VYPR

Firefox

by Mozilla Corporation

Source repositories

CVEs (3,179)

  • CVE-2025-8037CriJul 22, 2025
    risk 0.59cvss 9.1epss 0.00

    Setting a nameless cookie with an equals sign in the value shadowed other cookies. Even if the nameless cookie was set over HTTP and the shadowed cookie included the `Secure` attribute. This vulnerability was fixed in Firefox 141, Firefox ESR 140.1, Thunderbird 141, and…

  • CVE-2025-6427CriJun 24, 2025
    risk 0.59cvss 9.1epss 0.00

    An attacker was able to bypass the `connect-src` directive of a Content Security Policy by manipulating subdocuments. This would have also hidden the connections from the Network tab in Devtools. This vulnerability was fixed in Firefox 140 and Thunderbird 140.

  • CVE-2025-4083CriApr 29, 2025
    risk 0.59cvss 9.1epss 0.00

    A process isolation vulnerability in Thunderbird stemmed from improper handling of javascript: URIs, which could allow content to execute in the top-level document's process instead of the intended frame, potentially enabling a sandbox escape. This vulnerability was fixed in…

  • CVE-2025-1941CriMar 4, 2025
    risk 0.59cvss 9.1epss 0.00

    Under certain circumstances, a user opt-in setting that Focus should require authentication before use could have been be bypassed (distinct from CVE-2025-0245). This vulnerability was fixed in Firefox 136.

  • CVE-2024-11705CriNov 26, 2024
    risk 0.59cvss 9.1epss 0.01

    `NSC_DeriveKey` inadvertently assumed that the `phKey` parameter is always non-NULL. When it was passed as NULL, a segmentation fault (SEGV) occurred, leading to crashes. This behavior conflicted with the PKCS#11 v3.0 specification, which allows `phKey` to be NULL for certain…

  • CVE-2024-4367HigMay 14, 2024
    risk 0.59cvss 8.8epss 0.73

    A type check was missing when handling fonts in PDF.js, which would allow arbitrary JavaScript execution in the PDF.js context. This vulnerability affects Firefox < 126, Firefox ESR < 115.11, and Thunderbird < 115.11.

  • CVE-2023-6856HigDec 19, 2023
    risk 0.59cvss 8.8epss 0.20

    The WebGL `DrawElementsInstanced` method was susceptible to a heap buffer overflow when used on systems with the Mesa VM driver. This issue could allow an attacker to perform remote code execution and sandbox escape. This vulnerability affects Firefox ESR < 115.6, Thunderbird <…

  • CVE-2022-2200HigDec 22, 2022
    risk 0.59cvss 8.8epss 0.24

    If an object prototype was corrupted by an attacker, they would have been able to set undesired attributes on a JavaScript object, leading to privileged code execution. This vulnerability affects Firefox < 102, Firefox ESR < 91.11, Thunderbird < 102, and Thunderbird < 91.11.

  • CVE-2022-1802HigDec 22, 2022
    risk 0.59cvss 8.8epss 0.27

    If an attacker was able to corrupt the methods of an Array object in JavaScript via prototype pollution, they could have achieved execution of attacker-controlled JavaScript code in a privileged context. This vulnerability affects Firefox ESR < 91.9.1, Firefox < 100.0.2, Firefox…

  • CVE-2022-1529HigDec 22, 2022
    risk 0.59cvss 8.8epss 0.17

    An attacker could have sent a message to the parent process where the contents were used to double-index into a JavaScript object, leading to prototype pollution and ultimately attacker-controlled JavaScript executing in the privileged parent process. This vulnerability affects…

  • CVE-2017-7774CriApr 15, 2019
    risk 0.59cvss 9.1epss 0.01

    Out-of-bounds read in Graphite2 Library in Firefox before 54 in graphite2::Silf::readGraphite function.

  • CVE-2017-7758CriJun 11, 2018
    risk 0.59cvss 9.1epss 0.03

    An out-of-bounds read vulnerability with the Opus encoder when the number of channels in an audio stream changes while the encoder is in use. This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and Thunderbird < 52.2.

  • CVE-2017-7753CriJun 11, 2018
    risk 0.59cvss 9.1epss 0.03

    An out-of-bounds read occurs when applying style rules to pseudo-elements, such as ::first-line, using cached style data. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55.

  • CVE-2017-5468CriJun 11, 2018
    risk 0.59cvss 9.1epss 0.02

    An issue with incorrect ownership model of "privateBrowsing" information exposed through developer tools. This can result in a non-exploitable crash when manually triggered during debugging. This vulnerability affects Firefox < 53.

  • CVE-2014-1508CriMar 19, 2014
    risk 0.59cvss 9.1epss 0.04

    The libxul.so!gfxContext::Polygon function in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allows remote attackers to obtain sensitive information from process memory, cause a denial of service (out-of-bounds read…

  • CVE-2025-4919HigMay 17, 2025
    risk 0.58cvss 8.8epss 0.06

    An attacker was able to perform an out-of-bounds read or write on a JavaScript object by confusing array index sizes. This vulnerability was fixed in Firefox 138.0.4, Firefox ESR 128.10.1, Firefox ESR 115.23.1, Thunderbird 128.10.2, and Thunderbird 138.0.2.

  • CVE-2018-12362HigOct 18, 2018
    risk 0.58cvss 8.8epss 0.04

    An integer overflow can occur during graphics operations done by the Supplemental Streaming SIMD Extensions 3 (SSSE3) scaler, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird < 60, Thunderbird < 52.9, Firefox ESR < 60.1, Firefox ESR < 52.9,…

  • CVE-2018-12359HigOct 18, 2018
    risk 0.58cvss 8.8epss 0.05

    A buffer overflow can occur when rendering canvas content while adjusting the height and width of the canvas element dynamically, causing data to be written outside of the currently computed boundaries. This results in a potentially exploitable crash. This vulnerability affects…

  • CVE-2018-5146HigJun 11, 2018
    risk 0.58cvss 8.8epss 0.12

    An out of bounds memory write while processing Vorbis audio data was reported through the Pwn2Own contest. This vulnerability affects Firefox < 59.0.1, Firefox ESR < 52.7.2, and Thunderbird < 52.7.

  • CVE-2018-5127HigJun 11, 2018
    risk 0.58cvss 8.8epss 0.08

    A buffer overflow can occur when manipulating the SVG "animatedPathSegList" through script. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.7, Firefox ESR < 52.7, and Firefox < 59.

Page 21 of 159