Every CVE whose affected-product data names Mozilla Focus, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (16)
CVE-2023-29543 — CVSS 8.8 (high): An attacker could have caused memory corruption and a potentially exploitable use-after-free of a pointer in a global object's debugger…
CVE-2023-29541 — CVSS 8.8 (high): Firefox did not properly handle downloads of files ending in <code>.desktop</code>, which can be interpreted to run attacker-controlled…
CVE-2023-29536 — CVSS 8.8 (high): An attacker could cause the memory manager to incorrectly free a pointer that addresses attacker-controlled memory, resulting in an…
CVE-2023-29551 — CVSS 8.8 (high): Memory safety bugs present in Firefox 111. Some of these bugs showed evidence of memory corruption and we presume that with enough effort…
CVE-2023-29550 — CVSS 8.8 (high): Memory safety bugs present in Firefox 111 and Firefox ESR 102.9. Some of these bugs showed evidence of memory corruption and we presume…
CVE-2023-29539 — CVSS 8.8 (high): When handling the filename directive in the Content-Disposition header, the filename would be truncated if the filename contained a NULL…
CVE-2026-11799 — CVSS 7.5 (high): UXSS in Focus for iOS / Klar Webkit navigation. This vulnerability was fixed in Focus for iOS 151.3.1 and Klar for iOS 151.3.1.
CVE-2023-29537 — CVSS 7.5 (high): Multiple race conditions in the font initialization could have led to memory corruption and execution of attacker-controlled code. This…
CVE-2023-29535 — CVSS 6.5 (medium): Following a Garbage Collector compaction, weak maps may have been accessed before they were correctly traced. This resulted in memory…
CVE-2023-29544 — CVSS 6.5 (medium): If multiple instances of resource exhaustion occurred at the incorrect time, the garbage collector could have caused memory corruption and…
CVE-2023-29547 — CVSS 6.5 (medium): When a secure cookie existed in the Firefox cookie jar an insecure cookie for the same domain could have been created, when it should have…
CVE-2023-29548 — CVSS 6.5 (medium): A wrong lowering instruction in the ARM64 Ion compiler resulted in a wrong optimization result. This vulnerability affects Firefox < 112…
CVE-2023-29549 — CVSS 6.5 (medium): Under certain circumstances, a call to the <code>bind</code> function may have resulted in the incorrect realm. This may have created a…
CVE-2023-29540 — CVSS 6.1 (medium): Using a redirect embedded into <code>sourceMappingUrls</code> could allow for navigation to external protocol links in sandboxed iframes…
CVE-2023-29538 — CVSS 4.3 (medium): Under specific circumstances a WebExtension may have received a <code>jar:file:///</code> URI instead of a <code>moz-extension:///</code>…
CVE-2023-29533 — CVSS 4.3 (medium): A website could have obscured the fullscreen notification by using a combination of <code>window.open</code>, fullscreen requests…