Vulnerabilities > Mozilla > Firefox > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-10-25 | CVE-2023-5725 | A malicious installed WebExtension could open arbitrary URLs, which under the right circumstance could be leveraged to collect sensitive user data. | 4.3 |
| 2023-10-25 | CVE-2023-5726 | Unspecified vulnerability in Mozilla Firefox A website could have obscured the full screen notification by using the file open dialog. | 4.3 |
| 2023-10-25 | CVE-2023-5727 | Unspecified vulnerability in Mozilla Firefox The executable file warning was not presented when downloading .msix, .msixbundle, .appx, and .appxbundle files, which can run commands on a user's computer. | 6.5 |
| 2023-10-25 | CVE-2023-5729 | Unspecified vulnerability in Mozilla Firefox A malicious web site can enter fullscreen mode while simultaneously triggering a WebAuthn prompt. | 4.3 |
| 2023-10-25 | CVE-2023-5732 | An attacker could have created a malicious link using bidirectional characters to spoof the location in the address bar when visited. | 6.5 |
| 2023-10-25 | CVE-2023-5758 | Cross-site Scripting vulnerability in Mozilla Firefox When opening a page in reader mode, the redirect URL could have caused attacker-controlled script to execute in a reflected Cross-Site Scripting (XSS) attack. | 6.1 |
| 2023-09-27 | CVE-2023-5169 | Out-of-bounds Write vulnerability in multiple products A compromised content process could have provided malicious data in a `PathRecording` resulting in an out-of-bounds write, leading to a potentially exploitable crash in a privileged process. | 6.5 |
| 2023-09-27 | CVE-2023-5171 | Use After Free vulnerability in multiple products During Ion compilation, a Garbage Collection could have resulted in a use-after-free condition, allowing an attacker to write two NUL bytes, and cause a potentially exploitable crash. | 6.5 |
| 2023-09-11 | CVE-2023-4574 | Use After Free vulnerability in Mozilla Thunderbird When creating a callback over IPC for showing the Color Picker window, multiple of the same callbacks could have been created at a time and eventually all simultaneously destroyed as soon as one of the callbacks finished. | 6.5 |
| 2023-09-11 | CVE-2023-4575 | Use After Free vulnerability in Mozilla Thunderbird When creating a callback over IPC for showing the File Picker window, multiple of the same callbacks could have been created at a time and eventually all simultaneously destroyed as soon as one of the callbacks finished. | 6.5 |