16 matches found
CVE-2023-29540
CVE-2023-29540 is a vulnerability in Mozilla Firefox affecting Firefox for Android and Focus for Android prior to version 112. It arises from a redirect embedded in sourceMappingUrls that could navigate to external protocol links inside sandboxed iframes without allow-top-navigation-to-custom-pro...
CVE-2023-29536
The CVE-2023-29536 entry applies to Mozilla products (Firefox, Focus, Thunderbird, Firefox ESR, and Firefox for Android) with memory-management weakness in freeing a pointer to attacker-controlled memory. Impacted versions include Firefox <112, Focus for Android <112, Firefox ESR <102.10...
CVE-2023-29539
Concrete details found: CVE-2023-29539 (Content-Disposition filename truncation on NULL) affects Firefox family and Thunderbird; root cause is NULL character in filename causing truncation and potential Reflected File Download. Connected documents (Astra Linux bulletin, Debian/CentOS advisories) ...
CVE-2023-29541
The CVE-2023-29541 issue concerns Firefox on Linux (and Thunderbird) where downloads of files ending with .desktop could be interpreted as commands, enabling attacker-controlled execution. Public advisories show affected products as Firefox (Linux) older than 112, Thunderbird older than 102.10, a...
CVE-2023-29550
CVE-2023-29550 corresponds to memory-safety bugs in Mozilla Firefox 111 and Firefox ESR 102.9 (affecting Firefox < 112, Focus for Android < 112, ESR < 102.10, Firefox for Android < 112, Thunderbird
CVE-2023-29533
CVE-2023-29533 affects Firefox (pre-112, ESR pre-102.10, Android-focused builds pre-112) and Thunderbird (
CVE-2023-29548
CVE-2023-29548 concerns a wrong lowering instruction in the ARM64 Ion compiler that yields an incorrect optimization result. The vulnerability affects Firefox (<112), Focus for Android (<112), Firefox ESR (<102.10), Firefox for Android (<112), and Thunderbird (
CVE-2023-29535
CVE-2023-29535: The vulnerability arises from a garbage collector compaction issue in Firefox/related products where a weak map could be accessed before proper tracing, leading to memory corruption and a potentially exploitable crash. Affected software per documents includes Firefox (and derivati...
CVE-2023-29547
The CVE-2023-29547 issue affects Mozilla Firefox and Firefox-based products: when a secure cookie existed in the Firefox cookie jar, an insecure cookie for the same domain could be created instead of silently failing, causing desynchronization when reading the secure cookie. Affected versions inc...
CVE-2023-29537
CVE-2023-29537 concerns multiple race conditions in font initialization that could cause memory corruption and allow attacker-controlled code execution. Affected products include Mozilla Firefox on Android, Firefox versions before 112, and Focus for Android before 112. The vulnerability’s root ca...
CVE-2023-29551
CVE-2023-29551 corresponds to memory safety bugs in Mozilla Firefox 111 that affected Firefox for Android < 112, Firefox < 112, and Focus for Android
CVE-2023-29544
CVE-2023-29544 describes a memory corruption vulnerability in the Firefox garbage collector that can trigger a potentially exploitable crash when multiple resource-exhaustion instances occur at the wrong time. Affected products include Firefox for Android and Focus for Android, specifically versi...
CVE-2023-29549
CVE-2023-29549 : The issue arises when a call to bind may end up in the wrong realm, creating a vulnerability for JavaScript-based sandboxes such as SES in Firefox-based browsers. Affected products include Firefox for Android <112, Firefox <112, and Focus for Android
CVE-2023-29543
CVE-2023-29543 affects Mozilla Firefox and Focus for Android prior to version 112, caused by a memory-corruption/use-after-free in a global object’s debugger vector. Affected products include Firefox for Android <112, Firefox <112, and Focus for Android
CVE-2023-29538
CVE-2023-29538 affects Firefox (and Focus) on Android: under specific WebExtension load circumstances a jar:file:/// URI could be exposed instead of moz-extension:///, leaking local directory paths. Affected: Firefox for Android <112, Firefox <112, and Focus for Android
CVE-2026-11799
CVE-2026-11799 concerns a UXSS flaw in Focus for iOS and Klar WebKit navigation. The affected components are Focus for iOS and Klar for iOS, with a root cause not explicitly detailed in the provided documents beyond the UXSS classification. The vulnerability is rated HIGH (CVSS 3.1: AV:N/AC:L/PR:...