Vulnerabilities > Mozilla > Firefox > 22.0
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-09-27 | CVE-2023-5175 | Use After Free vulnerability in Mozilla Firefox During process shutdown, it was possible that an `ImageBitmap` was created that would later be used after being freed from a different codepath, leading to a potentially exploitable crash. | 9.8 |
| 2023-09-27 | CVE-2023-5176 | Out-of-bounds Write vulnerability in multiple products Memory safety bugs present in Firefox 117, Firefox ESR 115.2, and Thunderbird 115.2. | 9.8 |
| 2023-09-11 | CVE-2023-4574 | Use After Free vulnerability in Mozilla Thunderbird When creating a callback over IPC for showing the Color Picker window, multiple of the same callbacks could have been created at a time and eventually all simultaneously destroyed as soon as one of the callbacks finished. | 6.5 |
| 2023-09-11 | CVE-2023-4575 | Use After Free vulnerability in Mozilla Thunderbird When creating a callback over IPC for showing the File Picker window, multiple of the same callbacks could have been created at a time and eventually all simultaneously destroyed as soon as one of the callbacks finished. | 6.5 |
| 2023-09-11 | CVE-2023-4576 | Integer Overflow or Wraparound vulnerability in Mozilla Firefox On Windows, an integer overflow could occur in `RecordedSourceSurfaceCreation` which resulted in a heap buffer overflow potentially leaking sensitive data that could have led to a sandbox escape. *This bug only affects Firefox on Windows. | 8.6 |
| 2023-09-11 | CVE-2023-4577 | Unspecified vulnerability in Mozilla Thunderbird When `UpdateRegExpStatics` attempted to access `initialStringHeap` it could already have been garbage collected prior to entering the function, which could potentially have led to an exploitable crash. | 6.5 |
| 2023-09-11 | CVE-2023-4578 | Allocation of Resources Without Limits or Throttling vulnerability in Mozilla Thunderbird When calling `JS::CheckRegExpSyntax` a Syntax Error could have been set which would end in calling `convertToRuntimeErrorAndClear`. | 6.5 |
| 2023-09-11 | CVE-2023-4579 | Unspecified vulnerability in Mozilla Firefox Search queries in the default search engine could appear to have been the currently navigated URL if the search query itself was a well formed URL. | 3.1 |
| 2023-09-11 | CVE-2023-4580 | Missing Encryption of Sensitive Data vulnerability in Mozilla Thunderbird Push notifications stored on disk in private browsing mode were not being encrypted potentially allowing the leak of sensitive information. | 6.5 |
| 2023-09-11 | CVE-2023-4581 | Unspecified vulnerability in Mozilla Thunderbird Excel `.xll` add-in files did not have a blocklist entry in Firefox's executable blocklist which allowed them to be downloaded without any warning of their potential harm. | 4.3 |