Vulnerabilities > Mozilla

DATE CVE VULNERABILITY TITLE RISK
2023-11-21 CVE-2023-49060 Unspecified vulnerability in Mozilla Firefox
An attacker could have accessed internal pages or data by ex-filtrating a security key from ReaderMode via the `referrerpolicy` attribute.
network
low complexity
mozilla
critical
9.8
2023-11-21 CVE-2023-49061 Open Redirect vulnerability in Mozilla Firefox
An attacker could have performed HTML template injection via Reader Mode and exfiltrated user information.
network
low complexity
mozilla CWE-601
6.1
2023-11-21 CVE-2023-6204 Out-of-bounds Read vulnerability in multiple products
On some systems—depending on the graphics settings and drivers—it was possible to force an out-of-bounds read and leak memory data into the images created on the canvas element.
network
low complexity
mozilla debian CWE-125
6.5
2023-11-21 CVE-2023-6205 Use After Free vulnerability in multiple products
It was possible to cause the use of a MessagePort after it had already been freed, which could potentially have led to an exploitable crash.
network
low complexity
mozilla debian CWE-416
6.5
2023-11-21 CVE-2023-6206 Improper Restriction of Rendered UI Layers or Frames vulnerability in multiple products
The black fade animation when exiting fullscreen is roughly the length of the anti-clickjacking delay on permission prompts.
network
low complexity
mozilla debian CWE-1021
5.4
2023-11-21 CVE-2023-6207 Use After Free vulnerability in multiple products
Ownership mismanagement led to a use-after-free in ReadableByteStreams This vulnerability affects Firefox < 120, Firefox ESR < 115.5.0, and Thunderbird < 115.5.
network
low complexity
mozilla debian CWE-416
8.8
2023-11-21 CVE-2023-6208 When using X11, text selected by the page using the Selection API was erroneously copied into the primary selection, a temporary storage not unlike the clipboard. *This bug only affects Firefox on X11.
network
low complexity
mozilla debian
8.8
2023-11-21 CVE-2023-6209 Path Traversal vulnerability in multiple products
Relative URLs starting with three slashes were incorrectly parsed, and a path-traversal "/../" part in the path could be used to override the specified host.
network
low complexity
mozilla debian CWE-22
6.5
2023-11-21 CVE-2023-6210 Unspecified vulnerability in Mozilla Firefox
When an https: web page created a pop-up from a "javascript:" URL, that pop-up was incorrectly allowed to load blockable content such as iframes from insecure http: URLs This vulnerability affects Firefox < 120.
network
low complexity
mozilla
6.5
2023-11-21 CVE-2023-6211 Improper Restriction of Rendered UI Layers or Frames vulnerability in Mozilla Firefox
If an attacker needed a user to load an insecure http: page and knew that user had enabled HTTPS-only mode, the attacker could have tricked the user into clicking to grant an HTTPS-only exception if they could get the user to participate in a clicking game.
network
low complexity
mozilla CWE-1021
6.5