Vulnerabilities > Mozilla > Firefox > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-08-01 | CVE-2023-4056 | Out-of-bounds Write vulnerability in multiple products Memory safety bugs present in Firefox 115, Firefox ESR 115.0, Firefox ESR 102.13, Thunderbird 115.0, and Thunderbird 102.13. | 9.8 |
| 2023-06-19 | CVE-2023-34417 | Out-of-bounds Write vulnerability in Mozilla Firefox Memory safety bugs present in Firefox 113. | 9.8 |
| 2023-06-19 | CVE-2023-34416 | Out-of-bounds Write vulnerability in Mozilla Firefox Memory safety bugs present in Firefox 113, Firefox ESR 102.11, and Thunderbird 102.12. | 9.8 |
| 2023-06-19 | CVE-2023-29542 | Unspecified vulnerability in Mozilla Firefox A newline in a filename could have been used to bypass the file extension security mechanisms that replace malicious file extensions such as .lnk with .download. | 9.8 |
| 2023-06-19 | CVE-2023-29534 | Unspecified vulnerability in Mozilla Firefox and Firefox Focus Different techniques existed to obscure the fullscreen notification in Firefox and Focus for Android. | 9.1 |
| 2023-06-19 | CVE-2023-25736 | Unspecified vulnerability in Mozilla Firefox An invalid downcast from `nsHTMLDocument` to `nsIContent` could have lead to undefined behavior. | 9.8 |
| 2023-06-19 | CVE-2019-25136 | Unspecified vulnerability in Mozilla Firefox A compromised child process could have injected XBL Bindings into privileged CSS rules, resulting in arbitrary code execution and a sandbox escape. | 10.0 |
| 2023-06-19 | CVE-2023-32216 | Out-of-bounds Write vulnerability in Mozilla Firefox Memory safety bugs present in Firefox 112. | 9.8 |
| 2023-06-19 | CVE-2023-29531 | Out-of-bounds Write vulnerability in Mozilla Firefox An attacker could have caused an out of bounds memory access using WebGL APIs, leading to memory corruption and a potentially exploitable crash. *This bug only affects Firefox and Thunderbird for macOS. | 9.8 |
| 2022-12-22 | CVE-2022-46882 | Use After Free vulnerability in Mozilla Firefox A use-after-free in WebGL extensions could have led to a potentially exploitable crash. | 9.8 |