VYPR

Firefox

by Mozilla Corporation

Source repositories

CVEs (3,179)

  • CVE-2023-32209HigJun 19, 2023
    risk 0.49cvss 7.5epss 0.01

    A maliciously crafted favicon could have led to an out of memory crash. This vulnerability affects Firefox < 113.

  • CVE-2023-29537HigJun 2, 2023
    risk 0.49cvss 7.5epss 0.01

    Multiple race conditions in the font initialization could have led to memory corruption and execution of attacker-controlled code. This vulnerability affects Firefox for Android < 112, Firefox < 112, and Focus for Android < 112.

  • CVE-2023-25743HigJun 2, 2023
    risk 0.49cvss 7.5epss 0.01

    A lack of in app notification for entering fullscreen mode could have lead to a malicious website spoofing browser chrome.*This bug only affects Firefox Focus. Other versions of Firefox are unaffected.*. This vulnerability affects Firefox < 110 and Firefox ESR < 102.8.

  • CVE-2022-45407HigDec 22, 2022
    risk 0.49cvss 7.5epss 0.01

    If an attacker loaded a font using FontFace() on a background worker, a use-after-free could have occurred, leading to a potentially exploitable crash. This vulnerability affects Firefox < 107.

  • CVE-2022-38476HigDec 22, 2022
    risk 0.49cvss 7.5epss 0.01

    A data race could occur in the PK11_ChangePW function, potentially leading to a use-after-free vulnerability. In Firefox, this lock protected the data when a user changed their master password. This vulnerability affects Firefox ESR < 102.2 and Thunderbird < 102.2.

  • CVE-2022-36319HigDec 22, 2022
    risk 0.49cvss 7.5epss 0.01

    When combining CSS properties for overflow and transform, the mouse cursor could interact with different coordinates than displayed. This vulnerability affects Firefox ESR < 102.1, Firefox ESR < 91.12, Firefox < 103, Thunderbird < 102.1, and Thunderbird < 91.12.

  • CVE-2022-34477HigDec 22, 2022
    risk 0.49cvss 7.5epss 0.01

    The MediaError message property should be consistent to avoid leaking information about cross-origin resources; however for a same-site cross-origin resource, the message could have leaked information enabling XS-Leaks attacks. This vulnerability affects Firefox < 102.

  • CVE-2022-26387HigDec 22, 2022
    risk 0.49cvss 7.5epss 0.01

    When installing an add-on, Firefox verified the signature before prompting the user; but while the user was confirming the prompt, the underlying add-on file could have been modified and Firefox would not have noticed. This vulnerability affects Firefox < 98, Firefox ESR < 91.7,…

  • CVE-2022-22741HigDec 22, 2022
    risk 0.49cvss 7.5epss 0.01

    When resizing a popup while requesting fullscreen access, the popup would have become unable to leave fullscreen mode. This vulnerability affects Firefox ESR < 91.5, Firefox < 96, and Thunderbird < 91.5.

  • CVE-2022-22737HigDec 22, 2022
    risk 0.49cvss 7.5epss 0.01

    Constructing audio sinks could have lead to a race condition when playing audio files and closing windows. This could have lead to a use-after-free causing a potentially exploitable crash. This vulnerability affects Firefox ESR < 91.5, Firefox < 96, and Thunderbird < 91.5.

  • CVE-2021-35053HigNov 3, 2021
    risk 0.49cvss 7.5epss 0.03

    Possible system denial of service in case of arbitrary changing Firefox browser parameters. An attacker could change specific Firefox browser parameters file in a certain way and then reboot the system to make the system unbootable.

  • CVE-2021-38498HigNov 3, 2021
    risk 0.49cvss 7.5epss 0.01

    During process shutdown, a document could have caused a use-after-free of a languages service object, leading to memory corruption and a potentially exploitable crash. This vulnerability affects Firefox < 93, Thunderbird < 91.2, and Firefox ESR < 91.2.

  • CVE-2021-29952HigJun 24, 2021
    risk 0.49cvss 7.5epss 0.01

    When Web Render components were destructed, a race condition could have caused undefined behavior, and we presume that with enough effort may have been exploitable to run arbitrary code. This vulnerability affects Firefox < 88.0.1 and Firefox for Android < 88.1.3.

  • CVE-2020-15681HigOct 22, 2020
    risk 0.49cvss 7.5epss 0.01

    When multiple WASM threads had a reference to a module, and were looking up exported functions, one WASM thread could have overwritten another's entry in a shared stub table, resulting in a potentially exploitable crash. This vulnerability affects Firefox < 82.

  • CVE-2020-12391HigMay 26, 2020
    risk 0.49cvss 7.5epss 0.01

    Documents formed using data: URLs in an OBJECT element failed to inherit the CSP of the creating context. This allowed the execution of scripts that should have been blocked, albeit with a unique opaque origin. This vulnerability affects Firefox < 76.

  • CVE-2020-6828HigApr 24, 2020
    risk 0.49cvss 7.5epss 0.01

    A malicious Android application could craft an Intent that would have been processed by Firefox for Android and potentially result in a file overwrite in the user's profile directory. One exploitation vector for this would be to supply a user.js file providing arbitrary…

  • CVE-2020-6821HigApr 24, 2020
    risk 0.49cvss 7.5epss 0.01

    When reading from areas partially or fully outside the source resource with WebGL's copyTexSubImage method, the specification requires the returned values be zero. Previously, this memory was uninitialized, leading to potentially sensitive data disclosure. This…

  • CVE-2020-6809HigMar 25, 2020
    risk 0.49cvss 7.5epss 0.01

    When a Web Extension had the all-urls permission and made a fetch request with a mode set to 'same-origin', it was possible for the Web Extension to read local files. This vulnerability affects Firefox < 74.

  • CVE-2019-17011HigJan 8, 2020
    risk 0.49cvss 7.5epss 0.02

    Under certain conditions, when retrieving a document from a DocShell in the antitracking code, a race condition could cause a use-after-free condition and a potentially exploitable crash. This vulnerability affects Thunderbird < 68.3, Firefox ESR < 68.3, and Firefox < 71.

  • CVE-2019-17010HigJan 8, 2020
    risk 0.49cvss 7.5epss 0.02

    Under certain conditions, when checking the Resist Fingerprinting preference during device orientation checks, a race condition could have caused a use-after-free and a potentially exploitable crash. This vulnerability affects Thunderbird < 68.3, Firefox ESR < 68.3, and Firefox…

Page 52 of 159