Vulnerabilities > Mozilla > Focus

DATE CVE VULNERABILITY TITLE RISK
2023-06-02 CVE-2023-29533 Unspecified vulnerability in Mozilla products
A website could have obscured the fullscreen notification by using a combination of <code>window.open</code>, fullscreen requests, <code>window.name</code> assignments, and <code>setInterval</code> calls.
network
low complexity
mozilla
4.3
2023-06-02 CVE-2023-29535 Unspecified vulnerability in Mozilla products
Following a Garbage Collector compaction, weak maps may have been accessed before they were correctly traced.
network
low complexity
mozilla
6.5
2023-06-02 CVE-2023-29536 Use After Free vulnerability in Mozilla products
An attacker could cause the memory manager to incorrectly free a pointer that addresses attacker-controlled memory, resulting in an assertion, memory corruption, or a potentially exploitable crash.
network
low complexity
mozilla CWE-416
8.8
2023-06-02 CVE-2023-29537 Race Condition vulnerability in Mozilla Firefox and Focus
Multiple race conditions in the font initialization could have led to memory corruption and execution of attacker-controlled code.
network
high complexity
mozilla CWE-362
7.5
2023-06-02 CVE-2023-29538 Exposure of Resource to Wrong Sphere vulnerability in Mozilla Firefox and Focus
Under specific circumstances a WebExtension may have received a <code>jar:file:///</code> URI instead of a <code>moz-extension:///</code> URI during a load request.
network
low complexity
mozilla CWE-668
4.3
2023-06-02 CVE-2023-29539 NULL Pointer Dereference vulnerability in Mozilla products
When handling the filename directive in the Content-Disposition header, the filename would be truncated if the filename contained a NULL character.
network
low complexity
mozilla CWE-476
8.8
2023-06-02 CVE-2023-29540 Open Redirect vulnerability in Mozilla Firefox and Focus
Using a redirect embedded into <code>sourceMappingUrls</code> could allow for navigation to external protocol links in sandboxed iframes without <code>allow-top-navigation-to-custom-protocols</code>.
network
low complexity
mozilla CWE-601
6.1
2023-06-02 CVE-2023-29541 Improper Encoding or Escaping of Output vulnerability in Mozilla products
Firefox did not properly handle downloads of files ending in <code>.desktop</code>, which can be interpreted to run attacker-controlled commands.
network
low complexity
mozilla CWE-116
8.8
2023-06-02 CVE-2023-29543 Use After Free vulnerability in Mozilla Firefox and Focus
An attacker could have caused memory corruption and a potentially exploitable use-after-free of a pointer in a global object's debugger vector.
network
low complexity
mozilla CWE-416
8.8
2023-06-02 CVE-2023-29544 Resource Exhaustion vulnerability in Mozilla Firefox and Focus
If multiple instances of resource exhaustion occurred at the incorrect time, the garbage collector could have caused memory corruption and a potentially exploitable crash.
network
low complexity
mozilla CWE-400
6.5