Vulnerabilities > Mozilla > Firefox > 78.0.1
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-05-14 | CVE-2024-4367 | A type check was missing when handling fonts in PDF.js, which would allow arbitrary JavaScript execution in the PDF.js context. | 8.8 |
| 2024-05-14 | CVE-2024-4774 | Unspecified vulnerability in Mozilla Firefox The `ShmemCharMapHashEntry()` code was susceptible to potentially undefined behavior by bypassing the move semantics for one of its data members. | 6.5 |
| 2024-05-14 | CVE-2024-4777 | Out-of-bounds Write vulnerability in multiple products Memory safety bugs present in Firefox 125, Firefox ESR 115.10, and Thunderbird 115.10. | 8.8 |
| 2024-04-16 | CVE-2024-3863 | Unspecified vulnerability in Mozilla Thunderbird The executable file warning was not presented when downloading .xrm-ms files. | 9.8 |
| 2024-03-19 | CVE-2024-2613 | Improper Restriction of Rendered UI Layers or Frames vulnerability in Mozilla Firefox Data was not properly sanitized when decoding a QUIC ACK frame; this could have led to unrestricted memory consumption and a crash. | 7.5 |
| 2024-03-19 | CVE-2024-2614 | Out-of-bounds Write vulnerability in multiple products Memory safety bugs present in Firefox 123, Firefox ESR 115.8, and Thunderbird 115.8. | 8.8 |
| 2024-03-19 | CVE-2024-2615 | Out-of-bounds Write vulnerability in Mozilla Firefox Memory safety bugs present in Firefox 123. | 9.8 |
| 2024-02-20 | CVE-2024-1547 | Through a series of API calls and redirects, an attacker-controlled alert dialog could have been displayed on another website (with the victim website's URL shown). | 6.5 |
| 2024-02-20 | CVE-2024-1550 | Improper Restriction of Rendered UI Layers or Frames vulnerability in multiple products A malicious website could have used a combination of exiting fullscreen mode and `requestPointerLock` to cause the user's mouse to be re-positioned unexpectedly, which could have led to user confusion and inadvertently granting permissions they did not intend to grant. | 6.1 |
| 2024-02-20 | CVE-2024-1552 | Incorrect Conversion between Numeric Types vulnerability in multiple products Incorrect code generation could have led to unexpected numeric conversions and potential undefined behavior.*Note:* This issue only affects 32-bit ARM devices. | 7.5 |