Vulnerabilities > Mozilla > Firefox > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-07-05 | CVE-2023-37206 | Link Following vulnerability in Mozilla Firefox Uploading files which contain symlinks may have allowed an attacker to trick a user into submitting sensitive data to a malicious website. | 6.5 |
| 2023-07-05 | CVE-2023-37210 | Unspecified vulnerability in Mozilla Firefox A website could prevent a user from exiting full-screen mode via alert and prompt calls. | 6.5 |
| 2023-07-05 | CVE-2023-3482 | Missing Authorization vulnerability in Mozilla Firefox When Firefox is configured to block storage of all cookies, it was still possible to store data in localstorage by using an iframe with a source of 'about:blank'. | 6.5 |
| 2023-07-05 | CVE-2023-37207 | Unsafe Reflection vulnerability in multiple products A website could have obscured the fullscreen notification by using a URL with a scheme handled by an external program, such as a mailto URL. | 6.5 |
| 2023-06-19 | CVE-2023-29545 | Unspecified vulnerability in Mozilla Thunderbird Similar to CVE-2023-28163, this time when choosing 'Save Link As', suggested filenames containing environment variable names would have resolved those in the context of the current user. | 6.5 |
| 2023-06-19 | CVE-2023-29546 | Unspecified vulnerability in Mozilla Firefox and Firefox Focus When recording the screen while in Private Browsing on Firefox for Android the address bar and keyboard were not hidden, potentially leaking sensitive information. | 6.5 |
| 2023-06-19 | CVE-2023-34415 | Open Redirect vulnerability in Mozilla Firefox When choosing a site-isolated process for a document loaded from a data: URL that was the result of a redirect, Firefox would load that document in the same process as the site that issued the redirect. | 6.1 |
| 2023-06-19 | CVE-2023-29532 | Unspecified vulnerability in Mozilla Firefox A local attacker can trick the Mozilla Maintenance Service into applying an unsigned update file by pointing the service at an update file on a malicious SMB server. | 5.5 |
| 2023-06-19 | CVE-2023-32208 | Unspecified vulnerability in Mozilla Firefox Service workers could reveal script base URL due to dynamic `import()`. | 5.3 |
| 2023-06-19 | CVE-2023-32210 | Unspecified vulnerability in Mozilla Firefox Documents were incorrectly assuming an ordering of principal objects when ensuring we were loading an appropriately privileged principal. | 6.5 |