Vulnerabilities > Mozilla > Firefox > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-10-01 | CVE-2024-9397 | Improper Restriction of Rendered UI Layers or Frames vulnerability in Mozilla Firefox A missing delay in directory upload UI could have made it possible for an attacker to trick a user into granting permission via clickjacking. | 6.1 |
| 2024-10-01 | CVE-2024-9398 | Unspecified vulnerability in Mozilla Firefox By checking the result of calls to `window.open` with specifically set protocol handlers, an attacker could determine if the application which implements that protocol handler is installed. | 5.3 |
| 2024-09-17 | CVE-2024-8897 | Open Redirect vulnerability in Mozilla Firefox Under certain conditions, an attacker with the ability to redirect users to a malicious site via an open redirect on a trusted site, may be able to spoof the address bar contents. | 6.1 |
| 2024-09-03 | CVE-2024-8386 | Open Redirect vulnerability in Mozilla Firefox If a site had been granted the permission to open popup windows, it could cause Select elements to appear on top of another site to perform a spoofing attack. | 6.1 |
| 2024-09-03 | CVE-2024-8388 | Unspecified vulnerability in Mozilla Firefox Multiple prompts and panels from both Firefox and the Android OS could be used to obscure the notification announcing the transition to fullscreen mode after the fix for CVE-2023-6870 in Firefox 121. | 5.3 |
| 2024-08-06 | CVE-2024-43111 | Cross-site Scripting vulnerability in Mozilla Firefox Long pressing on a download link could potentially allow Javascript commands to be executed within the browser This vulnerability affects Firefox for iOS < 129. | 6.1 |
| 2024-08-06 | CVE-2024-43112 | Cross-site Scripting vulnerability in Mozilla Firefox Long pressing on a download link could potentially provide a means for cross-site scripting This vulnerability affects Firefox for iOS < 129. | 6.1 |
| 2024-08-06 | CVE-2024-43113 | Cross-site Scripting vulnerability in Mozilla Firefox The contextual menu for links could provide an opportunity for cross-site scripting attacks This vulnerability affects Firefox for iOS < 129. | 6.1 |
| 2024-08-06 | CVE-2024-7518 | Unspecified vulnerability in Mozilla Firefox Select options could obscure the fullscreen notification dialog. | 6.5 |
| 2024-08-06 | CVE-2024-7524 | Cross-site Scripting vulnerability in Mozilla Firefox Firefox adds web-compatibility shims in place of some tracking scripts blocked by Enhanced Tracking Protection. | 6.1 |