CVE-2024-29944
- EPSS 4.7%
- Veröffentlicht 22.03.2024 13:15:07
- Zuletzt bearbeitet 01.04.2025 16:30:37
An attacker was able to inject an event handler into a privileged object that would allow arbitrary JavaScript execution in the parent process. Note: This vulnerability affects Desktop Firefox only, it does not affect mobile versions of Firefox. This...
CVE-2024-2611
- EPSS 0.61%
- Veröffentlicht 19.03.2024 12:15:09
- Zuletzt bearbeitet 01.04.2025 16:26:40
A missing delay on when pointer lock was used could have allowed a malicious page to trick a user into granting permissions. This vulnerability affects Firefox < 124, Firefox ESR < 115.9, and Thunderbird < 115.9.
CVE-2024-2612
- EPSS 0.97%
- Veröffentlicht 19.03.2024 12:15:09
- Zuletzt bearbeitet 17.07.2025 13:35:05
If an attacker could find a way to trigger a particular code path in `SafeRefPtr`, it could have triggered a crash or potentially be leveraged to achieve code execution. This vulnerability affects Firefox < 124, Firefox ESR < 115.9, and Thunderbird <...
CVE-2024-2605
- EPSS 0.58%
- Veröffentlicht 19.03.2024 12:15:08
- Zuletzt bearbeitet 01.04.2025 17:10:55
An attacker could have leveraged the Windows Error Reporter to run arbitrary code on the system escaping the sandbox. *Note:* This issue only affected Windows operating systems. Other operating systems are unaffected. This vulnerability affects Firef...
CVE-2024-2607
- EPSS 1.11%
- Veröffentlicht 19.03.2024 12:15:08
- Zuletzt bearbeitet 01.04.2025 17:15:20
Return registers were overwritten which could have allowed an attacker to execute arbitrary code. *Note:* This issue only affected Armv7-A systems. Other operating systems are unaffected. This vulnerability affects Firefox < 124, Firefox ESR < 115.9,...
CVE-2024-2608
- EPSS 0.39%
- Veröffentlicht 19.03.2024 12:15:08
- Zuletzt bearbeitet 01.04.2025 17:18:20
`AppendEncodedAttributeValue(), ExtraSpaceNeededForAttrEncoding()` and `AppendEncodedCharacters()` could have experienced integer overflows, causing underallocation of an output buffer leading to an out of bounds write. This vulnerability affects Fir...
CVE-2024-2609
- EPSS 0.6%
- Veröffentlicht 19.03.2024 12:15:08
- Zuletzt bearbeitet 01.04.2025 17:19:51
The permission prompt input delay could expire while the window is not in focus. This makes it vulnerable to clickjacking by malicious websites. This vulnerability affects Firefox < 124, Firefox ESR < 115.10, and Thunderbird < 115.10.
CVE-2024-2610
- EPSS 0.7%
- Veröffentlicht 19.03.2024 12:15:08
- Zuletzt bearbeitet 01.04.2025 17:37:13
Using a markup injection an attacker could have stolen nonce values. This could have been used to bypass strict content security policies. This vulnerability affects Firefox < 124, Firefox ESR < 115.9, and Thunderbird < 115.9.
CVE-2023-5388
- EPSS 0.82%
- Veröffentlicht 19.03.2024 12:15:07
- Zuletzt bearbeitet 04.11.2025 19:16:23
NSS was susceptible to a timing side-channel attack when performing RSA decryption. This attack could potentially allow an attacker to recover the private data. This vulnerability affects Firefox < 124, Firefox ESR < 115.9, and Thunderbird < 115.9.
CVE-2024-1546
- EPSS 0.71%
- Veröffentlicht 20.02.2024 14:15:08
- Zuletzt bearbeitet 27.03.2025 14:35:06
When storing and re-accessing data on a networking channel, the length of buffers may have been confused, resulting in an out-of-bounds memory read. This vulnerability affects Firefox < 123, Firefox ESR < 115.8, and Thunderbird < 115.8.