Vulnerabilities > Mozilla
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-06-11 | CVE-2024-5697 | Unspecified vulnerability in Mozilla Firefox A website was able to detect when a user took a screenshot of a page using the built-in Screenshot functionality in Firefox. | 4.3 |
| 2024-06-11 | CVE-2024-5698 | Improper Restriction of Rendered UI Layers or Frames vulnerability in Mozilla Firefox By manipulating the fullscreen feature while opening a data-list, an attacker could have overlaid a text box over the address bar. | 6.1 |
| 2024-04-16 | CVE-2024-3863 | Unspecified vulnerability in Mozilla Thunderbird The executable file warning was not presented when downloading .xrm-ms files. | 9.8 |
| 2024-02-22 | CVE-2024-26284 | Cross-site Scripting vulnerability in Mozilla Firefox Focus Utilizing a 302 redirect, an attacker could have conducted a Universal Cross-Site Scripting (UXSS) on a victim website, if the victim had a link to the attacker's website. | 6.1 |
| 2024-02-20 | CVE-2024-1547 | Through a series of API calls and redirects, an attacker-controlled alert dialog could have been displayed on another website (with the victim website's URL shown). | 6.5 |
| 2024-02-20 | CVE-2024-1550 | Improper Restriction of Rendered UI Layers or Frames vulnerability in multiple products A malicious website could have used a combination of exiting fullscreen mode and `requestPointerLock` to cause the user's mouse to be re-positioned unexpectedly, which could have led to user confusion and inadvertently granting permissions they did not intend to grant. | 6.1 |
| 2024-02-20 | CVE-2024-1552 | Incorrect Conversion between Numeric Types vulnerability in multiple products Incorrect code generation could have led to unexpected numeric conversions and potential undefined behavior.*Note:* This issue only affects 32-bit ARM devices. | 7.5 |
| 2024-02-05 | CVE-2024-0953 | Open Redirect vulnerability in Mozilla Firefox When a user scans a QR Code with the QR Code Scanner feature, the user is not prompted before being navigated to the page specified in the code. | 6.1 |
| 2024-01-23 | CVE-2024-0741 | Out-of-bounds Write vulnerability in multiple products An out of bounds write in ANGLE could have allowed an attacker to corrupt memory leading to a potentially exploitable crash. | 6.5 |
| 2024-01-23 | CVE-2024-0742 | It was possible for certain browser prompts and dialogs to be activated or dismissed unintentionally by the user due to an incorrect timestamp used to prevent input after page load. | 4.3 |