Vulnerabilities > Mozilla > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-10-25 | CVE-2023-5729 | Unspecified vulnerability in Mozilla Firefox A malicious web site can enter fullscreen mode while simultaneously triggering a WebAuthn prompt. | 4.3 |
| 2023-10-25 | CVE-2023-5732 | An attacker could have created a malicious link using bidirectional characters to spoof the location in the address bar when visited. | 6.5 |
| 2023-10-25 | CVE-2023-5758 | Cross-site Scripting vulnerability in Mozilla Firefox When opening a page in reader mode, the redirect URL could have caused attacker-controlled script to execute in a reflected Cross-Site Scripting (XSS) attack. | 6.1 |
| 2023-10-04 | CVE-2023-42808 | Cross-site Scripting vulnerability in Mozilla Common Voice 1.88.2 Common Voice is the web app for Mozilla Common Voice, a platform for collecting speech donations in order to create public domain datasets for training voice recognition-related tools. | 6.1 |
| 2023-09-27 | CVE-2023-5169 | Out-of-bounds Write vulnerability in multiple products A compromised content process could have provided malicious data in a `PathRecording` resulting in an out-of-bounds write, leading to a potentially exploitable crash in a privileged process. | 6.5 |
| 2023-09-27 | CVE-2023-5171 | Use After Free vulnerability in multiple products During Ion compilation, a Garbage Collection could have resulted in a use-after-free condition, allowing an attacker to write two NUL bytes, and cause a potentially exploitable crash. | 6.5 |
| 2023-09-11 | CVE-2023-4104 | Missing Authorization vulnerability in Mozilla VPN 2.16.0 An invalid Polkit Authentication check and missing authentication requirements for D-Bus methods allowed any local user to configure arbitrary VPN setups. *This bug only affects Mozilla VPN on Linux. | 5.5 |
| 2023-09-11 | CVE-2023-4574 | Use After Free vulnerability in Mozilla Thunderbird When creating a callback over IPC for showing the Color Picker window, multiple of the same callbacks could have been created at a time and eventually all simultaneously destroyed as soon as one of the callbacks finished. | 6.5 |
| 2023-09-11 | CVE-2023-4575 | Use After Free vulnerability in Mozilla Thunderbird When creating a callback over IPC for showing the File Picker window, multiple of the same callbacks could have been created at a time and eventually all simultaneously destroyed as soon as one of the callbacks finished. | 6.5 |
| 2023-09-11 | CVE-2023-4577 | Unspecified vulnerability in Mozilla Thunderbird When `UpdateRegExpStatics` attempted to access `initialStringHeap` it could already have been garbage collected prior to entering the function, which could potentially have led to an exploitable crash. | 6.5 |