| 2024-05-14 | CVE-2024-4367 | A type check was missing when handling fonts in PDF.js, which would allow arbitrary JavaScript execution in the PDF.js context. | 8.8 |
| 2024-05-14 | CVE-2024-4777 | Out-of-bounds Write vulnerability in multiple products
Memory safety bugs present in Firefox 125, Firefox ESR 115.10, and Thunderbird 115.10. | 8.8 |
| 2024-02-20 | CVE-2024-1552 | Incorrect Conversion between Numeric Types vulnerability in multiple products
Incorrect code generation could have led to unexpected numeric conversions and potential undefined behavior.*Note:* This issue only affects 32-bit ARM devices. | 7.5 |
| 2024-01-23 | CVE-2024-0743 | Unchecked Return Value vulnerability in Mozilla Firefox
An unchecked return value in TLS handshake code could have caused a potentially exploitable crash. | 7.5 |
| 2024-01-23 | CVE-2024-0744 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Mozilla Firefox
In some circumstances, JIT compiled code could have dereferenced a wild pointer value. | 7.5 |
| 2024-01-23 | CVE-2024-0745 | Out-of-bounds Write vulnerability in Mozilla Firefox
The WebAudio `OscillatorNode` object was susceptible to a stack buffer overflow. | 8.8 |
| 2024-01-23 | CVE-2024-0750 | A bug in popup notifications delay calculation could have made it possible for an attacker to trick a user into granting permissions. | 8.8 |
| 2024-01-23 | CVE-2024-0751 | Improper Privilege Management vulnerability in multiple products
A malicious devtools extension could have been used to escalate privileges. | 8.8 |
| 2024-01-23 | CVE-2024-0755 | Memory safety bugs present in Firefox 121, Firefox ESR 115.6, and Thunderbird 115.6. | 8.8 |
| 2023-12-19 | CVE-2023-6856 | Out-of-bounds Write vulnerability in multiple products
The WebGL `DrawElementsInstanced` method was susceptible to a heap buffer overflow when used on systems with the Mesa VM driver. | 8.8 |