Vulnerabilities > Mozilla > Firefox

DATE CVE VULNERABILITY TITLE RISK
2023-11-21 CVE-2023-6208 When using X11, text selected by the page using the Selection API was erroneously copied into the primary selection, a temporary storage not unlike the clipboard. *This bug only affects Firefox on X11.
network
low complexity
mozilla debian
8.8
2023-11-21 CVE-2023-6209 Path Traversal vulnerability in multiple products
Relative URLs starting with three slashes were incorrectly parsed, and a path-traversal "/../" part in the path could be used to override the specified host.
network
low complexity
mozilla debian CWE-22
6.5
2023-11-21 CVE-2023-6210 Unspecified vulnerability in Mozilla Firefox
When an https: web page created a pop-up from a "javascript:" URL, that pop-up was incorrectly allowed to load blockable content such as iframes from insecure http: URLs This vulnerability affects Firefox < 120.
network
low complexity
mozilla
6.5
2023-11-21 CVE-2023-6211 Improper Restriction of Rendered UI Layers or Frames vulnerability in Mozilla Firefox
If an attacker needed a user to load an insecure http: page and knew that user had enabled HTTPS-only mode, the attacker could have tricked the user into clicking to grant an HTTPS-only exception if they could get the user to participate in a clicking game.
network
low complexity
mozilla CWE-1021
6.5
2023-11-21 CVE-2023-6212 Out-of-bounds Write vulnerability in multiple products
Memory safety bugs present in Firefox 119, Firefox ESR 115.4, and Thunderbird 115.4.
network
low complexity
mozilla debian CWE-787
8.8
2023-11-21 CVE-2023-6213 Out-of-bounds Write vulnerability in Mozilla Firefox
Memory safety bugs present in Firefox 119.
network
low complexity
mozilla CWE-787
8.8
2023-10-25 CVE-2023-5721 Improper Restriction of Rendered UI Layers or Frames vulnerability in multiple products
It was possible for certain browser prompts and dialogs to be activated or dismissed unintentionally by the user due to an insufficient activation-delay.
network
low complexity
mozilla debian CWE-1021
4.3
2023-10-25 CVE-2023-5722 Information Exposure Through Discrepancy vulnerability in Mozilla Firefox
Using iterative requests an attacker was able to learn the size of an opaque response, as well as the contents of a server-supplied Vary header.
network
low complexity
mozilla CWE-203
5.3
2023-10-25 CVE-2023-5723 Unspecified vulnerability in Mozilla Firefox
An attacker with temporary script access to a site could have set a cookie containing invalid characters using `document.cookie` that could have led to unknown errors.
network
low complexity
mozilla
5.3
2023-10-25 CVE-2023-5724 Drivers are not always robust to extremely large draw calls and in some cases this scenario could have led to a crash.
network
low complexity
mozilla debian
7.5