Vulnerabilities > Mozilla > Firefox ESR > Medium

DATE CVE VULNERABILITY TITLE RISK
2021-12-08 CVE-2021-43543 Cross-site Scripting vulnerability in multiple products
Documents loaded with the CSP sandbox directive could have escaped the sandbox's script restriction by embedding additional content.
network
low complexity
mozilla debian CWE-79
6.1
2021-12-08 CVE-2021-43545 Excessive Iteration vulnerability in multiple products
Using the Location API in a loop could have caused severe application hangs and crashes.
network
low complexity
mozilla debian CWE-834
6.5
2021-12-08 CVE-2021-43546 Improper Restriction of Rendered UI Layers or Frames vulnerability in multiple products
It was possible to recreate previous cursor spoofing attacks against users with a zoomed native cursor.
network
low complexity
mozilla debian CWE-1021
4.3
2021-11-03 CVE-2021-38492 Unspecified vulnerability in Mozilla Firefox
When delegating navigations to the operating system, Firefox would accept the `mk` scheme which might allow attackers to launch pages and execute scripts in Internet Explorer in unprivileged mode.
network
low complexity
mozilla
6.5
2021-11-03 CVE-2021-38497 Origin Validation Error vulnerability in Mozilla Firefox
Through use of reportValidity() and window.open(), a plain-text validation message could have been overlaid on another origin, leading to possible user confusion and spoofing attacks.
network
low complexity
mozilla CWE-346
6.5
2021-06-24 CVE-2021-23998 Insufficient Verification of Data Authenticity vulnerability in Mozilla Thunderbird
Through complicated navigations with new windows, an HTTP page could have inherited a secure lock icon from an HTTPS page.
network
low complexity
mozilla CWE-345
6.5
2021-06-24 CVE-2021-29945 Incorrect Calculation vulnerability in Mozilla Firefox, Firefox ESR and Thunderbird
The WebAssembly JIT could miscalculate the size of a return type, which could lead to a null read and result in a crash.
network
low complexity
mozilla CWE-682
6.5
2021-06-24 CVE-2021-29951 Improper Privilege Management vulnerability in Mozilla Firefox
The Mozilla Maintenance Service granted SERVICE_START access to BUILTIN|Users which, in a domain network, grants normal remote users access to start or stop the service.
network
low complexity
mozilla CWE-269
6.5
2021-06-24 CVE-2021-29955 Injection vulnerability in Mozilla Firefox
A transient execution vulnerability, named Floating Point Value Injection (FPVI) allowed an attacker to leak arbitrary memory addresses and may have also enabled JIT type confusion attacks.
network
high complexity
mozilla CWE-74
5.3
2021-03-31 CVE-2021-23984 Authentication Bypass by Spoofing vulnerability in Mozilla Firefox
A malicious extension could have opened a popup window lacking an address bar.
network
low complexity
mozilla CWE-290
6.5