Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2023-29534

Summary
Assigner-mozilla
Assigner Org ID-f16b083a-5664-49f3-a51e-8d479e5ed7fe
Published At-19 Jun, 2023 | 10:11
Updated At-11 Dec, 2024 | 16:05
Rejected At-
Credits

Different techniques existed to obscure the fullscreen notification in Firefox and Focus for Android. These could have led to potential user confusion and spoofing attacks. *This bug only affects Firefox and Focus for Android. Other versions of Firefox are unaffected.* This vulnerability affects Firefox for Android < 112 and Focus for Android < 112.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mozilla
Assigner Org ID:f16b083a-5664-49f3-a51e-8d479e5ed7fe
Published At:19 Jun, 2023 | 10:11
Updated At:11 Dec, 2024 | 16:05
Rejected At:
▼CVE Numbering Authority (CNA)

Different techniques existed to obscure the fullscreen notification in Firefox and Focus for Android. These could have led to potential user confusion and spoofing attacks. *This bug only affects Firefox and Focus for Android. Other versions of Firefox are unaffected.* This vulnerability affects Firefox for Android < 112 and Focus for Android < 112.

Affected Products
Vendor
Mozilla CorporationMozilla
Product
Firefox for Android
Default Status
unaffected
Versions
Affected
  • From unspecified before 112 (custom)
Vendor
Mozilla CorporationMozilla
Product
Focus for Android
Default Status
unaffected
Versions
Affected
  • From unspecified before 112 (custom)
Problem Types
TypeCWE IDDescription
N/AN/AFullscreen notification could have been obscured on Firefox for Android
Type: N/A
CWE ID: N/A
Description: Fullscreen notification could have been obscured on Firefox for Android
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Shaheen Fazim and Hafiizh
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://bugzilla.mozilla.org/show_bug.cgi?id=1816007
N/A
https://bugzilla.mozilla.org/show_bug.cgi?id=1816059
N/A
https://bugzilla.mozilla.org/show_bug.cgi?id=1821155
N/A
https://bugzilla.mozilla.org/show_bug.cgi?id=1821576
N/A
https://bugzilla.mozilla.org/show_bug.cgi?id=1821906
N/A
https://bugzilla.mozilla.org/show_bug.cgi?id=1822298
N/A
https://bugzilla.mozilla.org/show_bug.cgi?id=1822305
N/A
https://www.mozilla.org/security/advisories/mfsa2023-13/
N/A
Hyperlink: https://bugzilla.mozilla.org/show_bug.cgi?id=1816007
Resource: N/A
Hyperlink: https://bugzilla.mozilla.org/show_bug.cgi?id=1816059
Resource: N/A
Hyperlink: https://bugzilla.mozilla.org/show_bug.cgi?id=1821155
Resource: N/A
Hyperlink: https://bugzilla.mozilla.org/show_bug.cgi?id=1821576
Resource: N/A
Hyperlink: https://bugzilla.mozilla.org/show_bug.cgi?id=1821906
Resource: N/A
Hyperlink: https://bugzilla.mozilla.org/show_bug.cgi?id=1822298
Resource: N/A
Hyperlink: https://bugzilla.mozilla.org/show_bug.cgi?id=1822305
Resource: N/A
Hyperlink: https://www.mozilla.org/security/advisories/mfsa2023-13/
Resource: N/A
▼Authorized Data Publishers (ADP)
1. CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://bugzilla.mozilla.org/show_bug.cgi?id=1816007
x_transferred
https://bugzilla.mozilla.org/show_bug.cgi?id=1816059
x_transferred
https://bugzilla.mozilla.org/show_bug.cgi?id=1821155
x_transferred
https://bugzilla.mozilla.org/show_bug.cgi?id=1821576
x_transferred
https://bugzilla.mozilla.org/show_bug.cgi?id=1821906
x_transferred
https://bugzilla.mozilla.org/show_bug.cgi?id=1822298
x_transferred
https://bugzilla.mozilla.org/show_bug.cgi?id=1822305
x_transferred
https://www.mozilla.org/security/advisories/mfsa2023-13/
x_transferred
Hyperlink: https://bugzilla.mozilla.org/show_bug.cgi?id=1816007
Resource:
x_transferred
Hyperlink: https://bugzilla.mozilla.org/show_bug.cgi?id=1816059
Resource:
x_transferred
Hyperlink: https://bugzilla.mozilla.org/show_bug.cgi?id=1821155
Resource:
x_transferred
Hyperlink: https://bugzilla.mozilla.org/show_bug.cgi?id=1821576
Resource:
x_transferred
Hyperlink: https://bugzilla.mozilla.org/show_bug.cgi?id=1821906
Resource:
x_transferred
Hyperlink: https://bugzilla.mozilla.org/show_bug.cgi?id=1822298
Resource:
x_transferred
Hyperlink: https://bugzilla.mozilla.org/show_bug.cgi?id=1822305
Resource:
x_transferred
Hyperlink: https://www.mozilla.org/security/advisories/mfsa2023-13/
Resource:
x_transferred
2. CISA ADP Vulnrichment
Affected Products
Problem Types
TypeCWE IDDescription
CWECWE-noinfoCWE-noinfo Not enough information
Type: CWE
CWE ID: CWE-noinfo
Description: CWE-noinfo Not enough information
Metrics
VersionBase scoreBase severityVector
3.19.1CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Version: 3.1
Base score: 9.1
Base severity: CRITICAL
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:security@mozilla.org
Published At:19 Jun, 2023 | 11:15
Updated At:11 Dec, 2024 | 16:15

Different techniques existed to obscure the fullscreen notification in Firefox and Focus for Android. These could have led to potential user confusion and spoofing attacks. *This bug only affects Firefox and Focus for Android. Other versions of Firefox are unaffected.* This vulnerability affects Firefox for Android < 112 and Focus for Android < 112.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.19.1CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Secondary3.19.1CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Type: Primary
Version: 3.1
Base score: 9.1
Base severity: CRITICAL
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Type: Secondary
Version: 3.1
Base score: 9.1
Base severity: CRITICAL
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
CPE Matches
Mozilla Corporation
mozilla
>>firefox>>Versions before 112.0(exclusive)
cpe:2.3:a:mozilla:firefox:*:*:*:*:*:android:*:*
Mozilla Corporation
mozilla
>>firefox_focus>>Versions before 112.0(exclusive)
cpe:2.3:a:mozilla:firefox_focus:*:*:*:*:*:android:*:*
Weaknesses
CWE IDTypeSource
NVD-CWE-noinfoPrimarynvd@nist.gov
CWE ID: NVD-CWE-noinfo
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://bugzilla.mozilla.org/show_bug.cgi?id=1816007security@mozilla.org
Permissions Required
https://bugzilla.mozilla.org/show_bug.cgi?id=1816059security@mozilla.org
Permissions Required
https://bugzilla.mozilla.org/show_bug.cgi?id=1821155security@mozilla.org
Permissions Required
https://bugzilla.mozilla.org/show_bug.cgi?id=1821576security@mozilla.org
Permissions Required
https://bugzilla.mozilla.org/show_bug.cgi?id=1821906security@mozilla.org
Permissions Required
https://bugzilla.mozilla.org/show_bug.cgi?id=1822298security@mozilla.org
Permissions Required
https://bugzilla.mozilla.org/show_bug.cgi?id=1822305security@mozilla.org
Permissions Required
https://www.mozilla.org/security/advisories/mfsa2023-13/security@mozilla.org
Vendor Advisory
https://bugzilla.mozilla.org/show_bug.cgi?id=1816007af854a3a-2127-422b-91ae-364da2661108
Permissions Required
https://bugzilla.mozilla.org/show_bug.cgi?id=1816059af854a3a-2127-422b-91ae-364da2661108
Permissions Required
https://bugzilla.mozilla.org/show_bug.cgi?id=1821155af854a3a-2127-422b-91ae-364da2661108
Permissions Required
https://bugzilla.mozilla.org/show_bug.cgi?id=1821576af854a3a-2127-422b-91ae-364da2661108
Permissions Required
https://bugzilla.mozilla.org/show_bug.cgi?id=1821906af854a3a-2127-422b-91ae-364da2661108
Permissions Required
https://bugzilla.mozilla.org/show_bug.cgi?id=1822298af854a3a-2127-422b-91ae-364da2661108
Permissions Required
https://bugzilla.mozilla.org/show_bug.cgi?id=1822305af854a3a-2127-422b-91ae-364da2661108
Permissions Required
https://www.mozilla.org/security/advisories/mfsa2023-13/af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Hyperlink: https://bugzilla.mozilla.org/show_bug.cgi?id=1816007
Source: security@mozilla.org
Resource:
Permissions Required
Hyperlink: https://bugzilla.mozilla.org/show_bug.cgi?id=1816059
Source: security@mozilla.org
Resource:
Permissions Required
Hyperlink: https://bugzilla.mozilla.org/show_bug.cgi?id=1821155
Source: security@mozilla.org
Resource:
Permissions Required
Hyperlink: https://bugzilla.mozilla.org/show_bug.cgi?id=1821576
Source: security@mozilla.org
Resource:
Permissions Required
Hyperlink: https://bugzilla.mozilla.org/show_bug.cgi?id=1821906
Source: security@mozilla.org
Resource:
Permissions Required
Hyperlink: https://bugzilla.mozilla.org/show_bug.cgi?id=1822298
Source: security@mozilla.org
Resource:
Permissions Required
Hyperlink: https://bugzilla.mozilla.org/show_bug.cgi?id=1822305
Source: security@mozilla.org
Resource:
Permissions Required
Hyperlink: https://www.mozilla.org/security/advisories/mfsa2023-13/
Source: security@mozilla.org
Resource:
Vendor Advisory
Hyperlink: https://bugzilla.mozilla.org/show_bug.cgi?id=1816007
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Permissions Required
Hyperlink: https://bugzilla.mozilla.org/show_bug.cgi?id=1816059
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Permissions Required
Hyperlink: https://bugzilla.mozilla.org/show_bug.cgi?id=1821155
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Permissions Required
Hyperlink: https://bugzilla.mozilla.org/show_bug.cgi?id=1821576
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Permissions Required
Hyperlink: https://bugzilla.mozilla.org/show_bug.cgi?id=1821906
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Permissions Required
Hyperlink: https://bugzilla.mozilla.org/show_bug.cgi?id=1822298
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Permissions Required
Hyperlink: https://bugzilla.mozilla.org/show_bug.cgi?id=1822305
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Permissions Required
Hyperlink: https://www.mozilla.org/security/advisories/mfsa2023-13/
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

27Records found
CVE-2025-8037
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-9.1||CRITICAL
EPSS-0.02% / 3.48%
||
7 Day CHG~0.00%
Published-22 Jul, 2025 | 20:49
Updated-28 Jul, 2025 | 18:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Setting a nameless cookie with an equals sign in the value shadowed other cookies. Even if the nameless cookie was set over HTTP and the shadowed cookie included the `Secure` attribute. This vulnerability affects Firefox < 141, Firefox ESR < 140.1, Thunderbird < 141, and Thunderbird < 140.1.

Action-Not Available
Vendor-Mozilla Corporation
Product-firefoxthunderbirdFirefoxThunderbirdFirefox ESR
CWE ID-CWE-614
Sensitive Cookie in HTTPS Session Without 'Secure' Attribute
CVE-2025-6427
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-9.1||CRITICAL
EPSS-0.06% / 17.66%
||
7 Day CHG~0.00%
Published-24 Jun, 2025 | 12:28
Updated-14 Jul, 2025 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An attacker was able to bypass the `connect-src` directive of a Content Security Policy by manipulating subdocuments. This would have also hidden the connections from the Network tab in Devtools. This vulnerability affects Firefox < 140 and Thunderbird < 140.

Action-Not Available
Vendor-Mozilla Corporation
Product-firefoxFirefoxThunderbird
CWE ID-CWE-693
Protection Mechanism Failure
CVE-2025-54145
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-9.1||CRITICAL
EPSS-0.04% / 10.21%
||
7 Day CHG~0.00%
Published-19 Aug, 2025 | 20:52
Updated-21 Aug, 2025 | 18:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The QR scanner could allow arbitrary websites to be opened if a user was tricked into scanning a malicious link that leveraged Firefox's open-text URL scheme This vulnerability affects Firefox for iOS < 141.

Action-Not Available
Vendor-Mozilla Corporation
Product-firefoxFirefox for iOS
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CVE-2024-10474
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-9.1||CRITICAL
EPSS-0.10% / 27.75%
||
7 Day CHG+0.01%
Published-29 Oct, 2024 | 12:19
Updated-13 Mar, 2025 | 20:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Focus was incorrectly allowing internal links to utilize the app scheme used for deeplinking, which could result in links potentially circumventing some URL safety checks This vulnerability affects Focus for iOS < 132.

Action-Not Available
Vendor-Mozilla Corporation
Product-firefox_focusFocus for iOSfocus_for_ios
CWE ID-CWE-287
Improper Authentication
CVE-2024-10004
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-9.1||CRITICAL
EPSS-0.14% / 34.90%
||
7 Day CHG~0.00%
Published-15 Oct, 2024 | 21:29
Updated-04 Apr, 2025 | 14:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Opening an external link to an HTTP website when Firefox iOS was previously closed and had an HTTPS tab open could in some cases result in the padlock icon showing an HTTPS indicator incorrectly This vulnerability affects Firefox for iOS < 131.2.

Action-Not Available
Vendor-Mozilla Corporation
Product-firefoxFirefox for iOSfirefox
CWE ID-CWE-1021
Improper Restriction of Rendered UI Layers or Frames
CVE-2025-4083
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-9.1||CRITICAL
EPSS-0.06% / 17.11%
||
7 Day CHG~0.00%
Published-29 Apr, 2025 | 13:13
Updated-09 May, 2025 | 19:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A process isolation vulnerability in Thunderbird stemmed from improper handling of javascript: URIs, which could allow content to execute in the top-level document's process instead of the intended frame, potentially enabling a sandbox escape. This vulnerability affects Firefox < 138, Firefox ESR < 128.10, Firefox ESR < 115.23, Thunderbird < 138, and Thunderbird < 128.10.

Action-Not Available
Vendor-Mozilla Corporation
Product-firefoxthunderbirdFirefoxFirefox ESRThunderbird
CWE ID-CWE-653
Improper Isolation or Compartmentalization
CVE-2025-1941
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-9.1||CRITICAL
EPSS-0.21% / 43.37%
||
7 Day CHG~0.00%
Published-04 Mar, 2025 | 13:31
Updated-28 Mar, 2025 | 20:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Under certain circumstances, a user opt-in setting that Focus should require authentication before use could have been be bypassed (distinct from CVE-2025-0245). This vulnerability affects Firefox < 136.

Action-Not Available
Vendor-Mozilla Corporation
Product-firefoxFirefox
CWE ID-CWE-284
Improper Access Control
CVE-2024-7525
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-9.1||CRITICAL
EPSS-0.17% / 38.34%
||
7 Day CHG~0.00%
Published-06 Aug, 2024 | 12:38
Updated-12 Aug, 2024 | 16:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

It was possible for a web extension with minimal permissions to create a `StreamFilter` which could be used to read and modify the response body of requests on any site. This vulnerability affects Firefox < 129, Firefox ESR < 115.14, Firefox ESR < 128.1, Thunderbird < 128.1, and Thunderbird < 115.14.

Action-Not Available
Vendor-Mozilla Corporation
Product-firefoxthunderbirdfirefox_esrFirefoxFirefox ESRThunderbirdfirefoxfirefox_esr
CWE ID-CWE-284
Improper Access Control
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2024-2606
Matching Score-6
Assigner-Mozilla Corporation
ShareView Details
Matching Score-6
Assigner-Mozilla Corporation
CVSS Score-3.7||LOW
EPSS-0.22% / 44.71%
||
7 Day CHG~0.00%
Published-19 Mar, 2024 | 12:02
Updated-01 Apr, 2025 | 17:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Passing invalid data could have led to invalid wasm values being created, such as arbitrary integers turning into pointer values. This vulnerability affects Firefox < 124.

Action-Not Available
Vendor-Mozilla Corporation
Product-firefoxFirefox
CWE ID-CWE-704
Incorrect Type Conversion or Cast
CVE-2024-11698
Matching Score-6
Assigner-Mozilla Corporation
ShareView Details
Matching Score-6
Assigner-Mozilla Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.53% / 66.17%
||
7 Day CHG+0.05%
Published-26 Nov, 2024 | 13:34
Updated-27 Nov, 2024 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A flaw in handling fullscreen transitions may have inadvertently caused the application to become stuck in fullscreen mode when a modal dialog was opened during the transition. This issue left users unable to exit fullscreen mode using standard actions like pressing "Esc" or accessing right-click menus, resulting in a disrupted browsing experience until the browser is restarted. *This bug only affects the application when running on macOS. Other operating systems are unaffected.* This vulnerability affects Firefox < 133, Firefox ESR < 128.5, Thunderbird < 133, and Thunderbird < 128.5.

Action-Not Available
Vendor-Mozilla Corporation
Product-FirefoxFirefox ESRThunderbirdfirefoxthunderbirdfirefox_esr
CVE-2024-11693
Matching Score-6
Assigner-Mozilla Corporation
ShareView Details
Matching Score-6
Assigner-Mozilla Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.50% / 64.78%
||
7 Day CHG+0.05%
Published-26 Nov, 2024 | 13:33
Updated-03 Apr, 2025 | 13:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The executable file warning was not presented when downloading .library-ms files. *Note: This issue only affected Windows operating systems. Other operating systems are unaffected.* This vulnerability affects Firefox < 133, Firefox ESR < 128.5, Thunderbird < 133, and Thunderbird < 128.5.

Action-Not Available
Vendor-Mozilla Corporation
Product-firefoxthunderbirdFirefoxFirefox ESRThunderbirdfirefoxthunderbirdfirefox_esr
CVE-2025-0246
Matching Score-6
Assigner-Mozilla Corporation
ShareView Details
Matching Score-6
Assigner-Mozilla Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.07% / 21.86%
||
7 Day CHG~0.00%
Published-07 Jan, 2025 | 16:07
Updated-03 Apr, 2025 | 16:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

When using an invalid protocol scheme, an attacker could spoof the address bar. *Note: This issue only affected Android operating systems. Other operating systems are unaffected.* *Note: This issue is a different issue from CVE-2025-0244. This vulnerability affects Firefox < 134.

Action-Not Available
Vendor-Google LLCMozilla Corporation
Product-androidfirefoxFirefox
CVE-2025-0245
Matching Score-6
Assigner-Mozilla Corporation
ShareView Details
Matching Score-6
Assigner-Mozilla Corporation
CVSS Score-3.3||LOW
EPSS-0.03% / 6.80%
||
7 Day CHG~0.00%
Published-07 Jan, 2025 | 16:07
Updated-03 Apr, 2025 | 16:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Under certain circumstances, a user opt-in setting that Focus should require authentication before use could have been be bypassed. This vulnerability affects Firefox < 134.

Action-Not Available
Vendor-Mozilla Corporation
Product-firefoxFirefox
CVE-2024-9395
Matching Score-6
Assigner-Mozilla Corporation
ShareView Details
Matching Score-6
Assigner-Mozilla Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.15% / 35.56%
||
7 Day CHG~0.00%
Published-01 Oct, 2024 | 15:13
Updated-04 Apr, 2025 | 14:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A specially crafted filename containing a large number of spaces could obscure the file's extension when displayed in the download dialog. *This bug only affects Firefox for Android. Other versions of Firefox are unaffected.* This vulnerability affects Firefox < 131.

Action-Not Available
Vendor-Mozilla Corporation
Product-firefoxFirefox
CVE-2024-53975
Matching Score-6
Assigner-Mozilla Corporation
ShareView Details
Matching Score-6
Assigner-Mozilla Corporation
CVSS Score-5.4||MEDIUM
EPSS-0.17% / 38.26%
||
7 Day CHG+0.02%
Published-26 Nov, 2024 | 13:34
Updated-04 Apr, 2025 | 16:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Accessing a non-secure HTTP site that uses a non-existent port may cause the SSL padlock icon in the location URL bar to, misleadingly, appear secure. This vulnerability affects Firefox for iOS < 133.

Action-Not Available
Vendor-Mozilla Corporation
Product-firefoxFirefox for iOSfirefox_for_ios
CVE-2024-4766
Matching Score-6
Assigner-Mozilla Corporation
ShareView Details
Matching Score-6
Assigner-Mozilla Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.43% / 61.57%
||
7 Day CHG~0.00%
Published-14 May, 2024 | 17:21
Updated-04 Apr, 2025 | 14:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Different techniques existed to obscure the fullscreen notification in Firefox for Android. These could have led to potential user confusion and spoofing attacks. *This bug only affects Firefox for Android. Other versions of Firefox are unaffected.* This vulnerability affects Firefox < 126.

Action-Not Available
Vendor-Mozilla CorporationGoogle LLC
Product-androidfirefoxFirefox
CVE-2023-29545
Matching Score-6
Assigner-Mozilla Corporation
ShareView Details
Matching Score-6
Assigner-Mozilla Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.19% / 41.51%
||
7 Day CHG~0.00%
Published-19 Jun, 2023 | 10:07
Updated-11 Dec, 2024 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Similar to CVE-2023-28163, this time when choosing 'Save Link As', suggested filenames containing environment variable names would have resolved those in the context of the current user. *This bug only affects Firefox and Thunderbird on Windows. Other versions of Firefox and Thunderbird are unaffected.* This vulnerability affects Firefox < 112, Firefox ESR < 102.10, and Thunderbird < 102.10.

Action-Not Available
Vendor-Mozilla Corporation
Product-firefoxthunderbirdfirefox_esrFirefoxFirefox ESRThunderbird
CVE-2023-29542
Matching Score-6
Assigner-Mozilla Corporation
ShareView Details
Matching Score-6
Assigner-Mozilla Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.12% / 31.69%
||
7 Day CHG~0.00%
Published-19 Jun, 2023 | 10:03
Updated-11 Dec, 2024 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A newline in a filename could have been used to bypass the file extension security mechanisms that replace malicious file extensions such as .lnk with .download. This could have led to accidental execution of malicious code. *This bug only affects Firefox and Thunderbird on Windows. Other versions of Firefox and Thunderbird are unaffected.* This vulnerability affects Firefox < 112, Firefox ESR < 102.10, and Thunderbird < 102.10.

Action-Not Available
Vendor-Mozilla CorporationMicrosoft Corporation
Product-firefoxwindowsthunderbirdfirefox_esrFirefoxFirefox ESRThunderbird
CVE-2023-29532
Matching Score-6
Assigner-Mozilla Corporation
ShareView Details
Matching Score-6
Assigner-Mozilla Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.07% / 22.79%
||
7 Day CHG~0.00%
Published-19 Jun, 2023 | 09:58
Updated-11 Dec, 2024 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A local attacker can trick the Mozilla Maintenance Service into applying an unsigned update file by pointing the service at an update file on a malicious SMB server. The update file can be replaced after the signature check, before the use, because the write-lock requested by the service does not work on a SMB server. *Note: This attack requires local system access and only affects Windows. Other operating systems are not affected.* This vulnerability affects Firefox < 112, Firefox ESR < 102.10, and Thunderbird < 102.10.

Action-Not Available
Vendor-Mozilla CorporationMicrosoft Corporation
Product-firefoxwindowsthunderbirdfirefox_esrFirefoxFirefox ESRThunderbird
CVE-2023-29546
Matching Score-6
Assigner-Mozilla Corporation
ShareView Details
Matching Score-6
Assigner-Mozilla Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.29% / 52.15%
||
7 Day CHG~0.00%
Published-19 Jun, 2023 | 10:13
Updated-11 Dec, 2024 | 17:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

When recording the screen while in Private Browsing on Firefox for Android the address bar and keyboard were not hidden, potentially leaking sensitive information. *This bug only affects Firefox for Android. Other operating systems are unaffected.* This vulnerability affects Firefox for Android < 112 and Focus for Android < 112.

Action-Not Available
Vendor-Mozilla Corporation
Product-firefoxfirefox_focusFocus for AndroidFirefox for Android
CVE-2019-25136
Matching Score-6
Assigner-Mozilla Corporation
ShareView Details
Matching Score-6
Assigner-Mozilla Corporation
CVSS Score-10||CRITICAL
EPSS-0.33% / 54.83%
||
7 Day CHG~0.00%
Published-19 Jun, 2023 | 10:45
Updated-11 Dec, 2024 | 17:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A compromised child process could have injected XBL Bindings into privileged CSS rules, resulting in arbitrary code execution and a sandbox escape. This vulnerability affects Firefox < 70.

Action-Not Available
Vendor-Mozilla Corporation
Product-firefoxFirefox
CVE-2024-5689
Matching Score-6
Assigner-Mozilla Corporation
ShareView Details
Matching Score-6
Assigner-Mozilla Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.78% / 72.65%
||
7 Day CHG~0.00%
Published-11 Jun, 2024 | 12:40
Updated-28 Oct, 2024 | 20:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In addition to detecting when a user was taking a screenshot (XXX), a website was able to overlay the 'My Shots' button that appeared, and direct the user to a replica Firefox Screenshots page that could be used for phishing. This vulnerability affects Firefox < 127.

Action-Not Available
Vendor-Mozilla Corporation
Product-firefoxFirefox
CVE-2023-25736
Matching Score-6
Assigner-Mozilla Corporation
ShareView Details
Matching Score-6
Assigner-Mozilla Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.38% / 58.29%
||
7 Day CHG~0.00%
Published-19 Jun, 2023 | 10:22
Updated-11 Dec, 2024 | 17:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An invalid downcast from `nsHTMLDocument` to `nsIContent` could have lead to undefined behavior. This vulnerability affects Firefox < 110.

Action-Not Available
Vendor-Mozilla Corporation
Product-firefoxFirefox
CVE-2024-31392
Matching Score-6
Assigner-Mozilla Corporation
ShareView Details
Matching Score-6
Assigner-Mozilla Corporation
CVSS Score-7.5||HIGH
EPSS-0.36% / 57.63%
||
7 Day CHG~0.00%
Published-03 Apr, 2024 | 15:19
Updated-09 Apr, 2025 | 14:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

If an insecure element was added to a page after a delay, Firefox would not replace the secure icon with a mixed content security status This vulnerability affects Firefox for iOS < 124.

Action-Not Available
Vendor-Apple Inc.Mozilla Corporation
Product-firefoxiphone_osFirefox for iOSfirefox
CVE-2024-31393
Matching Score-6
Assigner-Mozilla Corporation
ShareView Details
Matching Score-6
Assigner-Mozilla Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.10% / 28.99%
||
7 Day CHG~0.00%
Published-03 Apr, 2024 | 15:19
Updated-09 Apr, 2025 | 14:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dragging Javascript URLs to the address bar could cause them to be loaded, bypassing restrictions and security protections This vulnerability affects Firefox for iOS < 124.

Action-Not Available
Vendor-Apple Inc.Mozilla Corporation
Product-firefoxiphone_osFirefox for iOS
CVE-2024-5022
Matching Score-6
Assigner-Mozilla Corporation
ShareView Details
Matching Score-6
Assigner-Mozilla Corporation
CVSS Score-4.4||MEDIUM
EPSS-0.15% / 36.70%
||
7 Day CHG~0.00%
Published-17 May, 2024 | 18:42
Updated-04 Apr, 2025 | 14:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The file scheme of URLs would be hidden, resulting in potential spoofing of a website's address in the location bar This vulnerability affects Focus for iOS < 126.

Action-Not Available
Vendor-Mozilla Corporation
Product-firefox_focusFocus for iOS
CVE-2024-44217
Matching Score-4
Assigner-Apple Inc.
ShareView Details
Matching Score-4
Assigner-Apple Inc.
CVSS Score-9.1||CRITICAL
EPSS-0.11% / 29.62%
||
7 Day CHG+0.01%
Published-28 Oct, 2024 | 21:08
Updated-12 Dec, 2024 | 19:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A permissions issue was addressed by removing vulnerable code and adding additional checks. This issue is fixed in iOS 18 and iPadOS 18. Password autofill may fill in passwords after failing authentication.

Action-Not Available
Vendor-Apple Inc.
Product-iphone_osipadosiOS and iPadOSiphone_osipad_os
CWE ID-CWE-863
Incorrect Authorization
Details not found