Vulnerabilities > Mozilla > Medium

DATE CVE VULNERABILITY TITLE RISK
2023-06-02 CVE-2023-28163 Unspecified vulnerability in Mozilla Firefox
When downloading files through the Save As dialog on Windows with suggested filenames containing environment variable names, Windows would have resolved those in the context of the current user.
network
low complexity
mozilla
6.5
2023-06-02 CVE-2023-28164 Unspecified vulnerability in Mozilla Firefox
Dragging a URL from a cross-origin iframe that was removed during the drag could have led to user confusion and website spoofing attacks.
network
low complexity
mozilla
6.5
2023-06-02 CVE-2023-29533 Unspecified vulnerability in Mozilla products
A website could have obscured the fullscreen notification by using a combination of <code>window.open</code>, fullscreen requests, <code>window.name</code> assignments, and <code>setInterval</code> calls.
network
low complexity
mozilla
4.3
2023-06-02 CVE-2023-29535 Unspecified vulnerability in Mozilla products
Following a Garbage Collector compaction, weak maps may have been accessed before they were correctly traced.
network
low complexity
mozilla
6.5
2023-06-02 CVE-2023-29538 Exposure of Resource to Wrong Sphere vulnerability in Mozilla Firefox and Focus
Under specific circumstances a WebExtension may have received a <code>jar:file:///</code> URI instead of a <code>moz-extension:///</code> URI during a load request.
network
low complexity
mozilla CWE-668
4.3
2023-06-02 CVE-2023-29540 Open Redirect vulnerability in Mozilla Firefox and Focus
Using a redirect embedded into <code>sourceMappingUrls</code> could allow for navigation to external protocol links in sandboxed iframes without <code>allow-top-navigation-to-custom-protocols</code>.
network
low complexity
mozilla CWE-601
6.1
2023-06-02 CVE-2023-29544 Resource Exhaustion vulnerability in Mozilla Firefox and Focus
If multiple instances of resource exhaustion occurred at the incorrect time, the garbage collector could have caused memory corruption and a potentially exploitable crash.
network
low complexity
mozilla CWE-400
6.5
2023-06-02 CVE-2023-29547 Unspecified vulnerability in Mozilla Firefox ESR and Focus
When a secure cookie existed in the Firefox cookie jar an insecure cookie for the same domain could have been created, when it should have silently failed.
network
low complexity
mozilla
6.5
2023-06-02 CVE-2023-29548 Unspecified vulnerability in Mozilla products
A wrong lowering instruction in the ARM64 Ion compiler resulted in a wrong optimization result.
network
low complexity
mozilla
6.5
2023-06-02 CVE-2023-29549 Inadequate Encryption Strength vulnerability in Mozilla Firefox and Focus
Under certain circumstances, a call to the <code>bind</code> function may have resulted in the incorrect realm.
network
low complexity
mozilla CWE-326
6.5