Vulnerabilities > Mozilla > Firefox

DATE CVE VULNERABILITY TITLE RISK
2023-12-19 CVE-2023-6870 Unspecified vulnerability in Mozilla Firefox
Applications which spawn a Toast notification in a background thread may have obscured fullscreen notifications displayed by Firefox.
network
low complexity
mozilla
4.3
2023-12-19 CVE-2023-6871 Unspecified vulnerability in Mozilla Firefox
Under certain conditions, Firefox did not display a warning when a user attempted to navigate to a new protocol handler.
network
low complexity
mozilla
4.3
2023-12-19 CVE-2023-6872 Unspecified vulnerability in Mozilla Firefox
Browser tab titles were being leaked by GNOME to system logs.
network
low complexity
mozilla
6.5
2023-12-19 CVE-2023-6873 Out-of-bounds Write vulnerability in multiple products
Memory safety bugs present in Firefox 120.
network
low complexity
mozilla debian CWE-787
8.8
2023-11-21 CVE-2023-49060 Unspecified vulnerability in Mozilla Firefox
An attacker could have accessed internal pages or data by ex-filtrating a security key from ReaderMode via the `referrerpolicy` attribute.
network
low complexity
mozilla
critical
9.8
2023-11-21 CVE-2023-49061 Open Redirect vulnerability in Mozilla Firefox
An attacker could have performed HTML template injection via Reader Mode and exfiltrated user information.
network
low complexity
mozilla CWE-601
6.1
2023-11-21 CVE-2023-6204 Out-of-bounds Read vulnerability in multiple products
On some systems—depending on the graphics settings and drivers—it was possible to force an out-of-bounds read and leak memory data into the images created on the canvas element.
network
low complexity
mozilla debian CWE-125
6.5
2023-11-21 CVE-2023-6205 Use After Free vulnerability in multiple products
It was possible to cause the use of a MessagePort after it had already been freed, which could potentially have led to an exploitable crash.
network
low complexity
mozilla debian CWE-416
6.5
2023-11-21 CVE-2023-6206 Improper Restriction of Rendered UI Layers or Frames vulnerability in multiple products
The black fade animation when exiting fullscreen is roughly the length of the anti-clickjacking delay on permission prompts.
network
low complexity
mozilla debian CWE-1021
5.4
2023-11-21 CVE-2023-6207 Use After Free vulnerability in multiple products
Ownership mismanagement led to a use-after-free in ReadableByteStreams This vulnerability affects Firefox < 120, Firefox ESR < 115.5.0, and Thunderbird < 115.5.
network
low complexity
mozilla debian CWE-416
8.8