Vulnerabilities > Mozilla > Firefox ESR
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-12-08 | CVE-2021-43541 | When invoking protocol handlers for external protocols, a supplied parameter URL containing spaces was not properly escaped. | 6.5 |
| 2021-12-08 | CVE-2021-43542 | Information Exposure Through an Error Message vulnerability in multiple products Using XMLHttpRequest, an attacker could have identified installed applications by probing error messages for loading external protocols. | 6.5 |
| 2021-12-08 | CVE-2021-43543 | Cross-site Scripting vulnerability in multiple products Documents loaded with the CSP sandbox directive could have escaped the sandbox's script restriction by embedding additional content. | 6.1 |
| 2021-12-08 | CVE-2021-43545 | Excessive Iteration vulnerability in multiple products Using the Location API in a loop could have caused severe application hangs and crashes. | 6.5 |
| 2021-12-08 | CVE-2021-43546 | Improper Restriction of Rendered UI Layers or Frames vulnerability in multiple products It was possible to recreate previous cursor spoofing attacks against users with a zoomed native cursor. | 4.3 |
| 2021-11-03 | CVE-2021-38492 | Unspecified vulnerability in Mozilla Firefox When delegating navigations to the operating system, Firefox would accept the `mk` scheme which might allow attackers to launch pages and execute scripts in Internet Explorer in unprivileged mode. | 6.5 |
| 2021-11-03 | CVE-2021-38493 | Out-of-bounds Write vulnerability in Mozilla Firefox Mozilla developers reported memory safety bugs present in Firefox 91 and Firefox ESR 78.13. | 8.8 |
| 2021-11-03 | CVE-2021-38495 | Out-of-bounds Write vulnerability in Mozilla Firefox ESR Mozilla developers reported memory safety bugs present in Thunderbird 78.13.0. | 8.8 |
| 2021-11-03 | CVE-2021-38496 | Use After Free vulnerability in multiple products During operations on MessageTasks, a task may have been removed while it was still scheduled, resulting in memory corruption and a potentially exploitable crash. | 8.8 |
| 2021-11-03 | CVE-2021-38497 | Origin Validation Error vulnerability in Mozilla Firefox Through use of reportValidity() and window.open(), a plain-text validation message could have been overlaid on another origin, leading to possible user confusion and spoofing attacks. | 6.5 |