Vulnerabilities > Mozilla > Firefox ESR > High

DATE CVE VULNERABILITY TITLE RISK
2021-12-08 CVE-2021-43534 Out-of-bounds Write vulnerability in multiple products
Mozilla developers and community members reported memory safety bugs present in Firefox 93 and Firefox ESR 91.2.
network
low complexity
mozilla debian CWE-787
8.8
2021-12-08 CVE-2021-43535 Use After Free vulnerability in multiple products
A use-after-free could have occured when an HTTP2 session object was released on a different thread, leading to memory corruption and a potentially exploitable crash.
network
low complexity
mozilla debian CWE-416
8.8
2021-12-08 CVE-2021-43537 Incorrect Type Conversion or Cast vulnerability in multiple products
An incorrect type conversion of sizes from 64bit to 32bit integers allowed an attacker to corrupt memory leading to a potentially exploitable crash.
network
low complexity
mozilla debian CWE-704
8.8
2021-12-08 CVE-2021-43539 Use After Free vulnerability in multiple products
Failure to correctly record the location of live pointers across wasm instance calls resulted in a GC occurring within the call not tracing those live pointers.
network
low complexity
mozilla debian CWE-416
8.8
2021-11-03 CVE-2021-38493 Out-of-bounds Write vulnerability in Mozilla Firefox
Mozilla developers reported memory safety bugs present in Firefox 91 and Firefox ESR 78.13.
network
low complexity
mozilla CWE-787
8.8
2021-11-03 CVE-2021-38495 Out-of-bounds Write vulnerability in Mozilla Firefox ESR
Mozilla developers reported memory safety bugs present in Thunderbird 78.13.0.
network
low complexity
mozilla CWE-787
8.8
2021-11-03 CVE-2021-38496 Use After Free vulnerability in multiple products
During operations on MessageTasks, a task may have been removed while it was still scheduled, resulting in memory corruption and a potentially exploitable crash.
network
low complexity
mozilla debian CWE-416
8.8
2021-11-03 CVE-2021-38498 Use After Free vulnerability in Mozilla Firefox
During process shutdown, a document could have caused a use-after-free of a languages service object, leading to memory corruption and a potentially exploitable crash.
network
low complexity
mozilla CWE-416
7.5
2021-11-03 CVE-2021-38500 Mozilla developers reported memory safety bugs present in Firefox 92 and Firefox ESR 91.1.
network
low complexity
mozilla debian
8.8
2021-11-03 CVE-2021-38501 Unspecified vulnerability in Mozilla Firefox
Mozilla developers reported memory safety bugs present in Firefox 92 and Firefox ESR 91.1.
network
low complexity
mozilla
8.8