Shodan
Vulnerabilities
Vulnerable Software
Mozilla:  >> Firefox Focus  Security Vulnerabilities
CVE-2024-0606
An attacker could execute unauthorized script on a legitimate site through UXSS using window.open() by opening a javascript URI leading to unauthorized actions within the user's loaded webpage. This vulnerability affects Focus for iOS < 122.
CVSS Score
6.1
EPSS Score
0.006
Published
2024-01-22
CVE-2023-6870
Applications which spawn a Toast notification in a background thread may have obscured fullscreen notifications displayed by Firefox. *This issue only affects Android versions of Firefox and Firefox Focus.* This vulnerability affects Firefox < 121.
CVSS Score
4.3
EPSS Score
0.005
Published
2023-12-19
CVE-2023-29534
Different techniques existed to obscure the fullscreen notification in Firefox and Focus for Android. These could have led to potential user confusion and spoofing attacks. *This bug only affects Firefox and Focus for Android. Other versions of Firefox are unaffected.* This vulnerability affects Firefox for Android < 112 and Focus for Android < 112.
CVSS Score
9.1
EPSS Score
0.004
Published
2023-06-19
CVE-2023-29546
When recording the screen while in Private Browsing on Firefox for Android the address bar and keyboard were not hidden, potentially leaking sensitive information. *This bug only affects Firefox for Android. Other operating systems are unaffected.* This vulnerability affects Firefox for Android < 112 and Focus for Android < 112.
CVSS Score
6.5
EPSS Score
0.003
Published
2023-06-19
CVE-2023-25743
A lack of in app notification for entering fullscreen mode could have lead to a malicious website spoofing browser chrome.<br>*This bug only affects Firefox Focus. Other versions of Firefox are unaffected.*. This vulnerability affects Firefox < 110 and Firefox ESR < 102.8.
CVSS Score
7.5
EPSS Score
0.001
Published
2023-06-02
CVE-2022-26485
Known exploited
Removing an XSLT parameter during processing could have lead to an exploitable use-after-free. We have had reports of attacks in the wild abusing this flaw. This vulnerability affects Firefox < 97.0.2, Firefox ESR < 91.6.1, Firefox for Android < 97.3.0, Thunderbird < 91.6.2, and Focus < 97.3.0.
CVSS Score
8.8
EPSS Score
0.017
Published
2022-12-22
CVE-2022-26486
Known exploited
An unexpected message in the WebGPU IPC framework could lead to a use-after-free and exploitable sandbox escape. We have had reports of attacks in the wild abusing this flaw. This vulnerability affects Firefox < 97.0.2, Firefox ESR < 91.6.1, Firefox for Android < 97.3.0, Thunderbird < 91.6.2, and Focus < 97.3.0.
CVSS Score
9.6
EPSS Score
0.013
Published
2022-12-22


Products
Pricing
Contact Us

Shodan ® - All rights reserved