Vulnerabilities > Mozilla > Firefox > High

DATE CVE VULNERABILITY TITLE RISK
2023-06-02 CVE-2023-25745 Out-of-bounds Write vulnerability in Mozilla Firefox
Memory safety bugs present in Firefox 109.
network
low complexity
mozilla CWE-787
8.8
2023-06-02 CVE-2023-28161 Improper Preservation of Permissions vulnerability in Mozilla Firefox
If temporary "one-time" permissions, such as the ability to use the Camera, were granted to a document loaded using a file: URL, that permission persisted in that tab for all other documents loaded from a file: URL.
network
low complexity
mozilla CWE-281
8.8
2023-06-02 CVE-2023-28162 Incorrect Type Conversion or Cast vulnerability in Mozilla Firefox
While implementing AudioWorklets, some code may have casted one type to another, invalid, dynamic type.
network
low complexity
mozilla CWE-704
8.8
2023-06-02 CVE-2023-28176 Out-of-bounds Write vulnerability in Mozilla Firefox
Memory safety bugs present in Firefox 110 and Firefox ESR 102.8.
network
low complexity
mozilla CWE-787
8.8
2023-06-02 CVE-2023-28177 Out-of-bounds Write vulnerability in Mozilla Firefox
Memory safety bugs present in Firefox 110.
network
low complexity
mozilla CWE-787
8.8
2023-06-02 CVE-2023-29536 Use After Free vulnerability in Mozilla products
An attacker could cause the memory manager to incorrectly free a pointer that addresses attacker-controlled memory, resulting in an assertion, memory corruption, or a potentially exploitable crash.
network
low complexity
mozilla CWE-416
8.8
2023-06-02 CVE-2023-29537 Race Condition vulnerability in Mozilla Firefox and Focus
Multiple race conditions in the font initialization could have led to memory corruption and execution of attacker-controlled code.
network
high complexity
mozilla CWE-362
7.5
2023-06-02 CVE-2023-29539 NULL Pointer Dereference vulnerability in Mozilla products
When handling the filename directive in the Content-Disposition header, the filename would be truncated if the filename contained a NULL character.
network
low complexity
mozilla CWE-476
8.8
2023-06-02 CVE-2023-29541 Improper Encoding or Escaping of Output vulnerability in Mozilla products
Firefox did not properly handle downloads of files ending in <code>.desktop</code>, which can be interpreted to run attacker-controlled commands.
network
low complexity
mozilla CWE-116
8.8
2023-06-02 CVE-2023-29543 Use After Free vulnerability in Mozilla Firefox and Focus
An attacker could have caused memory corruption and a potentially exploitable use-after-free of a pointer in a global object's debugger vector.
network
low complexity
mozilla CWE-416
8.8