Vulnerabilities > Mozilla > Firefox ESR

DATE CVE VULNERABILITY TITLE RISK
2023-08-01 CVE-2023-4052 Link Following vulnerability in Mozilla Firefox
The Firefox updater created a directory writable by non-privileged users.
network
low complexity
mozilla CWE-59
6.5
2023-07-12 CVE-2023-3600 Use After Free vulnerability in Mozilla Firefox
During the worker lifecycle, a use-after-free condition could have occured, which could have led to a potentially exploitable crash.
network
low complexity
mozilla CWE-416
8.8
2023-07-05 CVE-2023-37211 Out-of-bounds Write vulnerability in multiple products
Memory safety bugs present in Firefox 114, Firefox ESR 102.12, and Thunderbird 102.12.
network
low complexity
mozilla debian CWE-787
8.8
2023-07-05 CVE-2023-37201 Use After Free vulnerability in multiple products
An attacker could have triggered a use-after-free condition when creating a WebRTC connection over HTTPS.
network
low complexity
mozilla debian CWE-416
8.8
2023-07-05 CVE-2023-37202 Use After Free vulnerability in multiple products
Cross-compartment wrappers wrapping a scripted proxy could have caused objects from other compartments to be stored in the main compartment resulting in a use-after-free.
network
low complexity
mozilla debian CWE-416
8.8
2023-07-05 CVE-2023-37207 Unsafe Reflection vulnerability in multiple products
A website could have obscured the fullscreen notification by using a URL with a scheme handled by an external program, such as a mailto URL.
network
low complexity
mozilla debian CWE-470
6.5
2023-07-05 CVE-2023-37208 When opening Diagcab files, Firefox did not warn the user that these files may contain malicious code.
local
low complexity
mozilla debian
7.8
2023-06-19 CVE-2023-29542 Unspecified vulnerability in Mozilla Firefox
A newline in a filename could have been used to bypass the file extension security mechanisms that replace malicious file extensions such as .lnk with .download.
network
low complexity
mozilla
critical
9.8
2023-06-19 CVE-2023-29545 Unspecified vulnerability in Mozilla Thunderbird
Similar to CVE-2023-28163, this time when choosing 'Save Link As', suggested filenames containing environment variable names would have resolved those in the context of the current user.
network
low complexity
mozilla
6.5
2023-06-19 CVE-2023-34414 Improper Certificate Validation vulnerability in Mozilla Firefox
The error page for sites with invalid TLS certificates was missing the activation-delay Firefox uses to protect prompts and permission dialogs from attacks that exploit human response time delays.
network
high complexity
mozilla CWE-295
3.1