Vulnerabilities > Mozilla > Firefox ESR > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-10-01 | CVE-2024-9393 | Unspecified vulnerability in Mozilla Firefox An attacker could, via a specially crafted multipart response, execute arbitrary JavaScript under the `resource://pdf.js` origin. | 7.5 |
| 2024-10-01 | CVE-2024-9394 | Unspecified vulnerability in Mozilla Firefox An attacker could, via a specially crafted multipart response, execute arbitrary JavaScript under the `resource://devtools` origin. | 7.5 |
| 2024-09-03 | CVE-2024-8382 | Unspecified vulnerability in Mozilla Firefox ESR Internal browser event interfaces were exposed to web content when privileged EventHandler listener callbacks ran for those events. | 8.8 |
| 2024-09-03 | CVE-2024-8383 | Unspecified vulnerability in Mozilla Firefox ESR Firefox normally asks for confirmation before asking the operating system to find an application to handle a scheme that the browser does not support. | 7.5 |
| 2024-08-06 | CVE-2024-7520 | Type Confusion vulnerability in Mozilla Firefox A type confusion bug in WebAssembly could be leveraged by an attacker to potentially achieve code execution. | 8.8 |
| 2024-08-06 | CVE-2024-7521 | Improper Handling of Exceptional Conditions vulnerability in Mozilla Firefox Incomplete WebAssembly exception handing could have led to a use-after-free. | 8.8 |
| 2024-08-06 | CVE-2024-7522 | Out-of-bounds Read vulnerability in Mozilla Firefox Editor code failed to check an attribute value. | 8.8 |
| 2024-08-06 | CVE-2024-7525 | Incorrect Default Permissions vulnerability in Mozilla Firefox It was possible for a web extension with minimal permissions to create a `StreamFilter` which could be used to read and modify the response body of requests on any site. | 8.1 |
| 2024-08-06 | CVE-2024-7527 | Use After Free vulnerability in Mozilla Firefox Unexpected marking work at the start of sweeping could have led to a use-after-free. | 8.8 |
| 2024-08-06 | CVE-2024-7528 | Use After Free vulnerability in Mozilla Firefox Incorrect garbage collection interaction in IndexedDB could have led to a use-after-free. | 8.8 |