Vulnerabilities
Vulnerable Software
Mozilla:  Security Vulnerabilities
Mozilla developers and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 108 and Firefox ESR 102.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 109, Firefox ESR < 102.7, and Thunderbird < 102.7.
CVSS Score
8.8
EPSS Score
0.007
Published
2023-06-02
Mozilla developers and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 108. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 109.
CVSS Score
8.8
EPSS Score
0.005
Published
2023-06-02
Scanning a QR code that contained a javascript: URL would have resulted in the Javascript being executed.
CVSS Score
6.1
EPSS Score
0.004
Published
2023-02-16
The Raccoon attack is a timing attack on DHE ciphersuites inherit in the TLS specification. To mitigate this vulnerability, Firefox disabled support for DHE ciphersuites.
CVSS Score
5.9
EPSS Score
0.006
Published
2023-02-16
bleach.clean behavior parsing style attributes could result in a regular expression denial of service (ReDoS). Calls to bleach.clean with an allowed tag with an allowed style attribute are vulnerable to ReDoS. For example, bleach.clean(..., attributes={'a': ['style']}).
CVSS Score
7.5
EPSS Score
0.007
Published
2023-02-16
A mutation XSS affects users calling bleach.clean with all of: svg or math in the allowed tags p or br in allowed tags style, title, noscript, script, textarea, noframes, iframe, or xmp in allowed tags the keyword argument strip_comments=False Note: none of the above tags are in the default allowed tags and strip_comments defaults to True.
CVSS Score
6.1
EPSS Score
0.005
Published
2023-02-16
Thunderbird versions prior to 91.3.0 are vulnerable to the heap overflow described in CVE-2021-43527 when processing S/MIME messages. Thunderbird versions 91.3.0 and later will not call the vulnerable code when processing S/MIME messages that contain certificates with DER-encoded DSA or RSA-PSS signatures.
CVSS Score
9.8
EPSS Score
0.005
Published
2023-02-16
open redirect in pollbot (pollbot.services.mozilla.com) in versions before 1.4.6
CVSS Score
6.1
EPSS Score
0.004
Published
2023-02-16
Mozilla developers Timothy Nikkel, Ashley Hale, and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 105. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 106.
CVSS Score
8.8
EPSS Score
0.005
Published
2022-12-22
Mozilla developers and community members Lukas Bernhard, Gabriele Svelto, Randell Jesup, and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 107. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 108.
CVSS Score
8.8
EPSS Score
0.006
Published
2022-12-22


Contact Us

Shodan ® - All rights reserved