Vulnerabilities > Mozilla > Medium

DATE CVE VULNERABILITY TITLE RISK
2023-11-21 CVE-2023-6204 Out-of-bounds Read vulnerability in multiple products
On some systems—depending on the graphics settings and drivers—it was possible to force an out-of-bounds read and leak memory data into the images created on the canvas element.
network
low complexity
mozilla debian CWE-125
6.5
2023-11-21 CVE-2023-6205 Use After Free vulnerability in multiple products
It was possible to cause the use of a MessagePort after it had already been freed, which could potentially have led to an exploitable crash.
network
low complexity
mozilla debian CWE-416
6.5
2023-11-21 CVE-2023-6206 Improper Restriction of Rendered UI Layers or Frames vulnerability in multiple products
The black fade animation when exiting fullscreen is roughly the length of the anti-clickjacking delay on permission prompts.
network
low complexity
mozilla debian CWE-1021
5.4
2023-11-21 CVE-2023-6209 Path Traversal vulnerability in multiple products
Relative URLs starting with three slashes were incorrectly parsed, and a path-traversal "/../" part in the path could be used to override the specified host.
network
low complexity
mozilla debian CWE-22
6.5
2023-11-21 CVE-2023-6210 Unspecified vulnerability in Mozilla Firefox
When an https: web page created a pop-up from a "javascript:" URL, that pop-up was incorrectly allowed to load blockable content such as iframes from insecure http: URLs This vulnerability affects Firefox < 120.
network
low complexity
mozilla
6.5
2023-11-21 CVE-2023-6211 Improper Restriction of Rendered UI Layers or Frames vulnerability in Mozilla Firefox
If an attacker needed a user to load an insecure http: page and knew that user had enabled HTTPS-only mode, the attacker could have tricked the user into clicking to grant an HTTPS-only exception if they could get the user to participate in a clicking game.
network
low complexity
mozilla CWE-1021
6.5
2023-10-25 CVE-2023-5721 Improper Restriction of Rendered UI Layers or Frames vulnerability in multiple products
It was possible for certain browser prompts and dialogs to be activated or dismissed unintentionally by the user due to an insufficient activation-delay.
network
low complexity
mozilla debian CWE-1021
4.3
2023-10-25 CVE-2023-5722 Information Exposure Through Discrepancy vulnerability in Mozilla Firefox
Using iterative requests an attacker was able to learn the size of an opaque response, as well as the contents of a server-supplied Vary header.
network
low complexity
mozilla CWE-203
5.3
2023-10-25 CVE-2023-5723 Unspecified vulnerability in Mozilla Firefox
An attacker with temporary script access to a site could have set a cookie containing invalid characters using `document.cookie` that could have led to unknown errors.
network
low complexity
mozilla
5.3
2023-10-25 CVE-2023-5725 A malicious installed WebExtension could open arbitrary URLs, which under the right circumstance could be leveraged to collect sensitive user data.
network
low complexity
mozilla debian
4.3