Firefox
Source repositories
CVEs (3,179)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-12312 | Hig | 0.49 | 7.5 | 0.00 | Jun 16, 2026 | Memory safety bug fixed in Thunderbird 152. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Thunderbird 152, and Thunderbird 140.12. | ||
| CVE-2026-12310 | Hig | 0.49 | 7.5 | 0.00 | Jun 16, 2026 | Memory safety bug fixed in Thunderbird 152. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Thunderbird 152, and Thunderbird 140.12. | ||
| CVE-2026-12305 | Hig | 0.49 | 7.5 | 0.00 | Jun 16, 2026 | Memory safety bug fixed in Thunderbird 152. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Thunderbird 152, and Thunderbird 140.12. | ||
| CVE-2026-10701 | Hig | 0.49 | 7.5 | 0.00 | Jun 2, 2026 | Incorrect boundary conditions in the Graphics: Text component. This vulnerability was fixed in Firefox 151.0.3. | ||
| CVE-2026-8968 | Hig | 0.49 | 7.5 | 0.00 | May 19, 2026 | Denial-of-service due to invalid pointer in the Audio/Video: Web Codecs component. This vulnerability was fixed in Firefox 151, Firefox ESR 140.11, Thunderbird 151, and Thunderbird 140.11. | ||
| CVE-2026-8967 | Hig | 0.49 | 7.5 | 0.00 | May 19, 2026 | Information disclosure in the Graphics: WebGPU component. This vulnerability was fixed in Firefox 151 and Thunderbird 151. | ||
| CVE-2026-8966 | Hig | 0.49 | 7.5 | 0.00 | May 19, 2026 | Information disclosure in the IP Protection component. This vulnerability was fixed in Firefox 151 and Thunderbird 151. | ||
| CVE-2026-8965 | Hig | 0.49 | 7.5 | 0.00 | May 19, 2026 | Information disclosure in the DOM: Security component. This vulnerability was fixed in Firefox 151 and Thunderbird 151. | ||
| CVE-2026-8964 | Hig | 0.49 | 7.5 | 0.00 | May 19, 2026 | Spoofing issue in the Popup Blocker component. This vulnerability was fixed in Firefox 151 and Thunderbird 151. | ||
| CVE-2026-8963 | Hig | 0.49 | 7.5 | 0.00 | May 19, 2026 | Spoofing issue in the Web Speech component. This vulnerability was fixed in Firefox 151 and Thunderbird 151. | ||
| CVE-2026-8960 | Hig | 0.49 | 7.5 | 0.00 | May 19, 2026 | Spoofing issue in WebExtensions. This vulnerability was fixed in Firefox 151 and Thunderbird 151. | ||
| CVE-2026-8954 | Hig | 0.49 | 7.5 | 0.00 | May 19, 2026 | Incorrect boundary conditions, integer overflow in the Audio/Video component. This vulnerability was fixed in Firefox 151, Firefox ESR 140.11, Thunderbird 151, and Thunderbird 140.11. | ||
| CVE-2026-8949 | Hig | 0.49 | 7.5 | 0.01 | May 19, 2026 | Integer overflow in the Widget: Win32 component. This vulnerability was fixed in Firefox 151, Firefox ESR 140.11, Thunderbird 151, and Thunderbird 140.11. | ||
| CVE-2026-8946 | Hig | 0.49 | 7.5 | 0.01 | May 19, 2026 | Incorrect boundary conditions in the Audio/Video: Web Codecs component. This vulnerability was fixed in Firefox 151, Firefox ESR 115.36, Firefox ESR 140.11, Thunderbird 151, and Thunderbird 140.11. | ||
| CVE-2026-8945 | Hig | 0.49 | 7.5 | 0.00 | May 19, 2026 | Sandbox escape in Firefox and Firefox Focus for Android. This vulnerability was fixed in Firefox 151. | ||
| CVE-2026-7320 | Hig | 0.49 | 7.5 | 0.00 | Apr 28, 2026 | Information disclosure due to incorrect boundary conditions in the Audio/Video component. This vulnerability was fixed in Firefox 150.0.1, Firefox ESR 140.10.1, Firefox ESR 115.35.1, Thunderbird 150.0.1, and Thunderbird 140.10.1. | ||
| CVE-2026-6786 | Hig | 0.49 | 7.5 | 0.01 | Apr 26, 2026 | Memory safety bugs present in Firefox ESR 140.9, Thunderbird ESR 140.9, Firefox 149 and Thunderbird 149. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This… | ||
| CVE-2026-6785 | Hig | 0.49 | 7.5 | 0.01 | Apr 26, 2026 | Memory safety bugs present in Firefox ESR 115.34, Firefox ESR 140.9, Thunderbird ESR 140.9, Firefox 149 and Thunderbird 149. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary… | ||
| CVE-2026-6784 | Hig | 0.49 | 7.5 | 0.00 | Apr 21, 2026 | Memory safety bugs present in Firefox 149 and Thunderbird 149. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 150 and… | ||
| CVE-2026-6782 | Hig | 0.49 | 7.5 | 0.00 | Apr 21, 2026 | Information disclosure in the IP Protection component. This vulnerability was fixed in Firefox 150 and Thunderbird 150. |
- risk 0.49cvss 7.5epss 0.00
Memory safety bug fixed in Thunderbird 152. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Thunderbird 152, and Thunderbird 140.12.
- risk 0.49cvss 7.5epss 0.00
Memory safety bug fixed in Thunderbird 152. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Thunderbird 152, and Thunderbird 140.12.
- risk 0.49cvss 7.5epss 0.00
Memory safety bug fixed in Thunderbird 152. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Thunderbird 152, and Thunderbird 140.12.
- risk 0.49cvss 7.5epss 0.00
Incorrect boundary conditions in the Graphics: Text component. This vulnerability was fixed in Firefox 151.0.3.
- risk 0.49cvss 7.5epss 0.00
Denial-of-service due to invalid pointer in the Audio/Video: Web Codecs component. This vulnerability was fixed in Firefox 151, Firefox ESR 140.11, Thunderbird 151, and Thunderbird 140.11.
- risk 0.49cvss 7.5epss 0.00
Information disclosure in the Graphics: WebGPU component. This vulnerability was fixed in Firefox 151 and Thunderbird 151.
- risk 0.49cvss 7.5epss 0.00
Information disclosure in the IP Protection component. This vulnerability was fixed in Firefox 151 and Thunderbird 151.
- risk 0.49cvss 7.5epss 0.00
Information disclosure in the DOM: Security component. This vulnerability was fixed in Firefox 151 and Thunderbird 151.
- risk 0.49cvss 7.5epss 0.00
Spoofing issue in the Popup Blocker component. This vulnerability was fixed in Firefox 151 and Thunderbird 151.
- risk 0.49cvss 7.5epss 0.00
Spoofing issue in the Web Speech component. This vulnerability was fixed in Firefox 151 and Thunderbird 151.
- risk 0.49cvss 7.5epss 0.00
Spoofing issue in WebExtensions. This vulnerability was fixed in Firefox 151 and Thunderbird 151.
- risk 0.49cvss 7.5epss 0.00
Incorrect boundary conditions, integer overflow in the Audio/Video component. This vulnerability was fixed in Firefox 151, Firefox ESR 140.11, Thunderbird 151, and Thunderbird 140.11.
- risk 0.49cvss 7.5epss 0.01
Integer overflow in the Widget: Win32 component. This vulnerability was fixed in Firefox 151, Firefox ESR 140.11, Thunderbird 151, and Thunderbird 140.11.
- risk 0.49cvss 7.5epss 0.01
Incorrect boundary conditions in the Audio/Video: Web Codecs component. This vulnerability was fixed in Firefox 151, Firefox ESR 115.36, Firefox ESR 140.11, Thunderbird 151, and Thunderbird 140.11.
- risk 0.49cvss 7.5epss 0.00
Sandbox escape in Firefox and Firefox Focus for Android. This vulnerability was fixed in Firefox 151.
- risk 0.49cvss 7.5epss 0.00
Information disclosure due to incorrect boundary conditions in the Audio/Video component. This vulnerability was fixed in Firefox 150.0.1, Firefox ESR 140.10.1, Firefox ESR 115.35.1, Thunderbird 150.0.1, and Thunderbird 140.10.1.
- risk 0.49cvss 7.5epss 0.01
Memory safety bugs present in Firefox ESR 140.9, Thunderbird ESR 140.9, Firefox 149 and Thunderbird 149. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This…
- risk 0.49cvss 7.5epss 0.01
Memory safety bugs present in Firefox ESR 115.34, Firefox ESR 140.9, Thunderbird ESR 140.9, Firefox 149 and Thunderbird 149. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary…
- risk 0.49cvss 7.5epss 0.00
Memory safety bugs present in Firefox 149 and Thunderbird 149. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 150 and…
- risk 0.49cvss 7.5epss 0.00
Information disclosure in the IP Protection component. This vulnerability was fixed in Firefox 150 and Thunderbird 150.
Page 47 of 159