Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Firefox_focus
(Mozilla)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 6 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2023-09-28 | CVE-2023-5217 | Heap buffer overflow in vp8 encoding in libvpx in Google Chrome prior to 117.0.5938.132 and libvpx 1.13.1 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | Ipad_os, Iphone_os, Debian_linux, Fedora, Edge, Edge_chromium, Firefox, Firefox_esr, Firefox_focus, Thunderbird, Libvpx | 8.8 | ||
| 2023-06-19 | CVE-2023-29534 | Different techniques existed to obscure the fullscreen notification in Firefox and Focus for Android. These could have led to potential user confusion and spoofing attacks. *This bug only affects Firefox and Focus for Android. Other versions of Firefox are unaffected.* This vulnerability affects Firefox for Android < 112 and Focus for Android < 112. | Firefox, Firefox_focus | 9.1 | ||
| 2023-06-19 | CVE-2023-29546 | When recording the screen while in Private Browsing on Firefox for Android the address bar and keyboard were not hidden, potentially leaking sensitive information. *This bug only affects Firefox for Android. Other operating systems are unaffected.* This vulnerability affects Firefox for Android < 112 and Focus for Android < 112. | Firefox, Firefox_focus | 6.5 | ||
| 2023-06-02 | CVE-2023-25743 | A lack of in app notification for entering fullscreen mode could have lead to a malicious website spoofing browser chrome.<br>*This bug only affects Firefox Focus. Other versions of Firefox are unaffected.*. This vulnerability affects Firefox < 110 and Firefox ESR < 102.8. | Firefox_focus | 7.5 | ||
| 2022-12-22 | CVE-2022-26485 | Removing an XSLT parameter during processing could have lead to an exploitable use-after-free. We have had reports of attacks in the wild abusing this flaw. This vulnerability affects Firefox < 97.0.2, Firefox ESR < 91.6.1, Firefox for Android < 97.3.0, Thunderbird < 91.6.2, and Focus < 97.3.0. | Firefox, Firefox_esr, Firefox_focus, Thunderbird | 8.8 | ||
| 2022-12-22 | CVE-2022-26486 | An unexpected message in the WebGPU IPC framework could lead to a use-after-free and exploitable sandbox escape. We have had reports of attacks in the wild abusing this flaw. This vulnerability affects Firefox < 97.0.2, Firefox ESR < 91.6.1, Firefox for Android < 97.3.0, Thunderbird < 91.6.2, and Focus < 97.3.0. | Firefox, Firefox_esr, Firefox_focus, Thunderbird | 9.6 |