Vulnerabilities > Mozilla > Firefox > Low
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-09-11 | CVE-2023-4579 | Unspecified vulnerability in Mozilla Firefox Search queries in the default search engine could appear to have been the currently navigated URL if the search query itself was a well formed URL. | 3.1 |
| 2023-06-19 | CVE-2023-34414 | Improper Certificate Validation vulnerability in Mozilla Firefox The error page for sites with invalid TLS certificates was missing the activation-delay Firefox uses to protect prompts and permission dialogs from attacks that exploit human response time delays. | 3.1 |
| 2022-12-22 | CVE-2022-42931 | Cleartext Storage of Sensitive Information vulnerability in Mozilla Firefox Logins saved by Firefox should be managed by the Password Manager component which uses encryption to save files on-disk. | 3.3 |
| 2021-06-24 | CVE-2021-24000 | Race Condition vulnerability in Mozilla Firefox A race condition with requestPointerLock() and setTimeout() could have resulted in a user interacting with one tab when they believed they were on a separate tab. | 3.1 |
| 2020-10-01 | CVE-2020-15671 | Race Condition vulnerability in Mozilla Firefox When typing in a password under certain conditions, a race may have occured where the InputContext was not being correctly set for the input field, resulting in the typed password being saved to the keyboard dictionary. | 3.1 |
| 2020-05-26 | CVE-2020-12394 | Unspecified vulnerability in Mozilla Firefox A logic flaw in our location bar implementation could have allowed a local attacker to spoof the current location by selecting a different origin and removing focus from the input element. | 3.3 |
| 2020-04-24 | CVE-2020-6824 | Session Fixation vulnerability in Mozilla Firefox Initially, a user opens a Private Browsing Window and generates a password for a site, then closes the Private Browsing Window but leaves Firefox open. | 2.8 |
| 2019-09-27 | CVE-2019-11743 | Information Exposure Through Discrepancy vulnerability in Mozilla Firefox Navigation events were not fully adhering to the W3C's "Navigation-Timing Level 2" draft specification in some instances for the unload event, which restricts access to detailed timing attributes to only be same-origin. | 3.7 |
| 2018-06-11 | CVE-2016-9062 | Information Exposure vulnerability in Mozilla Firefox Private browsing mode leaves metadata information, such as URLs, for sites visited in "browser.db" and "browser.db-wal" files within the Firefox profile after the mode is exited. | 3.3 |
| 2018-06-11 | CVE-2017-5387 | File and Directory Information Exposure vulnerability in Mozilla Firefox The existence of a specifically requested local file can be found due to the double firing of the "onerror" when the "source" attribute on a "<track>" tag refers to a file that does not exist if the source page is loaded locally. | 3.3 |