Vulnerabilities > Mozilla
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2024-10-29 | CVE-2024-10467 | Out-of-bounds Write vulnerability in Mozilla Thunderbird Memory safety bugs present in Firefox 131, Firefox ESR 128.3, and Thunderbird 128.3. | 8.8 |
2024-10-29 | CVE-2024-10468 | Race Condition vulnerability in Mozilla Firefox Potential race conditions in IndexedDB could have caused memory corruption, leading to a potentially exploitable crash. | 5.3 |
2024-10-29 | CVE-2024-10474 | Unspecified vulnerability in Mozilla Firefox Focus 122.0 Focus was incorrectly allowing internal links to utilize the app scheme used for deeplinking, which could result in links potentially circumventing some URL safety checks This vulnerability affects Focus for iOS < 132. | 6.5 |
2024-10-09 | CVE-2024-9680 | Use After Free vulnerability in multiple products An attacker was able to achieve code execution in the content process by exploiting a use-after-free in Animation timelines. | 9.8 |
2024-10-01 | CVE-2024-9393 | Unspecified vulnerability in Mozilla Firefox An attacker could, via a specially crafted multipart response, execute arbitrary JavaScript under the `resource://pdf.js` origin. | 7.5 |
2024-10-01 | CVE-2024-9394 | Unspecified vulnerability in Mozilla Firefox An attacker could, via a specially crafted multipart response, execute arbitrary JavaScript under the `resource://devtools` origin. | 7.5 |
2024-10-01 | CVE-2024-9397 | Improper Restriction of Rendered UI Layers or Frames vulnerability in Mozilla Firefox A missing delay in directory upload UI could have made it possible for an attacker to trick a user into granting permission via clickjacking. | 6.1 |
2024-10-01 | CVE-2024-9398 | Unspecified vulnerability in Mozilla Firefox By checking the result of calls to `window.open` with specifically set protocol handlers, an attacker could determine if the application which implements that protocol handler is installed. | 5.3 |
2024-10-01 | CVE-2024-9399 | Unspecified vulnerability in Mozilla Thunderbird A website configured to initiate a specially crafted WebTransport session could crash the Firefox process leading to a denial of service condition. | 7.5 |
2024-09-17 | CVE-2024-8900 | Unspecified vulnerability in Mozilla Firefox An attacker could write data to the user's clipboard, bypassing the user prompt, during a certain sequence of navigational events. | 7.5 |