Search Results (Refine Search)
- Keyword (text search): cpe:2.3:a:mozilla:firefox:3.5.5:*:*:*:*:*:*:*
- CPE Name Search: true
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2024-7519 |
Insufficient checks when processing graphics shared memory could have led to memory corruption. This could be leveraged by an attacker to perform a sandbox escape. This vulnerability affects Firefox < 129, Firefox ESR < 115.14, Firefox ESR < 128.1, Thunderbird < 128.1, and Thunderbird < 115.14. Published: August 06, 2024; 9:15:57 AM -0400 |
V4.0:(not available) V3.1: 9.6 CRITICAL V2.0:(not available) |
CVE-2024-7518 |
Select options could obscure the fullscreen notification dialog. This could be used by a malicious site to perform a spoofing attack. This vulnerability affects Firefox < 129, Firefox ESR < 128.1, and Thunderbird < 128.1. Published: August 06, 2024; 9:15:56 AM -0400 |
V4.0:(not available) V3.1: 6.5 MEDIUM V2.0:(not available) |
CVE-2024-6610 |
Form validation popups could capture escape key presses. Therefore, spamming form validation messages could be used to prevent users from exiting full-screen mode. This vulnerability affects Firefox < 128 and Thunderbird < 128. Published: July 09, 2024; 11:15:12 AM -0400 |
V4.0:(not available) V3.1: 4.3 MEDIUM V2.0:(not available) |
CVE-2024-6609 |
When almost out-of-memory an elliptic curve key which was never allocated could have been freed again. This vulnerability affects Firefox < 128 and Thunderbird < 128. Published: July 09, 2024; 11:15:12 AM -0400 |
V4.0:(not available) V3.1: 8.8 HIGH V2.0:(not available) |
CVE-2024-6608 |
It was possible to move the cursor using pointerlock from an iframe. This allowed moving the cursor outside of the viewport and the Firefox window. This vulnerability affects Firefox < 128 and Thunderbird < 128. Published: July 09, 2024; 11:15:12 AM -0400 |
V4.0:(not available) V3.1: 4.3 MEDIUM V2.0:(not available) |
CVE-2024-5698 |
By manipulating the fullscreen feature while opening a data-list, an attacker could have overlaid a text box over the address bar. This could have led to user confusion and possible spoofing attacks. This vulnerability affects Firefox < 127. Published: June 11, 2024; 9:15:51 AM -0400 |
V4.0:(not available) V3.1: 6.1 MEDIUM V2.0:(not available) |
CVE-2024-5697 |
A website was able to detect when a user took a screenshot of a page using the built-in Screenshot functionality in Firefox. This vulnerability affects Firefox < 127. Published: June 11, 2024; 9:15:51 AM -0400 |
V4.0:(not available) V3.1: 4.3 MEDIUM V2.0:(not available) |
CVE-2024-5695 |
If an out-of-memory condition occurs at a specific point using allocations in the probabilistic heap checker, an assertion could have been triggered, and in rarer situations, memory corruption could have occurred. This vulnerability affects Firefox < 127. Published: June 11, 2024; 9:15:51 AM -0400 |
V4.0:(not available) V3.1: 9.8 CRITICAL V2.0:(not available) |
CVE-2024-5694 |
An attacker could have caused a use-after-free in the JavaScript engine to read memory in the JavaScript string section of the heap. This vulnerability affects Firefox < 127. Published: June 11, 2024; 9:15:50 AM -0400 |
V4.0:(not available) V3.1: 7.5 HIGH V2.0:(not available) |
CVE-2024-5691 |
By tricking the browser with a `X-Frame-Options` header, a sandboxed iframe could have presented a button that, if clicked by a user, would bypass restrictions to open a new window. This vulnerability affects Firefox < 127, Firefox ESR < 115.12, and Thunderbird < 115.12. Published: June 11, 2024; 9:15:50 AM -0400 |
V4.0:(not available) V3.1: 4.7 MEDIUM V2.0:(not available) |
CVE-2024-5690 |
By monitoring the time certain operations take, an attacker could have guessed which external protocol handlers were functional on a user's system. This vulnerability affects Firefox < 127, Firefox ESR < 115.12, and Thunderbird < 115.12. Published: June 11, 2024; 9:15:50 AM -0400 |
V4.0:(not available) V3.1: 4.3 MEDIUM V2.0:(not available) |
CVE-2024-5689 |
In addition to detecting when a user was taking a screenshot (XXX), a website was able to overlay the 'My Shots' button that appeared, and direct the user to a replica Firefox Screenshots page that could be used for phishing. This vulnerability affects Firefox < 127. Published: June 11, 2024; 9:15:50 AM -0400 |
V4.0:(not available) V3.1: 4.3 MEDIUM V2.0:(not available) |
CVE-2024-0755 |
Memory safety bugs present in Firefox 121, Firefox ESR 115.6, and Thunderbird 115.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 122, Firefox ESR < 115.7, and Thunderbird < 115.7. Published: January 23, 2024; 9:15:38 AM -0500 |
V4.0:(not available) V3.1: 8.8 HIGH V2.0:(not available) |
CVE-2024-0754 |
Some WASM source files could have caused a crash when loaded in devtools. This vulnerability affects Firefox < 122. Published: January 23, 2024; 9:15:38 AM -0500 |
V4.0:(not available) V3.1: 6.5 MEDIUM V2.0:(not available) |
CVE-2024-0753 |
In specific HSTS configurations an attacker could have bypassed HSTS on a subdomain. This vulnerability affects Firefox < 122, Firefox ESR < 115.7, and Thunderbird < 115.7. Published: January 23, 2024; 9:15:38 AM -0500 |
V4.0:(not available) V3.1: 6.5 MEDIUM V2.0:(not available) |
CVE-2024-0752 |
A use-after-free crash could have occurred on macOS if a Firefox update were being applied on a very busy system. This could have resulted in an exploitable crash. This vulnerability affects Firefox < 122. Published: January 23, 2024; 9:15:38 AM -0500 |
V4.0:(not available) V3.1: 6.5 MEDIUM V2.0:(not available) |
CVE-2024-0751 |
A malicious devtools extension could have been used to escalate privileges. This vulnerability affects Firefox < 122, Firefox ESR < 115.7, and Thunderbird < 115.7. Published: January 23, 2024; 9:15:38 AM -0500 |
V4.0:(not available) V3.1: 8.8 HIGH V2.0:(not available) |
CVE-2024-0750 |
A bug in popup notifications delay calculation could have made it possible for an attacker to trick a user into granting permissions. This vulnerability affects Firefox < 122, Firefox ESR < 115.7, and Thunderbird < 115.7. Published: January 23, 2024; 9:15:38 AM -0500 |
V4.0:(not available) V3.1: 8.8 HIGH V2.0:(not available) |
CVE-2024-0749 |
A phishing site could have repurposed an `about:` dialog to show phishing content with an incorrect origin in the address bar. This vulnerability affects Firefox < 122 and Thunderbird < 115.7. Published: January 23, 2024; 9:15:38 AM -0500 |
V4.0:(not available) V3.1: 4.3 MEDIUM V2.0:(not available) |
CVE-2024-0748 |
A compromised content process could have updated the document URI. This could have allowed an attacker to set an arbitrary URI in the address bar or history. This vulnerability affects Firefox < 122. Published: January 23, 2024; 9:15:38 AM -0500 |
V4.0:(not available) V3.1: 4.3 MEDIUM V2.0:(not available) |