Vulnerabilities > Mozilla > Firefox > High

DATE CVE VULNERABILITY TITLE RISK
2023-10-25 CVE-2023-5728 During garbage collection extra operations were performed on a object that should not be.
network
low complexity
mozilla debian
7.5
2023-09-28 CVE-2023-5217 Out-of-bounds Write vulnerability in multiple products
Heap buffer overflow in vp8 encoding in libvpx in Google Chrome prior to 117.0.5938.132 and libvpx 1.13.1 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
8.8
2023-09-27 CVE-2023-5170 Memory Leak vulnerability in Mozilla Firefox
In canvas rendering, a compromised content process could have caused a surface to change unexpectedly, leading to a memory leak of a privileged process.
network
low complexity
mozilla CWE-401
7.4
2023-09-27 CVE-2023-5173 Integer Overflow or Wraparound vulnerability in Mozilla Firefox
In a non-standard configuration of Firefox, an integer overflow could have occurred based on network traffic (possibly under influence of a local unprivileged webpage), leading to an out-of-bounds write to privileged process memory.
network
low complexity
mozilla CWE-190
7.5
2023-09-12 CVE-2023-4863 Out-of-bounds Write vulnerability in multiple products
Heap buffer overflow in libwebp in Google Chrome prior to 116.0.5845.187 and libwebp 1.3.2 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page.
8.8
2023-09-11 CVE-2023-4576 Integer Overflow or Wraparound vulnerability in Mozilla Firefox
On Windows, an integer overflow could occur in `RecordedSourceSurfaceCreation` which resulted in a heap buffer overflow potentially leaking sensitive data that could have led to a sandbox escape. *This bug only affects Firefox on Windows.
network
low complexity
mozilla CWE-190
8.6
2023-09-11 CVE-2023-4582 Classic Buffer Overflow vulnerability in Mozilla Firefox
Due to large allocation checks in Angle for glsl shaders being too lenient a buffer overflow could have occured when allocating too much private shader memory on mac OS.
network
low complexity
mozilla CWE-120
8.8
2023-09-11 CVE-2023-4583 Unspecified vulnerability in Mozilla Thunderbird
When checking if the Browsing Context had been discarded in `HttpBaseChannel`, if the load group was not available then it was assumed to have already been discarded which was not always the case for private channels after the private session had ended.
network
low complexity
mozilla
7.5
2023-09-11 CVE-2023-4584 Out-of-bounds Write vulnerability in Mozilla Thunderbird
Memory safety bugs present in Firefox 116, Firefox ESR 102.14, Firefox ESR 115.1, Thunderbird 102.14, and Thunderbird 115.1.
network
low complexity
mozilla CWE-787
8.8
2023-09-11 CVE-2023-4585 Out-of-bounds Write vulnerability in Mozilla Thunderbird
Memory safety bugs present in Firefox 116, Firefox ESR 115.1, and Thunderbird 115.1.
network
low complexity
mozilla CWE-787
8.8