Vulnerabilities > Mozilla > High

DATE CVE VULNERABILITY TITLE RISK
2023-07-05 CVE-2023-37203 Unspecified vulnerability in Mozilla Firefox
Insufficient validation in the Drag and Drop API in conjunction with social engineering, may have allowed an attacker to trick end-users into creating a shortcut to local system files.
local
low complexity
mozilla
7.8
2023-07-05 CVE-2023-37209 Use After Free vulnerability in Mozilla Firefox
A use-after-free condition existed in `NotifyOnHistoryReload` where a `LoadingSessionHistoryEntry` object was freed and a reference to that object remained.
network
low complexity
mozilla CWE-416
8.8
2023-07-05 CVE-2023-37211 Out-of-bounds Write vulnerability in multiple products
Memory safety bugs present in Firefox 114, Firefox ESR 102.12, and Thunderbird 102.12.
network
low complexity
mozilla debian CWE-787
8.8
2023-07-05 CVE-2023-37212 Out-of-bounds Write vulnerability in Mozilla Firefox
Memory safety bugs present in Firefox 114.
network
low complexity
mozilla CWE-787
8.8
2023-07-05 CVE-2023-37201 Use After Free vulnerability in multiple products
An attacker could have triggered a use-after-free condition when creating a WebRTC connection over HTTPS.
network
low complexity
mozilla debian CWE-416
8.8
2023-07-05 CVE-2023-37202 Use After Free vulnerability in multiple products
Cross-compartment wrappers wrapping a scripted proxy could have caused objects from other compartments to be stored in the main compartment resulting in a use-after-free.
network
low complexity
mozilla debian CWE-416
8.8
2023-07-05 CVE-2023-37208 When opening Diagcab files, Firefox did not warn the user that these files may contain malicious code.
local
low complexity
mozilla debian
7.8
2023-06-19 CVE-2023-25733 Unchecked Return Value vulnerability in Mozilla Firefox
The return value from `gfx::SourceSurfaceSkia::Map()` wasn't being verified which could have potentially lead to a null pointer dereference.
network
low complexity
mozilla CWE-252
7.5
2023-06-19 CVE-2023-25747 Use After Free vulnerability in Mozilla Firefox
A potential use-after-free in libaudio was fixed by disabling the AAudio backend when running on Android API below version 30. *This bug only affects Firefox for Android.
network
low complexity
mozilla CWE-416
7.5
2023-06-19 CVE-2023-32209 Out-of-bounds Write vulnerability in Mozilla Firefox
A maliciously crafted favicon could have led to an out of memory crash.
network
low complexity
mozilla CWE-787
7.5