Vulnerabilities > Mozilla > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-07-12 | CVE-2023-37455 | Improper Restriction of Rendered UI Layers or Frames vulnerability in Mozilla Firefox The permission request prompt from the site in the background tab was overlaid on top of the site in the foreground tab. | 5.4 |
| 2023-07-12 | CVE-2023-37456 | Unspecified vulnerability in Mozilla Firefox The session restore helper crashed whenever there was no parameter sent to the message handler. | 6.5 |
| 2023-07-05 | CVE-2023-37204 | Unspecified vulnerability in Mozilla Firefox A website could have obscured the fullscreen notification by using an option element by introducing lag via an expensive computational function. | 6.5 |
| 2023-07-05 | CVE-2023-37205 | Unspecified vulnerability in Mozilla Firefox The use of RTL Arabic characters in the address bar may have allowed for URL spoofing. | 6.5 |
| 2023-07-05 | CVE-2023-37206 | Link Following vulnerability in Mozilla Firefox Uploading files which contain symlinks may have allowed an attacker to trick a user into submitting sensitive data to a malicious website. | 6.5 |
| 2023-07-05 | CVE-2023-37210 | Unspecified vulnerability in Mozilla Firefox A website could prevent a user from exiting full-screen mode via alert and prompt calls. | 6.5 |
| 2023-07-05 | CVE-2023-3482 | Missing Authorization vulnerability in Mozilla Firefox When Firefox is configured to block storage of all cookies, it was still possible to store data in localstorage by using an iframe with a source of 'about:blank'. | 6.5 |
| 2023-07-05 | CVE-2023-37207 | Unsafe Reflection vulnerability in multiple products A website could have obscured the fullscreen notification by using a URL with a scheme handled by an external program, such as a mailto URL. | 6.5 |
| 2023-06-19 | CVE-2023-29545 | Unspecified vulnerability in Mozilla Thunderbird Similar to CVE-2023-28163, this time when choosing 'Save Link As', suggested filenames containing environment variable names would have resolved those in the context of the current user. | 6.5 |
| 2023-06-19 | CVE-2023-29546 | Unspecified vulnerability in Mozilla Firefox and Firefox Focus When recording the screen while in Private Browsing on Firefox for Android the address bar and keyboard were not hidden, potentially leaking sensitive information. | 6.5 |