Vulnerabilities > Mozilla

DATE CVE VULNERABILITY TITLE RISK
2024-03-19 CVE-2024-2615 Out-of-bounds Write vulnerability in Mozilla Firefox
Memory safety bugs present in Firefox 123.
network
low complexity
mozilla CWE-787
critical
9.8
2024-03-19 CVE-2024-2616 Out-of-bounds Write vulnerability in Mozilla Firefox
To harden ICU against exploitation, the behavior for out-of-memory conditions was changed to crash instead of attempt to continue.
network
low complexity
mozilla CWE-787
2.7
2024-02-22 CVE-2024-1563 Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Mozilla Firefox Focus
An attacker could have executed unauthorized scripts on top origin sites using a JavaScript URI when opening an external URL with a custom Firefox scheme and a timeout race condition.
network
high complexity
mozilla CWE-367
8.1
2024-02-22 CVE-2024-26284 Cross-site Scripting vulnerability in Mozilla Firefox Focus
Utilizing a 302 redirect, an attacker could have conducted a Universal Cross-Site Scripting (UXSS) on a victim website, if the victim had a link to the attacker's website.
network
low complexity
mozilla CWE-79
6.1
2024-02-20 CVE-2024-1547 Through a series of API calls and redirects, an attacker-controlled alert dialog could have been displayed on another website (with the victim website's URL shown).
network
low complexity
mozilla debian
6.5
2024-02-20 CVE-2024-1550 Improper Restriction of Rendered UI Layers or Frames vulnerability in multiple products
A malicious website could have used a combination of exiting fullscreen mode and `requestPointerLock` to cause the user's mouse to be re-positioned unexpectedly, which could have led to user confusion and inadvertently granting permissions they did not intend to grant.
network
low complexity
mozilla debian CWE-1021
6.1
2024-02-20 CVE-2024-1552 Incorrect Conversion between Numeric Types vulnerability in multiple products
Incorrect code generation could have led to unexpected numeric conversions and potential undefined behavior.*Note:* This issue only affects 32-bit ARM devices.
network
low complexity
mozilla debian CWE-681
7.5
2024-02-05 CVE-2024-0953 Open Redirect vulnerability in Mozilla Firefox
When a user scans a QR Code with the QR Code Scanner feature, the user is not prompted before being navigated to the page specified in the code.
network
low complexity
mozilla CWE-601
6.1
2024-01-23 CVE-2024-0741 Out-of-bounds Write vulnerability in multiple products
An out of bounds write in ANGLE could have allowed an attacker to corrupt memory leading to a potentially exploitable crash.
network
low complexity
mozilla debian CWE-787
6.5
2024-01-23 CVE-2024-0742 It was possible for certain browser prompts and dialogs to be activated or dismissed unintentionally by the user due to an incorrect timestamp used to prevent input after page load.
network
low complexity
mozilla debian
4.3