Vulnerabilities > Mozilla
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-02-16 | CVE-2019-17003 | Cross-site Scripting vulnerability in Mozilla Firefox Scanning a QR code that contained a javascript: URL would have resulted in the Javascript being executed. | 6.1 |
| 2023-02-16 | CVE-2020-12413 | Information Exposure Through Discrepancy vulnerability in Mozilla Firefox The Raccoon attack is a timing attack on DHE ciphersuites inherit in the TLS specification. | 5.9 |
| 2023-02-16 | CVE-2020-6817 | Unspecified vulnerability in Mozilla Bleach bleach.clean behavior parsing style attributes could result in a regular expression denial of service (ReDoS). | 7.5 |
| 2023-02-16 | CVE-2021-23980 | Cross-site Scripting vulnerability in Mozilla Bleach A mutation XSS affects users calling bleach.clean with all of: svg or math in the allowed tags p or br in allowed tags style, title, noscript, script, textarea, noframes, iframe, or xmp in allowed tags the keyword argument strip_comments=False Note: none of the above tags are in the default allowed tags and strip_comments defaults to True. | 6.1 |
| 2023-02-16 | CVE-2021-43529 | Out-of-bounds Write vulnerability in Mozilla Thunderbird Thunderbird versions prior to 91.3.0 are vulnerable to the heap overflow described in CVE-2021-43527 when processing S/MIME messages. | 9.8 |
| 2023-02-16 | CVE-2022-0637 | Open Redirect vulnerability in Mozilla Pollbot open redirect in pollbot (pollbot.services.mozilla.com) in versions before 1.4.6 | 6.1 |
| 2022-12-22 | CVE-2020-15679 | Session Fixation vulnerability in Mozilla VPN 1.0.7/1.1.0 An OAuth session fixation vulnerability existed in the VPN login flow, where an attacker could craft a custom login URL, convince a VPN user to login via that URL, and obtain authenticated access as that user. | 7.6 |
| 2022-12-22 | CVE-2020-15685 | Command Injection vulnerability in Mozilla Thunderbird During the plaintext phase of the STARTTLS connection setup, protocol commands could have been injected and evaluated within the encrypted session. | 8.8 |
| 2022-12-22 | CVE-2021-4126 | Unspecified vulnerability in Mozilla Thunderbird When receiving an OpenPGP/MIME signed email message that contains an additional outer MIME message layer, for example a message footer added by a mailing list gateway, Thunderbird only considered the inner signed message for the signature validity. | 6.5 |
| 2022-12-22 | CVE-2021-4127 | Unspecified vulnerability in Mozilla Thunderbird An out of date graphics library (Angle) likely contained vulnerabilities that could potentially be exploited. | 9.8 |