Vulnerabilities > Mozilla
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-07-05 | CVE-2023-37202 | Use After Free vulnerability in multiple products Cross-compartment wrappers wrapping a scripted proxy could have caused objects from other compartments to be stored in the main compartment resulting in a use-after-free. | 8.8 |
| 2023-07-05 | CVE-2023-37207 | Unsafe Reflection vulnerability in multiple products A website could have obscured the fullscreen notification by using a URL with a scheme handled by an external program, such as a mailto URL. | 6.5 |
| 2023-07-05 | CVE-2023-37208 | When opening Diagcab files, Firefox did not warn the user that these files may contain malicious code. | 7.8 |
| 2023-06-19 | CVE-2019-25136 | Unspecified vulnerability in Mozilla Firefox A compromised child process could have injected XBL Bindings into privileged CSS rules, resulting in arbitrary code execution and a sandbox escape. | 10.0 |
| 2023-06-19 | CVE-2023-25733 | Unchecked Return Value vulnerability in Mozilla Firefox The return value from `gfx::SourceSurfaceSkia::Map()` wasn't being verified which could have potentially lead to a null pointer dereference. | 7.5 |
| 2023-06-19 | CVE-2023-25736 | Unspecified vulnerability in Mozilla Firefox An invalid downcast from `nsHTMLDocument` to `nsIContent` could have lead to undefined behavior. | 9.8 |
| 2023-06-19 | CVE-2023-25747 | Use After Free vulnerability in Mozilla Firefox A potential use-after-free in libaudio was fixed by disabling the AAudio backend when running on Android API below version 30. *This bug only affects Firefox for Android. | 7.5 |
| 2023-06-19 | CVE-2023-29534 | Unspecified vulnerability in Mozilla Firefox and Firefox Focus Different techniques existed to obscure the fullscreen notification in Firefox and Focus for Android. | 9.1 |
| 2023-06-19 | CVE-2023-29542 | Unspecified vulnerability in Mozilla Firefox A newline in a filename could have been used to bypass the file extension security mechanisms that replace malicious file extensions such as .lnk with .download. | 9.8 |
| 2023-06-19 | CVE-2023-29545 | Unspecified vulnerability in Mozilla Thunderbird Similar to CVE-2023-28163, this time when choosing 'Save Link As', suggested filenames containing environment variable names would have resolved those in the context of the current user. | 6.5 |