Vulnerabilities > Mozilla

DATE CVE VULNERABILITY TITLE RISK
2023-06-02 CVE-2023-29536 Use After Free vulnerability in Mozilla products
An attacker could cause the memory manager to incorrectly free a pointer that addresses attacker-controlled memory, resulting in an assertion, memory corruption, or a potentially exploitable crash.
network
low complexity
mozilla CWE-416
8.8
2023-06-02 CVE-2023-29537 Race Condition vulnerability in Mozilla Firefox and Focus
Multiple race conditions in the font initialization could have led to memory corruption and execution of attacker-controlled code.
network
high complexity
mozilla CWE-362
7.5
2023-06-02 CVE-2023-29538 Exposure of Resource to Wrong Sphere vulnerability in Mozilla Firefox and Focus
Under specific circumstances a WebExtension may have received a <code>jar:file:///</code> URI instead of a <code>moz-extension:///</code> URI during a load request.
network
low complexity
mozilla CWE-668
4.3
2023-06-02 CVE-2023-29539 NULL Pointer Dereference vulnerability in Mozilla products
When handling the filename directive in the Content-Disposition header, the filename would be truncated if the filename contained a NULL character.
network
low complexity
mozilla CWE-476
8.8
2023-06-02 CVE-2023-29540 Open Redirect vulnerability in Mozilla Firefox and Focus
Using a redirect embedded into <code>sourceMappingUrls</code> could allow for navigation to external protocol links in sandboxed iframes without <code>allow-top-navigation-to-custom-protocols</code>.
network
low complexity
mozilla CWE-601
6.1
2023-06-02 CVE-2023-29541 Improper Encoding or Escaping of Output vulnerability in Mozilla products
Firefox did not properly handle downloads of files ending in <code>.desktop</code>, which can be interpreted to run attacker-controlled commands.
network
low complexity
mozilla CWE-116
8.8
2023-06-02 CVE-2023-29543 Use After Free vulnerability in Mozilla Firefox and Focus
An attacker could have caused memory corruption and a potentially exploitable use-after-free of a pointer in a global object's debugger vector.
network
low complexity
mozilla CWE-416
8.8
2023-06-02 CVE-2023-29544 Resource Exhaustion vulnerability in Mozilla Firefox and Focus
If multiple instances of resource exhaustion occurred at the incorrect time, the garbage collector could have caused memory corruption and a potentially exploitable crash.
network
low complexity
mozilla CWE-400
6.5
2023-06-02 CVE-2023-29547 Unspecified vulnerability in Mozilla Firefox ESR and Focus
When a secure cookie existed in the Firefox cookie jar an insecure cookie for the same domain could have been created, when it should have silently failed.
network
low complexity
mozilla
6.5
2023-06-02 CVE-2023-29548 Unspecified vulnerability in Mozilla products
A wrong lowering instruction in the ARM64 Ion compiler resulted in a wrong optimization result.
network
low complexity
mozilla
6.5