VYPR

Firefox

by Mozilla Corporation

Source repositories

CVEs (3,179)

  • CVE-2023-34416CriJun 19, 2023
    risk 0.64cvss 9.8epss 0.01

    Memory safety bugs present in Firefox 113, Firefox ESR 102.11, and Thunderbird 102.12. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox…

  • CVE-2023-29542CriJun 19, 2023
    risk 0.64cvss 9.8epss 0.01

    A newline in a filename could have been used to bypass the file extension security mechanisms that replace malicious file extensions such as .lnk with .download. This could have led to accidental execution of malicious code. *This bug only affects Firefox and Thunderbird on…

  • CVE-2023-25736CriJun 19, 2023
    risk 0.64cvss 9.8epss 0.01

    An invalid downcast from `nsHTMLDocument` to `nsIContent` could have lead to undefined behavior. This vulnerability affects Firefox < 110.

  • CVE-2023-32216CriJun 19, 2023
    risk 0.64cvss 9.8epss 0.01

    Mozilla developers and community members Ronald Crane, Andrew McCreight, Randell Jesup and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 112. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these…

  • CVE-2023-29531CriJun 19, 2023
    risk 0.64cvss 9.8epss 0.01

    An attacker could have caused an out of bounds memory access using WebGL APIs, leading to memory corruption and a potentially exploitable crash. *This bug only affects Firefox and Thunderbird for macOS. Other operating systems are unaffected.* This vulnerability affects…

  • CVE-2022-46882CriDec 22, 2022
    risk 0.64cvss 9.8epss 0.01

    A use-after-free in WebGL extensions could have led to a potentially exploitable crash. This vulnerability affects Firefox < 107, Firefox ESR < 102.6, and Thunderbird < 102.6.

  • CVE-2022-45406CriDec 22, 2022
    risk 0.64cvss 9.8epss 0.01

    If an out-of-memory condition occurred when creating a JavaScript global, a JavaScript realm may be deleted while references to it lived on in a BaseShape. This could lead to a use-after-free causing a potentially exploitable crash. This vulnerability affects Firefox ESR <…

  • CVE-2022-36320CriDec 22, 2022
    risk 0.64cvss 9.8epss 0.01

    Mozilla developers and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 102. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability…

  • CVE-2022-34485CriDec 22, 2022
    risk 0.64cvss 9.8epss 0.01

    Mozilla developers Bryce Seager van Dyk and the Mozilla Fuzzing Team reported potential vulnerabilities present in Firefox 101. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary…

  • CVE-2022-34476CriDec 22, 2022
    risk 0.64cvss 9.8epss 0.01

    ASN.1 parsing of an indefinite SEQUENCE inside an indefinite GROUP could have resulted in the parser accepting malformed ASN.1. This vulnerability affects Firefox < 102.

  • CVE-2022-34470CriDec 22, 2022
    risk 0.64cvss 9.8epss 0.01

    Session history navigations may have led to a use-after-free and potentially exploitable crash. This vulnerability affects Firefox < 102, Firefox ESR < 91.11, Thunderbird < 102, and Thunderbird < 91.11.

  • CVE-2022-31748CriDec 22, 2022
    risk 0.64cvss 9.8epss 0.01

    Mozilla developers Gabriele Svelto, Timothy Nikkel, Randell Jesup, Jon Coppeard, and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 100. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could…

  • CVE-2022-31747CriDec 22, 2022
    risk 0.64cvss 9.8epss 0.01

    Mozilla developers Andrew McCreight, Nicolas B. Pierron, and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 100 and Firefox ESR 91.9. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have…

  • CVE-2022-31737CriDec 22, 2022
    risk 0.64cvss 9.8epss 0.01

    A malicious webpage could have caused an out-of-bounds write in WebGL, leading to memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird < 91.10, Firefox < 101, and Firefox ESR < 91.10.

  • CVE-2022-31736CriDec 22, 2022
    risk 0.64cvss 9.8epss 0.01

    A malicious website could have learned the size of a cross-origin resource that supported Range requests. This vulnerability affects Thunderbird < 91.10, Firefox < 101, and Firefox ESR < 91.10.

  • CVE-2022-29917CriDec 22, 2022
    risk 0.64cvss 9.8epss 0.01

    Mozilla developers Andrew McCreight, Gabriele Svelto, Tom Ritter and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 99 and Firefox ESR 91.8. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these…

  • CVE-2021-4129CriDec 22, 2022
    risk 0.64cvss 9.8epss 0.01

    Mozilla developers and community members Julian Hector, Randell Jesup, Gabriele Svelto, Tyson Smith, Christian Holler, and Masayuki Nakano reported memory safety bugs present in Firefox 94. Some of these bugs showed evidence of memory corruption and we presume that with enough…

  • CVE-2021-4127CriDec 22, 2022
    risk 0.64cvss 9.8epss 0.01

    An out of date graphics library (Angle) likely contained vulnerabilities that could potentially be exploited. This vulnerability affects Thunderbird < 78.9 and Firefox ESR < 78.9.

  • CVE-2021-29971CriAug 5, 2021
    risk 0.64cvss 9.8epss 0.01

    If a user had granted a permission to a webpage and saved that grant, any webpage running on the same host - irrespective of scheme or port - would be granted that permission. *This bug only affects Firefox for Android. Other operating systems are unaffected.*. This…

  • CVE-2020-26972CriJan 7, 2021
    risk 0.64cvss 9.8epss 0.01

    The lifecycle of IPC Actors allows managed actors to outlive their manager actors; and the former must ensure that they are not attempting to use a dead actor they have a reference to. Such a check was omitted in WebGL, resulting in a use-after-free and a potentially exploitable…

Page 10 of 159