Product:

Firefox

(Mozilla)
Date Id Summary Products Score Patch Annotated
2024-01-23 CVE-2024-0752 A use-after-free crash could have occurred on macOS if a Firefox update were being applied on a very busy system. This could have resulted in an exploitable crash. This vulnerability affects Firefox < 122. Firefox 6.5
2024-01-23 CVE-2024-0754 Some WASM source files could have caused a crash when loaded in devtools. This vulnerability affects Firefox < 122. Firefox 6.5
2023-06-02 CVE-2023-32213 When reading a file, an uninitialized value could have been used as read limit. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11. Firefox, Firefox_esr, Thunderbird 8.8
2023-06-02 CVE-2023-32205 In multiple cases browser prompts could have been obscured by popups controlled by content. These could have led to potential user confusion and spoofing attacks. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11. Firefox, Firefox_esr, Thunderbird 4.3
2023-06-02 CVE-2023-32206 An out-of-bound read could have led to a crash in the RLBox Expat driver. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11. Firefox, Firefox_esr, Thunderbird 6.5
2023-06-02 CVE-2023-32207 A missing delay in popup notifications could have made it possible for an attacker to trick a user into granting permissions. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11. Firefox, Firefox_esr, Thunderbird 8.8
2023-06-02 CVE-2023-32211 A type checking bug would have led to invalid code being compiled. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11. Firefox, Firefox_esr, Thunderbird 6.5
2023-06-02 CVE-2023-32212 An attacker could have positioned a <code>datalist</code> element to obscure the address bar. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11. Firefox, Firefox_esr, Thunderbird 4.3
2023-06-02 CVE-2023-32215 Memory safety bugs present in Firefox 112 and Firefox ESR 102.10. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11. Firefox, Firefox_esr, Thunderbird 8.8
2023-06-19 CVE-2023-32208 Service workers could reveal script base URL due to dynamic `import()`. This vulnerability affects Firefox < 113. Firefox 5.3