Memory safety bugs present in Firefox 125, Firefox ESR 115.10, and Thunderbird 115.10. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 126, Firefox ESR < 115.11, and Thunderbird < 115.11.
Source: Mozilla Corporation
Max CVSS
6.1
EPSS Score
0.05%
Published
2024-05-14
Updated
2024-05-14
When saving a page to PDF, certain font styles could have led to a potential use-after-free crash. This vulnerability affects Firefox < 126, Firefox ESR < 115.11, and Thunderbird < 115.11.
Source: Mozilla Corporation
Max CVSS
6.1
EPSS Score
0.05%
Published
2024-05-14
Updated
2024-05-14
When importing resources using Web Workers, error messages would distinguish the difference between `application/javascript` responses and non-script responses. This could have been abused to learn information cross-origin. This vulnerability affects Firefox < 126, Firefox ESR < 115.11, and Thunderbird < 115.11.
Source: Mozilla Corporation
Max CVSS
6.1
EPSS Score
0.05%
Published
2024-05-14
Updated
2024-05-14
A bug in popup notifications' interaction with WebAuthn made it easier for an attacker to trick a user into granting permissions. This vulnerability affects Firefox < 126, Firefox ESR < 115.11, and Thunderbird < 115.11.
Source: Mozilla Corporation
Max CVSS
6.1
EPSS Score
0.05%
Published
2024-05-14
Updated
2024-05-14
If the `browser.privatebrowsing.autostart` preference is enabled, IndexedDB files were not properly deleted when the window was closed. This preference is disabled by default in Firefox. This vulnerability affects Firefox < 126, Firefox ESR < 115.11, and Thunderbird < 115.11.
Source: Mozilla Corporation
Max CVSS
6.1
EPSS Score
0.05%
Published
2024-05-14
Updated
2024-05-14
When a user scans a QR Code with the QR Code Scanner feature, the user is not prompted before being navigated to the page specified in the code. This may surprise the user and potentially direct them to unwanted content.
Source: Mozilla Corporation
Max CVSS
6.1
EPSS Score
0.05%
Published
2024-02-05
Updated
2024-02-09
Some WASM source files could have caused a crash when loaded in devtools. This vulnerability affects Firefox < 122.
Source: Mozilla Corporation
Max CVSS
6.5
EPSS Score
0.05%
Published
2024-01-23
Updated
2024-01-30
In specific HSTS configurations an attacker could have bypassed HSTS on a subdomain. This vulnerability affects Firefox < 122, Firefox ESR < 115.7, and Thunderbird < 115.7.
Source: Mozilla Corporation
Max CVSS
6.5
EPSS Score
0.06%
Published
2024-01-23
Updated
2024-02-02
A use-after-free crash could have occurred on macOS if a Firefox update were being applied on a very busy system. This could have resulted in an exploitable crash. This vulnerability affects Firefox < 122.
Source: Mozilla Corporation
Max CVSS
6.5
EPSS Score
0.05%
Published
2024-01-23
Updated
2024-01-30
When a parent page loaded a child in an iframe with `unsafe-inline`, the parent Content Security Policy could have overridden the child Content Security Policy. This vulnerability affects Firefox < 122, Firefox ESR < 115.7, and Thunderbird < 115.7.
Source: Mozilla Corporation
Max CVSS
6.5
EPSS Score
0.06%
Published
2024-01-23
Updated
2024-02-02
A Linux user opening the print preview dialog could have caused the browser to crash. This vulnerability affects Firefox < 122, Firefox ESR < 115.7, and Thunderbird < 115.7.
Source: Mozilla Corporation
Max CVSS
6.5
EPSS Score
0.06%
Published
2024-01-23
Updated
2024-02-02
An out of bounds write in ANGLE could have allowed an attacker to corrupt memory leading to a potentially exploitable crash. This vulnerability affects Firefox < 122, Firefox ESR < 115.7, and Thunderbird < 115.7.
Source: Mozilla Corporation
Max CVSS
6.5
EPSS Score
0.06%
Published
2024-01-23
Updated
2024-02-02
An attacker could execute unauthorized script on a legitimate site through UXSS using window.open() by opening a javascript URI leading to unauthorized actions within the user's loaded webpage. This vulnerability affects Focus for iOS < 122.
Source: Mozilla Corporation
Max CVSS
6.1
EPSS Score
0.05%
Published
2024-01-22
Updated
2024-01-30
An attacker could have performed HTML template injection via Reader Mode and exfiltrated user information. This vulnerability affects Firefox for iOS < 120.
Source: Mozilla Corporation
Max CVSS
6.1
EPSS Score
0.05%
Published
2023-11-21
Updated
2023-11-28
Common Voice is the web app for Mozilla Common Voice, a platform for collecting speech donations in order to create public domain datasets for training voice recognition-related tools. Version 1.88.2 is vulnerable to reflected Cross-Site Scripting given that user-controlled data flows to a path expression (path of a network request). This issue may lead to reflected Cross-Site Scripting (XSS) in the context of Common Voice’s server origin. As of time of publication, it is unknown whether any patches or workarounds exist.
Source: GitHub, Inc.
Max CVSS
6.1
EPSS Score
0.05%
Published
2023-10-04
Updated
2023-10-10
The session restore helper crashed whenever there was no parameter sent to the message handler. This vulnerability affects Firefox for iOS < 115.
Source: Mozilla Corporation
Max CVSS
6.5
EPSS Score
0.05%
Published
2023-07-12
Updated
2023-07-20
A website could prevent a user from exiting full-screen mode via alert and prompt calls. This could lead to user confusion and possible spoofing attacks. This vulnerability affects Firefox < 115.
Source: Mozilla Corporation
Max CVSS
6.5
EPSS Score
0.05%
Published
2023-07-05
Updated
2024-01-07
A website could have obscured the fullscreen notification by using a URL with a scheme handled by an external program, such as a mailto URL. This could have led to user confusion and possible spoofing attacks. This vulnerability affects Firefox < 115, Firefox ESR < 102.13, and Thunderbird < 102.13.
Source: Mozilla Corporation
Max CVSS
6.5
EPSS Score
0.11%
Published
2023-07-05
Updated
2023-07-12
Uploading files which contain symlinks may have allowed an attacker to trick a user into submitting sensitive data to a malicious website. This vulnerability affects Firefox < 115.
Source: Mozilla Corporation
Max CVSS
6.5
EPSS Score
0.06%
Published
2023-07-05
Updated
2024-01-07
The use of RTL Arabic characters in the address bar may have allowed for URL spoofing. This vulnerability affects Firefox < 115.
Source: Mozilla Corporation
Max CVSS
6.5
EPSS Score
0.05%
Published
2023-07-05
Updated
2024-01-07
A website could have obscured the fullscreen notification by using an option element by introducing lag via an expensive computational function. This could have led to user confusion and possible spoofing attacks. This vulnerability affects Firefox < 115.
Source: Mozilla Corporation
Max CVSS
6.5
EPSS Score
0.05%
Published
2023-07-05
Updated
2024-01-07
When choosing a site-isolated process for a document loaded from a data: URL that was the result of a redirect, Firefox would load that document in the same process as the site that issued the redirect. This bypassed the site-isolation protections against Spectre-like attacks on sites that host an "open redirect". Firefox no longer follows HTTP redirects to data: URLs. This vulnerability affects Firefox < 114.
Source: Mozilla Corporation
Max CVSS
6.1
EPSS Score
0.05%
Published
2023-06-19
Updated
2024-01-07
A type checking bug would have led to invalid code being compiled. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11.
Source: Mozilla Corporation
Max CVSS
6.5
EPSS Score
0.09%
Published
2023-06-02
Updated
2024-01-07
Documents were incorrectly assuming an ordering of principal objects when ensuring we were loading an appropriately privileged principal. In certain circumstances it might have been possible to cause a document to be loaded with a higher privileged principal than intended. This vulnerability affects Firefox < 113.
Source: Mozilla Corporation
Max CVSS
6.5
EPSS Score
0.08%
Published
2023-06-19
Updated
2024-01-07
An out-of-bound read could have led to a crash in the RLBox Expat driver. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11.
Source: Mozilla Corporation
Max CVSS
6.5
EPSS Score
0.07%
Published
2023-06-02
Updated
2024-01-07
483 vulnerabilities found
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!