Vulnerabilities > Mozilla > Firefox > Medium

DATE CVE VULNERABILITY TITLE RISK
2023-08-01 CVE-2023-4052 Link Following vulnerability in Mozilla Firefox
The Firefox updater created a directory writable by non-privileged users.
network
low complexity
mozilla CWE-59
6.5
2023-08-01 CVE-2023-4053 Link Following vulnerability in Mozilla Firefox
A website could have obscured the full screen notification by using a URL with a scheme handled by an external program, such as a mailto URL.
network
low complexity
mozilla CWE-59
6.5
2023-07-12 CVE-2023-37455 Improper Restriction of Rendered UI Layers or Frames vulnerability in Mozilla Firefox
The permission request prompt from the site in the background tab was overlaid on top of the site in the foreground tab.
network
low complexity
mozilla CWE-1021
5.4
2023-07-12 CVE-2023-37456 Unspecified vulnerability in Mozilla Firefox
The session restore helper crashed whenever there was no parameter sent to the message handler.
network
low complexity
mozilla
6.5
2023-07-05 CVE-2023-37204 Unspecified vulnerability in Mozilla Firefox
A website could have obscured the fullscreen notification by using an option element by introducing lag via an expensive computational function.
network
low complexity
mozilla
6.5
2023-07-05 CVE-2023-37205 Unspecified vulnerability in Mozilla Firefox
The use of RTL Arabic characters in the address bar may have allowed for URL spoofing.
network
low complexity
mozilla
6.5
2023-07-05 CVE-2023-37206 Link Following vulnerability in Mozilla Firefox
Uploading files which contain symlinks may have allowed an attacker to trick a user into submitting sensitive data to a malicious website.
network
low complexity
mozilla CWE-59
6.5
2023-07-05 CVE-2023-37210 Unspecified vulnerability in Mozilla Firefox
A website could prevent a user from exiting full-screen mode via alert and prompt calls.
network
low complexity
mozilla
6.5
2023-07-05 CVE-2023-3482 Missing Authorization vulnerability in Mozilla Firefox
When Firefox is configured to block storage of all cookies, it was still possible to store data in localstorage by using an iframe with a source of 'about:blank'.
network
low complexity
mozilla CWE-862
6.5
2023-07-05 CVE-2023-37207 Unsafe Reflection vulnerability in multiple products
A website could have obscured the fullscreen notification by using a URL with a scheme handled by an external program, such as a mailto URL.
network
low complexity
mozilla debian CWE-470
6.5