Vulnerabilities > Mozilla > Firefox > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-06-24 | CVE-2021-29965 | Externally Controlled Reference to a Resource in Another Sphere vulnerability in Mozilla Firefox A malicious website that causes an HTTP Authentication dialog to be spawned could trick the built-in password manager to suggest passwords for the currently active website instead of the website that triggered the dialog. | 5.3 |
| 2021-06-02 | CVE-2011-3656 | Cross-site Scripting vulnerability in Mozilla Firefox Cross-site scripting (XSS) vulnerability in Mozilla Firefox before 3.6.24 and 4.x through 7 allows remote attackers to inject arbitrary web script or HTML via vectors involving HTTP 0.9 errors, non-default ports, and content-sniffing. | 6.1 |
| 2021-05-17 | CVE-2007-5967 | Unspecified vulnerability in Mozilla Firefox A flaw in Mozilla's embedded certificate code might allow web sites to install root certificates on devices without user approval. | 6.5 |
| 2021-03-31 | CVE-2021-23986 | Origin Validation Error vulnerability in Mozilla Firefox A malicious extension with the 'search' permission could have installed a new search engine whose favicon referenced a cross-origin URL. | 6.5 |
| 2021-03-31 | CVE-2021-23985 | Unspecified vulnerability in Mozilla Firefox If an attacker is able to alter specific about:config values (for example malware running on the user's computer), the Devtools remote debugging feature could have been enabled in a way that was unnoticable to the user. | 6.5 |
| 2021-03-31 | CVE-2021-23984 | Authentication Bypass by Spoofing vulnerability in Mozilla Firefox A malicious extension could have opened a popup window lacking an address bar. | 6.5 |
| 2021-03-31 | CVE-2021-23983 | Out-of-bounds Write vulnerability in Mozilla Firefox By causing a transition on a parent node by removing a CSS rule, an invalid property for a marker could have been applied, resulting in memory corruption and a potentially exploitable crash. | 6.5 |
| 2021-03-31 | CVE-2021-23982 | Inadequate Encryption Strength vulnerability in Mozilla Firefox Using techniques that built on the slipstream research, a malicious webpage could have scanned both an internal network's hosts as well as services running on the user's local machine utilizing WebRTC connections. | 6.5 |
| 2021-02-26 | CVE-2021-23977 | Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Mozilla Firefox Firefox for Android suffered from a time-of-check-time-of-use vulnerability that allowed a malicious application to read sensitive data from application directories. | 5.3 |
| 2021-02-26 | CVE-2021-23963 | Improper Preservation of Permissions vulnerability in Mozilla Firefox When sharing geolocation during an active WebRTC share, Firefox could have reset the webRTC sharing state in the user interface, leading to loss of control over the currently granted permission. | 4.3 |