Skip to main content

Focus

15 CVEs product

Monthly

CVE-2023-29551 HIGH This Week

Memory safety bugs present in Firefox 111. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Google RCE Mozilla Memory Corruption +2
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2023-29550 HIGH This Week

Memory safety bugs present in Firefox 111 and Firefox ESR 102.9. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Mozilla Google Firefox +3
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2023-29549 MEDIUM This Month

Under certain circumstances, a call to the <code>bind</code> function may have resulted in the incorrect realm. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Google Information Disclosure Firefox Focus
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2023-29548 MEDIUM This Month

A wrong lowering instruction in the ARM64 Ion compiler resulted in a wrong optimization result. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Google Information Disclosure Firefox Firefox Esr +2
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2023-29547 MEDIUM This Month

When a secure cookie existed in the Firefox cookie jar an insecure cookie for the same domain could have been created, when it should have silently failed. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Google Information Disclosure Firefox Firefox Esr +1
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2023-29544 MEDIUM This Month

If multiple instances of resource exhaustion occurred at the incorrect time, the garbage collector could have caused memory corruption and a potentially exploitable crash. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Mozilla Denial Of Service Google Firefox +1
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2023-29543 HIGH This Week

An attacker could have caused memory corruption and a potentially exploitable use-after-free of a pointer in a global object's debugger vector. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Google Use After Free Mozilla Memory Corruption +2
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2023-29541 HIGH This Week

Firefox did not properly handle downloads of files ending in <code>.desktop</code>, which can be interpreted to run attacker-controlled commands. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Google Information Disclosure Firefox Firefox Esr +2
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2023-29540 MEDIUM This Month

Using a redirect embedded into <code>sourceMappingUrls</code> could allow for navigation to external protocol links in sandboxed iframes without <code>allow-top-navigation-to-custom-protocols</code>. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Google Open Redirect Firefox Focus
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2023-29539 HIGH This Week

When handling the filename directive in the Content-Disposition header, the filename would be truncated if the filename contained a NULL character. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Mozilla Null Pointer Dereference Google Firefox +3
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2023-29538 MEDIUM This Month

Under specific circumstances a WebExtension may have received a <code>jar:file:///</code> URI instead of a <code>moz-extension:///</code> URI during a load request. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Google Mozilla Firefox Focus
NVD
CVSS 3.1
4.3
EPSS
0.4%
CVE-2023-29537 HIGH This Week

Multiple race conditions in the font initialization could have led to memory corruption and execution of attacker-controlled code. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Race Condition Buffer Overflow Mozilla Google Firefox +1
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-29536 HIGH This Week

An attacker could cause the memory manager to incorrectly free a pointer that addresses attacker-controlled memory, resulting in an assertion, memory corruption, or a potentially exploitable crash. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Google Use After Free Mozilla Memory Corruption +4
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2023-29535 MEDIUM This Month

Following a Garbage Collector compaction, weak maps may have been accessed before they were correctly traced. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Mozilla Google Firefox Firefox Esr +2
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2023-29533 MEDIUM This Month

A website could have obscured the fullscreen notification by using a combination of <code>window.open</code>, fullscreen requests, <code>window.name</code> assignments, and <code>setInterval</code>. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Google Information Disclosure Firefox Firefox Esr +2
NVD
CVSS 3.1
4.3
EPSS
0.6%
EPSS 1% CVSS 8.8
HIGH This Week

Memory safety bugs present in Firefox 111. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Google RCE +4
NVD
EPSS 1% CVSS 8.8
HIGH This Week

Memory safety bugs present in Firefox 111 and Firefox ESR 102.9. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Mozilla +5
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

Under certain circumstances, a call to the <code>bind</code> function may have resulted in the incorrect realm. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Google Information Disclosure +2
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

A wrong lowering instruction in the ARM64 Ion compiler resulted in a wrong optimization result. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Google Information Disclosure +4
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

When a secure cookie existed in the Firefox cookie jar an insecure cookie for the same domain could have been created, when it should have silently failed. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Google Information Disclosure +3
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

If multiple instances of resource exhaustion occurred at the incorrect time, the garbage collector could have caused memory corruption and a potentially exploitable crash. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Mozilla Denial Of Service +3
NVD
EPSS 1% CVSS 8.8
HIGH This Week

An attacker could have caused memory corruption and a potentially exploitable use-after-free of a pointer in a global object's debugger vector. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Google Use After Free +4
NVD
EPSS 1% CVSS 8.8
HIGH This Week

Firefox did not properly handle downloads of files ending in <code>.desktop</code>, which can be interpreted to run attacker-controlled commands. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Google Information Disclosure +4
NVD
EPSS 0% CVSS 6.1
MEDIUM This Month

Using a redirect embedded into <code>sourceMappingUrls</code> could allow for navigation to external protocol links in sandboxed iframes without <code>allow-top-navigation-to-custom-protocols</code>. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Google Open Redirect +2
NVD
EPSS 1% CVSS 8.8
HIGH This Week

When handling the filename directive in the Content-Disposition header, the filename would be truncated if the filename contained a NULL character. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Mozilla Null Pointer Dereference +5
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

Under specific circumstances a WebExtension may have received a <code>jar:file:///</code> URI instead of a <code>moz-extension:///</code> URI during a load request. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Google Mozilla +2
NVD
EPSS 1% CVSS 7.5
HIGH This Week

Multiple race conditions in the font initialization could have led to memory corruption and execution of attacker-controlled code. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Race Condition Buffer Overflow Mozilla +3
NVD
EPSS 1% CVSS 8.8
HIGH This Week

An attacker could cause the memory manager to incorrectly free a pointer that addresses attacker-controlled memory, resulting in an assertion, memory corruption, or a potentially exploitable crash. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Google Use After Free +6
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

Following a Garbage Collector compaction, weak maps may have been accessed before they were correctly traced. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Mozilla Google +4
NVD
EPSS 1% CVSS 4.3
MEDIUM This Month

A website could have obscured the fullscreen notification by using a combination of <code>window.open</code>, fullscreen requests, <code>window.name</code> assignments, and <code>setInterval</code>. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Google Information Disclosure +4
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy