Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
team foundation server vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-23598
Due to the Firefox GTK wrapper code's use of text/plain for drag data and GTK treating all text/plain MIMEs containing file URLs as being dragged a website could arbitrarily read a file via a call to <code>DataTransfer.setData</code>. This vulnerability affects F...
Mozilla Firefox
Mozilla Firefox Esr
Mozilla Thunderbird
NA
CVE-2023-23599
When copying a network request from the developer tools panel as a curl command the output was not being properly sanitized and could allow arbitrary commands to be hidden within. This vulnerability affects Firefox < 109, Thunderbird < 102.7, and Firefox ESR < 102.7.
Mozilla Firefox
Mozilla Firefox Esr
Mozilla Thunderbird
NA
CVE-2023-23601
Navigations were being allowed when dragging a URL from a cross-origin iframe into the same tab which could lead to website spoofing attacks. This vulnerability affects Firefox < 109, Thunderbird < 102.7, and Firefox ESR < 102.7.
Mozilla Firefox
Mozilla Firefox Esr
Mozilla Thunderbird
NA
CVE-2023-23602
A mishandled security check when creating a WebSocket in a WebWorker caused the Content Security Policy connect-src header to be ignored. This could lead to connections to restricted origins from inside WebWorkers. This vulnerability affects Firefox < 109, Thunderbird < 102...
Mozilla Firefox
Mozilla Firefox Esr
Mozilla Thunderbird
NA
CVE-2023-23603
Regular expressions used to filter out forbidden properties and values from style directives in calls to <code>console.log</code> weren't accounting for external URLs. Data could then be potentially exfiltrated from the browser. This vulnerability affects Firefox...
Mozilla Firefox
Mozilla Firefox Esr
Mozilla Thunderbird
NA
CVE-2023-23605
Memory safety bugs present in Firefox 108 and Firefox ESR 102.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 109, Thunderbird ...
Mozilla Firefox
Mozilla Firefox Esr
Mozilla Thunderbird
NA
CVE-2022-46871
An out of date library (libusrsctp) contained vulnerabilities that could potentially be exploited. This vulnerability affects Firefox < 108.
Mozilla Firefox
Debian Debian Linux 10.0
Debian Debian Linux 11.0
NA
CVE-2022-46872
An attacker who compromised a content process could have partially escaped the sandbox to read arbitrary files via clipboard-related IPC messages.<br>*This bug only affects Thunderbird for Linux. Other operating systems are unaffected.*. This vulnerability affects Firefox &...
Mozilla Firefox
Mozilla Firefox Esr
Mozilla Thunderbird
NA
CVE-2022-46874
A file with a long filename could have had its filename truncated to remove the valid extension, leaving a malicious extension in its place. This could potentially led to user confusion and the execution of malicious code.<br/>*Note*: This issue was originally included in t...
Mozilla Firefox
Mozilla Firefox Esr
Mozilla Thunderbird
NA
CVE-2022-46877
By confusing the browser, the fullscreen notification could have been delayed or suppressed, resulting in potential user confusion or spoofing attacks. This vulnerability affects Firefox < 108.
Mozilla Firefox
Debian Debian Linux 10.0
Debian Debian Linux 11.0
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
encryption
CVE-2024-4331
CVE-2024-26925
arbitrary code
CVE-2006-4304
CVE-2024-25458
CVE-2024-27077
reflected XSS
CVE-2024-4059
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »