1482368
|
|
same origin policy for file: URI and NTFS symlink and junction point
|
Core
|
Security: CAPS
|
nobody
|
UNCO
|
---
|
2024-05-30
|
1523275
|
|
ResourceTiming duration should be non-0 for failed DNS, TCP, SSL
|
Core
|
Performance
|
bdekoz
|
NEW
|
---
|
2022-03-02
|
1711084
|
|
Scheme flooding technique for reliable cross-browser fingerprinting
|
Core
|
Privacy: Anti-Tracki
|
nobody
|
NEW
|
---
|
2023-04-26
|
263290
|
|
view-source: protocol allows viewing "cache-control: no-store" pages that are no longer being displayed
|
Core
|
Networking: Cache
|
nobody
|
NEW
|
---
|
2022-10-10
|
1188660
|
|
Show a prominent infobar/banner when SSLKEYLOGFILE is active
|
Firefox
|
Security
|
nobody
|
NEW
|
---
|
2022-10-11
|
1293420
|
|
Should we disable mix-blend-mode because it can lead to a history leakage attack?
|
Core
|
CSS Parsing and Comp
|
nobody
|
NEW
|
---
|
2023-10-08
|
1315203
|
|
XSHM: Cross Site History Manipulation (information leakage)
|
Core
|
DOM: Navigation
|
nobody
|
NEW
|
---
|
2024-01-01
|
1372288
|
|
[meta] WebExtensions can be used as user fingerprint
|
WebExtensions
|
General
|
nobody
|
NEW
|
---
|
2024-05-30
|
1405971
|
|
Webextension UUID leak via Fetch requests
|
WebExtensions
|
General
|
nobody
|
NEW
|
---
|
2024-05-30
|
1422482
|
|
OS username disclosure using downloads manager
|
Firefox
|
Downloads Panel
|
nobody
|
NEW
|
---
|
2022-10-11
|
1423602
|
|
Resource timing violates SOP for font files loaded under "no-cors" CSS
|
Core
|
Layout
|
nobody
|
NEW
|
---
|
2023-10-04
|
1474680
|
|
resource://usercontext-content has more than icons
|
Core
|
DOM: Security
|
nobody
|
NEW
|
---
|
2022-10-11
|
1540565
|
|
TabTracker leaks information about existence of private tabs/windows despite lack of private browsing permission
|
WebExtensions
|
General
|
nobody
|
NEW
|
---
|
2024-04-19
|
1610450
|
|
Referrer Policy and about:blank/javascript: URL inheritance is broken
|
Core
|
DOM: Security
|
nobody
|
NEW
|
---
|
2022-04-27
|
1647748
|
|
Middle clicking text input on Linux fills the selected autocomplete option
|
Toolkit
|
Form Manager
|
nobody
|
NEW
|
---
|
2020-06-30
|
1880634
|
|
MozTogglePictureInPicture event is visible to web content
|
Toolkit
|
Picture-in-Picture
|
nobody
|
NEW
|
---
|
2024-06-02
|
1276177
|
|
Security Disclosure: Malicious use of the phone's Gyroscope
|
Core
|
DOM: Device Interfac
|
nobody
|
NEW
|
---
|
2022-10-11
|
1211669
|
|
The Clock is Still Ticking: Timing Attacks in the Modern Web
|
Core
|
DOM: Core & HTML
|
nobody
|
NEW
|
---
|
2022-10-11
|
1749129
|
|
Side-channel attack can deanonymize users (potential risk to journalists and activists)
|
Core
|
DOM: Core & HTML
|
nobody
|
NEW
|
---
|
2023-06-06
|
700232
|
|
Automatically pause camera and mute mic when entering a password
|
Core
|
General
|
nobody
|
NEW
|
---
|
2022-10-10
|
906163
|
|
Form history used by extensions should be stored uniquely in Satchel
|
Toolkit
|
Form Manager
|
nobody
|
NEW
|
---
|
2022-10-10
|
957631
|
|
PostToInsecureFromSecureMessage does not block the plaintext transmission. Cancel button useless?
|
Firefox
|
Security
|
nobody
|
NEW
|
---
|
2022-10-11
|
959893
|
|
[meta] WebRTC Internal IP Address Leakage
|
Core
|
WebRTC: Signaling
|
nobody
|
NEW
|
---
|
2023-05-16
|
1266386
|
|
OTF-SVG allows to read single characters with only a STYLE injection via XEE
|
Core
|
SVG
|
nobody
|
NEW
|
---
|
2022-10-11
|
1699458
|
|
tabs.get() API allows distinguishing private and non-existent tabs
|
WebExtensions
|
Android
|
nobody
|
NEW
|
---
|
2024-04-19
|
1896700
|
|
Detect Content Script of Cross-Origin Using Script Load Error
|
Core
|
DOM: Core & HTML
|
nobody
|
NEW
|
---
|
2024-07-09
|
1741034
|
|
Guessing the URL a cross-origin iframe was redirected to by listening and counting the number of load events
|
Core
|
DOM: Navigation
|
afarre
|
ASSI
|
---
|
2024-05-30
|
381681
|
|
Form autocomplete information can be seen by evil sites convincing users to press arrow keys
|
Toolkit
|
Form Manager
|
nobody
|
REOP
|
---
|
2024-03-25
|
1201160
|
|
Service workers violate SOP for "no-cors" CSS
|
Core
|
DOM: Service Workers
|
nobody
|
REOP
|
---
|
2023-01-04
|