Vulnerabilities > Mozilla > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-06-24 | CVE-2021-29963 | Insufficient Verification of Data Authenticity vulnerability in Mozilla Firefox Address bar search suggestions in private browsing mode were re-using session data from normal mode. | 4.3 |
| 2021-06-24 | CVE-2021-29965 | Externally Controlled Reference to a Resource in Another Sphere vulnerability in Mozilla Firefox A malicious website that causes an HTTP Authentication dialog to be spawned could trick the built-in password manager to suggest passwords for the currently active website instead of the website that triggered the dialog. | 5.3 |
| 2021-06-02 | CVE-2011-3656 | Cross-site Scripting vulnerability in Mozilla Firefox Cross-site scripting (XSS) vulnerability in Mozilla Firefox before 3.6.24 and 4.x through 7 allows remote attackers to inject arbitrary web script or HTML via vectors involving HTTP 0.9 errors, non-default ports, and content-sniffing. | 6.1 |
| 2021-05-17 | CVE-2007-5967 | Improper Certificate Validation vulnerability in Mozilla Firefox A flaw in Mozilla's embedded certificate code might allow web sites to install root certificates on devices without user approval. | 6.5 |
| 2021-03-31 | CVE-2021-23986 | Origin Validation Error vulnerability in Mozilla Firefox A malicious extension with the 'search' permission could have installed a new search engine whose favicon referenced a cross-origin URL. | 6.5 |
| 2021-03-31 | CVE-2021-23985 | Unspecified vulnerability in Mozilla Firefox If an attacker is able to alter specific about:config values (for example malware running on the user's computer), the Devtools remote debugging feature could have been enabled in a way that was unnoticable to the user. | 6.5 |
| 2021-03-31 | CVE-2021-23984 | Authentication Bypass by Spoofing vulnerability in Mozilla Firefox A malicious extension could have opened a popup window lacking an address bar. | 6.5 |
| 2021-03-31 | CVE-2021-23983 | Out-of-bounds Write vulnerability in Mozilla Firefox By causing a transition on a parent node by removing a CSS rule, an invalid property for a marker could have been applied, resulting in memory corruption and a potentially exploitable crash. | 6.5 |
| 2021-03-31 | CVE-2021-23982 | Inadequate Encryption Strength vulnerability in Mozilla Firefox Using techniques that built on the slipstream research, a malicious webpage could have scanned both an internal network's hosts as well as services running on the user's local machine utilizing WebRTC connections. | 6.5 |
| 2021-03-08 | CVE-2021-21354 | Open Redirect vulnerability in Mozilla Pollbot Pollbot is open source software which "frees its human masters from the toilsome task of polling for the state of things during the Firefox release process." In Pollbot before version 1.4.4 there is an open redirection vulnerability in the path of "https://pollbot.services.mozilla.com/". | 6.1 |