Vulnerabilities > Mozilla > Firefox ESR > 91.1
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-12-08 | CVE-2021-43541 | When invoking protocol handlers for external protocols, a supplied parameter URL containing spaces was not properly escaped. | 6.5 |
| 2021-12-08 | CVE-2021-43542 | Information Exposure Through an Error Message vulnerability in multiple products Using XMLHttpRequest, an attacker could have identified installed applications by probing error messages for loading external protocols. | 6.5 |
| 2021-12-08 | CVE-2021-43543 | Cross-site Scripting vulnerability in multiple products Documents loaded with the CSP sandbox directive could have escaped the sandbox's script restriction by embedding additional content. | 6.1 |
| 2021-12-08 | CVE-2021-43545 | Excessive Iteration vulnerability in multiple products Using the Location API in a loop could have caused severe application hangs and crashes. | 6.5 |
| 2021-12-08 | CVE-2021-43546 | Improper Restriction of Rendered UI Layers or Frames vulnerability in multiple products It was possible to recreate previous cursor spoofing attacks against users with a zoomed native cursor. | 4.3 |
| 2021-11-03 | CVE-2021-38496 | Use After Free vulnerability in multiple products During operations on MessageTasks, a task may have been removed while it was still scheduled, resulting in memory corruption and a potentially exploitable crash. | 6.8 |
| 2021-11-03 | CVE-2021-38497 | Origin Validation Error vulnerability in Mozilla Firefox Through use of reportValidity() and window.open(), a plain-text validation message could have been overlaid on another origin, leading to possible user confusion and spoofing attacks. | 4.3 |
| 2021-11-03 | CVE-2021-38498 | Use After Free vulnerability in Mozilla Firefox During process shutdown, a document could have caused a use-after-free of a languages service object, leading to memory corruption and a potentially exploitable crash. | 5.0 |
| 2021-11-03 | CVE-2021-38500 | Mozilla developers reported memory safety bugs present in Firefox 92 and Firefox ESR 91.1. | 6.8 |
| 2021-11-03 | CVE-2021-38501 | Unspecified vulnerability in Mozilla Firefox Mozilla developers reported memory safety bugs present in Firefox 92 and Firefox ESR 91.1. network mozilla | 6.8 |