Vulnerabilities > Mozilla > Firefox ESR
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-06-02 | CVE-2023-32207 | Authentication Bypass by Spoofing vulnerability in Mozilla Firefox A missing delay in popup notifications could have made it possible for an attacker to trick a user into granting permissions. | 8.8 |
| 2023-06-02 | CVE-2023-32211 | Unspecified vulnerability in Mozilla Firefox A type checking bug would have led to invalid code being compiled. | 6.5 |
| 2023-06-02 | CVE-2023-32212 | Unspecified vulnerability in Mozilla Firefox An attacker could have positioned a <code>datalist</code> element to obscure the address bar. | 4.3 |
| 2023-06-02 | CVE-2023-32213 | Use of Uninitialized Resource vulnerability in Mozilla Firefox When reading a file, an uninitialized value could have been used as read limit. | 8.8 |
| 2023-06-02 | CVE-2023-32215 | Out-of-bounds Write vulnerability in Mozilla Firefox Memory safety bugs present in Firefox 112 and Firefox ESR 102.10. | 8.8 |
| 2023-02-16 | CVE-2020-12413 | Information Exposure Through Discrepancy vulnerability in Mozilla Firefox The Raccoon attack is a timing attack on DHE ciphersuites inherit in the TLS specification. | 5.9 |
| 2022-12-22 | CVE-2021-4127 | Unspecified vulnerability in Mozilla Thunderbird An out of date graphics library (Angle) likely contained vulnerabilities that could potentially be exploited. | 9.8 |
| 2022-12-22 | CVE-2021-4129 | Out-of-bounds Write vulnerability in Mozilla Firefox ESR Mozilla developers and community members Julian Hector, Randell Jesup, Gabriele Svelto, Tyson Smith, Christian Holler, and Masayuki Nakano reported memory safety bugs present in Firefox 94. | 9.8 |
| 2022-12-22 | CVE-2021-4140 | XML Injection (aka Blind XPath Injection) vulnerability in Mozilla Firefox It was possible to construct specific XSLT markup that would be able to bypass an iframe sandbox. | 10.0 |
| 2022-12-22 | CVE-2022-1097 | Use After Free vulnerability in Mozilla Firefox ESR <code>NSSToken</code> objects were referenced via direct points, and could have been accessed in an unsafe way on different threads, leading to a use-after-free and potentially exploitable crash. | 6.5 |