VYPR

Firefox

by Mozilla Corporation

Source repositories

CVEs (3,179)

  • CVE-2024-3855MedApr 16, 2024
    risk 0.42cvss 6.5epss 0.00

    In certain cases the JIT incorrectly optimized MSubstr operations, which led to out-of-bounds reads. This vulnerability affects Firefox < 125.

  • CVE-2023-5388MedMar 19, 2024
    risk 0.42cvss 6.5epss 0.01

    NSS was susceptible to a timing side-channel attack when performing RSA decryption. This attack could potentially allow an attacker to recover the private data. This vulnerability affects Firefox < 124, Firefox ESR < 115.9, and Thunderbird < 115.9.

  • CVE-2024-1556MedFeb 20, 2024
    risk 0.42cvss 6.5epss 0.00

    The incorrect object was checked for NULL in the built-in profiler, potentially leading to invalid memory access and undefined behavior. *Note:* This issue only affects the application when the profiler is running. This vulnerability affects Firefox < 123.

  • CVE-2024-1547MedFeb 20, 2024
    risk 0.42cvss 6.5epss 0.01

    Through a series of API calls and redirects, an attacker-controlled alert dialog could have been displayed on another website (with the victim website's URL shown). This vulnerability affects Firefox < 123, Firefox ESR < 115.8, and Thunderbird < 115.8.

  • CVE-2024-0754MedJan 23, 2024
    risk 0.42cvss 6.5epss 0.00

    Some WASM source files could have caused a crash when loaded in devtools. This vulnerability affects Firefox < 122.

  • CVE-2024-0753MedJan 23, 2024
    risk 0.42cvss 6.5epss 0.01

    In specific HSTS configurations an attacker could have bypassed HSTS on a subdomain. This vulnerability affects Firefox < 122, Firefox ESR < 115.7, and Thunderbird < 115.7.

  • CVE-2024-0752MedJan 23, 2024
    risk 0.42cvss 6.5epss 0.00

    A use-after-free crash could have occurred on macOS if a Firefox update were being applied on a very busy system. This could have resulted in an exploitable crash. This vulnerability affects Firefox < 122.

  • CVE-2024-0747MedJan 23, 2024
    risk 0.42cvss 6.5epss 0.01

    When a parent page loaded a child in an iframe with `unsafe-inline`, the parent Content Security Policy could have overridden the child Content Security Policy. This vulnerability affects Firefox < 122, Firefox ESR < 115.7, and Thunderbird < 115.7.

  • CVE-2024-0746MedJan 23, 2024
    risk 0.42cvss 6.5epss 0.01

    A Linux user opening the print preview dialog could have caused the browser to crash. This vulnerability affects Firefox < 122, Firefox ESR < 115.7, and Thunderbird < 115.7.

  • CVE-2024-0741MedJan 23, 2024
    risk 0.42cvss 6.5epss 0.02

    An out of bounds write in ANGLE could have allowed an attacker to corrupt memory leading to a potentially exploitable crash. This vulnerability affects Firefox < 122, Firefox ESR < 115.7, and Thunderbird < 115.7.

  • CVE-2023-6872MedDec 19, 2023
    risk 0.42cvss 6.5epss 0.01

    Browser tab titles were being leaked by GNOME to system logs. This could potentially expose the browsing habits of users running in a private tab. This vulnerability affects Firefox < 121.

  • CVE-2023-6869MedDec 19, 2023
    risk 0.42cvss 6.5epss 0.01

    A `<dialog>` element could have been manipulated to paint content outside of a sandboxed iframe. This could allow untrusted content to display under the guise of trusted content. This vulnerability affects Firefox < 121.

  • CVE-2023-6865MedDec 19, 2023
    risk 0.42cvss 6.5epss 0.01

    `EncryptingOutputStream` was susceptible to exposing uninitialized data. This issue could only be abused in order to write data to a local disk which may have implications for private browsing mode. This vulnerability affects Firefox ESR < 115.6 and Firefox < 121.

  • CVE-2023-6860MedDec 19, 2023
    risk 0.42cvss 6.5epss 0.01

    The `VideoBridge` allowed any content process to use textures produced by remote decoders. This could be abused to escape the sandbox. This vulnerability affects Firefox ESR < 115.6, Thunderbird < 115.6, and Firefox < 121.

  • CVE-2023-6211MedNov 21, 2023
    risk 0.42cvss 6.5epss 0.00

    If an attacker needed a user to load an insecure http: page and knew that user had enabled HTTPS-only mode, the attacker could have tricked the user into clicking to grant an HTTPS-only exception if they could get the user to participate in a clicking game. This vulnerability…

  • CVE-2023-6210MedNov 21, 2023
    risk 0.42cvss 6.5epss 0.01

    When an https: web page created a pop-up from a "javascript:" URL, that pop-up was incorrectly allowed to load blockable content such as iframes from insecure http: URLs This vulnerability affects Firefox < 120.

  • CVE-2023-6209MedNov 21, 2023
    risk 0.42cvss 6.5epss 0.01

    Relative URLs starting with three slashes were incorrectly parsed, and a path-traversal "/../" part in the path could be used to override the specified host. This could contribute to security problems in web sites. This vulnerability affects Firefox < 120, Firefox ESR < 115.5.0,…

  • CVE-2023-6205MedNov 21, 2023
    risk 0.42cvss 6.5epss 0.01

    It was possible to cause the use of a MessagePort after it had already been freed, which could potentially have led to an exploitable crash. This vulnerability affects Firefox < 120, Firefox ESR < 115.5.0, and Thunderbird < 115.5.

  • CVE-2023-6204MedNov 21, 2023
    risk 0.42cvss 6.5epss 0.01

    On some systems—depending on the graphics settings and drivers—it was possible to force an out-of-bounds read and leak memory data into the images created on the canvas element. This vulnerability affects Firefox < 120, Firefox ESR < 115.5.0, and Thunderbird < 115.5.

  • CVE-2023-5732MedOct 25, 2023
    risk 0.42cvss 6.5epss 0.01

    An attacker could have created a malicious link using bidirectional characters to spoof the location in the address bar when visited. This vulnerability affects Firefox < 117, Firefox ESR < 115.4, and Thunderbird < 115.4.1.

Page 63 of 159