Vulnerabilities > Mozilla > Firefox > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-06-02 | CVE-2023-23603 | Unspecified vulnerability in Mozilla Firefox Regular expressions used to filter out forbidden properties and values from style directives in calls to <code>console.log</code> weren't accounting for external URLs. | 6.5 |
| 2023-06-02 | CVE-2023-23604 | Unspecified vulnerability in Mozilla Firefox A duplicate <code>SystemPrincipal</code> object could be created when parsing a non-system html document via <code>DOMParser::ParseFromSafeString</code>. | 6.5 |
| 2023-06-02 | CVE-2023-25728 | Unspecified vulnerability in Mozilla Firefox ESR The <code>Content-Security-Policy-Report-Only</code> header could allow an attacker to leak a child iframe's unredacted URI when interaction with that iframe triggers a redirect. | 6.5 |
| 2023-06-02 | CVE-2023-25730 | Unspecified vulnerability in Mozilla Firefox ESR A background script invoking <code>requestFullscreen</code> and then blocking the main thread could force the browser into fullscreen mode indefinitely, resulting in potential user confusion or spoofing attacks. | 5.4 |
| 2023-06-02 | CVE-2023-25738 | Out-of-bounds Read vulnerability in Mozilla Firefox Members of the <code>DEVMODEW</code> struct set by the printer device driver weren't being validated and could have resulted in invalid values which in turn would cause the browser to attempt out of bounds access to related variables.<br>*This bug only affects Firefox on Windows. | 6.5 |
| 2023-06-02 | CVE-2023-25741 | Unspecified vulnerability in Mozilla Firefox When dragging and dropping an image cross-origin, the image's size could potentially be leaked. | 6.5 |
| 2023-06-02 | CVE-2023-25742 | Unspecified vulnerability in Mozilla Firefox ESR When importing a SPKI RSA public key as ECDSA P-256, the key would be handled incorrectly causing the tab to crash. | 6.5 |
| 2023-06-02 | CVE-2023-25748 | Unspecified vulnerability in Mozilla Firefox By displaying a prompt with a long description, the fullscreen notification could have been hidden, resulting in potential user confusion or spoofing attacks. | 4.3 |
| 2023-06-02 | CVE-2023-25749 | Unspecified vulnerability in Mozilla Firefox Android applications with unpatched vulnerabilities can be launched from a browser using Intents, exposing users to these vulnerabilities. | 4.3 |
| 2023-06-02 | CVE-2023-25750 | Exposure of Resource to Wrong Sphere vulnerability in Mozilla Firefox Under certain circumstances, a ServiceWorker's offline cache may have leaked to the file system when using private browsing mode. | 4.3 |