Vulnerabilities > Mozilla > Medium

DATE CVE VULNERABILITY TITLE RISK
2021-06-24 CVE-2021-29961 Incorrect Authorization vulnerability in Mozilla Firefox
When styling and rendering an oversized `<select>` element, Firefox did not apply correct clipping which allowed an attacker to paint over the user interface.
network
low complexity
mozilla CWE-863
4.3
2021-06-24 CVE-2021-29962 Improper Resource Shutdown or Release vulnerability in Mozilla Firefox
Firefox for Android would become unstable and hard-to-recover when a website opened too many popups.
network
low complexity
mozilla CWE-404
4.3
2021-06-24 CVE-2021-29963 Insufficient Verification of Data Authenticity vulnerability in Mozilla Firefox
Address bar search suggestions in private browsing mode were re-using session data from normal mode.
network
low complexity
mozilla CWE-345
4.3
2021-06-24 CVE-2021-29965 Externally Controlled Reference to a Resource in Another Sphere vulnerability in Mozilla Firefox
A malicious website that causes an HTTP Authentication dialog to be spawned could trick the built-in password manager to suggest passwords for the currently active website instead of the website that triggered the dialog.
network
low complexity
mozilla CWE-610
5.3
2021-06-02 CVE-2011-3656 Cross-site Scripting vulnerability in Mozilla Firefox
Cross-site scripting (XSS) vulnerability in Mozilla Firefox before 3.6.24 and 4.x through 7 allows remote attackers to inject arbitrary web script or HTML via vectors involving HTTP 0.9 errors, non-default ports, and content-sniffing.
network
low complexity
mozilla CWE-79
6.1
2021-05-17 CVE-2007-5967 Unspecified vulnerability in Mozilla Firefox
A flaw in Mozilla's embedded certificate code might allow web sites to install root certificates on devices without user approval.
network
low complexity
mozilla
6.5
2021-03-31 CVE-2021-23986 Origin Validation Error vulnerability in Mozilla Firefox
A malicious extension with the 'search' permission could have installed a new search engine whose favicon referenced a cross-origin URL.
network
low complexity
mozilla CWE-346
6.5
2021-03-31 CVE-2021-23985 Unspecified vulnerability in Mozilla Firefox
If an attacker is able to alter specific about:config values (for example malware running on the user's computer), the Devtools remote debugging feature could have been enabled in a way that was unnoticable to the user.
network
low complexity
mozilla
6.5
2021-03-31 CVE-2021-23984 Authentication Bypass by Spoofing vulnerability in Mozilla Firefox
A malicious extension could have opened a popup window lacking an address bar.
network
low complexity
mozilla CWE-290
6.5
2021-03-31 CVE-2021-23983 Out-of-bounds Write vulnerability in Mozilla Firefox
By causing a transition on a parent node by removing a CSS rule, an invalid property for a marker could have been applied, resulting in memory corruption and a potentially exploitable crash.
network
low complexity
mozilla CWE-787
6.5