Mozilla » Firefox Esr : Security Vulnerabilities, CVEs, CVSS score between 3 and 3.99
The error page for sites with invalid TLS certificates was missing the
activation-delay Firefox uses to protect prompts and permission dialogs
from attacks that exploit human response time delays. If a malicious
page elicited user clicks in precise locations immediately before
navigating to a site with a certificate error and made the renderer
extremely busy at the same time, it could create a gap between when
the error page was loaded and when the display actually refreshed.
With the right timing the elicited clicks could land in that gap and
activate the button that overrides the certificate error for that site. This vulnerability affects Firefox ESR < 102.12, Firefox < 114, and Thunderbird < 102.12.
Max CVSS
3.1
EPSS Score
0.06%
Published
2023-06-19
Updated
2024-01-07
Race condition in the Mozilla Maintenance Service in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 on Windows allows local users to write to arbitrary files and consequently gain privileges via vectors involving a hard link to a log file during an update.
Max CVSS
3.3
EPSS Score
0.05%
Published
2015-08-16
Updated
2018-10-30
2 vulnerabilities found