Mozilla Firefox Open source web browser

When a user scans a QR Code with the QR Code Scanner feature

CVE-2024-0953 6.1 - Medium - February 05, 2024

When a user scans a QR Code with the QR Code Scanner feature, the user is not prompted before being navigated to the page specified in the code. This may surprise the user and potentially direct them to unwanted content.

Open Redirect

The WebAudio `OscillatorNode` object was susceptible to a stack buffer overflow

CVE-2024-0745 8.8 - High - January 23, 2024

The WebAudio `OscillatorNode` object was susceptible to a stack buffer overflow. This could have led to a potentially exploitable crash. This vulnerability affects Firefox < 122.

Memory Corruption

A Linux user opening the print preview dialog could have caused the browser to crash

CVE-2024-0746 6.5 - Medium - January 23, 2024

A Linux user opening the print preview dialog could have caused the browser to crash. This vulnerability affects Firefox < 122, Firefox ESR < 115.7, and Thunderbird < 115.7.

When a parent page loaded a child in an iframe with `unsafe-inline`

CVE-2024-0747 6.5 - Medium - January 23, 2024

When a parent page loaded a child in an iframe with `unsafe-inline`, the parent Content Security Policy could have overridden the child Content Security Policy. This vulnerability affects Firefox < 122, Firefox ESR < 115.7, and Thunderbird < 115.7.

A compromised content process could have updated the document URI

CVE-2024-0748 4.3 - Medium - January 23, 2024

A compromised content process could have updated the document URI. This could have allowed an attacker to set an arbitrary URI in the address bar or history. This vulnerability affects Firefox < 122.

A phishing site could have repurposed an `about:` dialog to show phishing content with an incorrect origin in the address bar

CVE-2024-0749 4.3 - Medium - January 23, 2024

A phishing site could have repurposed an `about:` dialog to show phishing content with an incorrect origin in the address bar. This vulnerability affects Firefox < 122 and Thunderbird < 115.7.

Origin Validation Error

A bug in popup notifications delay calculation could have made it possible for an attacker to trick a user into granting permissions

CVE-2024-0750 8.8 - High - January 23, 2024

A bug in popup notifications delay calculation could have made it possible for an attacker to trick a user into granting permissions. This vulnerability affects Firefox < 122, Firefox ESR < 115.7, and Thunderbird < 115.7.

A malicious devtools extension could have been used to escalate privileges

CVE-2024-0751 8.8 - High - January 23, 2024

A malicious devtools extension could have been used to escalate privileges. This vulnerability affects Firefox < 122, Firefox ESR < 115.7, and Thunderbird < 115.7.

Improper Privilege Management

A use-after-free crash could have occurred on macOS if a Firefox update were being applied on a very busy system

CVE-2024-0752 6.5 - Medium - January 23, 2024

A use-after-free crash could have occurred on macOS if a Firefox update were being applied on a very busy system. This could have resulted in an exploitable crash. This vulnerability affects Firefox < 122.

Dangling pointer

In specific HSTS configurations an attacker could have bypassed HSTS on a subdomain

CVE-2024-0753 6.5 - Medium - January 23, 2024

In specific HSTS configurations an attacker could have bypassed HSTS on a subdomain. This vulnerability affects Firefox < 122, Firefox ESR < 115.7, and Thunderbird < 115.7.

Some WASM source files could have caused a crash when loaded in devtools

CVE-2024-0754 6.5 - Medium - January 23, 2024

Some WASM source files could have caused a crash when loaded in devtools. This vulnerability affects Firefox < 122.

An out of bounds write in ANGLE could have allowed an attacker to corrupt memory leading to a potentially exploitable crash

CVE-2024-0741 6.5 - Medium - January 23, 2024

An out of bounds write in ANGLE could have allowed an attacker to corrupt memory leading to a potentially exploitable crash. This vulnerability affects Firefox < 122, Firefox ESR < 115.7, and Thunderbird < 115.7.

Memory Corruption

An unchecked return value in TLS handshake code could have caused a potentially exploitable crash

CVE-2024-0743 7.5 - High - January 23, 2024

An unchecked return value in TLS handshake code could have caused a potentially exploitable crash. This vulnerability affects Firefox < 122, Firefox ESR < 115.9, and Thunderbird < 115.9.

Unchecked Return Value

In some circumstances, JIT compiled code could have dereferenced a wild pointer value

CVE-2024-0744 7.5 - High - January 23, 2024

In some circumstances, JIT compiled code could have dereferenced a wild pointer value. This could have led to an exploitable crash. This vulnerability affects Firefox < 122.

Buffer Overflow

Memory safety bugs present in Firefox 121, Firefox ESR 115.6, and Thunderbird 115.6

CVE-2024-0755 8.8 - High - January 23, 2024

Memory safety bugs present in Firefox 121, Firefox ESR 115.6, and Thunderbird 115.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 122, Firefox ESR < 115.7, and Thunderbird < 115.7.

It was possible for certain browser prompts and dialogs to be activated or dismissed unintentionally by the user due to an incorrect timestamp used to prevent input after page load

CVE-2024-0742 4.3 - Medium - January 23, 2024

It was possible for certain browser prompts and dialogs to be activated or dismissed unintentionally by the user due to an incorrect timestamp used to prevent input after page load. This vulnerability affects Firefox < 122, Firefox ESR < 115.7, and Thunderbird < 115.7.

Multiple NSS NIST curves were susceptible to a side-channel attack known as "Minerva"

CVE-2023-6135 4.3 - Medium - December 19, 2023

Multiple NSS NIST curves were susceptible to a side-channel attack known as "Minerva". This attack could potentially allow an attacker to recover the private key. This vulnerability affects Firefox < 121.

Side Channel Attack

The WebGL `DrawElementsInstanced` method was susceptible to a heap buffer overflow when used on systems with the Mesa VM driver

CVE-2023-6856 8.8 - High - December 19, 2023

The WebGL `DrawElementsInstanced` method was susceptible to a heap buffer overflow when used on systems with the Mesa VM driver. This issue could allow an attacker to perform remote code execution and sandbox escape. This vulnerability affects Firefox ESR < 115.6, Thunderbird < 115.6, and Firefox < 121.

Memory Corruption

Firefox was susceptible to a heap buffer overflow in `nsTextFragment` due to insufficient OOM handling

CVE-2023-6858 8.8 - High - December 19, 2023

Firefox was susceptible to a heap buffer overflow in `nsTextFragment` due to insufficient OOM handling. This vulnerability affects Firefox ESR < 115.6, Thunderbird < 115.6, and Firefox < 121.

Memory Corruption

A use-after-free condition affected TLS socket creation when under memory pressure

CVE-2023-6859 8.8 - High - December 19, 2023

A use-after-free condition affected TLS socket creation when under memory pressure. This vulnerability affects Firefox ESR < 115.6, Thunderbird < 115.6, and Firefox < 121.

Dangling pointer

The `VideoBridge` allowed any content process to use textures produced by remote decoders

CVE-2023-6860 6.5 - Medium - December 19, 2023

The `VideoBridge` allowed any content process to use textures produced by remote decoders. This could be abused to escape the sandbox. This vulnerability affects Firefox ESR < 115.6, Thunderbird < 115.6, and Firefox < 121.

The `nsWindow::PickerOpen(void)` method was susceptible to a heap buffer overflow when running in headless mode

CVE-2023-6861 8.8 - High - December 19, 2023

The `nsWindow::PickerOpen(void)` method was susceptible to a heap buffer overflow when running in headless mode. This vulnerability affects Firefox ESR < 115.6, Thunderbird < 115.6, and Firefox < 121.

Memory Corruption

The `ShutdownObserver()` was susceptible to potentially undefined behavior due to its reliance on a dynamic type

CVE-2023-6863 8.8 - High - December 19, 2023

The `ShutdownObserver()` was susceptible to potentially undefined behavior due to its reliance on a dynamic type that lacked a virtual destructor. This vulnerability affects Firefox ESR < 115.6, Thunderbird < 115.6, and Firefox < 121.

Memory safety bugs present in Firefox 120, Firefox ESR 115.5, and Thunderbird 115.5

CVE-2023-6864 8.8 - High - December 19, 2023

Memory safety bugs present in Firefox 120, Firefox ESR 115.5, and Thunderbird 115.5. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR < 115.6, Thunderbird < 115.6, and Firefox < 121.

Memory Corruption

`EncryptingOutputStream` was susceptible to exposing uninitialized data

CVE-2023-6865 6.5 - Medium - December 19, 2023

`EncryptingOutputStream` was susceptible to exposing uninitialized data. This issue could only be abused in order to write data to a local disk which may have implications for private browsing mode. This vulnerability affects Firefox ESR < 115.6 and Firefox < 121.

TypedArrays can be fallible and lacked proper exception handling

CVE-2023-6866 8.8 - High - December 19, 2023

TypedArrays can be fallible and lacked proper exception handling. This could lead to abuse in other APIs which expect TypedArrays to always succeed. This vulnerability affects Firefox < 121.

Improper Handling of Exceptional Conditions

The timing of a button click causing a popup to disappear was approximately the same length as the anti-clickjacking delay on permission prompts

CVE-2023-6867 6.1 - Medium - December 19, 2023

The timing of a button click causing a popup to disappear was approximately the same length as the anti-clickjacking delay on permission prompts. It was possible to use this fact to surprise users by luring them to click where the permission grant button would be about to appear. This vulnerability affects Firefox ESR < 115.6 and Firefox < 121.

Clickjacking

A `&lt;dialog>` element could have been manipulated to paint content outside of a sandboxed iframe

CVE-2023-6869 6.5 - Medium - December 19, 2023

A `&lt;dialog>` element could have been manipulated to paint content outside of a sandboxed iframe. This could allow untrusted content to display under the guise of trusted content. This vulnerability affects Firefox < 121.

Under certain conditions, Firefox did not display a warning when a user attempted to navigate to a new protocol handler

CVE-2023-6871 4.3 - Medium - December 19, 2023

Under certain conditions, Firefox did not display a warning when a user attempted to navigate to a new protocol handler. This vulnerability affects Firefox < 121.

Browser tab titles were being leaked by GNOME to system logs

CVE-2023-6872 6.5 - Medium - December 19, 2023

Browser tab titles were being leaked by GNOME to system logs. This could potentially expose the browsing habits of users running in a private tab. This vulnerability affects Firefox < 121.

Memory safety bugs present in Firefox 120

CVE-2023-6873 8.8 - High - December 19, 2023

Memory safety bugs present in Firefox 120. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 121.

Memory Corruption

An attacker could have accessed internal pages or data by ex-filtrating a security key from ReaderMode via the `referrerpolicy` attribute

CVE-2023-49060 9.8 - Critical - November 21, 2023

An attacker could have accessed internal pages or data by ex-filtrating a security key from ReaderMode via the `referrerpolicy` attribute. This vulnerability affects Firefox for iOS < 120.

An attacker could have performed HTML template injection via Reader Mode and exfiltrated user information

CVE-2023-49061 6.1 - Medium - November 21, 2023

An attacker could have performed HTML template injection via Reader Mode and exfiltrated user information. This vulnerability affects Firefox for iOS < 120.

Open Redirect

On some systemsdepending on the graphics settings and driversit was possible to force an out-of-bounds read and leak memory data into the images created on the

CVE-2023-6204 6.5 - Medium - November 21, 2023

On some systemsdepending on the graphics settings and driversit was possible to force an out-of-bounds read and leak memory data into the images created on the canvas element. This vulnerability affects Firefox < 120, Firefox ESR < 115.5.0, and Thunderbird < 115.5.

Out-of-bounds Read

It was possible to cause the use of a MessagePort after it had already been freed, which could potentially have led to an exploitable crash

CVE-2023-6205 6.5 - Medium - November 21, 2023

It was possible to cause the use of a MessagePort after it had already been freed, which could potentially have led to an exploitable crash. This vulnerability affects Firefox < 120, Firefox ESR < 115.5.0, and Thunderbird < 115.5.

Dangling pointer

The black fade animation when exiting fullscreen is roughly the length of the anti-clickjacking delay on permission prompts

CVE-2023-6206 5.4 - Medium - November 21, 2023

The black fade animation when exiting fullscreen is roughly the length of the anti-clickjacking delay on permission prompts. It was possible to use this fact to surprise users by luring them to click where the permission grant button would be about to appear. This vulnerability affects Firefox < 120, Firefox ESR < 115.5.0, and Thunderbird < 115.5.

Clickjacking

Ownership mismanagement led to a use-after-free in ReadableByteStreams This vulnerability affects Firefox < 120

CVE-2023-6207 8.8 - High - November 21, 2023

Ownership mismanagement led to a use-after-free in ReadableByteStreams This vulnerability affects Firefox < 120, Firefox ESR < 115.5.0, and Thunderbird < 115.5.

Dangling pointer

When using X11

CVE-2023-6208 8.8 - High - November 21, 2023

When using X11, text selected by the page using the Selection API was erroneously copied into the primary selection, a temporary storage not unlike the clipboard. *This bug only affects Firefox on X11. Other systems are unaffected.* This vulnerability affects Firefox < 120, Firefox ESR < 115.5.0, and Thunderbird < 115.5.

Relative URLs starting with three slashes were incorrectly parsed, and a path-traversal "/

CVE-2023-6209 6.5 - Medium - November 21, 2023

Relative URLs starting with three slashes were incorrectly parsed, and a path-traversal "/../" part in the path could be used to override the specified host. This could contribute to security problems in web sites. This vulnerability affects Firefox < 120, Firefox ESR < 115.5.0, and Thunderbird < 115.5.

Directory traversal

When an https: web page created a pop-up from a "javascript:" URL

CVE-2023-6210 6.5 - Medium - November 21, 2023

When an https: web page created a pop-up from a "javascript:" URL, that pop-up was incorrectly allowed to load blockable content such as iframes from insecure http: URLs This vulnerability affects Firefox < 120.

If an attacker needed a user to load an insecure http: page and knew

CVE-2023-6211 6.5 - Medium - November 21, 2023

If an attacker needed a user to load an insecure http: page and knew that user had enabled HTTPS-only mode, the attacker could have tricked the user into clicking to grant an HTTPS-only exception if they could get the user to participate in a clicking game. This vulnerability affects Firefox < 120.

Clickjacking

Memory safety bugs present in Firefox 119, Firefox ESR 115.4, and Thunderbird 115.4

CVE-2023-6212 8.8 - High - November 21, 2023

Memory safety bugs present in Firefox 119, Firefox ESR 115.4, and Thunderbird 115.4. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 120, Firefox ESR < 115.5.0, and Thunderbird < 115.5.

Memory Corruption

Memory safety bugs present in Firefox 119

CVE-2023-6213 8.8 - High - November 21, 2023

Memory safety bugs present in Firefox 119. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 120.

Memory Corruption

Drivers are not always robust to extremely large draw calls and in some cases this scenario could have led to a crash

CVE-2023-5724 7.5 - High - October 25, 2023

Drivers are not always robust to extremely large draw calls and in some cases this scenario could have led to a crash. This vulnerability affects Firefox < 119, Firefox ESR < 115.4, and Thunderbird < 115.4.1.

A malicious installed WebExtension could open arbitrary URLs

CVE-2023-5725 4.3 - Medium - October 25, 2023

A malicious installed WebExtension could open arbitrary URLs, which under the right circumstance could be leveraged to collect sensitive user data. This vulnerability affects Firefox < 119, Firefox ESR < 115.4, and Thunderbird < 115.4.1.

During garbage collection extra operations were performed on a object that should not be

CVE-2023-5728 7.5 - High - October 25, 2023

During garbage collection extra operations were performed on a object that should not be. This could have led to a potentially exploitable crash. This vulnerability affects Firefox < 119, Firefox ESR < 115.4, and Thunderbird < 115.4.1.

When opening a page in reader mode

CVE-2023-5758 6.1 - Medium - October 25, 2023

When opening a page in reader mode, the redirect URL could have caused attacker-controlled script to execute in a reflected Cross-Site Scripting (XSS) attack. This vulnerability affects Firefox for iOS < 119.

XSS

It was possible for certain browser prompts and dialogs to be activated or dismissed unintentionally by the user due to an insufficient activation-delay

CVE-2023-5721 4.3 - Medium - October 25, 2023

It was possible for certain browser prompts and dialogs to be activated or dismissed unintentionally by the user due to an insufficient activation-delay. This vulnerability affects Firefox < 119, Firefox ESR < 115.4, and Thunderbird < 115.4.1.

Clickjacking

Using iterative requests an attacker was able to learn the size of an opaque response

CVE-2023-5722 5.3 - Medium - October 25, 2023

Using iterative requests an attacker was able to learn the size of an opaque response, as well as the contents of a server-supplied Vary header. This vulnerability affects Firefox < 119.

Side Channel Attack

An attacker with temporary script access to a site could have set a cookie containing invalid characters using `document.cookie`

CVE-2023-5723 5.3 - Medium - October 25, 2023

An attacker with temporary script access to a site could have set a cookie containing invalid characters using `document.cookie` that could have led to unknown errors. This vulnerability affects Firefox < 119.

A malicious web site can enter fullscreen mode while simultaneously triggering a WebAuthn prompt

CVE-2023-5729 4.3 - Medium - October 25, 2023

A malicious web site can enter fullscreen mode while simultaneously triggering a WebAuthn prompt. This could have obscured the fullscreen notification and could have been leveraged in a spoofing attack. This vulnerability affects Firefox < 119.

Memory safety bugs present in Firefox 118, Firefox ESR 115.3, and Thunderbird 115.3

CVE-2023-5730 9.8 - Critical - October 25, 2023

Memory safety bugs present in Firefox 118, Firefox ESR 115.3, and Thunderbird 115.3. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 119, Firefox ESR < 115.4, and Thunderbird < 115.4.1.

Memory Corruption

Memory safety bugs present in Firefox 118

CVE-2023-5731 9.8 - Critical - October 25, 2023

Memory safety bugs present in Firefox 118. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 119.

Memory Corruption

An attacker could have created a malicious link using bidirectional characters to spoof the location in the address bar when visited

CVE-2023-5732 6.5 - Medium - October 25, 2023

An attacker could have created a malicious link using bidirectional characters to spoof the location in the address bar when visited. This vulnerability affects Firefox < 117, Firefox ESR < 115.4, and Thunderbird < 115.4.1.

Heap buffer overflow in vp8 encoding in libvpx in Google Chrome prior to 117.0.5938.132 and libvpx 1.13.1

CVE-2023-5217 8.8 - High - September 28, 2023

Heap buffer overflow in vp8 encoding in libvpx in Google Chrome prior to 117.0.5938.132 and libvpx 1.13.1 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Memory Corruption

A compromised content process could have provided malicious data in a `PathRecording` resulting in an out-of-bounds write

CVE-2023-5169 6.5 - Medium - September 27, 2023

A compromised content process could have provided malicious data in a `PathRecording` resulting in an out-of-bounds write, leading to a potentially exploitable crash in a privileged process. This vulnerability affects Firefox < 118, Firefox ESR < 115.3, and Thunderbird < 115.3.

Memory Corruption

In canvas rendering

CVE-2023-5170 7.4 - High - September 27, 2023

In canvas rendering, a compromised content process could have caused a surface to change unexpectedly, leading to a memory leak of a privileged process. This memory leak could be used to effect a sandbox escape if the correct data was leaked. This vulnerability affects Firefox < 118.

Memory Leak

During Ion compilation, a Garbage Collection could have resulted in a use-after-free condition, allowing an attacker to write two NUL bytes

CVE-2023-5171 6.5 - Medium - September 27, 2023

During Ion compilation, a Garbage Collection could have resulted in a use-after-free condition, allowing an attacker to write two NUL bytes, and cause a potentially exploitable crash. This vulnerability affects Firefox < 118, Firefox ESR < 115.3, and Thunderbird < 115.3.

Dangling pointer

A hashtable in the Ion Engine could have been mutated while there was a live interior reference

CVE-2023-5172 9.8 - Critical - September 27, 2023

A hashtable in the Ion Engine could have been mutated while there was a live interior reference, leading to a potential use-after-free and exploitable crash. This vulnerability affects Firefox < 118.

Dangling pointer

Memory safety bugs present in Firefox 117, Firefox ESR 115.2, and Thunderbird 115.2

CVE-2023-5176 9.8 - Critical - September 27, 2023

Memory safety bugs present in Firefox 117, Firefox ESR 115.2, and Thunderbird 115.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 118, Firefox ESR < 115.3, and Thunderbird < 115.3.

Memory Corruption

In a non-standard configuration of Firefox

CVE-2023-5173 7.5 - High - September 27, 2023

In a non-standard configuration of Firefox, an integer overflow could have occurred based on network traffic (possibly under influence of a local unprivileged webpage), leading to an out-of-bounds write to privileged process memory. *This bug only affects Firefox if a non-standard preference allowing non-HTTPS Alternate Services (`network.http.altsvc.oe`) is enabled.* This vulnerability affects Firefox < 118.

Integer Overflow or Wraparound

During process shutdown, it was possible

CVE-2023-5175 9.8 - Critical - September 27, 2023

During process shutdown, it was possible that an `ImageBitmap` was created that would later be used after being freed from a different codepath, leading to a potentially exploitable crash. This vulnerability affects Firefox < 118.

Dangling pointer

Heap buffer overflow in libwebp in Google Chrome prior to 116.0.5845.187 and libwebp 1.3.2

CVE-2023-4863 8.8 - High - September 12, 2023

Heap buffer overflow in libwebp in Google Chrome prior to 116.0.5845.187 and libwebp 1.3.2 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: Critical)

Memory Corruption

When calling `JS::CheckRegExpSyntax` a Syntax Error could have been set which would end in calling `convertToRuntimeErrorAndClear`

CVE-2023-4578 6.5 - Medium - September 11, 2023

When calling `JS::CheckRegExpSyntax` a Syntax Error could have been set which would end in calling `convertToRuntimeErrorAndClear`. A path in the function could attempt to allocate memory when none is available which would have caused a newly created Out of Memory exception to be mishandled as a Syntax Error. This vulnerability affects Firefox < 117, Firefox ESR < 115.2, and Thunderbird < 115.2.

Allocation of Resources Without Limits or Throttling

Search queries in the default search engine could appear to have been the currently navigated URL if the search query itself was a well formed URL

CVE-2023-4579 3.1 - Low - September 11, 2023

Search queries in the default search engine could appear to have been the currently navigated URL if the search query itself was a well formed URL. This could have led to a site spoofing another if it had been maliciously set as the default search engine. This vulnerability affects Firefox < 117.

Push notifications stored on disk in private browsing mode were not being encrypted potentially allowing the leak of sensitive information

CVE-2023-4580 6.5 - Medium - September 11, 2023

Push notifications stored on disk in private browsing mode were not being encrypted potentially allowing the leak of sensitive information. This vulnerability affects Firefox < 117, Firefox ESR < 115.2, and Thunderbird < 115.2.

Missing Encryption of Sensitive Data

Excel `.xll` add-in files did not have a blocklist entry in Firefox's executable blocklist which

CVE-2023-4581 4.3 - Medium - September 11, 2023

Excel `.xll` add-in files did not have a blocklist entry in Firefox's executable blocklist which allowed them to be downloaded without any warning of their potential harm. This vulnerability affects Firefox < 117, Firefox ESR < 102.15, Firefox ESR < 115.2, Thunderbird < 102.15, and Thunderbird < 115.2.

When checking if the Browsing Context had been discarded in `HttpBaseChannel`, if the load group was not available then it was assumed to have already been discarded

CVE-2023-4583 7.5 - High - September 11, 2023

When checking if the Browsing Context had been discarded in `HttpBaseChannel`, if the load group was not available then it was assumed to have already been discarded which was not always the case for private channels after the private session had ended. This vulnerability affects Firefox < 117, Firefox ESR < 115.2, and Thunderbird < 115.2.

Memory safety bugs present in Firefox 116, Firefox ESR 102.14, Firefox ESR 115.1, Thunderbird 102.14, and Thunderbird 115.1

CVE-2023-4584 8.8 - High - September 11, 2023

Memory safety bugs present in Firefox 116, Firefox ESR 102.14, Firefox ESR 115.1, Thunderbird 102.14, and Thunderbird 115.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 117, Firefox ESR < 102.15, Firefox ESR < 115.2, Thunderbird < 102.15, and Thunderbird < 115.2.

Memory Corruption

Memory safety bugs present in Firefox 116, Firefox ESR 115.1, and Thunderbird 115.1

CVE-2023-4585 8.8 - High - September 11, 2023

Memory safety bugs present in Firefox 116, Firefox ESR 115.1, and Thunderbird 115.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 117, Firefox ESR < 115.2, and Thunderbird < 115.2.

Memory Corruption

When creating a callback over IPC for showing the Color Picker window

CVE-2023-4574 6.5 - Medium - September 11, 2023

When creating a callback over IPC for showing the Color Picker window, multiple of the same callbacks could have been created at a time and eventually all simultaneously destroyed as soon as one of the callbacks finished. This could have led to a use-after-free causing a potentially exploitable crash. This vulnerability affects Firefox < 117, Firefox ESR < 102.15, Firefox ESR < 115.2, Thunderbird < 102.15, and Thunderbird < 115.2.

Dangling pointer

When creating a callback over IPC for showing the File Picker window

CVE-2023-4575 6.5 - Medium - September 11, 2023

When creating a callback over IPC for showing the File Picker window, multiple of the same callbacks could have been created at a time and eventually all simultaneously destroyed as soon as one of the callbacks finished. This could have led to a use-after-free causing a potentially exploitable crash. This vulnerability affects Firefox < 117, Firefox ESR < 102.15, Firefox ESR < 115.2, Thunderbird < 102.15, and Thunderbird < 115.2.

Dangling pointer

When `UpdateRegExpStatics` attempted to access `initialStringHeap` it could already have been garbage collected prior to entering the function

CVE-2023-4577 6.5 - Medium - September 11, 2023

When `UpdateRegExpStatics` attempted to access `initialStringHeap` it could already have been garbage collected prior to entering the function, which could potentially have led to an exploitable crash. This vulnerability affects Firefox < 117, Firefox ESR < 115.2, and Thunderbird < 115.2.

When receiving rendering data over IPC `mStream` could have been destroyed when initialized

CVE-2023-4573 6.5 - Medium - September 11, 2023

When receiving rendering data over IPC `mStream` could have been destroyed when initialized, which could have led to a use-after-free causing a potentially exploitable crash. This vulnerability affects Firefox < 117, Firefox ESR < 102.15, Firefox ESR < 115.2, Thunderbird < 102.15, and Thunderbird < 115.2.

Dangling pointer

A potential use-after-free vulnerability existed in SVG Images if the Refresh Driver was destroyed at an inopportune time

CVE-2022-46884 8.8 - High - August 24, 2023

A potential use-after-free vulnerability existed in SVG Images if the Refresh Driver was destroyed at an inopportune time. This could have lead to memory corruption or a potentially exploitable crash. *Note*: This advisory was added on December 13th, 2022 after discovering it was inadvertently left out of the original advisory. The fix was included in the original release of Firefox 106. This vulnerability affects Firefox < 106.

Dangling pointer

When the number of cookies per domain was exceeded in `document.cookie`

CVE-2023-4055 7.5 - High - August 01, 2023

When the number of cookies per domain was exceeded in `document.cookie`, the actual cookie jar sent to the host was no longer consistent with expected cookie jar state. This could have caused requests to be sent with some cookies missing. This vulnerability affects Firefox < 116, Firefox ESR < 102.14, and Firefox ESR < 115.1.

Memory safety bugs present in Firefox 115, Firefox ESR 115.0, Firefox ESR 102.13, Thunderbird 115.0, and Thunderbird 102.13

CVE-2023-4056 9.8 - Critical - August 01, 2023

Memory safety bugs present in Firefox 115, Firefox ESR 115.0, Firefox ESR 102.13, Thunderbird 115.0, and Thunderbird 102.13. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 116, Firefox ESR < 102.14, and Firefox ESR < 115.1.

Memory Corruption

Memory safety bugs present in Firefox 115, Firefox ESR 115.0, and Thunderbird 115.0

CVE-2023-4057 9.8 - Critical - August 01, 2023

Memory safety bugs present in Firefox 115, Firefox ESR 115.0, and Thunderbird 115.0. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 116, Firefox ESR < 115.1, and Thunderbird < 115.1.

Memory Corruption

Memory safety bugs present in Firefox 115

CVE-2023-4058 9.8 - Critical - August 01, 2023

Memory safety bugs present in Firefox 115. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 116.

Memory Corruption

Offscreen Canvas did not properly track cross-origin tainting, which could have been used to access image data

CVE-2023-4045 5.3 - Medium - August 01, 2023

Offscreen Canvas did not properly track cross-origin tainting, which could have been used to access image data from another site in violation of same-origin policy. This vulnerability affects Firefox < 116, Firefox ESR < 102.14, and Firefox ESR < 115.1.

Origin Validation Error

In some circumstances, a stale value could have been used for a global variable in WASM JIT analysis

CVE-2023-4046 5.3 - Medium - August 01, 2023

In some circumstances, a stale value could have been used for a global variable in WASM JIT analysis. This resulted in incorrect compilation and a potentially exploitable crash in the content process. This vulnerability affects Firefox < 116, Firefox ESR < 102.14, and Firefox ESR < 115.1.

A bug in popup notifications delay calculation could have made it possible for an attacker to trick a user into granting permissions

CVE-2023-4047 8.8 - High - August 01, 2023

A bug in popup notifications delay calculation could have made it possible for an attacker to trick a user into granting permissions. This vulnerability affects Firefox < 116, Firefox ESR < 102.14, and Firefox ESR < 115.1.

Race conditions in reference counting code were found through code inspection

CVE-2023-4049 5.9 - Medium - August 01, 2023

Race conditions in reference counting code were found through code inspection. These could have resulted in potentially exploitable use-after-free vulnerabilities. This vulnerability affects Firefox < 116, Firefox ESR < 102.14, and Firefox ESR < 115.1.

Race Condition

In some cases, an untrusted input stream was copied to a stack buffer without checking its size

CVE-2023-4050 7.5 - High - August 01, 2023

In some cases, an untrusted input stream was copied to a stack buffer without checking its size. This resulted in a potentially exploitable crash which could have led to a sandbox escape. This vulnerability affects Firefox < 116, Firefox ESR < 102.14, and Firefox ESR < 115.1.

Memory Corruption

An out-of-bounds read could have led to an exploitable crash when parsing HTML with DOMParser in low memory situations

CVE-2023-4048 7.5 - High - August 01, 2023

An out-of-bounds read could have led to an exploitable crash when parsing HTML with DOMParser in low memory situations. This vulnerability affects Firefox < 116, Firefox ESR < 102.14, and Firefox ESR < 115.1.

Out-of-bounds Read

A website could have obscured the full screen notification by using the file open dialog

CVE-2023-4051 7.5 - High - August 01, 2023

A website could have obscured the full screen notification by using the file open dialog. This could have led to user confusion and possible spoofing attacks. This vulnerability affects Firefox < 116, Firefox ESR < 115.2, and Thunderbird < 115.2.

The Firefox updater created a directory writable by non-privileged users

CVE-2023-4052 6.5 - Medium - August 01, 2023

The Firefox updater created a directory writable by non-privileged users. When uninstalling Firefox, any files in that directory would be recursively deleted with the permissions of the uninstalling user account. This could be combined with creation of a junction (a form of symbolic link) to allow arbitrary file deletion controlled by the non-privileged user. *This bug only affects Firefox on Windows. Other operating systems are unaffected.* This vulnerability affects Firefox < 116, Firefox ESR < 115.1, and Thunderbird < 115.1.

insecure temporary file

A website could have obscured the full screen notification by using a URL with a scheme handled by an external program

CVE-2023-4053 6.5 - Medium - August 01, 2023

A website could have obscured the full screen notification by using a URL with a scheme handled by an external program, such as a mailto URL. This could have led to user confusion and possible spoofing attacks. This vulnerability affects Firefox < 116, Firefox ESR < 115.2, and Thunderbird < 115.2.

insecure temporary file

The permission request prompt from the site in the background tab was overlaid on top of the site in the foreground tab

CVE-2023-37455 5.4 - Medium - July 12, 2023

The permission request prompt from the site in the background tab was overlaid on top of the site in the foreground tab. This vulnerability affects Firefox for iOS < 115.

Clickjacking

During the worker lifecycle, a use-after-free condition could have occured, which could have led to a potentially exploitable crash

CVE-2023-3600 8.8 - High - July 12, 2023

During the worker lifecycle, a use-after-free condition could have occured, which could have led to a potentially exploitable crash. This vulnerability affects Firefox < 115.0.2, Firefox ESR < 115.0.2, and Thunderbird < 115.0.1.

Dangling pointer

The session restore helper crashed whenever there was no parameter sent to the message handler

CVE-2023-37456 6.5 - Medium - July 12, 2023

The session restore helper crashed whenever there was no parameter sent to the message handler. This vulnerability affects Firefox for iOS < 115.

A website could have obscured the fullscreen notification by using an option element by introducing lag

CVE-2023-37204 6.5 - Medium - July 05, 2023

A website could have obscured the fullscreen notification by using an option element by introducing lag via an expensive computational function. This could have led to user confusion and possible spoofing attacks. This vulnerability affects Firefox < 115.

Insufficient validation in the Drag and Drop API in conjunction with social engineering, may have

CVE-2023-37203 7.8 - High - July 05, 2023

Insufficient validation in the Drag and Drop API in conjunction with social engineering, may have allowed an attacker to trick end-users into creating a shortcut to local system files. This could have been leveraged to execute arbitrary code. This vulnerability affects Firefox < 115.

The use of RTL Arabic characters in the address bar may have allowed for URL spoofing

CVE-2023-37205 6.5 - Medium - July 05, 2023

The use of RTL Arabic characters in the address bar may have allowed for URL spoofing. This vulnerability affects Firefox < 115.

When Firefox is configured to block storage of all cookies

CVE-2023-3482 6.5 - Medium - July 05, 2023

When Firefox is configured to block storage of all cookies, it was still possible to store data in localstorage by using an iframe with a source of 'about:blank'. This could have led to malicious websites storing tracking data without permission. This vulnerability affects Firefox < 115.

AuthZ

Memory safety bugs present in Firefox 114

CVE-2023-37212 8.8 - High - July 05, 2023

Memory safety bugs present in Firefox 114. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 115.

Memory Corruption

A website could prevent a user from exiting full-screen mode via alert and prompt calls

CVE-2023-37210 6.5 - Medium - July 05, 2023

A website could prevent a user from exiting full-screen mode via alert and prompt calls. This could lead to user confusion and possible spoofing attacks. This vulnerability affects Firefox < 115.

Uploading files which contain symlinks may have allowed an attacker to trick a user into submitting sensitive data to a malicious website

CVE-2023-37206 6.5 - Medium - July 05, 2023

Uploading files which contain symlinks may have allowed an attacker to trick a user into submitting sensitive data to a malicious website. This vulnerability affects Firefox < 115.

insecure temporary file

A use-after-free condition existed in `NotifyOnHistoryReload` where a `LoadingSessionHistoryEntry` object was freed and a reference to

CVE-2023-37209 8.8 - High - July 05, 2023

A use-after-free condition existed in `NotifyOnHistoryReload` where a `LoadingSessionHistoryEntry` object was freed and a reference to that object remained. This resulted in a potentially exploitable condition when the reference to that object was later reused. This vulnerability affects Firefox < 115.

Dangling pointer

Memory safety bugs present in Firefox 114, Firefox ESR 102.12, and Thunderbird 102.12

CVE-2023-37211 8.8 - High - July 05, 2023

Memory safety bugs present in Firefox 114, Firefox ESR 102.12, and Thunderbird 102.12. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 115, Firefox ESR < 102.13, and Thunderbird < 102.13.

Memory Corruption