Vulnerabilities > Mozilla > Firefox > 3.0

DATE CVE VULNERABILITY TITLE RISK
2023-12-19 CVE-2023-6861 Out-of-bounds Write vulnerability in multiple products
The `nsWindow::PickerOpen(void)` method was susceptible to a heap buffer overflow when running in headless mode.
network
low complexity
mozilla debian CWE-787
8.8
2023-12-19 CVE-2023-6863 The `ShutdownObserver()` was susceptible to potentially undefined behavior due to its reliance on a dynamic type that lacked a virtual destructor.
network
low complexity
mozilla debian
8.8
2023-12-19 CVE-2023-6864 Out-of-bounds Write vulnerability in multiple products
Memory safety bugs present in Firefox 120, Firefox ESR 115.5, and Thunderbird 115.5.
network
low complexity
mozilla debian CWE-787
8.8
2023-12-19 CVE-2023-6865 `EncryptingOutputStream` was susceptible to exposing uninitialized data.
network
low complexity
mozilla debian
6.5
2023-12-19 CVE-2023-6866 Improper Handling of Exceptional Conditions vulnerability in Mozilla Firefox
TypedArrays can be fallible and lacked proper exception handling.
network
low complexity
mozilla CWE-755
8.8
2023-12-19 CVE-2023-6867 Improper Restriction of Rendered UI Layers or Frames vulnerability in multiple products
The timing of a button click causing a popup to disappear was approximately the same length as the anti-clickjacking delay on permission prompts.
network
low complexity
mozilla debian CWE-1021
6.1
2023-12-19 CVE-2023-6868 Unspecified vulnerability in Mozilla Firefox
In some instances, the user-agent would allow push requests which lacked a valid VAPID even though the push manager subscription defined one.
network
low complexity
mozilla
4.3
2023-12-19 CVE-2023-6869 Unspecified vulnerability in Mozilla Firefox
A `<dialog>` element could have been manipulated to paint content outside of a sandboxed iframe.
network
low complexity
mozilla
6.5
2023-12-19 CVE-2023-6870 Unspecified vulnerability in Mozilla Firefox
Applications which spawn a Toast notification in a background thread may have obscured fullscreen notifications displayed by Firefox.
network
low complexity
mozilla
4.3
2023-12-19 CVE-2023-6871 Unspecified vulnerability in Mozilla Firefox
Under certain conditions, Firefox did not display a warning when a user attempted to navigate to a new protocol handler.
network
low complexity
mozilla
4.3