Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Firefox
(Mozilla)| Repositories |
• https://github.com/libevent/libevent
• https://github.com/khaledhosny/ots |
| #Vulnerabilities | 2582 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2023-12-19 | CVE-2023-6873 | Memory safety bugs present in Firefox 120. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 121. | Debian_linux, Firefox | 8.8 | ||
| 2024-01-23 | CVE-2024-0748 | A compromised content process could have updated the document URI. This could have allowed an attacker to set an arbitrary URI in the address bar or history. This vulnerability affects Firefox < 122. | Firefox | 4.3 | ||
| 2024-01-23 | CVE-2024-0752 | A use-after-free crash could have occurred on macOS if a Firefox update were being applied on a very busy system. This could have resulted in an exploitable crash. This vulnerability affects Firefox < 122. | Firefox | 6.5 | ||
| 2024-01-23 | CVE-2024-0754 | Some WASM source files could have caused a crash when loaded in devtools. This vulnerability affects Firefox < 122. | Firefox | 6.5 | ||
| 2023-06-02 | CVE-2023-32213 | When reading a file, an uninitialized value could have been used as read limit. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11. | Firefox, Firefox_esr, Thunderbird | 8.8 | ||
| 2023-06-02 | CVE-2023-32205 | In multiple cases browser prompts could have been obscured by popups controlled by content. These could have led to potential user confusion and spoofing attacks. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11. | Firefox, Firefox_esr, Thunderbird | 4.3 | ||
| 2023-06-02 | CVE-2023-32206 | An out-of-bound read could have led to a crash in the RLBox Expat driver. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11. | Firefox, Firefox_esr, Thunderbird | 6.5 | ||
| 2023-06-02 | CVE-2023-32207 | A missing delay in popup notifications could have made it possible for an attacker to trick a user into granting permissions. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11. | Firefox, Firefox_esr, Thunderbird | 8.8 | ||
| 2023-06-02 | CVE-2023-32211 | A type checking bug would have led to invalid code being compiled. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11. | Firefox, Firefox_esr, Thunderbird | 6.5 | ||
| 2023-06-02 | CVE-2023-32212 | An attacker could have positioned a <code>datalist</code> element to obscure the address bar. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11. | Firefox, Firefox_esr, Thunderbird | 4.3 |