Vulnerabilities > Mozilla > Firefox > 37.0.1

DATE CVE VULNERABILITY TITLE RISK
2023-06-19 CVE-2023-29542 Unspecified vulnerability in Mozilla Firefox
A newline in a filename could have been used to bypass the file extension security mechanisms that replace malicious file extensions such as .lnk with .download.
network
low complexity
mozilla
critical
9.8
2023-06-19 CVE-2023-29545 Unspecified vulnerability in Mozilla Thunderbird
Similar to CVE-2023-28163, this time when choosing 'Save Link As', suggested filenames containing environment variable names would have resolved those in the context of the current user.
network
low complexity
mozilla
6.5
2023-06-19 CVE-2023-34414 Improper Certificate Validation vulnerability in Mozilla Firefox
The error page for sites with invalid TLS certificates was missing the activation-delay Firefox uses to protect prompts and permission dialogs from attacks that exploit human response time delays.
network
high complexity
mozilla CWE-295
3.1
2023-06-19 CVE-2023-34415 Open Redirect vulnerability in Mozilla Firefox
When choosing a site-isolated process for a document loaded from a data: URL that was the result of a redirect, Firefox would load that document in the same process as the site that issued the redirect.
network
low complexity
mozilla CWE-601
6.1
2023-06-19 CVE-2023-34416 Out-of-bounds Write vulnerability in Mozilla Firefox
Memory safety bugs present in Firefox 113, Firefox ESR 102.11, and Thunderbird 102.12.
network
low complexity
mozilla CWE-787
critical
9.8
2023-06-19 CVE-2023-34417 Out-of-bounds Write vulnerability in Mozilla Firefox
Memory safety bugs present in Firefox 113.
network
low complexity
mozilla CWE-787
critical
9.8
2023-06-19 CVE-2023-29531 Out-of-bounds Write vulnerability in Mozilla Firefox
An attacker could have caused an out of bounds memory access using WebGL APIs, leading to memory corruption and a potentially exploitable crash. *This bug only affects Firefox and Thunderbird for macOS.
network
low complexity
mozilla CWE-787
critical
9.8
2023-06-19 CVE-2023-29532 Unspecified vulnerability in Mozilla Firefox
A local attacker can trick the Mozilla Maintenance Service into applying an unsigned update file by pointing the service at an update file on a malicious SMB server.
local
low complexity
mozilla
5.5
2023-06-19 CVE-2023-32208 Unspecified vulnerability in Mozilla Firefox
Service workers could reveal script base URL due to dynamic `import()`.
network
low complexity
mozilla
5.3
2023-06-19 CVE-2023-32209 Out-of-bounds Write vulnerability in Mozilla Firefox
A maliciously crafted favicon could have led to an out of memory crash.
network
low complexity
mozilla CWE-787
7.5