Vulnerabilities > Mozilla > Firefox > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-08-01 | CVE-2023-4054 | Unspecified vulnerability in Mozilla Firefox When opening appref-ms files, Firefox did not warn the user that these files may contain malicious code. | 5.5 |
| 2023-08-01 | CVE-2023-4045 | Origin Validation Error vulnerability in multiple products Offscreen Canvas did not properly track cross-origin tainting, which could have been used to access image data from another site in violation of same-origin policy. | 5.3 |
| 2023-08-01 | CVE-2023-4046 | In some circumstances, a stale value could have been used for a global variable in WASM JIT analysis. | 5.3 |
| 2023-08-01 | CVE-2023-4049 | Race Condition vulnerability in multiple products Race conditions in reference counting code were found through code inspection. | 5.9 |
| 2023-08-01 | CVE-2023-4052 | Link Following vulnerability in Mozilla Firefox The Firefox updater created a directory writable by non-privileged users. | 6.5 |
| 2023-08-01 | CVE-2023-4053 | Link Following vulnerability in Mozilla Firefox A website could have obscured the full screen notification by using a URL with a scheme handled by an external program, such as a mailto URL. | 6.5 |
| 2023-07-12 | CVE-2023-37455 | Improper Restriction of Rendered UI Layers or Frames vulnerability in Mozilla Firefox The permission request prompt from the site in the background tab was overlaid on top of the site in the foreground tab. | 5.4 |
| 2023-07-12 | CVE-2023-37456 | Unspecified vulnerability in Mozilla Firefox The session restore helper crashed whenever there was no parameter sent to the message handler. | 6.5 |
| 2023-07-05 | CVE-2023-37204 | Unspecified vulnerability in Mozilla Firefox A website could have obscured the fullscreen notification by using an option element by introducing lag via an expensive computational function. | 6.5 |
| 2023-07-05 | CVE-2023-37205 | Unspecified vulnerability in Mozilla Firefox The use of RTL Arabic characters in the address bar may have allowed for URL spoofing. | 6.5 |