Vulnerabilities > Mozilla > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-06-02 | CVE-2023-29541 | Improper Encoding or Escaping of Output vulnerability in Mozilla products Firefox did not properly handle downloads of files ending in <code>.desktop</code>, which can be interpreted to run attacker-controlled commands. | 8.8 |
| 2023-06-02 | CVE-2023-29543 | Use After Free vulnerability in Mozilla Firefox and Focus An attacker could have caused memory corruption and a potentially exploitable use-after-free of a pointer in a global object's debugger vector. | 8.8 |
| 2023-06-02 | CVE-2023-29550 | Unspecified vulnerability in Mozilla products Memory safety bugs present in Firefox 111 and Firefox ESR 102.9. | 8.8 |
| 2023-06-02 | CVE-2023-29551 | Out-of-bounds Write vulnerability in Mozilla Firefox and Focus Memory safety bugs present in Firefox 111. | 8.8 |
| 2023-06-02 | CVE-2023-32207 | Authentication Bypass by Spoofing vulnerability in Mozilla Firefox A missing delay in popup notifications could have made it possible for an attacker to trick a user into granting permissions. | 8.8 |
| 2023-06-02 | CVE-2023-32213 | Use of Uninitialized Resource vulnerability in Mozilla Firefox When reading a file, an uninitialized value could have been used as read limit. | 8.8 |
| 2023-06-02 | CVE-2023-32215 | Out-of-bounds Write vulnerability in Mozilla Firefox Memory safety bugs present in Firefox 112 and Firefox ESR 102.10. | 8.8 |
| 2023-02-16 | CVE-2020-6817 | Unspecified vulnerability in Mozilla Bleach bleach.clean behavior parsing style attributes could result in a regular expression denial of service (ReDoS). | 7.5 |
| 2022-12-22 | CVE-2020-15679 | Session Fixation vulnerability in Mozilla VPN 1.0.7/1.1.0 An OAuth session fixation vulnerability existed in the VPN login flow, where an attacker could craft a custom login URL, convince a VPN user to login via that URL, and obtain authenticated access as that user. | 7.6 |
| 2022-12-22 | CVE-2020-15685 | Command Injection vulnerability in Mozilla Thunderbird During the plaintext phase of the STARTTLS connection setup, protocol commands could have been injected and evaluated within the encrypted session. | 8.8 |