Mozilla: >> Firefox >> 0.6.1 Security Vulnerabilities
Dragging Javascript URLs to the address bar could cause them to be loaded, bypassing restrictions and security protections This vulnerability affects Firefox for iOS < 124.
CVSS Score
4.3
EPSS Score
0.001
Published
2024-04-03
An attacker was able to perform an out-of-bounds read or write on a JavaScript object by fooling range-based bounds check elimination. This vulnerability affects Firefox < 124.0.1.
CVSS Score
9.8
EPSS Score
0.632
Published
2024-03-22
An attacker was able to inject an event handler into a privileged object that would allow arbitrary JavaScript execution in the parent process. Note: This vulnerability affects Desktop Firefox only, it does not affect mobile versions of Firefox. This vulnerability affects Firefox < 124.0.1 and Firefox ESR < 115.9.1.
CVSS Score
8.4
EPSS Score
0.009
Published
2024-03-22
Data was not properly sanitized when decoding a QUIC ACK frame; this could have led to unrestricted memory consumption and a crash. This vulnerability affects Firefox < 124.
CVSS Score
7.5
EPSS Score
0.002
Published
2024-03-19
When opening a website using the `firefox://` protocol handler, SameSite cookies were not properly respected. This vulnerability affects Firefox < 123.
CVSS Score
8.3
EPSS Score
0.0
Published
2024-02-20
The incorrect object was checked for NULL in the built-in profiler, potentially leading to invalid memory access and undefined behavior. *Note:* This issue only affects the application when the profiler is running. This vulnerability affects Firefox < 123.
CVSS Score
6.5
EPSS Score
0.003
Published
2024-02-20
An out of bounds write in ANGLE could have allowed an attacker to corrupt memory leading to a potentially exploitable crash. This vulnerability affects Firefox < 122, Firefox ESR < 115.7, and Thunderbird < 115.7.
CVSS Score
6.5
EPSS Score
0.425
Published
2024-01-23
It was possible for certain browser prompts and dialogs to be activated or dismissed unintentionally by the user due to an incorrect timestamp used to prevent input after page load. This vulnerability affects Firefox < 122, Firefox ESR < 115.7, and Thunderbird < 115.7.
CVSS Score
4.3
EPSS Score
0.014
Published
2024-01-23
An unchecked return value in TLS handshake code could have caused a potentially exploitable crash. This vulnerability affects Firefox < 122, Firefox ESR < 115.9, and Thunderbird < 115.9.
CVSS Score
7.5
EPSS Score
0.006
Published
2024-01-23
In some circumstances, JIT compiled code could have dereferenced a wild pointer value. This could have led to an exploitable crash. This vulnerability affects Firefox < 122.
CVSS Score
7.5
EPSS Score
0.003
Published
2024-01-23