SB2025031849 - openEuler 22.03 LTS SP3 update for firefox
Published: March 18, 2025 Updated: December 17, 2025
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 187 secuirty vulnerabilities.
1) Resource management error (CVE-ID: CVE-2022-36315)
The vulnerability allows a remote attacker to bypass implemented security restrictions.
The vulnerability exists due to incorrect implementation of the cache preload. When loading a script with Subresource Integrity, attackers with an injection capability could trigger the reuse of previously cached entries with incorrect, different integrity metadata.
2) Information Exposure Through Timing Discrepancy (CVE-ID: CVE-2022-36316)
The vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to the way Performance API handles cross-site redirects. A remote attacker can observe differences between PerformanceEntries and learn whether the target URL had been subject to a redirect.
3) Input validation error (CVE-ID: CVE-2022-38475)
The vulnerability allows a remote attacker to bypass implemented security mechanisms.
The vulnerability exists due to insufficient validation of user-supplied input. A remote attacker can write a value in a zero-length JavaScript array.
4) Information disclosure (CVE-ID: CVE-2022-45417)
The vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to Service Workers do not detect Private Browsing Mode correctly in all cases, resulting in data being written to disk for websites visited in Private Browsing Mode. A local user can gain access to potentially sensitive information.
5) Security features bypass (CVE-ID: CVE-2022-45419)
The vulnerability allows a remote attacker to bypass implemented security restrictions.
The vulnerability exists due to the way Firefox handles deletion of a security exception granted for an invalid TLS certificate. If the user added a security exception for an invalid TLS certificate, opened an ongoing TLS connection with a server that used that certificate, and then deleted the exception, Firefox would have kept the connection alive, making it seem like the certificate was still trusted.
6) Buffer overflow (CVE-ID: CVE-2022-46879)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when processing HTML content. A remote attacker can create a specially crafted website, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
7) Buffer overflow (CVE-ID: CVE-2022-46883)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when processing HTML content. A remote attacker can create a specially crafted web page, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
8) Prototype pollution (CVE-ID: CVE-2023-25731)
The vulnerability allows a remote attacker to execute arbitrary JavaScrpit code on the target system.
The vulnerability exists due to URL previews in the network panel of developer tools improperly store URLs. A remote attacker can use query parameters to overwrite global objects in privileged code when rendering URLPreview and perform prototype pollution.
9) NULL pointer dereference (CVE-ID: CVE-2023-25733)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error in TaskbarPreviewCallback when processing data returned from gfx::SourceSurfaceSkia::Map(). A remote attacker can pass specially crafted data to the application and perform a denial of service (DoS) attack.
10) Type conversion (CVE-ID: CVE-2023-25736)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to an invalid downcast from nsHTMLDocument to nsIContent in GetTableSelectionMode. A remote attacker can crash the browser.
11) Information disclosure (CVE-ID: CVE-2023-25750)
The vulnerability allows an attacker to gain access to potentially sensitive information.
The vulnerability exists due to an unspecified error, which can cause the ServiceWorker's offline cache to be leaked to the file system when using private browsing mode. As a result, an attacker can gain unauthorized access to sensitive information on the system.
12) Information disclosure (CVE-ID: CVE-2023-28160)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to browser translates the URL to the actual local path when following a redirect to a publicly accessible web extension file. A remote attacker can gain unauthorized access to sensitive information on the system.
13) Buffer overflow (CVE-ID: CVE-2023-28177)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when processing HTML content. A remote attacker can create a specially crafted website, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
14) Race condition (CVE-ID: CVE-2023-29537)
The vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to multiple race conditions in font initialization code. A remote attacker can trick the victim into visiting a malicious website, trigger a race condition and execute arbitrary code
15) File and directory information exposure (CVE-ID: CVE-2023-29538)
The vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to the way WebExtension handles the "jar:file:///" URI during the request load. A remote attacker can obtain directory paths on the user's machine.
16) Security features bypass (CVE-ID: CVE-2023-29540)
The vulnerability allows a remote attacker to bypass implemented security restrictions.
The vulnerability exists due to incorrect processing of iframes. A remote attacker can use a redirect embedded into sourceMappingUrls to allow navigation to external protocol links in sandboxed iframes without allow-top-navigation-to-custom-protocols.
17) Spoofing attack (CVE-ID: CVE-2023-29547)
The vulnerability allows a remote attacker to perform spoofing attack.
The vulnerability exists due to insecure handling of cookies in Firefox cookie jar. When a secure cookie existed in the Firefox cookie jar an insecure cookie for the same domain could have been created, when it should have silently failed. This could have led to a desynchronization in expected results when reading from the secure cookie.
18) Security features bypass (CVE-ID: CVE-2023-29549)
The vulnerability allows a remote attacker to bypass certain security restrictions.
The vulnerability exists due to an error in JavaScript bind functionality. Under certain circumstances, a call to the bind function may have resulted in the incorrect realm. This may have created a vulnerability relating to JavaScript-implemented sandboxes such as SES.
19) Information disclosure (CVE-ID: CVE-2023-32208)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to Firefox leaks the script base URL in service workers due to dynamic import() call. A remote attacker can access to sensitive information.
20) Resource exhaustion (CVE-ID: CVE-2023-32209)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to application does not properly control consumption of internal resources when processing favicon image. A remote attacker can trigger resource exhaustion and perform a denial of service (DoS) attack.
21) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2023-32210)
The vulnerability allows a remote attacker to bypass implemented security restrictions.
The vulnerability exists due to documents incorrectly assume an ordering of principal objects. A remote attacker can cause a document to be loaded with a higher privileged principal than intended.
22) Security features bypass (CVE-ID: CVE-2023-34415)
The vulnerability allows a remote attacker to bypass implemented security restrictions.
The vulnerability exists due to the way Firefox loads documents from a "data:" URL that was the result of a redirect. A remote attacker can trick the victim to open a specially crafted URL and bypass site-isolation protections against Spectre-like attacks.
23) Buffer overflow (CVE-ID: CVE-2023-34417)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when processing HTML content. A remote attacker can create a specially crafted website, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
24) Security features bypass (CVE-ID: CVE-2023-3482)
The vulnerability allows a remote attacker to bypass implemented security restrictions.
The vulnerability exists due to an error when Firefox is configured to block storage of all cookies. It is still possible to store data in localstorage by using an iframe
with a source of 'about:blank'. A remote attacker can abuse such behavior to store tracking data without victim's permission.
25) Use-after-free (CVE-ID: CVE-2023-3600)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error during the worker lifecycle when processing HTML content. A remote attacker can trick the victim to visit a specially crafted website, trigger a use-after-free error and execute arbitrary code on the system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
26) Input validation error (CVE-ID: CVE-2023-37203)
The vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to insufficient validation in the Drag and Drop API. A remote attacker trick the victim into creating a shortcut to local system files and leverage the Drag and Drop API behavior to execute arbitrary code.
27) Insufficient UI Warning of Dangerous Operations (CVE-ID: CVE-2023-37204)
The vulnerability allows a remote attacker to perform spoofing attack.
The vulnerability exists due to the way fullscreen notifications are handled within the browser. A remote attacker can obscure the fullscreen notification by using an option element by introducing lag via an expensive computational function and perform spoofing attack.28) Spoofing attack (CVE-ID: CVE-2023-37205)
The vulnerability allows a remote attacker to perform spoofing attack.
The vulnerability exists due to incorrect processing of user-supplied data when processing RTL Arabic characters in the address bar. A remote attacker can spoof URL in the address bar.
29) UNIX symbolic link following (CVE-ID: CVE-2023-37206)
The vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to a symlink following issue in the FileSystem API. A remote attacker can trick the victim into uploading a file, which contain a symlink to a critical file, and gain access to potentially sensitive information.
30) Use-after-free (CVE-ID: CVE-2023-37209)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error in NotifyOnHistoryReload. A remote attacker can trick the victim to visit a specially crafted website, trigger a use-after-free error and execute arbitrary code on the system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
31) Insufficient UI Warning of Dangerous Operations (CVE-ID: CVE-2023-37210)
The vulnerability allows a remote attacker to perform spoofing attack.
The vulnerability exists due to the way the browser exists the fullscreen mode. A remote attacker can prevent a user from exiting full-screen mode via alert and prompt calls and perform spoofing attack.32) Buffer overflow (CVE-ID: CVE-2023-37212)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when processing HTML content. A remote attacker can trick the victim to visit a malicious website, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
33) Insufficient UI Warning of Dangerous Operations (CVE-ID: CVE-2023-4051)
The vulnerability allows a remote attacker to perform spoofing attack.
The vulnerability exists due to an error when displaying the full screen notification by using the file open dialog. A remote attacker can trick the victim into clocking on the file open dialog and perform spoofing attack.
34) Insufficient UI Warning of Dangerous Operations (CVE-ID: CVE-2023-4053)
The vulnerability allows a remote attacker to perform spoofing attack.
The vulnerability exists due an error when handling full screen notifications. A malicious website can obscure the full screen notification by using a
URL with a scheme handled by an external program, such as a mailto URL, and perform spoofing attack.
35) Buffer overflow (CVE-ID: CVE-2023-4058)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when processing HTML content. A remote attacker can trick the victim into opening a specially crafted web page, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
36) Buffer overflow (CVE-ID: CVE-2023-4577)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in JIT UpdateRegExpStatics when UpdateRegExpStatics attempted to access initialStringHeap. A remote attacker can create a specially crafted website, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
37) Resource exhaustion (CVE-ID: CVE-2023-4578)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to application does not properly control consumption of internal resources in JS::CheckRegExpSyntax. A remote attacker can trigger resource exhaustion and perform a denial of service (DoS) attack.
38) Input validation error (CVE-ID: CVE-2023-4579)
The vulnerability allows a remote attacker to perform a spoofing attack.
The vulnerability exists due to insufficient validation of user-supplied input when handling persistent search terms. Search queries in the default search engine can appear to have been the currently navigated URL if the search query itself is a well formed URL. As a result, a remote attacker can perform a spoofing attack if it had been maliciously set as the default search engine.
39) Cleartext storage of sensitive information (CVE-ID: CVE-2023-4580)
The vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to push notifications are saved to disk unencrypted. A local user can gain access to potentially sensitive information.
40) Buffer overflow (CVE-ID: CVE-2023-4582)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in WebGL glGetProgramiv. A remote attacker can trick the victim to open a specially crafted website, trigger memory corruption and execute arbitrary code on the target system.
Note, the vulnerability affects only Firefox installations on macOS.
41) Information disclosure (CVE-ID: CVE-2023-4583)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to private session data are not cleared in HttpBaseChannel when closing private window. A remote attacker can obtain information from the not cleared session.
42) Buffer overflow (CVE-ID: CVE-2023-4585)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when processing HTML content. A remote attacker can trick the victim to visit a specially crafted website, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
43) Out-of-bounds write (CVE-ID: CVE-2023-5169)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing untrusted input in PathOps. A remote attacker can create a specially crafted website, trick the victim into opening, trigger an out-of-bounds write and execute arbitrary code on the target system.
44) Memory leak (CVE-ID: CVE-2023-5170)
The vulnerability allows a remote attacker to bypass implemented security restrictions.
The vulnerability exists due memory leak during canvas rendering. A remote attacker can trick the victim to visit a specially crafted webpage, trigger memory leak of a privileged process by unexpectedly changing the surface and gain access to potentially sensitive information. This memory leak could be used to effect a sandbox escape if the correct data was leaked.
45) Use-after-free (CVE-ID: CVE-2023-5171)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error during Ion compilation. A remote attacker can trick the victim to visit a specially crafted webpage, trigger a use after-free error and execute arbitrary code on the system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
46) Use-after-free (CVE-ID: CVE-2023-5172)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error in Ion Engine. A remote attacker can trick the victim to open a specially crafted web page, trigger a use-after-free error and execute arbitrary code on the system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
47) Out-of-bounds write (CVE-ID: CVE-2023-5173)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing untrusted input. A remote attacker can trick the victim to open a specially crafted HTML file to trigger an out-of-bounds write and execute arbitrary code on the target system.
The vulnerability affects Firefox if a non-standard preference allowing non-HTTPS Alternate Services (network.http.altsvc.oe) is enabled.
48) Use-after-free (CVE-ID: CVE-2023-5175)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free ImageBitmap during process shutdown. A remote attacker can trick the victim to visit a specially crafted website, trigger a use-after-free error and execute arbitrary code on the system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
49) Buffer overflow (CVE-ID: CVE-2023-5176)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when processing HTML content. A remote attacker can create a specially crafted website, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
50) Covert timing channel (CVE-ID: CVE-2023-5388)
The vulnerability allows a remote attacker to perform MitM attack.
The vulnerability exists due to insufficient fix for #VU84108 (CVE-2023-4421). A remote attacker can perform Marvin attack and gain access to sensitive information.
51) Spoofing attack (CVE-ID: CVE-2023-5721)
The vulnerability allows a remote attacker to perform spoofing attack.
The vulnerability exists due to incorrect processing of queued up rendering. A remote attacker can perform spoofing attack by activating or dismissing certain browser prompts and dialogs.
52) Information disclosure (CVE-ID: CVE-2023-5722)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to cross-origin size and header leakage. A remote attacker can learn the size of an opaque response using iterative requests.
53) Input validation error (CVE-ID: CVE-2023-5723)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input when handling invalid cookie characters. A remote attacker can pass specially crafted input to the application and perform a denial of service (DoS) attack.
54) Resource management error (CVE-ID: CVE-2023-5724)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to improper management of internal resources in WebGL. A remote attacker can trick the victim to open a specially crafted website and perform a denial of service (DoS) attack.
55) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2023-5725)
The vulnerability allows a malicious extension to bypass implemented security restrictions.
The vulnerability exists due to improperly imposed security restrictions in WebExtension, which can open arbitrary URLs. A malicious extension can collect sensitive user data.
56) Buffer overflow (CVE-ID: CVE-2023-5728)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to improper object tracking during garbage collection. A remote attacker can create a specially crafted website, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
57) Spoofing attack (CVE-ID: CVE-2023-5729)
The vulnerability allows a remote attacker to perform spoofing attack.
The vulnerability exists due to incorrect processing of user-supplied data. A malicious web site can enter fullscreen mode while simultaneously triggering a WebAuthn prompt. This could have obscured the fullscreen notification and could have been leveraged in a spoofing attack.
58) Buffer overflow (CVE-ID: CVE-2023-5730)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when processing HTML content. A remote attacker can create a specially crafted website, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
59) Buffer overflow (CVE-ID: CVE-2023-5731)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when processing HTML content. A remote attacker can create a specially crafted website, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
60) Spoofing attack (CVE-ID: CVE-2023-5732)
The vulnerability allows a remote attacker to perform spoofing attack.
The vulnerability exists due to incorrect processing of user-supplied data when handling bidirectional characters. A remote attacker can spoof the browser address bar.
61) Out-of-bounds write (CVE-ID: CVE-2023-6204)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing HTML content in in WebGL2 blitFramebuffer. A remote attacker can trick the victim ti visit a specially crafted website, trigger an out-of-bounds write and execute arbitrary code on the target system.
62) Use-after-free (CVE-ID: CVE-2023-6205)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error in the MessagePort::Entangled() method. A remote attacker can trick the victim to open a specially crafted website, trigger a use-after-free error and execute arbitrary code on the system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
63) Multiple Interpretations of UI Input (CVE-ID: CVE-2023-6206)
The vulnerability allows a remote attacker to perform clickjacking attack.
The vulnerability exists due to the black fade animation when exiting fullscreen is roughly
the length of the anti-clickjacking delay on permission prompts. A remote attacker can perform clickjacking attack and trick the victim into pressing the permissions grant button.
64) Use-after-free (CVE-ID: CVE-2023-6859)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a use-after-free error in PR_GetIdentitiesLayer when creating the TLS socket. A remote attacker can trick the victim to visit a specially crafted website and crash the browser.
65) Security features bypass (CVE-ID: CVE-2023-6860)
The vulnerability allows a remote attacker to bypass implemented security restrictions.
The vulnerability exists due to VideoBridge lack of texture validation. A remote attacker can trick the victim to open a specially crafted website, escape the sandbox and gain access to sensitive information.
66) Reliance on undefined behavior (CVE-ID: CVE-2023-6863)
The vulnerability allows a remote attacker to perform a denial of service attack.
The vulnerability exists due to reliance on undefined behavior in ShutdownObserver(). A remote attacker can crash the browser.
67) Improper handling of exceptional conditions (CVE-ID: CVE-2023-6866)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to improper handling of errors in TypedArrays. A remote attacker can trick the victim to open a specially crafted website and perform a denial of service (DoS) attack.
68) Multiple Interpretations of UI Input (CVE-ID: CVE-2023-6869)
The vulnerability allows a remote attacker to perform spoofing attack.
The vulnerability exists due to an error when displaying browser content. A <dialog> element can be manipulated to paint content outside of a sandboxed iframe, which could allow untrusted content to display under the guise of trusted content.
69) Unchecked Return Value (CVE-ID: CVE-2024-0743)
The vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to an unchecked return value in TLS handshake code in NSS TLS method. A remote attacker can trick the victim to visit a specially crafted website and execute arbitrary code on the system.
70) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2024-0748)
The vulnerability allows a remote attacker to perform spoofing attack.
The vulnerability exists due to application does not properly impose security restrictions. A compromised content process could have updated the document URI. This could have allowed an attacker to set an arbitrary URI in the address bar or history.
71) Resource management error (CVE-ID: CVE-2024-0754)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to improper management of internal resources when handling WASM source files. A remote attacker can pass specially crafted data to the application and perform a denial of service (DoS) attack.
72) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2024-10458)
The vulnerability allows a remote attacker to bypass implemented security restrictions.
The vulnerability exists due to a permission leak via embed or object elements. A remote attacker can create a specially crafted webpage that embeds a trusted website and force the browser to inherit permissions from this trusted website.
73) Use-after-free (CVE-ID: CVE-2024-10459)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error in layout with accessibility. A remote attacker can trick the victim into visiting a specially crafted website, trigger a use-after-free error and execute arbitrary code on the system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
74) Insufficient UI Warning of Dangerous Operations (CVE-ID: CVE-2024-10460)
The vulnerability allows a remote attacker to perform spoofing attack.
The vulnerability exists due to the origin of an external protocol handler prompt can be obscured using a "data:" URL within an iframe. A remote attacker can perform spoofing attack.
75) Universal cross-site scripting (CVE-ID: CVE-2024-10461)
The disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data when handling multipart/x-mixed-replace responses. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of any website.
Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.
76) Spoofing attack (CVE-ID: CVE-2024-10462)
The vulnerability allows a remote attacker to perform spoofing attack.
The vulnerability exists due to the browser truncates long URLs when displaying origin of permission prompt. A remote attacker can perform a spoofing attack by providing an overly long URL that looks like a trusted domain name.
77) Information disclosure (CVE-ID: CVE-2024-10463)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a cross-origin video frame leak. A remote attacker can trick the victim into visiting a specially crafted website and access video frames cross-origin from a different browser tab.
78) Resource management error (CVE-ID: CVE-2024-10464)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to repeated writes to history interface attributes. A remote attacker can crash the browser.
79) Insufficient UI Warning of Dangerous Operations (CVE-ID: CVE-2024-10465)
The vulnerability allows a remote attacker to perform spoofing attack.
The vulnerability exists due to a clipboard "paste" button persists across different tabs. A remote attacker can trick the victim into pasting content into a malicious tab.
80) Resource management error (CVE-ID: CVE-2024-10466)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to improper management of internal resources within the application when handling DOM push subscriptions. A remote attacker can send specially crafted data to the browser and crash it.
81) Buffer overflow (CVE-ID: CVE-2024-10467)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when processing HTML content. A remote attacker can create a specially crafted website, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
82) Input validation error (CVE-ID: CVE-2024-10941)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input when handling an iframe with a malformed URI. A remote attacker can trick the victim into opening a specially crafted web page and crash the browser.
83) Spoofing attack (CVE-ID: CVE-2024-1547)
The vulnerability allows a remote attacker to perform spoofing attack.
The vulnerability exists due to incorrect processing of user-supplied data. A remote attacker can use a series of API calls and redirects to display an attacker-controlled alert dialog on another website (with the victim website's URL shown).
84) Spoofing attack (CVE-ID: CVE-2024-1548)
The vulnerability allows a remote attacker to perform spoofing attack.
The vulnerability exists due to incorrect processing of user-supplied data. A remote attacker can hide the fullscreen notification by using a dropdown select input element.
85) Spoofing attack (CVE-ID: CVE-2024-1549)
The vulnerability allows a remote attacker to perform spoofing attack.
The vulnerability exists due to incorrect processing of user-supplied data. A remote attacker can use a malicious website to set a large custom cursor, portions of the which can overlap with the permission dialog, potentially resulting in user confusion and unexpected granted permissions.
86) Spoofing attack (CVE-ID: CVE-2024-1550)
The vulnerability allows a remote attacker to perform spoofing attack.
The vulnerability exists due to incorrect processing of user-supplied data. A remote attacker can use a combination of exiting fullscreen mode and `requestPointerLock` to cause the user's mouse to be re-positioned unexpectedly, which could have led to user confusion and inadvertently granting permissions they did not intend to grant.
87) Input validation error (CVE-ID: CVE-2024-1551)
The vulnerability allows a remote attacker to bypass implemented security restrictions.
The vulnerability exists due to insufficient validation of user-supplied input when processing Set-Cookie response headers in multipart HTTP responses. A remote attacker who controls the Content-Type response header and part of the response body can inject Set-Cookie response headers that are honored by the browser.
88) Buffer overflow (CVE-ID: CVE-2024-1553)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when processing HTML content. A remote attacker can create a specially crafted website, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
89) Resource management error (CVE-ID: CVE-2024-1554)
The vulnerability allows a remote attacker to poison browser cache.
The vulnerability exists due to the fetch() API and navigation incorrectly share the same cache, as the cache key does not include the optional headers the fetch() API may contain. A remote attacker can poison the local browser cache by priming it with a fetch() response controlled by the additional headers. Upon navigation to the same URL, the user would see the cached response instead of the expected response.
90) Security features bypass (CVE-ID: CVE-2024-1555)
The vulnerability allows a remote attacker to bypass implemented security restrictions.
The vulnerability exists due to browser does not properly respect SameSite cookies when the website is opened using the "firefox://" protocol handler. A remote attacker can bypass implemented security restrictions and gain access to sensitive information.
91) Release of invalid pointer or reference (CVE-ID: CVE-2024-1556)
The vulnerability allows a remote attacker to crash the browser.
The vulnerability exists due to invalid memory access when the profiler is running in the browser. A remote attacker can trick the victim to visit a specially crafted website and crash the browser.
92) Buffer overflow (CVE-ID: CVE-2024-1557)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when processing HTML content. A remote attacker can create a specially crafted website, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
93) Input validation error (CVE-ID: CVE-2024-2606)
The vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to incorrect processing of WASM register values, which leads to arbitrary integers turning into pointer values. A remote attacker can execute arbitrary code on the system.
94) Buffer overflow (CVE-ID: CVE-2024-2607)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to the JIT code fails to save return registers on Armv7-A systems. A remote attacker can execute arbitrary code on the system.
95) Integer overflow (CVE-ID: CVE-2024-2608)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to integer overflow within the AppendEncodedAttributeValue(), ExtraSpaceNeededForAttrEncoding() and AppendEncodedCharacters() function. A remote attacker can trick the victim to visit a specially crafted website, trigger an integer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
96) Multiple Interpretations of UI Input (CVE-ID: CVE-2024-2609)
The vulnerability allows a remote attacker to perform clickjacking attack.
The vulnerability exists due to the permission prompt input delay can expire while the window is not in focus. A remote attacker can trick the victim to visit a specially crafted website and perform a clickjacking attack.
97) Security features bypass (CVE-ID: CVE-2024-2610)
The vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to an error when handling HTML code. A remote attacker with ability to inject HTML code into the page (e.g. using an XSS vulnerability) can obtain CSP nonce and bypass strict content security policies.
98) Multiple Interpretations of UI Input (CVE-ID: CVE-2024-2611)
The vulnerability allows a remote attacker to perform clickjacking attack.
The vulnerability exists due to a missing delay on the pointer lock. A remote attacker can trick the victim to visit a specially crafted website and perform a clickjacking attack.
99) Use-after-free (CVE-ID: CVE-2024-2612)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error when processing HTML content. A remote attacker can trick the victim to visit a specially crafted website to trigger a particular code path in SafeRefPtr and execute arbitrary code on the system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
100) Resource exhaustion (CVE-ID: CVE-2024-2613)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to improper validation of data when decoding a QUIC ACK frame. A remote attacker can trick the victim to visit a specially crafted website and consume excessive memory resources.
101) Buffer overflow (CVE-ID: CVE-2024-2614)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when processing HTML content. A remote attacker can create a specially crafted webpage, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
102) Buffer overflow (CVE-ID: CVE-2024-2615)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when processing HTML input. A remote attacker can create a specially crafted website, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
103) Resource exhaustion (CVE-ID: CVE-2024-2616)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to application does not properly control consumption of internal resources. A remote attacker can trigger resource exhaustion and perform a denial of service (DoS) attack.
104) Out-of-bounds write (CVE-ID: CVE-2024-29943)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to an error during range-based bounds check elimination when processing JavaScript objects. A remote attacker can create a specially crafted website, trick the victim into opening it, trigger an out-of-bounds write and execute arbitrary code on the target system.
105) Code Injection (CVE-ID: CVE-2024-29944)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to improper input validation. A remote attacker can send trick the victim to visit a specially crafted website, inject an event handler into a privileged object and execute arbitrary JavaScript on the system within the parent process.
Successful exploitation of the vulnerability may allow remote code execution.
106) Resource exhaustion (CVE-ID: CVE-2024-3302)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to application does not properly control consumption of internal resources when handling HTTP/2 CONTINUATION frames. A remote attacker can trick the victim to visit a specially crated website and perform a denial of service (DoS) attack.
107) Processor optimization removal or modification of security-critical code (CVE-ID: CVE-2024-3852)
The vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to GetBoundName can return the wrong version of an object when JIT optimizations were applied. A remote attacker can abuse such behavior to execute arbitrary code on the system.
108) Use-after-free (CVE-ID: CVE-2024-3853)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error. A remote attacker can trick the victim to visit a specially crafted website and execute arbitrary code on the system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
109) Processor optimization removal or modification of security-critical code (CVE-ID: CVE-2024-3854)
The vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to incorrect optimization, when some code patterns in the JIT incorrectly optimized switch statements and generated code with out-of-bounds-reads. A remote attacker can abuse such behavior to execute arbitrary code on the system.
110) Processor optimization removal or modification of security-critical code (CVE-ID: CVE-2024-3855)
The vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to JIT incorrectly optimized MSubstr operations. A remote attacker can trick the victim to visit a specially crafted website, trigger an out-of-bounds read and potentially compromise the affected system.
111) Use-after-free (CVE-ID: CVE-2024-3856)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error during WASM garbage collection. A remote attacker can trick the victim to visit a specially crafted website and execute arbitrary code on the system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
112) Processor optimization removal or modification of security-critical code (CVE-ID: CVE-2024-3857)
The vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to incorrect optimization when JIT created incorrect code for arguments in certain cases. A remote attacker can abuse such behavior to execute arbitrary code on the system.
113) Buffer overflow (CVE-ID: CVE-2024-3858)
The vulnerability allows a remote attacker to crash the browser.
The vulnerability exists due to a boundary error when processing JavaScript. A remote attacker can mutate a JavaScript object so that the JIT could crash while tracing it.
114) Integer overflow (CVE-ID: CVE-2024-3859)
The vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to integer overflow when handling OpenType fonts. A remote attacker can trick the victim to visit a specially crafted website and gain access to sensitive information.
115) Resource exhaustion (CVE-ID: CVE-2024-3860)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to application does not properly control consumption of internal resources when tracing empty shape lists. A remote attacker can trigger resource exhaustion and perform a denial of service (DoS) attack.
116) Use-after-free (CVE-ID: CVE-2024-3861)
The vulnerability allows a remote attacker to crash the browser.
The vulnerability exists due to a use-after-free error. If an AlignedBuffer were assigned to itself, the subsequent self-move could result in an incorrect reference count and later use-after-free.
117) Access of uninitialized pointer (CVE-ID: CVE-2024-3862)
The vulnerability allows a remote attacker to crash the browser.
The vulnerability exists due to usage of uninitialized memory in MarkStack assignment operator. A remote attacker can trick the victim to visit the website and crash the browser.
118) Buffer overflow (CVE-ID: CVE-2024-3864)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when processing HTML content. A remote attacker can trick the victim to open a specially crafted website, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
119) Buffer overflow (CVE-ID: CVE-2024-3865)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when processing HTML content. A remote attacker can create a specially crafted website, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
120) Improper input validation (CVE-ID: CVE-2024-43097)
The vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation within the System component. A local application can execute arbitrary code.
121) Type Confusion (CVE-ID: CVE-2024-4367)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a type confusion error when handling fonts in PDF.js. A remote attacker can trick the victim to visit a specially crafted website, trigger a type confusion error and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
122) Use-after-free (CVE-ID: CVE-2024-4764)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error when handling newly connected audio input via multiple WebRTC threads. A remote attacker can trick the victim to open a specially crafted website and execute arbitrary code on the system.
123) Resource management error (CVE-ID: CVE-2024-4767)
The vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to browser does not delete IndexedDB files after browser window is closed if the `browser.privatebrowsing.autostart` preference is enabled. A local user can view the file and gain access to data browsed in private browsing mode.
124) Insufficient UI warning of dangerous operations (CVE-ID: CVE-2024-4768)
The vulnerability allows a remote attacker to perform clickjacking attack.
The vulnerability exists due to an error in the popup notifications' interaction with WebAuthn. A remote attacker can trick the victim into granting permissions to a malicious web application.
125) Information Exposure Through an Error Message (CVE-ID: CVE-2024-4769)
The vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to browser issues different error messages for application/javascript responses and non-script responses when importing resources using Web Workers. A remote attacker can trick the victim to visit a specially crafted website and learn information cross-origin
126) Use-after-free (CVE-ID: CVE-2024-4770)
The vulnerability allows a remote attacker to crash the browser.
The vulnerability exists due to a use-after-free error when saving a page to PDF. A remote attacker can trick the victim to save a specially crafted web page to PDF and crash the browser.
127) Use-after-free (CVE-ID: CVE-2024-4771)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error when processing HTML content. A remote attacker can trick the victim to visit a specially crafted website, trigger a use-after-free error and execute arbitrary code on the system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
128) Predictable Seed in Pseudo-Random Number Generator (PRNG) (CVE-ID: CVE-2024-4772)
The vulnerability allows a remote attacker to bypass authentication.
The vulnerability exists due to Firefox uses an insecure rand() function to generate nonce for HTTP digest authentication. A remote attacker can guess nonce and potentially gain unauthorized access to the victim's session.
129) Spoofing attack (CVE-ID: CVE-2024-4773)
The vulnerability allows a remote attacker to perform spoofing attack.
The vulnerability exists due to incorrect handling of network errors during page load, which could lead to the prior content to remain in view with a blank URL bar. A remote attacker can perform spoofing attack.
130) Buffer overflow (CVE-ID: CVE-2024-4775)
The vulnerability allows a remote attacker to perform DoS attack.
The vulnerability exists due to a boundary error when handling WASM code in the built-in profiler. A remote attacker can trick the victim to visit a specially crafted website and crash the browser.
Note, this issue only affects the application when the profiler is running.
131) Multiple Interpretations of UI Input (CVE-ID: CVE-2024-4776)
The vulnerability allows a remote attacker to disable the browser window.
The vulnerability exists due to an error when displaying a file dialog while in full-screen mode. A remote attacker can disable the browser window.
132) Buffer overflow (CVE-ID: CVE-2024-4777)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when processing HTML content. A remote attacker can create a specially crafted webpage, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
133) Buffer overflow (CVE-ID: CVE-2024-4778)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when processing HTML content. A remote attacker can create a specially crafted website, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
134) Use-after-free (CVE-ID: CVE-2024-5688)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error during JavaScript object transplant. A remote attacker can trick the victim to visit a specially crafted website, trigger memory corruption and execute arbitrary code on the system.
135) Information disclosure (CVE-ID: CVE-2024-5690)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to excessive data output about the external protocol handlers. A remote attacker can perform a timing attack and gain access to sensitive information.
136) Security features bypass (CVE-ID: CVE-2024-5691)
The vulnerability allows a remote attacker to bypass implemented security restrictions.
The vulnerability exists due to an error when handling the X-Frame-Options header. A sandboxed iframe could have presented a button that, if clicked by a user, would bypass restrictions to open a new window.
137) Security features bypass (CVE-ID: CVE-2024-5693)
The vulnerability allows a remote attacker to bypass implemented security restrictions.
The vulnerability exists due to Offscreen Canvas does not properly track cross-origin tainting. A remote attacker can access image data from another site in violation of same-origin policy.
138) Buffer overflow (CVE-ID: CVE-2024-5696)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when processing the text in an <input> tag. A remote attacker can create a specially crafted website, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
139) Information disclosure (CVE-ID: CVE-2024-5697)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to excessive data output by the application. A website was able to detect when a user took a screenshot of a page using the built-in Screenshot functionality in Firefox.
140) Race condition (CVE-ID: CVE-2024-6601)
The vulnerability allows a remote attacker to bypass implemented security restrictions.
The vulnerability exists due to a race condition in permission assignment. A remote attacker can trick the victim to visit a specially crafted website, bypass cross-origin container obtaining permissions of the top-level origin and gain access to sensitive information.
141) Buffer overflow (CVE-ID: CVE-2024-6602)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in NSS. A remote attacker can create a specially crafted web page, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
142) Buffer overflow (CVE-ID: CVE-2024-6603)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error in thread creation. A remote attacker can create a specially crafted website, trick the victim into opening it, trigger memory corruption and crash the browser.
143) Buffer overflow (CVE-ID: CVE-2024-6604)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when processing HTML content. A remote attacker can create a specially crafted website, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
144) Insufficient UI Warning of Dangerous Operations (CVE-ID: CVE-2024-6605)
The vulnerability allows a remote attacker to perform tapjacking attacks.
The vulnerability exists due to missing activation delay when interacting with permission prompts. A remote attacker can perform tapjacking attacks.
145) Out-of-bounds read (CVE-ID: CVE-2024-6606)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition in clipboard component. A remote attacker can create a specially crafted website, trick the victim into opening it, trigger an out-of-bounds read error and read contents of memory on the system.
146) Insufficient UI Warning of Dangerous Operations (CVE-ID: CVE-2024-6607)
The vulnerability allows a remote attacker to bypass implemented security restrictions.
The vulnerability exists due to the way the browsers handles escape button and pointerlock. It was possible to prevent a user from exiting pointerlock when pressing
escape
and to overlay customValidity notifications from a <select> element over certain
permission prompts. This could be used to confuse a user into giving a site unintended permissions.
147) Insufficient UI Warning of Dangerous Operations (CVE-ID: CVE-2024-6608)
The vulnerability allows a remote attacker to perform spoofing attack.
The vulnerability exists due to an error when handling cursor and pointerlock. It was possible to move the cursor using pointerlock from an iframe. This allowed moving the cursor outside of the viewport and the Firefox window.
148) Double free (CVE-ID: CVE-2024-6609)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error in NSS. A remote attacker can force the browser to free an elliptic curve key which was never allocated and crash the browser.
149) Unimplemented or Unsupported Feature in UI (CVE-ID: CVE-2024-6610)
The vulnerability allows a remote attacker to perform spoofing attack.
The vulnerability exists due to an error in form validation popups. A remote attacker can spam form validation messages to prevent users from exiting full-screen mode.
150) Information disclosure (CVE-ID: CVE-2024-6611)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to SameSite=Strict or Lax cookies could be sent to a nested iframe. A remote attacker can gain access to potentially sensitive information.
151) Security features bypass (CVE-ID: CVE-2024-6612)
The vulnerability allows a remote attacker to bypass CSP protection mechanism.
The vulnerability exists due to CSP violation leakage when using devtools. CSP violations generated links in the console tab of the developer tools, pointing to the violating resource. This caused a DNS prefetch which leaked that a CSP violation happened.
152) Infinite loop (CVE-ID: CVE-2024-6613)
The vulnerability allows a remote attacker to alter trace data,
The vulnerability exists due to infinite loop. The frame iterator could get stuck in a loop when encountering certain wasm frames leading to incorrect stack traces.
153) Infinite loop (CVE-ID: CVE-2024-6614)
The vulnerability allows a remote attacker to alter trace data.
The vulnerability exists due to infinite loop. The frame iterator could get stuck in a loop when encountering certain wasm frames leading to incorrect stack traces.
154) Buffer overflow (CVE-ID: CVE-2024-6615)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when processing HTML content. A remote attacker can create a specially crafted website, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
155) Out-of-bounds read (CVE-ID: CVE-2024-7519)
The vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to a boundary error when processing
graphics shared memory. A remote attacker can create a specially crafted
website, trick the victim into opening it, trigger an out-of-bounds read and bypass browser sandbox.
156) Use-after-free (CVE-ID: CVE-2024-7521)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error in WebAssembly. A remote attacker can trick the victim to visit a specially crafted website, trigger a use-after-free error and execute arbitrary code on the system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
157) Out-of-bounds read (CVE-ID: CVE-2024-7522)
The vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to a boundary error in editor component. A remote attacker can create a specially crafted website, trick the victim into opening it, trigger an out-of-bounds read and bypass browser sandbox.
158) Security features bypass (CVE-ID: CVE-2024-7524)
The vulnerability allows a remote attacker to bypass CSP policy.
Firefox adds web-compatibility shims in place of some tracking scripts blocked by Enhanced Tracking Protection. On a site protected by Content Security Policy in "strict-dynamic" mode, an attacker able to inject an HTML element could have used a DOM Clobbering attack on some of the shims and achieved XSS, bypassing the CSP strict-dynamic protection.
159) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2024-7525)
The vulnerability allows a remote attacker to bypass implemented security restrictions.
The vulnerability exists due missing permission check when creating a StreamFilter. A web extension with minimal permissions can create a StreamFilter, which can be used to read and modify the response body of requests on any site.
160) Use of uninitialized resource (CVE-ID: CVE-2024-7526)
The vulnerability allows a remote attacker to bypass certain security restrictions.
The vulnerability exists due to usage of uninitialized resources in WebGL ANGLE. A remote attacker can trick the victim to visit a specially crafted website and gain access to sensitive information.
161) Use-after-free (CVE-ID: CVE-2024-7527)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error in JavaScript garbage collection. A remote attacker can trick the victim into visiting a specially crafted website, trigger a use-after-free error and execute arbitrary code on the system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
162) Multiple Interpretations of UI Input (CVE-ID: CVE-2024-7529)
The vulnerability allows a remote attacker to perform spoofing attack.
The vulnerability exist due to improper handling of the date picker, which can obscure security prompts. A remote attacker use a malicious site to trick a victim into granting permissions.
163) Cryptographic issues (CVE-ID: CVE-2024-7531)
The vulnerability allows a remote attacker to gain access to sensitive information.
Calling PK11_Encrypt() in NSS using CKM_CHACHA20 and the same buffer for input and output can result in plaintext on an Intel Sandy Bridge processor. In Firefox this only affects the QUIC header protection feature when the connection is using the ChaCha20-Poly1305 cipher suite. The most likely outcome is connection failure, but if the connection persists despite the high packet loss it could be possible for a network observer to identify packets as coming from the same source despite a network path change.
164) Type Confusion (CVE-ID: CVE-2024-7652)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a type confusion error in the ECMA-262 specification relating to Async Generators. A remote attacker can trick the victim into visiting a specially crafted website, trigger a type confusion error and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
165) Type Confusion (CVE-ID: CVE-2024-8381)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a type confusion error when looking up a property name in a "with" block. A remote attacker can trick the victim into visiting a specially crafted website, trigger a type confusion error and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
166) Exposed dangerous method or function (CVE-ID: CVE-2024-8382)
The vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to internal browser event interfaces are exposed to web content when privileged EventHandler listener callbacks ran for those events. A remote attacker can indicate usage of certain browser features, such as when a user opens the Dev Tools console.
167) Improper Authorization in Handler for Custom URL Scheme (CVE-ID: CVE-2024-8383)
The vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to a missing confirmation dialog when opening the Usenet-related schemes "news:" and "snews:". A remote attacker can trick the victim into downloading a malicious application that can be launched at will without any additional prompts.
168) Buffer overflow (CVE-ID: CVE-2024-8384)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in JavaScript garbage collector when HTML content. A remote attacker can trick the victim into visiting a specially crafted website, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
169) Security features bypass (CVE-ID: CVE-2024-9392)
The vulnerability allows a remote attacker to bypass implemented security restrictions.
The vulnerability exists due to an unspecified error. A compromised content process perform arbitrary loading of cross-origin pages.
170) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2024-9393)
The vulnerability allows a remote attacker to bypass implemented security restrictions.
The vulnerability exists due to application does not properly impose security restrictions. A remote attacker can use a specially crafted multipart response to execute arbitrary JavaScript under the resource://pdf.js origin and access cross-origin PDF content.
Note, this access is limited to "same site" documents by the Site Isolation feature on desktop clients, however the full cross-origin access is possible on Android installations.
171) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2024-9394)
The vulnerability allows a remote attacker to bypass implemented security restrictions.
The vulnerability exists due to application does not properly impose security restrictions. A remote attacker can send a specially crafted multipart response and execute arbitrary JavaScript under the resource://devtools origin. This could allow them to access cross-origin JSON content.
Note, this access is limited to "same site" documents by the Site Isolation feature on desktop clients, however full cross-origin access is possible on Android.
172) Buffer overflow (CVE-ID: CVE-2024-9396)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when cloning certain objects. A remote attacker can create a specially crafted website, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
173) Insufficient UI Warning of Dangerous Operations (CVE-ID: CVE-2024-9397)
The vulnerability allows a remote attacker to perform clickjacking attacks.
The vulnerability exists due to a missing delay in directory upload UI. A remote attacker can trick a user into granting permission via clickjacking.
174) Information disclosure (CVE-ID: CVE-2024-9398)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a possibility to enumerate protocol handlers via the window.open() call. A remote attacker can enumerate installed applications on the system.
175) Input validation error (CVE-ID: CVE-2024-9399)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input when handling WebTransport. A remote attacker can trick the victim into visiting a specially crafted website and crash the browser.
176) Resource exhaustion (CVE-ID: CVE-2024-9400)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to application does not properly control consumption of internal resources during JIT compilation. A remote attacker can crash the browser.
177) Buffer overflow (CVE-ID: CVE-2024-9401)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when processing HTML content. A remote attacker can create a specially crafted website, trick the victim into visiting it, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
178) Buffer overflow (CVE-ID: CVE-2024-9402)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when processing HTML content. A remote attacker can create a specially crafted website, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
179) Use-after-free (CVE-ID: CVE-2024-9680)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error in Animation timeline. A remote attacker can trick the victim into visiting a specially crafted website, trigger a use-after-free error and execute arbitrary code on the system.
Note, the vulnerability is being actively exploited in the wild.
180) Use-after-free (CVE-ID: CVE-2025-1931)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error in WebTransportChild. A remote attacker can trick the victim into visiting a specially crafted website, trigger a use-after-free in the content process side of a WebTransport connection and execute arbitrary code on the system.
181) Out-of-bounds write (CVE-ID: CVE-2025-1932)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to inconsistent comparison in xslt/txNodeSorter. A remote attacker can trick the victim into visiting a specially crafted web page, trigger an out-of-bounds write and execute arbitrary code on the target system.
182) Buffer overflow (CVE-ID: CVE-2025-1933)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error on 64-bit CPUs, when the JIT compiles WASM i32 return values they can pick up bits from left over memory. A remote attacker can trick the victim into visiting a specially crafted web page, trigger memory corruption and execute arbitrary code on the target system.
183) Resource management error (CVE-ID: CVE-2025-1934)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to improper management of internal resources within the application. A remote attacker interrupt the processing of a RegExp bailout and run additional JavaScript, potentially triggering garbage collection when the engine was not expecting it.
184) Improper Restriction of Rendered UI Layers or Frames (CVE-ID: CVE-2025-1935)
The vulnerability allows a remote attacker to perform clickjacking attack.
The vulnerability exists due to the way the registerProtocolHandler info-bar handles events. A remote attacker can trick the victim into setting a malicious site as the default handler for a custom URL protocol.
185) Input validation error (CVE-ID: CVE-2025-1936)
The vulnerability allows a remote attacker to bypass security restrictions.
The vulnerability exists due to insufficient validation of a null-byte character (e.g. %00) in the filename when retrieving local file content packaged in a ZIP archive via jar: URLs. The null and everything after it is ignored when retrieving the content from the archive, but the fake extension after the null is used to determine the type of content. A remote attacker can hide code in a web extension disguised as a safe file, such as an image.
186) Buffer overflow (CVE-ID: CVE-2025-1937)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when processing HTML content. A remote attacker can trick the victim into visiting a specially crafted web page, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
187) Buffer overflow (CVE-ID: CVE-2025-1938)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when processing HTML content. A remote attacker can trick the victim into visiting a specially crafted website, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
Remediation
Install update from vendor's website.