Vulnerabilities > Mozilla > Firefox > 21.0

DATE CVE VULNERABILITY TITLE RISK
2021-06-24 CVE-2021-23997 Incorrect Conversion between Numeric Types vulnerability in Mozilla Firefox
Due to unexpected data type conversions, a use-after-free could have occurred when interacting with the font cache.
network
mozilla CWE-681
6.8
2021-06-24 CVE-2021-23998 Insufficient Verification of Data Authenticity vulnerability in Mozilla Firefox
Through complicated navigations with new windows, an HTTP page could have inherited a secure lock icon from an HTTPS page.
network
mozilla CWE-345
4.3
2021-06-24 CVE-2021-23999 Incorrect Comparison vulnerability in Mozilla Thunderbird
If a Blob URL was loaded through some unusual user interaction, it could have been loaded by the System Principal and granted additional privileges that should not be granted to web content.
network
mozilla CWE-697
6.8
2021-06-24 CVE-2021-24000 Race Condition vulnerability in Mozilla Firefox
A race condition with requestPointerLock() and setTimeout() could have resulted in a user interacting with one tab when they believed they were on a separate tab.
network
high complexity
mozilla CWE-362
3.1
2021-06-24 CVE-2021-24001 Exposure of Resource to Wrong Sphere vulnerability in Mozilla Firefox
A compromised content process could have performed session history manipulations it should not have been able to due to testing infrastructure that was not restricted to testing-only configurations.
network
mozilla CWE-668
4.3
2021-06-24 CVE-2021-24002 Injection vulnerability in Mozilla Thunderbird
When a user clicked on an FTP URL containing encoded newline characters (%0A and %0D), the newlines would have been interpreted as such and allowed arbitrary commands to be sent to the FTP server.
network
low complexity
mozilla CWE-74
8.8
2021-06-24 CVE-2021-29944 Cross-site Scripting vulnerability in Mozilla Firefox
Lack of escaping allowed HTML injection when a webpage was viewed in Reader View.
network
mozilla CWE-79
4.3
2021-06-24 CVE-2021-29946 Integer Overflow or Wraparound vulnerability in Mozilla Firefox
Ports that were written as an integer overflow above the bounds of a 16-bit integer could have bypassed port blocking restrictions when used in the Alt-Svc header.
network
mozilla CWE-190
6.8
2021-06-24 CVE-2021-29947 Out-of-bounds Write vulnerability in Mozilla Firefox
Mozilla developers and community members reported memory safety bugs present in Firefox 87.
network
mozilla CWE-787
6.8
2021-06-24 CVE-2021-29951 Improper Privilege Management vulnerability in Mozilla Firefox
The Mozilla Maintenance Service granted SERVICE_START access to BUILTIN|Users which, in a domain network, grants normal remote users access to start or stop the service.
network
low complexity
mozilla CWE-269
6.4