CVSS: 8.1EPSS: 0%CPEs: 4EXPL: 1CVE-2023-25734
https://notcve.org/view.php?id=CVE-2023-25734
After downloading a Windows <code>.url</code> shortcut from the local filesystem, an attacker could supply a remote path that would lead to unexpected network requests from the operating system. This also had the potential to leak NTLM credentials to the resource.<br>*This bug only affects Firefox on Windows. Other operating systems are unaffected.*. This vulnerability affects Firefox < 110, Thunderbird < 102.8, and Firefox ESR < 102.8. • https://bugzilla.mozilla.org/show_bug.cgi?id=1784451 https://bugzilla.mozilla.org/show_bug.cgi?id=1809923 https://bugzilla.mozilla.org/show_bug.cgi?id=1810143 https://bugzilla.mozilla.org/show_bug.cgi?id=1812338 https://www.mozilla.org/security/advisories/mfsa2023-05 https://www.mozilla.org/security/advisories/mfsa2023-06 https://www.mozilla.org/security/advisories/mfsa2023-07 •
CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 0CVE-2023-25738
https://notcve.org/view.php?id=CVE-2023-25738
Members of the <code>DEVMODEW</code> struct set by the printer device driver weren't being validated and could have resulted in invalid values which in turn would cause the browser to attempt out of bounds access to related variables.<br>*This bug only affects Firefox on Windows. Other operating systems are unaffected.*. This vulnerability affects Firefox < 110, Thunderbird < 102.8, and Firefox ESR < 102.8. • https://bugzilla.mozilla.org/show_bug.cgi?id=1811852 https://www.mozilla.org/security/advisories/mfsa2023-05 https://www.mozilla.org/security/advisories/mfsa2023-06 https://www.mozilla.org/security/advisories/mfsa2023-07 • CWE-125: Out-of-bounds Read •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-25740
https://notcve.org/view.php?id=CVE-2023-25740
After downloading a Windows <code>.scf</code> script from the local filesystem, an attacker could supply a remote path that would lead to unexpected network requests from the operating system. This also had the potential to leak NTLM credentials to the resource.<br>*This bug only affects Firefox for Windows. Other operating systems are unaffected.*. This vulnerability affects Firefox < 110. • https://bugzilla.mozilla.org/show_bug.cgi?id=1812354 https://www.mozilla.org/security/advisories/mfsa2023-05 •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-32208
https://notcve.org/view.php?id=CVE-2023-32208
Service workers could reveal script base URL due to dynamic `import()`. This vulnerability affects Firefox < 113. • https://bugzilla.mozilla.org/show_bug.cgi?id=1646034 https://security.gentoo.org/glsa/202401-10 https://www.mozilla.org/security/advisories/mfsa2023-16 •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-32209
https://notcve.org/view.php?id=CVE-2023-32209
A maliciously crafted favicon could have led to an out of memory crash. This vulnerability affects Firefox < 113. • https://bugzilla.mozilla.org/show_bug.cgi?id=1767194 https://security.gentoo.org/glsa/202401-10 https://www.mozilla.org/security/advisories/mfsa2023-16 • CWE-787: Out-of-bounds Write •