CVE-2023-4051
- EPSS 0.55%
- Veröffentlicht 01.08.2023 15:15:10
- Zuletzt bearbeitet 21.11.2024 08:34:18
A website could have obscured the full screen notification by using the file open dialog. This could have led to user confusion and possible spoofing attacks. This vulnerability affects Firefox < 116, Firefox ESR < 115.2, and Thunderbird < 115.2.
CVE-2023-4052
- EPSS 0.58%
- Veröffentlicht 01.08.2023 15:15:10
- Zuletzt bearbeitet 21.11.2024 08:34:18
The Firefox updater created a directory writable by non-privileged users. When uninstalling Firefox, any files in that directory would be recursively deleted with the permissions of the uninstalling user account. This could be combined with creation ...
CVE-2023-4053
- EPSS 0.66%
- Veröffentlicht 01.08.2023 15:15:10
- Zuletzt bearbeitet 21.11.2024 08:34:18
A website could have obscured the full screen notification by using a URL with a scheme handled by an external program, such as a mailto URL. This could have led to user confusion and possible spoofing attacks. This vulnerability affects Firefox < 11...
CVE-2023-4045
- EPSS 0.53%
- Veröffentlicht 01.08.2023 15:15:09
- Zuletzt bearbeitet 21.11.2024 08:34:17
Offscreen Canvas did not properly track cross-origin tainting, which could have been used to access image data from another site in violation of same-origin policy. This vulnerability affects Firefox < 116, Firefox ESR < 102.14, and Firefox ESR < 115...
CVE-2023-4046
- EPSS 1.01%
- Veröffentlicht 01.08.2023 15:15:09
- Zuletzt bearbeitet 21.11.2024 08:34:17
In some circumstances, a stale value could have been used for a global variable in WASM JIT analysis. This resulted in incorrect compilation and a potentially exploitable crash in the content process. This vulnerability affects Firefox < 116, Firefox...
CVE-2023-4047
- EPSS 0.58%
- Veröffentlicht 01.08.2023 15:15:09
- Zuletzt bearbeitet 21.11.2024 08:34:17
A bug in popup notifications delay calculation could have made it possible for an attacker to trick a user into granting permissions. This vulnerability affects Firefox < 116, Firefox ESR < 102.14, and Firefox ESR < 115.1.
CVE-2023-4048
- EPSS 0.83%
- Veröffentlicht 01.08.2023 15:15:09
- Zuletzt bearbeitet 21.11.2024 08:34:17
An out-of-bounds read could have led to an exploitable crash when parsing HTML with DOMParser in low memory situations. This vulnerability affects Firefox < 116, Firefox ESR < 102.14, and Firefox ESR < 115.1.
CVE-2023-37456
- EPSS 0.48%
- Veröffentlicht 12.07.2023 14:15:10
- Zuletzt bearbeitet 21.11.2024 08:11:44
The session restore helper crashed whenever there was no parameter sent to the message handler. This vulnerability affects Firefox for iOS < 115.
CVE-2023-3600
- EPSS 0.54%
- Veröffentlicht 12.07.2023 14:15:10
- Zuletzt bearbeitet 18.12.2025 16:15:49
During the worker lifecycle, a use-after-free condition could have occurred, which could have led to a potentially exploitable crash. This vulnerability affects Firefox < 115.0.2, Firefox ESR < 115.0.2, and Thunderbird < 115.0.1.
CVE-2023-37455
- EPSS 0.3%
- Veröffentlicht 12.07.2023 14:15:09
- Zuletzt bearbeitet 21.11.2024 08:11:44
The permission request prompt from the site in the background tab was overlaid on top of the site in the foreground tab. This vulnerability affects Firefox for iOS < 115.