Mozilla Firefox For Ios vulnerabilities

CVE-2024-53976 [MEDIUM] CWE-1021 CVE-2024-53976: Under certain circumstances, navigating to a webpage would result in the address missing from the lo Under certain circumstances, navigating to a webpage would result in the address missing from the location URL bar, making it unclear what the URL was for the loaded webpage. This vulnerability affects Firefox for iOS < 133.

CVE-2024-53975 [MEDIUM] CVE-2024-53975: Accessing a non-secure HTTP site that uses a non-existent port may cause the SSL padlock icon in the Accessing a non-secure HTTP site that uses a non-existent port may cause the SSL padlock icon in the location URL bar to, misleadingly, appear secure. This vulnerability affects Firefox for iOS < 133.

CVE-2024-10004 [CRITICAL] CWE-1021 CVE-2024-10004: Opening an external link to an HTTP website when Firefox iOS was previously closed and had an HTTPS Opening an external link to an HTTP website when Firefox iOS was previously closed and had an HTTPS tab open could in some cases result in the padlock icon showing an HTTPS indicator incorrectly This vulnerability affects Firefox for iOS < 131.2.

CVE-2024-43112 [MEDIUM] CWE-79 CVE-2024-43112: Long pressing on a download link could potentially provide a means for cross-site scripting This vul Long pressing on a download link could potentially provide a means for cross-site scripting This vulnerability affects Firefox for iOS < 129.

CVE-2024-43113 [MEDIUM] CWE-79 CVE-2024-43113: The contextual menu for links could provide an opportunity for cross-site scripting attacks This vul The contextual menu for links could provide an opportunity for cross-site scripting attacks This vulnerability affects Firefox for iOS < 129.

CVE-2024-43111 [MEDIUM] CWE-79 CVE-2024-43111: Long pressing on a download link could potentially allow Javascript commands to be executed within t Long pressing on a download link could potentially allow Javascript commands to be executed within the browser This vulnerability affects Firefox for iOS < 129.

CVE-2024-38313 [MEDIUM] CWE-451 CVE-2024-38313: In certain scenarios a malicious website could attempt to display a fake location URL bar which coul In certain scenarios a malicious website could attempt to display a fake location URL bar which could mislead users as to the actual website address This vulnerability affects Firefox for iOS < 127.

CVE-2024-38312 [MEDIUM] CWE-922 CVE-2024-38312: When browsing private tabs, some data related to location history or webpage thumbnails could be per When browsing private tabs, some data related to location history or webpage thumbnails could be persisted incorrectly within the sandboxed app bundle after app termination This vulnerability affects Firefox for iOS < 127.

CVE-2024-31392 [HIGH] CVE-2024-31392: If an insecure element was added to a page after a delay, Firefox would not replace the secure icon If an insecure element was added to a page after a delay, Firefox would not replace the secure icon with a mixed content security status This vulnerability affects Firefox for iOS < 124.

CVE-2024-31393 [MEDIUM] CVE-2024-31393: Dragging Javascript URLs to the address bar could cause them to be loaded, bypassing restrictions an Dragging Javascript URLs to the address bar could cause them to be loaded, bypassing restrictions and security protections This vulnerability affects Firefox for iOS < 124.

CVE-2024-26282 [HIGH] CWE-80 CVE-2024-26282: Using an AMP url with a canonical element, an attacker could have executed JavaScript from an opened Using an AMP url with a canonical element, an attacker could have executed JavaScript from an opened bookmarked page. This vulnerability affects Firefox for iOS < 123.

CVE-2024-26283 [HIGH] CWE-83 CVE-2024-26283: An attacker could have executed unauthorized scripts on top origin sites using a JavaScript URI when An attacker could have executed unauthorized scripts on top origin sites using a JavaScript URI when opening an external URL with a custom Firefox scheme. This vulnerability affects Firefox for iOS < 123.

CVE-2024-26281 [MEDIUM] CWE-79 CVE-2024-26281: Upon scanning a JavaScript URI with the QR code scanner, an attacker could have executed unauthorize Upon scanning a JavaScript URI with the QR code scanner, an attacker could have executed unauthorized scripts on the current top origin sites in the URL bar. This vulnerability affects Firefox for iOS < 123.

CVE-2024-0953 [MEDIUM] CWE-601 CVE-2024-0953: When a user scans a QR Code with the QR Code Scanner feature, the user is not prompted before being When a user scans a QR Code with the QR Code Scanner feature, the user is not prompted before being navigated to the page specified in the code. This may surprise the user and potentially direct them to unwanted content. This vulnerability affects Firefox for iOS < 129.

CVE-2023-49060 [CRITICAL] CVE-2023-49060: An attacker could have accessed internal pages or data by ex-filtrating a security key from ReaderMo An attacker could have accessed internal pages or data by ex-filtrating a security key from ReaderMode via the `referrerpolicy` attribute. This vulnerability affects Firefox for iOS < 120.

CVE-2023-49061 [MEDIUM] CWE-601 CVE-2023-49061: An attacker could have performed HTML template injection via Reader Mode and exfiltrated user inform An attacker could have performed HTML template injection via Reader Mode and exfiltrated user information. This vulnerability affects Firefox for iOS < 120.

CVE-2023-5758 [MEDIUM] CWE-79 CVE-2023-5758: When opening a page in reader mode, the redirect URL could have caused attacker-controlled script to When opening a page in reader mode, the redirect URL could have caused attacker-controlled script to execute in a reflected Cross-Site Scripting (XSS) attack. This vulnerability affects Firefox for iOS < 119.

CVE-2023-37455 [MEDIUM] CWE-1021 CVE-2023-37455: The permission request prompt from the site in the background tab was overlaid on top of the site in The permission request prompt from the site in the background tab was overlaid on top of the site in the foreground tab. This vulnerability affects Firefox for iOS < 115.

CVE-2023-37456 [MEDIUM] CWE-476 CVE-2023-37456: The session restore helper crashed whenever there was no parameter sent to the message handler. This The session restore helper crashed whenever there was no parameter sent to the message handler. This vulnerability affects Firefox for iOS < 115.

CVE-2022-1887 [CRITICAL] CWE-89 CVE-2022-1887: The search term could have been specified externally to trigger SQL injection. This vulnerability af The search term could have been specified externally to trigger SQL injection. This vulnerability affects Firefox for iOS < 101.