Vulnerabilities > Mozilla

DATE CVE VULNERABILITY TITLE RISK
2024-10-29 CVE-2024-10467 Out-of-bounds Write vulnerability in Mozilla Thunderbird
Memory safety bugs present in Firefox 131, Firefox ESR 128.3, and Thunderbird 128.3.
network
low complexity
mozilla CWE-787
8.8
2024-10-29 CVE-2024-10468 Race Condition vulnerability in Mozilla Firefox
Potential race conditions in IndexedDB could have caused memory corruption, leading to a potentially exploitable crash.
network
high complexity
mozilla CWE-362
5.3
2024-10-29 CVE-2024-10474 Unspecified vulnerability in Mozilla Firefox Focus 122.0
Focus was incorrectly allowing internal links to utilize the app scheme used for deeplinking, which could result in links potentially circumventing some URL safety checks This vulnerability affects Focus for iOS < 132.
network
low complexity
mozilla
6.5
2024-10-09 CVE-2024-9680 Use After Free vulnerability in multiple products
An attacker was able to achieve code execution in the content process by exploiting a use-after-free in Animation timelines.
network
low complexity
mozilla debian CWE-416
critical
9.8
2024-10-01 CVE-2024-9393 Unspecified vulnerability in Mozilla Firefox
An attacker could, via a specially crafted multipart response, execute arbitrary JavaScript under the `resource://pdf.js` origin.
network
low complexity
mozilla
7.5
2024-10-01 CVE-2024-9394 Unspecified vulnerability in Mozilla Firefox
An attacker could, via a specially crafted multipart response, execute arbitrary JavaScript under the `resource://devtools` origin.
network
low complexity
mozilla
7.5
2024-10-01 CVE-2024-9397 Improper Restriction of Rendered UI Layers or Frames vulnerability in Mozilla Firefox
A missing delay in directory upload UI could have made it possible for an attacker to trick a user into granting permission via clickjacking.
network
low complexity
mozilla CWE-1021
6.1
2024-10-01 CVE-2024-9398 Unspecified vulnerability in Mozilla Firefox
By checking the result of calls to `window.open` with specifically set protocol handlers, an attacker could determine if the application which implements that protocol handler is installed.
network
low complexity
mozilla
5.3
2024-10-01 CVE-2024-9399 Unspecified vulnerability in Mozilla Thunderbird
A website configured to initiate a specially crafted WebTransport session could crash the Firefox process leading to a denial of service condition.
network
low complexity
mozilla
7.5
2024-09-17 CVE-2024-8900 Unspecified vulnerability in Mozilla Firefox
An attacker could write data to the user's clipboard, bypassing the user prompt, during a certain sequence of navigational events.
network
low complexity
mozilla
7.5