Vulnerabilities > Mozilla > High

DATE CVE VULNERABILITY TITLE RISK
2023-02-16 CVE-2020-6817 Unspecified vulnerability in Mozilla Bleach
bleach.clean behavior parsing style attributes could result in a regular expression denial of service (ReDoS).
network
low complexity
mozilla
7.5
2022-12-22 CVE-2020-15679 Session Fixation vulnerability in Mozilla VPN 1.0.7/1.1.0
An OAuth session fixation vulnerability existed in the VPN login flow, where an attacker could craft a custom login URL, convince a VPN user to login via that URL, and obtain authenticated access as that user.
network
low complexity
mozilla CWE-384
7.6
2022-12-22 CVE-2020-15685 Command Injection vulnerability in Mozilla Thunderbird
During the plaintext phase of the STARTTLS connection setup, protocol commands could have been injected and evaluated within the encrypted session.
network
low complexity
mozilla CWE-77
8.8
2022-12-22 CVE-2022-0511 Out-of-bounds Write vulnerability in Mozilla Firefox
Mozilla developers and community members Gabriele Svelto, Sebastian Hengst, Randell Jesup, Luan Herrera, Lars T Hansen, and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 96.
network
low complexity
mozilla CWE-787
8.8
2022-12-22 CVE-2022-0517 Unrestricted Upload of File with Dangerous Type vulnerability in Mozilla VPN
Mozilla VPN can load an OpenSSL configuration file from an unsecured directory.
local
low complexity
mozilla CWE-434
7.8
2022-12-22 CVE-2022-0566 Out-of-bounds Write vulnerability in Mozilla Thunderbird
It may be possible for an attacker to craft an email message that causes Thunderbird to perform an out-of-bounds write of one byte when processing the message.
network
low complexity
mozilla CWE-787
8.8
2022-12-22 CVE-2022-0843 Out-of-bounds Write vulnerability in Mozilla Firefox
Mozilla developers Kershaw Chang, Ryan VanderMeulen, and Randell Jesup reported memory safety bugs present in Firefox 97.
network
low complexity
mozilla CWE-787
8.8
2022-12-22 CVE-2022-1529 Unspecified vulnerability in Mozilla Thunderbird
An attacker could have sent a message to the parent process where the contents were used to double-index into a JavaScript object, leading to prototype pollution and ultimately attacker-controlled JavaScript executing in the privileged parent process.
network
low complexity
mozilla
8.8
2022-12-22 CVE-2022-1802 Unspecified vulnerability in Mozilla Thunderbird
If an attacker was able to corrupt the methods of an Array object in JavaScript via prototype pollution, they could have achieved execution of attacker-controlled JavaScript code in a privileged context.
network
low complexity
mozilla
8.8
2022-12-22 CVE-2022-22736 Uncontrolled Search Path Element vulnerability in Mozilla Firefox
If Firefox was installed to a world-writable directory, a local privilege escalation could occur when Firefox searched the current directory for system libraries.
local
high complexity
mozilla CWE-427
7.0