Vulnerabilities > Mozilla > Firefox > 20.0.1

DATE CVE VULNERABILITY TITLE RISK
2023-09-27 CVE-2023-5173 Integer Overflow or Wraparound vulnerability in Mozilla Firefox
In a non-standard configuration of Firefox, an integer overflow could have occurred based on network traffic (possibly under influence of a local unprivileged webpage), leading to an out-of-bounds write to privileged process memory.
network
low complexity
mozilla CWE-190
7.5
2023-09-27 CVE-2023-5174 Use After Free vulnerability in Mozilla Firefox
If Windows failed to duplicate a handle during process creation, the sandbox code may have inadvertently freed a pointer twice, resulting in a use-after-free and a potentially exploitable crash. *This bug only affects Firefox on Windows when run in non-standard configurations (such as using `runas`).
network
low complexity
mozilla CWE-416
critical
9.8
2023-09-27 CVE-2023-5175 Use After Free vulnerability in Mozilla Firefox
During process shutdown, it was possible that an `ImageBitmap` was created that would later be used after being freed from a different codepath, leading to a potentially exploitable crash.
network
low complexity
mozilla CWE-416
critical
9.8
2023-09-27 CVE-2023-5176 Out-of-bounds Write vulnerability in multiple products
Memory safety bugs present in Firefox 117, Firefox ESR 115.2, and Thunderbird 115.2.
network
low complexity
mozilla debian CWE-787
critical
9.8
2023-09-12 CVE-2023-4863 Out-of-bounds Write vulnerability in multiple products
Heap buffer overflow in libwebp in Google Chrome prior to 116.0.5845.187 and libwebp 1.3.2 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page.
8.8
2023-09-11 CVE-2023-4574 Use After Free vulnerability in Mozilla Thunderbird
When creating a callback over IPC for showing the Color Picker window, multiple of the same callbacks could have been created at a time and eventually all simultaneously destroyed as soon as one of the callbacks finished.
network
low complexity
mozilla CWE-416
6.5
2023-09-11 CVE-2023-4575 Use After Free vulnerability in Mozilla Thunderbird
When creating a callback over IPC for showing the File Picker window, multiple of the same callbacks could have been created at a time and eventually all simultaneously destroyed as soon as one of the callbacks finished.
network
low complexity
mozilla CWE-416
6.5
2023-09-11 CVE-2023-4576 Integer Overflow or Wraparound vulnerability in Mozilla Firefox
On Windows, an integer overflow could occur in `RecordedSourceSurfaceCreation` which resulted in a heap buffer overflow potentially leaking sensitive data that could have led to a sandbox escape. *This bug only affects Firefox on Windows.
network
low complexity
mozilla CWE-190
8.6
2023-09-11 CVE-2023-4577 Unspecified vulnerability in Mozilla Thunderbird
When `UpdateRegExpStatics` attempted to access `initialStringHeap` it could already have been garbage collected prior to entering the function, which could potentially have led to an exploitable crash.
network
low complexity
mozilla
6.5
2023-09-11 CVE-2023-4578 Allocation of Resources Without Limits or Throttling vulnerability in Mozilla Thunderbird
When calling `JS::CheckRegExpSyntax` a Syntax Error could have been set which would end in calling `convertToRuntimeErrorAndClear`.
network
low complexity
mozilla CWE-770
6.5