Firefox Esr Security Vulnerabilities and Issues — Page 3 of Firefox Esr CVE List

Lucene search

MozillaFirefox Esr

112 matches found

CVE•added 2023/12/19 2:15 p.m.•86 views

CVE-2023-6862

A use-after-free was identified in the nsDNSService::Init. This issue appears to manifest rarely during start-up. This vulnerability affects Firefox ESR < 115.6 and Thunderbird

8.8CVSS8.3AI score0.00337EPSS

CVE•added 2023/12/19 2:15 p.m.•85 views

CVE-2023-6858

Firefox was susceptible to a heap buffer overflow in nsTextFragment due to insufficient OOM handling. This vulnerability affects Firefox ESR < 115.6, Thunderbird < 115.6, and Firefox

8.8CVSS8.4AI score0.00381EPSS

CVE•added 2023/02/16 10:15 p.m.•84 views

CVE-2020-12413

The Raccoon attack is a timing attack on DHE ciphersuites inherit in the TLS specification. To mitigate this vulnerability, Firefox disabled support for DHE ciphersuites.

5.9CVSS5.5AI score0.0012EPSS

CVE•added 2023/12/19 2:15 p.m.•84 views

CVE-2023-6861

The nsWindow::PickerOpen(void) method was susceptible to a heap buffer overflow when running in headless mode. This vulnerability affects Firefox ESR < 115.6, Thunderbird < 115.6, and Firefox

8.8CVSS8.4AI score0.00435EPSS

CVE•added 2023/12/19 2:15 p.m.•84 views

CVE-2023-6863

The ShutdownObserver() was susceptible to potentially undefined behavior due to its reliance on a dynamic type that lacked a virtual destructor. This vulnerability affects Firefox ESR < 115.6, Thunderbird < 115.6, and Firefox

8.8CVSS8.1AI score0.00424EPSS

CVE•added 2023/07/05 9:15 a.m.•79 views

CVE-2023-37207

A website could have obscured the fullscreen notification by using a URL with a scheme handled by an external program, such as a mailto URL. This could have led to user confusion and possible spoofing attacks. This vulnerability affects Firefox < 115, Firefox ESR < 102.13, and Thunderbird

6.5CVSS6.5AI score0.00323EPSS

CVE•added 2023/12/19 2:15 p.m.•79 views

CVE-2023-6859

A use-after-free condition affected TLS socket creation when under memory pressure. This vulnerability affects Firefox ESR < 115.6, Thunderbird < 115.6, and Firefox

8.8CVSS8.3AI score0.00343EPSS

CVE•added 2023/12/19 2:15 p.m.•79 views

CVE-2023-6864

Memory safety bugs present in Firefox 120, Firefox ESR 115.5, and Thunderbird 115.5. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR < 115.6, Thund...

8.8CVSS9.2AI score0.00414EPSS

CVE•added 2023/07/05 9:15 a.m.•77 views

CVE-2023-37208

When opening Diagcab files, Firefox did not warn the user that these files may contain malicious code. This vulnerability affects Firefox < 115, Firefox ESR < 102.13, and Thunderbird

7.8CVSS7.5AI score0.00038EPSS

CVE•added 2023/06/19 11:15 a.m.•76 views

CVE-2023-29545

Similar to CVE-2023-28163, this time when choosing 'Save Link As', suggested filenames containing environment variable names would have resolved those in the context of the current user. This bug only affects Firefox and Thunderbird on Windows. Other versions of Firefox and Thunderbird are unaffect...

6.5CVSS6.8AI score0.00194EPSS

CVE•added 2023/12/19 2:15 p.m.•76 views

CVE-2023-6865

EncryptingOutputStream was susceptible to exposing uninitialized data. This issue could only be abused in order to write data to a local disk which may have implications for private browsing mode. This vulnerability affects Firefox ESR < 115.6 and Firefox

6.5CVSS6.4AI score0.00348EPSS

CVE•added 2023/12/19 2:15 p.m.•70 views

CVE-2023-6867

The timing of a button click causing a popup to disappear was approximately the same length as the anti-clickjacking delay on permission prompts. It was possible to use this fact to surprise users by luring them to click where the permission grant button would be about to appear. This vulnerability...

6.1CVSS6.3AI score0.00813EPSS

Total number of security vulnerabilities112