Firefox_esr - Vulncode-DB

Note:

This project will be discontinued after December 13, 2021. [more]

Product:
Firefox_esr
(Mozilla)

Repositories	https://github.com/libevent/libevent
#Vulnerabilities	746

Date	Id	Summary	Products	Score	Patch	Annotated
2023-06-02	CVE-2023-23601	Navigations were being allowed when dragging a URL from a cross-origin iframe into the same tab which could lead to website spoofing attacks. This vulnerability affects Firefox < 109, Thunderbird < 102.7, and Firefox ESR < 102.7.	Firefox, Firefox_esr, Thunderbird	6.5
2023-06-02	CVE-2023-23602	A mishandled security check when creating a WebSocket in a WebWorker caused the Content Security Policy connect-src header to be ignored. This could lead to connections to restricted origins from inside WebWorkers. This vulnerability affects Firefox < 109, Thunderbird < 102.7, and Firefox ESR < 102.7.	Firefox, Firefox_esr, Thunderbird	6.5
2023-06-02	CVE-2023-23603	Regular expressions used to filter out forbidden properties and values from style directives in calls to <code>console.log</code> weren't accounting for external URLs. Data could then be potentially exfiltrated from the browser. This vulnerability affects Firefox < 109, Thunderbird < 102.7, and Firefox ESR < 102.7.	Firefox, Firefox_esr, Thunderbird	6.5
2023-06-02	CVE-2023-25728	The <code>Content-Security-Policy-Report-Only</code> header could allow an attacker to leak a child iframe's unredacted URI when interaction with that iframe triggers a redirect. This vulnerability affects Firefox < 110, Thunderbird < 102.8, and Firefox ESR < 102.8.	Firefox, Firefox_esr, Thunderbird	6.5
2023-06-02	CVE-2023-25729	Permission prompts for opening external schemes were only shown for <code>ContentPrincipals</code> resulting in extensions being able to open them without user interaction via <code>ExpandedPrincipals</code>. This could lead to further malicious actions such as downloading files or interacting with software already installed on the system. This vulnerability affects Firefox < 110, Thunderbird < 102.8, and Firefox ESR < 102.8.	Firefox, Firefox_esr, Thunderbird	8.8
2023-06-02	CVE-2023-25730	A background script invoking <code>requestFullscreen</code> and then blocking the main thread could force the browser into fullscreen mode indefinitely, resulting in potential user confusion or spoofing attacks. This vulnerability affects Firefox < 110, Thunderbird < 102.8, and Firefox ESR < 102.8.	Firefox, Firefox_esr, Thunderbird	5.4
2023-06-02	CVE-2023-25732	When encoding data from an <code>inputStream</code> in <code>xpcom</code> the size of the input being encoded was not correctly calculated potentially leading to an out of bounds memory write. This vulnerability affects Firefox < 110, Thunderbird < 102.8, and Firefox ESR < 102.8.	Firefox, Firefox_esr, Thunderbird	8.8
2023-06-02	CVE-2023-25734	After downloading a Windows <code>.url</code> shortcut from the local filesystem, an attacker could supply a remote path that would lead to unexpected network requests from the operating system. This also had the potential to leak NTLM credentials to the resource.<br>This bug only affects Firefox on Windows. Other operating systems are unaffected.. This vulnerability affects Firefox < 110, Thunderbird < 102.8, and Firefox ESR < 102.8.	Firefox, Firefox_esr, Thunderbird	8.1
2023-06-02	CVE-2023-25735	Cross-compartment wrappers wrapping a scripted proxy could have caused objects from other compartments to be stored in the main compartment resulting in a use-after-free after unwrapping the proxy. This vulnerability affects Firefox < 110, Thunderbird < 102.8, and Firefox ESR < 102.8.	Firefox, Firefox_esr, Thunderbird	8.8
2023-06-02	CVE-2023-25737	An invalid downcast from <code>nsTextNode</code> to <code>SVGElement</code> could have lead to undefined behavior. This vulnerability affects Firefox < 110, Thunderbird < 102.8, and Firefox ESR < 102.8.	Firefox, Firefox_esr, Thunderbird	8.8