Vulnerabilities > Mozilla > Low
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-09-11 | CVE-2023-4579 | Unspecified vulnerability in Mozilla Firefox Search queries in the default search engine could appear to have been the currently navigated URL if the search query itself was a well formed URL. | 3.1 |
| 2023-06-19 | CVE-2023-34414 | Improper Certificate Validation vulnerability in Mozilla Firefox The error page for sites with invalid TLS certificates was missing the activation-delay Firefox uses to protect prompts and permission dialogs from attacks that exploit human response time delays. | 3.1 |
| 2022-12-22 | CVE-2022-42931 | Cleartext Storage of Sensitive Information vulnerability in Mozilla Firefox Logins saved by Firefox should be managed by the Password Manager component which uses encryption to save files on-disk. | 3.3 |
| 2021-08-05 | CVE-2021-29974 | Unspecified vulnerability in Mozilla Firefox When network partitioning was enabled, e.g. | 2.6 |
| 2021-06-24 | CVE-2021-29955 | Injection vulnerability in Mozilla Firefox A transient execution vulnerability, named Floating Point Value Injection (FPVI) allowed an attacker to leak arbitrary memory addresses and may have also enabled JIT type confusion attacks. | 2.6 |
| 2021-06-24 | CVE-2021-29948 | Race Condition vulnerability in Mozilla Thunderbird Signatures are written to disk before and read during verification, which might be subject to a race condition when a malicious local process or user is replacing the file. | 1.9 |
| 2021-06-24 | CVE-2021-24000 | Race Condition vulnerability in Mozilla Firefox A race condition with requestPointerLock() and setTimeout() could have resulted in a user interacting with one tab when they believed they were on a separate tab. | 3.1 |
| 2021-02-26 | CVE-2021-23977 | Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Mozilla Firefox Firefox for Android suffered from a time-of-check-time-of-use vulnerability that allowed a malicious application to read sensitive data from application directories. | 2.6 |
| 2020-10-01 | CVE-2020-15671 | Improper Input Validation vulnerability in Mozilla Firefox When typing in a password under certain conditions, a race may have occured where the InputContext was not being correctly set for the input field, resulting in the typed password being saved to the keyboard dictionary. | 2.6 |
| 2020-07-09 | CVE-2020-12399 | Information Exposure Through Discrepancy vulnerability in multiple products NSS has shown timing differences when performing DSA signatures, which was exploitable and could eventually leak private keys. | 1.2 |