Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Firefox
(Mozilla)Repositories |
• https://github.com/libevent/libevent
• https://github.com/khaledhosny/ots |
#Vulnerabilities | 2582 |
Date | Id | Summary | Products | Score | Patch | Annotated |
---|---|---|---|---|---|---|
2024-08-06 | CVE-2024-43111 | Long pressing on a download link could potentially allow Javascript commands to be executed within the browser This vulnerability affects Firefox for iOS < 129. | Firefox | 6.1 | ||
2024-08-06 | CVE-2024-43112 | Long pressing on a download link could potentially provide a means for cross-site scripting This vulnerability affects Firefox for iOS < 129. | Firefox | 6.1 | ||
2024-08-06 | CVE-2024-43113 | The contextual menu for links could provide an opportunity for cross-site scripting attacks This vulnerability affects Firefox for iOS < 129. | Firefox | 6.1 | ||
2023-12-19 | CVE-2023-6866 | TypedArrays can be fallible and lacked proper exception handling. This could lead to abuse in other APIs which expect TypedArrays to always succeed. This vulnerability affects Firefox < 121. | Firefox | 8.8 | ||
2024-06-11 | CVE-2024-5697 | A website was able to detect when a user took a screenshot of a page using the built-in Screenshot functionality in Firefox. This vulnerability affects Firefox < 127. | Firefox | 4.3 | ||
2024-06-11 | CVE-2024-5698 | By manipulating the fullscreen feature while opening a data-list, an attacker could have overlaid a text box over the address bar. This could have led to user confusion and possible spoofing attacks. This vulnerability affects Firefox < 127. | Firefox | 6.1 | ||
2024-08-06 | CVE-2024-7518 | Select options could obscure the fullscreen notification dialog. This could be used by a malicious site to perform a spoofing attack. This vulnerability affects Firefox < 129, Firefox ESR < 128.1, and Thunderbird < 128.1. | Firefox, Firefox_esr, Thunderbird | 6.5 | ||
2024-06-11 | CVE-2024-5691 | By tricking the browser with a `X-Frame-Options` header, a sandboxed iframe could have presented a button that, if clicked by a user, would bypass restrictions to open a new window. This vulnerability affects Firefox < 127, Firefox ESR < 115.12, and Thunderbird < 115.12. | Firefox, Firefox_esr, Thunderbird | 4.7 | ||
2024-08-06 | CVE-2024-7519 | Insufficient checks when processing graphics shared memory could have led to memory corruption. This could be leveraged by an attacker to perform a sandbox escape. This vulnerability affects Firefox < 129, Firefox ESR < 115.14, Firefox ESR < 128.1, Thunderbird < 128.1, and Thunderbird < 115.14. | Firefox, Firefox_esr, Thunderbird | 9.6 | ||
2024-08-06 | CVE-2024-7520 | A type confusion bug in WebAssembly could be leveraged by an attacker to potentially achieve code execution. This vulnerability affects Firefox < 129, Firefox ESR < 128.1, and Thunderbird < 128.1. | Firefox, Firefox_esr, Thunderbird | 8.8 |