Vulnerabilities > Mozilla > Firefox > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-02-20 | CVE-2024-1550 | Improper Restriction of Rendered UI Layers or Frames vulnerability in multiple products A malicious website could have used a combination of exiting fullscreen mode and `requestPointerLock` to cause the user's mouse to be re-positioned unexpectedly, which could have led to user confusion and inadvertently granting permissions they did not intend to grant. | 6.1 |
| 2024-02-05 | CVE-2024-0953 | Open Redirect vulnerability in Mozilla Firefox When a user scans a QR Code with the QR Code Scanner feature, the user is not prompted before being navigated to the page specified in the code. | 6.1 |
| 2024-01-23 | CVE-2024-0741 | Out-of-bounds Write vulnerability in multiple products An out of bounds write in ANGLE could have allowed an attacker to corrupt memory leading to a potentially exploitable crash. | 6.5 |
| 2024-01-23 | CVE-2024-0742 | It was possible for certain browser prompts and dialogs to be activated or dismissed unintentionally by the user due to an incorrect timestamp used to prevent input after page load. | 4.3 |
| 2024-01-23 | CVE-2024-0746 | A Linux user opening the print preview dialog could have caused the browser to crash. | 6.5 |
| 2024-01-23 | CVE-2024-0747 | When a parent page loaded a child in an iframe with `unsafe-inline`, the parent Content Security Policy could have overridden the child Content Security Policy. | 6.5 |
| 2024-01-23 | CVE-2024-0748 | Unspecified vulnerability in Mozilla Firefox A compromised content process could have updated the document URI. | 4.3 |
| 2024-01-23 | CVE-2024-0749 | Origin Validation Error vulnerability in multiple products A phishing site could have repurposed an `about:` dialog to show phishing content with an incorrect origin in the address bar. | 4.3 |
| 2024-01-23 | CVE-2024-0752 | Use After Free vulnerability in Mozilla Firefox A use-after-free crash could have occurred on macOS if a Firefox update were being applied on a very busy system. | 6.5 |
| 2024-01-23 | CVE-2024-0753 | In specific HSTS configurations an attacker could have bypassed HSTS on a subdomain. | 6.5 |