Mozilla Focus For Android
17 CVEs affecting Mozilla Focus For Android. Latest disclosed: 2023-06-19. Critical: 0, High: 0.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2023-29546 | | 2023-06-19 | When recording the screen while in Private Browsing on Firefox for Android the address bar and keyboard were not hidden, potentially leaking sensitive informat… | |
CVE-2023-29534 | | 2023-06-19 | Different techniques existed to obscure the fullscreen notification in Firefox and Focus for Android. These could have led to potential user confusion and spo… | |
CVE-2023-29551 | | 2023-06-02 | Memory safety bugs present in Firefox 111. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could h… | |
CVE-2023-29550 | | 2023-06-02 | Memory safety bugs present in Firefox 111 and Firefox ESR 102.9. Some of these bugs showed evidence of memory corruption and we presume that with enough effort… | |
CVE-2023-29549 | | 2023-06-02 | Under certain circumstances, a call to the <code>bind</code> function may have resulted in the incorrect realm. This may have created a vulnerability relating… | |
CVE-2023-29548 | | 2023-06-02 | A wrong lowering instruction in the ARM64 Ion compiler resulted in a wrong optimization result. This vulnerability affects Firefox < 112, Focus for Android < 1… | |
CVE-2023-29547 | | 2023-06-02 | When a secure cookie existed in the Firefox cookie jar an insecure cookie for the same domain could have been created, when it should have silently failed. Thi… | |
CVE-2023-29544 | | 2023-06-02 | If multiple instances of resource exhaustion occurred at the incorrect time, the garbage collector could have caused memory corruption and a potentially exploi… | |
CVE-2023-29543 | | 2023-06-02 | An attacker could have caused memory corruption and a potentially exploitable use-after-free of a pointer in a global object's debugger vector. This vulnerabil… | |
CVE-2023-29541 | | 2023-06-02 | Firefox did not properly handle downloads of files ending in <code>.desktop</code>, which can be interpreted to run attacker-controlled commands. <br>*This bug… | |
CVE-2023-29540 | | 2023-06-02 | Using a redirect embedded into <code>sourceMappingUrls</code> could allow for navigation to external protocol links in sandboxed iframes without <code>allow-to… | |
CVE-2023-29539 | | 2023-06-02 | When handling the filename directive in the Content-Disposition header, the filename would be truncated if the filename contained a NULL character. This could… | |
CVE-2023-29538 | | 2023-06-02 | Under specific circumstances a WebExtension may have received a <code>jar:file:///</code> URI instead of a <code>moz-extension:///</code> URI during a load req… | |
CVE-2023-29537 | | 2023-06-02 | Multiple race conditions in the font initialization could have led to memory corruption and execution of attacker-controlled code. This vulnerability affects F… | |
CVE-2023-29536 | | 2023-06-02 | An attacker could cause the memory manager to incorrectly free a pointer that addresses attacker-controlled memory, resulting in an assertion, memory corruptio… | |
CVE-2023-29535 | | 2023-06-02 | Following a Garbage Collector compaction, weak maps may have been accessed before they were correctly traced. This resulted in memory corruption and a potentia… | |
CVE-2023-29533 | | 2023-06-02 | A website could have obscured the fullscreen notification by using a combination of <code>window.open</code>, fullscreen requests, <code>window.name</code> ass… |