Vulnerabilities > Mozilla > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-06-02 | CVE-2023-23599 | Improper Encoding or Escaping of Output vulnerability in Mozilla Firefox When copying a network request from the developer tools panel as a curl command the output was not being properly sanitized and could allow arbitrary commands to be hidden within. | 6.5 |
| 2023-06-02 | CVE-2023-23600 | Unspecified vulnerability in Mozilla Firefox Per origin notification permissions were being stored in a way that didn't take into account what browsing context the permission was granted in. | 6.5 |
| 2023-06-02 | CVE-2023-23601 | Origin Validation Error vulnerability in Mozilla Firefox Navigations were being allowed when dragging a URL from a cross-origin iframe into the same tab which could lead to website spoofing attacks. | 6.5 |
| 2023-06-02 | CVE-2023-23602 | Improper Check for Unusual or Exceptional Conditions vulnerability in Mozilla Firefox A mishandled security check when creating a WebSocket in a WebWorker caused the Content Security Policy connect-src header to be ignored. | 6.5 |
| 2023-06-02 | CVE-2023-23603 | Unspecified vulnerability in Mozilla Firefox Regular expressions used to filter out forbidden properties and values from style directives in calls to <code>console.log</code> weren't accounting for external URLs. | 6.5 |
| 2023-06-02 | CVE-2023-23604 | Unspecified vulnerability in Mozilla Firefox A duplicate <code>SystemPrincipal</code> object could be created when parsing a non-system html document via <code>DOMParser::ParseFromSafeString</code>. | 6.5 |
| 2023-06-02 | CVE-2023-25728 | Unspecified vulnerability in Mozilla Firefox ESR The <code>Content-Security-Policy-Report-Only</code> header could allow an attacker to leak a child iframe's unredacted URI when interaction with that iframe triggers a redirect. | 6.5 |
| 2023-06-02 | CVE-2023-25730 | Unspecified vulnerability in Mozilla Firefox ESR A background script invoking <code>requestFullscreen</code> and then blocking the main thread could force the browser into fullscreen mode indefinitely, resulting in potential user confusion or spoofing attacks. | 5.4 |
| 2023-06-02 | CVE-2023-25738 | Out-of-bounds Read vulnerability in Mozilla Firefox Members of the <code>DEVMODEW</code> struct set by the printer device driver weren't being validated and could have resulted in invalid values which in turn would cause the browser to attempt out of bounds access to related variables.<br>*This bug only affects Firefox on Windows. | 6.5 |
| 2023-06-02 | CVE-2023-25741 | Unspecified vulnerability in Mozilla Firefox When dragging and dropping an image cross-origin, the image's size could potentially be leaked. | 6.5 |