Vulnerabilities > Mozilla > Firefox > Critical

DATE CVE VULNERABILITY TITLE RISK
2023-09-27 CVE-2023-5168 Out-of-bounds Write vulnerability in Mozilla Firefox
A compromised content process could have provided malicious data to `FilterNodeD2D1` resulting in an out-of-bounds write, leading to a potentially exploitable crash in a privileged process. *This bug only affects Firefox on Windows.
network
low complexity
mozilla CWE-787
critical
 9.8
9.8
2023-08-01 CVE-2023-4058 Out-of-bounds Write vulnerability in Mozilla Firefox
Memory safety bugs present in Firefox 115.
network
low complexity
mozilla CWE-787
critical
 9.8
9.8
2023-08-01 CVE-2023-4057 Out-of-bounds Write vulnerability in Mozilla Firefox
Memory safety bugs present in Firefox 115, Firefox ESR 115.0, and Thunderbird 115.0.
network
low complexity
mozilla CWE-787
critical
 9.8
9.8
2023-08-01 CVE-2023-4056 Out-of-bounds Write vulnerability in multiple products
Memory safety bugs present in Firefox 115, Firefox ESR 115.0, Firefox ESR 102.13, Thunderbird 115.0, and Thunderbird 102.13.
network
low complexity
mozilla debian CWE-787
critical
 9.8
9.8
2023-06-19 CVE-2023-34417 Out-of-bounds Write vulnerability in Mozilla Firefox
Memory safety bugs present in Firefox 113.
network
low complexity
mozilla CWE-787
critical
 9.8
9.8
2023-06-19 CVE-2023-34416 Out-of-bounds Write vulnerability in Mozilla Firefox
Memory safety bugs present in Firefox 113, Firefox ESR 102.11, and Thunderbird 102.12.
network
low complexity
mozilla CWE-787
critical
 9.8
9.8
2023-06-19 CVE-2023-29542 Unspecified vulnerability in Mozilla Firefox
A newline in a filename could have been used to bypass the file extension security mechanisms that replace malicious file extensions such as .lnk with .download.
network
low complexity
mozilla
critical
 9.8
9.8
2023-06-19 CVE-2023-29534 Unspecified vulnerability in Mozilla Firefox and Firefox Focus
Different techniques existed to obscure the fullscreen notification in Firefox and Focus for Android.
network
low complexity
mozilla
critical
 9.1
9.1
2023-06-19 CVE-2023-25736 Unspecified vulnerability in Mozilla Firefox
An invalid downcast from `nsHTMLDocument` to `nsIContent` could have lead to undefined behavior.
network
low complexity
mozilla
critical
 9.8
9.8
2023-06-19 CVE-2019-25136 Unspecified vulnerability in Mozilla Firefox
A compromised child process could have injected XBL Bindings into privileged CSS rules, resulting in arbitrary code execution and a sandbox escape.
network
low complexity
mozilla
critical
 10.0
10