The COPPA error page in the Accounts setup dialog in Mozilla Firefox OS before 2.2 embeds content from an external web server URL into the System process, which allows man-in-the-middle attackers to. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.
Mozilla
Privilege Escalation
Firefox Os
NVD
CVSS 2.0
3.3
EPSS
0.1%
Mozilla Firefox OS before 2.2 allows physically proximate attackers to bypass the pass-code protection mechanism and access USB Mass Storage (UMS) media volumes by using the USB interface for a mount. Rated low severity (CVSS 1.9). No vendor patch available.
Mozilla
Authentication Bypass
Firefox Os
NVD
CVSS 2.0
1.9
EPSS
0.1%