Vulnerabilities > Mozilla > Firefox ESR > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-09-27 | CVE-2023-5171 | Use After Free vulnerability in multiple products During Ion compilation, a Garbage Collection could have resulted in a use-after-free condition, allowing an attacker to write two NUL bytes, and cause a potentially exploitable crash. | 6.5 |
| 2023-09-11 | CVE-2023-4574 | Use After Free vulnerability in Mozilla Thunderbird When creating a callback over IPC for showing the Color Picker window, multiple of the same callbacks could have been created at a time and eventually all simultaneously destroyed as soon as one of the callbacks finished. | 6.5 |
| 2023-09-11 | CVE-2023-4575 | Use After Free vulnerability in Mozilla Thunderbird When creating a callback over IPC for showing the File Picker window, multiple of the same callbacks could have been created at a time and eventually all simultaneously destroyed as soon as one of the callbacks finished. | 6.5 |
| 2023-09-11 | CVE-2023-4577 | Unspecified vulnerability in Mozilla Thunderbird When `UpdateRegExpStatics` attempted to access `initialStringHeap` it could already have been garbage collected prior to entering the function, which could potentially have led to an exploitable crash. | 6.5 |
| 2023-09-11 | CVE-2023-4578 | Allocation of Resources Without Limits or Throttling vulnerability in Mozilla Thunderbird When calling `JS::CheckRegExpSyntax` a Syntax Error could have been set which would end in calling `convertToRuntimeErrorAndClear`. | 6.5 |
| 2023-09-11 | CVE-2023-4580 | Missing Encryption of Sensitive Data vulnerability in Mozilla Thunderbird Push notifications stored on disk in private browsing mode were not being encrypted potentially allowing the leak of sensitive information. | 6.5 |
| 2023-09-11 | CVE-2023-4581 | Unspecified vulnerability in Mozilla Thunderbird Excel `.xll` add-in files did not have a blocklist entry in Firefox's executable blocklist which allowed them to be downloaded without any warning of their potential harm. | 4.3 |
| 2023-09-11 | CVE-2023-4573 | Use After Free vulnerability in Mozilla Thunderbird When receiving rendering data over IPC `mStream` could have been destroyed when initialized, which could have led to a use-after-free causing a potentially exploitable crash. | 6.5 |
| 2023-08-01 | CVE-2023-4052 | Link Following vulnerability in Mozilla Firefox The Firefox updater created a directory writable by non-privileged users. | 6.5 |
| 2023-07-05 | CVE-2023-37207 | Unsafe Reflection vulnerability in multiple products A website could have obscured the fullscreen notification by using a URL with a scheme handled by an external program, such as a mailto URL. | 6.5 |