Vulnerabilities > Mozilla > High

DATE CVE VULNERABILITY TITLE RISK
2024-01-23 CVE-2024-0743 Unchecked Return Value vulnerability in Mozilla Firefox
An unchecked return value in TLS handshake code could have caused a potentially exploitable crash.
network
low complexity
mozilla CWE-252
7.5
2024-01-23 CVE-2024-0744 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Mozilla Firefox
In some circumstances, JIT compiled code could have dereferenced a wild pointer value.
network
low complexity
mozilla CWE-119
7.5
2024-01-23 CVE-2024-0745 Out-of-bounds Write vulnerability in Mozilla Firefox
The WebAudio `OscillatorNode` object was susceptible to a stack buffer overflow.
network
low complexity
mozilla CWE-787
8.8
2024-01-23 CVE-2024-0750 A bug in popup notifications delay calculation could have made it possible for an attacker to trick a user into granting permissions.
network
low complexity
mozilla debian
8.8
2024-01-23 CVE-2024-0751 Improper Privilege Management vulnerability in multiple products
A malicious devtools extension could have been used to escalate privileges.
network
low complexity
mozilla debian CWE-269
8.8
2024-01-23 CVE-2024-0755 Memory safety bugs present in Firefox 121, Firefox ESR 115.6, and Thunderbird 115.6.
network
low complexity
mozilla debian
8.8
2024-01-22 CVE-2024-0605 Race Condition vulnerability in Mozilla Firefox Focus
Using a javascript: URI with a setTimeout race condition, an attacker can execute unauthorized scripts on top origin sites in urlbar.
network
high complexity
mozilla CWE-362
7.5
2023-12-19 CVE-2023-6856 Out-of-bounds Write vulnerability in multiple products
The WebGL `DrawElementsInstanced` method was susceptible to a heap buffer overflow when used on systems with the Mesa VM driver.
network
low complexity
mozilla debian CWE-787
8.8
2023-12-19 CVE-2023-6858 Out-of-bounds Write vulnerability in multiple products
Firefox was susceptible to a heap buffer overflow in `nsTextFragment` due to insufficient OOM handling.
network
low complexity
mozilla debian CWE-787
8.8
2023-12-19 CVE-2023-6859 Use After Free vulnerability in multiple products
A use-after-free condition affected TLS socket creation when under memory pressure.
network
low complexity
mozilla debian CWE-416
8.8