Vulnerabilities > Mozilla > Firefox ESR

DATE CVE VULNERABILITY TITLE RISK
2024-10-01 CVE-2024-9393 Unspecified vulnerability in Mozilla Firefox
An attacker could, via a specially crafted multipart response, execute arbitrary JavaScript under the `resource://pdf.js` origin.
network
low complexity
mozilla
7.5
2024-10-01 CVE-2024-9394 Unspecified vulnerability in Mozilla Firefox
An attacker could, via a specially crafted multipart response, execute arbitrary JavaScript under the `resource://devtools` origin.
network
low complexity
mozilla
7.5
2024-10-01 CVE-2024-9397 Improper Restriction of Rendered UI Layers or Frames vulnerability in Mozilla Firefox
A missing delay in directory upload UI could have made it possible for an attacker to trick a user into granting permission via clickjacking.
network
low complexity
mozilla CWE-1021
6.1
2024-10-01 CVE-2024-9398 Unspecified vulnerability in Mozilla Firefox
By checking the result of calls to `window.open` with specifically set protocol handlers, an attacker could determine if the application which implements that protocol handler is installed.
network
low complexity
mozilla
5.3
2024-09-03 CVE-2024-8381 Type Confusion vulnerability in Mozilla Firefox ESR
A potentially exploitable type confusion could be triggered when looking up a property name on an object being used as the `with` environment.
network
low complexity
mozilla CWE-843
critical
9.8
2024-09-03 CVE-2024-8382 Unspecified vulnerability in Mozilla Firefox ESR
Internal browser event interfaces were exposed to web content when privileged EventHandler listener callbacks ran for those events.
network
low complexity
mozilla
8.8
2024-09-03 CVE-2024-8383 Unspecified vulnerability in Mozilla Firefox ESR
Firefox normally asks for confirmation before asking the operating system to find an application to handle a scheme that the browser does not support.
network
low complexity
mozilla
7.5
2024-09-03 CVE-2024-8384 Out-of-bounds Write vulnerability in Mozilla Firefox ESR
The JavaScript garbage collector could mis-color cross-compartment objects if OOM conditions were detected at the right point between two passes.
network
low complexity
mozilla CWE-787
critical
9.8
2024-09-03 CVE-2024-8385 Type Confusion vulnerability in Mozilla Firefox
A difference in the handling of StructFields and ArrayTypes in WASM could be used to trigger an exploitable type confusion vulnerability.
network
low complexity
mozilla CWE-843
critical
9.8
2024-09-03 CVE-2024-8386 Open Redirect vulnerability in Mozilla Firefox
If a site had been granted the permission to open popup windows, it could cause Select elements to appear on top of another site to perform a spoofing attack.
network
low complexity
mozilla CWE-601
6.1