Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Firefox
(Mozilla)| Repositories |
• https://github.com/libevent/libevent
• https://github.com/khaledhosny/ots |
| #Vulnerabilities | 2695 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2023-06-02 | CVE-2023-32211 | A type checking bug would have led to invalid code being compiled. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11. | Firefox, Firefox_esr, Thunderbird | 6.5 | ||
| 2023-06-02 | CVE-2023-32213 | When reading a file, an uninitialized value could have been used as read limit. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11. | Firefox, Firefox_esr, Thunderbird | 8.8 | ||
| 2023-06-19 | CVE-2023-34415 | When choosing a site-isolated process for a document loaded from a data: URL that was the result of a redirect, Firefox would load that document in the same process as the site that issued the redirect. This bypassed the site-isolation protections against Spectre-like attacks on sites that host an "open redirect". Firefox no longer follows HTTP redirects to data: URLs. This vulnerability affects Firefox < 114. | Firefox | 6.1 | ||
| 2023-06-19 | CVE-2023-32208 | Service workers could reveal script base URL due to dynamic `import()`. This vulnerability affects Firefox < 113. | Firefox | 5.3 | ||
| 2023-06-19 | CVE-2023-32209 | A maliciously crafted favicon could have led to an out of memory crash. This vulnerability affects Firefox < 113. | Firefox | 7.5 | ||
| 2023-06-19 | CVE-2023-32210 | Documents were incorrectly assuming an ordering of principal objects when ensuring we were loading an appropriately privileged principal. In certain circumstances it might have been possible to cause a document to be loaded with a higher privileged principal than intended. This vulnerability affects Firefox < 113. | Firefox | 6.5 | ||
| 2023-06-19 | CVE-2023-32214 | Protocol handlers `ms-cxh` and `ms-cxh-full` could have been leveraged to trigger a denial of service. *Note: This attack only affects Windows. Other operating systems are not affected.* This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11. | Firefox, Firefox_esr, Thunderbird | 7.5 | ||
| 2023-06-19 | CVE-2023-34414 | The error page for sites with invalid TLS certificates was missing the activation-delay Firefox uses to protect prompts and permission dialogs from attacks that exploit human response time delays. If a malicious page elicited user clicks in precise locations immediately before navigating to a site with a certificate error and made the renderer extremely busy at the same time, it could create a gap between when the error page was loaded and when the display actually refreshed. With the right... | Firefox, Firefox_esr, Thunderbird | 3.1 | ||
| 2023-07-05 | CVE-2023-37201 | An attacker could have triggered a use-after-free condition when creating a WebRTC connection over HTTPS. This vulnerability affects Firefox < 115, Firefox ESR < 102.13, and Thunderbird < 102.13. | Debian_linux, Firefox, Firefox_esr, Thunderbird | 8.8 | ||
| 2023-07-05 | CVE-2023-37202 | Cross-compartment wrappers wrapping a scripted proxy could have caused objects from other compartments to be stored in the main compartment resulting in a use-after-free. This vulnerability affects Firefox < 115, Firefox ESR < 102.13, and Thunderbird < 102.13. | Debian_linux, Firefox, Firefox_esr, Thunderbird | 8.8 |