Vulnerabilities > Mozilla > Firefox > 21.0
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-07-05 | CVE-2023-37203 | Unspecified vulnerability in Mozilla Firefox Insufficient validation in the Drag and Drop API in conjunction with social engineering, may have allowed an attacker to trick end-users into creating a shortcut to local system files. | 7.8 |
| 2023-07-05 | CVE-2023-37204 | Unspecified vulnerability in Mozilla Firefox A website could have obscured the fullscreen notification by using an option element by introducing lag via an expensive computational function. | 6.5 |
| 2023-07-05 | CVE-2023-37205 | Unspecified vulnerability in Mozilla Firefox The use of RTL Arabic characters in the address bar may have allowed for URL spoofing. | 6.5 |
| 2023-07-05 | CVE-2023-37206 | Link Following vulnerability in Mozilla Firefox Uploading files which contain symlinks may have allowed an attacker to trick a user into submitting sensitive data to a malicious website. | 6.5 |
| 2023-07-05 | CVE-2023-37209 | Use After Free vulnerability in Mozilla Firefox A use-after-free condition existed in `NotifyOnHistoryReload` where a `LoadingSessionHistoryEntry` object was freed and a reference to that object remained. | 8.8 |
| 2023-07-05 | CVE-2023-37210 | Unspecified vulnerability in Mozilla Firefox A website could prevent a user from exiting full-screen mode via alert and prompt calls. | 6.5 |
| 2023-07-05 | CVE-2023-37211 | Out-of-bounds Write vulnerability in multiple products Memory safety bugs present in Firefox 114, Firefox ESR 102.12, and Thunderbird 102.12. | 8.8 |
| 2023-07-05 | CVE-2023-37212 | Out-of-bounds Write vulnerability in Mozilla Firefox Memory safety bugs present in Firefox 114. | 8.8 |
| 2023-07-05 | CVE-2023-3482 | Missing Authorization vulnerability in Mozilla Firefox When Firefox is configured to block storage of all cookies, it was still possible to store data in localstorage by using an iframe with a source of 'about:blank'. | 6.5 |
| 2023-07-05 | CVE-2023-37201 | Use After Free vulnerability in multiple products An attacker could have triggered a use-after-free condition when creating a WebRTC connection over HTTPS. | 8.8 |