Vulnerabilities > Mozilla > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-12-22 | CVE-2022-46882 | Use After Free vulnerability in Mozilla Firefox A use-after-free in WebGL extensions could have led to a potentially exploitable crash. | 9.8 |
| 2022-05-13 | CVE-2022-21190 | Unspecified vulnerability in Mozilla Convict This affects the package convict before 6.2.3. | 9.8 |
| 2022-05-01 | CVE-2022-22143 | Unspecified vulnerability in Mozilla Convict The package convict before 6.2.2 are vulnerable to Prototype Pollution via the convict function due to missing validation of parentKey. | 9.8 |
| 2021-12-08 | CVE-2021-38503 | Incorrect Authorization vulnerability in multiple products The iframe sandbox rules were not correctly applied to XSLT stylesheets, allowing an iframe to bypass restrictions such as executing scripts or navigating the top-level frame. | 10.0 |
| 2021-12-08 | CVE-2021-43527 | Out-of-bounds Write vulnerability in multiple products NSS (Network Security Services) versions prior to 3.73 or 3.68.1 ESR are vulnerable to a heap overflow when handling DER-encoded DSA or RSA-PSS signatures. | 9.8 |
| 2021-08-05 | CVE-2021-29971 | Improper Preservation of Permissions vulnerability in Mozilla Firefox If a user had granted a permission to a webpage and saved that grant, any webpage running on the same host - irrespective of scheme or port - would be granted that permission. | 9.8 |
| 2021-08-05 | CVE-2021-29978 | Unspecified vulnerability in Mozilla VPN Multiple low security issues were discovered and fixed in a security audit of Mozilla VPN 2.x branch as part of a 3rd party security audit. | 9.8 |
| 2021-06-24 | CVE-2021-29954 | Cleartext Storage of Sensitive Information vulnerability in Mozilla Hubs Cloud Reticulum Proxy functionality built into Hubs Cloud’s Reticulum software allowed access to internal URLs, including the metadata service. | 9.8 |
| 2021-05-27 | CVE-2020-12403 | Out-of-bounds Read vulnerability in Mozilla NSS A flaw was found in the way CHACHA20-POLY1305 was implemented in NSS in versions before 3.55. | 9.1 |
| 2021-01-07 | CVE-2020-26972 | Use After Free vulnerability in Mozilla Firefox The lifecycle of IPC Actors allows managed actors to outlive their manager actors; and the former must ensure that they are not attempting to use a dead actor they have a reference to. | 9.8 |