Vulnerabilities > Mozilla > Medium

DATE CVE VULNERABILITY TITLE RISK
2023-10-25 CVE-2023-5726 Unspecified vulnerability in Mozilla Firefox
A website could have obscured the full screen notification by using the file open dialog.
network
low complexity
mozilla
4.3
2023-10-25 CVE-2023-5727 Unspecified vulnerability in Mozilla Firefox
The executable file warning was not presented when downloading .msix, .msixbundle, .appx, and .appxbundle files, which can run commands on a user's computer.
network
low complexity
mozilla
6.5
2023-10-25 CVE-2023-5729 Unspecified vulnerability in Mozilla Firefox
A malicious web site can enter fullscreen mode while simultaneously triggering a WebAuthn prompt.
network
low complexity
mozilla
4.3
2023-10-25 CVE-2023-5732 An attacker could have created a malicious link using bidirectional characters to spoof the location in the address bar when visited.
network
low complexity
mozilla debian
6.5
2023-10-25 CVE-2023-5758 Cross-site Scripting vulnerability in Mozilla Firefox
When opening a page in reader mode, the redirect URL could have caused attacker-controlled script to execute in a reflected Cross-Site Scripting (XSS) attack.
network
low complexity
mozilla CWE-79
6.1
2023-10-04 CVE-2023-42808 Unspecified vulnerability in Mozilla Common Voice 1.88.2
Common Voice is the web app for Mozilla Common Voice, a platform for collecting speech donations in order to create public domain datasets for training voice recognition-related tools.
network
low complexity
mozilla
6.1
2023-09-27 CVE-2023-5169 Out-of-bounds Write vulnerability in multiple products
A compromised content process could have provided malicious data in a `PathRecording` resulting in an out-of-bounds write, leading to a potentially exploitable crash in a privileged process.
network
low complexity
mozilla debian fedoraproject CWE-787
6.5
2023-09-27 CVE-2023-5171 Use After Free vulnerability in multiple products
During Ion compilation, a Garbage Collection could have resulted in a use-after-free condition, allowing an attacker to write two NUL bytes, and cause a potentially exploitable crash.
network
low complexity
mozilla debian fedoraproject CWE-416
6.5
2023-09-11 CVE-2023-4104 Missing Authorization vulnerability in Mozilla VPN 2.16.0
An invalid Polkit Authentication check and missing authentication requirements for D-Bus methods allowed any local user to configure arbitrary VPN setups. *This bug only affects Mozilla VPN on Linux.
local
low complexity
mozilla CWE-862
5.5
2023-09-11 CVE-2023-4574 Use After Free vulnerability in Mozilla Thunderbird
When creating a callback over IPC for showing the Color Picker window, multiple of the same callbacks could have been created at a time and eventually all simultaneously destroyed as soon as one of the callbacks finished.
network
low complexity
mozilla CWE-416
6.5