Vulnerabilities > Mozilla > Firefox > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-02-16 | CVE-2019-17003 | Cross-site Scripting vulnerability in Mozilla Firefox Scanning a QR code that contained a javascript: URL would have resulted in the Javascript being executed. | 6.1 |
| 2023-02-16 | CVE-2020-12413 | Information Exposure Through Discrepancy vulnerability in Mozilla Firefox The Raccoon attack is a timing attack on DHE ciphersuites inherit in the TLS specification. | 5.9 |
| 2022-12-22 | CVE-2021-4128 | Use After Free vulnerability in Mozilla Firefox When transitioning in and out of fullscreen mode, a graphics object was not correctly protected; resulting in memory corruption and a potentially exploitable crash.<br>*This bug only affects Firefox on MacOS. | 6.5 |
| 2022-12-22 | CVE-2021-4221 | Unspecified vulnerability in Mozilla Firefox If a domain name contained a RTL character, it would cause the domain to be rendered to the right of the path. | 4.3 |
| 2022-12-22 | CVE-2022-1097 | Use After Free vulnerability in Mozilla Firefox ESR <code>NSSToken</code> objects were referenced via direct points, and could have been accessed in an unsafe way on different threads, leading to a use-after-free and potentially exploitable crash. | 6.5 |
| 2022-12-22 | CVE-2022-22739 | Unspecified vulnerability in Mozilla Firefox Malicious websites could have tricked users into accepting launching a program to handle an external URL protocol. | 6.5 |
| 2022-12-22 | CVE-2022-22742 | Out-of-bounds Read vulnerability in Mozilla Firefox When inserting text while in edit mode, some characters might have lead to out-of-bounds memory access causing a potentially exploitable crash. | 6.5 |
| 2022-12-22 | CVE-2022-22743 | Unspecified vulnerability in Mozilla Firefox When navigating from inside an iframe while requesting fullscreen access, an attacker-controlled tab could have made the browser unable to leave fullscreen mode. | 4.3 |
| 2022-12-22 | CVE-2022-22745 | Unspecified vulnerability in Mozilla Firefox Securitypolicyviolation events could have leaked cross-origin information for frame-ancestors violations. | 6.5 |
| 2022-12-22 | CVE-2022-22746 | Race Condition vulnerability in Mozilla Firefox A race condition could have allowed bypassing the fullscreen notification which could have lead to a fullscreen window spoof being unnoticed.<br>*This bug only affects Firefox for Windows. | 5.9 |