Vulnerabilities > Mozilla > Firefox

DATE CVE VULNERABILITY TITLE RISK
2023-10-25 CVE-2023-5725 A malicious installed WebExtension could open arbitrary URLs, which under the right circumstance could be leveraged to collect sensitive user data.
network
low complexity
mozilla debian
4.3
2023-10-25 CVE-2023-5726 Unspecified vulnerability in Mozilla Firefox
A website could have obscured the full screen notification by using the file open dialog.
network
low complexity
mozilla
4.3
2023-10-25 CVE-2023-5727 Unspecified vulnerability in Mozilla Firefox
The executable file warning was not presented when downloading .msix, .msixbundle, .appx, and .appxbundle files, which can run commands on a user's computer.
network
low complexity
mozilla
6.5
2023-10-25 CVE-2023-5728 During garbage collection extra operations were performed on a object that should not be.
network
low complexity
mozilla debian
7.5
2023-10-25 CVE-2023-5729 Unspecified vulnerability in Mozilla Firefox
A malicious web site can enter fullscreen mode while simultaneously triggering a WebAuthn prompt.
network
low complexity
mozilla
4.3
2023-10-25 CVE-2023-5730 Out-of-bounds Write vulnerability in multiple products
Memory safety bugs present in Firefox 118, Firefox ESR 115.3, and Thunderbird 115.3.
network
low complexity
mozilla debian CWE-787
critical
9.8
2023-10-25 CVE-2023-5731 Out-of-bounds Write vulnerability in Mozilla Firefox
Memory safety bugs present in Firefox 118.
network
low complexity
mozilla CWE-787
critical
9.8
2023-10-25 CVE-2023-5732 An attacker could have created a malicious link using bidirectional characters to spoof the location in the address bar when visited.
network
low complexity
mozilla debian
6.5
2023-10-25 CVE-2023-5758 Cross-site Scripting vulnerability in Mozilla Firefox
When opening a page in reader mode, the redirect URL could have caused attacker-controlled script to execute in a reflected Cross-Site Scripting (XSS) attack.
network
low complexity
mozilla CWE-79
6.1
2023-09-28 CVE-2023-5217 Out-of-bounds Write vulnerability in multiple products
Heap buffer overflow in vp8 encoding in libvpx in Google Chrome prior to 117.0.5938.132 and libvpx 1.13.1 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
8.8