When a URL was provided in a link querystring parameter, Firefox for Android would follow that URL instead of the correct URL, potentially leading to phishing attacks.
*This bug only affects Firefox f
Under certain conditions, an attacker with the ability to redirect users to a malicious site via an open redirect on a trusted site, may be able to spoof the address bar contents. This can lead to a m
In the address bar, Firefox for Android truncated the display of URLs from the end instead of prioritizing the origin. This vulnerability was fixed in Firefox 141.
When a link can be opened in an external application, Firefox for Android will, by default, prompt the user before doing so. An attacker could have bypassed this prompt, potentially exposing the user
The URL scheme used by Firefox to facilitate searching of text queries could incorrectly allow attackers to open arbitrary website URLs or internal pages if a user was tricked into clicking a link. Th
Mitigation bypass in Firefox for Android. This vulnerability was fixed in Firefox 150.
Spoofing issue in the Address Bar component of Firefox Focus for Android. This vulnerability was fixed in Firefox 142.
When redirecting to an invalid protocol scheme, an attacker could spoof the address bar.
*Note: This issue only affected Android operating systems. Other operating systems are unaffected.*. This vuln
When using an invalid protocol scheme, an attacker could spoof the address bar.
*Note: This issue only affected Android operating systems. Other operating systems are unaffected.*
*Note: This issue i
When the address bar was hidden due to scrolling on Android, a malicious page could create a fake address bar to fool the user in response to a visibilitychange event. This vulnerability was fixed in
Spoofing issue in the WebAuthn component in Firefox for Android. This vulnerability was fixed in Firefox 143 and Thunderbird 143.
Spoofing issue in the WebAuthn component in Firefox for Android. This vulnerability was fixed in Firefox 148 and Thunderbird 148.
On Android, Firefox may have inadvertently allowed viewing saved passwords without the required device PIN authentication. This vulnerability affects Firefox < 133.
Opening maliciously-crafted URLs in Firefox from other apps such as Safari could have allowed attackers to spoof website addresses if the URLs utilized non-HTTP schemes used internally by the Firefox
Under certain circumstances, navigating to a webpage would result in the address missing from the location URL bar, making it unclear what the URL was for the loaded webpage. This vulnerability affect
Spoofing issue in the Toolbar component in Firefox for Android. This vulnerability was fixed in Firefox 151.
Improper authorization in handler for custom URL scheme issue in "Shonen Jump+" App for Android versions prior to 4.0.0 allows an attacker to lead a user to access an arbitrary website via the vulnera
A crafted URL using a blob: URI could have hidden the true origin of the page, resulting in a potential spoofing attack.
*Note: This issue only affected Android operating systems. Other operating syst
Improper authorization in handler for custom URL scheme issue in "Yahoo! Shopping" App for Android versions prior to 14.15.0 allows a remote unauthenticated attacker may lead a user to access an arbit
The QR scanner could allow arbitrary websites to be opened if a user was tricked into scanning a malicious link that leveraged Firefox's open-text URL scheme. This vulnerability was fixed in Firefox f
Page 1+ Next →