MozillaFirefox-branding-SLE (SUSE:Linux Enterprise Server 12 SP4-ESPOS) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the SUSE:Linux Enterprise Server 12 SP4-ESPOS package MozillaFirefox-branding-SLE, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (13)
CVE-2023-37202 — CVSS 8.8 (high): Cross-compartment wrappers wrapping a scripted proxy could have caused objects from other compartments to be stored in the main compartment…
CVE-2023-37211 — CVSS 8.8 (high): Memory safety bugs present in Firefox 114, Firefox ESR 102.12, and Thunderbird 102.12. Some of these bugs showed evidence of memory…
CVE-2023-37212 — CVSS 8.8 (high): Memory safety bugs present in Firefox 114. Some of these bugs showed evidence of memory corruption and we presume that with enough effort…
CVE-2023-37209 — CVSS 8.8 (high): A use-after-free condition existed in `NotifyOnHistoryReload` where a `LoadingSessionHistoryEntry` object was freed and a reference to that…
CVE-2023-37201 — CVSS 8.8 (high): An attacker could have triggered a use-after-free condition when creating a WebRTC connection over HTTPS. This vulnerability affects…
CVE-2023-37208 — CVSS 7.8 (high): When opening Diagcab files, Firefox did not warn the user that these files may contain malicious code. This vulnerability affects Firefox <…
CVE-2023-37203 — CVSS 7.8 (high): Insufficient validation in the Drag and Drop API in conjunction with social engineering, may have allowed an attacker to trick end-users…
CVE-2023-37206 — CVSS 6.5 (medium): Uploading files which contain symlinks may have allowed an attacker to trick a user into submitting sensitive data to a malicious website…
CVE-2023-37204 — CVSS 6.5 (medium): A website could have obscured the fullscreen notification by using an option element by introducing lag via an expensive computational…
CVE-2023-37205 — CVSS 6.5 (medium): The use of RTL Arabic characters in the address bar may have allowed for URL spoofing. This vulnerability affects Firefox < 115.
CVE-2023-3482 — CVSS 6.5 (medium): When Firefox is configured to block storage of all cookies, it was still possible to store data in localstorage by using an iframe with a…
CVE-2023-37207 — CVSS 6.5 (medium): A website could have obscured the fullscreen notification by using a URL with a scheme handled by an external program, such as a mailto…
CVE-2023-37210 — CVSS 6.5 (medium): A website could prevent a user from exiting full-screen mode via alert and prompt calls. This could lead to user confusion and possible…