Vulnerabilities > Mozilla > Firefox > Medium

DATE CVE VULNERABILITY TITLE RISK
2023-06-02 CVE-2023-23601 Origin Validation Error vulnerability in Mozilla Firefox
Navigations were being allowed when dragging a URL from a cross-origin iframe into the same tab which could lead to website spoofing attacks.
network
low complexity
mozilla CWE-346
6.5
2023-06-02 CVE-2023-23602 Improper Check for Unusual or Exceptional Conditions vulnerability in Mozilla Firefox
A mishandled security check when creating a WebSocket in a WebWorker caused the Content Security Policy connect-src header to be ignored.
network
low complexity
mozilla CWE-754
6.5
2023-06-02 CVE-2023-23603 Unspecified vulnerability in Mozilla Firefox
Regular expressions used to filter out forbidden properties and values from style directives in calls to <code>console.log</code> weren't accounting for external URLs.
network
low complexity
mozilla
6.5
2023-06-02 CVE-2023-23604 Unspecified vulnerability in Mozilla Firefox
A duplicate <code>SystemPrincipal</code> object could be created when parsing a non-system html document via <code>DOMParser::ParseFromSafeString</code>.
network
low complexity
mozilla
6.5
2023-06-02 CVE-2023-25728 Unspecified vulnerability in Mozilla Firefox ESR
The <code>Content-Security-Policy-Report-Only</code> header could allow an attacker to leak a child iframe's unredacted URI when interaction with that iframe triggers a redirect.
network
low complexity
mozilla
6.5
2023-06-02 CVE-2023-25730 Unspecified vulnerability in Mozilla Firefox ESR
A background script invoking <code>requestFullscreen</code> and then blocking the main thread could force the browser into fullscreen mode indefinitely, resulting in potential user confusion or spoofing attacks.
network
low complexity
mozilla
5.4
2023-06-02 CVE-2023-25738 Out-of-bounds Read vulnerability in Mozilla Firefox
Members of the <code>DEVMODEW</code> struct set by the printer device driver weren't being validated and could have resulted in invalid values which in turn would cause the browser to attempt out of bounds access to related variables.<br>*This bug only affects Firefox on Windows.
network
low complexity
mozilla CWE-125
6.5
2023-06-02 CVE-2023-25741 Unspecified vulnerability in Mozilla Firefox
When dragging and dropping an image cross-origin, the image's size could potentially be leaked.
network
low complexity
mozilla
6.5
2023-06-02 CVE-2023-25742 Unspecified vulnerability in Mozilla Firefox ESR
When importing a SPKI RSA public key as ECDSA P-256, the key would be handled incorrectly causing the tab to crash.
network
low complexity
mozilla
6.5
2023-06-02 CVE-2023-25748 Unspecified vulnerability in Mozilla Firefox
By displaying a prompt with a long description, the fullscreen notification could have been hidden, resulting in potential user confusion or spoofing attacks.
network
low complexity
mozilla
4.3