Firefox for android

This hub aggregates every CVE we track for Firefox for android, a product in the consumer software space. Use it to gauge the current risk picture and drill into individual advisories.

Severity distribution

Monthly trend

The 15 most recently published vulnerabilities affecting Firefox for android.

• CVE-2024-8897Under certain conditions, an attacker with the ability to redirect users to a malicious site via an open redirect on a trusted site, may be able to spoof the address bar contents. This can lead to ...6.1Sep 17, 2024
• CVE-2023-29546When recording the screen while in Private Browsing on Firefox for Android the address bar and keyboard were not hidden, potentially leaking sensitive information. *This bug only affects Firefox ...6.5Jun 19, 2023
• CVE-2023-29534Different techniques existed to obscure the fullscreen notification in Firefox and Focus for Android. These could have led to potential user confusion and spoofing attacks. *This bug only affects...9.1Jun 19, 2023
• CVE-2023-25747A potential use-after-free in libaudio was fixed by disabling the AAudio backend when running on Android API below version 30. *This bug only affects Firefox for Android. Other versions of Firefox ...7.5Jun 19, 2023
• CVE-2023-29543An attacker could have caused memory corruption and a potentially exploitable use-after-free of a pointer in a global object's debugger vector. This vulnerability affects Firefox for Android < 112,...8.8Jun 2, 2023
• CVE-2023-29550Memory safety bugs present in Firefox 111 and Firefox ESR 102.9. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploit...8.8Jun 2, 2023
• CVE-2023-29551Memory safety bugs present in Firefox 111. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary co...8.8Jun 2, 2023
• CVE-2023-29549Under certain circumstances, a call to the <code>bind</code> function may have resulted in the incorrect realm. This may have created a vulnerability relating to JavaScript-implemented sandboxes su...6.5Jun 2, 2023
• CVE-2023-29535Following a Garbage Collector compaction, weak maps may have been accessed before they were correctly traced. This resulted in memory corruption and a potentially exploitable crash. This vulnerabil...6.5Jun 2, 2023
• CVE-2023-29533A website could have obscured the fullscreen notification by using a combination of <code>window.open</code>, fullscreen requests, <code>window.name</code> assignments, and <code>setInterval</code>...4.3Jun 2, 2023
• CVE-2023-29541Firefox did not properly handle downloads of files ending in <code>.desktop</code>, which can be interpreted to run attacker-controlled commands. <br>*This bug only affects Firefox for Linux on cer...8.8Jun 2, 2023
• CVE-2023-29544If multiple instances of resource exhaustion occurred at the incorrect time, the garbage collector could have caused memory corruption and a potentially exploitable crash. This vulnerability affect...6.5Jun 2, 2023
• CVE-2023-29537Multiple race conditions in the font initialization could have led to memory corruption and execution of attacker-controlled code. This vulnerability affects Firefox for Android < 112, Firefox < 11...7.5Jun 2, 2023
• CVE-2023-29538Under specific circumstances a WebExtension may have received a <code>jar:file:///</code> URI instead of a <code>moz-extension:///</code> URI during a load request. This leaked directory paths on t...4.3Jun 2, 2023
• CVE-2023-29539When handling the filename directive in the Content-Disposition header, the filename would be truncated if the filename contained a NULL character. This could have led to reflected file download at...8.8Jun 2, 2023