Vulnerabilities > Mozilla > Firefox

DATE CVE VULNERABILITY TITLE RISK
2023-11-21 CVE-2023-6211 Improper Restriction of Rendered UI Layers or Frames vulnerability in Mozilla Firefox
If an attacker needed a user to load an insecure http: page and knew that user had enabled HTTPS-only mode, the attacker could have tricked the user into clicking to grant an HTTPS-only exception if they could get the user to participate in a clicking game.
network
low complexity
mozilla CWE-1021
6.5
2023-11-21 CVE-2023-6212 Out-of-bounds Write vulnerability in multiple products
Memory safety bugs present in Firefox 119, Firefox ESR 115.4, and Thunderbird 115.4.
network
low complexity
mozilla debian CWE-787
8.8
2023-11-21 CVE-2023-6213 Out-of-bounds Write vulnerability in Mozilla Firefox
Memory safety bugs present in Firefox 119.
network
low complexity
mozilla CWE-787
8.8
2023-10-25 CVE-2023-5721 Improper Restriction of Rendered UI Layers or Frames vulnerability in multiple products
It was possible for certain browser prompts and dialogs to be activated or dismissed unintentionally by the user due to an insufficient activation-delay.
network
low complexity
mozilla debian CWE-1021
4.3
2023-10-25 CVE-2023-5722 Information Exposure Through Discrepancy vulnerability in Mozilla Firefox
Using iterative requests an attacker was able to learn the size of an opaque response, as well as the contents of a server-supplied Vary header.
network
low complexity
mozilla CWE-203
5.3
2023-10-25 CVE-2023-5723 Unspecified vulnerability in Mozilla Firefox
An attacker with temporary script access to a site could have set a cookie containing invalid characters using `document.cookie` that could have led to unknown errors.
network
low complexity
mozilla
5.3
2023-10-25 CVE-2023-5724 Drivers are not always robust to extremely large draw calls and in some cases this scenario could have led to a crash.
network
low complexity
mozilla debian
7.5
2023-10-25 CVE-2023-5725 A malicious installed WebExtension could open arbitrary URLs, which under the right circumstance could be leveraged to collect sensitive user data.
network
low complexity
mozilla debian
4.3
2023-10-25 CVE-2023-5726 Unspecified vulnerability in Mozilla Firefox
A website could have obscured the full screen notification by using the file open dialog.
network
low complexity
mozilla
4.3
2023-10-25 CVE-2023-5727 Unspecified vulnerability in Mozilla Firefox
The executable file warning was not presented when downloading .msix, .msixbundle, .appx, and .appxbundle files, which can run commands on a user's computer.
network
low complexity
mozilla
6.5