Mozilla

Firefox

2920 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.5

CVE-2023-32206

  • EPSS 0.15%
  • Veröffentlicht 02.06.2023 17:15:13
  • Zuletzt bearbeitet 21.11.2024 08:02:54

An out-of-bound read could have led to a crash in the RLBox Expat driver. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11.

8.8

CVE-2023-32207

  • EPSS 0.19%
  • Veröffentlicht 02.06.2023 17:15:13
  • Zuletzt bearbeitet 31.01.2025 16:15:29

A missing delay in popup notifications could have made it possible for an attacker to trick a user into granting permissions. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11.

6.5

CVE-2023-32211

  • EPSS 0.15%
  • Veröffentlicht 02.06.2023 17:15:13
  • Zuletzt bearbeitet 21.11.2024 08:02:54

A type checking bug would have led to invalid code being compiled. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11.

4.3

CVE-2023-32212

  • EPSS 0.14%
  • Veröffentlicht 02.06.2023 17:15:13
  • Zuletzt bearbeitet 27.05.2025 17:15:24

An attacker could have positioned a `datalist` element to obscure the address bar. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11.

8.8

CVE-2023-32213

  • EPSS 0.18%
  • Veröffentlicht 02.06.2023 17:15:13
  • Zuletzt bearbeitet 21.11.2024 08:02:54

When reading a file, an uninitialized value could have been used as read limit. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11.

8.8

CVE-2023-32215

  • EPSS 0.2%
  • Veröffentlicht 02.06.2023 17:15:13
  • Zuletzt bearbeitet 27.05.2025 17:15:24

Mozilla developers and community members Gabriele Svelto, Andrew Osmond, Emily McDonough, Sebastian Hengst, Andrew McCreight and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 112 and Firefox ESR 102.10. Some of these bugs sh...

4.3

CVE-2023-28159

  • EPSS 0.13%
  • Veröffentlicht 02.06.2023 17:15:12
  • Zuletzt bearbeitet 09.01.2025 17:15:09

The fullscreen notification could have been hidden on Firefox for Android by using download popups, resulting in potential user confusion or spoofing attacks. <br>*This bug only affects Firefox for Android. Other operating systems are unaffected.*. T...

6.5

CVE-2023-28160

  • EPSS 0.18%
  • Veröffentlicht 02.06.2023 17:15:12
  • Zuletzt bearbeitet 09.01.2025 16:15:33

When following a redirect to a publicly accessible web extension file, the URL may have been translated to the actual local path, leaking potentially sensitive information. This vulnerability affects Firefox < 111.

8.8

CVE-2023-28161

  • EPSS 0.12%
  • Veröffentlicht 02.06.2023 17:15:12
  • Zuletzt bearbeitet 09.01.2025 16:15:33

If temporary "one-time" permissions, such as the ability to use the Camera, were granted to a document loaded using a file: URL, that permission persisted in that tab for all other documents loaded from a file: URL. This is potentially dangerous if t...

8.8

CVE-2023-28162

  • EPSS 0.12%
  • Veröffentlicht 02.06.2023 17:15:12
  • Zuletzt bearbeitet 09.01.2025 16:15:34

While implementing AudioWorklets, some code may have casted one type to another, invalid, dynamic type. This could have led to a potentially exploitable crash. This vulnerability affects Firefox < 111, Firefox ESR < 102.9, and Thunderbird < 102.9.