CVSS: 9.1EPSS: 0%CPEs: 3EXPL: 0CVE-2024-10474
https://notcve.org/view.php?id=CVE-2024-10474
29 Oct 2024 — Focus was incorrectly allowing internal links to utilize the app scheme used for deeplinking, which could result in links potentially circumventing some URL safety checks This vulnerability affects Focus for iOS < 132. • https://bugzilla.mozilla.org/show_bug.cgi?id=1863832 • CWE-287: Improper Authentication •
CVSS: 5.0EPSS: 0%CPEs: 2EXPL: 0CVE-2024-8399
https://notcve.org/view.php?id=CVE-2024-8399
03 Sep 2024 — Websites could utilize Javascript links to spoof URL addresses in the Focus navigation bar This vulnerability affects Focus for iOS < 130. • https://bugzilla.mozilla.org/show_bug.cgi?id=1863838 • CWE-290: Authentication Bypass by Spoofing •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-0606
https://notcve.org/view.php?id=CVE-2024-0606
22 Jan 2024 — An attacker could execute unauthorized script on a legitimate site through UXSS using window.open() by opening a javascript URI leading to unauthorized actions within the user's loaded webpage. This vulnerability affects Focus for iOS < 122. Un atacante podría ejecutar un script no autorizado en un sitio legítimo a través de UXSS usando window.open() abriendo un URI de JavaScript que conduzca a acciones no autorizadas dentro de la página web cargada por el usuario. Esta vulnerabilidad afecta a Focus para iO... • https://bugzilla.mozilla.org/show_bug.cgi?id=1855030 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.6EPSS: 0%CPEs: 1EXPL: 0CVE-2024-0605
https://notcve.org/view.php?id=CVE-2024-0605
22 Jan 2024 — Using a javascript: URI with a setTimeout race condition, an attacker can execute unauthorized scripts on top origin sites in urlbar. This bypasses security measures, potentially leading to arbitrary code execution or unauthorized actions within the user's loaded webpage. This vulnerability affects Focus for iOS < 122. Usando un javascript: URI con una condición de ejecución setTimeout, un atacante puede ejecutar scripts no autorizados en los principales sitios de origen en urlbar. Esto elude las medidas de... • https://bugzilla.mozilla.org/show_bug.cgi?id=1855575 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 5.0EPSS: 0%CPEs: 3EXPL: 0CVE-2023-6870 – Gentoo Linux Security Advisory 202401-10
https://notcve.org/view.php?id=CVE-2023-6870
19 Dec 2023 — Applications which spawn a Toast notification in a background thread may have obscured fullscreen notifications displayed by Firefox. *This issue only affects Android versions of Firefox and Firefox Focus.* This vulnerability affects Firefox < 121. Las aplicaciones que generan una notificación Toast en un hilo en segundo plano pueden haber oscurecido las notificaciones en pantalla completa mostradas por Firefox. *Este problema solo afecta a las versiones Firefox y Firefox Focus de Android.* Esta vulnerabili... • https://bugzilla.mozilla.org/show_bug.cgi?id=1823316 •
CVSS: 10.0EPSS: 7%CPEs: 25EXPL: 2CVE-2023-5217 – Google Chromium libvpx Heap Buffer Overflow Vulnerability
https://notcve.org/view.php?id=CVE-2023-5217
28 Sep 2023 — Heap buffer overflow in vp8 encoding in libvpx in Google Chrome prior to 117.0.5938.132 and libvpx 1.13.1 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) El desbordamiento del búfer en la codificación vp8 en libvpx en Google Chrome anterior a 117.0.5938.132 y libvpx 1.13.1 permitía a un atacante remoto explotar potencialmente la corrupción del montón a través de una página HTML manipulada. (Severidad de seguridad de Chrome: alta) A... • https://github.com/UT-Security/cve-2023-5217-poc • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2023-29546
https://notcve.org/view.php?id=CVE-2023-29546
19 Jun 2023 — When recording the screen while in Private Browsing on Firefox for Android the address bar and keyboard were not hidden, potentially leaking sensitive information. *This bug only affects Firefox for Android. Other operating systems are unaffected.* This vulnerability affects Firefox for Android < 112 and Focus for Android < 112. • https://bugzilla.mozilla.org/show_bug.cgi?id=1780842 •
CVSS: 9.4EPSS: 0%CPEs: 2EXPL: 0CVE-2023-29534
https://notcve.org/view.php?id=CVE-2023-29534
19 Jun 2023 — Different techniques existed to obscure the fullscreen notification in Firefox and Focus for Android. These could have led to potential user confusion and spoofing attacks. *This bug only affects Firefox and Focus for Android. Other versions of Firefox are unaffected.* This vulnerability affects Firefox for Android < 112 and Focus for Android < 112. • https://bugzilla.mozilla.org/show_bug.cgi?id=1816007 •
CVSS: 7.6EPSS: 0%CPEs: 3EXPL: 0CVE-2023-29537 – Gentoo Linux Security Advisory 202305-35
https://notcve.org/view.php?id=CVE-2023-29537
30 May 2023 — Multiple race conditions in the font initialization could have led to memory corruption and execution of attacker-controlled code. This vulnerability affects Firefox for Android < 112, Firefox < 112, and Focus for Android < 112. Multiple vulnerabilities have been discovered in Mozilla Firefox, the worst of which could result in arbitrary code execution. Versions greater than or equal to 102.10.0:esr are affected. • https://bugzilla.mozilla.org/show_bug.cgi?id=1823365 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2023-29544 – Gentoo Linux Security Advisory 202305-35
https://notcve.org/view.php?id=CVE-2023-29544
30 May 2023 — If multiple instances of resource exhaustion occurred at the incorrect time, the garbage collector could have caused memory corruption and a potentially exploitable crash. This vulnerability affects Firefox for Android < 112, Firefox < 112, and Focus for Android < 112. Multiple vulnerabilities have been discovered in Mozilla Firefox, the worst of which could result in arbitrary code execution. Versions greater than or equal to 102.10.0:esr are affected. • https://bugzilla.mozilla.org/show_bug.cgi?id=1818781 • CWE-400: Uncontrolled Resource Consumption •