Vulnerabilities > Mozilla > High

DATE CVE VULNERABILITY TITLE RISK
2024-08-06 CVE-2024-7528 Use After Free vulnerability in Mozilla Firefox
Incorrect garbage collection interaction in IndexedDB could have led to a use-after-free.
network
low complexity
mozilla CWE-416
8.8
8.8
2024-08-06 CVE-2024-7530 Use After Free vulnerability in Mozilla Firefox
Incorrect garbage collection interaction could have led to a use-after-free.
network
low complexity
mozilla CWE-416
8.8
8.8
2024-07-09 CVE-2024-6609 Unspecified vulnerability in Mozilla Firefox
When almost out-of-memory an elliptic curve key which was never allocated could have been freed again.
network
low complexity
mozilla
8.8
8.8
2024-06-11 CVE-2024-5694 Use After Free vulnerability in Mozilla Firefox
An attacker could have caused a use-after-free in the JavaScript engine to read memory in the JavaScript string section of the heap.
network
low complexity
mozilla CWE-416
7.5
7.5
2024-05-14 CVE-2024-4367 A type check was missing when handling fonts in PDF.js, which would allow arbitrary JavaScript execution in the PDF.js context.
network
low complexity
mozilla debian open-xchange
8.8
8.8
2024-05-14 CVE-2024-4777 Out-of-bounds Write vulnerability in multiple products
Memory safety bugs present in Firefox 125, Firefox ESR 115.10, and Thunderbird 115.10.
network
low complexity
mozilla debian CWE-787
8.8
8.8
2024-03-19 CVE-2024-2613 Improper Restriction of Rendered UI Layers or Frames vulnerability in Mozilla Firefox
Data was not properly sanitized when decoding a QUIC ACK frame; this could have led to unrestricted memory consumption and a crash.
network
low complexity
mozilla CWE-1021
7.5
7.5
2024-03-19 CVE-2024-2614 Out-of-bounds Write vulnerability in multiple products
Memory safety bugs present in Firefox 123, Firefox ESR 115.8, and Thunderbird 115.8.
network
low complexity
mozilla debian CWE-787
8.8
8.8
2024-02-22 CVE-2024-1563 Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Mozilla Firefox Focus
An attacker could have executed unauthorized scripts on top origin sites using a JavaScript URI when opening an external URL with a custom Firefox scheme and a timeout race condition.
network
high complexity
mozilla CWE-367
8.1
8.1
2024-02-20 CVE-2024-1552 Incorrect Conversion between Numeric Types vulnerability in multiple products
Incorrect code generation could have led to unexpected numeric conversions and potential undefined behavior.*Note:* This issue only affects 32-bit ARM devices.
network
low complexity
mozilla debian CWE-681
7.5
7.5