Filtered by vendor Mozilla
Subscribe
Total
3042 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2023-37212 | 1 Mozilla | 1 Firefox | 2024-02-28 | N/A | 8.8 HIGH |
Memory safety bugs present in Firefox 114. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 115. | |||||
CVE-2023-29537 | 1 Mozilla | 2 Firefox, Focus | 2024-02-28 | N/A | 7.5 HIGH |
Multiple race conditions in the font initialization could have led to memory corruption and execution of attacker-controlled code. This vulnerability affects Firefox for Android < 112, Firefox < 112, and Focus for Android < 112. | |||||
CVE-2023-37206 | 1 Mozilla | 1 Firefox | 2024-02-28 | N/A | 6.5 MEDIUM |
Uploading files which contain symlinks may have allowed an attacker to trick a user into submitting sensitive data to a malicious website. This vulnerability affects Firefox < 115. | |||||
CVE-2023-32215 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2024-02-28 | N/A | 8.8 HIGH |
Memory safety bugs present in Firefox 112 and Firefox ESR 102.10. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11. | |||||
CVE-2023-37208 | 2 Debian, Mozilla | 4 Debian Linux, Firefox, Firefox Esr and 1 more | 2024-02-28 | N/A | 7.8 HIGH |
When opening Diagcab files, Firefox did not warn the user that these files may contain malicious code. This vulnerability affects Firefox < 115, Firefox ESR < 102.13, and Thunderbird < 102.13. | |||||
CVE-2023-25737 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2024-02-28 | N/A | 8.8 HIGH |
An invalid downcast from <code>nsTextNode</code> to <code>SVGElement</code> could have lead to undefined behavior. This vulnerability affects Firefox < 110, Thunderbird < 102.8, and Firefox ESR < 102.8. | |||||
CVE-2023-25730 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2024-02-28 | N/A | 5.4 MEDIUM |
A background script invoking <code>requestFullscreen</code> and then blocking the main thread could force the browser into fullscreen mode indefinitely, resulting in potential user confusion or spoofing attacks. This vulnerability affects Firefox < 110, Thunderbird < 102.8, and Firefox ESR < 102.8. | |||||
CVE-2023-29536 | 1 Mozilla | 4 Firefox, Firefox Esr, Focus and 1 more | 2024-02-28 | N/A | 8.8 HIGH |
An attacker could cause the memory manager to incorrectly free a pointer that addresses attacker-controlled memory, resulting in an assertion, memory corruption, or a potentially exploitable crash. This vulnerability affects Firefox < 112, Focus for Android < 112, Firefox ESR < 102.10, Firefox for Android < 112, and Thunderbird < 102.10. | |||||
CVE-2023-25746 | 1 Mozilla | 2 Firefox Esr, Thunderbird | 2024-02-28 | N/A | 8.8 HIGH |
Memory safety bugs present in Firefox ESR 102.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird < 102.8 and Firefox ESR < 102.8. | |||||
CVE-2023-25747 | 1 Mozilla | 1 Firefox | 2024-02-28 | N/A | 7.5 HIGH |
A potential use-after-free in libaudio was fixed by disabling the AAudio backend when running on Android API below version 30. *This bug only affects Firefox for Android. Other versions of Firefox are unaffected.* This vulnerability affects Firefox for Android < 110.1.0. | |||||
CVE-2023-34414 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2024-02-28 | N/A | 3.1 LOW |
The error page for sites with invalid TLS certificates was missing the activation-delay Firefox uses to protect prompts and permission dialogs from attacks that exploit human response time delays. If a malicious page elicited user clicks in precise locations immediately before navigating to a site with a certificate error and made the renderer extremely busy at the same time, it could create a gap between when the error page was loaded and when the display actually refreshed. With the right timing the elicited clicks could land in that gap and activate the button that overrides the certificate error for that site. This vulnerability affects Firefox ESR < 102.12, Firefox < 114, and Thunderbird < 102.12. | |||||
CVE-2023-32209 | 1 Mozilla | 1 Firefox | 2024-02-28 | N/A | 7.5 HIGH |
A maliciously crafted favicon could have led to an out of memory crash. This vulnerability affects Firefox < 113. | |||||
CVE-2023-32206 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2024-02-28 | N/A | 6.5 MEDIUM |
An out-of-bound read could have led to a crash in the RLBox Expat driver. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11. | |||||
CVE-2023-37210 | 1 Mozilla | 1 Firefox | 2024-02-28 | N/A | 6.5 MEDIUM |
A website could prevent a user from exiting full-screen mode via alert and prompt calls. This could lead to user confusion and possible spoofing attacks. This vulnerability affects Firefox < 115. | |||||
CVE-2023-29548 | 1 Mozilla | 4 Firefox, Firefox Esr, Focus and 1 more | 2024-02-28 | N/A | 6.5 MEDIUM |
A wrong lowering instruction in the ARM64 Ion compiler resulted in a wrong optimization result. This vulnerability affects Firefox < 112, Focus for Android < 112, Firefox ESR < 102.10, Firefox for Android < 112, and Thunderbird < 102.10. | |||||
CVE-2023-29551 | 1 Mozilla | 2 Firefox, Focus | 2024-02-28 | N/A | 8.8 HIGH |
Memory safety bugs present in Firefox 111. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox for Android < 112, Firefox < 112, and Focus for Android < 112. | |||||
CVE-2023-25742 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2024-02-28 | N/A | 6.5 MEDIUM |
When importing a SPKI RSA public key as ECDSA P-256, the key would be handled incorrectly causing the tab to crash. This vulnerability affects Firefox < 110, Thunderbird < 102.8, and Firefox ESR < 102.8. | |||||
CVE-2023-0616 | 1 Mozilla | 1 Thunderbird | 2024-02-28 | N/A | 6.5 MEDIUM |
If a MIME email combines OpenPGP and OpenPGP MIME data in a certain way Thunderbird repeatedly attempts to process and display the message, which could cause Thunderbird's user interface to lock up and no longer respond to the user's actions. An attacker could send a crafted message with this structure to attempt a DoS attack. This vulnerability affects Thunderbird < 102.8. | |||||
CVE-2023-32216 | 1 Mozilla | 1 Firefox | 2024-02-28 | N/A | 9.8 CRITICAL |
Memory safety bugs present in Firefox 112. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 113. | |||||
CVE-2023-32210 | 1 Mozilla | 1 Firefox | 2024-02-28 | N/A | 6.5 MEDIUM |
Documents were incorrectly assuming an ordering of principal objects when ensuring we were loading an appropriately privileged principal. In certain circumstances it might have been possible to cause a document to be loaded with a higher privileged principal than intended. This vulnerability affects Firefox < 113. |