Vulnerabilities > Mozilla > Firefox > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-01-23 | CVE-2024-0748 | Unspecified vulnerability in Mozilla Firefox A compromised content process could have updated the document URI. | 4.3 |
| 2024-01-23 | CVE-2024-0749 | Origin Validation Error vulnerability in multiple products A phishing site could have repurposed an `about:` dialog to show phishing content with an incorrect origin in the address bar. | 4.3 |
| 2024-01-23 | CVE-2024-0752 | Use After Free vulnerability in Mozilla Firefox A use-after-free crash could have occurred on macOS if a Firefox update were being applied on a very busy system. | 6.5 |
| 2024-01-23 | CVE-2024-0753 | In specific HSTS configurations an attacker could have bypassed HSTS on a subdomain. | 6.5 |
| 2024-01-23 | CVE-2024-0754 | Unspecified vulnerability in Mozilla Firefox Some WASM source files could have caused a crash when loaded in devtools. | 6.5 |
| 2023-12-19 | CVE-2023-6135 | Information Exposure Through Discrepancy vulnerability in Mozilla Firefox Multiple NSS NIST curves were susceptible to a side-channel attack known as "Minerva". | 4.3 |
| 2023-12-19 | CVE-2023-6857 | Race Condition vulnerability in multiple products When resolving a symlink, a race may occur where the buffer passed to `readlink` may actually be smaller than necessary. | 5.3 |
| 2023-12-19 | CVE-2023-6860 | The `VideoBridge` allowed any content process to use textures produced by remote decoders. | 6.5 |
| 2023-12-19 | CVE-2023-6865 | `EncryptingOutputStream` was susceptible to exposing uninitialized data. | 6.5 |
| 2023-12-19 | CVE-2023-6867 | Improper Restriction of Rendered UI Layers or Frames vulnerability in multiple products The timing of a button click causing a popup to disappear was approximately the same length as the anti-clickjacking delay on permission prompts. | 6.1 |