Vulnerabilities > Mozilla > Firefox ESR
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-09-11 | CVE-2023-4583 | Unspecified vulnerability in Mozilla Thunderbird When checking if the Browsing Context had been discarded in `HttpBaseChannel`, if the load group was not available then it was assumed to have already been discarded which was not always the case for private channels after the private session had ended. | 7.5 |
| 2023-09-11 | CVE-2023-4584 | Out-of-bounds Write vulnerability in Mozilla Thunderbird Memory safety bugs present in Firefox 116, Firefox ESR 102.14, Firefox ESR 115.1, Thunderbird 102.14, and Thunderbird 115.1. | 8.8 |
| 2023-09-11 | CVE-2023-4585 | Out-of-bounds Write vulnerability in Mozilla Thunderbird Memory safety bugs present in Firefox 116, Firefox ESR 115.1, and Thunderbird 115.1. | 8.8 |
| 2023-09-11 | CVE-2023-4573 | Use After Free vulnerability in Mozilla Thunderbird When receiving rendering data over IPC `mStream` could have been destroyed when initialized, which could have led to a use-after-free causing a potentially exploitable crash. | 6.5 |
| 2023-08-01 | CVE-2023-4054 | Unspecified vulnerability in Mozilla Firefox When opening appref-ms files, Firefox did not warn the user that these files may contain malicious code. | 5.5 |
| 2023-08-01 | CVE-2023-4055 | When the number of cookies per domain was exceeded in `document.cookie`, the actual cookie jar sent to the host was no longer consistent with expected cookie jar state. | 7.5 |
| 2023-08-01 | CVE-2023-4056 | Out-of-bounds Write vulnerability in multiple products Memory safety bugs present in Firefox 115, Firefox ESR 115.0, Firefox ESR 102.13, Thunderbird 115.0, and Thunderbird 102.13. | 9.8 |
| 2023-08-01 | CVE-2023-4057 | Out-of-bounds Write vulnerability in Mozilla Firefox Memory safety bugs present in Firefox 115, Firefox ESR 115.0, and Thunderbird 115.0. | 9.8 |
| 2023-08-01 | CVE-2023-4045 | Origin Validation Error vulnerability in multiple products Offscreen Canvas did not properly track cross-origin tainting, which could have been used to access image data from another site in violation of same-origin policy. | 5.3 |
| 2023-08-01 | CVE-2023-4046 | In some circumstances, a stale value could have been used for a global variable in WASM JIT analysis. | 5.3 |