Vulnerabilities > Mozilla > Critical

DATE CVE VULNERABILITY TITLE RISK
2023-11-21 CVE-2023-49060 Unspecified vulnerability in Mozilla Firefox
An attacker could have accessed internal pages or data by ex-filtrating a security key from ReaderMode via the `referrerpolicy` attribute.
network
low complexity
mozilla
critical
9.8
2023-10-25 CVE-2023-5731 Out-of-bounds Write vulnerability in Mozilla Firefox
Memory safety bugs present in Firefox 118.
network
low complexity
mozilla CWE-787
critical
9.8
2023-10-25 CVE-2023-5730 Out-of-bounds Write vulnerability in multiple products
Memory safety bugs present in Firefox 118, Firefox ESR 115.3, and Thunderbird 115.3.
network
low complexity
mozilla debian CWE-787
critical
9.8
2023-09-27 CVE-2023-5176 Out-of-bounds Write vulnerability in multiple products
Memory safety bugs present in Firefox 117, Firefox ESR 115.2, and Thunderbird 115.2.
network
low complexity
mozilla debian CWE-787
critical
9.8
2023-09-27 CVE-2023-5175 Use After Free vulnerability in Mozilla Firefox
During process shutdown, it was possible that an `ImageBitmap` was created that would later be used after being freed from a different codepath, leading to a potentially exploitable crash.
network
low complexity
mozilla CWE-416
critical
9.8
2023-09-27 CVE-2023-5174 Use After Free vulnerability in Mozilla Firefox
If Windows failed to duplicate a handle during process creation, the sandbox code may have inadvertently freed a pointer twice, resulting in a use-after-free and a potentially exploitable crash. *This bug only affects Firefox on Windows when run in non-standard configurations (such as using `runas`).
network
low complexity
mozilla CWE-416
critical
9.8
2023-09-27 CVE-2023-5172 Use After Free vulnerability in Mozilla Firefox
A hashtable in the Ion Engine could have been mutated while there was a live interior reference, leading to a potential use-after-free and exploitable crash.
network
low complexity
mozilla CWE-416
critical
9.8
2023-09-27 CVE-2023-5168 Out-of-bounds Write vulnerability in Mozilla Firefox
A compromised content process could have provided malicious data to `FilterNodeD2D1` resulting in an out-of-bounds write, leading to a potentially exploitable crash in a privileged process. *This bug only affects Firefox on Windows.
network
low complexity
mozilla CWE-787
critical
9.8
2023-08-01 CVE-2023-4058 Out-of-bounds Write vulnerability in Mozilla Firefox
Memory safety bugs present in Firefox 115.
network
low complexity
mozilla CWE-787
critical
9.8
2023-08-01 CVE-2023-4057 Out-of-bounds Write vulnerability in Mozilla Firefox
Memory safety bugs present in Firefox 115, Firefox ESR 115.0, and Thunderbird 115.0.
network
low complexity
mozilla CWE-787
critical
9.8