Vulnerabilities > Mozilla > Firefox > 37.0.1

DATE CVE VULNERABILITY TITLE RISK
2023-09-11 CVE-2023-4579 Unspecified vulnerability in Mozilla Firefox
Search queries in the default search engine could appear to have been the currently navigated URL if the search query itself was a well formed URL.
network
high complexity
mozilla
3.1
2023-09-11 CVE-2023-4580 Missing Encryption of Sensitive Data vulnerability in Mozilla Thunderbird
Push notifications stored on disk in private browsing mode were not being encrypted potentially allowing the leak of sensitive information.
network
low complexity
mozilla CWE-311
6.5
2023-09-11 CVE-2023-4581 Unspecified vulnerability in Mozilla Thunderbird
Excel `.xll` add-in files did not have a blocklist entry in Firefox's executable blocklist which allowed them to be downloaded without any warning of their potential harm.
network
low complexity
mozilla
4.3
2023-09-11 CVE-2023-4582 Classic Buffer Overflow vulnerability in Mozilla Firefox
Due to large allocation checks in Angle for glsl shaders being too lenient a buffer overflow could have occured when allocating too much private shader memory on mac OS.
network
low complexity
mozilla CWE-120
8.8
2023-09-11 CVE-2023-4583 Unspecified vulnerability in Mozilla Thunderbird
When checking if the Browsing Context had been discarded in `HttpBaseChannel`, if the load group was not available then it was assumed to have already been discarded which was not always the case for private channels after the private session had ended.
network
low complexity
mozilla
7.5
2023-09-11 CVE-2023-4584 Out-of-bounds Write vulnerability in Mozilla Thunderbird
Memory safety bugs present in Firefox 116, Firefox ESR 102.14, Firefox ESR 115.1, Thunderbird 102.14, and Thunderbird 115.1.
network
low complexity
mozilla CWE-787
8.8
2023-09-11 CVE-2023-4585 Out-of-bounds Write vulnerability in Mozilla Thunderbird
Memory safety bugs present in Firefox 116, Firefox ESR 115.1, and Thunderbird 115.1.
network
low complexity
mozilla CWE-787
8.8
2023-09-11 CVE-2023-4573 Use After Free vulnerability in Mozilla Thunderbird
When receiving rendering data over IPC `mStream` could have been destroyed when initialized, which could have led to a use-after-free causing a potentially exploitable crash.
network
low complexity
mozilla CWE-416
6.5
2023-08-24 CVE-2022-46884 Use After Free vulnerability in Mozilla Firefox
A potential use-after-free vulnerability existed in SVG Images if the Refresh Driver was destroyed at an inopportune time.
network
low complexity
mozilla CWE-416
8.8
2023-08-01 CVE-2023-4054 Unspecified vulnerability in Mozilla Firefox
When opening appref-ms files, Firefox did not warn the user that these files may contain malicious code.
local
low complexity
mozilla
5.5