Vulnerabilities > Mozilla > Firefox > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-06-02 | CVE-2023-23601 | Origin Validation Error vulnerability in Mozilla Firefox Navigations were being allowed when dragging a URL from a cross-origin iframe into the same tab which could lead to website spoofing attacks. | 6.5 |
2023-06-02 | CVE-2023-23602 | Improper Check for Unusual or Exceptional Conditions vulnerability in Mozilla Firefox A mishandled security check when creating a WebSocket in a WebWorker caused the Content Security Policy connect-src header to be ignored. | 6.5 |
2023-06-02 | CVE-2023-23603 | Unspecified vulnerability in Mozilla Firefox Regular expressions used to filter out forbidden properties and values from style directives in calls to <code>console.log</code> weren't accounting for external URLs. | 6.5 |
2023-06-02 | CVE-2023-23604 | Unspecified vulnerability in Mozilla Firefox A duplicate <code>SystemPrincipal</code> object could be created when parsing a non-system html document via <code>DOMParser::ParseFromSafeString</code>. | 6.5 |
2023-06-02 | CVE-2023-25728 | Unspecified vulnerability in Mozilla Firefox ESR The <code>Content-Security-Policy-Report-Only</code> header could allow an attacker to leak a child iframe's unredacted URI when interaction with that iframe triggers a redirect. | 6.5 |
2023-06-02 | CVE-2023-25730 | Unspecified vulnerability in Mozilla Firefox ESR A background script invoking <code>requestFullscreen</code> and then blocking the main thread could force the browser into fullscreen mode indefinitely, resulting in potential user confusion or spoofing attacks. | 5.4 |
2023-06-02 | CVE-2023-25738 | Out-of-bounds Read vulnerability in Mozilla Firefox Members of the <code>DEVMODEW</code> struct set by the printer device driver weren't being validated and could have resulted in invalid values which in turn would cause the browser to attempt out of bounds access to related variables.<br>*This bug only affects Firefox on Windows. | 6.5 |
2023-06-02 | CVE-2023-25741 | Unspecified vulnerability in Mozilla Firefox When dragging and dropping an image cross-origin, the image's size could potentially be leaked. | 6.5 |
2023-06-02 | CVE-2023-25742 | Unspecified vulnerability in Mozilla Firefox ESR When importing a SPKI RSA public key as ECDSA P-256, the key would be handled incorrectly causing the tab to crash. | 6.5 |
2023-06-02 | CVE-2023-25748 | Unspecified vulnerability in Mozilla Firefox By displaying a prompt with a long description, the fullscreen notification could have been hidden, resulting in potential user confusion or spoofing attacks. | 4.3 |