CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-25748
https://notcve.org/view.php?id=CVE-2023-25748
By displaying a prompt with a long description, the fullscreen notification could have been hidden, resulting in potential user confusion or spoofing attacks. <br>*This bug only affects Firefox for Android. Other operating systems are unaffected.*. This vulnerability affects Firefox < 111. • https://bugzilla.mozilla.org/show_bug.cgi?id=1798798 https://www.mozilla.org/security/advisories/mfsa2023-09 •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2023-29537
https://notcve.org/view.php?id=CVE-2023-29537
Multiple race conditions in the font initialization could have led to memory corruption and execution of attacker-controlled code. This vulnerability affects Firefox for Android < 112, Firefox < 112, and Focus for Android < 112. • https://bugzilla.mozilla.org/show_bug.cgi?id=1823365 https://bugzilla.mozilla.org/show_bug.cgi?id=1824200 https://bugzilla.mozilla.org/show_bug.cgi?id=1825569 https://www.mozilla.org/security/advisories/mfsa2023-13 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 0CVE-2023-29544
https://notcve.org/view.php?id=CVE-2023-29544
If multiple instances of resource exhaustion occurred at the incorrect time, the garbage collector could have caused memory corruption and a potentially exploitable crash. This vulnerability affects Firefox for Android < 112, Firefox < 112, and Focus for Android < 112. • https://bugzilla.mozilla.org/show_bug.cgi?id=1818781 https://www.mozilla.org/security/advisories/mfsa2023-13 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-25740
https://notcve.org/view.php?id=CVE-2023-25740
After downloading a Windows <code>.scf</code> script from the local filesystem, an attacker could supply a remote path that would lead to unexpected network requests from the operating system. This also had the potential to leak NTLM credentials to the resource.<br>*This bug only affects Firefox for Windows. Other operating systems are unaffected.*. This vulnerability affects Firefox < 110. • https://bugzilla.mozilla.org/show_bug.cgi?id=1812354 https://www.mozilla.org/security/advisories/mfsa2023-05 •
CVSS: 8.1EPSS: 0%CPEs: 4EXPL: 1CVE-2023-25734
https://notcve.org/view.php?id=CVE-2023-25734
After downloading a Windows <code>.url</code> shortcut from the local filesystem, an attacker could supply a remote path that would lead to unexpected network requests from the operating system. This also had the potential to leak NTLM credentials to the resource.<br>*This bug only affects Firefox on Windows. Other operating systems are unaffected.*. This vulnerability affects Firefox < 110, Thunderbird < 102.8, and Firefox ESR < 102.8. • https://bugzilla.mozilla.org/show_bug.cgi?id=1784451 https://bugzilla.mozilla.org/show_bug.cgi?id=1809923 https://bugzilla.mozilla.org/show_bug.cgi?id=1810143 https://bugzilla.mozilla.org/show_bug.cgi?id=1812338 https://www.mozilla.org/security/advisories/mfsa2023-05 https://www.mozilla.org/security/advisories/mfsa2023-06 https://www.mozilla.org/security/advisories/mfsa2023-07 •