Vulnerabilities > Mozilla > Firefox > 78.10.1
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-06-19 | CVE-2023-29531 | Out-of-bounds Write vulnerability in Mozilla Firefox An attacker could have caused an out of bounds memory access using WebGL APIs, leading to memory corruption and a potentially exploitable crash. *This bug only affects Firefox and Thunderbird for macOS. | 9.8 |
| 2023-06-19 | CVE-2023-29532 | Unspecified vulnerability in Mozilla Firefox A local attacker can trick the Mozilla Maintenance Service into applying an unsigned update file by pointing the service at an update file on a malicious SMB server. | 5.5 |
| 2023-06-19 | CVE-2023-32208 | Unspecified vulnerability in Mozilla Firefox Service workers could reveal script base URL due to dynamic `import()`. | 5.3 |
| 2023-06-19 | CVE-2023-32209 | Out-of-bounds Write vulnerability in Mozilla Firefox A maliciously crafted favicon could have led to an out of memory crash. | 7.5 |
| 2023-06-19 | CVE-2023-32210 | Unspecified vulnerability in Mozilla Firefox Documents were incorrectly assuming an ordering of principal objects when ensuring we were loading an appropriately privileged principal. | 6.5 |
| 2023-06-19 | CVE-2023-32214 | Unspecified vulnerability in Mozilla Firefox Protocol handlers `ms-cxh` and `ms-cxh-full` could have been leveraged to trigger a denial of service. *Note: This attack only affects Windows. | 7.5 |
| 2023-06-19 | CVE-2023-32216 | Out-of-bounds Write vulnerability in Mozilla Firefox Mozilla developers and community members Ronald Crane, Andrew McCreight, Randell Jesup and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 112. | 9.8 |
| 2023-06-02 | CVE-2023-0767 | Unspecified vulnerability in Mozilla Firefox ESR An attacker could construct a PKCS 12 cert bundle in such a way that could allow for arbitrary memory writes via PKCS 12 Safe Bag attributes being mishandled. | 8.8 |
| 2023-06-02 | CVE-2023-23597 | Inadequate Encryption Strength vulnerability in Mozilla Firefox A compromised web child process could disable web security opening restrictions, leading to a new child process being spawned within the <code>file://</code> context. | 6.5 |
| 2023-06-02 | CVE-2023-23598 | Unspecified vulnerability in Mozilla Firefox Due to the Firefox GTK wrapper code's use of text/plain for drag data and GTK treating all text/plain MIMEs containing file URLs as being dragged a website could arbitrarily read a file via a call to <code>DataTransfer.setData</code>. | 6.5 |