Filtered by vendor Mozilla
Subscribe
Total
2816 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2023-3482 | 1 Mozilla | 1 Firefox | 2024-02-04 | N/A | 6.5 MEDIUM |
When Firefox is configured to block storage of all cookies, it was still possible to store data in localstorage by using an iframe with a source of 'about:blank'. This could have led to malicious websites storing tracking data without permission. This vulnerability affects Firefox < 115. | |||||
CVE-2023-37210 | 1 Mozilla | 1 Firefox | 2024-02-04 | N/A | 6.5 MEDIUM |
A website could prevent a user from exiting full-screen mode via alert and prompt calls. This could lead to user confusion and possible spoofing attacks. This vulnerability affects Firefox < 115. | |||||
CVE-2023-29549 | 1 Mozilla | 2 Firefox, Focus | 2024-02-04 | N/A | 6.5 MEDIUM |
Under certain circumstances, a call to the <code>bind</code> function may have resulted in the incorrect realm. This may have created a vulnerability relating to JavaScript-implemented sandboxes such as SES. This vulnerability affects Firefox for Android < 112, Firefox < 112, and Focus for Android < 112. | |||||
CVE-2023-37211 | 2 Debian, Mozilla | 4 Debian Linux, Firefox, Firefox Esr and 1 more | 2024-02-04 | N/A | 8.8 HIGH |
Memory safety bugs present in Firefox 114, Firefox ESR 102.12, and Thunderbird 102.12. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 115, Firefox ESR < 102.13, and Thunderbird < 102.13. | |||||
CVE-2023-25739 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2024-02-04 | N/A | 8.8 HIGH |
Module load requests that failed were not being checked as to whether or not they were cancelled causing a use-after-free in <code>ScriptLoadContext</code>. This vulnerability affects Firefox < 110, Thunderbird < 102.8, and Firefox ESR < 102.8. | |||||
CVE-2023-32210 | 1 Mozilla | 1 Firefox | 2024-02-04 | N/A | 6.5 MEDIUM |
Documents were incorrectly assuming an ordering of principal objects when ensuring we were loading an appropriately privileged principal. In certain circumstances it might have been possible to cause a document to be loaded with a higher privileged principal than intended. This vulnerability affects Firefox < 113. | |||||
CVE-2023-25738 | 2 Microsoft, Mozilla | 4 Windows, Firefox, Firefox Esr and 1 more | 2024-02-04 | N/A | 6.5 MEDIUM |
Members of the <code>DEVMODEW</code> struct set by the printer device driver weren't being validated and could have resulted in invalid values which in turn would cause the browser to attempt out of bounds access to related variables.<br>*This bug only affects Firefox on Windows. Other operating systems are unaffected.*. This vulnerability affects Firefox < 110, Thunderbird < 102.8, and Firefox ESR < 102.8. | |||||
CVE-2023-32212 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2024-02-04 | N/A | 4.3 MEDIUM |
An attacker could have positioned a <code>datalist</code> element to obscure the address bar. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11. | |||||
CVE-2023-32214 | 2 Microsoft, Mozilla | 4 Windows, Firefox, Firefox Esr and 1 more | 2024-02-04 | N/A | 7.5 HIGH |
Protocol handlers `ms-cxh` and `ms-cxh-full` could have been leveraged to trigger a denial of service. *Note: This attack only affects Windows. Other operating systems are not affected.* This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11. | |||||
CVE-2023-25728 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2024-02-04 | N/A | 6.5 MEDIUM |
The <code>Content-Security-Policy-Report-Only</code> header could allow an attacker to leak a child iframe's unredacted URI when interaction with that iframe triggers a redirect. This vulnerability affects Firefox < 110, Thunderbird < 102.8, and Firefox ESR < 102.8. | |||||
CVE-2023-23599 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2024-02-04 | N/A | 6.5 MEDIUM |
When copying a network request from the developer tools panel as a curl command the output was not being properly sanitized and could allow arbitrary commands to be hidden within. This vulnerability affects Firefox < 109, Thunderbird < 102.7, and Firefox ESR < 102.7. | |||||
CVE-2023-37204 | 1 Mozilla | 1 Firefox | 2024-02-04 | N/A | 6.5 MEDIUM |
A website could have obscured the fullscreen notification by using an option element by introducing lag via an expensive computational function. This could have led to user confusion and possible spoofing attacks. This vulnerability affects Firefox < 115. | |||||
CVE-2023-25729 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2024-02-04 | N/A | 8.8 HIGH |
Permission prompts for opening external schemes were only shown for <code>ContentPrincipals</code> resulting in extensions being able to open them without user interaction via <code>ExpandedPrincipals</code>. This could lead to further malicious actions such as downloading files or interacting with software already installed on the system. This vulnerability affects Firefox < 110, Thunderbird < 102.8, and Firefox ESR < 102.8. | |||||
CVE-2023-37212 | 1 Mozilla | 1 Firefox | 2024-02-04 | N/A | 8.8 HIGH |
Memory safety bugs present in Firefox 114. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 115. | |||||
CVE-2023-25743 | 1 Mozilla | 1 Firefox Focus | 2024-02-04 | N/A | 7.5 HIGH |
A lack of in app notification for entering fullscreen mode could have lead to a malicious website spoofing browser chrome.<br>*This bug only affects Firefox Focus. Other versions of Firefox are unaffected.*. This vulnerability affects Firefox < 110 and Firefox ESR < 102.8. | |||||
CVE-2023-32205 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2024-02-04 | N/A | 4.3 MEDIUM |
In multiple cases browser prompts could have been obscured by popups controlled by content. These could have led to potential user confusion and spoofing attacks. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11. | |||||
CVE-2023-25731 | 1 Mozilla | 1 Firefox | 2024-02-04 | N/A | 8.8 HIGH |
Due to URL previews in the network panel of developer tools improperly storing URLs, query parameters could potentially be used to overwrite global objects in privileged code. This vulnerability affects Firefox < 110. | |||||
CVE-2023-1945 | 1 Mozilla | 2 Firefox Esr, Thunderbird | 2024-02-04 | N/A | 6.5 MEDIUM |
Unexpected data returned from the Safe Browsing API could have led to memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird < 102.10 and Firefox ESR < 102.10. | |||||
CVE-2023-0547 | 1 Mozilla | 1 Thunderbird | 2024-02-04 | N/A | 6.5 MEDIUM |
OCSP revocation status of recipient certificates was not checked when sending S/Mime encrypted email, and revoked certificates would be accepted. Thunderbird versions from 68 to 102.9.1 were affected by this bug. This vulnerability affects Thunderbird < 102.10. | |||||
CVE-2023-29535 | 1 Mozilla | 4 Firefox, Firefox Esr, Focus and 1 more | 2024-02-04 | N/A | 6.5 MEDIUM |
Following a Garbage Collector compaction, weak maps may have been accessed before they were correctly traced. This resulted in memory corruption and a potentially exploitable crash. This vulnerability affects Firefox < 112, Focus for Android < 112, Firefox ESR < 102.10, Firefox for Android < 112, and Thunderbird < 102.10. |