Skip to main content
CVE-2023-29550 HIGH This Week

Memory safety bugs present in Firefox 111 and Firefox ESR 102.9. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Mozilla Google Firefox +3
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2023-29543 HIGH This Week

An attacker could have caused memory corruption and a potentially exploitable use-after-free of a pointer in a global object's debugger vector. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Google Use After Free Mozilla Memory Corruption +2
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2023-29541 HIGH This Week

Firefox did not properly handle downloads of files ending in <code>.desktop</code>, which can be interpreted to run attacker-controlled commands. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Google Information Disclosure Firefox Firefox Esr +2
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2023-29539 HIGH This Week

When handling the filename directive in the Content-Disposition header, the filename would be truncated if the filename contained a NULL character. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Mozilla Null Pointer Dereference Google Firefox +3
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2023-29536 HIGH This Week

An attacker could cause the memory manager to incorrectly free a pointer that addresses attacker-controlled memory, resulting in an assertion, memory corruption, or a potentially exploitable crash. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Google Use After Free Mozilla Memory Corruption +4
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2023-28177 HIGH This Week

Memory safety bugs present in Firefox 110. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Mozilla RCE Firefox
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2023-28176 HIGH This Week

Memory safety bugs present in Firefox 110 and Firefox ESR 102.8. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Mozilla RCE Firefox +2
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2023-28162 HIGH This Week

While implementing AudioWorklets, some code may have casted one type to another, invalid, dynamic type. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Denial Of Service Firefox Firefox Esr Thunderbird
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2023-28161 HIGH This Week

If temporary "one-time" permissions, such as the ability to use the Camera, were granted to a document loaded using a file: URL, that permission persisted in that tab for all other documents loaded. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Information Disclosure Firefox
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2023-25746 HIGH This Week

Memory safety bugs present in Firefox ESR 102.7. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Mozilla RCE Firefox Esr +1
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2023-25745 HIGH This Week

Memory safety bugs present in Firefox 109. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Mozilla RCE Firefox
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2023-25744 HIGH This Week

Mmemory safety bugs present in Firefox 109 and Firefox ESR 102.7. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Mozilla RCE Firefox +1
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2023-25740 HIGH This Week

After downloading a Windows <code>.scf</code> script from the local filesystem, an attacker could supply a remote path that would lead to unexpected network requests from the operating system. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Information Disclosure Microsoft Firefox
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2023-25739 HIGH This Week

Module load requests that failed were not being checked as to whether or not they were cancelled causing a use-after-free in <code>ScriptLoadContext</code>. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Mozilla Memory Corruption Information Disclosure Firefox +2
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2023-25737 HIGH This Week

An invalid downcast from <code>nsTextNode</code> to <code>SVGElement</code> could have lead to undefined behavior. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Information Disclosure Firefox Firefox Esr Thunderbird
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2023-25735 HIGH This Week

Cross-compartment wrappers wrapping a scripted proxy could have caused objects from other compartments to be stored in the main compartment resulting in a use-after-free after unwrapping the proxy. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Mozilla Memory Corruption Information Disclosure Firefox +2
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2023-25732 HIGH This Week

When encoding data from an <code>inputStream</code> in <code>xpcom</code> the size of the input being encoded was not correctly calculated potentially leading to an out of bounds memory write. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Mozilla Firefox Firefox Esr +1
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2023-25731 HIGH This Week

Due to URL previews in the network panel of developer tools improperly storing URLs, query parameters could potentially be used to overwrite global objects in privileged code. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Information Disclosure Firefox
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2023-25729 HIGH This Week

Permission prompts for opening external schemes were only shown for <code>ContentPrincipals</code> resulting in extensions being able to open them without user interaction via. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Authentication Bypass Firefox Firefox Esr Thunderbird
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2023-23606 HIGH This Week

Mozilla developers and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 108. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Mozilla RCE Firefox
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2023-23605 HIGH This Week

Mozilla developers and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 108 and Firefox ESR 102.6. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Mozilla RCE Firefox +2
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2023-0767 HIGH This Week

An attacker could construct a PKCS 12 cert bundle in such a way that could allow for arbitrary memory writes via PKCS 12 Safe Bag attributes being mishandled. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Information Disclosure Firefox Firefox Esr Thunderbird
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2023-28704 HIGH This Week

Furbo dog camera has insufficient filtering for special parameter of device log management function. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Command Injection Dog Camera Firmware
NVD
CVSS 3.1
8.8
EPSS
1.0%
CVE-2023-28702 HIGH This Week

ASUS RT-AC86U does not filter special characters for parameters in specific web URLs. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Rt Ac86U Firmware
NVD
CVSS 3.1
8.8
EPSS
1.2%
CVE-2023-28699 HIGH This Week

Wade Graphic Design FANTSY has a vulnerability of insufficient filtering for file type in its file update function. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload PHP Fantasy
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2023-1297 HIGH PATCH This Week

Consul and Consul Enterprise's cluster peering implementation contained a flaw whereby a peer cluster with service of the same name as a local service could corrupt Consul state, resulting in denial. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service HashiCorp Consul
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2023-29537 HIGH This Week

Multiple race conditions in the font initialization could have led to memory corruption and execution of attacker-controlled code. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Race Condition Buffer Overflow Mozilla Google Firefox +1
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-25743 HIGH This Week

A lack of in app notification for entering fullscreen mode could have lead to a malicious website spoofing browser chrome.<br>*This bug only affects Firefox Focus. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Google Authentication Bypass Firefox Focus
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-30602 HIGH This Week

Hitron Technologies CODA-5310’s Telnet function transfers sensitive data in plaintext. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Coda 5310 Firmware
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2023-2061 HIGH This Week

Use of Hard-coded Password vulnerability in FTP function on Mitsubishi Electric Corporation MELSEC iQ-R Series EtherNet/IP module RJ71EIP91 and MELSEC iQ-F Series EtherNet/IP module FX5-ENET/IP. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Fx5 Enet Ip Firmware Sw1Dnn Eipct Bd Firmware Rj71Eip91 Firmware Sw1Dnn Eipctfx5 Bd Firmware
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2023-2060 HIGH This Week

Weak Password Requirements vulnerability in FTP function on Mitsubishi Electric Corporation MELSEC iQ-R Series EtherNet/IP module RJ71EIP91 and MELSEC iQ-F Series EtherNet/IP module FX5-ENET/IP. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Brute Force Fx5 Enet Ip Firmware Sw1Dnn Eipct Bd Firmware Rj71Eip91 Firmware +1
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2023-3044 LOW POC Monitor

An excessively large PDF page size (found in fuzz testing, unlikely in normal PDF files) can result in a divide-by-zero in Xpdf's text extraction code. Rated low severity (CVSS 3.3), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Xpdf
NVD GitHub
CVSS 3.1
3.3
EPSS
0.3%
CVE-2023-2063 HIGH This Week

Unrestricted Upload of File with Dangerous Type vulnerability in FTP function on Mitsubishi Electric Corporation MELSEC iQ-R Series EtherNet/IP module RJ71EIP91 and MELSEC iQ-F Series EtherNet/IP. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload Information Disclosure Fx5 Enet Ip Firmware Sw1Dnn Eipct Bd Firmware Rj71Eip91 Firmware +1
NVD
CVSS 3.1
7.3
EPSS
0.6%
CVE-2023-28703 HIGH This Week

ASUS RT-AC86U’s specific cgi function has a stack-based buffer overflow vulnerability due to insufficient validation for network packet header length. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Stack Overflow Buffer Overflow Rt Ac86U Firmware
NVD
CVSS 3.1
7.2
EPSS
0.9%
CVE-2023-28700 MEDIUM This Month

OMICARD EDM backend system’s file uploading function does not restrict upload of file with dangerous type. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity. No vendor patch available.

File Upload Omicard Edm
NVD
CVSS 3.1
6.8
EPSS
0.3%
CVE-2023-2816 MEDIUM PATCH This Month

Consul and Consul Enterprise allowed any user with service:write permissions to use Envoy extensions configured via service-defaults to patch remote proxy instances that target the configured. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure HashiCorp Consul
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2023-32211 MEDIUM This Month

A type checking bug would have led to invalid code being compiled. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Information Disclosure Firefox Firefox Esr Thunderbird
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2023-32206 MEDIUM This Month

An out-of-bound read could have led to a crash in the RLBox Expat driver. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Mozilla Firefox Firefox Esr +1
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2023-29549 MEDIUM This Month

Under certain circumstances, a call to the <code>bind</code> function may have resulted in the incorrect realm. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Google Information Disclosure Firefox Focus
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2023-29548 MEDIUM This Month

A wrong lowering instruction in the ARM64 Ion compiler resulted in a wrong optimization result. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Google Information Disclosure Firefox Firefox Esr +2
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2023-29547 MEDIUM This Month

When a secure cookie existed in the Firefox cookie jar an insecure cookie for the same domain could have been created, when it should have silently failed. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Google Information Disclosure Firefox Firefox Esr +1
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2023-29544 MEDIUM This Month

If multiple instances of resource exhaustion occurred at the incorrect time, the garbage collector could have caused memory corruption and a potentially exploitable crash. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Mozilla Denial Of Service Google Firefox +1
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2023-29535 MEDIUM This Month

Following a Garbage Collector compaction, weak maps may have been accessed before they were correctly traced. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Mozilla Google Firefox Firefox Esr +2
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2023-28164 MEDIUM This Month

Dragging a URL from a cross-origin iframe that was removed during the drag could have led to user confusion and website spoofing attacks. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Information Disclosure Firefox Firefox Esr Thunderbird
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2023-28163 MEDIUM This Month

When downloading files through the Save As dialog on Windows with suggested filenames containing environment variable names, Windows would have resolved those in the context of the current user. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Mozilla Microsoft Firefox Firefox Esr +1
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2023-28160 MEDIUM This Month

When following a redirect to a publicly accessible web extension file, the URL may have been translated to the actual local path, leaking potentially sensitive information. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Information Disclosure Firefox
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2023-25752 MEDIUM This Month

When accessing throttled streams, the count of available bytes needed to be checked in the calling function to be within bounds. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Information Disclosure Firefox Firefox Esr Thunderbird
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2023-25751 MEDIUM This Month

Sometimes, when invalidating JIT code while following an iterator, the newly generated code could be overwritten incorrectly. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Denial Of Service Firefox Firefox Esr Thunderbird
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2023-25742 MEDIUM This Month

When importing a SPKI RSA public key as ECDSA P-256, the key would be handled incorrectly causing the tab to crash. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Denial Of Service Firefox Firefox Esr Thunderbird
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2023-25738 MEDIUM This Month

Members of the <code>DEVMODEW</code> struct set by the printer device driver weren't being validated and could have resulted in invalid values which in turn would cause the browser to attempt out of. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Mozilla Microsoft Firefox +2
NVD
CVSS 3.1
6.5
EPSS
0.6%
Prev Page 2 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy