Red Hat Red Hat Linux OS and other open source products

Do you want an email whenever new security vulnerabilities are reported in any Red Hat product?

Products by Red Hat Sorted by Most Security Vulnerabilities since 2018

Red Hat Enterprise Linux Server1434 vulnerabilities
RedHat Enterprise Linux (RHEL) Server. Includes software bundeled with RHEL server.

Red Hat Enterprise Linux Workstation1409 vulnerabilities
RedHat Enterprise Linux (RHEL) Workstation. Includes software bundled with RHEL Workstation.

Red Hat Enterprise Linux Desktop1394 vulnerabilities
RedHat Enterprise Linux (RHEL) Desktop. Includes software bundled with RHEL desktop

Red Hat Enterprise Linux (RHEL)1001 vulnerabilities

Red Hat Enterprise Linux Eus666 vulnerabilities

Red Hat Openstack189 vulnerabilities

Red Hat Satellite174 vulnerabilities

Red Hat Software Collections112 vulnerabilities

Red Hat Virtualization109 vulnerabilities

Red Hat Openshift81 vulnerabilities

Red Hat Single Sign On72 vulnerabilities

Red Hat Enterprise Mrg69 vulnerabilities

Red Hat Ansible Tower65 vulnerabilities

Red Hat Keycloak64 vulnerabilities

Red Hat Virtualization Host51 vulnerabilities

Red Hat Libvirt51 vulnerabilities

Red Hat Linux Workstation45 vulnerabilities

Red Hat Linux Desktop45 vulnerabilities

Red Hat Linux Server45 vulnerabilities

Red Hat Ceph Storage40 vulnerabilities

Red Hat Enterprise Linux Aus36 vulnerabilities

Red Hat Jboss Fuse32 vulnerabilities

Red Hat Ansible30 vulnerabilities

Red Hat Cloudforms28 vulnerabilities

Red Hat Ansible Engine27 vulnerabilities

Red Hat Linux27 vulnerabilities

Red Hat Undertow23 vulnerabilities
Java HTTP Server and Servlet Container

Red Hat Openstack Platform22 vulnerabilities

Red Hat Storage20 vulnerabilities

Red Hat Quay18 vulnerabilities

Red Hat Jboss Data Grid18 vulnerabilities

Red Hat Jboss Core Services17 vulnerabilities

Red Hat Gluster Storage17 vulnerabilities

Red Hat Openshift Service Mesh17 vulnerabilities

Red Hat Fuse16 vulnerabilities

Red Hat Wildfly16 vulnerabilities

Red Hat Enterprise Linux Tus16 vulnerabilities

Red Hat Build Of Quarkus15 vulnerabilities

Red Hat Process Automation15 vulnerabilities

Red Hat Decision Manager15 vulnerabilities

Red Hat Ceph14 vulnerabilities

Red Hat Developer Tools14 vulnerabilities

Red Hat Integration Camel K14 vulnerabilities

Red Hat Virtualization Manager13 vulnerabilities

Red Hat Jboss A Mq12 vulnerabilities

Red Hat Spacewalk11 vulnerabilities

Red Hat Resteasy10 vulnerabilities

Red Hat Descision Manager10 vulnerabilities

Red Hat Network Satellite9 vulnerabilities

Red Hat Jboss Bpm Suite8 vulnerabilities

Red Hat Spacewalk Java8 vulnerabilities

Red Hat Satellite Capsule8 vulnerabilities

Red Hat 3scale7 vulnerabilities

Red Hat Ovirt Engine7 vulnerabilities

Red Hat Jboss Brms7 vulnerabilities

Red Hat Data Grid7 vulnerabilities

Red Hat Directory Server7 vulnerabilities

Red Hat Openshift Origin6 vulnerabilities

Recent Red Hat Security Advisories

Advisory Title Published
RHSA-2023:3429 (RHSA-2023:3429) Important: cups-filters security update June 2, 2023
RHSA-2023:3423 (RHSA-2023:3423) Important: cups-filters security update June 2, 2023
RHSA-2023:3415 (RHSA-2023:3415) Important: ACS 4.0 enhancement and security update May 31, 2023
RHSA-2023:3408 (RHSA-2023:3408) Moderate: openssl security update May 31, 2023
RHSA-2023:3394 (RHSA-2023:3394) Important: pki-core:10.6 security update May 31, 2023
RHSA-2023:3387 (RHSA-2023:3387) Moderate: Satellite 6.13.1 Async Security Update May 31, 2023
RHSA-2023:3382 (RHSA-2023:3382) Important: git security update May 31, 2023
RHSA-2023:3380 (RHSA-2023:3380) Moderate: apr-util security update May 31, 2023
RHSA-2023:3309 (RHSA-2023:3309) Moderate: OpenShift Container Platform 4.11.42 bug fix and security update May 31, 2023
RHSA-2023:3379 (RHSA-2023:3379) Important: Red Hat Advanced Cluster Security for Kubernetes 3.73 security update May 31, 2023

By the Year

In 2023 there have been 262 vulnerabilities in Red Hat with an average score of 6.9 out of ten. Last year Red Hat had 1279 security vulnerabilities published. Right now, Red Hat is on track to have less security vulnerabilities in 2023 than it did last year. Last year, the average CVE base score was greater by 0.03

Year Vulnerabilities Average Score
2023 262 6.94
2022 1279 6.98
2021 1078 6.67
2020 629 6.58
2019 733 6.89
2018 707 7.25

It may take a day or so for new Red Hat vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Red Hat Security Vulnerabilities

A type checking bug would have led to invalid code being compiled

CVE-2023-32211 - June 02, 2023

A type checking bug would have led to invalid code being compiled. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11.

A missing delay in popup notifications could have made it possible for an attacker to trick a user into granting permissions

CVE-2023-32207 - June 02, 2023

A missing delay in popup notifications could have made it possible for an attacker to trick a user into granting permissions. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11.

An out-of-bound read could have led to a crash in the RLBox Expat driver

CVE-2023-32206 - June 02, 2023

An out-of-bound read could have led to a crash in the RLBox Expat driver. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11.

In multiple cases browser prompts could have been obscured by popups controlled by content

CVE-2023-32205 - June 02, 2023

In multiple cases browser prompts could have been obscured by popups controlled by content. These could have led to potential user confusion and spoofing attacks. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11.

A type checking bug would have led to invalid code being compiled

CVE-2023-32211 - June 02, 2023

A type checking bug would have led to invalid code being compiled. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11.

An attacker could have positioned a <code>datalist</code> element to obscure the address bar

CVE-2023-32212 - June 02, 2023

An attacker could have positioned a <code>datalist</code> element to obscure the address bar. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11.

When reading a file, an uninitialized value could have been used as read limit

CVE-2023-32213 - June 02, 2023

When reading a file, an uninitialized value could have been used as read limit. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11.

Mozilla developers and community members Gabriele Svelto

CVE-2023-32215 - June 02, 2023

Mozilla developers and community members Gabriele Svelto, Andrew Osmond, Emily McDonough, Sebastian Hengst, Andrew McCreight and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 112 and Firefox ESR 102.10. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11.

In multiple cases browser prompts could have been obscured by popups controlled by content

CVE-2023-32205 - June 02, 2023

In multiple cases browser prompts could have been obscured by popups controlled by content. These could have led to potential user confusion and spoofing attacks. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11.

An out-of-bound read could have led to a crash in the RLBox Expat driver

CVE-2023-32206 - June 02, 2023

An out-of-bound read could have led to a crash in the RLBox Expat driver. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11.

A missing delay in popup notifications could have made it possible for an attacker to trick a user into granting permissions

CVE-2023-32207 - June 02, 2023

A missing delay in popup notifications could have made it possible for an attacker to trick a user into granting permissions. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11.

A type checking bug would have led to invalid code being compiled

CVE-2023-32211 - June 02, 2023

A type checking bug would have led to invalid code being compiled. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11.

An attacker could have positioned a <code>datalist</code> element to obscure the address bar

CVE-2023-32212 - June 02, 2023

An attacker could have positioned a <code>datalist</code> element to obscure the address bar. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11.

When reading a file, an uninitialized value could have been used as read limit

CVE-2023-32213 - June 02, 2023

When reading a file, an uninitialized value could have been used as read limit. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11.

Mozilla developers and community members Gabriele Svelto

CVE-2023-32215 - June 02, 2023

Mozilla developers and community members Gabriele Svelto, Andrew Osmond, Emily McDonough, Sebastian Hengst, Andrew McCreight and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 112 and Firefox ESR 102.10. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11.

Mozilla developers and community members Gabriele Svelto

CVE-2023-32215 - June 02, 2023

Mozilla developers and community members Gabriele Svelto, Andrew Osmond, Emily McDonough, Sebastian Hengst, Andrew McCreight and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 112 and Firefox ESR 102.10. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11.

When reading a file, an uninitialized value could have been used as read limit

CVE-2023-32213 - June 02, 2023

When reading a file, an uninitialized value could have been used as read limit. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11.

An attacker could have positioned a <code>datalist</code> element to obscure the address bar

CVE-2023-32212 - June 02, 2023

An attacker could have positioned a <code>datalist</code> element to obscure the address bar. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11.

A type checking bug would have led to invalid code being compiled

CVE-2023-32211 - June 02, 2023

A type checking bug would have led to invalid code being compiled. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11.

A missing delay in popup notifications could have made it possible for an attacker to trick a user into granting permissions

CVE-2023-32207 - June 02, 2023

A missing delay in popup notifications could have made it possible for an attacker to trick a user into granting permissions. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11.

An out-of-bound read could have led to a crash in the RLBox Expat driver

CVE-2023-32206 - June 02, 2023

An out-of-bound read could have led to a crash in the RLBox Expat driver. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11.

In multiple cases browser prompts could have been obscured by popups controlled by content

CVE-2023-32205 - June 02, 2023

In multiple cases browser prompts could have been obscured by popups controlled by content. These could have led to potential user confusion and spoofing attacks. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11.

Mozilla developers and community members Gabriele Svelto

CVE-2023-32215 - June 02, 2023

Mozilla developers and community members Gabriele Svelto, Andrew Osmond, Emily McDonough, Sebastian Hengst, Andrew McCreight and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 112 and Firefox ESR 102.10. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11.

When reading a file, an uninitialized value could have been used as read limit

CVE-2023-32213 - June 02, 2023

When reading a file, an uninitialized value could have been used as read limit. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11.

An attacker could have positioned a <code>datalist</code> element to obscure the address bar

CVE-2023-32212 - June 02, 2023

An attacker could have positioned a <code>datalist</code> element to obscure the address bar. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11.

A type checking bug would have led to invalid code being compiled

CVE-2023-32211 - June 02, 2023

A type checking bug would have led to invalid code being compiled. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11.

A missing delay in popup notifications could have made it possible for an attacker to trick a user into granting permissions

CVE-2023-32207 - June 02, 2023

A missing delay in popup notifications could have made it possible for an attacker to trick a user into granting permissions. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11.

An out-of-bound read could have led to a crash in the RLBox Expat driver

CVE-2023-32206 - June 02, 2023

An out-of-bound read could have led to a crash in the RLBox Expat driver. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11.

In multiple cases browser prompts could have been obscured by popups controlled by content

CVE-2023-32205 - June 02, 2023

In multiple cases browser prompts could have been obscured by popups controlled by content. These could have led to potential user confusion and spoofing attacks. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11.

Mozilla developers and community members Gabriele Svelto

CVE-2023-32215 - June 02, 2023

Mozilla developers and community members Gabriele Svelto, Andrew Osmond, Emily McDonough, Sebastian Hengst, Andrew McCreight and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 112 and Firefox ESR 102.10. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11.

When reading a file, an uninitialized value could have been used as read limit

CVE-2023-32213 - June 02, 2023

When reading a file, an uninitialized value could have been used as read limit. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11.

An attacker could have positioned a <code>datalist</code> element to obscure the address bar

CVE-2023-32212 - June 02, 2023

An attacker could have positioned a <code>datalist</code> element to obscure the address bar. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11.

A missing delay in popup notifications could have made it possible for an attacker to trick a user into granting permissions

CVE-2023-32207 - June 02, 2023

A missing delay in popup notifications could have made it possible for an attacker to trick a user into granting permissions. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11.

An out-of-bound read could have led to a crash in the RLBox Expat driver

CVE-2023-32206 - June 02, 2023

An out-of-bound read could have led to a crash in the RLBox Expat driver. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11.

In multiple cases browser prompts could have been obscured by popups controlled by content

CVE-2023-32205 - June 02, 2023

In multiple cases browser prompts could have been obscured by popups controlled by content. These could have led to potential user confusion and spoofing attacks. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11.

Mozilla developers and community members Gabriele Svelto

CVE-2023-32215 - June 02, 2023

Mozilla developers and community members Gabriele Svelto, Andrew Osmond, Emily McDonough, Sebastian Hengst, Andrew McCreight and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 112 and Firefox ESR 102.10. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11.

When reading a file, an uninitialized value could have been used as read limit

CVE-2023-32213 - June 02, 2023

When reading a file, an uninitialized value could have been used as read limit. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11.

An attacker could have positioned a <code>datalist</code> element to obscure the address bar

CVE-2023-32212 - June 02, 2023

An attacker could have positioned a <code>datalist</code> element to obscure the address bar. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11.

A type checking bug would have led to invalid code being compiled

CVE-2023-32211 - June 02, 2023

A type checking bug would have led to invalid code being compiled. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11.

A missing delay in popup notifications could have made it possible for an attacker to trick a user into granting permissions

CVE-2023-32207 - June 02, 2023

A missing delay in popup notifications could have made it possible for an attacker to trick a user into granting permissions. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11.

An out-of-bound read could have led to a crash in the RLBox Expat driver

CVE-2023-32206 - June 02, 2023

An out-of-bound read could have led to a crash in the RLBox Expat driver. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11.

In multiple cases browser prompts could have been obscured by popups controlled by content

CVE-2023-32205 - June 02, 2023

In multiple cases browser prompts could have been obscured by popups controlled by content. These could have led to potential user confusion and spoofing attacks. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11.

Mozilla developers and community members Gabriele Svelto

CVE-2023-32215 - June 02, 2023

Mozilla developers and community members Gabriele Svelto, Andrew Osmond, Emily McDonough, Sebastian Hengst, Andrew McCreight and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 112 and Firefox ESR 102.10. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11.

When reading a file, an uninitialized value could have been used as read limit

CVE-2023-32213 - June 02, 2023

When reading a file, an uninitialized value could have been used as read limit. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11.

An attacker could have positioned a <code>datalist</code> element to obscure the address bar

CVE-2023-32212 - June 02, 2023

An attacker could have positioned a <code>datalist</code> element to obscure the address bar. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11.

A type checking bug would have led to invalid code being compiled

CVE-2023-32211 - June 02, 2023

A type checking bug would have led to invalid code being compiled. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11.

A missing delay in popup notifications could have made it possible for an attacker to trick a user into granting permissions

CVE-2023-32207 - June 02, 2023

A missing delay in popup notifications could have made it possible for an attacker to trick a user into granting permissions. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11.

An out-of-bound read could have led to a crash in the RLBox Expat driver

CVE-2023-32206 - June 02, 2023

An out-of-bound read could have led to a crash in the RLBox Expat driver. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11.

In multiple cases browser prompts could have been obscured by popups controlled by content

CVE-2023-32205 - June 02, 2023

In multiple cases browser prompts could have been obscured by popups controlled by content. These could have led to potential user confusion and spoofing attacks. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11.

Mozilla developers and community members Gabriele Svelto

CVE-2023-32215 - June 02, 2023

Mozilla developers and community members Gabriele Svelto, Andrew Osmond, Emily McDonough, Sebastian Hengst, Andrew McCreight and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 112 and Firefox ESR 102.10. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11.

When reading a file, an uninitialized value could have been used as read limit

CVE-2023-32213 - June 02, 2023

When reading a file, an uninitialized value could have been used as read limit. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11.

An attacker could have positioned a <code>datalist</code> element to obscure the address bar

CVE-2023-32212 - June 02, 2023

An attacker could have positioned a <code>datalist</code> element to obscure the address bar. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11.

A type checking bug would have led to invalid code being compiled

CVE-2023-32211 - June 02, 2023

A type checking bug would have led to invalid code being compiled. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11.

A missing delay in popup notifications could have made it possible for an attacker to trick a user into granting permissions

CVE-2023-32207 - June 02, 2023

A missing delay in popup notifications could have made it possible for an attacker to trick a user into granting permissions. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11.

In multiple cases browser prompts could have been obscured by popups controlled by content

CVE-2023-32205 - June 02, 2023

In multiple cases browser prompts could have been obscured by popups controlled by content. These could have led to potential user confusion and spoofing attacks. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11.

Mozilla developers and community members Gabriele Svelto

CVE-2023-32215 - June 02, 2023

Mozilla developers and community members Gabriele Svelto, Andrew Osmond, Emily McDonough, Sebastian Hengst, Andrew McCreight and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 112 and Firefox ESR 102.10. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11.

When reading a file, an uninitialized value could have been used as read limit

CVE-2023-32213 - June 02, 2023

When reading a file, an uninitialized value could have been used as read limit. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11.

An attacker could have positioned a <code>datalist</code> element to obscure the address bar

CVE-2023-32212 - June 02, 2023

An attacker could have positioned a <code>datalist</code> element to obscure the address bar. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11.

A type checking bug would have led to invalid code being compiled

CVE-2023-32211 - June 02, 2023

A type checking bug would have led to invalid code being compiled. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11.

A missing delay in popup notifications could have made it possible for an attacker to trick a user into granting permissions

CVE-2023-32207 - June 02, 2023

A missing delay in popup notifications could have made it possible for an attacker to trick a user into granting permissions. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11.

An out-of-bound read could have led to a crash in the RLBox Expat driver

CVE-2023-32206 - June 02, 2023

An out-of-bound read could have led to a crash in the RLBox Expat driver. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11.

In multiple cases browser prompts could have been obscured by popups controlled by content

CVE-2023-32205 - June 02, 2023

In multiple cases browser prompts could have been obscured by popups controlled by content. These could have led to potential user confusion and spoofing attacks. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11.

Mozilla developers and community members Gabriele Svelto

CVE-2023-32215 - June 02, 2023

Mozilla developers and community members Gabriele Svelto, Andrew Osmond, Emily McDonough, Sebastian Hengst, Andrew McCreight and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 112 and Firefox ESR 102.10. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11.

When reading a file, an uninitialized value could have been used as read limit

CVE-2023-32213 - June 02, 2023

When reading a file, an uninitialized value could have been used as read limit. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11.

An attacker could have positioned a <code>datalist</code> element to obscure the address bar

CVE-2023-32212 - June 02, 2023

An attacker could have positioned a <code>datalist</code> element to obscure the address bar. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11.

A type checking bug would have led to invalid code being compiled

CVE-2023-32211 - June 02, 2023

A type checking bug would have led to invalid code being compiled. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11.

A missing delay in popup notifications could have made it possible for an attacker to trick a user into granting permissions

CVE-2023-32207 - June 02, 2023

A missing delay in popup notifications could have made it possible for an attacker to trick a user into granting permissions. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11.

An out-of-bound read could have led to a crash in the RLBox Expat driver

CVE-2023-32206 - June 02, 2023

An out-of-bound read could have led to a crash in the RLBox Expat driver. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11.

In multiple cases browser prompts could have been obscured by popups controlled by content

CVE-2023-32205 - June 02, 2023

In multiple cases browser prompts could have been obscured by popups controlled by content. These could have led to potential user confusion and spoofing attacks. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11.

An out-of-bound read could have led to a crash in the RLBox Expat driver

CVE-2023-32206 - June 02, 2023

An out-of-bound read could have led to a crash in the RLBox Expat driver. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11.

An attacker could construct a PKCS 12 cert bundle in such a way

CVE-2023-0767 - June 02, 2023

An attacker could construct a PKCS 12 cert bundle in such a way that could allow for arbitrary memory writes via PKCS 12 Safe Bag attributes being mishandled. This vulnerability affects Firefox < 110, Thunderbird < 102.8, and Firefox ESR < 102.8.

An attacker could construct a PKCS 12 cert bundle in such a way

CVE-2023-0767 - June 02, 2023

An attacker could construct a PKCS 12 cert bundle in such a way that could allow for arbitrary memory writes via PKCS 12 Safe Bag attributes being mishandled. This vulnerability affects Firefox < 110, Thunderbird < 102.8, and Firefox ESR < 102.8.

An attacker could construct a PKCS 12 cert bundle in such a way

CVE-2023-0767 - June 02, 2023

An attacker could construct a PKCS 12 cert bundle in such a way that could allow for arbitrary memory writes via PKCS 12 Safe Bag attributes being mishandled. This vulnerability affects Firefox < 110, Thunderbird < 102.8, and Firefox ESR < 102.8.

An attacker could construct a PKCS 12 cert bundle in such a way

CVE-2023-0767 - June 02, 2023

An attacker could construct a PKCS 12 cert bundle in such a way that could allow for arbitrary memory writes via PKCS 12 Safe Bag attributes being mishandled. This vulnerability affects Firefox < 110, Thunderbird < 102.8, and Firefox ESR < 102.8.

An attacker could construct a PKCS 12 cert bundle in such a way

CVE-2023-0767 - June 02, 2023

An attacker could construct a PKCS 12 cert bundle in such a way that could allow for arbitrary memory writes via PKCS 12 Safe Bag attributes being mishandled. This vulnerability affects Firefox < 110, Thunderbird < 102.8, and Firefox ESR < 102.8.

Sometimes, when invalidating JIT code while following an iterator, the newly generated code could be overwritten incorrectly

CVE-2023-25751 - June 02, 2023

Sometimes, when invalidating JIT code while following an iterator, the newly generated code could be overwritten incorrectly. This could lead to a potentially exploitable crash. This vulnerability affects Firefox < 111, Firefox ESR < 102.9, and Thunderbird < 102.9.

When accessing throttled streams, the count of available bytes needed to be checked in the calling function to be within bounds

CVE-2023-25752 - June 02, 2023

When accessing throttled streams, the count of available bytes needed to be checked in the calling function to be within bounds. This may have lead future code to be incorrect and vulnerable. This vulnerability affects Firefox < 111, Firefox ESR < 102.9, and Thunderbird < 102.9.

While implementing AudioWorklets, some code may have casted one type to another, invalid, dynamic type

CVE-2023-28162 - June 02, 2023

While implementing AudioWorklets, some code may have casted one type to another, invalid, dynamic type. This could have led to a potentially exploitable crash. This vulnerability affects Firefox < 111, Firefox ESR < 102.9, and Thunderbird < 102.9.

Dragging a URL from a cross-origin iframe that was removed during the drag could have led to user confusion and website spoofing attacks

CVE-2023-28164 - June 02, 2023

Dragging a URL from a cross-origin iframe that was removed during the drag could have led to user confusion and website spoofing attacks. This vulnerability affects Firefox < 111, Firefox ESR < 102.9, and Thunderbird < 102.9.

Mozilla developers Timothy Nikkel

CVE-2023-28176 - June 02, 2023

Mozilla developers Timothy Nikkel, Andrew McCreight, and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 110 and Firefox ESR 102.8. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 111, Firefox ESR < 102.9, and Thunderbird < 102.9.

Sometimes, when invalidating JIT code while following an iterator, the newly generated code could be overwritten incorrectly

CVE-2023-25751 - June 02, 2023

Sometimes, when invalidating JIT code while following an iterator, the newly generated code could be overwritten incorrectly. This could lead to a potentially exploitable crash. This vulnerability affects Firefox < 111, Firefox ESR < 102.9, and Thunderbird < 102.9.

When accessing throttled streams, the count of available bytes needed to be checked in the calling function to be within bounds

CVE-2023-25752 - June 02, 2023

When accessing throttled streams, the count of available bytes needed to be checked in the calling function to be within bounds. This may have lead future code to be incorrect and vulnerable. This vulnerability affects Firefox < 111, Firefox ESR < 102.9, and Thunderbird < 102.9.

While implementing AudioWorklets, some code may have casted one type to another, invalid, dynamic type

CVE-2023-28162 - June 02, 2023

While implementing AudioWorklets, some code may have casted one type to another, invalid, dynamic type. This could have led to a potentially exploitable crash. This vulnerability affects Firefox < 111, Firefox ESR < 102.9, and Thunderbird < 102.9.

Dragging a URL from a cross-origin iframe that was removed during the drag could have led to user confusion and website spoofing attacks

CVE-2023-28164 - June 02, 2023

Dragging a URL from a cross-origin iframe that was removed during the drag could have led to user confusion and website spoofing attacks. This vulnerability affects Firefox < 111, Firefox ESR < 102.9, and Thunderbird < 102.9.

Mozilla developers Timothy Nikkel

CVE-2023-28176 - June 02, 2023

Mozilla developers Timothy Nikkel, Andrew McCreight, and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 110 and Firefox ESR 102.8. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 111, Firefox ESR < 102.9, and Thunderbird < 102.9.

An attacker could construct a PKCS 12 cert bundle in such a way

CVE-2023-0767 - June 02, 2023

An attacker could construct a PKCS 12 cert bundle in such a way that could allow for arbitrary memory writes via PKCS 12 Safe Bag attributes being mishandled. This vulnerability affects Firefox < 110, Thunderbird < 102.8, and Firefox ESR < 102.8.

An attacker could construct a PKCS 12 cert bundle in such a way

CVE-2023-0767 - June 02, 2023

An attacker could construct a PKCS 12 cert bundle in such a way that could allow for arbitrary memory writes via PKCS 12 Safe Bag attributes being mishandled. This vulnerability affects Firefox < 110, Thunderbird < 102.8, and Firefox ESR < 102.8.

An attacker could construct a PKCS 12 cert bundle in such a way

CVE-2023-0767 - June 02, 2023

An attacker could construct a PKCS 12 cert bundle in such a way that could allow for arbitrary memory writes via PKCS 12 Safe Bag attributes being mishandled. This vulnerability affects Firefox < 110, Thunderbird < 102.8, and Firefox ESR < 102.8.

An attacker could construct a PKCS 12 cert bundle in such a way

CVE-2023-0767 - June 02, 2023

An attacker could construct a PKCS 12 cert bundle in such a way that could allow for arbitrary memory writes via PKCS 12 Safe Bag attributes being mishandled. This vulnerability affects Firefox < 110, Thunderbird < 102.8, and Firefox ESR < 102.8.

Sometimes, when invalidating JIT code while following an iterator, the newly generated code could be overwritten incorrectly

CVE-2023-25751 - June 02, 2023

Sometimes, when invalidating JIT code while following an iterator, the newly generated code could be overwritten incorrectly. This could lead to a potentially exploitable crash. This vulnerability affects Firefox < 111, Firefox ESR < 102.9, and Thunderbird < 102.9.

When accessing throttled streams, the count of available bytes needed to be checked in the calling function to be within bounds

CVE-2023-25752 - June 02, 2023

When accessing throttled streams, the count of available bytes needed to be checked in the calling function to be within bounds. This may have lead future code to be incorrect and vulnerable. This vulnerability affects Firefox < 111, Firefox ESR < 102.9, and Thunderbird < 102.9.

While implementing AudioWorklets, some code may have casted one type to another, invalid, dynamic type

CVE-2023-28162 - June 02, 2023

While implementing AudioWorklets, some code may have casted one type to another, invalid, dynamic type. This could have led to a potentially exploitable crash. This vulnerability affects Firefox < 111, Firefox ESR < 102.9, and Thunderbird < 102.9.

Dragging a URL from a cross-origin iframe that was removed during the drag could have led to user confusion and website spoofing attacks

CVE-2023-28164 - June 02, 2023

Dragging a URL from a cross-origin iframe that was removed during the drag could have led to user confusion and website spoofing attacks. This vulnerability affects Firefox < 111, Firefox ESR < 102.9, and Thunderbird < 102.9.

Mozilla developers Timothy Nikkel

CVE-2023-28176 - June 02, 2023

Mozilla developers Timothy Nikkel, Andrew McCreight, and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 110 and Firefox ESR 102.8. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 111, Firefox ESR < 102.9, and Thunderbird < 102.9.

An attacker could construct a PKCS 12 cert bundle in such a way

CVE-2023-0767 - June 02, 2023

An attacker could construct a PKCS 12 cert bundle in such a way that could allow for arbitrary memory writes via PKCS 12 Safe Bag attributes being mishandled. This vulnerability affects Firefox < 110, Thunderbird < 102.8, and Firefox ESR < 102.8.

An attacker could construct a PKCS 12 cert bundle in such a way

CVE-2023-0767 - June 02, 2023

An attacker could construct a PKCS 12 cert bundle in such a way that could allow for arbitrary memory writes via PKCS 12 Safe Bag attributes being mishandled. This vulnerability affects Firefox < 110, Thunderbird < 102.8, and Firefox ESR < 102.8.

Sometimes, when invalidating JIT code while following an iterator, the newly generated code could be overwritten incorrectly

CVE-2023-25751 - June 02, 2023

Sometimes, when invalidating JIT code while following an iterator, the newly generated code could be overwritten incorrectly. This could lead to a potentially exploitable crash. This vulnerability affects Firefox < 111, Firefox ESR < 102.9, and Thunderbird < 102.9.

When accessing throttled streams, the count of available bytes needed to be checked in the calling function to be within bounds

CVE-2023-25752 - June 02, 2023

When accessing throttled streams, the count of available bytes needed to be checked in the calling function to be within bounds. This may have lead future code to be incorrect and vulnerable. This vulnerability affects Firefox < 111, Firefox ESR < 102.9, and Thunderbird < 102.9.

While implementing AudioWorklets, some code may have casted one type to another, invalid, dynamic type

CVE-2023-28162 - June 02, 2023

While implementing AudioWorklets, some code may have casted one type to another, invalid, dynamic type. This could have led to a potentially exploitable crash. This vulnerability affects Firefox < 111, Firefox ESR < 102.9, and Thunderbird < 102.9.

Dragging a URL from a cross-origin iframe that was removed during the drag could have led to user confusion and website spoofing attacks

CVE-2023-28164 - June 02, 2023

Dragging a URL from a cross-origin iframe that was removed during the drag could have led to user confusion and website spoofing attacks. This vulnerability affects Firefox < 111, Firefox ESR < 102.9, and Thunderbird < 102.9.

Built by Foundeo Inc., with data from the National Vulnerability Database (NVD), Icons by Icons8. Privacy Policy. Use of this site is governed by the Legal Terms
Disclaimer
CONTENT ON THIS WEBSITE IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. Always check with your vendor for the most up to date, and accurate information.