Vulnerabilities > Mozilla > Firefox ESR > High

DATE CVE VULNERABILITY TITLE RISK
2021-06-24 CVE-2021-23999 Incorrect Comparison vulnerability in Mozilla Thunderbird
If a Blob URL was loaded through some unusual user interaction, it could have been loaded by the System Principal and granted additional privileges that should not be granted to web content.
network
low complexity
mozilla CWE-697
8.8
2021-06-24 CVE-2021-24002 Injection vulnerability in Mozilla Thunderbird
When a user clicked on an FTP URL containing encoded newline characters (%0A and %0D), the newlines would have been interpreted as such and allowed arbitrary commands to be sent to the FTP server.
network
low complexity
mozilla CWE-74
8.8
2021-06-24 CVE-2021-29946 Integer Overflow or Wraparound vulnerability in Mozilla Thunderbird
Ports that were written as an integer overflow above the bounds of a 16-bit integer could have bypassed port blocking restrictions when used in the Alt-Svc header.
network
low complexity
mozilla CWE-190
8.8
2021-06-24 CVE-2021-29964 Out-of-bounds Read vulnerability in Mozilla Firefox
A locally-installed hostile program could send `WM_COPYDATA` messages that Firefox would process incorrectly, leading to an out-of-bounds read.
local
low complexity
mozilla CWE-125
7.1
2021-06-24 CVE-2021-29967 Out-of-bounds Write vulnerability in Mozilla Firefox ESR
Mozilla developers reported memory safety bugs present in Firefox 88 and Firefox ESR 78.11.
network
low complexity
mozilla CWE-787
8.8
2021-03-31 CVE-2021-23987 Out-of-bounds Write vulnerability in Mozilla Firefox
Mozilla developers and community members reported memory safety bugs present in Firefox 86 and Firefox ESR 78.8.
network
low complexity
mozilla CWE-787
8.8
2021-03-31 CVE-2021-23981 Out-of-bounds Write vulnerability in Mozilla Firefox
A texture upload of a Pixel Buffer Object could have confused the WebGL code to skip binding the buffer used to unpack it, resulting in memory corruption and a potentially exploitable information leak or crash.
network
low complexity
mozilla CWE-787
8.1
2021-02-26 CVE-2021-23978 Out-of-bounds Write vulnerability in multiple products
Mozilla developers reported memory safety bugs present in Firefox 85 and Firefox ESR 78.7.
network
low complexity
mozilla debian CWE-787
8.8
2021-02-26 CVE-2021-23964 Out-of-bounds Write vulnerability in Mozilla Firefox
Mozilla developers reported memory safety bugs present in Firefox 84 and Firefox ESR 78.6.
network
low complexity
mozilla CWE-787
8.8
2021-02-26 CVE-2021-23960 Unspecified vulnerability in Mozilla Firefox
Performing garbage collection on re-declared JavaScript variables resulted in a user-after-poison, and a potentially exploitable crash.
network
low complexity
mozilla
8.8