Mozilla Mozilla

Do you want an email whenever new security vulnerabilities are reported in any Mozilla product?

Products by Mozilla Sorted by Most Security Vulnerabilities since 2018

Mozilla Firefox944 vulnerabilities
Open source web browser

Mozilla Thunderbird592 vulnerabilities
Email client

Mozilla SeaMonkey188 vulnerabilities
Browser, email and newsgroup client

Mozilla Thunderbird Esr107 vulnerabilities

Mozilla Firefox Mobile19 vulnerabilities

Mozilla Focus15 vulnerabilities

Mozilla Firefox Focus5 vulnerabilities

Mozilla Bleach5 vulnerabilities

Mozilla5 vulnerabilities

Mozilla Nss3 vulnerabilities

Mozilla Vpn3 vulnerabilities

Mozilla Geckodriver2 vulnerabilities

Mozilla Pollbot2 vulnerabilities

Mozilla Firefox Os2 vulnerabilities

Mozilla Convict2 vulnerabilities

Mozilla Camino2 vulnerabilities

Mozilla Webthings Gateway2 vulnerabilities

Mozilla Nss Esr1 vulnerability

Mozilla Mozjpeg1 vulnerability

Mozilla Vpn1 vulnerability

Mozilla Hubs Cloud1 vulnerability

Mozilla Hawk1 vulnerability

Mozilla Bugzilla1 vulnerability

Recent Mozilla Security Advisories

Advisory Title Published
mfsa2023-40 Security Vulnerability fixed in Firefox 117.0.1, Firefox ESR 115.2.1, Firefox ESR 102.15.1, Thunderbird 102.15.1, and Thunderbird 115.2.2 mfsa2023-40 September 12, 2023
mfsa2023-39 Security Issues in Mozilla VPN for Linux prior to v2.16.1 mfsa2023-39 August 30, 2023
mfsa2023-34 Security Vulnerabilities fixed in Firefox 117 mfsa2023-34 August 29, 2023
mfsa2023-35 Security Vulnerabilities fixed in Firefox ESR 102.15 mfsa2023-35 August 29, 2023
mfsa2023-38 Security Vulnerabilities fixed in Thunderbird 115.2 mfsa2023-38 August 29, 2023
mfsa2023-37 Security Vulnerabilities fixed in Thunderbird 102.15 mfsa2023-37 August 29, 2023
mfsa2023-36 Security Vulnerabilities fixed in Firefox ESR 115.2 mfsa2023-36 August 29, 2023
mfsa2023-33 Security Vulnerabilities fixed in Thunderbird 115.1 mfsa2023-33 August 2, 2023
mfsa2023-32 Security Vulnerabilities fixed in Thunderbird 102.14 mfsa2023-32 August 2, 2023
mfsa2023-31 Security Vulnerabilities fixed in Firefox ESR 115.1 mfsa2023-31 August 1, 2023

Known Exploited Mozilla Vulnerabilities

The following Mozilla vulnerabilities have been marked by CISA as Known to be Exploited by threat actors.

Title Description Added
Mozilla Firefox, Firefox ESR, and Thunderbird Use-After-Free Vulnerability Mozilla Firefox, Firefox ESR, and Thunderbird contain a use-after-free vulnerability in SVG Animation, targeting Firefox and Tor browser users on Windows. CVE-2016-9079 June 22, 2023
Mozilla Firefox Security Feature Bypass Vulnerability Moxilla Firefox allows remote attackers to bypass the Same Origin Policy to read arbitrary files or gain privileges. CVE-2015-4495 May 25, 2022
Mozilla Firefox and Thunderbird Type Confusion Vulnerability Mozilla Firefox and Thunderbird contain a type confusion vulnerability that can occur when manipulating JavaScript objects due to issues in Array.pop, allowing for an exploitable crash. CVE-2019-11707 May 23, 2022
Mozilla Firefox and Thunderbird Sandbox Escape Vulnerability Mozilla Firefox and Thunderbird contain a sandbox escape vulnerability that could result in remote code execution. CVE-2019-11708 May 23, 2022
Mozilla Firefox and Thunderbird Denial-of-Service Vulnerability Mozilla Firefox and Thunderbird do not properly handle onreadystatechange events in conjunction with page reloading, which allows remote attackers to cause a denial-of-service or possibly execute arbitrary code via a crafted web site. CVE-2013-1690 March 28, 2022
Mozilla Firefox Use-After-Free Vulnerability Mozilla Firefox contains a use-after-free vulnerability in WebGPU IPC Framework which can be exploited to perform arbitrary code execution. CVE-2022-26486 March 7, 2022
Mozilla Firefox Use-After-Free Vulnerability Mozilla Firefox contains a use-after-free vulnerability in XSLT parameter processing which can be exploited to perform arbitrary code execution. CVE-2022-26485 March 7, 2022
Mozilla Firefox Information Disclosure Vulnerability Mozilla Firefox does not properly initialize data structures for the nsDOMSVGZoomEvent::mPreviousScale and nsDOMSVGZoomEvent::mNewScale functions, which allows remote attackers to obtain sensitive information from process memory via a crafted web site. CVE-2013-1675 March 3, 2022
Mozilla Firefox 74 and Firefox ESR 68.6 nsDocShell vulnerability A race condition can cause a use-after-free when running the nsDocShell destructor. This vulnerability affects Thunderbird < 68.7.0, Firefox < 74.0.1, and Firefox ESR < 68.6.1. CVE-2020-6819 November 3, 2021
Mozilla Firefox 74 and Firefox ESR 68.6 ReadableStream vulnerability A race condition can cause a use-after-free when handling a ReadableStream. This vulnerability affects Thunderbird < 68.7.0, Firefox < 74.0.1, and Firefox ESR < 68.6.1. CVE-2020-6820 November 3, 2021
Mozilla Firefox IonMonkey JIT compiler Type Confusion Vulnerability Incorrect alias information in IonMonkey JIT compiler for setting array elements could lead to a type confusion. This vulnerability affects Firefox ESR < 68.4.1, Thunderbird < 68.4.1, and Firefox < 72.0.1 CVE-2019-17026 November 3, 2021

By the Year

In 2023 there have been 142 vulnerabilities in Mozilla with an average score of 7.3 out of ten. Last year Mozilla had 186 security vulnerabilities published. If vulnerabilities keep coming in at the current rate, it appears that number of security vulnerabilities in Mozilla in 2023 could surpass last years number. Last year, the average CVE base score was greater by 0.19

Year Vulnerabilities Average Score
2023 142 7.25
2022 186 7.44
2021 158 7.11
2020 180 7.26
2019 144 7.67
2018 128 7.64

It may take a day or so for new Mozilla vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Mozilla Security Vulnerabilities

Heap buffer overflow in WebP in Google Chrome prior to 116.0.5845.187

CVE-2023-4863 8.8 - High - September 12, 2023

Heap buffer overflow in WebP in Google Chrome prior to 116.0.5845.187 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: Critical)

Memory Corruption

When creating a callback over IPC for showing the File Picker window

CVE-2023-4575 6.5 - Medium - September 11, 2023

When creating a callback over IPC for showing the File Picker window, multiple of the same callbacks could have been created at a time and eventually all simultaneously destroyed as soon as one of the callbacks finished. This could have led to a use-after-free causing a potentially exploitable crash. This vulnerability affects Firefox < 117, Firefox ESR < 102.15, Firefox ESR < 115.2, Thunderbird < 102.15, and Thunderbird < 115.2.

Dangling pointer

When `UpdateRegExpStatics` attempted to access `initialStringHeap` it could already have been garbage collected prior to entering the function

CVE-2023-4577 6.5 - Medium - September 11, 2023

When `UpdateRegExpStatics` attempted to access `initialStringHeap` it could already have been garbage collected prior to entering the function, which could potentially have led to an exploitable crash. This vulnerability affects Firefox < 117, Firefox ESR < 115.2, and Thunderbird < 115.2.

On Windows, an integer overflow could occur in `RecordedSourceSurfaceCreation` which resulted in a heap buffer overflow potentially leaking sensitive data

CVE-2023-4576 8.6 - High - September 11, 2023

On Windows, an integer overflow could occur in `RecordedSourceSurfaceCreation` which resulted in a heap buffer overflow potentially leaking sensitive data that could have led to a sandbox escape. *This bug only affects Firefox on Windows. Other operating systems are unaffected.* This vulnerability affects Firefox < 117, Firefox ESR < 102.15, Firefox ESR < 115.2, Thunderbird < 102.15, and Thunderbird < 115.2.

Integer Overflow or Wraparound

When calling `JS::CheckRegExpSyntax` a Syntax Error could have been set which would end in calling `convertToRuntimeErrorAndClear`

CVE-2023-4578 6.5 - Medium - September 11, 2023

When calling `JS::CheckRegExpSyntax` a Syntax Error could have been set which would end in calling `convertToRuntimeErrorAndClear`. A path in the function could attempt to allocate memory when none is available which would have caused a newly created Out of Memory exception to be mishandled as a Syntax Error. This vulnerability affects Firefox < 117, Firefox ESR < 115.2, and Thunderbird < 115.2.

Allocation of Resources Without Limits or Throttling

Search queries in the default search engine could appear to have been the currently navigated URL if the search query itself was a well formed URL

CVE-2023-4579 3.1 - Low - September 11, 2023

Search queries in the default search engine could appear to have been the currently navigated URL if the search query itself was a well formed URL. This could have led to a site spoofing another if it had been maliciously set as the default search engine. This vulnerability affects Firefox < 117.

Push notifications stored on disk in private browsing mode were not being encrypted potentially allowing the leak of sensitive information

CVE-2023-4580 6.5 - Medium - September 11, 2023

Push notifications stored on disk in private browsing mode were not being encrypted potentially allowing the leak of sensitive information. This vulnerability affects Firefox < 117, Firefox ESR < 115.2, and Thunderbird < 115.2.

Missing Encryption of Sensitive Data

Excel `.xll` add-in files did not have a blocklist entry in Firefox's executable blocklist which

CVE-2023-4581 4.3 - Medium - September 11, 2023

Excel `.xll` add-in files did not have a blocklist entry in Firefox's executable blocklist which allowed them to be downloaded without any warning of their potential harm. This vulnerability affects Firefox < 117, Firefox ESR < 102.15, Firefox ESR < 115.2, Thunderbird < 102.15, and Thunderbird < 115.2.

Due to large allocation checks in Angle for glsl shaders being too lenient a buffer overflow could have occured when allocating too much private shader memory on mac OS

CVE-2023-4582 8.8 - High - September 11, 2023

Due to large allocation checks in Angle for glsl shaders being too lenient a buffer overflow could have occured when allocating too much private shader memory on mac OS. *This bug only affects Firefox on macOS. Other operating systems are unaffected.* This vulnerability affects Firefox < 117, Firefox ESR < 115.2, and Thunderbird < 115.2.

Classic Buffer Overflow

When checking if the Browsing Context had been discarded in `HttpBaseChannel`, if the load group was not available then it was assumed to have already been discarded

CVE-2023-4583 7.5 - High - September 11, 2023

When checking if the Browsing Context had been discarded in `HttpBaseChannel`, if the load group was not available then it was assumed to have already been discarded which was not always the case for private channels after the private session had ended. This vulnerability affects Firefox < 117, Firefox ESR < 115.2, and Thunderbird < 115.2.

Memory safety bugs present in Firefox 116, Firefox ESR 102.14, Firefox ESR 115.1, Thunderbird 102.14, and Thunderbird 115.1

CVE-2023-4584 8.8 - High - September 11, 2023

Memory safety bugs present in Firefox 116, Firefox ESR 102.14, Firefox ESR 115.1, Thunderbird 102.14, and Thunderbird 115.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 117, Firefox ESR < 102.15, Firefox ESR < 115.2, Thunderbird < 102.15, and Thunderbird < 115.2.

Memory Corruption

Memory safety bugs present in Firefox 116, Firefox ESR 115.1, and Thunderbird 115.1

CVE-2023-4585 8.8 - High - September 11, 2023

Memory safety bugs present in Firefox 116, Firefox ESR 115.1, and Thunderbird 115.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 117, Firefox ESR < 115.2, and Thunderbird < 115.2.

Memory Corruption

When creating a callback over IPC for showing the Color Picker window

CVE-2023-4574 6.5 - Medium - September 11, 2023

When creating a callback over IPC for showing the Color Picker window, multiple of the same callbacks could have been created at a time and eventually all simultaneously destroyed as soon as one of the callbacks finished. This could have led to a use-after-free causing a potentially exploitable crash. This vulnerability affects Firefox < 117, Firefox ESR < 102.15, Firefox ESR < 115.2, Thunderbird < 102.15, and Thunderbird < 115.2.

Dangling pointer

When creating a callback over IPC for showing the File Picker window

CVE-2023-4575 6.5 - Medium - September 11, 2023

When creating a callback over IPC for showing the File Picker window, multiple of the same callbacks could have been created at a time and eventually all simultaneously destroyed as soon as one of the callbacks finished. This could have led to a use-after-free causing a potentially exploitable crash. This vulnerability affects Firefox < 117, Firefox ESR < 102.15, Firefox ESR < 115.2, Thunderbird < 102.15, and Thunderbird < 115.2.

Dangling pointer

On Windows, an integer overflow could occur in `RecordedSourceSurfaceCreation` which resulted in a heap buffer overflow potentially leaking sensitive data

CVE-2023-4576 8.6 - High - September 11, 2023

On Windows, an integer overflow could occur in `RecordedSourceSurfaceCreation` which resulted in a heap buffer overflow potentially leaking sensitive data that could have led to a sandbox escape. *This bug only affects Firefox on Windows. Other operating systems are unaffected.* This vulnerability affects Firefox < 117, Firefox ESR < 102.15, Firefox ESR < 115.2, Thunderbird < 102.15, and Thunderbird < 115.2.

Integer Overflow or Wraparound

When `UpdateRegExpStatics` attempted to access `initialStringHeap` it could already have been garbage collected prior to entering the function

CVE-2023-4577 6.5 - Medium - September 11, 2023

When `UpdateRegExpStatics` attempted to access `initialStringHeap` it could already have been garbage collected prior to entering the function, which could potentially have led to an exploitable crash. This vulnerability affects Firefox < 117, Firefox ESR < 115.2, and Thunderbird < 115.2.

When calling `JS::CheckRegExpSyntax` a Syntax Error could have been set which would end in calling `convertToRuntimeErrorAndClear`

CVE-2023-4578 6.5 - Medium - September 11, 2023

When calling `JS::CheckRegExpSyntax` a Syntax Error could have been set which would end in calling `convertToRuntimeErrorAndClear`. A path in the function could attempt to allocate memory when none is available which would have caused a newly created Out of Memory exception to be mishandled as a Syntax Error. This vulnerability affects Firefox < 117, Firefox ESR < 115.2, and Thunderbird < 115.2.

Allocation of Resources Without Limits or Throttling

Push notifications stored on disk in private browsing mode were not being encrypted potentially allowing the leak of sensitive information

CVE-2023-4580 6.5 - Medium - September 11, 2023

Push notifications stored on disk in private browsing mode were not being encrypted potentially allowing the leak of sensitive information. This vulnerability affects Firefox < 117, Firefox ESR < 115.2, and Thunderbird < 115.2.

Missing Encryption of Sensitive Data

Excel `.xll` add-in files did not have a blocklist entry in Firefox's executable blocklist which

CVE-2023-4581 4.3 - Medium - September 11, 2023

Excel `.xll` add-in files did not have a blocklist entry in Firefox's executable blocklist which allowed them to be downloaded without any warning of their potential harm. This vulnerability affects Firefox < 117, Firefox ESR < 102.15, Firefox ESR < 115.2, Thunderbird < 102.15, and Thunderbird < 115.2.

Due to large allocation checks in Angle for glsl shaders being too lenient a buffer overflow could have occured when allocating too much private shader memory on mac OS

CVE-2023-4582 8.8 - High - September 11, 2023

Due to large allocation checks in Angle for glsl shaders being too lenient a buffer overflow could have occured when allocating too much private shader memory on mac OS. *This bug only affects Firefox on macOS. Other operating systems are unaffected.* This vulnerability affects Firefox < 117, Firefox ESR < 115.2, and Thunderbird < 115.2.

Classic Buffer Overflow

When checking if the Browsing Context had been discarded in `HttpBaseChannel`, if the load group was not available then it was assumed to have already been discarded

CVE-2023-4583 7.5 - High - September 11, 2023

When checking if the Browsing Context had been discarded in `HttpBaseChannel`, if the load group was not available then it was assumed to have already been discarded which was not always the case for private channels after the private session had ended. This vulnerability affects Firefox < 117, Firefox ESR < 115.2, and Thunderbird < 115.2.

Memory safety bugs present in Firefox 116, Firefox ESR 102.14, Firefox ESR 115.1, Thunderbird 102.14, and Thunderbird 115.1

CVE-2023-4584 8.8 - High - September 11, 2023

Memory safety bugs present in Firefox 116, Firefox ESR 102.14, Firefox ESR 115.1, Thunderbird 102.14, and Thunderbird 115.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 117, Firefox ESR < 102.15, Firefox ESR < 115.2, Thunderbird < 102.15, and Thunderbird < 115.2.

Memory Corruption

Memory safety bugs present in Firefox 116, Firefox ESR 115.1, and Thunderbird 115.1

CVE-2023-4585 8.8 - High - September 11, 2023

Memory safety bugs present in Firefox 116, Firefox ESR 115.1, and Thunderbird 115.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 117, Firefox ESR < 115.2, and Thunderbird < 115.2.

Memory Corruption

When creating a callback over IPC for showing the Color Picker window

CVE-2023-4574 6.5 - Medium - September 11, 2023

When creating a callback over IPC for showing the Color Picker window, multiple of the same callbacks could have been created at a time and eventually all simultaneously destroyed as soon as one of the callbacks finished. This could have led to a use-after-free causing a potentially exploitable crash. This vulnerability affects Firefox < 117, Firefox ESR < 102.15, Firefox ESR < 115.2, Thunderbird < 102.15, and Thunderbird < 115.2.

Dangling pointer

When creating a callback over IPC for showing the File Picker window

CVE-2023-4575 6.5 - Medium - September 11, 2023

When creating a callback over IPC for showing the File Picker window, multiple of the same callbacks could have been created at a time and eventually all simultaneously destroyed as soon as one of the callbacks finished. This could have led to a use-after-free causing a potentially exploitable crash. This vulnerability affects Firefox < 117, Firefox ESR < 102.15, Firefox ESR < 115.2, Thunderbird < 102.15, and Thunderbird < 115.2.

Dangling pointer

On Windows, an integer overflow could occur in `RecordedSourceSurfaceCreation` which resulted in a heap buffer overflow potentially leaking sensitive data

CVE-2023-4576 8.6 - High - September 11, 2023

On Windows, an integer overflow could occur in `RecordedSourceSurfaceCreation` which resulted in a heap buffer overflow potentially leaking sensitive data that could have led to a sandbox escape. *This bug only affects Firefox on Windows. Other operating systems are unaffected.* This vulnerability affects Firefox < 117, Firefox ESR < 102.15, Firefox ESR < 115.2, Thunderbird < 102.15, and Thunderbird < 115.2.

Integer Overflow or Wraparound

Excel `.xll` add-in files did not have a blocklist entry in Firefox's executable blocklist which

CVE-2023-4581 4.3 - Medium - September 11, 2023

Excel `.xll` add-in files did not have a blocklist entry in Firefox's executable blocklist which allowed them to be downloaded without any warning of their potential harm. This vulnerability affects Firefox < 117, Firefox ESR < 102.15, Firefox ESR < 115.2, Thunderbird < 102.15, and Thunderbird < 115.2.

Memory safety bugs present in Firefox 116, Firefox ESR 102.14, Firefox ESR 115.1, Thunderbird 102.14, and Thunderbird 115.1

CVE-2023-4584 8.8 - High - September 11, 2023

Memory safety bugs present in Firefox 116, Firefox ESR 102.14, Firefox ESR 115.1, Thunderbird 102.14, and Thunderbird 115.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 117, Firefox ESR < 102.15, Firefox ESR < 115.2, Thunderbird < 102.15, and Thunderbird < 115.2.

Memory Corruption

An invalid Polkit Authentication check and missing authentication requirements for D-Bus methods

CVE-2023-4104 5.5 - Medium - September 11, 2023

An invalid Polkit Authentication check and missing authentication requirements for D-Bus methods allowed any local user to configure arbitrary VPN setups. *This bug only affects Mozilla VPN on Linux. Other operating systems are unaffected.* This vulnerability affects Mozilla VPN client for Linux < v2.16.1.

AuthZ

Memory safety bugs present in Firefox 116, Firefox ESR 102.14, Firefox ESR 115.1, Thunderbird 102.14, and Thunderbird 115.1

CVE-2023-4584 8.8 - High - September 11, 2023

Memory safety bugs present in Firefox 116, Firefox ESR 102.14, Firefox ESR 115.1, Thunderbird 102.14, and Thunderbird 115.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 117, Firefox ESR < 102.15, Firefox ESR < 115.2, Thunderbird < 102.15, and Thunderbird < 115.2.

Memory Corruption

When calling `JS::CheckRegExpSyntax` a Syntax Error could have been set which would end in calling `convertToRuntimeErrorAndClear`

CVE-2023-4578 6.5 - Medium - September 11, 2023

When calling `JS::CheckRegExpSyntax` a Syntax Error could have been set which would end in calling `convertToRuntimeErrorAndClear`. A path in the function could attempt to allocate memory when none is available which would have caused a newly created Out of Memory exception to be mishandled as a Syntax Error. This vulnerability affects Firefox < 117, Firefox ESR < 115.2, and Thunderbird < 115.2.

Allocation of Resources Without Limits or Throttling

When `UpdateRegExpStatics` attempted to access `initialStringHeap` it could already have been garbage collected prior to entering the function

CVE-2023-4577 6.5 - Medium - September 11, 2023

When `UpdateRegExpStatics` attempted to access `initialStringHeap` it could already have been garbage collected prior to entering the function, which could potentially have led to an exploitable crash. This vulnerability affects Firefox < 117, Firefox ESR < 115.2, and Thunderbird < 115.2.

On Windows, an integer overflow could occur in `RecordedSourceSurfaceCreation` which resulted in a heap buffer overflow potentially leaking sensitive data

CVE-2023-4576 8.6 - High - September 11, 2023

On Windows, an integer overflow could occur in `RecordedSourceSurfaceCreation` which resulted in a heap buffer overflow potentially leaking sensitive data that could have led to a sandbox escape. *This bug only affects Firefox on Windows. Other operating systems are unaffected.* This vulnerability affects Firefox < 117, Firefox ESR < 102.15, Firefox ESR < 115.2, Thunderbird < 102.15, and Thunderbird < 115.2.

Integer Overflow or Wraparound

Push notifications stored on disk in private browsing mode were not being encrypted potentially allowing the leak of sensitive information

CVE-2023-4580 6.5 - Medium - September 11, 2023

Push notifications stored on disk in private browsing mode were not being encrypted potentially allowing the leak of sensitive information. This vulnerability affects Firefox < 117, Firefox ESR < 115.2, and Thunderbird < 115.2.

Missing Encryption of Sensitive Data

Excel `.xll` add-in files did not have a blocklist entry in Firefox's executable blocklist which

CVE-2023-4581 4.3 - Medium - September 11, 2023

Excel `.xll` add-in files did not have a blocklist entry in Firefox's executable blocklist which allowed them to be downloaded without any warning of their potential harm. This vulnerability affects Firefox < 117, Firefox ESR < 102.15, Firefox ESR < 115.2, Thunderbird < 102.15, and Thunderbird < 115.2.

Due to large allocation checks in Angle for glsl shaders being too lenient a buffer overflow could have occured when allocating too much private shader memory on mac OS

CVE-2023-4582 8.8 - High - September 11, 2023

Due to large allocation checks in Angle for glsl shaders being too lenient a buffer overflow could have occured when allocating too much private shader memory on mac OS. *This bug only affects Firefox on macOS. Other operating systems are unaffected.* This vulnerability affects Firefox < 117, Firefox ESR < 115.2, and Thunderbird < 115.2.

Classic Buffer Overflow

When creating a callback over IPC for showing the File Picker window

CVE-2023-4575 6.5 - Medium - September 11, 2023

When creating a callback over IPC for showing the File Picker window, multiple of the same callbacks could have been created at a time and eventually all simultaneously destroyed as soon as one of the callbacks finished. This could have led to a use-after-free causing a potentially exploitable crash. This vulnerability affects Firefox < 117, Firefox ESR < 102.15, Firefox ESR < 115.2, Thunderbird < 102.15, and Thunderbird < 115.2.

Dangling pointer

When creating a callback over IPC for showing the Color Picker window

CVE-2023-4574 6.5 - Medium - September 11, 2023

When creating a callback over IPC for showing the Color Picker window, multiple of the same callbacks could have been created at a time and eventually all simultaneously destroyed as soon as one of the callbacks finished. This could have led to a use-after-free causing a potentially exploitable crash. This vulnerability affects Firefox < 117, Firefox ESR < 102.15, Firefox ESR < 115.2, Thunderbird < 102.15, and Thunderbird < 115.2.

Dangling pointer

When checking if the Browsing Context had been discarded in `HttpBaseChannel`, if the load group was not available then it was assumed to have already been discarded

CVE-2023-4583 7.5 - High - September 11, 2023

When checking if the Browsing Context had been discarded in `HttpBaseChannel`, if the load group was not available then it was assumed to have already been discarded which was not always the case for private channels after the private session had ended. This vulnerability affects Firefox < 117, Firefox ESR < 115.2, and Thunderbird < 115.2.

Memory safety bugs present in Firefox 116, Firefox ESR 115.1, and Thunderbird 115.1

CVE-2023-4585 8.8 - High - September 11, 2023

Memory safety bugs present in Firefox 116, Firefox ESR 115.1, and Thunderbird 115.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 117, Firefox ESR < 115.2, and Thunderbird < 115.2.

Memory Corruption

When creating a callback over IPC for showing the Color Picker window

CVE-2023-4574 6.5 - Medium - September 11, 2023

When creating a callback over IPC for showing the Color Picker window, multiple of the same callbacks could have been created at a time and eventually all simultaneously destroyed as soon as one of the callbacks finished. This could have led to a use-after-free causing a potentially exploitable crash. This vulnerability affects Firefox < 117, Firefox ESR < 102.15, Firefox ESR < 115.2, Thunderbird < 102.15, and Thunderbird < 115.2.

Dangling pointer

When creating a callback over IPC for showing the File Picker window

CVE-2023-4575 6.5 - Medium - September 11, 2023

When creating a callback over IPC for showing the File Picker window, multiple of the same callbacks could have been created at a time and eventually all simultaneously destroyed as soon as one of the callbacks finished. This could have led to a use-after-free causing a potentially exploitable crash. This vulnerability affects Firefox < 117, Firefox ESR < 102.15, Firefox ESR < 115.2, Thunderbird < 102.15, and Thunderbird < 115.2.

Dangling pointer

On Windows, an integer overflow could occur in `RecordedSourceSurfaceCreation` which resulted in a heap buffer overflow potentially leaking sensitive data

CVE-2023-4576 8.6 - High - September 11, 2023

On Windows, an integer overflow could occur in `RecordedSourceSurfaceCreation` which resulted in a heap buffer overflow potentially leaking sensitive data that could have led to a sandbox escape. *This bug only affects Firefox on Windows. Other operating systems are unaffected.* This vulnerability affects Firefox < 117, Firefox ESR < 102.15, Firefox ESR < 115.2, Thunderbird < 102.15, and Thunderbird < 115.2.

Integer Overflow or Wraparound

Excel `.xll` add-in files did not have a blocklist entry in Firefox's executable blocklist which

CVE-2023-4581 4.3 - Medium - September 11, 2023

Excel `.xll` add-in files did not have a blocklist entry in Firefox's executable blocklist which allowed them to be downloaded without any warning of their potential harm. This vulnerability affects Firefox < 117, Firefox ESR < 102.15, Firefox ESR < 115.2, Thunderbird < 102.15, and Thunderbird < 115.2.

When creating a callback over IPC for showing the Color Picker window

CVE-2023-4574 6.5 - Medium - September 11, 2023

When creating a callback over IPC for showing the Color Picker window, multiple of the same callbacks could have been created at a time and eventually all simultaneously destroyed as soon as one of the callbacks finished. This could have led to a use-after-free causing a potentially exploitable crash. This vulnerability affects Firefox < 117, Firefox ESR < 102.15, Firefox ESR < 115.2, Thunderbird < 102.15, and Thunderbird < 115.2.

Dangling pointer

Memory safety bugs present in Firefox 116, Firefox ESR 102.14, Firefox ESR 115.1, Thunderbird 102.14, and Thunderbird 115.1

CVE-2023-4584 8.8 - High - September 11, 2023

Memory safety bugs present in Firefox 116, Firefox ESR 102.14, Firefox ESR 115.1, Thunderbird 102.14, and Thunderbird 115.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 117, Firefox ESR < 102.15, Firefox ESR < 115.2, Thunderbird < 102.15, and Thunderbird < 115.2.

Memory Corruption

When receiving rendering data over IPC `mStream` could have been destroyed when initialized

CVE-2023-4573 6.5 - Medium - September 11, 2023

When receiving rendering data over IPC `mStream` could have been destroyed when initialized, which could have led to a use-after-free causing a potentially exploitable crash. This vulnerability affects Firefox < 117, Firefox ESR < 102.15, Firefox ESR < 115.2, Thunderbird < 102.15, and Thunderbird < 115.2.

Dangling pointer

When receiving rendering data over IPC `mStream` could have been destroyed when initialized

CVE-2023-4573 6.5 - Medium - September 11, 2023

When receiving rendering data over IPC `mStream` could have been destroyed when initialized, which could have led to a use-after-free causing a potentially exploitable crash. This vulnerability affects Firefox < 117, Firefox ESR < 102.15, Firefox ESR < 115.2, Thunderbird < 102.15, and Thunderbird < 115.2.

Dangling pointer

When receiving rendering data over IPC `mStream` could have been destroyed when initialized

CVE-2023-4573 6.5 - Medium - September 11, 2023

When receiving rendering data over IPC `mStream` could have been destroyed when initialized, which could have led to a use-after-free causing a potentially exploitable crash. This vulnerability affects Firefox < 117, Firefox ESR < 102.15, Firefox ESR < 115.2, Thunderbird < 102.15, and Thunderbird < 115.2.

Dangling pointer

When receiving rendering data over IPC `mStream` could have been destroyed when initialized

CVE-2023-4573 6.5 - Medium - September 11, 2023

When receiving rendering data over IPC `mStream` could have been destroyed when initialized, which could have led to a use-after-free causing a potentially exploitable crash. This vulnerability affects Firefox < 117, Firefox ESR < 102.15, Firefox ESR < 115.2, Thunderbird < 102.15, and Thunderbird < 115.2.

Dangling pointer

When receiving rendering data over IPC `mStream` could have been destroyed when initialized

CVE-2023-4573 6.5 - Medium - September 11, 2023

When receiving rendering data over IPC `mStream` could have been destroyed when initialized, which could have led to a use-after-free causing a potentially exploitable crash. This vulnerability affects Firefox < 117, Firefox ESR < 102.15, Firefox ESR < 115.2, Thunderbird < 102.15, and Thunderbird < 115.2.

Dangling pointer

A potential use-after-free vulnerability existed in SVG Images if the Refresh Driver was destroyed at an inopportune time

CVE-2022-46884 8.8 - High - August 24, 2023

A potential use-after-free vulnerability existed in SVG Images if the Refresh Driver was destroyed at an inopportune time. This could have lead to memory corruption or a potentially exploitable crash. *Note*: This advisory was added on December 13th, 2022 after discovering it was inadvertently left out of the original advisory. The fix was included in the original release of Firefox 106. This vulnerability affects Firefox < 106.

Dangling pointer

Memory safety bugs present in Firefox 115, Firefox ESR 115.0, Firefox ESR 102.13, Thunderbird 115.0, and Thunderbird 102.13

CVE-2023-4056 9.8 - Critical - August 01, 2023

Memory safety bugs present in Firefox 115, Firefox ESR 115.0, Firefox ESR 102.13, Thunderbird 115.0, and Thunderbird 102.13. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 116, Firefox ESR < 102.14, and Firefox ESR < 115.1.

Memory Corruption

Memory safety bugs present in Firefox 115

CVE-2023-4058 9.8 - Critical - August 01, 2023

Memory safety bugs present in Firefox 115. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 116.

Memory Corruption

When the number of cookies per domain was exceeded in `document.cookie`

CVE-2023-4055 7.5 - High - August 01, 2023

When the number of cookies per domain was exceeded in `document.cookie`, the actual cookie jar sent to the host was no longer consistent with expected cookie jar state. This could have caused requests to be sent with some cookies missing. This vulnerability affects Firefox < 116, Firefox ESR < 102.14, and Firefox ESR < 115.1.

When opening appref-ms files, Firefox did not warn the user that these files may contain malicious code

CVE-2023-4054 5.5 - Medium - August 01, 2023

When opening appref-ms files, Firefox did not warn the user that these files may contain malicious code. *This bug only affects Firefox on Windows. Other operating systems are unaffected.* This vulnerability affects Firefox < 116, Firefox ESR < 102.14, Firefox ESR < 115.1, Thunderbird < 102.14, and Thunderbird < 115.1.

Memory safety bugs present in Firefox 115, Firefox ESR 115.0, and Thunderbird 115.0

CVE-2023-4057 9.8 - Critical - August 01, 2023

Memory safety bugs present in Firefox 115, Firefox ESR 115.0, and Thunderbird 115.0. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 116, Firefox ESR < 115.1, and Thunderbird < 115.1.

Memory Corruption

Memory safety bugs present in Firefox 115, Firefox ESR 115.0, Firefox ESR 102.13, Thunderbird 115.0, and Thunderbird 102.13

CVE-2023-4056 9.8 - Critical - August 01, 2023

Memory safety bugs present in Firefox 115, Firefox ESR 115.0, Firefox ESR 102.13, Thunderbird 115.0, and Thunderbird 102.13. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 116, Firefox ESR < 102.14, and Firefox ESR < 115.1.

Memory Corruption

When the number of cookies per domain was exceeded in `document.cookie`

CVE-2023-4055 7.5 - High - August 01, 2023

When the number of cookies per domain was exceeded in `document.cookie`, the actual cookie jar sent to the host was no longer consistent with expected cookie jar state. This could have caused requests to be sent with some cookies missing. This vulnerability affects Firefox < 116, Firefox ESR < 102.14, and Firefox ESR < 115.1.

When opening appref-ms files, Firefox did not warn the user that these files may contain malicious code

CVE-2023-4054 5.5 - Medium - August 01, 2023

When opening appref-ms files, Firefox did not warn the user that these files may contain malicious code. *This bug only affects Firefox on Windows. Other operating systems are unaffected.* This vulnerability affects Firefox < 116, Firefox ESR < 102.14, Firefox ESR < 115.1, Thunderbird < 102.14, and Thunderbird < 115.1.

An out-of-bounds read could have led to an exploitable crash when parsing HTML with DOMParser in low memory situations

CVE-2023-4048 7.5 - High - August 01, 2023

An out-of-bounds read could have led to an exploitable crash when parsing HTML with DOMParser in low memory situations. This vulnerability affects Firefox < 116, Firefox ESR < 102.14, and Firefox ESR < 115.1.

Out-of-bounds Read

A bug in popup notifications delay calculation could have made it possible for an attacker to trick a user into granting permissions

CVE-2023-4047 8.8 - High - August 01, 2023

A bug in popup notifications delay calculation could have made it possible for an attacker to trick a user into granting permissions. This vulnerability affects Firefox < 116, Firefox ESR < 102.14, and Firefox ESR < 115.1.

In some circumstances, a stale value could have been used for a global variable in WASM JIT analysis

CVE-2023-4046 5.3 - Medium - August 01, 2023

In some circumstances, a stale value could have been used for a global variable in WASM JIT analysis. This resulted in incorrect compilation and a potentially exploitable crash in the content process. This vulnerability affects Firefox < 116, Firefox ESR < 102.14, and Firefox ESR < 115.1.

Offscreen Canvas did not properly track cross-origin tainting, which could have been used to access image data

CVE-2023-4045 5.3 - Medium - August 01, 2023

Offscreen Canvas did not properly track cross-origin tainting, which could have been used to access image data from another site in violation of same-origin policy. This vulnerability affects Firefox < 116, Firefox ESR < 102.14, and Firefox ESR < 115.1.

Origin Validation Error

The Firefox updater created a directory writable by non-privileged users

CVE-2023-4052 6.5 - Medium - August 01, 2023

The Firefox updater created a directory writable by non-privileged users. When uninstalling Firefox, any files in that directory would be recursively deleted with the permissions of the uninstalling user account. This could be combined with creation of a junction (a form of symbolic link) to allow arbitrary file deletion controlled by the non-privileged user. *This bug only affects Firefox on Windows. Other operating systems are unaffected.* This vulnerability affects Firefox < 116, Firefox ESR < 115.1, and Thunderbird < 115.1.

insecure temporary file

In some cases, an untrusted input stream was copied to a stack buffer without checking its size

CVE-2023-4050 7.5 - High - August 01, 2023

In some cases, an untrusted input stream was copied to a stack buffer without checking its size. This resulted in a potentially exploitable crash which could have led to a sandbox escape. This vulnerability affects Firefox < 116, Firefox ESR < 102.14, and Firefox ESR < 115.1.

Memory Corruption

Race conditions in reference counting code were found through code inspection

CVE-2023-4049 5.9 - Medium - August 01, 2023

Race conditions in reference counting code were found through code inspection. These could have resulted in potentially exploitable use-after-free vulnerabilities. This vulnerability affects Firefox < 116, Firefox ESR < 102.14, and Firefox ESR < 115.1.

Race Condition

An out-of-bounds read could have led to an exploitable crash when parsing HTML with DOMParser in low memory situations

CVE-2023-4048 7.5 - High - August 01, 2023

An out-of-bounds read could have led to an exploitable crash when parsing HTML with DOMParser in low memory situations. This vulnerability affects Firefox < 116, Firefox ESR < 102.14, and Firefox ESR < 115.1.

Out-of-bounds Read

A bug in popup notifications delay calculation could have made it possible for an attacker to trick a user into granting permissions

CVE-2023-4047 8.8 - High - August 01, 2023

A bug in popup notifications delay calculation could have made it possible for an attacker to trick a user into granting permissions. This vulnerability affects Firefox < 116, Firefox ESR < 102.14, and Firefox ESR < 115.1.

In some circumstances, a stale value could have been used for a global variable in WASM JIT analysis

CVE-2023-4046 5.3 - Medium - August 01, 2023

In some circumstances, a stale value could have been used for a global variable in WASM JIT analysis. This resulted in incorrect compilation and a potentially exploitable crash in the content process. This vulnerability affects Firefox < 116, Firefox ESR < 102.14, and Firefox ESR < 115.1.

Offscreen Canvas did not properly track cross-origin tainting, which could have been used to access image data

CVE-2023-4045 5.3 - Medium - August 01, 2023

Offscreen Canvas did not properly track cross-origin tainting, which could have been used to access image data from another site in violation of same-origin policy. This vulnerability affects Firefox < 116, Firefox ESR < 102.14, and Firefox ESR < 115.1.

Origin Validation Error

In some cases, an untrusted input stream was copied to a stack buffer without checking its size

CVE-2023-4050 7.5 - High - August 01, 2023

In some cases, an untrusted input stream was copied to a stack buffer without checking its size. This resulted in a potentially exploitable crash which could have led to a sandbox escape. This vulnerability affects Firefox < 116, Firefox ESR < 102.14, and Firefox ESR < 115.1.

Memory Corruption

A website could have obscured the full screen notification by using a URL with a scheme handled by an external program

CVE-2023-4053 6.5 - Medium - August 01, 2023

A website could have obscured the full screen notification by using a URL with a scheme handled by an external program, such as a mailto URL. This could have led to user confusion and possible spoofing attacks. This vulnerability affects Firefox < 116, Firefox ESR < 115.2, and Thunderbird < 115.2.

insecure temporary file

A website could have obscured the full screen notification by using the file open dialog

CVE-2023-4051 7.5 - High - August 01, 2023

A website could have obscured the full screen notification by using the file open dialog. This could have led to user confusion and possible spoofing attacks. This vulnerability affects Firefox < 116, Firefox ESR < 115.2, and Thunderbird < 115.2.

A website could have obscured the full screen notification by using the file open dialog

CVE-2023-4051 7.5 - High - August 01, 2023

A website could have obscured the full screen notification by using the file open dialog. This could have led to user confusion and possible spoofing attacks. This vulnerability affects Firefox < 116, Firefox ESR < 115.2, and Thunderbird < 115.2.

A website could have obscured the full screen notification by using a URL with a scheme handled by an external program

CVE-2023-4053 6.5 - Medium - August 01, 2023

A website could have obscured the full screen notification by using a URL with a scheme handled by an external program, such as a mailto URL. This could have led to user confusion and possible spoofing attacks. This vulnerability affects Firefox < 116, Firefox ESR < 115.2, and Thunderbird < 115.2.

insecure temporary file

A website could have obscured the full screen notification by using the file open dialog

CVE-2023-4051 7.5 - High - August 01, 2023

A website could have obscured the full screen notification by using the file open dialog. This could have led to user confusion and possible spoofing attacks. This vulnerability affects Firefox < 116, Firefox ESR < 115.2, and Thunderbird < 115.2.

A website could have obscured the full screen notification by using a URL with a scheme handled by an external program

CVE-2023-4053 6.5 - Medium - August 01, 2023

A website could have obscured the full screen notification by using a URL with a scheme handled by an external program, such as a mailto URL. This could have led to user confusion and possible spoofing attacks. This vulnerability affects Firefox < 116, Firefox ESR < 115.2, and Thunderbird < 115.2.

insecure temporary file

Race conditions in reference counting code were found through code inspection

CVE-2023-4049 5.9 - Medium - August 01, 2023

Race conditions in reference counting code were found through code inspection. These could have resulted in potentially exploitable use-after-free vulnerabilities. This vulnerability affects Firefox < 116, Firefox ESR < 102.14, and Firefox ESR < 115.1.

Race Condition

Thunderbird allowed the Text Direction Override Unicode Character in filenames

CVE-2023-3417 7.5 - High - July 24, 2023

Thunderbird allowed the Text Direction Override Unicode Character in filenames. An email attachment could be incorrectly shown as being a document file, while in fact it was an executable file. Newer versions of Thunderbird will strip the character and show the correct file extension. This vulnerability affects Thunderbird < 115.0.1 and Thunderbird < 102.13.1.

Thunderbird allowed the Text Direction Override Unicode Character in filenames

CVE-2023-3417 7.5 - High - July 24, 2023

Thunderbird allowed the Text Direction Override Unicode Character in filenames. An email attachment could be incorrectly shown as being a document file, while in fact it was an executable file. Newer versions of Thunderbird will strip the character and show the correct file extension. This vulnerability affects Thunderbird < 115.0.1 and Thunderbird < 102.13.1.

During the worker lifecycle, a use-after-free condition could have occured, which could have led to a potentially exploitable crash

CVE-2023-3600 8.8 - High - July 12, 2023

During the worker lifecycle, a use-after-free condition could have occured, which could have led to a potentially exploitable crash. This vulnerability affects Firefox < 115.0.2, Firefox ESR < 115.0.2, and Thunderbird < 115.0.1.

Dangling pointer

During the worker lifecycle, a use-after-free condition could have occured, which could have led to a potentially exploitable crash

CVE-2023-3600 8.8 - High - July 12, 2023

During the worker lifecycle, a use-after-free condition could have occured, which could have led to a potentially exploitable crash. This vulnerability affects Firefox < 115.0.2, Firefox ESR < 115.0.2, and Thunderbird < 115.0.1.

Dangling pointer

The session restore helper crashed whenever there was no parameter sent to the message handler

CVE-2023-37456 6.5 - Medium - July 12, 2023

The session restore helper crashed whenever there was no parameter sent to the message handler. This vulnerability affects Firefox for iOS < 115.

The permission request prompt from the site in the background tab was overlaid on top of the site in the foreground tab

CVE-2023-37455 5.4 - Medium - July 12, 2023

The permission request prompt from the site in the background tab was overlaid on top of the site in the foreground tab. This vulnerability affects Firefox for iOS < 115.

Clickjacking

Memory safety bugs present in Firefox 114

CVE-2023-37212 8.8 - High - July 05, 2023

Memory safety bugs present in Firefox 114. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 115.

Memory Corruption

Memory safety bugs present in Firefox 114, Firefox ESR 102.12, and Thunderbird 102.12

CVE-2023-37211 8.8 - High - July 05, 2023

Memory safety bugs present in Firefox 114, Firefox ESR 102.12, and Thunderbird 102.12. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 115, Firefox ESR < 102.13, and Thunderbird < 102.13.

Memory Corruption

A website could prevent a user from exiting full-screen mode via alert and prompt calls

CVE-2023-37210 6.5 - Medium - July 05, 2023

A website could prevent a user from exiting full-screen mode via alert and prompt calls. This could lead to user confusion and possible spoofing attacks. This vulnerability affects Firefox < 115.

A use-after-free condition existed in `NotifyOnHistoryReload` where a `LoadingSessionHistoryEntry` object was freed and a reference to

CVE-2023-37209 8.8 - High - July 05, 2023

A use-after-free condition existed in `NotifyOnHistoryReload` where a `LoadingSessionHistoryEntry` object was freed and a reference to that object remained. This resulted in a potentially exploitable condition when the reference to that object was later reused. This vulnerability affects Firefox < 115.

Dangling pointer

Uploading files which contain symlinks may have allowed an attacker to trick a user into submitting sensitive data to a malicious website

CVE-2023-37206 6.5 - Medium - July 05, 2023

Uploading files which contain symlinks may have allowed an attacker to trick a user into submitting sensitive data to a malicious website. This vulnerability affects Firefox < 115.

insecure temporary file

The use of RTL Arabic characters in the address bar may have allowed for URL spoofing

CVE-2023-37205 6.5 - Medium - July 05, 2023

The use of RTL Arabic characters in the address bar may have allowed for URL spoofing. This vulnerability affects Firefox < 115.

A website could have obscured the fullscreen notification by using an option element by introducing lag

CVE-2023-37204 6.5 - Medium - July 05, 2023

A website could have obscured the fullscreen notification by using an option element by introducing lag via an expensive computational function. This could have led to user confusion and possible spoofing attacks. This vulnerability affects Firefox < 115.

Insufficient validation in the Drag and Drop API in conjunction with social engineering, may have

CVE-2023-37203 7.8 - High - July 05, 2023

Insufficient validation in the Drag and Drop API in conjunction with social engineering, may have allowed an attacker to trick end-users into creating a shortcut to local system files. This could have been leveraged to execute arbitrary code. This vulnerability affects Firefox < 115.

When Firefox is configured to block storage of all cookies

CVE-2023-3482 6.5 - Medium - July 05, 2023

When Firefox is configured to block storage of all cookies, it was still possible to store data in localstorage by using an iframe with a source of 'about:blank'. This could have led to malicious websites storing tracking data without permission. This vulnerability affects Firefox < 115.

AuthZ

Memory safety bugs present in Firefox 114, Firefox ESR 102.12, and Thunderbird 102.12

CVE-2023-37211 8.8 - High - July 05, 2023

Memory safety bugs present in Firefox 114, Firefox ESR 102.12, and Thunderbird 102.12. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 115, Firefox ESR < 102.13, and Thunderbird < 102.13.

Memory Corruption

Memory safety bugs present in Firefox 114, Firefox ESR 102.12, and Thunderbird 102.12

CVE-2023-37211 8.8 - High - July 05, 2023

Memory safety bugs present in Firefox 114, Firefox ESR 102.12, and Thunderbird 102.12. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 115, Firefox ESR < 102.13, and Thunderbird < 102.13.

Memory Corruption

When opening Diagcab files, Firefox did not warn the user that these files may contain malicious code

CVE-2023-37208 7.8 - High - July 05, 2023

When opening Diagcab files, Firefox did not warn the user that these files may contain malicious code. This vulnerability affects Firefox < 115, Firefox ESR < 102.13, and Thunderbird < 102.13.

A website could have obscured the fullscreen notification by using a URL with a scheme handled by an external program, such as a mailto URL

CVE-2023-37207 6.5 - Medium - July 05, 2023

A website could have obscured the fullscreen notification by using a URL with a scheme handled by an external program, such as a mailto URL. This could have led to user confusion and possible spoofing attacks. This vulnerability affects Firefox < 115, Firefox ESR < 102.13, and Thunderbird < 102.13.

Reflection Injection

Cross-compartment wrappers wrapping a scripted proxy could have caused objects

CVE-2023-37202 8.8 - High - July 05, 2023

Cross-compartment wrappers wrapping a scripted proxy could have caused objects from other compartments to be stored in the main compartment resulting in a use-after-free. This vulnerability affects Firefox < 115, Firefox ESR < 102.13, and Thunderbird < 102.13.

Dangling pointer

An attacker could have triggered a use-after-free condition when creating a WebRTC connection over HTTPS

CVE-2023-37201 8.8 - High - July 05, 2023

An attacker could have triggered a use-after-free condition when creating a WebRTC connection over HTTPS. This vulnerability affects Firefox < 115, Firefox ESR < 102.13, and Thunderbird < 102.13.

Dangling pointer

Built by Foundeo Inc., with data from the National Vulnerability Database (NVD), Icons by Icons8. Privacy Policy. Use of this site is governed by the Legal Terms
Disclaimer
CONTENT ON THIS WEBSITE IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. Always check with your vendor for the most up to date, and accurate information.