Vulnerabilities > Mozilla > Medium

DATE CVE VULNERABILITY TITLE RISK
2023-06-02 CVE-2023-32205 Unspecified vulnerability in Mozilla Firefox
In multiple cases browser prompts could have been obscured by popups controlled by content.
network
low complexity
mozilla
4.3
2023-06-02 CVE-2023-32206 Out-of-bounds Read vulnerability in Mozilla Firefox
An out-of-bound read could have led to a crash in the RLBox Expat driver.
network
low complexity
mozilla CWE-125
6.5
2023-06-02 CVE-2023-32211 Unspecified vulnerability in Mozilla Firefox
A type checking bug would have led to invalid code being compiled.
network
low complexity
mozilla
6.5
2023-06-02 CVE-2023-32212 Unspecified vulnerability in Mozilla Firefox
An attacker could have positioned a <code>datalist</code> element to obscure the address bar.
network
low complexity
mozilla
4.3
2023-02-16 CVE-2019-17003 Cross-site Scripting vulnerability in Mozilla Firefox
Scanning a QR code that contained a javascript: URL would have resulted in the Javascript being executed.
network
low complexity
mozilla CWE-79
6.1
2023-02-16 CVE-2020-12413 Information Exposure Through Discrepancy vulnerability in Mozilla Firefox
The Raccoon attack is a timing attack on DHE ciphersuites inherit in the TLS specification.
network
high complexity
mozilla CWE-203
5.9
2023-02-16 CVE-2021-23980 Cross-site Scripting vulnerability in Mozilla Bleach
A mutation XSS affects users calling bleach.clean with all of: svg or math in the allowed tags p or br in allowed tags style, title, noscript, script, textarea, noframes, iframe, or xmp in allowed tags the keyword argument strip_comments=False Note: none of the above tags are in the default allowed tags and strip_comments defaults to True.
network
low complexity
mozilla CWE-79
6.1
2023-02-16 CVE-2022-0637 Open Redirect vulnerability in Mozilla Pollbot
open redirect in pollbot (pollbot.services.mozilla.com) in versions before 1.4.6
network
low complexity
mozilla CWE-601
6.1
2022-12-22 CVE-2021-4126 Unspecified vulnerability in Mozilla Thunderbird
When receiving an OpenPGP/MIME signed email message that contains an additional outer MIME message layer, for example a message footer added by a mailing list gateway, Thunderbird only considered the inner signed message for the signature validity.
network
low complexity
mozilla
6.5
2022-12-22 CVE-2021-4128 Use After Free vulnerability in Mozilla Firefox
When transitioning in and out of fullscreen mode, a graphics object was not correctly protected; resulting in memory corruption and a potentially exploitable crash.<br>*This bug only affects Firefox on MacOS.
network
low complexity
mozilla CWE-416
6.5