High
Mozilla Firefox could allow a remote attacker to execute arbitrary code on the system, caused by an error during invalid object state. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to execute script on the vulnerable system.
Mozilla Firefox could allow a remote attacker to execute arbitrary code on the system, caused by memory safety bugs within the browser engine. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability using unknown attack vectors to execute arbitrary code on the vulnerable system or cause a denial of service.
Mozilla Firefox could allow a remote attacker to execute arbitrary code on the system, caused by memory safety bugs within the browser engine. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability using unknown attack vectors to execute arbitrary code on the vulnerable system or cause a denial of service.
Mozilla Firefox could allow a remote attacker to conduct spoofing attacks. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to display JavaScript Dialogs over other domains.
Mozilla Firefox could allow a remote attacker to bypass security restrictions, caused by the failure to enforce frame-ancestors Content Security Policy directive for framed extension By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to bypass security restrictions.
Mozilla Firefox could allow a remote attacker to obtain sensitive information, caused by error messages would distinguishing the difference between application/javascript responses and non-script responses. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to learn information cross-origin.
Mozilla Firefox could allow a remote attacker to bypass security restrictions, caused by an error if a document created a sandboxed iframe without allow-scripts. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to allow sandboxed iframes to execute script if the parent appended elements.
Mozilla Firefox could allow a remote attacker to bypass security restrictions, caused by the sending of USSD codes when clicking on a tel: link. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to perform actions on a user’s account.
Mozilla Firefox could allow a remote attacker to bypass security restrictions, caused by the failure to validate the Host or Origin headers by Remote Agent, used in WebDriver. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to allow local websites to connect back to the user’s browser to control it.
Mozilla Firefox could allow a remote attacker to execute arbitrary code on the system, caused by an error when dragging and dropping an image to their desktop. By persuading a victim to click on the image, a remote attacker could exploit this vulnerability to execute arbitrary code on the system.
Mozilla Firefox could allow a remote attacker to execute arbitrary code on the system, caused by an error when using XSL Transforms By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to execute arbitrary Javascript after a tab is closed.
Mozilla Firefox could allow a remote attacker to gain elevated privileges on the system, cause by a Time-of-Check Time-of-Use bug in the Maintenance (Updater) Service. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to gain SYSTEM privileges.
Mozilla
Refer to Mozilla Foundation Security Advisory for patch, upgrade or suggested workaround information.
For Firefox ESR 91.6
For Firefox 97