CVSS: 5.4EPSS: 0%CPEs: 2EXPL: 0CVE-2024-53975
https://notcve.org/view.php?id=CVE-2024-53975
26 Nov 2024 — Accessing a non-secure HTTP site that uses a non-existent port may cause the SSL padlock icon in the location URL bar to, misleadingly, appear secure. This vulnerability affects Firefox for iOS < 133. • https://bugzilla.mozilla.org/show_bug.cgi?id=1843467 •
CVSS: 9.1EPSS: 0%CPEs: 3EXPL: 0CVE-2024-10474
https://notcve.org/view.php?id=CVE-2024-10474
29 Oct 2024 — Focus was incorrectly allowing internal links to utilize the app scheme used for deeplinking, which could result in links potentially circumventing some URL safety checks This vulnerability affects Focus for iOS < 132. • https://bugzilla.mozilla.org/show_bug.cgi?id=1863832 • CWE-287: Improper Authentication •
CVSS: 9.1EPSS: 0%CPEs: 2EXPL: 0CVE-2024-10004
https://notcve.org/view.php?id=CVE-2024-10004
15 Oct 2024 — Opening an external link to an HTTP website when Firefox iOS was previously closed and had an HTTPS tab open could in some cases result in the padlock icon showing an HTTPS indicator incorrectly This vulnerability affects Firefox for iOS < 131.2. • https://bugzilla.mozilla.org/show_bug.cgi?id=1904885 • CWE-1021: Improper Restriction of Rendered UI Layers or Frames •
CVSS: 5.0EPSS: 0%CPEs: 2EXPL: 0CVE-2024-8399
https://notcve.org/view.php?id=CVE-2024-8399
03 Sep 2024 — Websites could utilize Javascript links to spoof URL addresses in the Focus navigation bar This vulnerability affects Focus for iOS < 130. • https://bugzilla.mozilla.org/show_bug.cgi?id=1863838 • CWE-290: Authentication Bypass by Spoofing •
CVSS: 9.8EPSS: 0%CPEs: 3EXPL: 0CVE-2024-43111
https://notcve.org/view.php?id=CVE-2024-43111
06 Aug 2024 — Long pressing on a download link could potentially allow Javascript commands to be executed within the browser This vulnerability affects Firefox for iOS < 129. • https://bugzilla.mozilla.org/show_bug.cgi?id=1874907 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 3EXPL: 0CVE-2024-43113
https://notcve.org/view.php?id=CVE-2024-43113
06 Aug 2024 — The contextual menu for links could provide an opportunity for cross-site scripting attacks This vulnerability affects Firefox for iOS < 129. • https://bugzilla.mozilla.org/show_bug.cgi?id=1874964 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 3EXPL: 0CVE-2024-43112
https://notcve.org/view.php?id=CVE-2024-43112
06 Aug 2024 — Long pressing on a download link could potentially provide a means for cross-site scripting This vulnerability affects Firefox for iOS < 129. • https://bugzilla.mozilla.org/show_bug.cgi?id=1874910 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2024-38312
https://notcve.org/view.php?id=CVE-2024-38312
13 Jun 2024 — When browsing private tabs, some data related to location history or webpage thumbnails could be persisted incorrectly within the sandboxed app bundle after app termination This vulnerability affects Firefox for iOS < 127. Al explorar pestañas privadas, algunos datos relacionados con el historial de ubicaciones o las miniaturas de páginas web podrían persistir incorrectamente dentro del paquete de aplicaciones en espacio aislado después de la finalización de la aplicación. Esta vulnerabilidad afecta a Firef... • https://bugzilla.mozilla.org/show_bug.cgi?id=1878578 • CWE-922: Insecure Storage of Sensitive Information •
CVSS: 5.0EPSS: 0%CPEs: 2EXPL: 0CVE-2024-38313
https://notcve.org/view.php?id=CVE-2024-38313
13 Jun 2024 — In certain scenarios a malicious website could attempt to display a fake location URL bar which could mislead users as to the actual website address This vulnerability affects Firefox for iOS < 127. En ciertos escenarios, un sitio web malicioso podría intentar mostrar una barra de URL de ubicación falsa que podría engañar a los usuarios en cuanto a la dirección real del sitio web. Esta vulnerabilidad afecta a Firefox para iOS < 127. • https://bugzilla.mozilla.org/show_bug.cgi?id=1878489 • CWE-451: User Interface (UI) Misrepresentation of Critical Information •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-31392
https://notcve.org/view.php?id=CVE-2024-31392
03 Apr 2024 — If an insecure element was added to a page after a delay, Firefox would not replace the secure icon with a mixed content security status This vulnerability affects Firefox for iOS < 124. Si se agregaba un elemento inseguro a una página después de un retraso, Firefox no reemplazaría el ícono seguro con un estado de seguridad de contenido mixto. Esta vulnerabilidad afecta a Firefox para iOS < 124. • https://bugzilla.mozilla.org/show_bug.cgi?id=1875925 •