Mozilla Firefox Open source web browser
Recent Mozilla Firefox Security Advisories
Advisory | Title | Published |
---|---|---|
mfsa2023-50 | Security Vulnerabilities fixed in Firefox ESR 115.5 mfsa2023-50 | November 21, 2023 |
mfsa2023-51 | Security Vulnerabilities fixed in Firefox for iOS 120 mfsa2023-51 | November 21, 2023 |
mfsa2023-49 | Security Vulnerabilities fixed in Firefox 120 mfsa2023-49 | November 21, 2023 |
mfsa2023-48 | Security Vulnerabilities fixed in Firefox for iOS 119 mfsa2023-48 | October 24, 2023 |
mfsa2023-46 | Security Vulnerabilities fixed in Firefox ESR 115.4 mfsa2023-46 | October 24, 2023 |
mfsa2023-45 | Security Vulnerabilities fixed in Firefox 119 mfsa2023-45 | October 24, 2023 |
mfsa2023-44 | Security Vulnerability fixed in Firefox 118.0.1, Firefox ESR 115.3.1, Firefox for Android 118.1.0, and Firefox Focus for Android 118.1.0. mfsa2023-44 | September 28, 2023 |
mfsa2023-41 | Security Vulnerabilities fixed in Firefox 118 mfsa2023-41 | September 26, 2023 |
mfsa2023-42 | Security Vulnerabilities fixed in Firefox ESR 115.3 mfsa2023-42 | September 26, 2023 |
mfsa2023-40 | Security Vulnerability fixed in Firefox 117.0.1, Firefox ESR 115.2.1, Firefox ESR 102.15.1, Thunderbird 102.15.1, and Thunderbird 115.2.2 mfsa2023-40 | September 12, 2023 |
Known Exploited Mozilla Firefox Vulnerabilities
The following Mozilla Firefox vulnerabilities have been marked by CISA as Known to be Exploited by threat actors.
Title | Description | Added |
---|---|---|
Mozilla Firefox Security Feature Bypass Vulnerability | Moxilla Firefox allows remote attackers to bypass the Same Origin Policy to read arbitrary files or gain privileges. CVE-2015-4495 | May 25, 2022 |
Mozilla Firefox Use-After-Free Vulnerability | Mozilla Firefox contains a use-after-free vulnerability in WebGPU IPC Framework which can be exploited to perform arbitrary code execution. CVE-2022-26486 | March 7, 2022 |
Mozilla Firefox Use-After-Free Vulnerability | Mozilla Firefox contains a use-after-free vulnerability in XSLT parameter processing which can be exploited to perform arbitrary code execution. CVE-2022-26485 | March 7, 2022 |
Mozilla Firefox Information Disclosure Vulnerability | Mozilla Firefox does not properly initialize data structures for the nsDOMSVGZoomEvent::mPreviousScale and nsDOMSVGZoomEvent::mNewScale functions, which allows remote attackers to obtain sensitive information from process memory via a crafted web site. CVE-2013-1675 | March 3, 2022 |
By the Year
In 2023 there have been 149 vulnerabilities in Mozilla Firefox with an average score of 7.3 out of ten. Last year Firefox had 137 security vulnerabilities published. That is, 12 more vulnerabilities have already been reported in 2023 as compared to last year. Last year, the average CVE base score was greater by 0.26
Year | Vulnerabilities | Average Score |
---|---|---|
2023 | 149 | 7.26 |
2022 | 137 | 7.52 |
2021 | 122 | 7.10 |
2020 | 132 | 7.36 |
2019 | 107 | 7.64 |
2018 | 103 | 7.79 |
It may take a day or so for new Firefox vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Mozilla Firefox Security Vulnerabilities
An attacker could have accessed internal pages or data by ex-filtrating a security key from ReaderMode via the `referrerpolicy` attribute
CVE-2023-49060
9.8 - Critical
- November 21, 2023
An attacker could have accessed internal pages or data by ex-filtrating a security key from ReaderMode via the `referrerpolicy` attribute. This vulnerability affects Firefox for iOS < 120.
An attacker could have performed HTML template injection via Reader Mode and exfiltrated user information
CVE-2023-49061
6.1 - Medium
- November 21, 2023
An attacker could have performed HTML template injection via Reader Mode and exfiltrated user information. This vulnerability affects Firefox for iOS < 120.
Open Redirect
On some systemsdepending on the graphics settings and driversit was possible to force an out-of-bounds read and leak memory data into the images created on the
CVE-2023-6204
6.5 - Medium
- November 21, 2023
On some systemsdepending on the graphics settings and driversit was possible to force an out-of-bounds read and leak memory data into the images created on the canvas element. This vulnerability affects Firefox < 120, Firefox ESR < 115.5.0, and Thunderbird < 115.5.
Out-of-bounds Read
It was possible to cause the use of a MessagePort after it had already been freed, which could potentially have led to an exploitable crash
CVE-2023-6205
6.5 - Medium
- November 21, 2023
It was possible to cause the use of a MessagePort after it had already been freed, which could potentially have led to an exploitable crash. This vulnerability affects Firefox < 120, Firefox ESR < 115.5.0, and Thunderbird < 115.5.
Dangling pointer
The black fade animation when exiting fullscreen is roughly the length of the anti-clickjacking delay on permission prompts
CVE-2023-6206
5.4 - Medium
- November 21, 2023
The black fade animation when exiting fullscreen is roughly the length of the anti-clickjacking delay on permission prompts. It was possible to use this fact to surprise users by luring them to click where the permission grant button would be about to appear. This vulnerability affects Firefox < 120, Firefox ESR < 115.5.0, and Thunderbird < 115.5.
Clickjacking
Ownership mismanagement led to a use-after-free in ReadableByteStreams This vulnerability affects Firefox < 120
CVE-2023-6207
8.8 - High
- November 21, 2023
Ownership mismanagement led to a use-after-free in ReadableByteStreams This vulnerability affects Firefox < 120, Firefox ESR < 115.5.0, and Thunderbird < 115.5.
Dangling pointer
When using X11
CVE-2023-6208
8.8 - High
- November 21, 2023
When using X11, text selected by the page using the Selection API was erroneously copied into the primary selection, a temporary storage not unlike the clipboard. *This bug only affects Firefox on X11. Other systems are unaffected.* This vulnerability affects Firefox < 120, Firefox ESR < 115.5.0, and Thunderbird < 115.5.
Relative URLs starting with three slashes were incorrectly parsed, and a path-traversal "/
CVE-2023-6209
6.5 - Medium
- November 21, 2023
Relative URLs starting with three slashes were incorrectly parsed, and a path-traversal "/../" part in the path could be used to override the specified host. This could contribute to security problems in web sites. This vulnerability affects Firefox < 120, Firefox ESR < 115.5.0, and Thunderbird < 115.5.
Directory traversal
When an https: web page created a pop-up from a "javascript:" URL
CVE-2023-6210
6.5 - Medium
- November 21, 2023
When an https: web page created a pop-up from a "javascript:" URL, that pop-up was incorrectly allowed to load blockable content such as iframes from insecure http: URLs This vulnerability affects Firefox < 120.
If an attacker needed a user to load an insecure http: page and knew
CVE-2023-6211
6.5 - Medium
- November 21, 2023
If an attacker needed a user to load an insecure http: page and knew that user had enabled HTTPS-only mode, the attacker could have tricked the user into clicking to grant an HTTPS-only exception if they could get the user to participate in a clicking game. This vulnerability affects Firefox < 120.
Clickjacking
Memory safety bugs present in Firefox 119, Firefox ESR 115.4, and Thunderbird 115.4
CVE-2023-6212
8.8 - High
- November 21, 2023
Memory safety bugs present in Firefox 119, Firefox ESR 115.4, and Thunderbird 115.4. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 120, Firefox ESR < 115.5.0, and Thunderbird < 115.5.
Memory Corruption
Memory safety bugs present in Firefox 119
CVE-2023-6213
8.8 - High
- November 21, 2023
Memory safety bugs present in Firefox 119. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 120.
Memory Corruption
Drivers are not always robust to extremely large draw calls and in some cases this scenario could have led to a crash
CVE-2023-5724
7.5 - High
- October 25, 2023
Drivers are not always robust to extremely large draw calls and in some cases this scenario could have led to a crash. This vulnerability affects Firefox < 119, Firefox ESR < 115.4, and Thunderbird < 115.4.1.
A malicious installed WebExtension could open arbitrary URLs
CVE-2023-5725
4.3 - Medium
- October 25, 2023
A malicious installed WebExtension could open arbitrary URLs, which under the right circumstance could be leveraged to collect sensitive user data. This vulnerability affects Firefox < 119, Firefox ESR < 115.4, and Thunderbird < 115.4.1.
During garbage collection extra operations were performed on a object that should not be
CVE-2023-5728
7.5 - High
- October 25, 2023
During garbage collection extra operations were performed on a object that should not be. This could have led to a potentially exploitable crash. This vulnerability affects Firefox < 119, Firefox ESR < 115.4, and Thunderbird < 115.4.1.
When opening a page in reader mode
CVE-2023-5758
6.1 - Medium
- October 25, 2023
When opening a page in reader mode, the redirect URL could have caused attacker-controlled script to execute in a reflected Cross-Site Scripting (XSS) attack. This vulnerability affects Firefox for iOS < 119.
XSS
It was possible for certain browser prompts and dialogs to be activated or dismissed unintentionally by the user due to an insufficient activation-delay
CVE-2023-5721
4.3 - Medium
- October 25, 2023
It was possible for certain browser prompts and dialogs to be activated or dismissed unintentionally by the user due to an insufficient activation-delay. This vulnerability affects Firefox < 119, Firefox ESR < 115.4, and Thunderbird < 115.4.1.
Clickjacking
Using iterative requests an attacker was able to learn the size of an opaque response
CVE-2023-5722
5.3 - Medium
- October 25, 2023
Using iterative requests an attacker was able to learn the size of an opaque response, as well as the contents of a server-supplied Vary header. This vulnerability affects Firefox < 119.
Side Channel Attack
An attacker with temporary script access to a site could have set a cookie containing invalid characters using `document.cookie`
CVE-2023-5723
5.3 - Medium
- October 25, 2023
An attacker with temporary script access to a site could have set a cookie containing invalid characters using `document.cookie` that could have led to unknown errors. This vulnerability affects Firefox < 119.
A malicious web site can enter fullscreen mode while simultaneously triggering a WebAuthn prompt
CVE-2023-5729
4.3 - Medium
- October 25, 2023
A malicious web site can enter fullscreen mode while simultaneously triggering a WebAuthn prompt. This could have obscured the fullscreen notification and could have been leveraged in a spoofing attack. This vulnerability affects Firefox < 119.
Memory safety bugs present in Firefox 118, Firefox ESR 115.3, and Thunderbird 115.3
CVE-2023-5730
9.8 - Critical
- October 25, 2023
Memory safety bugs present in Firefox 118, Firefox ESR 115.3, and Thunderbird 115.3. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 119, Firefox ESR < 115.4, and Thunderbird < 115.4.1.
Memory Corruption
Memory safety bugs present in Firefox 118
CVE-2023-5731
9.8 - Critical
- October 25, 2023
Memory safety bugs present in Firefox 118. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 119.
Memory Corruption
An attacker could have created a malicious link using bidirectional characters to spoof the location in the address bar when visited
CVE-2023-5732
6.5 - Medium
- October 25, 2023
An attacker could have created a malicious link using bidirectional characters to spoof the location in the address bar when visited. This vulnerability affects Firefox < 117, Firefox ESR < 115.4, and Thunderbird < 115.4.1.
Heap buffer overflow in vp8 encoding in libvpx in Google Chrome prior to 117.0.5938.132 and libvpx 1.13.1
CVE-2023-5217
8.8 - High
- September 28, 2023
Heap buffer overflow in vp8 encoding in libvpx in Google Chrome prior to 117.0.5938.132 and libvpx 1.13.1 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Memory Corruption
A compromised content process could have provided malicious data in a `PathRecording` resulting in an out-of-bounds write
CVE-2023-5169
6.5 - Medium
- September 27, 2023
A compromised content process could have provided malicious data in a `PathRecording` resulting in an out-of-bounds write, leading to a potentially exploitable crash in a privileged process. This vulnerability affects Firefox < 118, Firefox ESR < 115.3, and Thunderbird < 115.3.
Memory Corruption
In canvas rendering
CVE-2023-5170
7.4 - High
- September 27, 2023
In canvas rendering, a compromised content process could have caused a surface to change unexpectedly, leading to a memory leak of a privileged process. This memory leak could be used to effect a sandbox escape if the correct data was leaked. This vulnerability affects Firefox < 118.
Memory Leak
During Ion compilation, a Garbage Collection could have resulted in a use-after-free condition, allowing an attacker to write two NUL bytes
CVE-2023-5171
6.5 - Medium
- September 27, 2023
During Ion compilation, a Garbage Collection could have resulted in a use-after-free condition, allowing an attacker to write two NUL bytes, and cause a potentially exploitable crash. This vulnerability affects Firefox < 118, Firefox ESR < 115.3, and Thunderbird < 115.3.
Dangling pointer
A hashtable in the Ion Engine could have been mutated while there was a live interior reference
CVE-2023-5172
9.8 - Critical
- September 27, 2023
A hashtable in the Ion Engine could have been mutated while there was a live interior reference, leading to a potential use-after-free and exploitable crash. This vulnerability affects Firefox < 118.
Dangling pointer
Memory safety bugs present in Firefox 117, Firefox ESR 115.2, and Thunderbird 115.2
CVE-2023-5176
9.8 - Critical
- September 27, 2023
Memory safety bugs present in Firefox 117, Firefox ESR 115.2, and Thunderbird 115.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 118, Firefox ESR < 115.3, and Thunderbird < 115.3.
Memory Corruption
In a non-standard configuration of Firefox
CVE-2023-5173
7.5 - High
- September 27, 2023
In a non-standard configuration of Firefox, an integer overflow could have occurred based on network traffic (possibly under influence of a local unprivileged webpage), leading to an out-of-bounds write to privileged process memory. *This bug only affects Firefox if a non-standard preference allowing non-HTTPS Alternate Services (`network.http.altsvc.oe`) is enabled.* This vulnerability affects Firefox < 118.
Integer Overflow or Wraparound
During process shutdown, it was possible
CVE-2023-5175
9.8 - Critical
- September 27, 2023
During process shutdown, it was possible that an `ImageBitmap` was created that would later be used after being freed from a different codepath, leading to a potentially exploitable crash. This vulnerability affects Firefox < 118.
Dangling pointer
Heap buffer overflow in libwebp in Google Chrome prior to 116.0.5845.187 and libwebp 1.3.2
CVE-2023-4863
8.8 - High
- September 12, 2023
Heap buffer overflow in libwebp in Google Chrome prior to 116.0.5845.187 and libwebp 1.3.2 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: Critical)
Memory Corruption
When calling `JS::CheckRegExpSyntax` a Syntax Error could have been set which would end in calling `convertToRuntimeErrorAndClear`
CVE-2023-4578
6.5 - Medium
- September 11, 2023
When calling `JS::CheckRegExpSyntax` a Syntax Error could have been set which would end in calling `convertToRuntimeErrorAndClear`. A path in the function could attempt to allocate memory when none is available which would have caused a newly created Out of Memory exception to be mishandled as a Syntax Error. This vulnerability affects Firefox < 117, Firefox ESR < 115.2, and Thunderbird < 115.2.
Allocation of Resources Without Limits or Throttling
Search queries in the default search engine could appear to have been the currently navigated URL if the search query itself was a well formed URL
CVE-2023-4579
3.1 - Low
- September 11, 2023
Search queries in the default search engine could appear to have been the currently navigated URL if the search query itself was a well formed URL. This could have led to a site spoofing another if it had been maliciously set as the default search engine. This vulnerability affects Firefox < 117.
Push notifications stored on disk in private browsing mode were not being encrypted potentially allowing the leak of sensitive information
CVE-2023-4580
6.5 - Medium
- September 11, 2023
Push notifications stored on disk in private browsing mode were not being encrypted potentially allowing the leak of sensitive information. This vulnerability affects Firefox < 117, Firefox ESR < 115.2, and Thunderbird < 115.2.
Missing Encryption of Sensitive Data
Excel `.xll` add-in files did not have a blocklist entry in Firefox's executable blocklist which
CVE-2023-4581
4.3 - Medium
- September 11, 2023
Excel `.xll` add-in files did not have a blocklist entry in Firefox's executable blocklist which allowed them to be downloaded without any warning of their potential harm. This vulnerability affects Firefox < 117, Firefox ESR < 102.15, Firefox ESR < 115.2, Thunderbird < 102.15, and Thunderbird < 115.2.
When checking if the Browsing Context had been discarded in `HttpBaseChannel`, if the load group was not available then it was assumed to have already been discarded
CVE-2023-4583
7.5 - High
- September 11, 2023
When checking if the Browsing Context had been discarded in `HttpBaseChannel`, if the load group was not available then it was assumed to have already been discarded which was not always the case for private channels after the private session had ended. This vulnerability affects Firefox < 117, Firefox ESR < 115.2, and Thunderbird < 115.2.
Memory safety bugs present in Firefox 116, Firefox ESR 102.14, Firefox ESR 115.1, Thunderbird 102.14, and Thunderbird 115.1
CVE-2023-4584
8.8 - High
- September 11, 2023
Memory safety bugs present in Firefox 116, Firefox ESR 102.14, Firefox ESR 115.1, Thunderbird 102.14, and Thunderbird 115.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 117, Firefox ESR < 102.15, Firefox ESR < 115.2, Thunderbird < 102.15, and Thunderbird < 115.2.
Memory Corruption
Memory safety bugs present in Firefox 116, Firefox ESR 115.1, and Thunderbird 115.1
CVE-2023-4585
8.8 - High
- September 11, 2023
Memory safety bugs present in Firefox 116, Firefox ESR 115.1, and Thunderbird 115.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 117, Firefox ESR < 115.2, and Thunderbird < 115.2.
Memory Corruption
When creating a callback over IPC for showing the Color Picker window
CVE-2023-4574
6.5 - Medium
- September 11, 2023
When creating a callback over IPC for showing the Color Picker window, multiple of the same callbacks could have been created at a time and eventually all simultaneously destroyed as soon as one of the callbacks finished. This could have led to a use-after-free causing a potentially exploitable crash. This vulnerability affects Firefox < 117, Firefox ESR < 102.15, Firefox ESR < 115.2, Thunderbird < 102.15, and Thunderbird < 115.2.
Dangling pointer
When creating a callback over IPC for showing the File Picker window
CVE-2023-4575
6.5 - Medium
- September 11, 2023
When creating a callback over IPC for showing the File Picker window, multiple of the same callbacks could have been created at a time and eventually all simultaneously destroyed as soon as one of the callbacks finished. This could have led to a use-after-free causing a potentially exploitable crash. This vulnerability affects Firefox < 117, Firefox ESR < 102.15, Firefox ESR < 115.2, Thunderbird < 102.15, and Thunderbird < 115.2.
Dangling pointer
When `UpdateRegExpStatics` attempted to access `initialStringHeap` it could already have been garbage collected prior to entering the function
CVE-2023-4577
6.5 - Medium
- September 11, 2023
When `UpdateRegExpStatics` attempted to access `initialStringHeap` it could already have been garbage collected prior to entering the function, which could potentially have led to an exploitable crash. This vulnerability affects Firefox < 117, Firefox ESR < 115.2, and Thunderbird < 115.2.
When receiving rendering data over IPC `mStream` could have been destroyed when initialized
CVE-2023-4573
6.5 - Medium
- September 11, 2023
When receiving rendering data over IPC `mStream` could have been destroyed when initialized, which could have led to a use-after-free causing a potentially exploitable crash. This vulnerability affects Firefox < 117, Firefox ESR < 102.15, Firefox ESR < 115.2, Thunderbird < 102.15, and Thunderbird < 115.2.
Dangling pointer
A potential use-after-free vulnerability existed in SVG Images if the Refresh Driver was destroyed at an inopportune time
CVE-2022-46884
8.8 - High
- August 24, 2023
A potential use-after-free vulnerability existed in SVG Images if the Refresh Driver was destroyed at an inopportune time. This could have lead to memory corruption or a potentially exploitable crash. *Note*: This advisory was added on December 13th, 2022 after discovering it was inadvertently left out of the original advisory. The fix was included in the original release of Firefox 106. This vulnerability affects Firefox < 106.
Dangling pointer
When the number of cookies per domain was exceeded in `document.cookie`
CVE-2023-4055
7.5 - High
- August 01, 2023
When the number of cookies per domain was exceeded in `document.cookie`, the actual cookie jar sent to the host was no longer consistent with expected cookie jar state. This could have caused requests to be sent with some cookies missing. This vulnerability affects Firefox < 116, Firefox ESR < 102.14, and Firefox ESR < 115.1.
Memory safety bugs present in Firefox 115, Firefox ESR 115.0, Firefox ESR 102.13, Thunderbird 115.0, and Thunderbird 102.13
CVE-2023-4056
9.8 - Critical
- August 01, 2023
Memory safety bugs present in Firefox 115, Firefox ESR 115.0, Firefox ESR 102.13, Thunderbird 115.0, and Thunderbird 102.13. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 116, Firefox ESR < 102.14, and Firefox ESR < 115.1.
Memory Corruption
Memory safety bugs present in Firefox 115, Firefox ESR 115.0, and Thunderbird 115.0
CVE-2023-4057
9.8 - Critical
- August 01, 2023
Memory safety bugs present in Firefox 115, Firefox ESR 115.0, and Thunderbird 115.0. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 116, Firefox ESR < 115.1, and Thunderbird < 115.1.
Memory Corruption
Memory safety bugs present in Firefox 115
CVE-2023-4058
9.8 - Critical
- August 01, 2023
Memory safety bugs present in Firefox 115. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 116.
Memory Corruption
Offscreen Canvas did not properly track cross-origin tainting, which could have been used to access image data
CVE-2023-4045
5.3 - Medium
- August 01, 2023
Offscreen Canvas did not properly track cross-origin tainting, which could have been used to access image data from another site in violation of same-origin policy. This vulnerability affects Firefox < 116, Firefox ESR < 102.14, and Firefox ESR < 115.1.
Origin Validation Error
In some circumstances, a stale value could have been used for a global variable in WASM JIT analysis
CVE-2023-4046
5.3 - Medium
- August 01, 2023
In some circumstances, a stale value could have been used for a global variable in WASM JIT analysis. This resulted in incorrect compilation and a potentially exploitable crash in the content process. This vulnerability affects Firefox < 116, Firefox ESR < 102.14, and Firefox ESR < 115.1.
A bug in popup notifications delay calculation could have made it possible for an attacker to trick a user into granting permissions
CVE-2023-4047
8.8 - High
- August 01, 2023
A bug in popup notifications delay calculation could have made it possible for an attacker to trick a user into granting permissions. This vulnerability affects Firefox < 116, Firefox ESR < 102.14, and Firefox ESR < 115.1.
Race conditions in reference counting code were found through code inspection
CVE-2023-4049
5.9 - Medium
- August 01, 2023
Race conditions in reference counting code were found through code inspection. These could have resulted in potentially exploitable use-after-free vulnerabilities. This vulnerability affects Firefox < 116, Firefox ESR < 102.14, and Firefox ESR < 115.1.
Race Condition
In some cases, an untrusted input stream was copied to a stack buffer without checking its size
CVE-2023-4050
7.5 - High
- August 01, 2023
In some cases, an untrusted input stream was copied to a stack buffer without checking its size. This resulted in a potentially exploitable crash which could have led to a sandbox escape. This vulnerability affects Firefox < 116, Firefox ESR < 102.14, and Firefox ESR < 115.1.
Memory Corruption
An out-of-bounds read could have led to an exploitable crash when parsing HTML with DOMParser in low memory situations
CVE-2023-4048
7.5 - High
- August 01, 2023
An out-of-bounds read could have led to an exploitable crash when parsing HTML with DOMParser in low memory situations. This vulnerability affects Firefox < 116, Firefox ESR < 102.14, and Firefox ESR < 115.1.
Out-of-bounds Read
A website could have obscured the full screen notification by using the file open dialog
CVE-2023-4051
7.5 - High
- August 01, 2023
A website could have obscured the full screen notification by using the file open dialog. This could have led to user confusion and possible spoofing attacks. This vulnerability affects Firefox < 116, Firefox ESR < 115.2, and Thunderbird < 115.2.
The Firefox updater created a directory writable by non-privileged users
CVE-2023-4052
6.5 - Medium
- August 01, 2023
The Firefox updater created a directory writable by non-privileged users. When uninstalling Firefox, any files in that directory would be recursively deleted with the permissions of the uninstalling user account. This could be combined with creation of a junction (a form of symbolic link) to allow arbitrary file deletion controlled by the non-privileged user. *This bug only affects Firefox on Windows. Other operating systems are unaffected.* This vulnerability affects Firefox < 116, Firefox ESR < 115.1, and Thunderbird < 115.1.
insecure temporary file
A website could have obscured the full screen notification by using a URL with a scheme handled by an external program
CVE-2023-4053
6.5 - Medium
- August 01, 2023
A website could have obscured the full screen notification by using a URL with a scheme handled by an external program, such as a mailto URL. This could have led to user confusion and possible spoofing attacks. This vulnerability affects Firefox < 116, Firefox ESR < 115.2, and Thunderbird < 115.2.
insecure temporary file
The session restore helper crashed whenever there was no parameter sent to the message handler
CVE-2023-37456
6.5 - Medium
- July 12, 2023
The session restore helper crashed whenever there was no parameter sent to the message handler. This vulnerability affects Firefox for iOS < 115.
The permission request prompt from the site in the background tab was overlaid on top of the site in the foreground tab
CVE-2023-37455
5.4 - Medium
- July 12, 2023
The permission request prompt from the site in the background tab was overlaid on top of the site in the foreground tab. This vulnerability affects Firefox for iOS < 115.
Clickjacking
During the worker lifecycle, a use-after-free condition could have occured, which could have led to a potentially exploitable crash
CVE-2023-3600
8.8 - High
- July 12, 2023
During the worker lifecycle, a use-after-free condition could have occured, which could have led to a potentially exploitable crash. This vulnerability affects Firefox < 115.0.2, Firefox ESR < 115.0.2, and Thunderbird < 115.0.1.
Dangling pointer
A use-after-free condition existed in `NotifyOnHistoryReload` where a `LoadingSessionHistoryEntry` object was freed and a reference to
CVE-2023-37209
8.8 - High
- July 05, 2023
A use-after-free condition existed in `NotifyOnHistoryReload` where a `LoadingSessionHistoryEntry` object was freed and a reference to that object remained. This resulted in a potentially exploitable condition when the reference to that object was later reused. This vulnerability affects Firefox < 115.
Dangling pointer
The use of RTL Arabic characters in the address bar may have allowed for URL spoofing
CVE-2023-37205
6.5 - Medium
- July 05, 2023
The use of RTL Arabic characters in the address bar may have allowed for URL spoofing. This vulnerability affects Firefox < 115.
A website could have obscured the fullscreen notification by using an option element by introducing lag
CVE-2023-37204
6.5 - Medium
- July 05, 2023
A website could have obscured the fullscreen notification by using an option element by introducing lag via an expensive computational function. This could have led to user confusion and possible spoofing attacks. This vulnerability affects Firefox < 115.
Insufficient validation in the Drag and Drop API in conjunction with social engineering, may have
CVE-2023-37203
7.8 - High
- July 05, 2023
Insufficient validation in the Drag and Drop API in conjunction with social engineering, may have allowed an attacker to trick end-users into creating a shortcut to local system files. This could have been leveraged to execute arbitrary code. This vulnerability affects Firefox < 115.
When Firefox is configured to block storage of all cookies
CVE-2023-3482
6.5 - Medium
- July 05, 2023
When Firefox is configured to block storage of all cookies, it was still possible to store data in localstorage by using an iframe with a source of 'about:blank'. This could have led to malicious websites storing tracking data without permission. This vulnerability affects Firefox < 115.
AuthZ
Memory safety bugs present in Firefox 114, Firefox ESR 102.12, and Thunderbird 102.12
CVE-2023-37211
8.8 - High
- July 05, 2023
Memory safety bugs present in Firefox 114, Firefox ESR 102.12, and Thunderbird 102.12. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 115, Firefox ESR < 102.13, and Thunderbird < 102.13.
Memory Corruption
A website could prevent a user from exiting full-screen mode via alert and prompt calls
CVE-2023-37210
6.5 - Medium
- July 05, 2023
A website could prevent a user from exiting full-screen mode via alert and prompt calls. This could lead to user confusion and possible spoofing attacks. This vulnerability affects Firefox < 115.
Memory safety bugs present in Firefox 114
CVE-2023-37212
8.8 - High
- July 05, 2023
Memory safety bugs present in Firefox 114. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 115.
Memory Corruption
Uploading files which contain symlinks may have allowed an attacker to trick a user into submitting sensitive data to a malicious website
CVE-2023-37206
6.5 - Medium
- July 05, 2023
Uploading files which contain symlinks may have allowed an attacker to trick a user into submitting sensitive data to a malicious website. This vulnerability affects Firefox < 115.
insecure temporary file
A website could have obscured the fullscreen notification by using a URL with a scheme handled by an external program, such as a mailto URL
CVE-2023-37207
6.5 - Medium
- July 05, 2023
A website could have obscured the fullscreen notification by using a URL with a scheme handled by an external program, such as a mailto URL. This could have led to user confusion and possible spoofing attacks. This vulnerability affects Firefox < 115, Firefox ESR < 102.13, and Thunderbird < 102.13.
Reflection Injection
When opening Diagcab files, Firefox did not warn the user that these files may contain malicious code
CVE-2023-37208
7.8 - High
- July 05, 2023
When opening Diagcab files, Firefox did not warn the user that these files may contain malicious code. This vulnerability affects Firefox < 115, Firefox ESR < 102.13, and Thunderbird < 102.13.
An attacker could have triggered a use-after-free condition when creating a WebRTC connection over HTTPS
CVE-2023-37201
8.8 - High
- July 05, 2023
An attacker could have triggered a use-after-free condition when creating a WebRTC connection over HTTPS. This vulnerability affects Firefox < 115, Firefox ESR < 102.13, and Thunderbird < 102.13.
Dangling pointer
Cross-compartment wrappers wrapping a scripted proxy could have caused objects
CVE-2023-37202
8.8 - High
- July 05, 2023
Cross-compartment wrappers wrapping a scripted proxy could have caused objects from other compartments to be stored in the main compartment resulting in a use-after-free. This vulnerability affects Firefox < 115, Firefox ESR < 102.13, and Thunderbird < 102.13.
Dangling pointer
A potential use-after-free in libaudio was fixed by disabling the AAudio backend when running on Android API below version 30
CVE-2023-25747
7.5 - High
- June 19, 2023
A potential use-after-free in libaudio was fixed by disabling the AAudio backend when running on Android API below version 30. *This bug only affects Firefox for Android. Other versions of Firefox are unaffected.* This vulnerability affects Firefox for Android < 110.1.0.
Dangling pointer
When recording the screen while in Private Browsing on Firefox for Android the address bar and keyboard were not hidden
CVE-2023-29546
6.5 - Medium
- June 19, 2023
When recording the screen while in Private Browsing on Firefox for Android the address bar and keyboard were not hidden, potentially leaking sensitive information. *This bug only affects Firefox for Android. Other operating systems are unaffected.* This vulnerability affects Firefox for Android < 112 and Focus for Android < 112.
Similar to CVE-2023-28163, this time when choosing 'Save Link As', suggested filenames containing environment variable names
CVE-2023-29545
6.5 - Medium
- June 19, 2023
Similar to CVE-2023-28163, this time when choosing 'Save Link As', suggested filenames containing environment variable names would have resolved those in the context of the current user. *This bug only affects Firefox and Thunderbird on Windows. Other versions of Firefox and Thunderbird are unaffected.* This vulnerability affects Firefox < 112, Firefox ESR < 102.10, and Thunderbird < 102.10.
Different techniques existed to obscure the fullscreen notification in Firefox and Focus for Android
CVE-2023-29534
9.1 - Critical
- June 19, 2023
Different techniques existed to obscure the fullscreen notification in Firefox and Focus for Android. These could have led to potential user confusion and spoofing attacks. *This bug only affects Firefox and Focus for Android. Other versions of Firefox are unaffected.* This vulnerability affects Firefox for Android < 112 and Focus for Android < 112.
An invalid downcast from `nsHTMLDocument` to `nsIContent` could have lead to undefined behavior
CVE-2023-25736
9.8 - Critical
- June 19, 2023
An invalid downcast from `nsHTMLDocument` to `nsIContent` could have lead to undefined behavior. This vulnerability affects Firefox < 110.
The return value from `gfx::SourceSurfaceSkia::Map()` wasn't being verified which could have potentially lead to a null pointer dereference
CVE-2023-25733
7.5 - High
- June 19, 2023
The return value from `gfx::SourceSurfaceSkia::Map()` wasn't being verified which could have potentially lead to a null pointer dereference. This vulnerability affects Firefox < 110.
Unchecked Return Value
A compromised child process could have injected XBL Bindings into privileged CSS rules
CVE-2019-25136
10 - Critical
- June 19, 2023
A compromised child process could have injected XBL Bindings into privileged CSS rules, resulting in arbitrary code execution and a sandbox escape. This vulnerability affects Firefox < 70.
Memory safety bugs present in Firefox 113
CVE-2023-34417
9.8 - Critical
- June 19, 2023
Memory safety bugs present in Firefox 113. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 114.
Memory Corruption
Memory safety bugs present in Firefox 113, Firefox ESR 102.11, and Thunderbird 102.12
CVE-2023-34416
9.8 - Critical
- June 19, 2023
Memory safety bugs present in Firefox 113, Firefox ESR 102.11, and Thunderbird 102.12. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR < 102.12, Firefox < 114, and Thunderbird < 102.12.
Memory Corruption
When choosing a site-isolated process for a document loaded from a data: URL
CVE-2023-34415
6.1 - Medium
- June 19, 2023
When choosing a site-isolated process for a document loaded from a data: URL that was the result of a redirect, Firefox would load that document in the same process as the site that issued the redirect. This bypassed the site-isolation protections against Spectre-like attacks on sites that host an "open redirect". Firefox no longer follows HTTP redirects to data: URLs. This vulnerability affects Firefox < 114.
Open Redirect
The error page for sites with invalid TLS certificates was missing the
activation-delay Firefox uses to protect prompts and permission dialogs
from attacks
CVE-2023-34414
3.1 - Low
- June 19, 2023
The error page for sites with invalid TLS certificates was missing the activation-delay Firefox uses to protect prompts and permission dialogs from attacks that exploit human response time delays. If a malicious page elicited user clicks in precise locations immediately before navigating to a site with a certificate error and made the renderer extremely busy at the same time, it could create a gap between when the error page was loaded and when the display actually refreshed. With the right timing the elicited clicks could land in that gap and activate the button that overrides the certificate error for that site. This vulnerability affects Firefox ESR < 102.12, Firefox < 114, and Thunderbird < 102.12.
Improper Certificate Validation
Memory safety bugs present in Firefox 112
CVE-2023-32216
9.8 - Critical
- June 19, 2023
Memory safety bugs present in Firefox 112. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 113.
Memory Corruption
A maliciously crafted favicon could have led to an out of memory crash
CVE-2023-32209
7.5 - High
- June 19, 2023
A maliciously crafted favicon could have led to an out of memory crash. This vulnerability affects Firefox < 113.
Memory Corruption
Service workers could reveal script base URL due to dynamic `import()`
CVE-2023-32208
5.3 - Medium
- June 19, 2023
Service workers could reveal script base URL due to dynamic `import()`. This vulnerability affects Firefox < 113.
Documents were incorrectly assuming an ordering of principal objects when ensuring we were loading an appropriately privileged principal
CVE-2023-32210
6.5 - Medium
- June 19, 2023
Documents were incorrectly assuming an ordering of principal objects when ensuring we were loading an appropriately privileged principal. In certain circumstances it might have been possible to cause a document to be loaded with a higher privileged principal than intended. This vulnerability affects Firefox < 113.
When a secure cookie existed in the Firefox cookie jar an insecure cookie for the same domain could have been created
CVE-2023-29547
6.5 - Medium
- June 02, 2023
When a secure cookie existed in the Firefox cookie jar an insecure cookie for the same domain could have been created, when it should have silently failed. This could have led to a desynchronization in expected results when reading from the secure cookie. This vulnerability affects Firefox for Android < 112, Firefox < 112, and Focus for Android < 112.
A wrong lowering instruction in the ARM64 Ion compiler resulted in a wrong optimization result
CVE-2023-29548
6.5 - Medium
- June 02, 2023
A wrong lowering instruction in the ARM64 Ion compiler resulted in a wrong optimization result. This vulnerability affects Firefox < 112, Focus for Android < 112, Firefox ESR < 102.10, Firefox for Android < 112, and Thunderbird < 102.10.
Under certain circumstances, a call to the <code>bind</code> function may have resulted in the incorrect realm
CVE-2023-29549
6.5 - Medium
- June 02, 2023
Under certain circumstances, a call to the <code>bind</code> function may have resulted in the incorrect realm. This may have created a vulnerability relating to JavaScript-implemented sandboxes such as SES. This vulnerability affects Firefox for Android < 112, Firefox < 112, and Focus for Android < 112.
Inadequate Encryption Strength
Mozilla developers Randell Jesup
CVE-2023-29550
8.8 - High
- June 02, 2023
Mozilla developers Randell Jesup, Andrew Osmond, Sebastian Hengst, Andrew McCreight, and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 111 and Firefox ESR 102.9. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 112, Focus for Android < 112, Firefox ESR < 102.10, Firefox for Android < 112, and Thunderbird < 102.10.
Mozilla developers Randell Jesup
CVE-2023-29551
8.8 - High
- June 02, 2023
Mozilla developers Randell Jesup, Andrew McCreight, Gabriele Svelto, and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 111. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox for Android < 112, Firefox < 112, and Focus for Android < 112.
Memory Corruption
In multiple cases browser prompts could have been obscured by popups controlled by content
CVE-2023-32205
4.3 - Medium
- June 02, 2023
In multiple cases browser prompts could have been obscured by popups controlled by content. These could have led to potential user confusion and spoofing attacks. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11.
An out-of-bound read could have led to a crash in the RLBox Expat driver
CVE-2023-32206
6.5 - Medium
- June 02, 2023
An out-of-bound read could have led to a crash in the RLBox Expat driver. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11.
Out-of-bounds Read
A missing delay in popup notifications could have made it possible for an attacker to trick a user into granting permissions
CVE-2023-32207
8.8 - High
- June 02, 2023
A missing delay in popup notifications could have made it possible for an attacker to trick a user into granting permissions. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11.
Authentication Bypass by Spoofing
A type checking bug would have led to invalid code being compiled
CVE-2023-32211
6.5 - Medium
- June 02, 2023
A type checking bug would have led to invalid code being compiled. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11.
A compromised web child process could disable web security opening restrictions
CVE-2023-23597
6.5 - Medium
- June 02, 2023
A compromised web child process could disable web security opening restrictions, leading to a new child process being spawned within the <code>file://</code> context. Given a reliable exploit primitive, this new process could be exploited again leading to arbitrary file read. This vulnerability affects Firefox < 109.
Inadequate Encryption Strength
Per origin notification permissions were being stored in a way
CVE-2023-23600
6.5 - Medium
- June 02, 2023
Per origin notification permissions were being stored in a way that didn't take into account what browsing context the permission was granted in. This lead to the possibility of notifications to be displayed during different browsing sessions.<br>*This bug only affects Firefox for Android. Other operating systems are unaffected.*. This vulnerability affects Firefox < 109.
Navigations were being
CVE-2023-23601
6.5 - Medium
- June 02, 2023
Navigations were being allowed when dragging a URL from a cross-origin iframe into the same tab which could lead to website spoofing attacks. This vulnerability affects Firefox < 109, Thunderbird < 102.7, and Firefox ESR < 102.7.
Origin Validation Error
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Mozilla Thunderbird or by Mozilla? Click the Watch button to subscribe.
