Vulnerabilities > Mozilla > Firefox > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-10-29 | CVE-2024-10460 | Unspecified vulnerability in Mozilla Firefox and Thunderbird The origin of an external protocol handler prompt could have been obscured using a data: URL within an `iframe`. | 5.3 |
| 2024-10-29 | CVE-2024-10461 | Cross-site Scripting vulnerability in Mozilla Thunderbird In multipart/x-mixed-replace responses, `Content-Disposition: attachment` in the response header was not respected and did not force a download, which could allow XSS attacks. | 6.1 |
| 2024-10-29 | CVE-2024-10462 | Authentication Bypass by Spoofing vulnerability in Mozilla Thunderbird Truncation of a long URL could have allowed origin spoofing in a permission prompt. | 6.5 |
| 2024-10-29 | CVE-2024-10463 | Information Exposure Through Discrepancy vulnerability in Mozilla Thunderbird Video frames could have been leaked between origins in some situations. | 6.5 |
| 2024-10-29 | CVE-2024-10464 | Out-of-bounds Read vulnerability in Mozilla Thunderbird Repeated writes to history interface attributes could have been used to cause a Denial of Service condition in the browser. | 6.5 |
| 2024-10-29 | CVE-2024-10465 | Authentication Bypass by Spoofing vulnerability in Mozilla Thunderbird A clipboard "paste" button could persist across tabs which allowed a spoofing attack. | 6.5 |
| 2024-10-29 | CVE-2024-10468 | Race Condition vulnerability in Mozilla Firefox Potential race conditions in IndexedDB could have caused memory corruption, leading to a potentially exploitable crash. | 5.3 |
| 2024-10-01 | CVE-2024-9397 | Improper Restriction of Rendered UI Layers or Frames vulnerability in Mozilla Firefox A missing delay in directory upload UI could have made it possible for an attacker to trick a user into granting permission via clickjacking. | 6.1 |
| 2024-10-01 | CVE-2024-9398 | Unspecified vulnerability in Mozilla Firefox By checking the result of calls to `window.open` with specifically set protocol handlers, an attacker could determine if the application which implements that protocol handler is installed. | 5.3 |
| 2024-09-17 | CVE-2024-8897 | Open Redirect vulnerability in Mozilla Firefox Under certain conditions, an attacker with the ability to redirect users to a malicious site via an open redirect on a trusted site, may be able to spoof the address bar contents. | 6.1 |