VYPR

Firefox

by Mozilla Corporation

Source repositories

CVEs (3,179)

  • CVE-2025-11153HigSep 30, 2025
    risk 0.49cvss 7.5epss 0.00

    JIT miscompilation in the JavaScript Engine: JIT component. This vulnerability was fixed in Firefox 143.0.3.

  • CVE-2025-10535HigSep 16, 2025
    risk 0.49cvss 7.5epss 0.00

    Information disclosure, mitigation bypass in the Privacy component in Firefox for Android. This vulnerability was fixed in Firefox 143.

  • CVE-2025-9182HigAug 19, 2025
    risk 0.49cvss 7.5epss 0.00

    Denial-of-service due to out-of-memory in the Graphics: WebRender component. This vulnerability was fixed in Firefox 142, Firefox ESR 140.2, Thunderbird 142, and Thunderbird 140.2.

  • CVE-2025-55029HigAug 19, 2025
    risk 0.49cvss 7.5epss 0.00

    Malicious scripts could bypass the popup blocker to spam new tabs, potentially resulting in denial of service attacks. This vulnerability was fixed in Firefox for iOS 142.

  • CVE-2025-5270HigMay 27, 2025
    risk 0.49cvss 7.5epss 0.00

    In certain cases, SNI could have been sent unencrypted even when encrypted DNS was enabled. This vulnerability was fixed in Firefox 139 and Thunderbird 139.

  • CVE-2025-1937HigMar 4, 2025
    risk 0.49cvss 7.5epss 0.01

    Memory safety bugs present in Firefox 135, Thunderbird 135, Firefox ESR 115.20, Firefox ESR 128.7, and Thunderbird 128.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.…

  • CVE-2025-1933HigMar 4, 2025
    risk 0.49cvss 7.6epss 0.00

    On 64-bit CPUs, when the JIT compiles WASM i32 return values they can pick up bits from left over memory. This can potentially cause them to be treated as a different type. This vulnerability was fixed in Firefox 136, Firefox ESR 115.21, Firefox ESR 128.8, Thunderbird 136, and…

  • CVE-2025-1931HigMar 4, 2025
    risk 0.49cvss 7.5epss 0.01

    It was possible to cause a use-after-free in the content process side of a WebTransport connection, leading to a potentially exploitable crash. This vulnerability was fixed in Firefox 136, Firefox ESR 115.21, Firefox ESR 128.8, Thunderbird 136, and Thunderbird 128.8.

  • CVE-2025-1012HigFeb 4, 2025
    risk 0.49cvss 7.5epss 0.00

    A race during concurrent delazification could have led to a use-after-free. This vulnerability was fixed in Firefox 135, Firefox ESR 115.20, Firefox ESR 128.7, Thunderbird 128.7, and Thunderbird 135.

  • CVE-2024-11702HigNov 26, 2024
    risk 0.49cvss 7.5epss 0.01

    Copying sensitive information from Private Browsing tabs on Android, such as passwords, may have inadvertently stored data in the cloud-based clipboard history if enabled. This vulnerability affects Firefox < 133 and Thunderbird < 133.

  • CVE-2024-10466HigOct 29, 2024
    risk 0.49cvss 7.5epss 0.01

    By sending a specially crafted push message, a remote server could have hung the parent process, causing the browser to become unresponsive. This vulnerability affects Firefox < 132, Firefox ESR < 128.4, Thunderbird < 128.4, and Thunderbird < 132.

  • CVE-2024-10459HigOct 29, 2024
    risk 0.49cvss 7.5epss 0.01

    An attacker could have caused a use-after-free when accessibility was enabled, leading to a potentially exploitable crash. This vulnerability affects Firefox < 132, Firefox ESR < 128.4, Firefox ESR < 115.17, Thunderbird < 128.4, and Thunderbird < 132.

  • CVE-2024-10458HigOct 29, 2024
    risk 0.49cvss 7.5epss 0.01

    A permission leak could have occurred from a trusted site to an untrusted site via `embed` or `object` elements. This vulnerability affects Firefox < 132, Firefox ESR < 128.4, Firefox ESR < 115.17, Thunderbird < 128.4, and Thunderbird < 132.

  • CVE-2024-9399HigOct 1, 2024
    risk 0.49cvss 7.5epss 0.00

    A website configured to initiate a specially crafted WebTransport session could crash the Firefox process leading to a denial of service condition. This vulnerability affects Firefox < 131, Firefox ESR < 128.3, Thunderbird < 128.3, and Thunderbird < 131.

  • CVE-2024-9394HigOct 1, 2024
    risk 0.49cvss 7.5epss 0.00

    An attacker could, via a specially crafted multipart response, execute arbitrary JavaScript under the `resource://devtools` origin. This could allow them to access cross-origin JSON content. This access is limited to "same site" documents by the Site Isolation feature on…

  • CVE-2024-9393HigOct 1, 2024
    risk 0.49cvss 7.5epss 0.00

    An attacker could, via a specially crafted multipart response, execute arbitrary JavaScript under the `resource://pdf.js` origin. This could allow them to access cross-origin PDF content. This access is limited to "same site" documents by the Site Isolation feature on desktop…

  • CVE-2024-8900HigSep 17, 2024
    risk 0.49cvss 7.5epss 0.00

    An attacker could write data to the user's clipboard, bypassing the user prompt, during a certain sequence of navigational events. This vulnerability affects Firefox < 129, Firefox ESR < 128.3, and Thunderbird < 128.3.

  • CVE-2024-7652HigSep 6, 2024
    risk 0.49cvss 7.5epss 0.01

    An error in the ECMA-262 specification relating to Async Generators could have resulted in a type confusion, potentially leading to memory corruption and an exploitable crash. This vulnerability affects Firefox < 128, Firefox ESR < 115.13, Thunderbird < 115.13, and Thunderbird <…

  • CVE-2024-8383HigSep 3, 2024
    risk 0.49cvss 7.5epss 0.01

    Firefox normally asks for confirmation before asking the operating system to find an application to handle a scheme that the browser does not support. It did not ask before doing so for the Usenet-related schemes news: and snews:. Since most operating systems don't have a…

  • CVE-2024-6604HigJul 9, 2024
    risk 0.49cvss 7.5epss 0.01

    Memory safety bugs present in Firefox 127, Firefox ESR 115.12, and Thunderbird 115.12. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox…

Page 50 of 159