Search
Total
390 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-6865 | 2 Debian, Mozilla | 3 Debian Linux, Firefox, Firefox Esr | 2024-01-07 | N/A | 6.5 MEDIUM |
| `EncryptingOutputStream` was susceptible to exposing uninitialized data. This issue could only be abused in order to write data to a local disk which may have implications for private browsing mode. This vulnerability affects Firefox ESR < 115.6 and Firefox < 121. | |||||
| CVE-2023-6872 | 1 Mozilla | 1 Firefox | 2024-01-07 | N/A | 6.5 MEDIUM |
| Browser tab titles were being leaked by GNOME to system logs. This could potentially expose the browsing habits of users running in a private tab. This vulnerability affects Firefox < 121. | |||||
| CVE-2023-3482 | 1 Mozilla | 1 Firefox | 2024-01-07 | N/A | 6.5 MEDIUM |
| When Firefox is configured to block storage of all cookies, it was still possible to store data in localstorage by using an iframe with a source of 'about:blank'. This could have led to malicious websites storing tracking data without permission. This vulnerability affects Firefox < 115. | |||||
| CVE-2023-6211 | 1 Mozilla | 1 Firefox | 2024-01-07 | N/A | 6.5 MEDIUM |
| If an attacker needed a user to load an insecure http: page and knew that user had enabled HTTPS-only mode, the attacker could have tricked the user into clicking to grant an HTTPS-only exception if they could get the user to participate in a clicking game. This vulnerability affects Firefox < 120. | |||||
| CVE-2023-6869 | 1 Mozilla | 1 Firefox | 2024-01-07 | N/A | 6.5 MEDIUM |
| A `<dialog>` element could have been manipulated to paint content outside of a sandboxed iframe. This could allow untrusted content to display under the guise of trusted content. This vulnerability affects Firefox < 121. | |||||
| CVE-2023-37204 | 1 Mozilla | 1 Firefox | 2024-01-07 | N/A | 6.5 MEDIUM |
| A website could have obscured the fullscreen notification by using an option element by introducing lag via an expensive computational function. This could have led to user confusion and possible spoofing attacks. This vulnerability affects Firefox < 115. | |||||
| CVE-2023-32205 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2024-01-07 | N/A | 4.3 MEDIUM |
| In multiple cases browser prompts could have been obscured by popups controlled by content. These could have led to potential user confusion and spoofing attacks. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11. | |||||
| CVE-2023-37210 | 1 Mozilla | 1 Firefox | 2024-01-07 | N/A | 6.5 MEDIUM |
| A website could prevent a user from exiting full-screen mode via alert and prompt calls. This could lead to user confusion and possible spoofing attacks. This vulnerability affects Firefox < 115. | |||||
| CVE-2023-5723 | 1 Mozilla | 1 Firefox | 2024-01-07 | N/A | 5.3 MEDIUM |
| An attacker with temporary script access to a site could have set a cookie containing invalid characters using `document.cookie` that could have led to unknown errors. This vulnerability affects Firefox < 119. | |||||
| CVE-2023-6871 | 1 Mozilla | 1 Firefox | 2024-01-07 | N/A | 4.3 MEDIUM |
| Under certain conditions, Firefox did not display a warning when a user attempted to navigate to a new protocol handler. This vulnerability affects Firefox < 121. | |||||
| CVE-2023-6857 | 5 Apple, Debian, Google and 2 more | 7 Macos, Debian Linux, Android and 4 more | 2024-01-07 | N/A | 5.3 MEDIUM |
| When resolving a symlink, a race may occur where the buffer passed to `readlink` may actually be smaller than necessary. *This bug only affects Firefox on Unix-based operating systems (Android, Linux, MacOS). Windows is unaffected.* This vulnerability affects Firefox ESR < 115.6, Thunderbird < 115.6, and Firefox < 121. | |||||
| CVE-2023-5758 | 1 Mozilla | 1 Firefox | 2024-01-07 | N/A | 6.1 MEDIUM |
| When opening a page in reader mode, the redirect URL could have caused attacker-controlled script to execute in a reflected Cross-Site Scripting (XSS) attack. This vulnerability affects Firefox for iOS < 119. | |||||
| CVE-2023-6870 | 2 Google, Mozilla | 3 Android, Firefox, Firefox Focus | 2024-01-07 | N/A | 4.3 MEDIUM |
| Applications which spawn a Toast notification in a background thread may have obscured fullscreen notifications displayed by Firefox. *This issue only affects Android versions of Firefox and Firefox Focus.* This vulnerability affects Firefox < 121. | |||||
| CVE-2023-6867 | 2 Debian, Mozilla | 3 Debian Linux, Firefox, Firefox Esr | 2024-01-07 | N/A | 6.1 MEDIUM |
| The timing of a button click causing a popup to disappear was approximately the same length as the anti-clickjacking delay on permission prompts. It was possible to use this fact to surprise users by luring them to click where the permission grant button would be about to appear. This vulnerability affects Firefox ESR < 115.6 and Firefox < 121. | |||||
| CVE-2023-6210 | 1 Mozilla | 1 Firefox | 2024-01-07 | N/A | 6.5 MEDIUM |
| When an https: web page created a pop-up from a "javascript:" URL, that pop-up was incorrectly allowed to load blockable content such as iframes from insecure http: URLs This vulnerability affects Firefox < 120. | |||||
| CVE-2023-32212 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2024-01-07 | N/A | 4.3 MEDIUM |
| An attacker could have positioned a <code>datalist</code> element to obscure the address bar. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11. | |||||
| CVE-2023-37205 | 1 Mozilla | 1 Firefox | 2024-01-07 | N/A | 6.5 MEDIUM |
| The use of RTL Arabic characters in the address bar may have allowed for URL spoofing. This vulnerability affects Firefox < 115. | |||||
| CVE-2023-6860 | 2 Debian, Mozilla | 4 Debian Linux, Firefox, Firefox Esr and 1 more | 2024-01-07 | N/A | 6.5 MEDIUM |
| The `VideoBridge` allowed any content process to use textures produced by remote decoders. This could be abused to escape the sandbox. This vulnerability affects Firefox ESR < 115.6, Thunderbird < 115.6, and Firefox < 121. | |||||
| CVE-2023-5722 | 1 Mozilla | 1 Firefox | 2024-01-07 | N/A | 5.3 MEDIUM |
| Using iterative requests an attacker was able to learn the size of an opaque response, as well as the contents of a server-supplied Vary header. This vulnerability affects Firefox < 119. | |||||
| CVE-2023-32210 | 1 Mozilla | 1 Firefox | 2024-01-07 | N/A | 6.5 MEDIUM |
| Documents were incorrectly assuming an ordering of principal objects when ensuring we were loading an appropriately privileged principal. In certain circumstances it might have been possible to cause a document to be loaded with a higher privileged principal than intended. This vulnerability affects Firefox < 113. | |||||
| CVE-2023-32208 | 1 Mozilla | 1 Firefox | 2024-01-07 | N/A | 5.3 MEDIUM |
| Service workers could reveal script base URL due to dynamic `import()`. This vulnerability affects Firefox < 113. | |||||
| CVE-2023-34415 | 1 Mozilla | 1 Firefox | 2024-01-07 | N/A | 6.1 MEDIUM |
| When choosing a site-isolated process for a document loaded from a data: URL that was the result of a redirect, Firefox would load that document in the same process as the site that issued the redirect. This bypassed the site-isolation protections against Spectre-like attacks on sites that host an "open redirect". Firefox no longer follows HTTP redirects to data: URLs. This vulnerability affects Firefox < 114. | |||||
| CVE-2023-32211 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2024-01-07 | N/A | 6.5 MEDIUM |
| A type checking bug would have led to invalid code being compiled. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11. | |||||
| CVE-2023-32206 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2024-01-07 | N/A | 6.5 MEDIUM |
| An out-of-bound read could have led to a crash in the RLBox Expat driver. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11. | |||||
| CVE-2023-5729 | 1 Mozilla | 1 Firefox | 2024-01-07 | N/A | 4.3 MEDIUM |
| A malicious web site can enter fullscreen mode while simultaneously triggering a WebAuthn prompt. This could have obscured the fullscreen notification and could have been leveraged in a spoofing attack. This vulnerability affects Firefox < 119. | |||||
| CVE-2023-37206 | 1 Mozilla | 1 Firefox | 2024-01-07 | N/A | 6.5 MEDIUM |
| Uploading files which contain symlinks may have allowed an attacker to trick a user into submitting sensitive data to a malicious website. This vulnerability affects Firefox < 115. | |||||
| CVE-2023-6868 | 2 Google, Mozilla | 2 Android, Firefox | 2024-01-07 | N/A | 4.3 MEDIUM |
| In some instances, the user-agent would allow push requests which lacked a valid VAPID even though the push manager subscription defined one. This could allow empty messages to be sent from unauthorized parties. *This bug only affects Firefox on Android.* This vulnerability affects Firefox < 121. | |||||
| CVE-2023-6135 | 1 Mozilla | 1 Firefox | 2024-01-07 | N/A | 4.3 MEDIUM |
| Multiple NSS NIST curves were susceptible to a side-channel attack known as "Minerva". This attack could potentially allow an attacker to recover the private key. This vulnerability affects Firefox < 121. | |||||
| CVE-2023-6204 | 2 Debian, Mozilla | 4 Debian Linux, Firefox, Firefox Esr and 1 more | 2023-11-30 | N/A | 6.5 MEDIUM |
| On some systems—depending on the graphics settings and drivers—it was possible to force an out-of-bounds read and leak memory data into the images created on the canvas element. This vulnerability affects Firefox < 120, Firefox ESR < 115.5.0, and Thunderbird < 115.5. | |||||
| CVE-2023-6206 | 2 Debian, Mozilla | 4 Debian Linux, Firefox, Firefox Esr and 1 more | 2023-11-30 | N/A | 5.4 MEDIUM |
| The black fade animation when exiting fullscreen is roughly the length of the anti-clickjacking delay on permission prompts. It was possible to use this fact to surprise users by luring them to click where the permission grant button would be about to appear. This vulnerability affects Firefox < 120, Firefox ESR < 115.5.0, and Thunderbird < 115.5. | |||||
| CVE-2023-6209 | 2 Debian, Mozilla | 4 Debian Linux, Firefox, Firefox Esr and 1 more | 2023-11-30 | N/A | 6.5 MEDIUM |
| Relative URLs starting with three slashes were incorrectly parsed, and a path-traversal "/../" part in the path could be used to override the specified host. This could contribute to security problems in web sites. This vulnerability affects Firefox < 120, Firefox ESR < 115.5.0, and Thunderbird < 115.5. | |||||
| CVE-2023-6205 | 2 Debian, Mozilla | 4 Debian Linux, Firefox, Firefox Esr and 1 more | 2023-11-30 | N/A | 6.5 MEDIUM |
| It was possible to cause the use of a MessagePort after it had already been freed, which could potentially have led to an exploitable crash. This vulnerability affects Firefox < 120, Firefox ESR < 115.5.0, and Thunderbird < 115.5. | |||||
| CVE-2023-49061 | 1 Mozilla | 1 Firefox | 2023-11-28 | N/A | 6.1 MEDIUM |
| An attacker could have performed HTML template injection via Reader Mode and exfiltrated user information. This vulnerability affects Firefox for iOS < 120. | |||||
| CVE-2023-4046 | 2 Debian, Mozilla | 3 Debian Linux, Firefox, Firefox Esr | 2023-08-09 | N/A | 5.3 MEDIUM |
| In some circumstances, a stale value could have been used for a global variable in WASM JIT analysis. This resulted in incorrect compilation and a potentially exploitable crash in the content process. This vulnerability affects Firefox < 116, Firefox ESR < 102.14, and Firefox ESR < 115.1. | |||||
| CVE-2023-4045 | 2 Debian, Mozilla | 3 Debian Linux, Firefox, Firefox Esr | 2023-08-09 | N/A | 5.3 MEDIUM |
| Offscreen Canvas did not properly track cross-origin tainting, which could have been used to access image data from another site in violation of same-origin policy. This vulnerability affects Firefox < 116, Firefox ESR < 102.14, and Firefox ESR < 115.1. | |||||
| CVE-2023-4049 | 2 Debian, Mozilla | 3 Debian Linux, Firefox, Firefox Esr | 2023-08-09 | N/A | 5.9 MEDIUM |
| Race conditions in reference counting code were found through code inspection. These could have resulted in potentially exploitable use-after-free vulnerabilities. This vulnerability affects Firefox < 116, Firefox ESR < 102.14, and Firefox ESR < 115.1. | |||||
| CVE-2021-43536 | 2 Debian, Mozilla | 4 Debian Linux, Firefox, Firefox Esr and 1 more | 2023-08-08 | 4.3 MEDIUM | 6.5 MEDIUM |
| Under certain circumstances, asynchronous functions could have caused a navigation to fail but expose the target URL. This vulnerability affects Thunderbird < 91.4.0, Firefox ESR < 91.4.0, and Firefox < 95. | |||||
| CVE-2022-31744 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2023-08-08 | N/A | 6.5 MEDIUM |
| An attacker could have injected CSS into stylesheets accessible via internal URIs, such as resource:, and in doing so bypass a page's Content Security Policy. This vulnerability affects Firefox ESR < 91.11, Thunderbird < 102, Thunderbird < 91.11, and Firefox < 101. | |||||
| CVE-2022-22757 | 1 Mozilla | 1 Firefox | 2023-08-08 | N/A | 6.5 MEDIUM |
| Remote Agent, used in WebDriver, did not validate the Host or Origin headers. This could have allowed websites to connect back locally to the user's browser to control it. <br>*This bug only affected Firefox when WebDriver was enabled, which is not the default configuration.*. This vulnerability affects Firefox < 97. | |||||
| CVE-2022-31746 | 1 Mozilla | 1 Firefox | 2023-08-08 | N/A | 6.5 MEDIUM |
| Internal URLs are protected by a secret UUID key, which could have been leaked to web page through the Referrer header. This vulnerability affects Firefox for iOS < 102. | |||||
| CVE-2022-28285 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2023-08-08 | N/A | 6.5 MEDIUM |
| When generating the assembly code for <code>MLoadTypedArrayElementHole</code>, an incorrect AliasSet was used. In conjunction with another vulnerability this could have been used for an out of bounds memory read. This vulnerability affects Thunderbird < 91.8, Firefox < 99, and Firefox ESR < 91.8. | |||||
| CVE-2023-4054 | 2 Microsoft, Mozilla | 3 Windows, Firefox, Firefox Esr | 2023-08-07 | N/A | 5.5 MEDIUM |
| When opening appref-ms files, Firefox did not warn the user that these files may contain malicious code. *This bug only affects Firefox on Windows. Other operating systems are unaffected.* This vulnerability affects Firefox < 116, Firefox ESR < 102.14, Firefox ESR < 115.1, Thunderbird < 102.14, and Thunderbird < 115.1. | |||||
| CVE-2023-4052 | 1 Mozilla | 2 Firefox, Firefox Esr | 2023-08-07 | N/A | 6.5 MEDIUM |
| The Firefox updater created a directory writable by non-privileged users. When uninstalling Firefox, any files in that directory would be recursively deleted with the permissions of the uninstalling user account. This could be combined with creation of a junction (a form of symbolic link) to allow arbitrary file deletion controlled by the non-privileged user. *This bug only affects Firefox on Windows. Other operating systems are unaffected.* This vulnerability affects Firefox < 116, Firefox ESR < 115.1, and Thunderbird < 115.1. | |||||
| CVE-2023-4053 | 1 Mozilla | 1 Firefox | 2023-08-04 | N/A | 6.5 MEDIUM |
| A website could have obscured the full screen notification by using a URL with a scheme handled by an external program, such as a mailto URL. This could have led to user confusion and possible spoofing attacks. This vulnerability affects Firefox < 116. | |||||
| CVE-2021-29958 | 1 Mozilla | 1 Firefox | 2022-07-12 | 4.3 MEDIUM | 4.3 MEDIUM |
| When a download was initiated, the client did not check whether it was in normal or private browsing mode, which led to private mode cookies being shared in normal browsing mode. This vulnerability affects Firefox for iOS < 34. | |||||
| CVE-2021-23985 | 1 Mozilla | 1 Firefox | 2022-07-12 | 4.3 MEDIUM | 6.5 MEDIUM |
| If an attacker is able to alter specific about:config values (for example malware running on the user's computer), the Devtools remote debugging feature could have been enabled in a way that was unnoticable to the user. This would have allowed a remote attacker (able to make a direct network connection to the victim) to monitor the user's browsing activity and (plaintext) network traffic. This was addressed by providing a visual cue when Devtools has an open network socket. This vulnerability affects Firefox < 87. | |||||
| CVE-2021-29951 | 2 Microsoft, Mozilla | 4 Windows, Firefox, Firefox Esr and 1 more | 2022-07-12 | 6.4 MEDIUM | 6.5 MEDIUM |
| The Mozilla Maintenance Service granted SERVICE_START access to BUILTIN|Users which, in a domain network, grants normal remote users access to start or stop the service. This could be used to prevent the browser update service from operating (if an attacker spammed the 'Stop' command); but also exposed attack surface in the maintenance service. *Note: This issue only affected Windows operating systems older than Win 10 build 1709. Other operating systems are unaffected.*. This vulnerability affects Thunderbird < 78.10.1, Firefox < 87, and Firefox ESR < 78.10.1. | |||||
| CVE-2021-43540 | 1 Mozilla | 1 Firefox | 2022-07-12 | 4.3 MEDIUM | 6.5 MEDIUM |
| WebExtensions with the correct permissions were able to create and install ServiceWorkers for third-party websites that would not have been uninstalled with the extension. This vulnerability affects Firefox < 95. | |||||
| CVE-2021-29959 | 1 Mozilla | 1 Firefox | 2022-07-12 | 4.3 MEDIUM | 4.3 MEDIUM |
| When a user has already allowed a website to access microphone and camera, disabling camera sharing would not fully prevent the website from re-enabling it without an additional prompt. This was only possible if the website kept recording with the microphone until re-enabling the camera. This vulnerability affects Firefox < 89. | |||||
| CVE-2021-23977 | 1 Mozilla | 1 Firefox | 2022-05-27 | 2.6 LOW | 5.3 MEDIUM |
| Firefox for Android suffered from a time-of-check-time-of-use vulnerability that allowed a malicious application to read sensitive data from application directories. Note: This issue is only affected Firefox for Android. Other operating systems are unaffected. This vulnerability affects Firefox < 86. | |||||