Vulnerabilities > Mozilla > Firefox
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-11-21 | CVE-2023-6208 | When using X11, text selected by the page using the Selection API was erroneously copied into the primary selection, a temporary storage not unlike the clipboard. *This bug only affects Firefox on X11. | 8.8 |
2023-11-21 | CVE-2023-6209 | Path Traversal vulnerability in multiple products Relative URLs starting with three slashes were incorrectly parsed, and a path-traversal "/../" part in the path could be used to override the specified host. | 6.5 |
2023-11-21 | CVE-2023-6210 | Unspecified vulnerability in Mozilla Firefox When an https: web page created a pop-up from a "javascript:" URL, that pop-up was incorrectly allowed to load blockable content such as iframes from insecure http: URLs This vulnerability affects Firefox < 120. | 6.5 |
2023-11-21 | CVE-2023-6211 | Improper Restriction of Rendered UI Layers or Frames vulnerability in Mozilla Firefox If an attacker needed a user to load an insecure http: page and knew that user had enabled HTTPS-only mode, the attacker could have tricked the user into clicking to grant an HTTPS-only exception if they could get the user to participate in a clicking game. | 6.5 |
2023-11-21 | CVE-2023-6212 | Out-of-bounds Write vulnerability in multiple products Memory safety bugs present in Firefox 119, Firefox ESR 115.4, and Thunderbird 115.4. | 8.8 |
2023-11-21 | CVE-2023-6213 | Out-of-bounds Write vulnerability in Mozilla Firefox Memory safety bugs present in Firefox 119. | 8.8 |
2023-10-25 | CVE-2023-5721 | Improper Restriction of Rendered UI Layers or Frames vulnerability in multiple products It was possible for certain browser prompts and dialogs to be activated or dismissed unintentionally by the user due to an insufficient activation-delay. | 4.3 |
2023-10-25 | CVE-2023-5722 | Information Exposure Through Discrepancy vulnerability in Mozilla Firefox Using iterative requests an attacker was able to learn the size of an opaque response, as well as the contents of a server-supplied Vary header. | 5.3 |
2023-10-25 | CVE-2023-5723 | Unspecified vulnerability in Mozilla Firefox An attacker with temporary script access to a site could have set a cookie containing invalid characters using `document.cookie` that could have led to unknown errors. | 5.3 |
2023-10-25 | CVE-2023-5724 | Drivers are not always robust to extremely large draw calls and in some cases this scenario could have led to a crash. | 7.5 |