Mozilla Firefox could allow a remote attacker to obtain sensitive information. The JavaScript engine only wrote partial return value to stack. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to obtain sensitive information.

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: On arm64, a WASM br_table instruction with a large number of entries could lead to the label being too far from the instruction, causing truncation and incorrect computation of the branch address.

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Firefox executed javascript: URLs when used in object and embed tags.

Mozilla Firefox could allow a remote attacker to execute arbitrary code on the system, caused by insufficient escaping in the “Copy as cURL” feature. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability using unknown attack vectors to execute arbitrary code on the vulnerable system or cause a denial of service.

Mozilla Firefox could allow a remote attacker to bypass security restrictions, caused by incorrect URL stripping in CSP reports. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to bypass security restrictions.

Mozilla Firefox could allow a remote attacker to bypass security restrictions. The XSLT document loading did not correctly propagate the source document which bypassed its CSP. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to bypass security restrictions.

Mozilla Firefox is vulnerable to a denial of service, caused by the incorrect JavaScript state machine for generators. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to trigger a NULL pointer dereference error.

Mozilla Firefox could allow a remote attacker to execute arbitrary code on the system, caused by memory safety bugs within the browser engine. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability using unknown attack vectors to execute arbitrary code on the vulnerable system or cause a denial of service.

Mozilla Firefox could allow a remote attacker to execute arbitrary code on the system, caused by memory safety bugs within the browser engine. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability using unknown attack vectors to execute arbitrary code on the vulnerable system or cause a denial of service.