Vulnerabilities > Mozilla > Firefox > Medium

DATE CVE VULNERABILITY TITLE RISK
2023-06-02 CVE-2023-29538 Exposure of Resource to Wrong Sphere vulnerability in Mozilla Firefox and Focus
Under specific circumstances a WebExtension may have received a <code>jar:file:///</code> URI instead of a <code>moz-extension:///</code> URI during a load request.
network
low complexity
mozilla CWE-668
4.3
2023-06-02 CVE-2023-29540 Open Redirect vulnerability in Mozilla Firefox and Focus
Using a redirect embedded into <code>sourceMappingUrls</code> could allow for navigation to external protocol links in sandboxed iframes without <code>allow-top-navigation-to-custom-protocols</code>.
network
low complexity
mozilla CWE-601
6.1
2023-06-02 CVE-2023-29544 Resource Exhaustion vulnerability in Mozilla Firefox and Focus
If multiple instances of resource exhaustion occurred at the incorrect time, the garbage collector could have caused memory corruption and a potentially exploitable crash.
network
low complexity
mozilla CWE-400
6.5
2023-06-02 CVE-2023-29547 Unspecified vulnerability in Mozilla Firefox ESR and Focus
When a secure cookie existed in the Firefox cookie jar an insecure cookie for the same domain could have been created, when it should have silently failed.
network
low complexity
mozilla
6.5
2023-06-02 CVE-2023-29548 Unspecified vulnerability in Mozilla products
A wrong lowering instruction in the ARM64 Ion compiler resulted in a wrong optimization result.
network
low complexity
mozilla
6.5
2023-06-02 CVE-2023-29549 Inadequate Encryption Strength vulnerability in Mozilla Firefox and Focus
Under certain circumstances, a call to the <code>bind</code> function may have resulted in the incorrect realm.
network
low complexity
mozilla CWE-326
6.5
2023-06-02 CVE-2023-32205 Unspecified vulnerability in Mozilla Firefox
In multiple cases browser prompts could have been obscured by popups controlled by content.
network
low complexity
mozilla
4.3
2023-06-02 CVE-2023-32206 Out-of-bounds Read vulnerability in Mozilla Firefox
An out-of-bound read could have led to a crash in the RLBox Expat driver.
network
low complexity
mozilla CWE-125
6.5
2023-06-02 CVE-2023-32211 Unspecified vulnerability in Mozilla Firefox
A type checking bug would have led to invalid code being compiled.
network
low complexity
mozilla
6.5
2023-06-02 CVE-2023-32212 Unspecified vulnerability in Mozilla Firefox
An attacker could have positioned a <code>datalist</code> element to obscure the address bar.
network
low complexity
mozilla
4.3