Skip to main content
CVE-2023-25728 MEDIUM This Month

The <code>Content-Security-Policy-Report-Only</code> header could allow an attacker to leak a child iframe's unredacted URI when interaction with that iframe triggers a redirect. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Information Disclosure Firefox Firefox Esr Thunderbird
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2023-23604 MEDIUM This Month

A duplicate `SystemPrincipal` object could be created when parsing a non-system html document via `DOMParser::ParseFromSafeString`. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Authentication Bypass Firefox
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2023-23603 MEDIUM This Month

Regular expressions used to filter out forbidden properties and values from style directives in calls to `console.log` weren't accounting for external URLs. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Denial Of Service Firefox Firefox Esr Thunderbird
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2023-23602 MEDIUM This Month

A mishandled security check when creating a WebSocket in a WebWorker caused the Content Security Policy connect-src header to be ignored. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Information Disclosure Firefox Firefox Esr Thunderbird
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2023-23601 MEDIUM This Month

Navigations were being allowed when dragging a URL from a cross-origin iframe into the same tab which could lead to website spoofing attacks This vulnerability affects Firefox < 109, Firefox ESR <. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Information Disclosure Firefox Firefox Esr Thunderbird
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2023-23600 MEDIUM This Month

Per origin notification permissions were being stored in a way that didn't take into account what browsing context the permission was granted in. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Google Information Disclosure Firefox
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2023-23599 MEDIUM This Month

When copying a network request from the developer tools panel as a curl command the output was not being properly sanitized and could allow arbitrary commands to be hidden within. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Information Disclosure Firefox Firefox Esr Thunderbird
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2023-23598 MEDIUM This Month

Due to the Firefox GTK wrapper code's use of text/plain for drag data and GTK treating all text/plain MIMEs containing file URLs as being dragged a website could arbitrarily read a file via a call to. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Information Disclosure Firefox Firefox Esr Thunderbird
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2023-23597 MEDIUM This Month

A compromised web child process could disable web security opening restrictions, leading to a new child process being spawned within the `file://` context. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Information Disclosure Firefox
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2023-1945 MEDIUM This Month

Unexpected data returned from the Safe Browsing API could have led to memory corruption and a potentially exploitable crash. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Mozilla Firefox Esr Thunderbird
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2023-0616 MEDIUM This Month

If a MIME email combines OpenPGP and OpenPGP MIME data in a certain way Thunderbird repeatedly attempts to process and display the message, which could cause Thunderbird's user interface to lock up. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Denial Of Service Thunderbird
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2023-0547 MEDIUM This Month

OCSP revocation status of recipient certificates was not checked when sending S/Mime encrypted email, and revoked certificates would be accepted. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Information Disclosure Thunderbird
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2023-0430 MEDIUM This Month

Certificate OCSP revocation status was not checked when verifying S/Mime signatures. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Information Disclosure Thunderbird
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2023-2062 MEDIUM This Month

Missing Password Field Masking vulnerability in Mitsubishi Electric Corporation EtherNet/IP configuration tools SW1DNN-EIPCT-BD and SW1DNN-EIPCTFX5-BD allows a remote unauthenticated attacker to know. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Fx5 Enet Ip Firmware Sw1Dnn Eipct Bd Firmware Rj71Eip91 Firmware Sw1Dnn Eipctfx5 Bd Firmware
NVD
CVSS 3.1
6.2
EPSS
0.3%
CVE-2023-29540 MEDIUM This Month

Using a redirect embedded into <code>sourceMappingUrls</code> could allow for navigation to external protocol links in sandboxed iframes without <code>allow-top-navigation-to-custom-protocols</code>. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Google Open Redirect Firefox Focus
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2023-28705 MEDIUM This Month

Openfind Mail2000 has insufficient filtering special characters of email content of its content filtering function. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Mail2000
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-25780 MEDIUM This Month

It is identified a vulnerability of insufficient authentication in an important specific function of Status PowerBPM. Rated medium severity (CVSS 5.7), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Powerbpm
NVD
CVSS 3.1
5.7
EPSS
0.3%
CVE-2023-28469 MEDIUM This Month

An issue was discovered in the Arm Mali GPU Kernel Driver. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Use After Free Information Disclosure Memory Corruption Avalon Gpu Kernel Driver Valhall Gpu Kernel Driver
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-28147 MEDIUM This Month

An issue was discovered in the Arm Mali GPU Kernel Driver. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Avalon Gpu Kernel Driver Bifrost Gpu Kernel Driver Midgard Gpu Kernel Driver Valhall Gpu Kernel Driver
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-25730 MEDIUM This Month

A background script invoking <code>requestFullscreen</code> and then blocking the main thread could force the browser into fullscreen mode indefinitely, resulting in potential user confusion or. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla XSS Firefox Firefox Esr Thunderbird
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-34094 MEDIUM PATCH This Month

ChuanhuChatGPT is a graphical user interface for ChatGPT and many large language models. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Authentication Bypass Chuanhuchatgpt
NVD GitHub
CVSS 3.1
5.3
EPSS
0.6%
CVE-2023-1159 MEDIUM PATCH This Month

The Bookly plugin for WordPress is vulnerable to Stored Cross-Site Scripting via service titles in versions up to, and including, 21.5 due to insufficient input sanitization and output escaping. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS Bookly
NVD
CVSS 3.1
4.8
EPSS
0.4%
CVE-2023-32212 MEDIUM This Month

An attacker could have positioned a `datalist` element to obscure the address bar. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Information Disclosure Firefox Firefox Esr Thunderbird
NVD
CVSS 3.1
4.3
EPSS
0.6%
CVE-2023-32205 MEDIUM This Month

In multiple cases browser prompts could have been obscured by popups controlled by content. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Information Disclosure Firefox Firefox Esr Thunderbird
NVD
CVSS 3.1
4.3
EPSS
0.6%
CVE-2023-29538 MEDIUM This Month

Under specific circumstances a WebExtension may have received a <code>jar:file:///</code> URI instead of a <code>moz-extension:///</code> URI during a load request. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Google Mozilla Firefox Focus
NVD
CVSS 3.1
4.3
EPSS
0.4%
CVE-2023-29533 MEDIUM This Month

A website could have obscured the fullscreen notification by using a combination of <code>window.open</code>, fullscreen requests, <code>window.name</code> assignments, and <code>setInterval</code>. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Google Information Disclosure Firefox Firefox Esr +2
NVD
CVSS 3.1
4.3
EPSS
0.6%
CVE-2023-28159 MEDIUM This Month

The fullscreen notification could have been hidden on Firefox for Android by using download popups, resulting in potential user confusion or spoofing attacks. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Google XSS Firefox
NVD
CVSS 3.1
4.3
EPSS
0.3%
CVE-2023-25750 MEDIUM This Month

Under certain circumstances, a ServiceWorker's offline cache may have leaked to the file system when using private browsing mode. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Mozilla Firefox
NVD
CVSS 3.1
4.3
EPSS
0.5%
CVE-2023-25749 MEDIUM This Month

Android applications with unpatched vulnerabilities can be launched from a browser using Intents, exposing users to these vulnerabilities. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Google Authentication Bypass Firefox
NVD
CVSS 3.1
4.3
EPSS
0.4%
CVE-2023-25748 MEDIUM This Month

By displaying a prompt with a long description, the fullscreen notification could have been hidden, resulting in potential user confusion or spoofing attacks. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Google XSS Firefox
NVD
CVSS 3.1
4.3
EPSS
0.3%
CVE-2023-2687 LOW Monitor

Buffer overflow in Platform CLI component in Silicon Labs Gecko SDK v4.2.1 and earlier allows user to overwrite limited structures on the heap. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Gecko Software Development Kit
NVD GitHub
CVSS 3.1
3.3
EPSS
0.2%
Prev Page 3 of 3

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy