Vulnerabilities > Mozilla > Firefox
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-06-11 | CVE-2024-5689 | Unspecified vulnerability in Mozilla Firefox In addition to detecting when a user was taking a screenshot (XXX), a website was able to overlay the 'My Shots' button that appeared, and direct the user to a replica Firefox Screenshots page that could be used for phishing. | 4.3 |
| 2024-06-11 | CVE-2024-5690 | Information Exposure Through Discrepancy vulnerability in multiple products By monitoring the time certain operations take, an attacker could have guessed which external protocol handlers were functional on a user's system. | 4.3 |
| 2024-06-11 | CVE-2024-5691 | Unspecified vulnerability in Mozilla Firefox By tricking the browser with a `X-Frame-Options` header, a sandboxed iframe could have presented a button that, if clicked by a user, would bypass restrictions to open a new window. | 4.7 |
| 2024-06-11 | CVE-2024-5694 | Use After Free vulnerability in Mozilla Firefox An attacker could have caused a use-after-free in the JavaScript engine to read memory in the JavaScript string section of the heap. | 7.5 |
| 2024-06-11 | CVE-2024-5695 | Out-of-bounds Write vulnerability in Mozilla Firefox If an out-of-memory condition occurs at a specific point using allocations in the probabilistic heap checker, an assertion could have been triggered, and in rarer situations, memory corruption could have occurred. | 9.8 |
| 2024-06-11 | CVE-2024-5697 | Unspecified vulnerability in Mozilla Firefox A website was able to detect when a user took a screenshot of a page using the built-in Screenshot functionality in Firefox. | 4.3 |
| 2024-06-11 | CVE-2024-5698 | Improper Restriction of Rendered UI Layers or Frames vulnerability in Mozilla Firefox By manipulating the fullscreen feature while opening a data-list, an attacker could have overlaid a text box over the address bar. | 6.1 |
| 2024-02-20 | CVE-2024-1547 | Through a series of API calls and redirects, an attacker-controlled alert dialog could have been displayed on another website (with the victim website's URL shown). | 6.5 |
| 2024-02-20 | CVE-2024-1550 | Improper Restriction of Rendered UI Layers or Frames vulnerability in multiple products A malicious website could have used a combination of exiting fullscreen mode and `requestPointerLock` to cause the user's mouse to be re-positioned unexpectedly, which could have led to user confusion and inadvertently granting permissions they did not intend to grant. | 6.1 |
| 2024-02-20 | CVE-2024-1552 | Incorrect Conversion between Numeric Types vulnerability in multiple products Incorrect code generation could have led to unexpected numeric conversions and potential undefined behavior.*Note:* This issue only affects 32-bit ARM devices. | 7.5 |