cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2024-10474,https://securityvulnerability.io/vulnerability/CVE-2024-10474,Second-Order Alert: Incorrectly Allowing Internal Links to Utilize App Scheme for Deeplinking Could Bypass URL Safety Checks,"A security issue has been identified in Focus for iOS where the application incorrectly permits internal links to use the app scheme designated for deep linking. This misconfiguration can lead to the circumvention of established URL safety checks, potentially leaving users exposed to security risks if malicious content is linked. The affected versions of Focus are those below 132, indicating a need for immediate updates to ensure secure handling of internal links.",Mozilla,Focus For iOS,6.5,MEDIUM,0.0004799999878741801,false,,false,false,false,,,false,false,,2024-10-29T12:19:20.120Z,0
CVE-2024-8399,https://securityvulnerability.io/vulnerability/CVE-2024-8399,URL Spoofing Vulnerability in Focus for iOS by Mozilla,"A vulnerability has been identified in Focus for iOS that allows malicious websites to exploit JavaScript links to manipulate the URL displayed in the Focus navigation bar. This misrepresentation can lead users to believe they are navigating to a trusted site, while they are actually being directed to a potentially harmful domain. This issue affects versions of Focus for iOS prior to 130, highlighting the need for users to update to the latest version to mitigate the risk associated with this vulnerability.",Mozilla,Firefox Focus,4.7,MEDIUM,0.0004600000102072954,false,,false,false,false,,,false,false,,2024-09-03T20:15:00.000Z,0
CVE-2024-1563,https://securityvulnerability.io/vulnerability/CVE-2024-1563,Unauthorized Script Execution Vulnerability in Focus for iOS,"This vulnerability allows an attacker to execute unauthorized scripts on top origin sites by manipulating a JavaScript URI when opening an external URL via a custom Firefox scheme and leveraging a timeout race condition. The flaw predominantly affects Focus for iOS versions prior to 122, posing significant security concerns for users.",Mozilla,Focus For Ios,8.1,HIGH,0.0010499999625608325,false,,false,false,false,,,false,false,,2024-02-22T14:56:42.888Z,0
CVE-2024-26284,https://securityvulnerability.io/vulnerability/CVE-2024-26284,Universal Cross-Site Scripting (UXSS) Vulnerability Affects Focus for iOS Prior to Version 123,"Utilizing a 302 redirect, an attacker could have conducted a Universal Cross-Site Scripting (UXSS) on a victim website, if the victim had a link to the attacker's website. This vulnerability affects Focus for iOS < 123.",Mozilla,Focus For iOS,6.1,MEDIUM,0.0005300000193528831,false,,false,false,false,,,false,false,,2024-02-22T14:56:42.004Z,0
CVE-2024-0606,https://securityvulnerability.io/vulnerability/CVE-2024-0606,Unauthorized Script Execution Vulnerability in Focus for iOS by Mozilla,"A security flaw in Focus for iOS allows attackers to execute unauthorized scripts on legitimate sites by leveraging window.open() in connection with JavaScript URIs. This exploitation can lead to unauthorized actions on the user's webpage, potentially compromising user data and privacy. The affected versions include all versions prior to 122, necessitating users to update to ensure robust security against such attacks.",Mozilla,Focus for iOS,6.1,MEDIUM,0.0006300000241026282,false,,false,false,false,,,false,false,,2024-01-22T18:23:25.606Z,0
CVE-2024-0605,https://securityvulnerability.io/vulnerability/CVE-2024-0605,Race Condition Vulnerability in Focus for iOS by Mozilla,"A vulnerability in Focus for iOS allows attackers to exploit a race condition involving a javascript: URI and a setTimeout function. This exploitation can lead to unauthorized script execution on top origin sites in the URL bar, effectively bypassing existing security measures. As a result, attackers can gain the ability to execute arbitrary code or perform unauthorized actions on the user's webpage. This poses significant risks to user data integrity and web security for users running the affected versions of Focus for iOS.",Mozilla,Focus for iOS,7.5,HIGH,0.00203999993391335,false,,false,false,false,,,false,false,,2024-01-22T18:23:24.614Z,0
CVE-2023-29534,https://securityvulnerability.io/vulnerability/CVE-2023-29534,Fullscreen Notification Obfuscation in Firefox and Focus for Android,"This vulnerability involves various techniques that could obscure the fullscreen notification in the Firefox browser and Focus app for Android. Such obfuscation can result in potential user confusion, making them susceptible to spoofing attacks. It specifically affects versions of Firefox for Android and Focus for Android that are below version 112, posing risks as users may misinterpret the legitimacy of notifications presented to them.",Mozilla,"Firefox For Android,Focus For Android",9.1,CRITICAL,0.0037799999117851257,false,,false,false,false,,,false,false,,2023-06-19T11:15:00.000Z,0
CVE-2023-29546,https://securityvulnerability.io/vulnerability/CVE-2023-29546,Information Disclosure in Firefox for Android by Mozilla,"A vulnerability in Firefox for Android and Focus for Android allows for the leakage of sensitive information when users record their screen while in Private Browsing mode. Specifically, the address bar and keyboard are not hidden during screen recording, potentially exposing personal data to unauthorized viewers. This issue affects versions prior to 112 and has not been reported on other operating systems.",Mozilla,"Firefox For Android,Focus For Android",6.5,MEDIUM,0.0017500000540167093,false,,false,false,false,,,false,false,,2023-06-19T11:15:00.000Z,0
CVE-2023-29547,https://securityvulnerability.io/vulnerability/CVE-2023-29547,Insecure Cookie Creation in Firefox and Focus for Android by Mozilla,A vulnerability in Firefox and Focus for Android allows for the creation of an insecure cookie when a secure cookie already exists for the same domain. This mishandling should have triggered a failure but instead results in potential desynchronization of cookie values. Affected versions include Firefox and Focus for Android prior to version 112.,Mozilla,"Firefox for Android,Firefox,Focus for Android",6.5,MEDIUM,0.0006500000017695129,false,,false,false,false,,,false,false,,2023-06-02T00:00:00.000Z,0
CVE-2023-29550,https://securityvulnerability.io/vulnerability/CVE-2023-29550,Memory Safety Issues in Firefox and Thunderbird Products by Mozilla,"The identified vulnerability pertains to memory safety flaws in multiple versions of Firefox and Thunderbird. These bugs have shown signs of memory corruption, which suggests that with sufficient effort, they could potentially be exploited to execute arbitrary code. This raises significant concerns for the security integrity of users relying on these applications.",Mozilla,"Firefox,Focus for Android,Firefox ESR,Firefox for Android,Thunderbird",8.8,HIGH,0.0019099999917671084,false,,false,false,false,,,false,false,,2023-06-02T00:00:00.000Z,0
CVE-2023-29533,https://securityvulnerability.io/vulnerability/CVE-2023-29533,User Confusion and Spoofing Risks in Firefox and Thunderbird,"A combination of specific JavaScript functionalities, including <code>window.open</code>, fullscreen requests, and <code>setInterval</code> methods, could allow a website to obscure fullscreen notifications. This security flaw may lead to user confusion, raising concerns about potential spoofing attacks. Affected versions include select releases of Firefox and Thunderbird prior to version 112 and 102.10 respectively.",Mozilla,"Firefox,Focus for Android,Firefox ESR,Firefox for Android,Thunderbird",4.3,MEDIUM,0.0009800000116229057,false,,false,false,false,,,false,false,,2023-06-02T00:00:00.000Z,0
CVE-2023-29536,https://securityvulnerability.io/vulnerability/CVE-2023-29536,Memory Management Flaw in Mozilla Products,"A critical flaw in Mozilla's memory management mechanism allows an attacker to control specific memory areas, leading to potential crashes or memory corruption. This vulnerability affects various versions of Firefox, Thunderbird, and Focus for Android, enabling an attacker to manipulate the memory manager in a way that could result in instability or exploitation upon triggering the flaw.",Mozilla,"Firefox,Focus for Android,Firefox ESR,Firefox for Android,Thunderbird",8.8,HIGH,0.0021299999207258224,false,,false,false,false,,,false,false,,2023-06-02T00:00:00.000Z,0
CVE-2023-29539,https://securityvulnerability.io/vulnerability/CVE-2023-29539,Filename Handling Flaw in Mozilla Products Exposes Users to Security Risks,"A vulnerability exists in various Mozilla products related to the handling of the filename directive within the Content-Disposition header. If a filename contains a NULL character, it is truncated, which may lead to reflected file download attacks. This could potentially deceive users into unknowingly installing malicious software. Users of affected versions of Firefox, Thunderbird, and Focus for Android should be aware of this security concern and take necessary precautions.",Mozilla,"Firefox,Focus for Android,Firefox ESR,Firefox for Android,Thunderbird",8.8,HIGH,0.019519999623298645,false,,false,false,false,,,false,false,,2023-06-02T00:00:00.000Z,0
CVE-2023-29548,https://securityvulnerability.io/vulnerability/CVE-2023-29548,Optimization Flaw in Firefox and Thunderbird by Mozilla,"This vulnerability stems from an incorrect lowering instruction within the ARM64 Ion compiler used in Mozilla's Firefox and Thunderbird products. The issue leads to faulty optimization results, which could potentially allow an attacker to exploit the affected applications. Users of Firefox versions below 112, Thunderbird versions below 102.10, and their mobile counterparts should take urgent measures to update their software to the latest versions to mitigate risk.",Mozilla,"Firefox,Focus for Android,Firefox ESR,Firefox for Android,Thunderbird",6.5,MEDIUM,0.0008099999977275729,false,,false,false,false,,,false,false,,2023-06-02T00:00:00.000Z,0
CVE-2023-29551,https://securityvulnerability.io/vulnerability/CVE-2023-29551,Memory Safety Issues in Firefox and Focus for Android by Mozilla,"The vulnerability in Firefox and Focus for Android stems from specific memory safety flaws that have been identified in versions prior to 112. These flaws indicate potential memory corruption, which, if exploited, may allow an attacker to execute arbitrary code on the affected devices. Users of these browsers are advised to update promptly to mitigate the risks associated with these vulnerabilities.",Mozilla,"Firefox for Android,Firefox,Focus for Android",8.8,HIGH,0.001979999942705035,false,,false,false,false,,,false,false,,2023-06-02T00:00:00.000Z,0
CVE-2023-29549,https://securityvulnerability.io/vulnerability/CVE-2023-29549,JavaScript Sandbox Vulnerability in Firefox and Focus by Mozilla,"A vulnerability has been identified where an incorrect call to the 'bind' function could lead to an improper realm assignment. This flaw may compromise the integrity of JavaScript-implemented sandboxes, such as those using Secure ECMAScript (SES). Affected are multiple versions of Firefox on Android and desktop, as well as the Focus browser for Android, prior to version 112. Users of these products are advised to apply the latest security updates to mitigate potential risks.",Mozilla,"Firefox for Android,Firefox,Focus for Android",6.5,MEDIUM,0.0006500000017695129,false,,false,false,false,,,false,false,,2023-06-02T00:00:00.000Z,0
CVE-2023-29535,https://securityvulnerability.io/vulnerability/CVE-2023-29535,Memory Corruption Vulnerability in Mozilla Products,"This vulnerability arises from a flaw during Garbage Collector compaction, where weak maps could be accessed before proper tracing was executed. Such a scenario leads to potential memory corruption, which can cause crashes and might be leveraged for exploitation. The affected versions include Firefox, Focus for Android, and Thunderbird, all of which may expose users to security risks.",Mozilla,"Firefox,Focus for Android,Firefox ESR,Firefox for Android,Thunderbird",6.5,MEDIUM,0.001610000035725534,false,,false,false,false,,,false,false,,2023-06-02T00:00:00.000Z,0
CVE-2023-29537,https://securityvulnerability.io/vulnerability/CVE-2023-29537,Multiple Race Conditions in Firefox and Focus Products by Mozilla,"This vulnerability arises from multiple race conditions during font initialization processes in Mozilla's Firefox and Focus applications. Attackers may exploit these race conditions to corrupt memory, potentially allowing the execution of arbitrary code under the control of the attacker. The affected versions include Firefox for Android and Focus for Android, which are vulnerable to these exploitation methods if not updated.",Mozilla,"Firefox for Android,Firefox,Focus for Android",7.5,HIGH,0.003719999920576811,false,,false,false,false,,,false,false,,2023-06-02T00:00:00.000Z,0
CVE-2023-29538,https://securityvulnerability.io/vulnerability/CVE-2023-29538,Directory Path Exposure in Firefox and Focus for Android by Mozilla,"A vulnerability in Mozilla's Firefox and Focus for Android allows a WebExtension to receive a jar:file:/// URI instead of the intended moz-extension:/// URI during load requests. This issue can lead to the unintentional exposure of directory paths stored on the user's device, which poses risks related to user privacy and system integrity. The vulnerability is relevant to specific versions of Firefox for Android, Firefox, and Focus for Android prior to version 112.",Mozilla,"Firefox for Android,Firefox,Focus for Android",4.3,MEDIUM,0.0006399999838322401,false,,false,false,false,,,false,false,,2023-06-02T00:00:00.000Z,0
CVE-2023-29540,https://securityvulnerability.io/vulnerability/CVE-2023-29540,External Protocol Navigation Vulnerability in Firefox and Focus Apps,"A vulnerability in the Firefox web browser and Focus application can be exploited through a redirect embedded in sourceMappingUrls. This flaw allows navigation to external protocol links within sandboxed iframes, bypassing the restriction implemented by the 'allow-top-navigation-to-custom-protocols' setting. The issue affects various versions of Firefox for Android and Focus for Android below version 112, presenting significant security concerns for users of these applications.",Mozilla,"Firefox for Android,Firefox,Focus for Android",6.1,MEDIUM,0.0006399999838322401,false,,false,false,false,,,false,false,,2023-06-02T00:00:00.000Z,0
CVE-2023-29541,https://securityvulnerability.io/vulnerability/CVE-2023-29541,File Handling Vulnerability in Firefox for Linux Distributions,"A vulnerability in Firefox allows for improper handling of downloads of files with the .desktop extension, potentially enabling attackers to execute arbitrary commands. This issue specifically impacts users operating Firefox on certain Linux distributions, while other operating systems remain unaffected. Mozilla has identified affected versions, which include Firefox below version 112, Focus for Android below version 112, and Thunderbird below version 102.10, among others. Security measures are recommended for users on the affected platforms.",Mozilla,"Firefox,Focus for Android,Firefox ESR,Firefox for Android,Thunderbird",8.8,HIGH,0.002240000059828162,false,,false,false,false,,,false,false,,2023-06-02T00:00:00.000Z,0
CVE-2023-29543,https://securityvulnerability.io/vulnerability/CVE-2023-29543,Memory Corruption Vulnerability in Firefox and Focus for Android,"A vulnerability exists in Firefox and Focus for Android, where attackers could exploit a memory corruption flaw leading to a use-after-free condition in a global object's debugger vector. This issue impacts versions below 112 of both Firefox for Android and Focus for Android, potentially allowing attackers to execute arbitrary code.",Mozilla,"Firefox for Android,Firefox,Focus for Android",8.8,HIGH,0.001979999942705035,false,,false,false,false,,,false,false,,2023-06-02T00:00:00.000Z,0
CVE-2023-29544,https://securityvulnerability.io/vulnerability/CVE-2023-29544,Memory Corruption in Firefox and Focus for Android by Mozilla,"A resource exhaustion issue in Mozilla's Firefox and Focus for Android could lead to memory corruption when multiple instances occur simultaneously. This flaw might result in application crashes, compromising the stability and performance of these widely used applications. Users of affected versions are encouraged to update promptly to mitigate potential risks.",Mozilla,"Firefox for Android,Firefox,Focus for Android",6.5,MEDIUM,0.0008999999845400453,false,,false,false,false,,,false,false,,2023-06-02T00:00:00.000Z,0
CVE-2022-26485,https://securityvulnerability.io/vulnerability/CVE-2022-26485,XSLT Parameter Removal Vulnerability in Mozilla Firefox and Thunderbird,"A flaw in Mozilla Firefox and Thunderbird arises from improper handling of XSLT parameters, which could allow for an exploitable use-after-free condition. Various versions of Firefox, including those on Android, as well as Thunderbirds prior to specified versions, are susceptible. Reports indicate active exploitation of this vulnerability, emphasizing the importance of timely updates and security measures.",Mozilla,"Firefox,Firefox Esr,Firefox For Android,Thunderbird,Focus",8.8,HIGH,0.022520000115036964,true,2022-03-07T00:00:00.000Z,false,false,true,2022-03-07T00:00:00.000Z,true,false,false,,2022-12-22T00:00:00.000Z,0
CVE-2022-26486,https://securityvulnerability.io/vulnerability/CVE-2022-26486,Use-After-Free Vulnerability in Mozilla Products,"A flaw within the WebGPU IPC framework in Mozilla products can cause unexpected message handling leading to a use-after-free situation. This vulnerability has been reported to result in exploitable sandbox escapes, raising concerns as it potentially allows attackers to execute malicious code outside the intended security boundaries. Users of affected versions of Firefox, Thunderbird, and other Mozilla products should update to the latest versions to mitigate this risk.",Mozilla,"Firefox,Firefox Esr,Firefox For Android,Thunderbird,Focus",9.6,CRITICAL,0.014929999597370625,true,2022-03-07T00:00:00.000Z,false,false,true,2022-03-07T00:00:00.000Z,,false,false,,2022-12-22T00:00:00.000Z,0