Vulnerabilities > Mozilla > Firefox > 37.0.1

DATE CVE VULNERABILITY TITLE RISK
2021-06-24 CVE-2021-23999 Incorrect Comparison vulnerability in Mozilla Thunderbird
If a Blob URL was loaded through some unusual user interaction, it could have been loaded by the System Principal and granted additional privileges that should not be granted to web content.
network
mozilla CWE-697
6.8
2021-06-24 CVE-2021-24000 Race Condition vulnerability in Mozilla Firefox
A race condition with requestPointerLock() and setTimeout() could have resulted in a user interacting with one tab when they believed they were on a separate tab.
network
high complexity
mozilla CWE-362
3.1
2021-06-24 CVE-2021-24001 Exposure of Resource to Wrong Sphere vulnerability in Mozilla Firefox
A compromised content process could have performed session history manipulations it should not have been able to due to testing infrastructure that was not restricted to testing-only configurations.
network
mozilla CWE-668
4.3
2021-06-24 CVE-2021-24002 Injection vulnerability in Mozilla Thunderbird
When a user clicked on an FTP URL containing encoded newline characters (%0A and %0D), the newlines would have been interpreted as such and allowed arbitrary commands to be sent to the FTP server.
network
low complexity
mozilla CWE-74
8.8
2021-06-24 CVE-2021-29944 Cross-site Scripting vulnerability in Mozilla Firefox
Lack of escaping allowed HTML injection when a webpage was viewed in Reader View.
network
mozilla CWE-79
4.3
2021-06-24 CVE-2021-29946 Integer Overflow or Wraparound vulnerability in Mozilla Firefox
Ports that were written as an integer overflow above the bounds of a 16-bit integer could have bypassed port blocking restrictions when used in the Alt-Svc header.
network
mozilla CWE-190
6.8
2021-06-24 CVE-2021-29947 Out-of-bounds Write vulnerability in Mozilla Firefox
Mozilla developers and community members reported memory safety bugs present in Firefox 87.
network
mozilla CWE-787
6.8
2021-06-24 CVE-2021-29951 Improper Privilege Management vulnerability in Mozilla Firefox
The Mozilla Maintenance Service granted SERVICE_START access to BUILTIN|Users which, in a domain network, grants normal remote users access to start or stop the service.
network
low complexity
mozilla CWE-269
6.4
2021-06-24 CVE-2021-29955 Injection vulnerability in Mozilla Firefox
A transient execution vulnerability, named Floating Point Value Injection (FPVI) allowed an attacker to leak arbitrary memory addresses and may have also enabled JIT type confusion attacks.
network
high complexity
mozilla CWE-74
2.6
2021-06-24 CVE-2021-29964 Out-of-bounds Read vulnerability in Mozilla Firefox
A locally-installed hostile program could send `WM_COPYDATA` messages that Firefox would process incorrectly, leading to an out-of-bounds read.
network
mozilla CWE-125
5.8