Vulnerabilities > Mozilla > Firefox > 3.5.2

DATE CVE VULNERABILITY TITLE RISK
2023-10-25 CVE-2023-5729 Unspecified vulnerability in Mozilla Firefox
A malicious web site can enter fullscreen mode while simultaneously triggering a WebAuthn prompt.
network
low complexity
mozilla
4.3
2023-10-25 CVE-2023-5730 Out-of-bounds Write vulnerability in multiple products
Memory safety bugs present in Firefox 118, Firefox ESR 115.3, and Thunderbird 115.3.
network
low complexity
mozilla debian CWE-787
critical
9.8
2023-10-25 CVE-2023-5731 Out-of-bounds Write vulnerability in Mozilla Firefox
Memory safety bugs present in Firefox 118.
network
low complexity
mozilla CWE-787
critical
9.8
2023-10-25 CVE-2023-5732 An attacker could have created a malicious link using bidirectional characters to spoof the location in the address bar when visited.
network
low complexity
mozilla debian
6.5
2023-09-28 CVE-2023-5217 Out-of-bounds Write vulnerability in multiple products
Heap buffer overflow in vp8 encoding in libvpx in Google Chrome prior to 117.0.5938.132 and libvpx 1.13.1 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
8.8
2023-09-27 CVE-2023-5168 Out-of-bounds Write vulnerability in Mozilla Firefox
A compromised content process could have provided malicious data to `FilterNodeD2D1` resulting in an out-of-bounds write, leading to a potentially exploitable crash in a privileged process. *This bug only affects Firefox on Windows.
network
low complexity
mozilla CWE-787
critical
9.8
2023-09-27 CVE-2023-5169 Out-of-bounds Write vulnerability in multiple products
A compromised content process could have provided malicious data in a `PathRecording` resulting in an out-of-bounds write, leading to a potentially exploitable crash in a privileged process.
network
low complexity
mozilla debian fedoraproject CWE-787
6.5
2023-09-27 CVE-2023-5170 Memory Leak vulnerability in Mozilla Firefox
In canvas rendering, a compromised content process could have caused a surface to change unexpectedly, leading to a memory leak of a privileged process.
network
low complexity
mozilla CWE-401
7.4
2023-09-27 CVE-2023-5171 Use After Free vulnerability in multiple products
During Ion compilation, a Garbage Collection could have resulted in a use-after-free condition, allowing an attacker to write two NUL bytes, and cause a potentially exploitable crash.
network
low complexity
mozilla debian fedoraproject CWE-416
6.5
2023-09-27 CVE-2023-5172 Use After Free vulnerability in Mozilla Firefox
A hashtable in the Ion Engine could have been mutated while there was a live interior reference, leading to a potential use-after-free and exploitable crash.
network
low complexity
mozilla CWE-416
critical
9.8