Vulnerabilities > Mozilla > Firefox > 93.0
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-12-08 | CVE-2021-43536 | Information Exposure vulnerability in multiple products Under certain circumstances, asynchronous functions could have caused a navigation to fail but expose the target URL. | 6.5 |
| 2021-12-08 | CVE-2021-43537 | Incorrect Type Conversion or Cast vulnerability in multiple products An incorrect type conversion of sizes from 64bit to 32bit integers allowed an attacker to corrupt memory leading to a potentially exploitable crash. | 8.8 |
| 2021-12-08 | CVE-2021-43538 | Race Condition vulnerability in multiple products By misusing a race in our notification code, an attacker could have forcefully hidden the notification for pages that had received full screen and pointer lock access, which could have been used for spoofing attacks. | 4.3 |
| 2021-12-08 | CVE-2021-43539 | Use After Free vulnerability in multiple products Failure to correctly record the location of live pointers across wasm instance calls resulted in a GC occurring within the call not tracing those live pointers. | 8.8 |
| 2021-12-08 | CVE-2021-43540 | Unspecified vulnerability in Mozilla Firefox WebExtensions with the correct permissions were able to create and install ServiceWorkers for third-party websites that would not have been uninstalled with the extension. network mozilla | 4.3 |
| 2021-12-08 | CVE-2021-43541 | When invoking protocol handlers for external protocols, a supplied parameter URL containing spaces was not properly escaped. | 6.5 |
| 2021-12-08 | CVE-2021-43542 | Information Exposure Through an Error Message vulnerability in multiple products Using XMLHttpRequest, an attacker could have identified installed applications by probing error messages for loading external protocols. | 6.5 |
| 2021-12-08 | CVE-2021-43543 | Cross-site Scripting vulnerability in multiple products Documents loaded with the CSP sandbox directive could have escaped the sandbox's script restriction by embedding additional content. | 6.1 |
| 2021-12-08 | CVE-2021-43544 | Cross-site Scripting vulnerability in Mozilla Firefox When receiving a URL through a SEND intent, Firefox would have searched for the text, but subsequent usages of the address bar might have caused the URL to load unintentionally, which could lead to XSS and spoofing attacks. | 4.3 |
| 2021-12-08 | CVE-2021-43545 | Excessive Iteration vulnerability in multiple products Using the Location API in a loop could have caused severe application hangs and crashes. | 6.5 |