Vulnerabilities > Mozilla > Firefox > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-06-24 | CVE-2021-23996 | Unspecified vulnerability in Mozilla Firefox By utilizing 3D CSS in conjunction with Javascript, content could have been rendered outside the webpage's viewport, resulting in a spoofing attack that could have been used for phishing or other attacks on a user. | 6.5 |
| 2021-06-24 | CVE-2021-23998 | Insufficient Verification of Data Authenticity vulnerability in Mozilla Thunderbird Through complicated navigations with new windows, an HTTP page could have inherited a secure lock icon from an HTTPS page. | 6.5 |
| 2021-06-24 | CVE-2021-24001 | Exposure of Resource to Wrong Sphere vulnerability in Mozilla Firefox A compromised content process could have performed session history manipulations it should not have been able to due to testing infrastructure that was not restricted to testing-only configurations. | 4.3 |
| 2021-06-24 | CVE-2021-29944 | Cross-site Scripting vulnerability in Mozilla Firefox Lack of escaping allowed HTML injection when a webpage was viewed in Reader View. | 6.1 |
| 2021-06-24 | CVE-2021-29945 | Incorrect Calculation vulnerability in Mozilla Firefox, Firefox ESR and Thunderbird The WebAssembly JIT could miscalculate the size of a return type, which could lead to a null read and result in a crash. | 6.5 |
| 2021-06-24 | CVE-2021-29951 | Improper Privilege Management vulnerability in Mozilla Firefox The Mozilla Maintenance Service granted SERVICE_START access to BUILTIN|Users which, in a domain network, grants normal remote users access to start or stop the service. | 6.5 |
| 2021-06-24 | CVE-2021-29953 | Cross-site Scripting vulnerability in Mozilla Firefox A malicious webpage could have forced a Firefox for Android user into executing attacker-controlled JavaScript in the context of another domain, resulting in a Universal Cross-Site Scripting vulnerability. | 6.1 |
| 2021-06-24 | CVE-2021-29955 | Injection vulnerability in Mozilla Firefox A transient execution vulnerability, named Floating Point Value Injection (FPVI) allowed an attacker to leak arbitrary memory addresses and may have also enabled JIT type confusion attacks. | 5.3 |
| 2021-06-24 | CVE-2021-29958 | Missing Authorization vulnerability in Mozilla Firefox When a download was initiated, the client did not check whether it was in normal or private browsing mode, which led to private mode cookies being shared in normal browsing mode. | 4.3 |
| 2021-06-24 | CVE-2021-29959 | Incorrect Authorization vulnerability in Mozilla Firefox When a user has already allowed a website to access microphone and camera, disabling camera sharing would not fully prevent the website from re-enabling it without an additional prompt. | 4.3 |