Loading HuntDB...
Hunt
Vulnerability Intelligence by wss.sh
Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog Latest Updates Security News
Sign In Sign Up
mozilla

Firefox for iOS

3 Versions 31 CVEs

Versions

next of 25

OTHER 1 CVE

unspecified

OTHER 31 CVEs

25

SINGLE_NUMBER 1 CVE

Recent CVEs

CVE-2019-17003

Scanning a QR code that contained a javascript: URL would have resulted in the Javascript being executed.

UNKNOWN Feb 16, 2023

CVE-2022-1887

The search term could have been specified externally to trigger SQL injection. This vulnerability affects Firefox for iOS < 101.

UNKNOWN Dec 22, 2022

CVE-2022-31746

Internal URLs are protected by a secret UUID key, which could have been leaked to web page through the Referrer header. This vulnerability affects Firefox for iOS < 102.

UNKNOWN Dec 22, 2022

CVE-2021-29958

When a download was initiated, the client did not check whether it was in normal or private browsing mode, which led to private mode cookies being shared in normal browsing mode. This vulnerability affects Firefox for iOS < 34.

UNKNOWN Jun 24, 2021

CVE-2020-15651

A unicode RTL order character in the downloaded file name can be used to change the file's name during the download UI flow to change the file extension. This vulnerability affects Firefox for iOS < 28.

UNKNOWN Aug 10, 2020

CVE-2020-15662

A rogue webpage could override the injected WKUserScript used by the download feature, this exploit could result in the user downloading an unintended file. This vulnerability affects Firefox for iOS < 28.

UNKNOWN Aug 10, 2020

CVE-2020-15661

A rogue webpage could override the injected WKUserScript used by the logins autofill, this exploit could result in leaking a password for the current domain. This vulnerability affects Firefox for iOS < 28.

UNKNOWN Aug 10, 2020

CVE-2020-12414

IndexedDB should be cleared when leaving private browsing mode and it is not, the API for WKWebViewConfiguration was being used incorrectly and requires the private instance of this object be deleted when leaving private mode. This vulnerability affects Firefox for iOS < 27.

UNKNOWN Jul 09, 2020

CVE-2020-12404

For native-to-JS bridging the app requires a unique token to be passed that ensures non-app code can't call the bridging functions. That token could leak when used for downloading files. This vulnerability affects Firefox for iOS < 26.

UNKNOWN Jul 09, 2020

CVE-2020-6830

For native-to-JS bridging, the app requires a unique token to be passed that ensures non-app code can't call the bridging functions. That token was being used for JS-to-native also, but it isn't needed in this case, and its usage was also leaking this token. This vulnerability affects Firefox for iOS < 25.

UNKNOWN May 26, 2020