Vulnerabilities > Mozilla > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-08-05 | CVE-2021-29972 | Use After Free vulnerability in Mozilla Firefox A use-after-free vulnerability was found via testing, and traced to an out-of-date Cairo library. | 8.8 |
| 2021-08-05 | CVE-2021-29973 | Unspecified vulnerability in Mozilla Firefox Password autofill was enabled without user interaction on insecure websites on Firefox for Android. | 8.8 |
| 2021-08-05 | CVE-2021-29976 | Out-of-bounds Write vulnerability in Mozilla Firefox Mozilla developers reported memory safety bugs present in code shared between Firefox and Thunderbird. | 8.8 |
| 2021-08-05 | CVE-2021-29977 | Out-of-bounds Write vulnerability in Mozilla Firefox Mozilla developers reported memory safety bugs present in Firefox 89. | 8.8 |
| 2021-07-20 | CVE-2020-15660 | Cross-Site Request Forgery (CSRF) vulnerability in Mozilla Geckodriver Missing checks on Content-Type headers in geckodriver before 0.27.0 could lead to a CSRF vulnerability, that might, when paired with a specifically prepared request, lead to remote code execution. | 8.8 |
| 2021-06-24 | CVE-2021-23994 | Missing Initialization of Resource vulnerability in Mozilla Thunderbird A WebGL framebuffer was not initialized early enough, resulting in memory corruption and an out of bound write. | 8.8 |
| 2021-06-24 | CVE-2021-23995 | Operation on a Resource after Expiration or Release vulnerability in Mozilla Thunderbird When Responsive Design Mode was enabled, it used references to objects that were previously freed. | 8.8 |
| 2021-06-24 | CVE-2021-23997 | Incorrect Conversion between Numeric Types vulnerability in Mozilla Firefox Due to unexpected data type conversions, a use-after-free could have occurred when interacting with the font cache. | 8.8 |
| 2021-06-24 | CVE-2021-23999 | Incorrect Comparison vulnerability in Mozilla Thunderbird If a Blob URL was loaded through some unusual user interaction, it could have been loaded by the System Principal and granted additional privileges that should not be granted to web content. | 8.8 |
| 2021-06-24 | CVE-2021-24002 | Injection vulnerability in Mozilla Thunderbird When a user clicked on an FTP URL containing encoded newline characters (%0A and %0D), the newlines would have been interpreted as such and allowed arbitrary commands to be sent to the FTP server. | 8.8 |