Search Results (Refine Search)
- Keyword (text search): cpe:2.3:a:mozilla:firefox:19.0:*:*:*:*:iphone_os:*:*
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2023-49061 |
An attacker could have performed HTML template injection via Reader Mode and exfiltrated user information. This vulnerability affects Firefox for iOS < 120. Published: November 21, 2023; 10:15:07 AM -0500 |
V3.1: 6.1 MEDIUM V2.0:(not available) |
CVE-2023-49060 |
An attacker could have accessed internal pages or data by ex-filtrating a security key from ReaderMode via the `referrerpolicy` attribute. This vulnerability affects Firefox for iOS < 120. Published: November 21, 2023; 10:15:07 AM -0500 |
V3.1: 9.8 CRITICAL V2.0:(not available) |
CVE-2023-5758 |
When opening a page in reader mode, the redirect URL could have caused attacker-controlled script to execute in a reflected Cross-Site Scripting (XSS) attack. This vulnerability affects Firefox for iOS < 119. Published: October 25, 2023; 2:17:45 PM -0400 |
V3.1: 6.1 MEDIUM V2.0:(not available) |
CVE-2023-37456 |
The session restore helper crashed whenever there was no parameter sent to the message handler. This vulnerability affects Firefox for iOS < 115. Published: July 12, 2023; 10:15:10 AM -0400 |
V3.1: 6.5 MEDIUM V2.0:(not available) |
CVE-2023-37455 |
The permission request prompt from the site in the background tab was overlaid on top of the site in the foreground tab. This vulnerability affects Firefox for iOS < 115. Published: July 12, 2023; 10:15:09 AM -0400 |
V3.1: 5.4 MEDIUM V2.0:(not available) |
CVE-2019-17003 |
Scanning a QR code that contained a javascript: URL would have resulted in the Javascript being executed. Published: February 16, 2023; 5:15:10 PM -0500 |
V3.1: 6.1 MEDIUM V2.0:(not available) |
CVE-2022-31746 |
Internal URLs are protected by a secret UUID key, which could have been leaked to web page through the Referrer header. This vulnerability affects Firefox for iOS < 102. Published: December 22, 2022; 3:15:30 PM -0500 |
V3.1: 6.5 MEDIUM V2.0:(not available) |
CVE-2021-29958 |
When a download was initiated, the client did not check whether it was in normal or private browsing mode, which led to private mode cookies being shared in normal browsing mode. This vulnerability affects Firefox for iOS < 34. Published: June 24, 2021; 10:15:10 AM -0400 |
V3.1: 4.3 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2020-15662 |
A rogue webpage could override the injected WKUserScript used by the download feature, this exploit could result in the user downloading an unintended file. This vulnerability affects Firefox for iOS < 28. Published: August 10, 2020; 2:15:12 PM -0400 |
V3.1: 6.5 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2020-15661 |
A rogue webpage could override the injected WKUserScript used by the logins autofill, this exploit could result in leaking a password for the current domain. This vulnerability affects Firefox for iOS < 28. Published: August 10, 2020; 2:15:12 PM -0400 |
V3.1: 6.5 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2020-12414 |
IndexedDB should be cleared when leaving private browsing mode and it is not, the API for WKWebViewConfiguration was being used incorrectly and requires the private instance of this object be deleted when leaving private mode. This vulnerability affects Firefox for iOS < 27. Published: July 09, 2020; 11:15:11 AM -0400 |
V3.1: 6.5 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2020-12404 |
For native-to-JS bridging the app requires a unique token to be passed that ensures non-app code can't call the bridging functions. That token could leak when used for downloading files. This vulnerability affects Firefox for iOS < 26. Published: July 09, 2020; 11:15:10 AM -0400 |
V3.1: 4.3 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2020-6830 |
For native-to-JS bridging, the app requires a unique token to be passed that ensures non-app code can't call the bridging functions. That token was being used for JS-to-native also, but it isn't needed in this case, and its usage was also leaking this token. This vulnerability affects Firefox for iOS < 25. Published: May 26, 2020; 2:15:11 PM -0400 |
V3.1: 7.5 HIGH V2.0: 5.0 MEDIUM |