Mon Jul 29 2024 12:16:41 PDT
  • Resolution: ---
  • Keywords: csectype-disclosure

29 bugs found.
ID Type Summary Product Comp Assignee Status Resolution Updated
1482368 same origin policy for file: URI and NTFS symlink and junction point Core Security: CAPS nobody UNCO --- 2024-05-30
1523275 ResourceTiming duration should be non-0 for failed DNS, TCP, SSL Core Performance bdekoz NEW --- 2022-03-02
1711084 Scheme flooding technique for reliable cross-browser fingerprinting Core Privacy: Anti-Tracki nobody NEW --- 2023-04-26
263290 view-source: protocol allows viewing "cache-control: no-store" pages that are no longer being displayed Core Networking: Cache nobody NEW --- 2022-10-10
1188660 Show a prominent infobar/banner when SSLKEYLOGFILE is active Firefox Security nobody NEW --- 2022-10-11
1293420 Should we disable mix-blend-mode because it can lead to a history leakage attack? Core CSS Parsing and Comp nobody NEW --- 2023-10-08
1315203 XSHM: Cross Site History Manipulation (information leakage) Core DOM: Navigation nobody NEW --- 2024-01-01
1372288 [meta] WebExtensions can be used as user fingerprint WebExtensions General nobody NEW --- 2024-05-30
1405971 Webextension UUID leak via Fetch requests WebExtensions General nobody NEW --- 2024-05-30
1422482 OS username disclosure using downloads manager Firefox Downloads Panel nobody NEW --- 2022-10-11
1423602 Resource timing violates SOP for font files loaded under "no-cors" CSS Core Layout nobody NEW --- 2023-10-04
1474680 resource://usercontext-content has more than icons Core DOM: Security nobody NEW --- 2022-10-11
1540565 TabTracker leaks information about existence of private tabs/windows despite lack of private browsing permission WebExtensions General nobody NEW --- 2024-04-19
1610450 Referrer Policy and about:blank/javascript: URL inheritance is broken Core DOM: Security nobody NEW --- 2022-04-27
1647748 Middle clicking text input on Linux fills the selected autocomplete option Toolkit Form Manager nobody NEW --- 2020-06-30
1880634 MozTogglePictureInPicture event is visible to web content Toolkit Picture-in-Picture nobody NEW --- 2024-06-02
1276177 Security Disclosure: Malicious use of the phone's Gyroscope Core DOM: Device Interfac nobody NEW --- 2022-10-11
1211669 The Clock is Still Ticking: Timing Attacks in the Modern Web Core DOM: Core & HTML nobody NEW --- 2022-10-11
1749129 Side-channel attack can deanonymize users (potential risk to journalists and activists) Core DOM: Core & HTML nobody NEW --- 2023-06-06
700232 Automatically pause camera and mute mic when entering a password Core General nobody NEW --- 2022-10-10
906163 Form history used by extensions should be stored uniquely in Satchel Toolkit Form Manager nobody NEW --- 2022-10-10
957631 PostToInsecureFromSecureMessage does not block the plaintext transmission. Cancel button useless? Firefox Security nobody NEW --- 2022-10-11
959893 [meta] WebRTC Internal IP Address Leakage Core WebRTC: Signaling nobody NEW --- 2023-05-16
1266386 OTF-SVG allows to read single characters with only a STYLE injection via XEE Core SVG nobody NEW --- 2022-10-11
1699458 tabs.get() API allows distinguishing private and non-existent tabs WebExtensions Android nobody NEW --- 2024-04-19
1896700 Detect Content Script of Cross-Origin Using Script Load Error Core DOM: Core & HTML nobody NEW --- 2024-07-22
1741034 Guessing the URL a cross-origin iframe was redirected to by listening and counting the number of load events Core DOM: Navigation afarre ASSI --- 2024-05-30
381681 Form autocomplete information can be seen by evil sites convincing users to press arrow keys Toolkit Form Manager nobody REOP --- 2024-03-25
1201160 Service workers violate SOP for "no-cors" CSS Core DOM: Service Workers nobody REOP --- 2023-01-04
29 bugs found.