Mozilla

Firefox

2920 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
4.3

CVE-2021-23953

  • EPSS 0.38%
  • Veröffentlicht 26.02.2021 03:15:13
  • Zuletzt bearbeitet 21.11.2024 05:52:05

If a user clicked into a specifically crafted PDF, the PDF reader could be confused into leaking cross-origin information, when said information is served as chunked data. This vulnerability affects Firefox < 85, Thunderbird < 78.7, and Firefox ESR <...

8.8

CVE-2021-23954

  • EPSS 0.25%
  • Veröffentlicht 26.02.2021 03:15:13
  • Zuletzt bearbeitet 21.11.2024 05:52:05

Using the new logical assignment operators in a JavaScript switch statement could have caused a type confusion, leading to a memory corruption and a potentially exploitable crash. This vulnerability affects Firefox < 85, Thunderbird < 78.7, and Firef...

6.1

CVE-2021-23955

  • EPSS 0.24%
  • Veröffentlicht 26.02.2021 03:15:13
  • Zuletzt bearbeitet 21.11.2024 05:52:05

The browser could have been confused into transferring a pointer lock state into another tab, which could have lead to clickjacking attacks. This vulnerability affects Firefox < 85.

6.5

CVE-2021-23956

Exploit
  • EPSS 0.28%
  • Veröffentlicht 26.02.2021 03:15:13
  • Zuletzt bearbeitet 21.11.2024 05:52:06

An ambiguous file picker design could have confused users who intended to select and upload a single file into uploading a whole directory. This was addressed by adding a new prompt. This vulnerability affects Firefox < 85.

7.4

CVE-2021-23957

  • EPSS 0.29%
  • Veröffentlicht 26.02.2021 03:15:13
  • Zuletzt bearbeitet 21.11.2024 05:52:06

Navigations through the Android-specific `intent` URL scheme could have been misused to escape iframe sandbox. Note: This issue only affected Firefox for Android. Other operating systems are unaffected. This vulnerability affects Firefox < 85.

6.5

CVE-2021-23958

  • EPSS 0.33%
  • Veröffentlicht 26.02.2021 03:15:13
  • Zuletzt bearbeitet 21.11.2024 05:52:06

The browser could have been confused into transferring a screen sharing state into another tab, which would leak unintended information. This vulnerability affects Firefox < 85.

6.1

CVE-2021-23959

  • EPSS 0.3%
  • Veröffentlicht 26.02.2021 03:15:13
  • Zuletzt bearbeitet 21.11.2024 05:52:06

An XSS bug in internal error pages could have led to various spoofing attacks, including other error pages and the address bar. Note: This issue only affected Firefox for Android. Other operating systems are unaffected. This vulnerability affects Fir...

8.8

CVE-2021-23960

  • EPSS 0.42%
  • Veröffentlicht 26.02.2021 03:15:13
  • Zuletzt bearbeitet 21.11.2024 05:52:06

Performing garbage collection on re-declared JavaScript variables resulted in a user-after-poison, and a potentially exploitable crash. This vulnerability affects Firefox < 85, Thunderbird < 78.7, and Firefox ESR < 78.7.

7.4

CVE-2021-23961

  • EPSS 0.7%
  • Veröffentlicht 26.02.2021 03:15:13
  • Zuletzt bearbeitet 21.11.2024 05:52:06

Further techniques that built on the slipstream research combined with a malicious webpage could have exposed both an internal network's hosts as well as services running on the user's local machine. This vulnerability affects Firefox < 85.

6.5

CVE-2021-23970

  • EPSS 0.48%
  • Veröffentlicht 26.02.2021 02:15:13
  • Zuletzt bearbeitet 21.11.2024 05:52:07

Context-specific code was included in a shared jump table; resulting in assertions being triggered in multithreaded wasm code. This vulnerability affects Firefox < 86.