Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
mozilla firefox esr vulnerabilities and exploits
(subscribe to this query)
6.5
CVSSv3
CVE-2023-5727
The executable file warning was not presented when downloading .msix, .msixbundle, .appx, and .appxbundle files, which can run commands on a user's computer. *Note: This issue only affected Windows operating systems. Other operating systems are unaffected.* This vulnerabilit...
Mozilla Firefox
Mozilla Firefox Esr
Mozilla Thunderbird
8.8
CVSSv3
CVE-2023-5217
Heap buffer overflow in vp8 encoding in libvpx in Google Chrome before 117.0.5938.132 and libvpx 1.13.1 allowed a remote malicious user to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Webmproject Libvpx
Microsoft Edge 116.0.1938.98
Microsoft Edge 117.0.2045.47
Microsoft Edge Chromium 116.0.5845.229
Microsoft Edge Chromium 117.0.5938.132
Mozilla Firefox Focus
Mozilla Firefox Esr
Mozilla Firefox
Mozilla Thunderbird
Fedoraproject Fedora 37
Fedoraproject Fedora 38
Fedoraproject Fedora 39
Debian Debian Linux 10.0
Debian Debian Linux 11.0
Debian Debian Linux 12.0
Apple Iphone Os
Apple Ipad Os
Apple Ipad Os 16.7
Apple Iphone Os 16.7
2 Github repositories
5 Articles
9.8
CVSSv3
CVE-2023-5174
If Windows failed to duplicate a handle during process creation, the sandbox code may have inadvertently freed a pointer twice, resulting in a use-after-free and a potentially exploitable crash. *This bug only affects Firefox on Windows when run in non-standard configurations (su...
Mozilla Firefox
Mozilla Firefox Esr
Mozilla Thunderbird
9.8
CVSSv3
CVE-2023-5176
Memory safety bugs present in Firefox 117, Firefox ESR 115.2, and Thunderbird 115.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox &l...
Mozilla Firefox
Mozilla Thunderbird
Mozilla Firefox Esr
Debian Debian Linux 10.0
Debian Debian Linux 11.0
Debian Debian Linux 12.0
9.8
CVSSv3
CVE-2023-5168
A compromised content process could have provided malicious data to `FilterNodeD2D1` resulting in an out-of-bounds write, leading to a potentially exploitable crash in a privileged process. *This bug only affects Firefox on Windows. Other operating systems are unaffected.* This v...
Mozilla Firefox
Mozilla Firefox Esr
Mozilla Thunderbird
6.5
CVSSv3
CVE-2023-5169
A compromised content process could have provided malicious data in a `PathRecording` resulting in an out-of-bounds write, leading to a potentially exploitable crash in a privileged process. This vulnerability affects Firefox < 118, Firefox ESR < 115.3, and Thunderbird <...
Mozilla Firefox
Mozilla Thunderbird
Mozilla Firefox Esr
Debian Debian Linux 10.0
Debian Debian Linux 11.0
Debian Debian Linux 12.0
Fedoraproject Fedora 39
6.5
CVSSv3
CVE-2023-5171
During Ion compilation, a Garbage Collection could have resulted in a use-after-free condition, allowing an malicious user to write two NUL bytes, and cause a potentially exploitable crash. This vulnerability affects Firefox < 118, Firefox ESR < 115.3, and Thunderbird < ...
Mozilla Firefox
Mozilla Thunderbird
Mozilla Firefox Esr
Debian Debian Linux 10.0
Debian Debian Linux 11.0
Debian Debian Linux 12.0
Fedoraproject Fedora 39
7.5
CVSSv3
CVE-2023-43669
The Tungstenite crate prior to 0.20.1 for Rust allows remote malicious users to cause a denial of service (minutes of CPU consumption) via an excessive length of an HTTP header in a client handshake. The length affects both how many times a parse is attempted (e.g., thousands of ...
Snapview Tungstenite
Fedoraproject Fedora 37
Fedoraproject Fedora 38
Fedoraproject Fedora 39
8.8
CVSSv3
CVE-2023-4863
Heap buffer overflow in libwebp in Google Chrome before 116.0.5845.187 and libwebp 1.3.2 allowed a remote malicious user to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: Critical)
Google Chrome
Fedoraproject Fedora 37
Fedoraproject Fedora 38
Fedoraproject Fedora 39
Debian Debian Linux 10.0
Debian Debian Linux 11.0
Debian Debian Linux 12.0
Mozilla Firefox
Mozilla Thunderbird
Mozilla Firefox Esr
Microsoft Edge
Webmproject Libwebp
20 Github repositories
5 Articles
6.5
CVSSv3
CVE-2023-4574
When creating a callback over IPC for showing the Color Picker window, multiple of the same callbacks could have been created at a time and eventually all simultaneously destroyed as soon as one of the callbacks finished. This could have led to a use-after-free causing a potentia...
Mozilla Thunderbird
Mozilla Firefox Esr
Mozilla Firefox
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-33228
CVE-2024-20361
log injection
bypass
CVE-2024-4985
CVE-2024-35223
CVE-2024-29849
CVE-2024-31893
IMAP
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
3
4
5
6
7
8
9
10
NEXT »