MozillaFirefox (SUSE:Linux Enterprise Module for Desktop Applications 15 SP4) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the SUSE:Linux Enterprise Module for Desktop Applications 15 SP4 package MozillaFirefox, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (200)
CVE-2022-46882 — CVSS 9.8 (critical): A use-after-free in WebGL extensions could have led to a potentially exploitable crash. This vulnerability affects Firefox < 107, Firefox…
CVE-2023-5730 — CVSS 9.8 (critical): Memory safety bugs present in Firefox 118, Firefox ESR 115.3, and Thunderbird 115.3. Some of these bugs showed evidence of memory…
CVE-2022-34485 — CVSS 9.8 (critical): Mozilla developers Bryce Seager van Dyk and the Mozilla Fuzzing Team reported potential vulnerabilities present in Firefox 101. Some of…
CVE-2023-5176 — CVSS 9.8 (critical): Memory safety bugs present in Firefox 117, Firefox ESR 115.2, and Thunderbird 115.2. Some of these bugs showed evidence of memory…
CVE-2023-29542 — CVSS 9.8 (critical): A newline in a filename could have been used to bypass the file extension security mechanisms that replace malicious file extensions such…
CVE-2022-34470 — CVSS 9.8 (critical): Session history navigations may have led to a use-after-free and potentially exploitable crash. This vulnerability affects Firefox < 102…
CVE-2022-34476 — CVSS 9.8 (critical): ASN.1 parsing of an indefinite SEQUENCE inside an indefinite GROUP could have resulted in the parser accepting malformed ASN.1. This…
CVE-2022-31736 — CVSS 9.8 (critical): A malicious website could have learned the size of a cross-origin resource that supported Range requests. This vulnerability affects…
CVE-2023-34416 — CVSS 9.8 (critical): Memory safety bugs present in Firefox 113, Firefox ESR 102.11, and Thunderbird 102.12. Some of these bugs showed evidence of memory…
CVE-2023-5174 — CVSS 9.8 (critical): If Windows failed to duplicate a handle during process creation, the sandbox code may have inadvertently freed a pointer twice, resulting…
CVE-2023-5168 — CVSS 9.8 (critical): A compromised content process could have provided malicious data to `FilterNodeD2D1` resulting in an out-of-bounds write, leading to a…
CVE-2023-5731 — CVSS 9.8 (critical): Memory safety bugs present in Firefox 118. Some of these bugs showed evidence of memory corruption and we presume that with enough effort…
CVE-2022-29917 — CVSS 9.8 (critical): Mozilla developers Andrew McCreight, Gabriele Svelto, Tom Ritter and the Mozilla Fuzzing Team reported memory safety bugs present in…
CVE-2022-31747 — CVSS 9.8 (critical): Mozilla developers Andrew McCreight, Nicolas B. Pierron, and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 100…
CVE-2023-4057 — CVSS 9.8 (critical): Memory safety bugs present in Firefox 115, Firefox ESR 115.0, and Thunderbird 115.0. Some of these bugs showed evidence of memory…
CVE-2022-45406 — CVSS 9.8 (critical): If an out-of-memory condition occurred when creating a JavaScript global, a JavaScript realm may be deleted while references to it lived on…
CVE-2023-4056 — CVSS 9.8 (critical): Memory safety bugs present in Firefox 115, Firefox ESR 115.0, Firefox ESR 102.13, Thunderbird 115.0, and Thunderbird 102.13. Some of these…
CVE-2022-31737 — CVSS 9.8 (critical): A malicious webpage could have caused an out-of-bounds write in WebGL, leading to memory corruption and a potentially exploitable crash…
CVE-2023-29531 — CVSS 9.8 (critical): An attacker could have caused an out of bounds memory access using WebGL APIs, leading to memory corruption and a potentially exploitable…
CVE-2022-38477 — CVSS 8.8 (high): Mozilla developer Nika Layzell and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 103 and Firefox ESR 102.1. Some…
CVE-2022-38478 — CVSS 8.8 (high): Members the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 103, Firefox ESR 102.1, and Firefox ESR 91.12. Some of…
CVE-2023-6208 — CVSS 8.8 (high): When using X11, text selected by the page using the Selection API was erroneously copied into the primary selection, a temporary storage…
CVE-2023-37209 — CVSS 8.8 (high): A use-after-free condition existed in `NotifyOnHistoryReload` where a `LoadingSessionHistoryEntry` object was freed and a reference to that…
CVE-2023-37211 — CVSS 8.8 (high): Memory safety bugs present in Firefox 114, Firefox ESR 102.12, and Thunderbird 102.12. Some of these bugs showed evidence of memory…
CVE-2023-37212 — CVSS 8.8 (high): Memory safety bugs present in Firefox 114. Some of these bugs showed evidence of memory corruption and we presume that with enough effort…
CVE-2023-4582 — CVSS 8.8 (high): Due to large allocation checks in Angle for glsl shaders being too lenient a buffer overflow could have occurred when allocating too much…
CVE-2023-4047 — CVSS 8.8 (high): A bug in popup notifications delay calculation could have made it possible for an attacker to trick a user into granting permissions. This…
CVE-2022-2505 — CVSS 8.8 (high): Mozilla developers and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 102. Some of these bugs showed evidence of…
CVE-2022-34483 — CVSS 8.8 (high): An attacker who could have convinced a user to drag and drop an image to a filesystem could have manipulated the resulting filename to…
CVE-2023-28176 — CVSS 8.8 (high): Memory safety bugs present in Firefox 110 and Firefox ESR 102.8. Some of these bugs showed evidence of memory corruption and we presume…
CVE-2023-28177 — CVSS 8.8 (high): Memory safety bugs present in Firefox 110. Some of these bugs showed evidence of memory corruption and we presume that with enough effort…
CVE-2023-29536 — CVSS 8.8 (high): An attacker could cause the memory manager to incorrectly free a pointer that addresses attacker-controlled memory, resulting in an…
CVE-2023-29539 — CVSS 8.8 (high): When handling the filename directive in the Content-Disposition header, the filename would be truncated if the filename contained a NULL…
CVE-2023-29541 — CVSS 8.8 (high): Firefox did not properly handle downloads of files ending in <code>.desktop</code>, which can be interpreted to run attacker-controlled…
CVE-2023-6856 — CVSS 8.8 (high): The WebGL `DrawElementsInstanced` method was susceptible to a heap buffer overflow when used on systems with the Mesa VM driver. This issue…
CVE-2023-6212 — CVSS 8.8 (high): Memory safety bugs present in Firefox 119, Firefox ESR 115.4, and Thunderbird 115.4. Some of these bugs showed evidence of memory…
CVE-2023-29550 — CVSS 8.8 (high): Memory safety bugs present in Firefox 111 and Firefox ESR 102.9. Some of these bugs showed evidence of memory corruption and we presume…
CVE-2023-4585 — CVSS 8.8 (high): Memory safety bugs present in Firefox 116, Firefox ESR 115.1, and Thunderbird 115.1. Some of these bugs showed evidence of memory…
CVE-2023-32207 — CVSS 8.8 (high): A missing delay in popup notifications could have made it possible for an attacker to trick a user into granting permissions. This…
CVE-2023-4584 — CVSS 8.8 (high): Memory safety bugs present in Firefox 116, Firefox ESR 102.14, Firefox ESR 115.1, Thunderbird 102.14, and Thunderbird 115.1. Some of these…
CVE-2023-32213 — CVSS 8.8 (high): When reading a file, an uninitialized value could have been used as read limit. This vulnerability affects Firefox < 113, Firefox ESR <…
CVE-2023-32215 — CVSS 8.8 (high): Mozilla developers and community members Gabriele Svelto, Andrew Osmond, Emily McDonough, Sebastian Hengst, Andrew McCreight and the…
CVE-2022-38473 — CVSS 8.8 (high): A cross-origin iframe referencing an XSLT document would inherit the parent domain's permissions (such as microphone or camera access)…
CVE-2023-3600 — CVSS 8.8 (high): During the worker lifecycle, a use-after-free condition could have occurred, which could have led to a potentially exploitable crash. This…
CVE-2023-37201 — CVSS 8.8 (high): An attacker could have triggered a use-after-free condition when creating a WebRTC connection over HTTPS. This vulnerability affects…
CVE-2023-37202 — CVSS 8.8 (high): Cross-compartment wrappers wrapping a scripted proxy could have caused objects from other compartments to be stored in the main compartment…
CVE-2023-6858 — CVSS 8.8 (high): Firefox was susceptible to a heap buffer overflow in `nsTextFragment` due to insufficient OOM handling. This vulnerability affects Firefox…
CVE-2023-23605 — CVSS 8.8 (high): Mozilla developers and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 108 and Firefox ESR 102.6. Some of these…
CVE-2022-1802 — CVSS 8.8 (high): If an attacker was able to corrupt the methods of an Array object in JavaScript via prototype pollution, they could have achieved execution…
CVE-2023-25729 — CVSS 8.8 (high): Permission prompts for opening external schemes were only shown for <code>ContentPrincipals</code> resulting in extensions being able to…
CVE-2023-25732 — CVSS 8.8 (high): When encoding data from an <code>inputStream</code> in <code>xpcom</code> the size of the input being encoded was not correctly calculated…
CVE-2023-25735 — CVSS 8.8 (high): Cross-compartment wrappers wrapping a scripted proxy could have caused objects from other compartments to be stored in the main compartment…
CVE-2023-25737 — CVSS 8.8 (high): An invalid downcast from <code>nsTextNode</code> to <code>SVGElement</code> could have lead to undefined behavior. This vulnerability…
CVE-2022-2200 — CVSS 8.8 (high): If an object prototype was corrupted by an attacker, they would have been able to set undesired attributes on a JavaScript object, leading…
CVE-2023-25739 — CVSS 8.8 (high): Module load requests that failed were not being checked as to whether or not they were cancelled causing a use-after-free in…
CVE-2022-34480 — CVSS 8.8 (high): Within the <code>lg_init()</code> function, if several allocations succeed but then one fails, an uninitialized pointer would have been…
CVE-2023-25744 — CVSS 8.8 (high): Mmemory safety bugs present in Firefox 109 and Firefox ESR 102.7. Some of these bugs showed evidence of memory corruption and we presume…
CVE-2023-25746 — CVSS 8.8 (high): Memory safety bugs present in Firefox ESR 102.7. Some of these bugs showed evidence of memory corruption and we presume that with enough…
CVE-2022-34481 — CVSS 8.8 (high): In the <code>nsTArray_Impl::ReplaceElementsAt()</code> function, an integer overflow could have occurred when the number of elements to…
CVE-2022-34482 — CVSS 8.8 (high): An attacker who could have convinced a user to drag and drop an image to a filesystem could have manipulated the resulting filename to…
CVE-2022-1529 — CVSS 8.8 (high): An attacker could have sent a message to the parent process where the contents were used to double-index into a JavaScript object, leading…
CVE-2023-28161 — CVSS 8.8 (high): If temporary "one-time" permissions, such as the ability to use the Camera, were granted to a document loaded using a file: URL, that…
CVE-2023-28162 — CVSS 8.8 (high): While implementing AudioWorklets, some code may have casted one type to another, invalid, dynamic type. This could have led to a…
CVE-2022-34484 — CVSS 8.8 (high): The Mozilla Fuzzing Team reported potential vulnerabilities present in Thunderbird 91.10. Some of these bugs showed evidence of memory…
CVE-2022-31739 — CVSS 8.8 (high): When downloading files on Windows, the % character was not escaped, which could have lead to a download incorrectly being saved to…
CVE-2022-40962 — CVSS 8.8 (high): Mozilla developers Nika Layzell, Timothy Nikkel, Sebastian Hengst, Andreas Pehrson, and the Mozilla Fuzzing Team reported memory safety…
CVE-2022-42928 — CVSS 8.8 (high): Certain types of allocations were missing annotations that, if the Garbage Collector was in a specific state, could have lead to memory…
CVE-2022-31740 — CVSS 8.8 (high): On arm64, WASM code could have resulted in incorrect assembly generation leading to a register allocation problem, and a potentially…
CVE-2022-42932 — CVSS 8.8 (high): Mozilla developers Ashley Hale and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 105 and Firefox ESR 102.3. Some…
CVE-2022-31741 — CVSS 8.8 (high): A crafted CMS message could have been processed incorrectly, leading to an invalid memory read, and potentially further memory corruption…
CVE-2022-29909 — CVSS 8.8 (high): Documents in deeply-nested cross-origin browsing contexts could have obtained permissions granted to the top-level origin, bypassing the…
CVE-2023-6864 — CVSS 8.8 (high): Memory safety bugs present in Firefox 120, Firefox ESR 115.5, and Thunderbird 115.5. Some of these bugs showed evidence of memory…
CVE-2022-45409 — CVSS 8.8 (high): The garbage collector could have been aborted in several states and zones and <code>GCRuntime::finishCollection</code> may not have been…
CVE-2022-34468 — CVSS 8.8 (high): An iframe that was not permitted to run scripts could do so if the user clicked on a <code>javascript:</code> link. This vulnerability…
CVE-2023-6207 — CVSS 8.8 (high): Ownership mismanagement led to a use-after-free in ReadableByteStreams This vulnerability affects Firefox < 120, Firefox ESR < 115.5.0, and…
CVE-2022-45412 — CVSS 8.8 (high): When resolving a symlink such as <code>file:///proc/self/fd/1</code>, an error message may be produced where the symlink was resolved to a…
CVE-2022-45421 — CVSS 8.8 (high): Mozilla developers Andrew McCreight and Gabriele Svelto reported memory safety bugs present in Thunderbird 102.4. Some of these bugs showed…
CVE-2022-46871 — CVSS 8.8 (high): An out of date library (libusrsctp) contained vulnerabilities that could potentially be exploited. This vulnerability affects Firefox < 108.
CVE-2022-46874 — CVSS 8.8 (high): A file with a long filename could have had its filename truncated to remove the valid extension, leaving a malicious extension in its…
CVE-2023-6863 — CVSS 8.8 (high): The `ShutdownObserver()` was susceptible to potentially undefined behavior due to its reliance on a dynamic type that lacked a virtual…
CVE-2022-46878 — CVSS 8.8 (high): Mozilla developers Randell Jesup, Valentin Gosu, Olli Pettay, and the Mozilla Fuzzing Team reported memory safety bugs present in…
CVE-2023-6862 — CVSS 8.8 (high): A use-after-free was identified in the `nsDNSService::Init`. This issue appears to manifest rarely during start-up. This vulnerability…
CVE-2022-46881 — CVSS 8.8 (high): An optimization in WebGL was incorrect in some cases, and could have led to memory corruption and a potentially exploitable crash. *Note*…
CVE-2023-0767 — CVSS 8.8 (high): An attacker could construct a PKCS 12 cert bundle in such a way that could allow for arbitrary memory writes via PKCS 12 Safe Bag…
CVE-2023-6861 — CVSS 8.8 (high): The `nsWindow::PickerOpen(void)` method was susceptible to a heap buffer overflow when running in headless mode. This vulnerability affects…
CVE-2023-6859 — CVSS 8.8 (high): A use-after-free condition affected TLS socket creation when under memory pressure. This vulnerability affects Firefox ESR < 115.6…
CVE-2023-4576 — CVSS 8.6 (high): On Windows, an integer overflow could occur in `RecordedSourceSurfaceCreation` which resulted in a heap buffer overflow potentially leaking…
CVE-2022-46872 — CVSS 8.6 (high): An attacker who compromised a content process could have partially escaped the sandbox to read arbitrary files via clipboard-related IPC…
CVE-2022-34469 — CVSS 8.1 (high): When a TLS Certificate error occurs on a domain protected by the HSTS header, the browser should not allow the user to bypass the…
CVE-2022-42927 — CVSS 8.1 (high): A same-origin policy violation could have allowed the theft of cross-origin URL entries, leaking the result of a redirect, via…
CVE-2023-25734 — CVSS 8.1 (high): After downloading a Windows <code>.url</code> shortcut from the local filesystem, an attacker could supply a remote path that would lead to…
CVE-2023-37203 — CVSS 7.8 (high): Insufficient validation in the Drag and Drop API in conjunction with social engineering, may have allowed an attacker to trick end-users…
CVE-2023-37208 — CVSS 7.8 (high): When opening Diagcab files, Firefox did not warn the user that these files may contain malicious code. This vulnerability affects Firefox <…
CVE-2023-4050 — CVSS 7.5 (high): In some cases, an untrusted input stream was copied to a stack buffer without checking its size. This resulted in a potentially exploitable…
CVE-2023-4048 — CVSS 7.5 (high): An out-of-bounds read could have led to an exploitable crash when parsing HTML with DOMParser in low memory situations. This vulnerability…
CVE-2023-5724 — CVSS 7.5 (high): Drivers are not always robust to extremely large draw calls and in some cases this scenario could have led to a crash. This vulnerability…
CVE-2023-25743 — CVSS 7.5 (high): A lack of in app notification for entering fullscreen mode could have lead to a malicious website spoofing browser chrome.<br>*This bug…
CVE-2022-36319 — CVSS 7.5 (high): When combining CSS properties for overflow and transform, the mouse cursor could interact with different coordinates than displayed. This…
CVE-2022-38476 — CVSS 7.5 (high): A data race could occur in the <code>PK11_ChangePW</code> function, potentially leading to a use-after-free vulnerability. In Firefox, this…
CVE-2023-4055 — CVSS 7.5 (high): When the number of cookies per domain was exceeded in `document.cookie`, the actual cookie jar sent to the host was no longer consistent…
CVE-2023-5728 — CVSS 7.5 (high): During garbage collection extra operations were performed on a object that should not be. This could have led to a potentially exploitable…
CVE-2023-32214 — CVSS 7.5 (high): Protocol handlers `ms-cxh` and `ms-cxh-full` could have been leveraged to trigger a denial of service. *Note: This attack only affects…
CVE-2023-4583 — CVSS 7.5 (high): When checking if the Browsing Context had been discarded in `HttpBaseChannel`, if the load group was not available then it was assumed to…
CVE-2023-4051 — CVSS 7.5 (high): A website could have obscured the full screen notification by using the file open dialog. This could have led to user confusion and…
CVE-2022-34477 — CVSS 7.5 (high): The MediaError message property should be consistent to avoid leaking information about cross-origin resources; however for a same-site…
CVE-2023-28160 — CVSS 6.5 (medium): When following a redirect to a publicly accessible web extension file, the URL may have been translated to the actual local path, leaking…
CVE-2022-29914 — CVSS 6.5 (medium): When reusing existing popups Firefox would have allowed them to cover the fullscreen notification UI, which could have enabled browser…
CVE-2022-29916 — CVSS 6.5 (medium): Firefox behaved slightly differently for already known resources when loading CSS resources involving CSS variables. This could have been…
CVE-2022-31738 — CVSS 6.5 (medium): When exiting fullscreen mode, an iframe could have confused the browser about the current state of fullscreen, resulting in potential user…
CVE-2022-31742 — CVSS 6.5 (medium): An attacker could have exploited a timing attack by sending a large number of allowCredential entries and detecting the difference between…
CVE-2022-31744 — CVSS 6.5 (medium): An attacker could have injected CSS into stylesheets accessible via internal URIs, such as resource:, and in doing so bypass a page's…
CVE-2022-34471 — CVSS 6.5 (medium): When downloading an update for an addon, the downloaded addon update's version was not verified to match the version selected from the…
CVE-2022-34478 — CVSS 6.5 (medium): The <code>ms-msdt</code>, <code>search</code>, and <code>search-ms</code> protocols deliver content to Microsoft applications, bypassing…
CVE-2022-34479 — CVSS 6.5 (medium): A malicious website that could create a popup could have resized the popup to overlay the address bar with its own content, resulting in…
CVE-2022-38472 — CVSS 6.5 (medium): An attacker could have abused XSLT error handling to associate attacker-controlled content with another origin which was displayed in the…
CVE-2022-40957 — CVSS 6.5 (medium): Inconsistent data in instruction and data cache when creating wasm code could lead to a potentially exploitable crash.<br>*This bug only…
CVE-2022-40958 — CVSS 6.5 (medium): By injecting a cookie with certain special characters, an attacker on a shared subdomain which is not a secure context could set and thus…
CVE-2022-40959 — CVSS 6.5 (medium): During iframe navigation, certain pages did not have their FeaturePolicy fully initialized leading to a bypass that leaked device…
CVE-2022-40960 — CVSS 6.5 (medium): Concurrent use of the URL parser with non-UTF-8 data was not thread-safe. This could lead to a use-after-free causing a potentially…
CVE-2022-42929 — CVSS 6.5 (medium): If a website called `window.print()` in a particular way, it could cause a denial of service of the browser, which may persist beyond…
CVE-2022-45403 — CVSS 6.5 (medium): Service Workers should not be able to infer information about opaque cross-origin responses; but timing information for cross-origin media…
CVE-2022-45404 — CVSS 6.5 (medium): Through a series of popup and <code>window.print()</code> calls, an attacker can cause a window to go fullscreen without the user seeing…
CVE-2022-45405 — CVSS 6.5 (medium): Freeing arbitrary <code>nsIInputStream</code>'s on a different thread than creation could have led to a use-after-free and potentially…
CVE-2022-45408 — CVSS 6.5 (medium): Through a series of popups that reuse windowName, an attacker can cause a window to go fullscreen without the user seeing the notification…
CVE-2022-45410 — CVSS 6.5 (medium): When a ServiceWorker intercepted a request with <code>FetchEvent</code>, the origin of the request was lost after the ServiceWorker took…
CVE-2022-45416 — CVSS 6.5 (medium): Keyboard events reference strings like "KeyA" that were at fixed, known, and widely-spread addresses. Cache-based timing attacks such as…
CVE-2022-45420 — CVSS 6.5 (medium): Use tables inside of an iframe, an attacker could have caused iframe contents to be rendered outside the boundaries of the iframe…
CVE-2022-46875 — CVSS 6.5 (medium): The executable file warning was not presented when downloading .atloc and .ftploc files, which can run commands on a user's computer…
CVE-2022-46880 — CVSS 6.5 (medium): A missing check related to tex units could have led to a use-after-free and potentially exploitable crash.<br />*Note*: This advisory was…
CVE-2023-1945 — CVSS 6.5 (medium): Unexpected data returned from the Safe Browsing API could have led to memory corruption and a potentially exploitable crash. This…
CVE-2023-23598 — CVSS 6.5 (medium): Due to the Firefox GTK wrapper code's use of text/plain for drag data and GTK treating all text/plain MIMEs containing file URLs as being…
CVE-2023-23601 — CVSS 6.5 (medium): Navigations were being allowed when dragging a URL from a cross-origin iframe into the same tab which could lead to website spoofing…
CVE-2023-23602 — CVSS 6.5 (medium): A mishandled security check when creating a WebSocket in a WebWorker caused the Content Security Policy connect-src header to be ignored…
CVE-2023-23603 — CVSS 6.5 (medium): Regular expressions used to filter out forbidden properties and values from style directives in calls to `console.log` weren't accounting…
CVE-2023-25728 — CVSS 6.5 (medium): The <code>Content-Security-Policy-Report-Only</code> header could allow an attacker to leak a child iframe's unredacted URI when…
CVE-2023-25738 — CVSS 6.5 (medium): Members of the <code>DEVMODEW</code> struct set by the printer device driver weren't being validated and could have resulted in invalid…
CVE-2023-25742 — CVSS 6.5 (medium): When importing a SPKI RSA public key as ECDSA P-256, the key would be handled incorrectly causing the tab to crash. This vulnerability…
CVE-2023-25751 — CVSS 6.5 (medium): Sometimes, when invalidating JIT code while following an iterator, the newly generated code could be overwritten incorrectly. This could…
CVE-2023-25752 — CVSS 6.5 (medium): When accessing throttled streams, the count of available bytes needed to be checked in the calling function to be within bounds. This may…
CVE-2023-28163 — CVSS 6.5 (medium): When downloading files through the Save As dialog on Windows with suggested filenames containing environment variable names, Windows would…
CVE-2023-28164 — CVSS 6.5 (medium): Dragging a URL from a cross-origin iframe that was removed during the drag could have led to user confusion and website spoofing attacks…
CVE-2023-29535 — CVSS 6.5 (medium): Following a Garbage Collector compaction, weak maps may have been accessed before they were correctly traced. This resulted in memory…
CVE-2023-29545 — CVSS 6.5 (medium): Similar to CVE-2023-28163, this time when choosing 'Save Link As', suggested filenames containing environment variable names would have…
CVE-2023-29548 — CVSS 6.5 (medium): A wrong lowering instruction in the ARM64 Ion compiler resulted in a wrong optimization result. This vulnerability affects Firefox < 112…
CVE-2023-32206 — CVSS 6.5 (medium): An out-of-bound read could have led to a crash in the RLBox Expat driver. This vulnerability affects Firefox < 113, Firefox ESR < 102.11…
CVE-2023-32211 — CVSS 6.5 (medium): A type checking bug would have led to invalid code being compiled. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and…
CVE-2023-3482 — CVSS 6.5 (medium): When Firefox is configured to block storage of all cookies, it was still possible to store data in localstorage by using an iframe with a…
CVE-2023-37204 — CVSS 6.5 (medium): A website could have obscured the fullscreen notification by using an option element by introducing lag via an expensive computational…
CVE-2023-37205 — CVSS 6.5 (medium): The use of RTL Arabic characters in the address bar may have allowed for URL spoofing. This vulnerability affects Firefox < 115.
CVE-2023-37206 — CVSS 6.5 (medium): Uploading files which contain symlinks may have allowed an attacker to trick a user into submitting sensitive data to a malicious website…
CVE-2023-37207 — CVSS 6.5 (medium): A website could have obscured the fullscreen notification by using a URL with a scheme handled by an external program, such as a mailto…
CVE-2023-37210 — CVSS 6.5 (medium): A website could prevent a user from exiting full-screen mode via alert and prompt calls. This could lead to user confusion and possible…
CVE-2023-4052 — CVSS 6.5 (medium): The Firefox updater created a directory writable by non-privileged users. When uninstalling Firefox, any files in that directory would be…
CVE-2023-4053 — CVSS 6.5 (medium): A website could have obscured the full screen notification by using a URL with a scheme handled by an external program, such as a mailto…
CVE-2023-4574 — CVSS 6.5 (medium): When creating a callback over IPC for showing the Color Picker window, multiple of the same callbacks could have been created at a time and…
CVE-2023-4575 — CVSS 6.5 (medium): When creating a callback over IPC for showing the File Picker window, multiple of the same callbacks could have been created at a time and…
CVE-2023-4577 — CVSS 6.5 (medium): When `UpdateRegExpStatics` attempted to access `initialStringHeap` it could already have been garbage collected prior to entering the…
CVE-2023-4578 — CVSS 6.5 (medium): When calling `JS::CheckRegExpSyntax` a Syntax Error could have been set which would end in calling `convertToRuntimeErrorAndClear`. A path…
CVE-2023-4580 — CVSS 6.5 (medium): Push notifications stored on disk in private browsing mode were not being encrypted potentially allowing the leak of sensitive information…
CVE-2023-5169 — CVSS 6.5 (medium): A compromised content process could have provided malicious data in a `PathRecording` resulting in an out-of-bounds write, leading to a…
CVE-2023-5171 — CVSS 6.5 (medium): During Ion compilation, a Garbage Collection could have resulted in a use-after-free condition, allowing an attacker to write two NUL…
CVE-2023-5727 — CVSS 6.5 (medium): The executable file warning was not presented when downloading .msix, .msixbundle, .appx, and .appxbundle files, which can run commands on…
CVE-2023-5732 — CVSS 6.5 (medium): An attacker could have created a malicious link using bidirectional characters to spoof the location in the address bar when visited. This…
CVE-2023-6204 — CVSS 6.5 (medium): On some systems—depending on the graphics settings and drivers—it was possible to force an out-of-bounds read and leak memory data into…
CVE-2023-6205 — CVSS 6.5 (medium): It was possible to cause the use of a MessagePort after it had already been freed, which could potentially have led to an exploitable…
CVE-2023-6209 — CVSS 6.5 (medium): Relative URLs starting with three slashes were incorrectly parsed, and a path-traversal "/../" part in the path could be used to override…
CVE-2023-6860 — CVSS 6.5 (medium): The `VideoBridge` allowed any content process to use textures produced by remote decoders. This could be abused to escape the sandbox. This…
CVE-2023-6865 — CVSS 6.5 (medium): `EncryptingOutputStream` was susceptible to exposing uninitialized data. This issue could only be abused in order to write data to a local…
CVE-2023-6867 — CVSS 6.1 (medium): The timing of a button click causing a popup to disappear was approximately the same length as the anti-clickjacking delay on permission…
CVE-2022-34475 — CVSS 6.1 (medium): SVG <code><use></code> tags that referenced a same-origin document could have resulted in script execution if attacker input was…
CVE-2022-29912 — CVSS 6.1 (medium): Requests initiated through reader mode did not properly omit cookies with a SameSite attribute. This vulnerability affects Thunderbird <…
CVE-2022-34474 — CVSS 6.1 (medium): Even when an iframe was sandboxed with <code>allow-top-navigation-by-user-activation</code>, if it received a redirect header to an…
CVE-2022-34473 — CVSS 6.1 (medium): The HTML Sanitizer should have sanitized the <code>href</code> attribute of SVG <code><use></code> tags; however it incorrectly did…
CVE-2022-45418 — CVSS 6.1 (medium): If a custom mouse cursor is specified in CSS, under certain circumstances the cursor could have been drawn over the browser UI, resulting…
CVE-2022-40956 — CVSS 6.1 (medium): When injecting an HTML base element, some requests would ignore the CSP's base-uri settings and accept the injected element's base instead…
CVE-2022-29911 — CVSS 6.1 (medium): An improper implementation of the new iframe sandbox keyword <code>allow-top-navigation-by-user-activation</code> could lead to script…
CVE-2022-45411 — CVSS 6.1 (medium): Cross-Site Tracing occurs when a server will echo a request back via the Trace method, allowing an XSS attack to access to authorization…
CVE-2023-4049 — CVSS 5.9 (medium): Race conditions in reference counting code were found through code inspection. These could have resulted in potentially exploitable…
CVE-2023-29532 — CVSS 5.5 (medium): A local attacker can trick the Mozilla Maintenance Service into applying an unsigned update file by pointing the service at an update file…
CVE-2022-36314 — CVSS 5.5 (medium): When opening a Windows shortcut from the local filesystem, an attacker could supply a remote path that would lead to unexpected network…
CVE-2023-4054 — CVSS 5.5 (medium): When opening appref-ms files, Firefox did not warn the user that these files may contain malicious code. *This bug only affects Firefox on…
CVE-2023-6206 — CVSS 5.4 (medium): The black fade animation when exiting fullscreen is roughly the length of the anti-clickjacking delay on permission prompts. It was…
CVE-2023-25730 — CVSS 5.4 (medium): A background script invoking <code>requestFullscreen</code> and then blocking the main thread could force the browser into fullscreen mode…
CVE-2023-5723 — CVSS 5.3 (medium): An attacker with temporary script access to a site could have set a cookie containing invalid characters using `document.cookie` that could…
CVE-2023-4045 — CVSS 5.3 (medium): Offscreen Canvas did not properly track cross-origin tainting, which could have been used to access image data from another site in…
CVE-2023-5722 — CVSS 5.3 (medium): Using iterative requests an attacker was able to learn the size of an opaque response, as well as the contents of a server-supplied Vary…
CVE-2023-6857 — CVSS 5.3 (medium): When resolving a symlink, a race may occur where the buffer passed to `readlink` may actually be smaller than necessary. *This bug only…
CVE-2022-36318 — CVSS 5.3 (medium): When visiting directory listings for `chrome://` URLs as source text, some parameters were reflected. This vulnerability affects Firefox…
CVE-2023-4046 — CVSS 5.3 (medium): In some circumstances, a stale value could have been used for a global variable in WASM JIT analysis. This resulted in incorrect…
CVE-2023-29533 — CVSS 4.3 (medium): A website could have obscured the fullscreen notification by using a combination of <code>window.open</code>, fullscreen requests…
CVE-2023-28159 — CVSS 4.3 (medium): The fullscreen notification could have been hidden on Firefox for Android by using download popups, resulting in potential user confusion…
CVE-2023-25750 — CVSS 4.3 (medium): Under certain circumstances, a ServiceWorker's offline cache may have leaked to the file system when using private browsing mode. This…
CVE-2023-25749 — CVSS 4.3 (medium): Android applications with unpatched vulnerabilities can be launched from a browser using Intents, exposing users to these vulnerabilities…
CVE-2023-5721 — CVSS 4.3 (medium): It was possible for certain browser prompts and dialogs to be activated or dismissed unintentionally by the user due to an insufficient…
CVE-2023-25748 — CVSS 4.3 (medium): By displaying a prompt with a long description, the fullscreen notification could have been hidden, resulting in potential user confusion…
CVE-2023-5725 — CVSS 4.3 (medium): A malicious installed WebExtension could open arbitrary URLs, which under the right circumstance could be leveraged to collect sensitive…
CVE-2023-5726 — CVSS 4.3 (medium): A website could have obscured the full screen notification by using the file open dialog. This could have led to user confusion and…
CVE-2023-5729 — CVSS 4.3 (medium): A malicious web site can enter fullscreen mode while simultaneously triggering a WebAuthn prompt. This could have obscured the fullscreen…