Vulnerabilities > Mozilla > Firefox
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-02-16 | CVE-2020-12413 | Information Exposure Through Discrepancy vulnerability in Mozilla Firefox The Raccoon attack is a timing attack on DHE ciphersuites inherit in the TLS specification. | 5.9 |
| 2022-12-22 | CVE-2021-4128 | Use After Free vulnerability in Mozilla Firefox When transitioning in and out of fullscreen mode, a graphics object was not correctly protected; resulting in memory corruption and a potentially exploitable crash.<br>*This bug only affects Firefox on MacOS. | 6.5 |
| 2022-12-22 | CVE-2021-4129 | Out-of-bounds Write vulnerability in Mozilla Firefox ESR Mozilla developers and community members Julian Hector, Randell Jesup, Gabriele Svelto, Tyson Smith, Christian Holler, and Masayuki Nakano reported memory safety bugs present in Firefox 94. | 9.8 |
| 2022-12-22 | CVE-2021-4140 | XML Injection (aka Blind XPath Injection) vulnerability in Mozilla Firefox It was possible to construct specific XSLT markup that would be able to bypass an iframe sandbox. | 10.0 |
| 2022-12-22 | CVE-2021-4221 | Unspecified vulnerability in Mozilla Firefox If a domain name contained a RTL character, it would cause the domain to be rendered to the right of the path. | 4.3 |
| 2022-12-22 | CVE-2022-0511 | Out-of-bounds Write vulnerability in Mozilla Firefox Mozilla developers and community members Gabriele Svelto, Sebastian Hengst, Randell Jesup, Luan Herrera, Lars T Hansen, and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 96. | 8.8 |
| 2022-12-22 | CVE-2022-0843 | Out-of-bounds Write vulnerability in Mozilla Firefox Mozilla developers Kershaw Chang, Ryan VanderMeulen, and Randell Jesup reported memory safety bugs present in Firefox 97. | 8.8 |
| 2022-12-22 | CVE-2022-1097 | Use After Free vulnerability in Mozilla Firefox ESR <code>NSSToken</code> objects were referenced via direct points, and could have been accessed in an unsafe way on different threads, leading to a use-after-free and potentially exploitable crash. | 6.5 |
| 2022-12-22 | CVE-2022-1529 | Unspecified vulnerability in Mozilla Thunderbird An attacker could have sent a message to the parent process where the contents were used to double-index into a JavaScript object, leading to prototype pollution and ultimately attacker-controlled JavaScript executing in the privileged parent process. | 8.8 |
| 2022-12-22 | CVE-2022-1802 | Unspecified vulnerability in Mozilla Thunderbird If an attacker was able to corrupt the methods of an Array object in JavaScript via prototype pollution, they could have achieved execution of attacker-controlled JavaScript code in a privileged context. | 8.8 |