Red Hat Linux OS and other open source products
Products by Red Hat Sorted by Most Security Vulnerabilities since 2018
Red Hat Enterprise Linux Server1434 vulnerabilities
RedHat Enterprise Linux (RHEL) Server. Includes software bundeled with RHEL server.
Red Hat Enterprise Linux Workstation1409 vulnerabilities
RedHat Enterprise Linux (RHEL) Workstation. Includes software bundled with RHEL Workstation.
Red Hat Enterprise Linux Desktop1394 vulnerabilities
RedHat Enterprise Linux (RHEL) Desktop. Includes software bundled with RHEL desktop
Recent Red Hat Security Advisories
Advisory | Title | Published |
---|---|---|
RHSA-2023:3429 | (RHSA-2023:3429) Important: cups-filters security update | June 2, 2023 |
RHSA-2023:3423 | (RHSA-2023:3423) Important: cups-filters security update | June 2, 2023 |
RHSA-2023:3415 | (RHSA-2023:3415) Important: ACS 4.0 enhancement and security update | May 31, 2023 |
RHSA-2023:3408 | (RHSA-2023:3408) Moderate: openssl security update | May 31, 2023 |
RHSA-2023:3394 | (RHSA-2023:3394) Important: pki-core:10.6 security update | May 31, 2023 |
RHSA-2023:3387 | (RHSA-2023:3387) Moderate: Satellite 6.13.1 Async Security Update | May 31, 2023 |
RHSA-2023:3382 | (RHSA-2023:3382) Important: git security update | May 31, 2023 |
RHSA-2023:3380 | (RHSA-2023:3380) Moderate: apr-util security update | May 31, 2023 |
RHSA-2023:3309 | (RHSA-2023:3309) Moderate: OpenShift Container Platform 4.11.42 bug fix and security update | May 31, 2023 |
RHSA-2023:3379 | (RHSA-2023:3379) Important: Red Hat Advanced Cluster Security for Kubernetes 3.73 security update | May 31, 2023 |
By the Year
In 2023 there have been 262 vulnerabilities in Red Hat with an average score of 6.9 out of ten. Last year Red Hat had 1279 security vulnerabilities published. Right now, Red Hat is on track to have less security vulnerabilities in 2023 than it did last year. Last year, the average CVE base score was greater by 0.03
Year | Vulnerabilities | Average Score |
---|---|---|
2023 | 262 | 6.94 |
2022 | 1279 | 6.98 |
2021 | 1078 | 6.67 |
2020 | 629 | 6.58 |
2019 | 733 | 6.89 |
2018 | 707 | 7.25 |
It may take a day or so for new Red Hat vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Red Hat Security Vulnerabilities
A type checking bug would have led to invalid code being compiled
CVE-2023-32211
- June 02, 2023
A type checking bug would have led to invalid code being compiled. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11.
A missing delay in popup notifications could have made it possible for an attacker to trick a user into granting permissions
CVE-2023-32207
- June 02, 2023
A missing delay in popup notifications could have made it possible for an attacker to trick a user into granting permissions. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11.
An out-of-bound read could have led to a crash in the RLBox Expat driver
CVE-2023-32206
- June 02, 2023
An out-of-bound read could have led to a crash in the RLBox Expat driver. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11.
In multiple cases browser prompts could have been obscured by popups controlled by content
CVE-2023-32205
- June 02, 2023
In multiple cases browser prompts could have been obscured by popups controlled by content. These could have led to potential user confusion and spoofing attacks. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11.
A type checking bug would have led to invalid code being compiled
CVE-2023-32211
- June 02, 2023
A type checking bug would have led to invalid code being compiled. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11.
An attacker could have positioned a <code>datalist</code> element to obscure the address bar
CVE-2023-32212
- June 02, 2023
An attacker could have positioned a <code>datalist</code> element to obscure the address bar. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11.
When reading a file, an uninitialized value could have been used as read limit
CVE-2023-32213
- June 02, 2023
When reading a file, an uninitialized value could have been used as read limit. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11.
Mozilla developers and community members Gabriele Svelto
CVE-2023-32215
- June 02, 2023
Mozilla developers and community members Gabriele Svelto, Andrew Osmond, Emily McDonough, Sebastian Hengst, Andrew McCreight and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 112 and Firefox ESR 102.10. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11.
In multiple cases browser prompts could have been obscured by popups controlled by content
CVE-2023-32205
- June 02, 2023
In multiple cases browser prompts could have been obscured by popups controlled by content. These could have led to potential user confusion and spoofing attacks. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11.
An out-of-bound read could have led to a crash in the RLBox Expat driver
CVE-2023-32206
- June 02, 2023
An out-of-bound read could have led to a crash in the RLBox Expat driver. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11.
A missing delay in popup notifications could have made it possible for an attacker to trick a user into granting permissions
CVE-2023-32207
- June 02, 2023
A missing delay in popup notifications could have made it possible for an attacker to trick a user into granting permissions. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11.
A type checking bug would have led to invalid code being compiled
CVE-2023-32211
- June 02, 2023
A type checking bug would have led to invalid code being compiled. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11.
An attacker could have positioned a <code>datalist</code> element to obscure the address bar
CVE-2023-32212
- June 02, 2023
An attacker could have positioned a <code>datalist</code> element to obscure the address bar. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11.
When reading a file, an uninitialized value could have been used as read limit
CVE-2023-32213
- June 02, 2023
When reading a file, an uninitialized value could have been used as read limit. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11.
Mozilla developers and community members Gabriele Svelto
CVE-2023-32215
- June 02, 2023
Mozilla developers and community members Gabriele Svelto, Andrew Osmond, Emily McDonough, Sebastian Hengst, Andrew McCreight and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 112 and Firefox ESR 102.10. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11.
Mozilla developers and community members Gabriele Svelto
CVE-2023-32215
- June 02, 2023
Mozilla developers and community members Gabriele Svelto, Andrew Osmond, Emily McDonough, Sebastian Hengst, Andrew McCreight and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 112 and Firefox ESR 102.10. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11.
When reading a file, an uninitialized value could have been used as read limit
CVE-2023-32213
- June 02, 2023
When reading a file, an uninitialized value could have been used as read limit. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11.
An attacker could have positioned a <code>datalist</code> element to obscure the address bar
CVE-2023-32212
- June 02, 2023
An attacker could have positioned a <code>datalist</code> element to obscure the address bar. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11.
A type checking bug would have led to invalid code being compiled
CVE-2023-32211
- June 02, 2023
A type checking bug would have led to invalid code being compiled. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11.
A missing delay in popup notifications could have made it possible for an attacker to trick a user into granting permissions
CVE-2023-32207
- June 02, 2023
A missing delay in popup notifications could have made it possible for an attacker to trick a user into granting permissions. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11.
An out-of-bound read could have led to a crash in the RLBox Expat driver
CVE-2023-32206
- June 02, 2023
An out-of-bound read could have led to a crash in the RLBox Expat driver. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11.
In multiple cases browser prompts could have been obscured by popups controlled by content
CVE-2023-32205
- June 02, 2023
In multiple cases browser prompts could have been obscured by popups controlled by content. These could have led to potential user confusion and spoofing attacks. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11.
Mozilla developers and community members Gabriele Svelto
CVE-2023-32215
- June 02, 2023
Mozilla developers and community members Gabriele Svelto, Andrew Osmond, Emily McDonough, Sebastian Hengst, Andrew McCreight and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 112 and Firefox ESR 102.10. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11.
When reading a file, an uninitialized value could have been used as read limit
CVE-2023-32213
- June 02, 2023
When reading a file, an uninitialized value could have been used as read limit. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11.
An attacker could have positioned a <code>datalist</code> element to obscure the address bar
CVE-2023-32212
- June 02, 2023
An attacker could have positioned a <code>datalist</code> element to obscure the address bar. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11.
A type checking bug would have led to invalid code being compiled
CVE-2023-32211
- June 02, 2023
A type checking bug would have led to invalid code being compiled. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11.
A missing delay in popup notifications could have made it possible for an attacker to trick a user into granting permissions
CVE-2023-32207
- June 02, 2023
A missing delay in popup notifications could have made it possible for an attacker to trick a user into granting permissions. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11.
An out-of-bound read could have led to a crash in the RLBox Expat driver
CVE-2023-32206
- June 02, 2023
An out-of-bound read could have led to a crash in the RLBox Expat driver. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11.
In multiple cases browser prompts could have been obscured by popups controlled by content
CVE-2023-32205
- June 02, 2023
In multiple cases browser prompts could have been obscured by popups controlled by content. These could have led to potential user confusion and spoofing attacks. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11.
Mozilla developers and community members Gabriele Svelto
CVE-2023-32215
- June 02, 2023
Mozilla developers and community members Gabriele Svelto, Andrew Osmond, Emily McDonough, Sebastian Hengst, Andrew McCreight and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 112 and Firefox ESR 102.10. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11.
When reading a file, an uninitialized value could have been used as read limit
CVE-2023-32213
- June 02, 2023
When reading a file, an uninitialized value could have been used as read limit. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11.
An attacker could have positioned a <code>datalist</code> element to obscure the address bar
CVE-2023-32212
- June 02, 2023
An attacker could have positioned a <code>datalist</code> element to obscure the address bar. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11.
A missing delay in popup notifications could have made it possible for an attacker to trick a user into granting permissions
CVE-2023-32207
- June 02, 2023
A missing delay in popup notifications could have made it possible for an attacker to trick a user into granting permissions. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11.
An out-of-bound read could have led to a crash in the RLBox Expat driver
CVE-2023-32206
- June 02, 2023
An out-of-bound read could have led to a crash in the RLBox Expat driver. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11.
In multiple cases browser prompts could have been obscured by popups controlled by content
CVE-2023-32205
- June 02, 2023
In multiple cases browser prompts could have been obscured by popups controlled by content. These could have led to potential user confusion and spoofing attacks. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11.
Mozilla developers and community members Gabriele Svelto
CVE-2023-32215
- June 02, 2023
Mozilla developers and community members Gabriele Svelto, Andrew Osmond, Emily McDonough, Sebastian Hengst, Andrew McCreight and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 112 and Firefox ESR 102.10. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11.
When reading a file, an uninitialized value could have been used as read limit
CVE-2023-32213
- June 02, 2023
When reading a file, an uninitialized value could have been used as read limit. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11.
An attacker could have positioned a <code>datalist</code> element to obscure the address bar
CVE-2023-32212
- June 02, 2023
An attacker could have positioned a <code>datalist</code> element to obscure the address bar. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11.
A type checking bug would have led to invalid code being compiled
CVE-2023-32211
- June 02, 2023
A type checking bug would have led to invalid code being compiled. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11.
A missing delay in popup notifications could have made it possible for an attacker to trick a user into granting permissions
CVE-2023-32207
- June 02, 2023
A missing delay in popup notifications could have made it possible for an attacker to trick a user into granting permissions. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11.
An out-of-bound read could have led to a crash in the RLBox Expat driver
CVE-2023-32206
- June 02, 2023
An out-of-bound read could have led to a crash in the RLBox Expat driver. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11.
In multiple cases browser prompts could have been obscured by popups controlled by content
CVE-2023-32205
- June 02, 2023
In multiple cases browser prompts could have been obscured by popups controlled by content. These could have led to potential user confusion and spoofing attacks. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11.
Mozilla developers and community members Gabriele Svelto
CVE-2023-32215
- June 02, 2023
Mozilla developers and community members Gabriele Svelto, Andrew Osmond, Emily McDonough, Sebastian Hengst, Andrew McCreight and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 112 and Firefox ESR 102.10. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11.
When reading a file, an uninitialized value could have been used as read limit
CVE-2023-32213
- June 02, 2023
When reading a file, an uninitialized value could have been used as read limit. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11.
An attacker could have positioned a <code>datalist</code> element to obscure the address bar
CVE-2023-32212
- June 02, 2023
An attacker could have positioned a <code>datalist</code> element to obscure the address bar. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11.
A type checking bug would have led to invalid code being compiled
CVE-2023-32211
- June 02, 2023
A type checking bug would have led to invalid code being compiled. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11.
A missing delay in popup notifications could have made it possible for an attacker to trick a user into granting permissions
CVE-2023-32207
- June 02, 2023
A missing delay in popup notifications could have made it possible for an attacker to trick a user into granting permissions. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11.
An out-of-bound read could have led to a crash in the RLBox Expat driver
CVE-2023-32206
- June 02, 2023
An out-of-bound read could have led to a crash in the RLBox Expat driver. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11.
In multiple cases browser prompts could have been obscured by popups controlled by content
CVE-2023-32205
- June 02, 2023
In multiple cases browser prompts could have been obscured by popups controlled by content. These could have led to potential user confusion and spoofing attacks. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11.
Mozilla developers and community members Gabriele Svelto
CVE-2023-32215
- June 02, 2023
Mozilla developers and community members Gabriele Svelto, Andrew Osmond, Emily McDonough, Sebastian Hengst, Andrew McCreight and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 112 and Firefox ESR 102.10. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11.
When reading a file, an uninitialized value could have been used as read limit
CVE-2023-32213
- June 02, 2023
When reading a file, an uninitialized value could have been used as read limit. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11.
An attacker could have positioned a <code>datalist</code> element to obscure the address bar
CVE-2023-32212
- June 02, 2023
An attacker could have positioned a <code>datalist</code> element to obscure the address bar. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11.
A type checking bug would have led to invalid code being compiled
CVE-2023-32211
- June 02, 2023
A type checking bug would have led to invalid code being compiled. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11.
A missing delay in popup notifications could have made it possible for an attacker to trick a user into granting permissions
CVE-2023-32207
- June 02, 2023
A missing delay in popup notifications could have made it possible for an attacker to trick a user into granting permissions. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11.
In multiple cases browser prompts could have been obscured by popups controlled by content
CVE-2023-32205
- June 02, 2023
In multiple cases browser prompts could have been obscured by popups controlled by content. These could have led to potential user confusion and spoofing attacks. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11.
Mozilla developers and community members Gabriele Svelto
CVE-2023-32215
- June 02, 2023
Mozilla developers and community members Gabriele Svelto, Andrew Osmond, Emily McDonough, Sebastian Hengst, Andrew McCreight and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 112 and Firefox ESR 102.10. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11.
When reading a file, an uninitialized value could have been used as read limit
CVE-2023-32213
- June 02, 2023
When reading a file, an uninitialized value could have been used as read limit. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11.
An attacker could have positioned a <code>datalist</code> element to obscure the address bar
CVE-2023-32212
- June 02, 2023
An attacker could have positioned a <code>datalist</code> element to obscure the address bar. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11.
A type checking bug would have led to invalid code being compiled
CVE-2023-32211
- June 02, 2023
A type checking bug would have led to invalid code being compiled. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11.
A missing delay in popup notifications could have made it possible for an attacker to trick a user into granting permissions
CVE-2023-32207
- June 02, 2023
A missing delay in popup notifications could have made it possible for an attacker to trick a user into granting permissions. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11.
An out-of-bound read could have led to a crash in the RLBox Expat driver
CVE-2023-32206
- June 02, 2023
An out-of-bound read could have led to a crash in the RLBox Expat driver. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11.
In multiple cases browser prompts could have been obscured by popups controlled by content
CVE-2023-32205
- June 02, 2023
In multiple cases browser prompts could have been obscured by popups controlled by content. These could have led to potential user confusion and spoofing attacks. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11.
Mozilla developers and community members Gabriele Svelto
CVE-2023-32215
- June 02, 2023
Mozilla developers and community members Gabriele Svelto, Andrew Osmond, Emily McDonough, Sebastian Hengst, Andrew McCreight and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 112 and Firefox ESR 102.10. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11.
When reading a file, an uninitialized value could have been used as read limit
CVE-2023-32213
- June 02, 2023
When reading a file, an uninitialized value could have been used as read limit. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11.
An attacker could have positioned a <code>datalist</code> element to obscure the address bar
CVE-2023-32212
- June 02, 2023
An attacker could have positioned a <code>datalist</code> element to obscure the address bar. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11.
A type checking bug would have led to invalid code being compiled
CVE-2023-32211
- June 02, 2023
A type checking bug would have led to invalid code being compiled. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11.
A missing delay in popup notifications could have made it possible for an attacker to trick a user into granting permissions
CVE-2023-32207
- June 02, 2023
A missing delay in popup notifications could have made it possible for an attacker to trick a user into granting permissions. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11.
An out-of-bound read could have led to a crash in the RLBox Expat driver
CVE-2023-32206
- June 02, 2023
An out-of-bound read could have led to a crash in the RLBox Expat driver. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11.
In multiple cases browser prompts could have been obscured by popups controlled by content
CVE-2023-32205
- June 02, 2023
In multiple cases browser prompts could have been obscured by popups controlled by content. These could have led to potential user confusion and spoofing attacks. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11.
An out-of-bound read could have led to a crash in the RLBox Expat driver
CVE-2023-32206
- June 02, 2023
An out-of-bound read could have led to a crash in the RLBox Expat driver. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11.
An attacker could construct a PKCS 12 cert bundle in such a way
CVE-2023-0767
- June 02, 2023
An attacker could construct a PKCS 12 cert bundle in such a way that could allow for arbitrary memory writes via PKCS 12 Safe Bag attributes being mishandled. This vulnerability affects Firefox < 110, Thunderbird < 102.8, and Firefox ESR < 102.8.
An attacker could construct a PKCS 12 cert bundle in such a way
CVE-2023-0767
- June 02, 2023
An attacker could construct a PKCS 12 cert bundle in such a way that could allow for arbitrary memory writes via PKCS 12 Safe Bag attributes being mishandled. This vulnerability affects Firefox < 110, Thunderbird < 102.8, and Firefox ESR < 102.8.
An attacker could construct a PKCS 12 cert bundle in such a way
CVE-2023-0767
- June 02, 2023
An attacker could construct a PKCS 12 cert bundle in such a way that could allow for arbitrary memory writes via PKCS 12 Safe Bag attributes being mishandled. This vulnerability affects Firefox < 110, Thunderbird < 102.8, and Firefox ESR < 102.8.
An attacker could construct a PKCS 12 cert bundle in such a way
CVE-2023-0767
- June 02, 2023
An attacker could construct a PKCS 12 cert bundle in such a way that could allow for arbitrary memory writes via PKCS 12 Safe Bag attributes being mishandled. This vulnerability affects Firefox < 110, Thunderbird < 102.8, and Firefox ESR < 102.8.
An attacker could construct a PKCS 12 cert bundle in such a way
CVE-2023-0767
- June 02, 2023
An attacker could construct a PKCS 12 cert bundle in such a way that could allow for arbitrary memory writes via PKCS 12 Safe Bag attributes being mishandled. This vulnerability affects Firefox < 110, Thunderbird < 102.8, and Firefox ESR < 102.8.
Sometimes, when invalidating JIT code while following an iterator, the newly generated code could be overwritten incorrectly
CVE-2023-25751
- June 02, 2023
Sometimes, when invalidating JIT code while following an iterator, the newly generated code could be overwritten incorrectly. This could lead to a potentially exploitable crash. This vulnerability affects Firefox < 111, Firefox ESR < 102.9, and Thunderbird < 102.9.
When accessing throttled streams, the count of available bytes needed to be checked in the calling function to be within bounds
CVE-2023-25752
- June 02, 2023
When accessing throttled streams, the count of available bytes needed to be checked in the calling function to be within bounds. This may have lead future code to be incorrect and vulnerable. This vulnerability affects Firefox < 111, Firefox ESR < 102.9, and Thunderbird < 102.9.
While implementing AudioWorklets, some code may have casted one type to another, invalid, dynamic type
CVE-2023-28162
- June 02, 2023
While implementing AudioWorklets, some code may have casted one type to another, invalid, dynamic type. This could have led to a potentially exploitable crash. This vulnerability affects Firefox < 111, Firefox ESR < 102.9, and Thunderbird < 102.9.
Dragging a URL from a cross-origin iframe that was removed during the drag could have led to user confusion and website spoofing attacks
CVE-2023-28164
- June 02, 2023
Dragging a URL from a cross-origin iframe that was removed during the drag could have led to user confusion and website spoofing attacks. This vulnerability affects Firefox < 111, Firefox ESR < 102.9, and Thunderbird < 102.9.
Mozilla developers Timothy Nikkel
CVE-2023-28176
- June 02, 2023
Mozilla developers Timothy Nikkel, Andrew McCreight, and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 110 and Firefox ESR 102.8. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 111, Firefox ESR < 102.9, and Thunderbird < 102.9.
Sometimes, when invalidating JIT code while following an iterator, the newly generated code could be overwritten incorrectly
CVE-2023-25751
- June 02, 2023
Sometimes, when invalidating JIT code while following an iterator, the newly generated code could be overwritten incorrectly. This could lead to a potentially exploitable crash. This vulnerability affects Firefox < 111, Firefox ESR < 102.9, and Thunderbird < 102.9.
When accessing throttled streams, the count of available bytes needed to be checked in the calling function to be within bounds
CVE-2023-25752
- June 02, 2023
When accessing throttled streams, the count of available bytes needed to be checked in the calling function to be within bounds. This may have lead future code to be incorrect and vulnerable. This vulnerability affects Firefox < 111, Firefox ESR < 102.9, and Thunderbird < 102.9.
While implementing AudioWorklets, some code may have casted one type to another, invalid, dynamic type
CVE-2023-28162
- June 02, 2023
While implementing AudioWorklets, some code may have casted one type to another, invalid, dynamic type. This could have led to a potentially exploitable crash. This vulnerability affects Firefox < 111, Firefox ESR < 102.9, and Thunderbird < 102.9.
Dragging a URL from a cross-origin iframe that was removed during the drag could have led to user confusion and website spoofing attacks
CVE-2023-28164
- June 02, 2023
Dragging a URL from a cross-origin iframe that was removed during the drag could have led to user confusion and website spoofing attacks. This vulnerability affects Firefox < 111, Firefox ESR < 102.9, and Thunderbird < 102.9.
Mozilla developers Timothy Nikkel
CVE-2023-28176
- June 02, 2023
Mozilla developers Timothy Nikkel, Andrew McCreight, and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 110 and Firefox ESR 102.8. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 111, Firefox ESR < 102.9, and Thunderbird < 102.9.
An attacker could construct a PKCS 12 cert bundle in such a way
CVE-2023-0767
- June 02, 2023
An attacker could construct a PKCS 12 cert bundle in such a way that could allow for arbitrary memory writes via PKCS 12 Safe Bag attributes being mishandled. This vulnerability affects Firefox < 110, Thunderbird < 102.8, and Firefox ESR < 102.8.
An attacker could construct a PKCS 12 cert bundle in such a way
CVE-2023-0767
- June 02, 2023
An attacker could construct a PKCS 12 cert bundle in such a way that could allow for arbitrary memory writes via PKCS 12 Safe Bag attributes being mishandled. This vulnerability affects Firefox < 110, Thunderbird < 102.8, and Firefox ESR < 102.8.
An attacker could construct a PKCS 12 cert bundle in such a way
CVE-2023-0767
- June 02, 2023
An attacker could construct a PKCS 12 cert bundle in such a way that could allow for arbitrary memory writes via PKCS 12 Safe Bag attributes being mishandled. This vulnerability affects Firefox < 110, Thunderbird < 102.8, and Firefox ESR < 102.8.
An attacker could construct a PKCS 12 cert bundle in such a way
CVE-2023-0767
- June 02, 2023
An attacker could construct a PKCS 12 cert bundle in such a way that could allow for arbitrary memory writes via PKCS 12 Safe Bag attributes being mishandled. This vulnerability affects Firefox < 110, Thunderbird < 102.8, and Firefox ESR < 102.8.
Sometimes, when invalidating JIT code while following an iterator, the newly generated code could be overwritten incorrectly
CVE-2023-25751
- June 02, 2023
Sometimes, when invalidating JIT code while following an iterator, the newly generated code could be overwritten incorrectly. This could lead to a potentially exploitable crash. This vulnerability affects Firefox < 111, Firefox ESR < 102.9, and Thunderbird < 102.9.
When accessing throttled streams, the count of available bytes needed to be checked in the calling function to be within bounds
CVE-2023-25752
- June 02, 2023
When accessing throttled streams, the count of available bytes needed to be checked in the calling function to be within bounds. This may have lead future code to be incorrect and vulnerable. This vulnerability affects Firefox < 111, Firefox ESR < 102.9, and Thunderbird < 102.9.
While implementing AudioWorklets, some code may have casted one type to another, invalid, dynamic type
CVE-2023-28162
- June 02, 2023
While implementing AudioWorklets, some code may have casted one type to another, invalid, dynamic type. This could have led to a potentially exploitable crash. This vulnerability affects Firefox < 111, Firefox ESR < 102.9, and Thunderbird < 102.9.
Dragging a URL from a cross-origin iframe that was removed during the drag could have led to user confusion and website spoofing attacks
CVE-2023-28164
- June 02, 2023
Dragging a URL from a cross-origin iframe that was removed during the drag could have led to user confusion and website spoofing attacks. This vulnerability affects Firefox < 111, Firefox ESR < 102.9, and Thunderbird < 102.9.
Mozilla developers Timothy Nikkel
CVE-2023-28176
- June 02, 2023
Mozilla developers Timothy Nikkel, Andrew McCreight, and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 110 and Firefox ESR 102.8. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 111, Firefox ESR < 102.9, and Thunderbird < 102.9.
An attacker could construct a PKCS 12 cert bundle in such a way
CVE-2023-0767
- June 02, 2023
An attacker could construct a PKCS 12 cert bundle in such a way that could allow for arbitrary memory writes via PKCS 12 Safe Bag attributes being mishandled. This vulnerability affects Firefox < 110, Thunderbird < 102.8, and Firefox ESR < 102.8.
An attacker could construct a PKCS 12 cert bundle in such a way
CVE-2023-0767
- June 02, 2023
An attacker could construct a PKCS 12 cert bundle in such a way that could allow for arbitrary memory writes via PKCS 12 Safe Bag attributes being mishandled. This vulnerability affects Firefox < 110, Thunderbird < 102.8, and Firefox ESR < 102.8.
Sometimes, when invalidating JIT code while following an iterator, the newly generated code could be overwritten incorrectly
CVE-2023-25751
- June 02, 2023
Sometimes, when invalidating JIT code while following an iterator, the newly generated code could be overwritten incorrectly. This could lead to a potentially exploitable crash. This vulnerability affects Firefox < 111, Firefox ESR < 102.9, and Thunderbird < 102.9.
When accessing throttled streams, the count of available bytes needed to be checked in the calling function to be within bounds
CVE-2023-25752
- June 02, 2023
When accessing throttled streams, the count of available bytes needed to be checked in the calling function to be within bounds. This may have lead future code to be incorrect and vulnerable. This vulnerability affects Firefox < 111, Firefox ESR < 102.9, and Thunderbird < 102.9.
While implementing AudioWorklets, some code may have casted one type to another, invalid, dynamic type
CVE-2023-28162
- June 02, 2023
While implementing AudioWorklets, some code may have casted one type to another, invalid, dynamic type. This could have led to a potentially exploitable crash. This vulnerability affects Firefox < 111, Firefox ESR < 102.9, and Thunderbird < 102.9.
Dragging a URL from a cross-origin iframe that was removed during the drag could have led to user confusion and website spoofing attacks
CVE-2023-28164
- June 02, 2023
Dragging a URL from a cross-origin iframe that was removed during the drag could have led to user confusion and website spoofing attacks. This vulnerability affects Firefox < 111, Firefox ESR < 102.9, and Thunderbird < 102.9.