Vulnerabilities > Mozilla > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-11-21 | CVE-2023-6206 | Improper Restriction of Rendered UI Layers or Frames vulnerability in multiple products The black fade animation when exiting fullscreen is roughly the length of the anti-clickjacking delay on permission prompts. | 5.4 |
| 2023-11-21 | CVE-2023-6209 | Path Traversal vulnerability in multiple products Relative URLs starting with three slashes were incorrectly parsed, and a path-traversal "/../" part in the path could be used to override the specified host. | 6.5 |
| 2023-11-21 | CVE-2023-6210 | Unspecified vulnerability in Mozilla Firefox When an https: web page created a pop-up from a "javascript:" URL, that pop-up was incorrectly allowed to load blockable content such as iframes from insecure http: URLs This vulnerability affects Firefox < 120. | 6.5 |
| 2023-11-21 | CVE-2023-6211 | Improper Restriction of Rendered UI Layers or Frames vulnerability in Mozilla Firefox If an attacker needed a user to load an insecure http: page and knew that user had enabled HTTPS-only mode, the attacker could have tricked the user into clicking to grant an HTTPS-only exception if they could get the user to participate in a clicking game. | 6.5 |
| 2023-10-25 | CVE-2023-5721 | Improper Restriction of Rendered UI Layers or Frames vulnerability in multiple products It was possible for certain browser prompts and dialogs to be activated or dismissed unintentionally by the user due to an insufficient activation-delay. | 4.3 |
| 2023-10-25 | CVE-2023-5722 | Information Exposure Through Discrepancy vulnerability in Mozilla Firefox Using iterative requests an attacker was able to learn the size of an opaque response, as well as the contents of a server-supplied Vary header. | 5.3 |
| 2023-10-25 | CVE-2023-5723 | Unspecified vulnerability in Mozilla Firefox An attacker with temporary script access to a site could have set a cookie containing invalid characters using `document.cookie` that could have led to unknown errors. | 5.3 |
| 2023-10-25 | CVE-2023-5725 | A malicious installed WebExtension could open arbitrary URLs, which under the right circumstance could be leveraged to collect sensitive user data. | 4.3 |
| 2023-10-25 | CVE-2023-5726 | Unspecified vulnerability in Mozilla Firefox A website could have obscured the full screen notification by using the file open dialog. | 4.3 |
| 2023-10-25 | CVE-2023-5727 | Unspecified vulnerability in Mozilla Firefox The executable file warning was not presented when downloading .msix, .msixbundle, .appx, and .appxbundle files, which can run commands on a user's computer. | 6.5 |