",
"dateUpdated": "2024-08-04T09:11:05.047Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-31746
Vulnerability from cvelistv5
Published
2022-12-22 00:00
Modified
2024-08-03 07:26
Severity ?
EPSS score ?
Summary
Internal URLs are protected by a secret UUID key, which could have been leaked to web page through the Referrer header. This vulnerability affects Firefox for iOS < 102.
References
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Mozilla | Firefox for iOS |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T07:26:01.033Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2022-27/"
},
{
"tags": [
"x_transferred"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1654416"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Firefox for iOS",
"vendor": "Mozilla",
"versions": [
{
"lessThan": "102",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Internal URLs are protected by a secret UUID key, which could have been leaked to web page through the Referrer header. This vulnerability affects Firefox for iOS \u003c 102."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Privileged internal URL protection could be bypassed through referrer header.",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-12-22T00:00:00",
"orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"shortName": "mozilla"
},
"references": [
{
"url": "https://www.mozilla.org/security/advisories/mfsa2022-27/"
},
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1654416"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"assignerShortName": "mozilla",
"cveId": "CVE-2022-31746",
"datePublished": "2022-12-22T00:00:00",
"dateReserved": "2022-05-26T00:00:00",
"dateUpdated": "2024-08-03T07:26:01.033Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-49060
Vulnerability from cvelistv5
Published
2023-11-21 14:28
Modified
2024-08-02 21:46
Severity ?
EPSS score ?
Summary
An attacker could have accessed internal pages or data by ex-filtrating a security key from ReaderMode via the `referrerpolicy` attribute. This vulnerability affects Firefox for iOS < 120.
References
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Mozilla | Firefox for iOS |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T21:46:28.962Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1861405"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2023-51/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Firefox for iOS",
"vendor": "Mozilla",
"versions": [
{
"lessThan": "120",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Muneaki Nishimura"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An attacker could have accessed internal pages or data by ex-filtrating a security key from ReaderMode via the \u003ccode\u003ereferrerpolicy\u003c/code\u003e attribute. This vulnerability affects Firefox for iOS \u003c 120."
}
],
"value": "An attacker could have accessed internal pages or data by ex-filtrating a security key from ReaderMode via the `referrerpolicy` attribute. This vulnerability affects Firefox for iOS \u003c 120."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Privilege escalation through in ReaderMode",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-21T14:28:55.428Z",
"orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"shortName": "mozilla"
},
"references": [
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1861405"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2023-51/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"assignerShortName": "mozilla",
"cveId": "CVE-2023-49060",
"datePublished": "2023-11-21T14:28:55.428Z",
"dateReserved": "2023-11-20T15:00:28.168Z",
"dateUpdated": "2024-08-02T21:46:28.962Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-5758
Vulnerability from cvelistv5
Published
2023-10-24 20:11
Modified
2024-08-02 08:07
Severity ?
EPSS score ?
Summary
When opening a page in reader mode, the redirect URL could have caused attacker-controlled script to execute in a reflected Cross-Site Scripting (XSS) attack. This vulnerability affects Firefox for iOS < 119.
References
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Mozilla | Firefox for iOS |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T08:07:32.665Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1850019"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2023-48/"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202401-10"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Firefox for iOS",
"vendor": "Mozilla",
"versions": [
{
"lessThan": "119",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Irwan"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "When opening a page in reader mode, the redirect URL could have caused attacker-controlled script to execute in a reflected Cross-Site Scripting (XSS) attack. This vulnerability affects Firefox for iOS \u003c 119."
}
],
"value": "When opening a page in reader mode, the redirect URL could have caused attacker-controlled script to execute in a reflected Cross-Site Scripting (XSS) attack. This vulnerability affects Firefox for iOS \u003c 119."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-Site Scripting (XSS) in reader mode",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-24T20:11:15.306Z",
"orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"shortName": "mozilla"
},
"references": [
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1850019"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2023-48/"
},
{
"url": "https://security.gentoo.org/glsa/202401-10"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"assignerShortName": "mozilla",
"cveId": "CVE-2023-5758",
"datePublished": "2023-10-24T20:11:15.306Z",
"dateReserved": "2023-10-24T19:08:44.980Z",
"dateUpdated": "2024-08-02T08:07:32.665Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-37456
Vulnerability from cvelistv5
Published
2023-07-12 13:46
Modified
2024-11-07 16:46
Severity ?
EPSS score ?
Summary
The session restore helper crashed whenever there was no parameter sent to the message handler. This vulnerability affects Firefox for iOS < 115.
References
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Mozilla | Firefox for iOS |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T17:16:29.423Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1795496"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2023-25/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-37456",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-07T16:45:49.392545Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476 NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-07T16:46:15.963Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Firefox for iOS",
"vendor": "Mozilla",
"versions": [
{
"lessThan": "115",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Artem Chaykin"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The session restore helper crashed whenever there was no parameter sent to the message handler. This vulnerability affects Firefox for iOS \u003c 115."
}
],
"value": "The session restore helper crashed whenever there was no parameter sent to the message handler. This vulnerability affects Firefox for iOS \u003c 115."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Browser crashed when session restore was called with an empty body",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-07-12T13:46:28.648Z",
"orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"shortName": "mozilla"
},
"references": [
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1795496"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2023-25/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"assignerShortName": "mozilla",
"cveId": "CVE-2023-37456",
"datePublished": "2023-07-12T13:46:28.648Z",
"dateReserved": "2023-07-06T12:47:25.163Z",
"dateUpdated": "2024-11-07T16:46:15.963Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}