Mozilla: >> Firefox >> 112.0.1 Security Vulnerabilities
When choosing a site-isolated process for a document loaded from a data: URL that was the result of a redirect, Firefox would load that document in the same process as the site that issued the redirect. This bypassed the site-isolation protections against Spectre-like attacks on sites that host an "open redirect". Firefox no longer follows HTTP redirects to data: URLs. This vulnerability affects Firefox < 114.
CVSS Score
6.1
EPSS Score
0.001
Published
2023-06-19
Service workers could reveal script base URL due to dynamic `import()`. This vulnerability affects Firefox < 113.
CVSS Score
5.3
EPSS Score
0.002
Published
2023-06-19
A maliciously crafted favicon could have led to an out of memory crash. This vulnerability affects Firefox < 113.
CVSS Score
7.5
EPSS Score
0.002
Published
2023-06-19
Documents were incorrectly assuming an ordering of principal objects when ensuring we were loading an appropriately privileged principal. In certain circumstances it might have been possible to cause a document to be loaded with a higher privileged principal than intended. This vulnerability affects Firefox < 113.
CVSS Score
6.5
EPSS Score
0.002
Published
2023-06-19
Protocol handlers `ms-cxh` and `ms-cxh-full` could have been leveraged to trigger a denial of service.
*Note: This attack only affects Windows. Other operating systems are not affected.* This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11.
CVSS Score
7.5
EPSS Score
0.002
Published
2023-06-19
Mozilla developers and community members Ronald Crane, Andrew McCreight, Randell Jesup and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 112. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 113.
CVSS Score
9.8
EPSS Score
0.003
Published
2023-06-19
In multiple cases browser prompts could have been obscured by popups controlled by content. These could have led to potential user confusion and spoofing attacks. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11.
CVSS Score
4.3
EPSS Score
0.001
Published
2023-06-02
An out-of-bound read could have led to a crash in the RLBox Expat driver. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11.
CVSS Score
6.5
EPSS Score
0.001
Published
2023-06-02
A missing delay in popup notifications could have made it possible for an attacker to trick a user into granting permissions. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11.
CVSS Score
8.8
EPSS Score
0.002
Published
2023-06-02
A type checking bug would have led to invalid code being compiled. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11.
CVSS Score
6.5
EPSS Score
0.001
Published
2023-06-02