|
198751
|
8.8 |
HIGH
Network
|
mozilla
|
firefox
firefox_esr
thunderbird
|
Using the new logical assignment operators in a JavaScript switch statement could have caused a type confusion, leading to a memory corruption and a potentially exploitable crash. This vulnerability …
|
CWE-843
Type Confusion
|
CVE-2021-23954
|
2024-11-21 14:52 |
2021-02-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198752
|
4.3 |
MEDIUM
Network
|
mozilla
|
firefox
firefox_esr
thunderbird
|
If a user clicked into a specifically crafted PDF, the PDF reader could be confused into leaking cross-origin information, when said information is served as chunked data. This vulnerability affects …
|
NVD-CWE-noinfo
|
CVE-2021-23953
|
2024-11-21 14:52 |
2021-02-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198753
|
8.1 |
HIGH
Network
|
mozilla
|
firefox
|
When accepting a malicious intent from other installed apps, Firefox for Android accepted manifests from arbitrary file paths and allowed declaring webapp manifests for other origins. This could be u…
|
CWE-1021
Improper Restriction of Rendered UI Layers or Frames
|
CVE-2021-23976
|
2024-11-21 14:52 |
2021-02-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198754
|
6.5 |
MEDIUM
Network
|
mozilla
|
firefox
|
The developer page about:memory has a Measure function for exploring what object types the browser has allocated and their sizes. When this function was invoked we incorrectly called the sizeof funct…
|
CWE-862
Missing Authorization
|
CVE-2021-23975
|
2024-11-21 14:52 |
2021-02-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198755
|
6.1 |
MEDIUM
Network
|
mozilla
|
firefox
|
The DOMParser API did not properly process '<noscript>' elements for escaping. This could be used as an mXSS vector to bypass an HTML Sanitizer. This vulnerability affects Firefox < 86.
|
NVD-CWE-noinfo
|
CVE-2021-23974
|
2024-11-21 14:52 |
2021-02-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198756
|
6.5 |
MEDIUM
Network
|
mozilla
debian
|
firefox
firefox_esr
thunderbird
debian_linux
|
When trying to load a cross-origin resource in an audio/video context a decoding error may have resulted, and the content of that error may have revealed information about the resource. This vulnerab…
|
CWE-209
Information Exposure Through an Error Message
|
CVE-2021-23973
|
2024-11-21 14:52 |
2021-02-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198757
|
8.8 |
HIGH
Network
|
mozilla
|
firefox
|
One phishing tactic on the web is to provide a link with HTTP Auth. For example 'https://www.phishingtarget.com@evil.com'. To mitigate this type of attack, Firefox will display a warning dialog; howe…
|
NVD-CWE-noinfo
|
CVE-2021-23972
|
2024-11-21 14:52 |
2021-02-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198758
|
6.5 |
MEDIUM
Network
|
mozilla
|
firefox
|
When processing a redirect with a conflicting Referrer-Policy, Firefox would have adopted the redirect's Referrer-Policy. This would have potentially resulted in more information than intended by the…
|
NVD-CWE-noinfo
|
CVE-2021-23971
|
2024-11-21 14:52 |
2021-02-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198759
|
6.5 |
MEDIUM
Network
|
mozilla
|
firefox
|
Context-specific code was included in a shared jump table; resulting in assertions being triggered in multithreaded wasm code. This vulnerability affects Firefox < 86.
|
CWE-617
Reachable Assertion
|
CVE-2021-23970
|
2024-11-21 14:52 |
2021-02-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198760
|
4.3 |
MEDIUM
Network
|
mozilla
debian
|
firefox
firefox_esr
thunderbird
debian_linux
|
As specified in the W3C Content Security Policy draft, when creating a violation report, "User agents need to ensure that the source file is the URL requested by the page, pre-redirects. If that’s no…
|
NVD-CWE-noinfo
|
CVE-2021-23969
|
2024-11-21 14:52 |
2021-02-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
