Vulnerabilities > Mozilla
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-08-05 | CVE-2021-29973 | Unspecified vulnerability in Mozilla Firefox Password autofill was enabled without user interaction on insecure websites on Firefox for Android. | 8.8 |
| 2021-08-05 | CVE-2021-29974 | Unspecified vulnerability in Mozilla Firefox When network partitioning was enabled, e.g. | 4.3 |
| 2021-08-05 | CVE-2021-29975 | Unspecified vulnerability in Mozilla Firefox Through a series of DOM manipulations, a message, over which the attacker had control of the text but not HTML or formatting, could be overlaid on top of another domain (with the new domain correctly shown in the address bar) resulting in possible user confusion. | 6.5 |
| 2021-08-05 | CVE-2021-29976 | Out-of-bounds Write vulnerability in Mozilla Firefox Mozilla developers reported memory safety bugs present in code shared between Firefox and Thunderbird. | 8.8 |
| 2021-08-05 | CVE-2021-29977 | Out-of-bounds Write vulnerability in Mozilla Firefox Mozilla developers reported memory safety bugs present in Firefox 89. | 8.8 |
| 2021-08-05 | CVE-2021-29978 | Unspecified vulnerability in Mozilla VPN Multiple low security issues were discovered and fixed in a security audit of Mozilla VPN 2.x branch as part of a 3rd party security audit. | 9.8 |
| 2021-08-02 | CVE-2021-29979 | Cross-site Scripting vulnerability in Mozilla Hubs Cloud Hubs Cloud allows users to download shared content, specifically HTML and JS, which could allow javascript execution in the Hub Cloud instance’s primary hosting domain.*. | 6.1 |
| 2021-07-20 | CVE-2020-15660 | Cross-Site Request Forgery (CSRF) vulnerability in Mozilla Geckodriver Missing checks on Content-Type headers in geckodriver before 0.27.0 could lead to a CSRF vulnerability, that might, when paired with a specifically prepared request, lead to remote code execution. | 8.8 |
| 2021-06-24 | CVE-2021-23991 | Unspecified vulnerability in Mozilla Thunderbird If a Thunderbird user has previously imported Alice's OpenPGP key, and Alice has extended the validity period of her key, but Alice's updated key has not yet been imported, an attacker may send an email containing a crafted version of Alice's key with an invalid subkey, Thunderbird might subsequently attempt to use the invalid subkey, and will fail to send encrypted email to Alice. | 6.8 |
| 2021-06-24 | CVE-2021-23992 | Improper Verification of Cryptographic Signature vulnerability in Mozilla Thunderbird Thunderbird did not check if the user ID associated with an OpenPGP key has a valid self signature. | 4.3 |