cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2023-29534,https://securityvulnerability.io/vulnerability/CVE-2023-29534,Fullscreen Notification Obfuscation in Firefox and Focus for Android,"This vulnerability involves various techniques that could obscure the fullscreen notification in the Firefox browser and Focus app for Android. Such obfuscation can result in potential user confusion, making them susceptible to spoofing attacks. It specifically affects versions of Firefox for Android and Focus for Android that are below version 112, posing risks as users may misinterpret the legitimacy of notifications presented to them.",Mozilla,"Firefox For Android,Focus For Android",9.1,CRITICAL,0.0037799999117851257,false,,false,false,false,,,false,false,,2023-06-19T11:15:00.000Z,0
CVE-2023-25747,https://securityvulnerability.io/vulnerability/CVE-2023-25747,Use-After-Free Vulnerability in Firefox for Android by Mozilla,A use-after-free vulnerability exists in the libaudio component of Firefox for Android that can be exploited when the AAudio backend is enabled on devices running Android API levels below 30. This issue can lead to unexpected behavior in the application. Mozilla has addressed this vulnerability by disabling the AAudio backend for affected API levels. Users are encouraged to update to Firefox for Android version 110.1.0 or later to ensure the application runs securely.,Mozilla,Firefox For Android,7.5,HIGH,0.0014299999456852674,false,,false,false,false,,,false,false,,2023-06-19T11:15:00.000Z,0
CVE-2023-29546,https://securityvulnerability.io/vulnerability/CVE-2023-29546,Information Disclosure in Firefox for Android by Mozilla,"A vulnerability in Firefox for Android and Focus for Android allows for the leakage of sensitive information when users record their screen while in Private Browsing mode. Specifically, the address bar and keyboard are not hidden during screen recording, potentially exposing personal data to unauthorized viewers. This issue affects versions prior to 112 and has not been reported on other operating systems.",Mozilla,"Firefox For Android,Focus For Android",6.5,MEDIUM,0.0017500000540167093,false,,false,false,false,,,false,false,,2023-06-19T11:15:00.000Z,0
CVE-2023-29551,https://securityvulnerability.io/vulnerability/CVE-2023-29551,Memory Safety Issues in Firefox and Focus for Android by Mozilla,"The vulnerability in Firefox and Focus for Android stems from specific memory safety flaws that have been identified in versions prior to 112. These flaws indicate potential memory corruption, which, if exploited, may allow an attacker to execute arbitrary code on the affected devices. Users of these browsers are advised to update promptly to mitigate the risks associated with these vulnerabilities.",Mozilla,"Firefox for Android,Firefox,Focus for Android",8.8,HIGH,0.001979999942705035,false,,false,false,false,,,false,false,,2023-06-02T00:00:00.000Z,0
CVE-2023-29535,https://securityvulnerability.io/vulnerability/CVE-2023-29535,Memory Corruption Vulnerability in Mozilla Products,"This vulnerability arises from a flaw during Garbage Collector compaction, where weak maps could be accessed before proper tracing was executed. Such a scenario leads to potential memory corruption, which can cause crashes and might be leveraged for exploitation. The affected versions include Firefox, Focus for Android, and Thunderbird, all of which may expose users to security risks.",Mozilla,"Firefox,Focus for Android,Firefox ESR,Firefox for Android,Thunderbird",6.5,MEDIUM,0.001610000035725534,false,,false,false,false,,,false,false,,2023-06-02T00:00:00.000Z,0
CVE-2023-29537,https://securityvulnerability.io/vulnerability/CVE-2023-29537,Multiple Race Conditions in Firefox and Focus Products by Mozilla,"This vulnerability arises from multiple race conditions during font initialization processes in Mozilla's Firefox and Focus applications. Attackers may exploit these race conditions to corrupt memory, potentially allowing the execution of arbitrary code under the control of the attacker. The affected versions include Firefox for Android and Focus for Android, which are vulnerable to these exploitation methods if not updated.",Mozilla,"Firefox for Android,Firefox,Focus for Android",7.5,HIGH,0.003719999920576811,false,,false,false,false,,,false,false,,2023-06-02T00:00:00.000Z,0
CVE-2023-29538,https://securityvulnerability.io/vulnerability/CVE-2023-29538,Directory Path Exposure in Firefox and Focus for Android by Mozilla,"A vulnerability in Mozilla's Firefox and Focus for Android allows a WebExtension to receive a jar:file:/// URI instead of the intended moz-extension:/// URI during load requests. This issue can lead to the unintentional exposure of directory paths stored on the user's device, which poses risks related to user privacy and system integrity. The vulnerability is relevant to specific versions of Firefox for Android, Firefox, and Focus for Android prior to version 112.",Mozilla,"Firefox for Android,Firefox,Focus for Android",4.3,MEDIUM,0.0006399999838322401,false,,false,false,false,,,false,false,,2023-06-02T00:00:00.000Z,0
CVE-2023-29540,https://securityvulnerability.io/vulnerability/CVE-2023-29540,External Protocol Navigation Vulnerability in Firefox and Focus Apps,"A vulnerability in the Firefox web browser and Focus application can be exploited through a redirect embedded in sourceMappingUrls. This flaw allows navigation to external protocol links within sandboxed iframes, bypassing the restriction implemented by the 'allow-top-navigation-to-custom-protocols' setting. The issue affects various versions of Firefox for Android and Focus for Android below version 112, presenting significant security concerns for users of these applications.",Mozilla,"Firefox for Android,Firefox,Focus for Android",6.1,MEDIUM,0.0006399999838322401,false,,false,false,false,,,false,false,,2023-06-02T00:00:00.000Z,0
CVE-2023-29541,https://securityvulnerability.io/vulnerability/CVE-2023-29541,File Handling Vulnerability in Firefox for Linux Distributions,"A vulnerability in Firefox allows for improper handling of downloads of files with the .desktop extension, potentially enabling attackers to execute arbitrary commands. This issue specifically impacts users operating Firefox on certain Linux distributions, while other operating systems remain unaffected. Mozilla has identified affected versions, which include Firefox below version 112, Focus for Android below version 112, and Thunderbird below version 102.10, among others. Security measures are recommended for users on the affected platforms.",Mozilla,"Firefox,Focus for Android,Firefox ESR,Firefox for Android,Thunderbird",8.8,HIGH,0.002240000059828162,false,,false,false,false,,,false,false,,2023-06-02T00:00:00.000Z,0
CVE-2023-29543,https://securityvulnerability.io/vulnerability/CVE-2023-29543,Memory Corruption Vulnerability in Firefox and Focus for Android,"A vulnerability exists in Firefox and Focus for Android, where attackers could exploit a memory corruption flaw leading to a use-after-free condition in a global object's debugger vector. This issue impacts versions below 112 of both Firefox for Android and Focus for Android, potentially allowing attackers to execute arbitrary code.",Mozilla,"Firefox for Android,Firefox,Focus for Android",8.8,HIGH,0.001979999942705035,false,,false,false,false,,,false,false,,2023-06-02T00:00:00.000Z,0
CVE-2023-29544,https://securityvulnerability.io/vulnerability/CVE-2023-29544,Memory Corruption in Firefox and Focus for Android by Mozilla,"A resource exhaustion issue in Mozilla's Firefox and Focus for Android could lead to memory corruption when multiple instances occur simultaneously. This flaw might result in application crashes, compromising the stability and performance of these widely used applications. Users of affected versions are encouraged to update promptly to mitigate potential risks.",Mozilla,"Firefox for Android,Firefox,Focus for Android",6.5,MEDIUM,0.0008999999845400453,false,,false,false,false,,,false,false,,2023-06-02T00:00:00.000Z,0
CVE-2023-29547,https://securityvulnerability.io/vulnerability/CVE-2023-29547,Insecure Cookie Creation in Firefox and Focus for Android by Mozilla,A vulnerability in Firefox and Focus for Android allows for the creation of an insecure cookie when a secure cookie already exists for the same domain. This mishandling should have triggered a failure but instead results in potential desynchronization of cookie values. Affected versions include Firefox and Focus for Android prior to version 112.,Mozilla,"Firefox for Android,Firefox,Focus for Android",6.5,MEDIUM,0.0006500000017695129,false,,false,false,false,,,false,false,,2023-06-02T00:00:00.000Z,0
CVE-2023-29549,https://securityvulnerability.io/vulnerability/CVE-2023-29549,JavaScript Sandbox Vulnerability in Firefox and Focus by Mozilla,"A vulnerability has been identified where an incorrect call to the 'bind' function could lead to an improper realm assignment. This flaw may compromise the integrity of JavaScript-implemented sandboxes, such as those using Secure ECMAScript (SES). Affected are multiple versions of Firefox on Android and desktop, as well as the Focus browser for Android, prior to version 112. Users of these products are advised to apply the latest security updates to mitigate potential risks.",Mozilla,"Firefox for Android,Firefox,Focus for Android",6.5,MEDIUM,0.0006500000017695129,false,,false,false,false,,,false,false,,2023-06-02T00:00:00.000Z,0
CVE-2023-29550,https://securityvulnerability.io/vulnerability/CVE-2023-29550,Memory Safety Issues in Firefox and Thunderbird Products by Mozilla,"The identified vulnerability pertains to memory safety flaws in multiple versions of Firefox and Thunderbird. These bugs have shown signs of memory corruption, which suggests that with sufficient effort, they could potentially be exploited to execute arbitrary code. This raises significant concerns for the security integrity of users relying on these applications.",Mozilla,"Firefox,Focus for Android,Firefox ESR,Firefox for Android,Thunderbird",8.8,HIGH,0.0019099999917671084,false,,false,false,false,,,false,false,,2023-06-02T00:00:00.000Z,0
CVE-2023-29533,https://securityvulnerability.io/vulnerability/CVE-2023-29533,User Confusion and Spoofing Risks in Firefox and Thunderbird,"A combination of specific JavaScript functionalities, including <code>window.open</code>, fullscreen requests, and <code>setInterval</code> methods, could allow a website to obscure fullscreen notifications. This security flaw may lead to user confusion, raising concerns about potential spoofing attacks. Affected versions include select releases of Firefox and Thunderbird prior to version 112 and 102.10 respectively.",Mozilla,"Firefox,Focus for Android,Firefox ESR,Firefox for Android,Thunderbird",4.3,MEDIUM,0.0009800000116229057,false,,false,false,false,,,false,false,,2023-06-02T00:00:00.000Z,0
CVE-2023-29536,https://securityvulnerability.io/vulnerability/CVE-2023-29536,Memory Management Flaw in Mozilla Products,"A critical flaw in Mozilla's memory management mechanism allows an attacker to control specific memory areas, leading to potential crashes or memory corruption. This vulnerability affects various versions of Firefox, Thunderbird, and Focus for Android, enabling an attacker to manipulate the memory manager in a way that could result in instability or exploitation upon triggering the flaw.",Mozilla,"Firefox,Focus for Android,Firefox ESR,Firefox for Android,Thunderbird",8.8,HIGH,0.0021299999207258224,false,,false,false,false,,,false,false,,2023-06-02T00:00:00.000Z,0
CVE-2023-29539,https://securityvulnerability.io/vulnerability/CVE-2023-29539,Filename Handling Flaw in Mozilla Products Exposes Users to Security Risks,"A vulnerability exists in various Mozilla products related to the handling of the filename directive within the Content-Disposition header. If a filename contains a NULL character, it is truncated, which may lead to reflected file download attacks. This could potentially deceive users into unknowingly installing malicious software. Users of affected versions of Firefox, Thunderbird, and Focus for Android should be aware of this security concern and take necessary precautions.",Mozilla,"Firefox,Focus for Android,Firefox ESR,Firefox for Android,Thunderbird",8.8,HIGH,0.019519999623298645,false,,false,false,false,,,false,false,,2023-06-02T00:00:00.000Z,0
CVE-2023-29548,https://securityvulnerability.io/vulnerability/CVE-2023-29548,Optimization Flaw in Firefox and Thunderbird by Mozilla,"This vulnerability stems from an incorrect lowering instruction within the ARM64 Ion compiler used in Mozilla's Firefox and Thunderbird products. The issue leads to faulty optimization results, which could potentially allow an attacker to exploit the affected applications. Users of Firefox versions below 112, Thunderbird versions below 102.10, and their mobile counterparts should take urgent measures to update their software to the latest versions to mitigate risk.",Mozilla,"Firefox,Focus for Android,Firefox ESR,Firefox for Android,Thunderbird",6.5,MEDIUM,0.0008099999977275729,false,,false,false,false,,,false,false,,2023-06-02T00:00:00.000Z,0
CVE-2022-1529,https://securityvulnerability.io/vulnerability/CVE-2022-1529,Prototype Pollution Vulnerability in Firefox ESR and Thunderbird by Mozilla,"A vulnerability exists in Mozilla's Firefox ESR, Firefox for Android, and Thunderbird products that allows an attacker to send specially crafted messages to the parent process. This can lead to double-indexing within a JavaScript object, resulting in prototype pollution. Consequently, this may enable attackers to execute arbitrary JavaScript code in the context of the privileged parent process, posing significant security risks to users.",Mozilla,"Firefox Esr,Firefox,Firefox For Android,Thunderbird",8.8,HIGH,0.016979999840259552,false,,false,false,false,,,false,false,,2022-12-22T00:00:00.000Z,0
CVE-2022-1802,https://securityvulnerability.io/vulnerability/CVE-2022-1802,Prototype Pollution Vulnerability in Mozilla Firefox and Thunderbird,"A security vulnerability exists in Mozilla Firefox and Thunderbird that allows an attacker to manipulate the methods of an Array object in JavaScript through prototype pollution. This manipulation could enable the execution of malicious JavaScript code in a privileged context, putting user data and security at risk. This affects specific versions of Firefox and Thunderbird, including Firefox ESR, Firefox for Android, and Thunderbird, requiring users to update to safer versions to mitigate potential exploitation.",Mozilla,"Firefox Esr,Firefox,Firefox For Android,Thunderbird",8.8,HIGH,0.019750000908970833,false,,false,false,true,2022-08-20T03:01:30.000Z,true,false,false,,2022-12-22T00:00:00.000Z,0
CVE-2022-26485,https://securityvulnerability.io/vulnerability/CVE-2022-26485,XSLT Parameter Removal Vulnerability in Mozilla Firefox and Thunderbird,"A flaw in Mozilla Firefox and Thunderbird arises from improper handling of XSLT parameters, which could allow for an exploitable use-after-free condition. Various versions of Firefox, including those on Android, as well as Thunderbirds prior to specified versions, are susceptible. Reports indicate active exploitation of this vulnerability, emphasizing the importance of timely updates and security measures.",Mozilla,"Firefox,Firefox Esr,Firefox For Android,Thunderbird,Focus",8.8,HIGH,0.022520000115036964,true,2022-03-07T00:00:00.000Z,false,false,true,2022-03-07T00:00:00.000Z,true,false,false,,2022-12-22T00:00:00.000Z,0
CVE-2022-26486,https://securityvulnerability.io/vulnerability/CVE-2022-26486,Use-After-Free Vulnerability in Mozilla Products,"A flaw within the WebGPU IPC framework in Mozilla products can cause unexpected message handling leading to a use-after-free situation. This vulnerability has been reported to result in exploitable sandbox escapes, raising concerns as it potentially allows attackers to execute malicious code outside the intended security boundaries. Users of affected versions of Firefox, Thunderbird, and other Mozilla products should update to the latest versions to mitigate this risk.",Mozilla,"Firefox,Firefox Esr,Firefox For Android,Thunderbird,Focus",9.6,CRITICAL,0.014929999597370625,true,2022-03-07T00:00:00.000Z,false,false,true,2022-03-07T00:00:00.000Z,,false,false,,2022-12-22T00:00:00.000Z,0
CVE-2021-29952,https://securityvulnerability.io/vulnerability/CVE-2021-29952,,"When Web Render components were destructed, a race condition could have caused undefined behavior, and we presume that with enough effort may have been exploitable to run arbitrary code. This vulnerability affects Firefox < 88.0.1 and Firefox for Android < 88.1.3.",Mozilla,"Firefox,Firefox For Android",7.5,HIGH,0.002199999988079071,false,,false,false,false,,,false,false,,2021-06-24T13:18:33.000Z,0
CVE-2021-29953,https://securityvulnerability.io/vulnerability/CVE-2021-29953,,"A malicious webpage could have forced a Firefox for Android user into executing attacker-controlled JavaScript in the context of another domain, resulting in a Universal Cross-Site Scripting vulnerability. *Note: This issue only affected Firefox for Android. Other operating systems are unaffected. Further details are being temporarily withheld to allow users an opportunity to update.*. This vulnerability affects Firefox < 88.0.1 and Firefox for Android < 88.1.3.",Mozilla,"Firefox,Firefox For Android",6.1,MEDIUM,0.0007399999885819852,false,,false,false,false,,,false,false,,2021-06-24T13:17:57.000Z,0
CVE-2020-6829,https://securityvulnerability.io/vulnerability/CVE-2020-6829,,"When performing EC scalar point multiplication, the wNAF point multiplication algorithm was used; which leaked partial information about the nonce used during signature generation. Given an electro-magnetic trace of a few signature generations, the private key could have been computed. This vulnerability affects Firefox < 80 and Firefox for Android < 80.",Mozilla,"Firefox,Firefox For Android",5.3,MEDIUM,0.0019199999514967203,false,,false,false,false,,,false,false,,2020-10-28T00:00:00.000Z,0