Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
firefox esr vulnerabilities and exploits
(subscribe to this query)
6.5
CVSSv3
CVE-2023-5171
During Ion compilation, a Garbage Collection could have resulted in a use-after-free condition, allowing an malicious user to write two NUL bytes, and cause a potentially exploitable crash. This vulnerability affects Firefox < 118, Firefox ESR < 115.3, and Thunderbird < ...
Mozilla Firefox
Mozilla Thunderbird
Mozilla Firefox Esr
Debian Debian Linux 10.0
Debian Debian Linux 11.0
Debian Debian Linux 12.0
Fedoraproject Fedora 39
7.5
CVSSv3
CVE-2023-43669
The Tungstenite crate prior to 0.20.1 for Rust allows remote malicious users to cause a denial of service (minutes of CPU consumption) via an excessive length of an HTTP header in a client handshake. The length affects both how many times a parse is attempted (e.g., thousands of ...
Snapview Tungstenite
Fedoraproject Fedora 37
Fedoraproject Fedora 38
Fedoraproject Fedora 39
8.8
CVSSv3
CVE-2023-4863
Heap buffer overflow in libwebp in Google Chrome before 116.0.5845.187 and libwebp 1.3.2 allowed a remote malicious user to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: Critical)
Google Chrome
Fedoraproject Fedora 37
Fedoraproject Fedora 38
Fedoraproject Fedora 39
Debian Debian Linux 10.0
Debian Debian Linux 11.0
Debian Debian Linux 12.0
Mozilla Firefox
Mozilla Thunderbird
Mozilla Firefox Esr
Microsoft Edge
Webmproject Libwebp
20 Github repositories
5 Articles
8.6
CVSSv3
CVE-2023-4576
On Windows, an integer overflow could occur in `RecordedSourceSurfaceCreation` which resulted in a heap buffer overflow potentially leaking sensitive data that could have led to a sandbox escape. *This bug only affects Firefox on Windows. Other operating systems are unaffected.* ...
Mozilla Firefox
Mozilla Firefox Esr
Mozilla Thunderbird
6.5
CVSSv3
CVE-2023-4577
When `UpdateRegExpStatics` attempted to access `initialStringHeap` it could already have been garbage collected prior to entering the function, which could potentially have led to an exploitable crash. This vulnerability affects Firefox < 117, Firefox ESR < 115.2, and Thund...
Mozilla Thunderbird
Mozilla Firefox
Mozilla Firefox Esr
6.5
CVSSv3
CVE-2023-4580
Push notifications stored on disk in private browsing mode were not being encrypted potentially allowing the leak of sensitive information. This vulnerability affects Firefox < 117, Firefox ESR < 115.2, and Thunderbird < 115.2.
Mozilla Thunderbird
Mozilla Firefox
Mozilla Firefox Esr
8.8
CVSSv3
CVE-2023-4582
Due to large allocation checks in Angle for glsl shaders being too lenient a buffer overflow could have occured when allocating too much private shader memory on mac OS. *This bug only affects Firefox on macOS. Other operating systems are unaffected.* This vulnerability affects F...
Mozilla Firefox
Mozilla Firefox Esr
Mozilla Thunderbird
8.8
CVSSv3
CVE-2023-4585
Memory safety bugs present in Firefox 116, Firefox ESR 115.1, and Thunderbird 115.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox &l...
Mozilla Thunderbird
Mozilla Firefox
Mozilla Firefox Esr
6.5
CVSSv3
CVE-2023-4574
When creating a callback over IPC for showing the Color Picker window, multiple of the same callbacks could have been created at a time and eventually all simultaneously destroyed as soon as one of the callbacks finished. This could have led to a use-after-free causing a potentia...
Mozilla Thunderbird
Mozilla Firefox Esr
Mozilla Firefox
6.5
CVSSv3
CVE-2023-4575
When creating a callback over IPC for showing the File Picker window, multiple of the same callbacks could have been created at a time and eventually all simultaneously destroyed as soon as one of the callbacks finished. This could have led to a use-after-free causing a potential...
Mozilla Thunderbird
Mozilla Firefox Esr
Mozilla Firefox
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-26925
CVE-2023-41826
LFI
CVE-2022-22364
CVE-2024-2887
command injection
remote code execution
CVE-2024-34446
CVE-2022-48699
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
3
4
5
6
7
8
9
10
NEXT »