Vulnerabilities > Mozilla > Medium

DATE CVE VULNERABILITY TITLE RISK
2023-06-02 CVE-2023-23597 Inadequate Encryption Strength vulnerability in Mozilla Firefox
A compromised web child process could disable web security opening restrictions, leading to a new child process being spawned within the <code>file://</code> context.
network
low complexity
mozilla CWE-326
6.5
2023-06-02 CVE-2023-23598 Unspecified vulnerability in Mozilla Firefox
Due to the Firefox GTK wrapper code's use of text/plain for drag data and GTK treating all text/plain MIMEs containing file URLs as being dragged a website could arbitrarily read a file via a call to <code>DataTransfer.setData</code>.
network
low complexity
mozilla
6.5
2023-06-02 CVE-2023-23599 Improper Encoding or Escaping of Output vulnerability in Mozilla Firefox
When copying a network request from the developer tools panel as a curl command the output was not being properly sanitized and could allow arbitrary commands to be hidden within.
network
low complexity
mozilla CWE-116
6.5
2023-06-02 CVE-2023-23600 Unspecified vulnerability in Mozilla Firefox
Per origin notification permissions were being stored in a way that didn't take into account what browsing context the permission was granted in.
network
low complexity
mozilla
6.5
2023-06-02 CVE-2023-23601 Origin Validation Error vulnerability in Mozilla Firefox
Navigations were being allowed when dragging a URL from a cross-origin iframe into the same tab which could lead to website spoofing attacks.
network
low complexity
mozilla CWE-346
6.5
2023-06-02 CVE-2023-23602 Improper Check for Unusual or Exceptional Conditions vulnerability in Mozilla Firefox
A mishandled security check when creating a WebSocket in a WebWorker caused the Content Security Policy connect-src header to be ignored.
network
low complexity
mozilla CWE-754
6.5
2023-06-02 CVE-2023-23603 Unspecified vulnerability in Mozilla Firefox
Regular expressions used to filter out forbidden properties and values from style directives in calls to <code>console.log</code> weren't accounting for external URLs.
network
low complexity
mozilla
6.5
2023-06-02 CVE-2023-23604 Unspecified vulnerability in Mozilla Firefox
A duplicate <code>SystemPrincipal</code> object could be created when parsing a non-system html document via <code>DOMParser::ParseFromSafeString</code>.
network
low complexity
mozilla
6.5
2023-06-02 CVE-2023-25728 Unspecified vulnerability in Mozilla Firefox ESR
The <code>Content-Security-Policy-Report-Only</code> header could allow an attacker to leak a child iframe's unredacted URI when interaction with that iframe triggers a redirect.
network
low complexity
mozilla
6.5
2023-06-02 CVE-2023-25730 Unspecified vulnerability in Mozilla Firefox ESR
A background script invoking <code>requestFullscreen</code> and then blocking the main thread could force the browser into fullscreen mode indefinitely, resulting in potential user confusion or spoofing attacks.
network
low complexity
mozilla
5.4