Mozilla Firefox Focus
Recent Mozilla Firefox Focus Security Advisories
| Advisory | Title | Published |
|---|---|---|
| mfsa2023-44 | Security Vulnerability fixed in Firefox 118.0.1, Firefox ESR 115.3.1, Firefox for Android 118.1.0, and Firefox Focus for Android 118.1.0. mfsa2023-44 | September 28, 2023 |
By the Year
In 2023 there have been 4 vulnerabilities in Mozilla Firefox Focus with an average score of 8.0 out of ten. Last year Firefox Focus had 2 security vulnerabilities published. That is, 2 more vulnerabilities have already been reported in 2023 as compared to last year. Last year, the average CVE base score was greater by 1.23
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2023 | 4 | 7.98 |
| 2022 | 2 | 9.20 |
| 2021 | 0 | 0.00 |
| 2020 | 0 | 0.00 |
| 2019 | 0 | 0.00 |
| 2018 | 0 | 0.00 |
It may take a day or so for new Firefox Focus vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Mozilla Firefox Focus Security Vulnerabilities
Heap buffer overflow in vp8 encoding in libvpx in Google Chrome prior to 117.0.5938.132 and libvpx 1.13.1
CVE-2023-5217
8.8 - High
- September 28, 2023
Heap buffer overflow in vp8 encoding in libvpx in Google Chrome prior to 117.0.5938.132 and libvpx 1.13.1 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Memory Corruption
When recording the screen while in Private Browsing on Firefox for Android the address bar and keyboard were not hidden
CVE-2023-29546
6.5 - Medium
- June 19, 2023
When recording the screen while in Private Browsing on Firefox for Android the address bar and keyboard were not hidden, potentially leaking sensitive information. *This bug only affects Firefox for Android. Other operating systems are unaffected.* This vulnerability affects Firefox for Android < 112 and Focus for Android < 112.
Different techniques existed to obscure the fullscreen notification in Firefox and Focus for Android
CVE-2023-29534
9.1 - Critical
- June 19, 2023
Different techniques existed to obscure the fullscreen notification in Firefox and Focus for Android. These could have led to potential user confusion and spoofing attacks. *This bug only affects Firefox and Focus for Android. Other versions of Firefox are unaffected.* This vulnerability affects Firefox for Android < 112 and Focus for Android < 112.
A lack of in app notification for entering fullscreen mode could have lead to a malicious website spoofing browser chrome
CVE-2023-25743
7.5 - High
- June 02, 2023
A lack of in app notification for entering fullscreen mode could have lead to a malicious website spoofing browser chrome.<br>*This bug only affects Firefox Focus. Other versions of Firefox are unaffected.*. This vulnerability affects Firefox < 110 and Firefox ESR < 102.8.
Authentication Bypass by Spoofing
Removing an XSLT parameter during processing could have lead to an exploitable use-after-free
CVE-2022-26485
8.8 - High
- December 22, 2022
Removing an XSLT parameter during processing could have lead to an exploitable use-after-free. We have had reports of attacks in the wild abusing this flaw. This vulnerability affects Firefox < 97.0.2, Firefox ESR < 91.6.1, Firefox for Android < 97.3.0, Thunderbird < 91.6.2, and Focus < 97.3.0.
Dangling pointer
An unexpected message in the WebGPU IPC framework could lead to a use-after-free and exploitable sandbox escape
CVE-2022-26486
9.6 - Critical
- December 22, 2022
An unexpected message in the WebGPU IPC framework could lead to a use-after-free and exploitable sandbox escape. We have had reports of attacks in the wild abusing this flaw. This vulnerability affects Firefox < 97.0.2, Firefox ESR < 91.6.1, Firefox for Android < 97.3.0, Thunderbird < 91.6.2, and Focus < 97.3.0.
Dangling pointer
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Mozilla Thunderbird or by Mozilla? Click the Watch button to subscribe.
