Vulnerabilities > Mozilla > High

DATE CVE VULNERABILITY TITLE RISK
2021-08-05 CVE-2021-29970 Use After Free vulnerability in Mozilla Firefox
A malicious webpage could have triggered a use-after-free, memory corruption, and a potentially exploitable crash.
network
low complexity
mozilla CWE-416
8.8
2021-08-05 CVE-2021-29972 Use After Free vulnerability in Mozilla Firefox
A use-after-free vulnerability was found via testing, and traced to an out-of-date Cairo library.
network
low complexity
mozilla CWE-416
8.8
2021-08-05 CVE-2021-29973 Unspecified vulnerability in Mozilla Firefox
Password autofill was enabled without user interaction on insecure websites on Firefox for Android.
network
low complexity
mozilla
8.8
2021-08-05 CVE-2021-29976 Out-of-bounds Write vulnerability in Mozilla Firefox
Mozilla developers reported memory safety bugs present in code shared between Firefox and Thunderbird.
network
low complexity
mozilla CWE-787
8.8
2021-08-05 CVE-2021-29977 Out-of-bounds Write vulnerability in Mozilla Firefox
Mozilla developers reported memory safety bugs present in Firefox 89.
network
low complexity
mozilla CWE-787
8.8
2021-07-20 CVE-2020-15660 Cross-Site Request Forgery (CSRF) vulnerability in Mozilla Geckodriver
Missing checks on Content-Type headers in geckodriver before 0.27.0 could lead to a CSRF vulnerability, that might, when paired with a specifically prepared request, lead to remote code execution.
network
low complexity
mozilla CWE-352
8.8
2021-06-24 CVE-2021-23994 Missing Initialization of Resource vulnerability in Mozilla Thunderbird
A WebGL framebuffer was not initialized early enough, resulting in memory corruption and an out of bound write.
network
low complexity
mozilla CWE-909
8.8
2021-06-24 CVE-2021-23995 Operation on a Resource after Expiration or Release vulnerability in Mozilla Thunderbird
When Responsive Design Mode was enabled, it used references to objects that were previously freed.
network
low complexity
mozilla CWE-672
8.8
2021-06-24 CVE-2021-23997 Incorrect Conversion between Numeric Types vulnerability in Mozilla Firefox
Due to unexpected data type conversions, a use-after-free could have occurred when interacting with the font cache.
network
low complexity
mozilla CWE-681
8.8
2021-06-24 CVE-2021-23999 Incorrect Comparison vulnerability in Mozilla Thunderbird
If a Blob URL was loaded through some unusual user interaction, it could have been loaded by the System Principal and granted additional privileges that should not be granted to web content.
network
low complexity
mozilla CWE-697
8.8