Vulnerabilities > Mozilla > Firefox ESR > Low
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-06-19 | CVE-2023-34414 | Improper Certificate Validation vulnerability in Mozilla Firefox The error page for sites with invalid TLS certificates was missing the activation-delay Firefox uses to protect prompts and permission dialogs from attacks that exploit human response time delays. | 3.1 |
| 2021-06-24 | CVE-2021-29955 | Injection vulnerability in Mozilla Firefox A transient execution vulnerability, named Floating Point Value Injection (FPVI) allowed an attacker to leak arbitrary memory addresses and may have also enabled JIT type confusion attacks. | 2.6 |
| 2020-07-09 | CVE-2020-12399 | Information Exposure Through Discrepancy vulnerability in multiple products NSS has shown timing differences when performing DSA signatures, which was exploitable and could eventually leak private keys. | 1.2 |
| 2020-07-09 | CVE-2020-12405 | Use After Free vulnerability in multiple products When browsing a malicious page, a race condition in our SharedWorkerService could occur and lead to a potentially exploitable crash. | 2.6 |
| 2020-05-26 | CVE-2020-12392 | Path Traversal vulnerability in multiple products The 'Copy as cURL' feature of Devtools' network tab did not properly escape the HTTP POST data of a request, which can be controlled by the website. | 2.1 |
| 2020-01-08 | CVE-2019-17021 | Race Condition vulnerability in multiple products During the initialization of a new content process, a race condition occurs that can allow a content process to disclose heap addresses from the parent process. | 2.6 |
| 2019-02-28 | CVE-2018-12397 | Information Exposure vulnerability in Mozilla Firefox and Firefox ESR A WebExtension can request access to local files without the warning prompt stating that the extension will "Access your data for all websites" being displayed to the user. | 3.6 |
| 2018-10-18 | CVE-2018-12383 | Insufficiently Protected Credentials vulnerability in multiple products If a user saved passwords before Firefox 58 and then later set a master password, an unencrypted copy of these passwords is still accessible. | 2.1 |
| 2018-06-11 | CVE-2016-5293 | Improper Input Validation vulnerability in multiple products When the Mozilla Updater is run, if the Updater's log file in the working directory points to a hardlink, data can be appended to an arbitrary local file. | 2.1 |
| 2018-06-11 | CVE-2016-5294 | Improper Input Validation vulnerability in Mozilla Firefox, Firefox ESR and Thunderbird The Mozilla Updater can be made to choose an arbitrary target working directory for output files resulting from the update process. | 2.1 |