Vulnerabilities > Mozilla > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-10-25 | CVE-2023-5726 | Unspecified vulnerability in Mozilla Firefox A website could have obscured the full screen notification by using the file open dialog. | 4.3 |
2023-10-25 | CVE-2023-5727 | Unspecified vulnerability in Mozilla Firefox The executable file warning was not presented when downloading .msix, .msixbundle, .appx, and .appxbundle files, which can run commands on a user's computer. | 6.5 |
2023-10-25 | CVE-2023-5729 | Unspecified vulnerability in Mozilla Firefox A malicious web site can enter fullscreen mode while simultaneously triggering a WebAuthn prompt. | 4.3 |
2023-10-25 | CVE-2023-5732 | An attacker could have created a malicious link using bidirectional characters to spoof the location in the address bar when visited. | 6.5 |
2023-10-25 | CVE-2023-5758 | Cross-site Scripting vulnerability in Mozilla Firefox When opening a page in reader mode, the redirect URL could have caused attacker-controlled script to execute in a reflected Cross-Site Scripting (XSS) attack. | 6.1 |
2023-10-04 | CVE-2023-42808 | Unspecified vulnerability in Mozilla Common Voice 1.88.2 Common Voice is the web app for Mozilla Common Voice, a platform for collecting speech donations in order to create public domain datasets for training voice recognition-related tools. | 6.1 |
2023-09-27 | CVE-2023-5169 | Out-of-bounds Write vulnerability in multiple products A compromised content process could have provided malicious data in a `PathRecording` resulting in an out-of-bounds write, leading to a potentially exploitable crash in a privileged process. | 6.5 |
2023-09-27 | CVE-2023-5171 | Use After Free vulnerability in multiple products During Ion compilation, a Garbage Collection could have resulted in a use-after-free condition, allowing an attacker to write two NUL bytes, and cause a potentially exploitable crash. | 6.5 |
2023-09-11 | CVE-2023-4104 | Missing Authorization vulnerability in Mozilla VPN 2.16.0 An invalid Polkit Authentication check and missing authentication requirements for D-Bus methods allowed any local user to configure arbitrary VPN setups. *This bug only affects Mozilla VPN on Linux. | 5.5 |
2023-09-11 | CVE-2023-4574 | Use After Free vulnerability in Mozilla Thunderbird When creating a callback over IPC for showing the Color Picker window, multiple of the same callbacks could have been created at a time and eventually all simultaneously destroyed as soon as one of the callbacks finished. | 6.5 |