Vulnerabilities > Mozilla > Firefox > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-06-24 | CVE-2021-29958 | Missing Authorization vulnerability in Mozilla Firefox When a download was initiated, the client did not check whether it was in normal or private browsing mode, which led to private mode cookies being shared in normal browsing mode. | 4.3 |
| 2021-06-24 | CVE-2021-29959 | Incorrect Authorization vulnerability in Mozilla Firefox When a user has already allowed a website to access microphone and camera, disabling camera sharing would not fully prevent the website from re-enabling it without an additional prompt. | 4.3 |
| 2021-06-24 | CVE-2021-29960 | Incorrect Resource Transfer Between Spheres vulnerability in Mozilla Firefox Firefox used to cache the last filename used for printing a file. | 4.3 |
| 2021-06-24 | CVE-2021-29961 | Incorrect Authorization vulnerability in Mozilla Firefox When styling and rendering an oversized `<select>` element, Firefox did not apply correct clipping which allowed an attacker to paint over the user interface. | 4.3 |
| 2021-06-24 | CVE-2021-29962 | Improper Resource Shutdown or Release vulnerability in Mozilla Firefox Firefox for Android would become unstable and hard-to-recover when a website opened too many popups. | 4.3 |
| 2021-06-24 | CVE-2021-29963 | Insufficient Verification of Data Authenticity vulnerability in Mozilla Firefox Address bar search suggestions in private browsing mode were re-using session data from normal mode. | 4.3 |
| 2021-06-24 | CVE-2021-29965 | Externally Controlled Reference to a Resource in Another Sphere vulnerability in Mozilla Firefox A malicious website that causes an HTTP Authentication dialog to be spawned could trick the built-in password manager to suggest passwords for the currently active website instead of the website that triggered the dialog. | 5.3 |
| 2021-06-02 | CVE-2011-3656 | Cross-site Scripting vulnerability in Mozilla Firefox Cross-site scripting (XSS) vulnerability in Mozilla Firefox before 3.6.24 and 4.x through 7 allows remote attackers to inject arbitrary web script or HTML via vectors involving HTTP 0.9 errors, non-default ports, and content-sniffing. | 6.1 |
| 2021-05-17 | CVE-2007-5967 | Unspecified vulnerability in Mozilla Firefox A flaw in Mozilla's embedded certificate code might allow web sites to install root certificates on devices without user approval. | 6.5 |
| 2021-03-31 | CVE-2021-23986 | Origin Validation Error vulnerability in Mozilla Firefox A malicious extension with the 'search' permission could have installed a new search engine whose favicon referenced a cross-origin URL. | 6.5 |