Firefox Esr@128.0 Security Vulnerabilities and Issues — Firefox Esr@128.0 CVE List

Lucene search

MozillaFirefox Esr128.0

8 matches found

CVE•added 2024/08/06 1:15 p.m.•227 views

CVE-2024-7519

Insufficient checks when processing graphics shared memory could have led to memory corruption. This could be leveraged by an attacker to perform a sandbox escape. This vulnerability affects Firefox < 129, Firefox ESR < 115.14, Firefox ESR < 128.1, Thunderbird < 128.1, and Thunderbird &...

9.6CVSS8.9AI score0.00371EPSS

CVE•added 2024/08/06 1:15 p.m.•217 views

CVE-2024-7526

ANGLE failed to initialize parameters which lead to reading from uninitialized memory. This could be leveraged to leak sensitive data from memory. This vulnerability affects Firefox < 129, Firefox ESR < 115.14, Firefox ESR < 128.1, Thunderbird < 128.1, and Thunderbird < 115.14.

7.5CVSS7AI score0.00241EPSS

CVE•added 2024/08/06 1:15 p.m.•213 views

CVE-2024-7531

Calling PK11_Encrypt() in NSS using CKM_CHACHA20 and the same buffer for input and output can result in plaintext on an Intel Sandy Bridge processor. In Firefox this only affects the QUIC header protection feature when the connection is using the ChaCha20-Poly1305 cipher suite. The most likely outc...

6.5CVSS6.4AI score0.00121EPSS

CVE•added 2024/08/06 1:15 p.m.•211 views

CVE-2024-7522

Editor code failed to check an attribute value. This could have led to an out-of-bounds read. This vulnerability affects Firefox < 129, Firefox ESR < 115.14, Firefox ESR < 128.1, Thunderbird < 128.1, and Thunderbird < 115.14.

9.1CVSS8.9AI score0.00444EPSS

CVE•added 2024/08/06 1:15 p.m.•207 views

CVE-2024-7527

Unexpected marking work at the start of sweeping could have led to a use-after-free. This vulnerability affects Firefox < 129, Firefox ESR < 115.14, Firefox ESR < 128.1, Thunderbird < 128.1, and Thunderbird < 115.14.

8.8CVSS8.2AI score0.00371EPSS

CVE•added 2024/08/06 1:15 p.m.•206 views

CVE-2024-7521

Incomplete WebAssembly exception handing could have led to a use-after-free. This vulnerability affects Firefox < 129, Firefox ESR < 115.14, Firefox ESR < 128.1, Thunderbird < 128.1, and Thunderbird < 115.14.

9.8CVSS8.7AI score0.00444EPSS

CVE•added 2024/08/06 1:15 p.m.•201 views

CVE-2024-7525

It was possible for a web extension with minimal permissions to create a StreamFilter which could be used to read and modify the response body of requests on any site. This vulnerability affects Firefox < 129, Firefox ESR < 115.14, Firefox ESR < 128.1, Thunderbird < 128.1, and Thunderbi...

9.1CVSS8.6AI score0.00167EPSS

CVE•added 2024/08/06 1:15 p.m.•200 views

CVE-2024-7529

The date picker could partially obscure security prompts. This could be used by a malicious site to trick a user into granting permissions. This vulnerability affects Firefox < 129, Firefox ESR < 115.14, Firefox ESR < 128.1, Thunderbird < 128.1, and Thunderbird < 115.14.

8.1CVSS7.6AI score0.00177EPSS