Product:

Firefox

(Mozilla)
Date Id Summary Products Score Patch Annotated
2023-10-25 CVE-2023-5727 The executable file warning was not presented when downloading .msix, .msixbundle, .appx, and .appxbundle files, which can run commands on a user's computer. *Note: This issue only affected Windows operating systems. Other operating systems are unaffected.* This vulnerability affects Firefox < 119, Firefox ESR < 115.4, and Thunderbird < 115.4.1. Firefox, Firefox_esr, Thunderbird 6.5
2023-10-25 CVE-2023-5721 It was possible for certain browser prompts and dialogs to be activated or dismissed unintentionally by the user due to an insufficient activation-delay. This vulnerability affects Firefox < 119, Firefox ESR < 115.4, and Thunderbird < 115.4.1. Debian_linux, Firefox, Firefox_esr, Thunderbird 4.3
2023-10-25 CVE-2023-5730 Memory safety bugs present in Firefox 118, Firefox ESR 115.3, and Thunderbird 115.3. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 119, Firefox ESR < 115.4, and Thunderbird < 115.4.1. Debian_linux, Firefox, Firefox_esr, Thunderbird 9.8
2023-10-25 CVE-2023-5732 An attacker could have created a malicious link using bidirectional characters to spoof the location in the address bar when visited. This vulnerability affects Firefox < 117, Firefox ESR < 115.4, and Thunderbird < 115.4.1. Debian_linux, Firefox, Firefox_esr, Thunderbird 6.5
2023-09-27 CVE-2023-5169 A compromised content process could have provided malicious data in a `PathRecording` resulting in an out-of-bounds write, leading to a potentially exploitable crash in a privileged process. This vulnerability affects Firefox < 118, Firefox ESR < 115.3, and Thunderbird < 115.3. Debian_linux, Fedora, Firefox, Firefox_esr, Thunderbird 6.5
2023-09-27 CVE-2023-5171 During Ion compilation, a Garbage Collection could have resulted in a use-after-free condition, allowing an attacker to write two NUL bytes, and cause a potentially exploitable crash. This vulnerability affects Firefox < 118, Firefox ESR < 115.3, and Thunderbird < 115.3. Debian_linux, Fedora, Firefox, Firefox_esr, Thunderbird 6.5
2023-09-27 CVE-2023-5176 Memory safety bugs present in Firefox 117, Firefox ESR 115.2, and Thunderbird 115.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 118, Firefox ESR < 115.3, and Thunderbird < 115.3. Debian_linux, Firefox, Firefox_esr, Thunderbird 9.8
2021-06-24 CVE-2021-24002 When a user clicked on an FTP URL containing encoded newline characters (%0A and %0D), the newlines would have been interpreted as such and allowed arbitrary commands to be sent to the FTP server. This vulnerability affects Firefox ESR < 78.10, Thunderbird < 78.10, and Firefox < 88. Firefox, Firefox_esr, Thunderbird 8.8
2023-09-27 CVE-2023-5168 A compromised content process could have provided malicious data to `FilterNodeD2D1` resulting in an out-of-bounds write, leading to a potentially exploitable crash in a privileged process. *This bug only affects Firefox on Windows. Other operating systems are unaffected.* This vulnerability affects Firefox < 118, Firefox ESR < 115.3, and Thunderbird < 115.3. Firefox, Firefox_esr, Thunderbird 9.8
2023-09-27 CVE-2023-5174 If Windows failed to duplicate a handle during process creation, the sandbox code may have inadvertently freed a pointer twice, resulting in a use-after-free and a potentially exploitable crash. *This bug only affects Firefox on Windows when run in non-standard configurations (such as using `runas`). Other operating systems are unaffected.* This vulnerability affects Firefox < 118, Firefox ESR < 115.3, and Thunderbird < 115.3. Firefox, Firefox_esr, Thunderbird 9.8