Vulnerabilities > Mozilla > Firefox > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-06-19 | CVE-2023-34415 | Open Redirect vulnerability in Mozilla Firefox When choosing a site-isolated process for a document loaded from a data: URL that was the result of a redirect, Firefox would load that document in the same process as the site that issued the redirect. | 6.1 |
| 2023-06-19 | CVE-2023-29532 | Unspecified vulnerability in Mozilla Firefox A local attacker can trick the Mozilla Maintenance Service into applying an unsigned update file by pointing the service at an update file on a malicious SMB server. | 5.5 |
| 2023-06-19 | CVE-2023-32208 | Unspecified vulnerability in Mozilla Firefox Service workers could reveal script base URL due to dynamic `import()`. | 5.3 |
| 2023-06-19 | CVE-2023-32210 | Unspecified vulnerability in Mozilla Firefox Documents were incorrectly assuming an ordering of principal objects when ensuring we were loading an appropriately privileged principal. | 6.5 |
| 2023-06-02 | CVE-2023-23597 | Inadequate Encryption Strength vulnerability in Mozilla Firefox A compromised web child process could disable web security opening restrictions, leading to a new child process being spawned within the <code>file://</code> context. | 6.5 |
| 2023-06-02 | CVE-2023-23598 | Unspecified vulnerability in Mozilla Firefox Due to the Firefox GTK wrapper code's use of text/plain for drag data and GTK treating all text/plain MIMEs containing file URLs as being dragged a website could arbitrarily read a file via a call to <code>DataTransfer.setData</code>. | 6.5 |
| 2023-06-02 | CVE-2023-23599 | Improper Encoding or Escaping of Output vulnerability in Mozilla Firefox When copying a network request from the developer tools panel as a curl command the output was not being properly sanitized and could allow arbitrary commands to be hidden within. | 6.5 |
| 2023-06-02 | CVE-2023-23600 | Unspecified vulnerability in Mozilla Firefox Per origin notification permissions were being stored in a way that didn't take into account what browsing context the permission was granted in. | 6.5 |
| 2023-06-02 | CVE-2023-23601 | Origin Validation Error vulnerability in Mozilla Firefox Navigations were being allowed when dragging a URL from a cross-origin iframe into the same tab which could lead to website spoofing attacks. | 6.5 |
| 2023-06-02 | CVE-2023-23602 | Improper Check for Unusual or Exceptional Conditions vulnerability in Mozilla Firefox A mishandled security check when creating a WebSocket in a WebWorker caused the Content Security Policy connect-src header to be ignored. | 6.5 |