Page 14 of 874 results (0.006 seconds)

CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 0

When downloading files through the Save As dialog on Windows with suggested filenames containing environment variable names, Windows would have resolved those in the context of the current user. <br>*This bug only affects Firefox on Windows. Other versions of Firefox are unaffected.*. This vulnerability affects Firefox < 111, Firefox ESR < 102.9, and Thunderbird < 102.9. • https://bugzilla.mozilla.org/show_bug.cgi?id=1817768 https://www.mozilla.org/security/advisories/mfsa2023-09 https://www.mozilla.org/security/advisories/mfsa2023-10 https://www.mozilla.org/security/advisories/mfsa2023-11 •

CVSS: 8.1EPSS: 0%CPEs: 4EXPL: 1

After downloading a Windows <code>.url</code> shortcut from the local filesystem, an attacker could supply a remote path that would lead to unexpected network requests from the operating system. This also had the potential to leak NTLM credentials to the resource.<br>*This bug only affects Firefox on Windows. Other operating systems are unaffected.*. This vulnerability affects Firefox < 110, Thunderbird < 102.8, and Firefox ESR < 102.8. • https://bugzilla.mozilla.org/show_bug.cgi?id=1784451 https://bugzilla.mozilla.org/show_bug.cgi?id=1809923 https://bugzilla.mozilla.org/show_bug.cgi?id=1810143 https://bugzilla.mozilla.org/show_bug.cgi?id=1812338 https://www.mozilla.org/security/advisories/mfsa2023-05 https://www.mozilla.org/security/advisories/mfsa2023-06 https://www.mozilla.org/security/advisories/mfsa2023-07 •

CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 0

Members of the <code>DEVMODEW</code> struct set by the printer device driver weren't being validated and could have resulted in invalid values which in turn would cause the browser to attempt out of bounds access to related variables.<br>*This bug only affects Firefox on Windows. Other operating systems are unaffected.*. This vulnerability affects Firefox < 110, Thunderbird < 102.8, and Firefox ESR < 102.8. • https://bugzilla.mozilla.org/show_bug.cgi?id=1811852 https://www.mozilla.org/security/advisories/mfsa2023-05 https://www.mozilla.org/security/advisories/mfsa2023-06 https://www.mozilla.org/security/advisories/mfsa2023-07 • CWE-125: Out-of-bounds Read •

CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0

In multiple cases browser prompts could have been obscured by popups controlled by content. These could have led to potential user confusion and spoofing attacks. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11. The Mozilla Foundation Security Advisory describes this flaw as: In multiple cases browser prompts could have been obscured by popups controlled by content. These could have led to potential user confusion and spoofing attacks. • https://bugzilla.mozilla.org/show_bug.cgi?id=1753339 https://bugzilla.mozilla.org/show_bug.cgi?id=1753341 https://security.gentoo.org/glsa/202312-03 https://security.gentoo.org/glsa/202401-10 https://www.mozilla.org/security/advisories/mfsa2023-16 https://www.mozilla.org/security/advisories/mfsa2023-17 https://www.mozilla.org/security/advisories/mfsa2023-18 https://access.redhat.com/security/cve/CVE-2023-32205 https://bugzilla.redhat.com/show_bug.cgi?id=2196736 • CWE-451: User Interface (UI) Misrepresentation of Critical Information •

CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0

An out-of-bound read could have led to a crash in the RLBox Expat driver. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11. The Mozilla Foundation Security Advisory describes this flaw as: An out-of-bound read could have led to a crash in the RLBox Expat driver. • https://bugzilla.mozilla.org/show_bug.cgi?id=1824892 https://security.gentoo.org/glsa/202312-03 https://security.gentoo.org/glsa/202401-10 https://www.mozilla.org/security/advisories/mfsa2023-16 https://www.mozilla.org/security/advisories/mfsa2023-17 https://www.mozilla.org/security/advisories/mfsa2023-18 https://access.redhat.com/security/cve/CVE-2023-32206 https://bugzilla.redhat.com/show_bug.cgi?id=2196737 • CWE-125: Out-of-bounds Read •