Vulnerabilities > Mozilla > High

DATE CVE VULNERABILITY TITLE RISK
2021-02-26 CVE-2021-23960 Unspecified vulnerability in Mozilla Firefox
Performing garbage collection on re-declared JavaScript variables resulted in a user-after-poison, and a potentially exploitable crash.
network
low complexity
mozilla
8.8
2021-02-26 CVE-2021-23957 Unspecified vulnerability in Mozilla Firefox
Navigations through the Android-specific `intent` URL scheme could have been misused to escape iframe sandbox.
network
low complexity
mozilla
7.4
2021-02-26 CVE-2021-23954 Type Confusion vulnerability in Mozilla Firefox
Using the new logical assignment operators in a JavaScript switch statement could have caused a type confusion, leading to a memory corruption and a potentially exploitable crash.
network
low complexity
mozilla CWE-843
8.8
2021-02-26 CVE-2021-23976 Improper Restriction of Rendered UI Layers or Frames vulnerability in Mozilla Firefox
When accepting a malicious intent from other installed apps, Firefox for Android accepted manifests from arbitrary file paths and allowed declaring webapp manifests for other origins.
network
low complexity
mozilla CWE-1021
8.1
2021-02-26 CVE-2021-23972 Unspecified vulnerability in Mozilla Firefox
One phishing tactic on the web is to provide a link with HTTP Auth.
network
low complexity
mozilla
8.8
2021-01-07 CVE-2020-35114 Out-of-bounds Write vulnerability in Mozilla Firefox
Mozilla developers reported memory safety bugs present in Firefox 83.
network
low complexity
mozilla CWE-787
8.8
2021-01-07 CVE-2020-35113 Out-of-bounds Write vulnerability in Mozilla Firefox ESR
Mozilla developers reported memory safety bugs present in Firefox 83 and Firefox ESR 78.5.
network
low complexity
mozilla CWE-787
8.8
2021-01-07 CVE-2020-35112 Unspecified vulnerability in Mozilla Firefox
If a user downloaded a file lacking an extension on Windows, and then "Open"-ed it from the downloads panel, if there was an executable file in the downloads directory with the same name but with an executable extension (such as .bat or .exe) that executable would have been launched instead.
network
low complexity
mozilla
8.8
2021-01-07 CVE-2020-26974 Out-of-bounds Write vulnerability in Mozilla Firefox ESR
When flex-basis was used on a table wrapper, a StyleGenericFlexBasis object could have been incorrectly cast to the wrong type.
network
low complexity
mozilla CWE-787
8.8
2021-01-07 CVE-2020-26973 Unspecified vulnerability in Mozilla Firefox ESR
Certain input to the CSS Sanitizer confused it, resulting in incorrect components being removed.
network
low complexity
mozilla
8.8