Vulnerabilities > Mozilla

DATE CVE VULNERABILITY TITLE RISK
2023-06-02 CVE-2023-28159 Unspecified vulnerability in Mozilla Firefox
The fullscreen notification could have been hidden on Firefox for Android by using download popups, resulting in potential user confusion or spoofing attacks.
network
low complexity
mozilla
4.3
2023-06-02 CVE-2023-28160 Unspecified vulnerability in Mozilla Firefox
When following a redirect to a publicly accessible web extension file, the URL may have been translated to the actual local path, leaking potentially sensitive information.
network
low complexity
mozilla
6.5
2023-06-02 CVE-2023-28161 Improper Preservation of Permissions vulnerability in Mozilla Firefox
If temporary "one-time" permissions, such as the ability to use the Camera, were granted to a document loaded using a file: URL, that permission persisted in that tab for all other documents loaded from a file: URL.
network
low complexity
mozilla CWE-281
8.8
2023-06-02 CVE-2023-28162 Incorrect Type Conversion or Cast vulnerability in Mozilla Firefox
While implementing AudioWorklets, some code may have casted one type to another, invalid, dynamic type.
network
low complexity
mozilla CWE-704
8.8
2023-06-02 CVE-2023-28163 Unspecified vulnerability in Mozilla Firefox
When downloading files through the Save As dialog on Windows with suggested filenames containing environment variable names, Windows would have resolved those in the context of the current user.
network
low complexity
mozilla
6.5
2023-06-02 CVE-2023-28164 Unspecified vulnerability in Mozilla Firefox
Dragging a URL from a cross-origin iframe that was removed during the drag could have led to user confusion and website spoofing attacks.
network
low complexity
mozilla
6.5
2023-06-02 CVE-2023-28176 Out-of-bounds Write vulnerability in Mozilla Firefox
Memory safety bugs present in Firefox 110 and Firefox ESR 102.8.
network
low complexity
mozilla CWE-787
8.8
2023-06-02 CVE-2023-28177 Out-of-bounds Write vulnerability in Mozilla Firefox
Memory safety bugs present in Firefox 110.
network
low complexity
mozilla CWE-787
8.8
2023-06-02 CVE-2023-29533 Unspecified vulnerability in Mozilla products
A website could have obscured the fullscreen notification by using a combination of <code>window.open</code>, fullscreen requests, <code>window.name</code> assignments, and <code>setInterval</code> calls.
network
low complexity
mozilla
4.3
2023-06-02 CVE-2023-29535 Unspecified vulnerability in Mozilla products
Following a Garbage Collector compaction, weak maps may have been accessed before they were correctly traced.
network
low complexity
mozilla
6.5