Vulnerabilities > Mozilla > Firefox > 2.0.0.7
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-10-29 | CVE-2024-10460 | Unspecified vulnerability in Mozilla Firefox and Thunderbird The origin of an external protocol handler prompt could have been obscured using a data: URL within an `iframe`. | 5.3 |
| 2024-10-09 | CVE-2024-9680 | Use After Free vulnerability in Mozilla Firefox ESR An attacker was able to achieve code execution in the content process by exploiting a use-after-free in Animation timelines. | 9.8 |
| 2024-10-01 | CVE-2024-9393 | Unspecified vulnerability in Mozilla Firefox An attacker could, via a specially crafted multipart response, execute arbitrary JavaScript under the `resource://pdf.js` origin. | 7.5 |
| 2024-10-01 | CVE-2024-9394 | Unspecified vulnerability in Mozilla Firefox An attacker could, via a specially crafted multipart response, execute arbitrary JavaScript under the `resource://devtools` origin. | 7.5 |
| 2024-10-01 | CVE-2024-9397 | Improper Restriction of Rendered UI Layers or Frames vulnerability in Mozilla Firefox A missing delay in directory upload UI could have made it possible for an attacker to trick a user into granting permission via clickjacking. | 6.1 |
| 2024-10-01 | CVE-2024-9398 | Unspecified vulnerability in Mozilla Firefox By checking the result of calls to `window.open` with specifically set protocol handlers, an attacker could determine if the application which implements that protocol handler is installed. | 5.3 |
| 2024-10-01 | CVE-2024-9399 | Unspecified vulnerability in Mozilla Thunderbird A website configured to initiate a specially crafted WebTransport session could crash the Firefox process leading to a denial of service condition. | 7.5 |
| 2024-09-17 | CVE-2024-8900 | Unspecified vulnerability in Mozilla Firefox An attacker could write data to the user's clipboard, bypassing the user prompt, during a certain sequence of navigational events. | 7.5 |
| 2024-09-17 | CVE-2024-8897 | Open Redirect vulnerability in Mozilla Firefox Under certain conditions, an attacker with the ability to redirect users to a malicious site via an open redirect on a trusted site, may be able to spoof the address bar contents. | 6.1 |
| 2024-09-03 | CVE-2024-8381 | Type Confusion vulnerability in Mozilla Firefox ESR A potentially exploitable type confusion could be triggered when looking up a property name on an object being used as the `with` environment. | 9.8 |