Vulnerabilities > Mozilla > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-06-24 | CVE-2021-29944 | Cross-site Scripting vulnerability in Mozilla Firefox Lack of escaping allowed HTML injection when a webpage was viewed in Reader View. | 6.1 |
| 2021-06-24 | CVE-2021-29945 | Incorrect Calculation vulnerability in Mozilla Firefox, Firefox ESR and Thunderbird The WebAssembly JIT could miscalculate the size of a return type, which could lead to a null read and result in a crash. | 6.5 |
| 2021-06-24 | CVE-2021-29951 | Improper Privilege Management vulnerability in Mozilla Firefox The Mozilla Maintenance Service granted SERVICE_START access to BUILTIN|Users which, in a domain network, grants normal remote users access to start or stop the service. | 6.5 |
| 2021-06-24 | CVE-2021-29953 | Cross-site Scripting vulnerability in Mozilla Firefox A malicious webpage could have forced a Firefox for Android user into executing attacker-controlled JavaScript in the context of another domain, resulting in a Universal Cross-Site Scripting vulnerability. | 6.1 |
| 2021-06-24 | CVE-2021-29955 | Injection vulnerability in Mozilla Firefox A transient execution vulnerability, named Floating Point Value Injection (FPVI) allowed an attacker to leak arbitrary memory addresses and may have also enabled JIT type confusion attacks. | 5.3 |
| 2021-06-24 | CVE-2021-29956 | Cleartext Storage of Sensitive Information vulnerability in Mozilla Thunderbird OpenPGP secret keys that were imported using Thunderbird version 78.8.1 up to version 78.10.1 were stored unencrypted on the user's local disk. | 4.3 |
| 2021-06-24 | CVE-2021-29957 | Unspecified vulnerability in Mozilla Thunderbird If a MIME encoded email contains an OpenPGP inline signed or encrypted message part, but also contains an additional unprotected part, Thunderbird did not indicate that only parts of the message are protected. | 4.3 |
| 2021-06-24 | CVE-2021-29958 | Missing Authorization vulnerability in Mozilla Firefox When a download was initiated, the client did not check whether it was in normal or private browsing mode, which led to private mode cookies being shared in normal browsing mode. | 4.3 |
| 2021-06-24 | CVE-2021-29959 | Incorrect Authorization vulnerability in Mozilla Firefox When a user has already allowed a website to access microphone and camera, disabling camera sharing would not fully prevent the website from re-enabling it without an additional prompt. | 4.3 |
| 2021-06-24 | CVE-2021-29960 | Incorrect Resource Transfer Between Spheres vulnerability in Mozilla Firefox Firefox used to cache the last filename used for printing a file. | 4.3 |