Vulnerabilities > Mozilla > Firefox > 3.0

DATE CVE VULNERABILITY TITLE RISK
2024-10-29 CVE-2024-10460 Unspecified vulnerability in Mozilla Firefox and Thunderbird
The origin of an external protocol handler prompt could have been obscured using a data: URL within an `iframe`.
network
low complexity
mozilla
5.3
2024-10-09 CVE-2024-9680 Use After Free vulnerability in Mozilla Firefox ESR
An attacker was able to achieve code execution in the content process by exploiting a use-after-free in Animation timelines.
network
low complexity
mozilla CWE-416
critical
9.8
2024-10-01 CVE-2024-9393 Unspecified vulnerability in Mozilla Firefox
An attacker could, via a specially crafted multipart response, execute arbitrary JavaScript under the `resource://pdf.js` origin.
network
low complexity
mozilla
7.5
2024-10-01 CVE-2024-9394 Unspecified vulnerability in Mozilla Firefox
An attacker could, via a specially crafted multipart response, execute arbitrary JavaScript under the `resource://devtools` origin.
network
low complexity
mozilla
7.5
2024-10-01 CVE-2024-9397 Improper Restriction of Rendered UI Layers or Frames vulnerability in Mozilla Firefox
A missing delay in directory upload UI could have made it possible for an attacker to trick a user into granting permission via clickjacking.
network
low complexity
mozilla CWE-1021
6.1
2024-10-01 CVE-2024-9398 Unspecified vulnerability in Mozilla Firefox
By checking the result of calls to `window.open` with specifically set protocol handlers, an attacker could determine if the application which implements that protocol handler is installed.
network
low complexity
mozilla
5.3
2024-10-01 CVE-2024-9399 Unspecified vulnerability in Mozilla Thunderbird
A website configured to initiate a specially crafted WebTransport session could crash the Firefox process leading to a denial of service condition.
network
low complexity
mozilla
7.5
2024-09-17 CVE-2024-8900 Unspecified vulnerability in Mozilla Firefox
An attacker could write data to the user's clipboard, bypassing the user prompt, during a certain sequence of navigational events.
network
low complexity
mozilla
7.5
2024-09-17 CVE-2024-8897 Open Redirect vulnerability in Mozilla Firefox
Under certain conditions, an attacker with the ability to redirect users to a malicious site via an open redirect on a trusted site, may be able to spoof the address bar contents.
network
low complexity
mozilla CWE-601
6.1
2024-09-03 CVE-2024-8381 Type Confusion vulnerability in Mozilla Firefox ESR
A potentially exploitable type confusion could be triggered when looking up a property name on an object being used as the `with` environment.
network
low complexity
mozilla CWE-843
critical
9.8