CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-25748
https://notcve.org/view.php?id=CVE-2023-25748
By displaying a prompt with a long description, the fullscreen notification could have been hidden, resulting in potential user confusion or spoofing attacks. <br>*This bug only affects Firefox for Android. Other operating systems are unaffected.*. This vulnerability affects Firefox < 111. • https://bugzilla.mozilla.org/show_bug.cgi?id=1798798 https://www.mozilla.org/security/advisories/mfsa2023-09 •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2023-29537
https://notcve.org/view.php?id=CVE-2023-29537
Multiple race conditions in the font initialization could have led to memory corruption and execution of attacker-controlled code. This vulnerability affects Firefox for Android < 112, Firefox < 112, and Focus for Android < 112. • https://bugzilla.mozilla.org/show_bug.cgi?id=1823365 https://bugzilla.mozilla.org/show_bug.cgi?id=1824200 https://bugzilla.mozilla.org/show_bug.cgi?id=1825569 https://www.mozilla.org/security/advisories/mfsa2023-13 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 0CVE-2023-29544
https://notcve.org/view.php?id=CVE-2023-29544
If multiple instances of resource exhaustion occurred at the incorrect time, the garbage collector could have caused memory corruption and a potentially exploitable crash. This vulnerability affects Firefox for Android < 112, Firefox < 112, and Focus for Android < 112. • https://bugzilla.mozilla.org/show_bug.cgi?id=1818781 https://www.mozilla.org/security/advisories/mfsa2023-13 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 0CVE-2023-25738
https://notcve.org/view.php?id=CVE-2023-25738
Members of the <code>DEVMODEW</code> struct set by the printer device driver weren't being validated and could have resulted in invalid values which in turn would cause the browser to attempt out of bounds access to related variables.<br>*This bug only affects Firefox on Windows. Other operating systems are unaffected.*. This vulnerability affects Firefox < 110, Thunderbird < 102.8, and Firefox ESR < 102.8. • https://bugzilla.mozilla.org/show_bug.cgi?id=1811852 https://www.mozilla.org/security/advisories/mfsa2023-05 https://www.mozilla.org/security/advisories/mfsa2023-06 https://www.mozilla.org/security/advisories/mfsa2023-07 • CWE-125: Out-of-bounds Read •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-25740
https://notcve.org/view.php?id=CVE-2023-25740
After downloading a Windows <code>.scf</code> script from the local filesystem, an attacker could supply a remote path that would lead to unexpected network requests from the operating system. This also had the potential to leak NTLM credentials to the resource.<br>*This bug only affects Firefox for Windows. Other operating systems are unaffected.*. This vulnerability affects Firefox < 110. • https://bugzilla.mozilla.org/show_bug.cgi?id=1812354 https://www.mozilla.org/security/advisories/mfsa2023-05 •