VYPR

Firefox

by Mozilla Corporation

Source repositories

CVEs (3,179)

  • CVE-2024-5702HigJun 11, 2024
    risk 0.49cvss 7.5epss 0.01

    Memory corruption in the networking stack could have led to a potentially exploitable crash. This vulnerability affects Firefox < 125, Firefox ESR < 115.12, and Thunderbird < 115.12.

  • CVE-2024-5694HigJun 11, 2024
    risk 0.49cvss 7.5epss 0.00

    An attacker could have caused a use-after-free in the JavaScript engine to read memory in the JavaScript string section of the heap. This vulnerability affects Firefox < 127.

  • CVE-2024-4773HigMay 14, 2024
    risk 0.49cvss 7.5epss 0.01

    When a network error occurred during page load, the prior content could have remained in view with a blank URL bar. This could have been used to obfuscate a spoofed web site. This vulnerability affects Firefox < 126.

  • CVE-2024-3858HigApr 16, 2024
    risk 0.49cvss 7.5epss 0.01

    It was possible to mutate a JavaScript object so that the JIT could crash while tracing it. This vulnerability affects Firefox < 125.

  • CVE-2024-3853HigApr 16, 2024
    risk 0.49cvss 7.5epss 0.00

    A use-after-free could result if a JavaScript realm was in the process of being initialized when a garbage collection started. This vulnerability affects Firefox < 125.

  • CVE-2024-3852HigApr 16, 2024
    risk 0.49cvss 7.5epss 0.01

    GetBoundName could return the wrong version of an object when JIT optimizations were applied. This vulnerability affects Firefox < 125, Firefox ESR < 115.10, and Thunderbird < 115.10.

  • CVE-2024-2613HigMar 19, 2024
    risk 0.49cvss 7.5epss 0.01

    Data was not properly sanitized when decoding a QUIC ACK frame; this could have led to unrestricted memory consumption and a crash. This vulnerability affects Firefox < 124.

  • CVE-2024-1552HigFeb 20, 2024
    risk 0.49cvss 7.5epss 0.01

    Incorrect code generation could have led to unexpected numeric conversions and potential undefined behavior.*Note:* This issue only affects 32-bit ARM devices. This vulnerability affects Firefox < 123, Firefox ESR < 115.8, and Thunderbird < 115.8.

  • CVE-2024-1546HigFeb 20, 2024
    risk 0.49cvss 7.5epss 0.01

    When storing and re-accessing data on a networking channel, the length of buffers may have been confused, resulting in an out-of-bounds memory read. This vulnerability affects Firefox < 123, Firefox ESR < 115.8, and Thunderbird < 115.8.

  • CVE-2024-0744HigJan 23, 2024
    risk 0.49cvss 7.5epss 0.01

    In some circumstances, JIT compiled code could have dereferenced a wild pointer value. This could have led to an exploitable crash. This vulnerability affects Firefox < 122.

  • CVE-2024-0743HigJan 23, 2024
    risk 0.49cvss 7.5epss 0.01

    An unchecked return value in TLS handshake code could have caused a potentially exploitable crash. This vulnerability affects Firefox < 122, Firefox ESR < 115.9, and Thunderbird < 115.9.

  • CVE-2023-5728HigOct 25, 2023
    risk 0.49cvss 7.5epss 0.01

    During garbage collection extra operations were performed on a object that should not be. This could have led to a potentially exploitable crash. This vulnerability affects Firefox < 119, Firefox ESR < 115.4, and Thunderbird < 115.4.1.

  • CVE-2023-5724HigOct 25, 2023
    risk 0.49cvss 7.5epss 0.02

    Drivers are not always robust to extremely large draw calls and in some cases this scenario could have led to a crash. This vulnerability affects Firefox < 119, Firefox ESR < 115.4, and Thunderbird < 115.4.1.

  • CVE-2023-5173HigSep 27, 2023
    risk 0.49cvss 7.5epss 0.01

    In a non-standard configuration of Firefox, an integer overflow could have occurred based on network traffic (possibly under influence of a local unprivileged webpage), leading to an out-of-bounds write to privileged process memory. *This bug only affects Firefox if a…

  • CVE-2023-4583HigSep 11, 2023
    risk 0.49cvss 7.5epss 0.01

    When checking if the Browsing Context had been discarded in `HttpBaseChannel`, if the load group was not available then it was assumed to have already been discarded which was not always the case for private channels after the private session had ended. This vulnerability…

  • CVE-2023-4055HigAug 1, 2023
    risk 0.49cvss 7.5epss 0.01

    When the number of cookies per domain was exceeded in `document.cookie`, the actual cookie jar sent to the host was no longer consistent with expected cookie jar state. This could have caused requests to be sent with some cookies missing. This vulnerability affects Firefox <…

  • CVE-2023-4051HigAug 1, 2023
    risk 0.49cvss 7.5epss 0.01

    A website could have obscured the full screen notification by using the file open dialog. This could have led to user confusion and possible spoofing attacks. This vulnerability affects Firefox < 116, Firefox ESR < 115.2, and Thunderbird < 115.2.

  • CVE-2023-4048HigAug 1, 2023
    risk 0.49cvss 7.5epss 0.01

    An out-of-bounds read could have led to an exploitable crash when parsing HTML with DOMParser in low memory situations. This vulnerability affects Firefox < 116, Firefox ESR < 102.14, and Firefox ESR < 115.1.

  • CVE-2023-25733HigJun 19, 2023
    risk 0.49cvss 7.5epss 0.01

    The return value from `gfx::SourceSurfaceSkia::Map()` wasn't being verified which could have potentially lead to a null pointer dereference. This vulnerability affects Firefox < 110.

  • CVE-2023-32214HigJun 19, 2023
    risk 0.49cvss 7.5epss 0.01

    Protocol handlers `ms-cxh` and `ms-cxh-full` could have been leveraged to trigger a denial of service. *Note: This attack only affects Windows. Other operating systems are not affected.* This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11.

Page 51 of 159