Vulnerabilities > Mozilla > Firefox Focus
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-01-22 | CVE-2024-0605 | Race Condition vulnerability in Mozilla Firefox Focus Using a javascript: URI with a setTimeout race condition, an attacker can execute unauthorized scripts on top origin sites in urlbar. | 7.5 |
| 2024-01-22 | CVE-2024-0606 | Cross-site Scripting vulnerability in Mozilla Firefox Focus An attacker could execute unauthorized script on a legitimate site through UXSS using window.open() by opening a javascript URI leading to unauthorized actions within the user's loaded webpage. | 6.1 |
| 2023-12-19 | CVE-2023-6870 | Unspecified vulnerability in Mozilla Firefox Applications which spawn a Toast notification in a background thread may have obscured fullscreen notifications displayed by Firefox. | 4.3 |
| 2023-09-28 | CVE-2023-5217 | Out-of-bounds Write vulnerability in multiple products Heap buffer overflow in vp8 encoding in libvpx in Google Chrome prior to 117.0.5938.132 and libvpx 1.13.1 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 8.8 |
| 2023-06-19 | CVE-2023-29534 | Unspecified vulnerability in Mozilla Firefox and Firefox Focus Different techniques existed to obscure the fullscreen notification in Firefox and Focus for Android. | 9.1 |
| 2023-06-19 | CVE-2023-29546 | Unspecified vulnerability in Mozilla Firefox and Firefox Focus When recording the screen while in Private Browsing on Firefox for Android the address bar and keyboard were not hidden, potentially leaking sensitive information. | 6.5 |
| 2023-06-02 | CVE-2023-25743 | Authentication Bypass by Spoofing vulnerability in Mozilla Firefox Focus A lack of in app notification for entering fullscreen mode could have lead to a malicious website spoofing browser chrome.<br>*This bug only affects Firefox Focus. | 7.5 |