Vulnerabilities > Mozilla > Firefox ESR > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-06-02 | CVE-2023-25734 | Unspecified vulnerability in Mozilla Firefox After downloading a Windows <code>.url</code> shortcut from the local filesystem, an attacker could supply a remote path that would lead to unexpected network requests from the operating system. | 8.1 |
| 2023-06-02 | CVE-2023-25735 | Use After Free vulnerability in Mozilla Firefox ESR Cross-compartment wrappers wrapping a scripted proxy could have caused objects from other compartments to be stored in the main compartment resulting in a use-after-free after unwrapping the proxy. | 8.8 |
| 2023-06-02 | CVE-2023-25737 | Unspecified vulnerability in Mozilla Firefox ESR An invalid downcast from <code>nsTextNode</code> to <code>SVGElement</code> could have lead to undefined behavior. | 8.8 |
| 2023-06-02 | CVE-2023-25739 | Use After Free vulnerability in Mozilla Firefox ESR Module load requests that failed were not being checked as to whether or not they were cancelled causing a use-after-free in <code>ScriptLoadContext</code>. | 8.8 |
| 2023-06-02 | CVE-2023-25744 | Out-of-bounds Write vulnerability in Mozilla Firefox ESR Mmemory safety bugs present in Firefox 109 and Firefox ESR 102.7. | 8.8 |
| 2023-06-02 | CVE-2023-25746 | Out-of-bounds Write vulnerability in Mozilla Firefox ESR Memory safety bugs present in Firefox ESR 102.7. | 8.8 |
| 2023-06-02 | CVE-2023-28162 | Incorrect Type Conversion or Cast vulnerability in Mozilla Firefox While implementing AudioWorklets, some code may have casted one type to another, invalid, dynamic type. | 8.8 |
| 2023-06-02 | CVE-2023-28176 | Out-of-bounds Write vulnerability in Mozilla Firefox Memory safety bugs present in Firefox 110 and Firefox ESR 102.8. | 8.8 |
| 2023-06-02 | CVE-2023-29536 | Use After Free vulnerability in Mozilla products An attacker could cause the memory manager to incorrectly free a pointer that addresses attacker-controlled memory, resulting in an assertion, memory corruption, or a potentially exploitable crash. | 8.8 |
| 2023-06-02 | CVE-2023-29539 | NULL Pointer Dereference vulnerability in Mozilla products When handling the filename directive in the Content-Disposition header, the filename would be truncated if the filename contained a NULL character. | 8.8 |