Vulnerabilities > Mozilla > Firefox > 96.0

DATE CVE VULNERABILITY TITLE RISK
2023-07-05 CVE-2023-37211 Out-of-bounds Write vulnerability in multiple products
Memory safety bugs present in Firefox 114, Firefox ESR 102.12, and Thunderbird 102.12.
network
low complexity
mozilla debian CWE-787
8.8
2023-07-05 CVE-2023-37212 Out-of-bounds Write vulnerability in Mozilla Firefox
Memory safety bugs present in Firefox 114.
network
low complexity
mozilla CWE-787
8.8
2023-07-05 CVE-2023-3482 Missing Authorization vulnerability in Mozilla Firefox
When Firefox is configured to block storage of all cookies, it was still possible to store data in localstorage by using an iframe with a source of 'about:blank'.
network
low complexity
mozilla CWE-862
6.5
2023-07-05 CVE-2023-37201 Use After Free vulnerability in multiple products
An attacker could have triggered a use-after-free condition when creating a WebRTC connection over HTTPS.
network
low complexity
mozilla debian CWE-416
8.8
2023-07-05 CVE-2023-37202 Use After Free vulnerability in multiple products
Cross-compartment wrappers wrapping a scripted proxy could have caused objects from other compartments to be stored in the main compartment resulting in a use-after-free.
network
low complexity
mozilla debian CWE-416
8.8
2023-07-05 CVE-2023-37207 Unsafe Reflection vulnerability in multiple products
A website could have obscured the fullscreen notification by using a URL with a scheme handled by an external program, such as a mailto URL.
network
low complexity
mozilla debian CWE-470
6.5
2023-07-05 CVE-2023-37208 When opening Diagcab files, Firefox did not warn the user that these files may contain malicious code.
local
low complexity
mozilla debian
7.8
2023-06-19 CVE-2023-25733 Unchecked Return Value vulnerability in Mozilla Firefox
The return value from `gfx::SourceSurfaceSkia::Map()` wasn't being verified which could have potentially lead to a null pointer dereference.
network
low complexity
mozilla CWE-252
7.5
2023-06-19 CVE-2023-25736 Unspecified vulnerability in Mozilla Firefox
An invalid downcast from `nsHTMLDocument` to `nsIContent` could have lead to undefined behavior.
network
low complexity
mozilla
critical
9.8
2023-06-19 CVE-2023-29542 Unspecified vulnerability in Mozilla Firefox
A newline in a filename could have been used to bypass the file extension security mechanisms that replace malicious file extensions such as .lnk with .download.
network
low complexity
mozilla
critical
9.8