Vulnerabilities > Mozilla > Firefox

DATE CVE VULNERABILITY TITLE RISK
2023-06-02 CVE-2023-32215 Out-of-bounds Write vulnerability in Mozilla Firefox
Memory safety bugs present in Firefox 112 and Firefox ESR 102.10.
network
low complexity
mozilla CWE-787
8.8
2023-02-16 CVE-2019-17003 Cross-site Scripting vulnerability in Mozilla Firefox
Scanning a QR code that contained a javascript: URL would have resulted in the Javascript being executed.
network
low complexity
mozilla CWE-79
6.1
2023-02-16 CVE-2020-12413 Information Exposure Through Discrepancy vulnerability in Mozilla Firefox
The Raccoon attack is a timing attack on DHE ciphersuites inherit in the TLS specification.
network
high complexity
mozilla CWE-203
5.9
2022-12-22 CVE-2021-4128 Use After Free vulnerability in Mozilla Firefox
When transitioning in and out of fullscreen mode, a graphics object was not correctly protected; resulting in memory corruption and a potentially exploitable crash.<br>*This bug only affects Firefox on MacOS.
network
low complexity
mozilla CWE-416
6.5
2022-12-22 CVE-2021-4129 Out-of-bounds Write vulnerability in Mozilla Firefox ESR
Mozilla developers and community members Julian Hector, Randell Jesup, Gabriele Svelto, Tyson Smith, Christian Holler, and Masayuki Nakano reported memory safety bugs present in Firefox 94.
network
low complexity
mozilla CWE-787
critical
9.8
2022-12-22 CVE-2021-4140 XML Injection (aka Blind XPath Injection) vulnerability in Mozilla Firefox
It was possible to construct specific XSLT markup that would be able to bypass an iframe sandbox.
network
low complexity
mozilla CWE-91
critical
10.0
2022-12-22 CVE-2021-4221 Unspecified vulnerability in Mozilla Firefox
If a domain name contained a RTL character, it would cause the domain to be rendered to the right of the path.
network
low complexity
mozilla
4.3
2022-12-22 CVE-2022-0511 Out-of-bounds Write vulnerability in Mozilla Firefox
Mozilla developers and community members Gabriele Svelto, Sebastian Hengst, Randell Jesup, Luan Herrera, Lars T Hansen, and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 96.
network
low complexity
mozilla CWE-787
8.8
2022-12-22 CVE-2022-0843 Out-of-bounds Write vulnerability in Mozilla Firefox
Mozilla developers Kershaw Chang, Ryan VanderMeulen, and Randell Jesup reported memory safety bugs present in Firefox 97.
network
low complexity
mozilla CWE-787
8.8
2022-12-22 CVE-2022-1097 Use After Free vulnerability in Mozilla Firefox ESR
<code>NSSToken</code> objects were referenced via direct points, and could have been accessed in an unsafe way on different threads, leading to a use-after-free and potentially exploitable crash.
network
low complexity
mozilla CWE-416
6.5