Vulnerabilities > Mozilla
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-02-26 | CVE-2021-23960 | Unspecified vulnerability in Mozilla Firefox Performing garbage collection on re-declared JavaScript variables resulted in a user-after-poison, and a potentially exploitable crash. | 8.8 |
| 2021-02-26 | CVE-2021-23959 | Cross-site Scripting vulnerability in Mozilla Firefox An XSS bug in internal error pages could have led to various spoofing attacks, including other error pages and the address bar. | 6.1 |
| 2021-02-26 | CVE-2021-23958 | Exposure of Resource to Wrong Sphere vulnerability in Mozilla Firefox The browser could have been confused into transferring a screen sharing state into another tab, which would leak unintended information. | 6.5 |
| 2021-02-26 | CVE-2021-23957 | Unspecified vulnerability in Mozilla Firefox Navigations through the Android-specific `intent` URL scheme could have been misused to escape iframe sandbox. | 7.4 |
| 2021-02-26 | CVE-2021-23956 | Unspecified vulnerability in Mozilla Firefox An ambiguous file picker design could have confused users who intended to select and upload a single file into uploading a whole directory. | 6.5 |
| 2021-02-26 | CVE-2021-23955 | Improper Restriction of Rendered UI Layers or Frames vulnerability in Mozilla Firefox The browser could have been confused into transferring a pointer lock state into another tab, which could have lead to clickjacking attacks. | 6.1 |
| 2021-02-26 | CVE-2021-23954 | Type Confusion vulnerability in Mozilla Firefox Using the new logical assignment operators in a JavaScript switch statement could have caused a type confusion, leading to a memory corruption and a potentially exploitable crash. | 8.8 |
| 2021-02-26 | CVE-2021-23953 | Unspecified vulnerability in Mozilla Firefox If a user clicked into a specifically crafted PDF, the PDF reader could be confused into leaking cross-origin information, when said information is served as chunked data. | 4.3 |
| 2021-02-26 | CVE-2021-23976 | Improper Restriction of Rendered UI Layers or Frames vulnerability in Mozilla Firefox When accepting a malicious intent from other installed apps, Firefox for Android accepted manifests from arbitrary file paths and allowed declaring webapp manifests for other origins. | 8.1 |
| 2021-02-26 | CVE-2021-23975 | Missing Authorization vulnerability in Mozilla Firefox The developer page about:memory has a Measure function for exploring what object types the browser has allocated and their sizes. | 6.5 |