Vulnerabilities > Mozilla > Firefox > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-12-19 | CVE-2023-6868 | Unspecified vulnerability in Mozilla Firefox In some instances, the user-agent would allow push requests which lacked a valid VAPID even though the push manager subscription defined one. | 4.3 |
| 2023-12-19 | CVE-2023-6869 | Unspecified vulnerability in Mozilla Firefox A `<dialog>` element could have been manipulated to paint content outside of a sandboxed iframe. | 6.5 |
| 2023-12-19 | CVE-2023-6870 | Unspecified vulnerability in Mozilla Firefox Applications which spawn a Toast notification in a background thread may have obscured fullscreen notifications displayed by Firefox. | 4.3 |
| 2023-12-19 | CVE-2023-6871 | Unspecified vulnerability in Mozilla Firefox Under certain conditions, Firefox did not display a warning when a user attempted to navigate to a new protocol handler. | 4.3 |
| 2023-12-19 | CVE-2023-6872 | Unspecified vulnerability in Mozilla Firefox Browser tab titles were being leaked by GNOME to system logs. | 6.5 |
| 2023-11-21 | CVE-2023-49061 | Open Redirect vulnerability in Mozilla Firefox An attacker could have performed HTML template injection via Reader Mode and exfiltrated user information. | 6.1 |
| 2023-11-21 | CVE-2023-6204 | Out-of-bounds Read vulnerability in multiple products On some systems—depending on the graphics settings and drivers—it was possible to force an out-of-bounds read and leak memory data into the images created on the canvas element. | 6.5 |
| 2023-11-21 | CVE-2023-6205 | Use After Free vulnerability in multiple products It was possible to cause the use of a MessagePort after it had already been freed, which could potentially have led to an exploitable crash. | 6.5 |
| 2023-11-21 | CVE-2023-6206 | Improper Restriction of Rendered UI Layers or Frames vulnerability in multiple products The black fade animation when exiting fullscreen is roughly the length of the anti-clickjacking delay on permission prompts. | 5.4 |
| 2023-11-21 | CVE-2023-6209 | Path Traversal vulnerability in multiple products Relative URLs starting with three slashes were incorrectly parsed, and a path-traversal "/../" part in the path could be used to override the specified host. | 6.5 |