MozillaFirefox (SUSE:Manager Server 4.0) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the SUSE:Manager Server 4.0 package MozillaFirefox, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (33)
CVE-2021-29967 — CVSS 8.8 (high): Mozilla developers reported memory safety bugs present in Firefox 88 and Firefox ESR 78.11. Some of these bugs showed evidence of memory…
CVE-2021-29970 — CVSS 8.8 (high): A malicious webpage could have triggered a use-after-free, memory corruption, and a potentially exploitable crash. *This bug could only be…
CVE-2021-29976 — CVSS 8.8 (high): Mozilla developers reported memory safety bugs present in code shared between Firefox and Thunderbird. Some of these bugs showed evidence…
CVE-2021-29980 — CVSS 8.8 (high): Uninitialized memory in a canvas object could have caused an incorrect free() leading to memory corruption and a potentially exploitable…
CVE-2021-29984 — CVSS 8.8 (high): Instruction reordering resulted in a sequence of instructions that would cause an object to be incorrectly considered during garbage…
CVE-2021-29985 — CVSS 8.8 (high): A use-after-free vulnerability in media channels could have led to memory corruption and a potentially exploitable crash. This…
CVE-2021-24002 — CVSS 8.8 (high): When a user clicked on an FTP URL containing encoded newline characters (%0A and %0D), the newlines would have been interpreted as such and…
CVE-2021-23964 — CVSS 8.8 (high): Mozilla developers reported memory safety bugs present in Firefox 84 and Firefox ESR 78.6. Some of these bugs showed evidence of memory…
CVE-2021-29946 — CVSS 8.8 (high): Ports that were written as an integer overflow above the bounds of a 16-bit integer could have bypassed port blocking restrictions when…
CVE-2021-29989 — CVSS 8.8 (high): Mozilla developers reported memory safety bugs present in Firefox 90 and Firefox ESR 78.12. Some of these bugs showed evidence of memory…
CVE-2021-29988 — CVSS 8.8 (high): Firefox incorrectly treated an inline list-item element as a block element, resulting in an out of bounds read or memory corruption, and a…
CVE-2021-30547 — CVSS 8.8 (high): Out of bounds write in ANGLE in Google Chrome prior to 91.0.4472.101 allowed a remote attacker to potentially perform out of bounds memory…
CVE-2021-23978 — CVSS 8.8 (high): Mozilla developers reported memory safety bugs present in Firefox 85 and Firefox ESR 78.7. Some of these bugs showed evidence of memory…
CVE-2021-23954 — CVSS 8.8 (high): Using the new logical assignment operators in a JavaScript switch statement could have caused a type confusion, leading to a memory…
CVE-2021-23960 — CVSS 8.8 (high): Performing garbage collection on re-declared JavaScript variables resulted in a user-after-poison, and a potentially exploitable crash…
CVE-2021-23987 — CVSS 8.8 (high): Mozilla developers and community members reported memory safety bugs present in Firefox 86 and Firefox ESR 78.8. Some of these bugs showed…
CVE-2021-23994 — CVSS 8.8 (high): A WebGL framebuffer was not initialized early enough, resulting in memory corruption and an out of bound write. This vulnerability affects…
CVE-2021-23995 — CVSS 8.8 (high): When Responsive Design Mode was enabled, it used references to objects that were previously freed. We presume that with enough effort this…
CVE-2021-23999 — CVSS 8.8 (high): If a Blob URL was loaded through some unusual user interaction, it could have been loaded by the System Principal and granted additional…
CVE-2021-29986 — CVSS 8.1 (high): A suspected race condition when calling getaddrinfo led to memory corruption and a potentially exploitable crash. *Note: This issue only…
CVE-2021-23981 — CVSS 8.1 (high): A texture upload of a Pixel Buffer Object could have confused the WebGL code to skip binding the buffer used to unpack it, resulting in…
CVE-2021-23961 — CVSS 7.4 (high): Further techniques that built on the slipstream research combined with a malicious webpage could have exposed both an internal network's…
CVE-2021-29964 — CVSS 7.1 (high): A locally-installed hostile program could send `WM_COPYDATA` messages that Firefox would process incorrectly, leading to an out-of-bounds…
CVE-2021-23998 — CVSS 6.5 (medium): Through complicated navigations with new windows, an HTTP page could have inherited a secure lock icon from an HTTPS page. This…
CVE-2021-23973 — CVSS 6.5 (medium): When trying to load a cross-origin resource in an audio/video context a decoding error may have resulted, and the content of that error may…
CVE-2021-23982 — CVSS 6.5 (medium): Using techniques that built on the slipstream research, a malicious webpage could have scanned both an internal network's hosts as well as…
CVE-2021-23984 — CVSS 6.5 (medium): A malicious extension could have opened a popup window lacking an address bar. The title of the popup lacking an address bar should not be…
CVE-2020-26976 — CVSS 6.5 (medium): When a HTTPS pages was embedded in a HTTP page, and there was a service worker registered for the former, the service worker could have…
CVE-2021-29945 — CVSS 6.5 (medium): The WebAssembly JIT could miscalculate the size of a return type, which could lead to a null read and result in a crash. *Note: This issue…
CVE-2021-29951 — CVSS 6.5 (medium): The Mozilla Maintenance Service granted SERVICE_START access to BUILTIN|Users which, in a domain network, grants normal remote users access…
CVE-2021-23969 — CVSS 4.3 (medium): As specified in the W3C Content Security Policy draft, when creating a violation report, "User agents need to ensure that the source file…
CVE-2021-23968 — CVSS 4.3 (medium): If Content Security Policy blocked frame navigation, the full destination of a redirect served in the frame was reported in the violation…
CVE-2021-23953 — CVSS 4.3 (medium): If a user clicked into a specifically crafted PDF, the PDF reader could be confused into leaking cross-origin information, when said…