Vulnerabilities > Mozilla > Firefox > 21.0

DATE CVE VULNERABILITY TITLE RISK
2024-01-23 CVE-2024-0747 When a parent page loaded a child in an iframe with `unsafe-inline`, the parent Content Security Policy could have overridden the child Content Security Policy.
network
low complexity
mozilla debian
6.5
6.5
2024-01-23 CVE-2024-0748 Unspecified vulnerability in Mozilla Firefox
A compromised content process could have updated the document URI.
network
low complexity
mozilla
4.3
4.3
2024-01-23 CVE-2024-0749 Origin Validation Error vulnerability in multiple products
A phishing site could have repurposed an `about:` dialog to show phishing content with an incorrect origin in the address bar.
network
low complexity
mozilla debian CWE-346
4.3
4.3
2024-01-23 CVE-2024-0750 A bug in popup notifications delay calculation could have made it possible for an attacker to trick a user into granting permissions.
network
low complexity
mozilla debian
8.8
8.8
2024-01-23 CVE-2024-0751 Improper Privilege Management vulnerability in multiple products
A malicious devtools extension could have been used to escalate privileges.
network
low complexity
mozilla debian CWE-269
8.8
8.8
2024-01-23 CVE-2024-0752 Use After Free vulnerability in Mozilla Firefox
A use-after-free crash could have occurred on macOS if a Firefox update were being applied on a very busy system.
network
low complexity
mozilla CWE-416
6.5
6.5
2024-01-23 CVE-2024-0753 In specific HSTS configurations an attacker could have bypassed HSTS on a subdomain.
network
low complexity
mozilla debian
6.5
6.5
2024-01-23 CVE-2024-0754 Unspecified vulnerability in Mozilla Firefox
Some WASM source files could have caused a crash when loaded in devtools.
network
low complexity
mozilla
6.5
6.5
2024-01-23 CVE-2024-0755 Memory safety bugs present in Firefox 121, Firefox ESR 115.6, and Thunderbird 115.6.
network
low complexity
mozilla debian
8.8
8.8
2023-12-19 CVE-2023-6135 Information Exposure Through Discrepancy vulnerability in Mozilla Firefox
Multiple NSS NIST curves were susceptible to a side-channel attack known as "Minerva".
network
low complexity
mozilla CWE-203
4.3
4.3