Firefox
Source repositories
CVEs (3,179)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-5702 | Hig | 0.49 | 7.5 | 0.01 | Jun 11, 2024 | Memory corruption in the networking stack could have led to a potentially exploitable crash. This vulnerability affects Firefox < 125, Firefox ESR < 115.12, and Thunderbird < 115.12. | ||
| CVE-2024-5694 | Hig | 0.49 | 7.5 | 0.00 | Jun 11, 2024 | An attacker could have caused a use-after-free in the JavaScript engine to read memory in the JavaScript string section of the heap. This vulnerability affects Firefox < 127. | ||
| CVE-2024-4773 | Hig | 0.49 | 7.5 | 0.01 | May 14, 2024 | When a network error occurred during page load, the prior content could have remained in view with a blank URL bar. This could have been used to obfuscate a spoofed web site. This vulnerability affects Firefox < 126. | ||
| CVE-2024-3858 | Hig | 0.49 | 7.5 | 0.01 | Apr 16, 2024 | It was possible to mutate a JavaScript object so that the JIT could crash while tracing it. This vulnerability affects Firefox < 125. | ||
| CVE-2024-3853 | Hig | 0.49 | 7.5 | 0.00 | Apr 16, 2024 | A use-after-free could result if a JavaScript realm was in the process of being initialized when a garbage collection started. This vulnerability affects Firefox < 125. | ||
| CVE-2024-3852 | Hig | 0.49 | 7.5 | 0.01 | Apr 16, 2024 | GetBoundName could return the wrong version of an object when JIT optimizations were applied. This vulnerability affects Firefox < 125, Firefox ESR < 115.10, and Thunderbird < 115.10. | ||
| CVE-2024-2613 | Hig | 0.49 | 7.5 | 0.01 | Mar 19, 2024 | Data was not properly sanitized when decoding a QUIC ACK frame; this could have led to unrestricted memory consumption and a crash. This vulnerability affects Firefox < 124. | ||
| CVE-2024-1552 | Hig | 0.49 | 7.5 | 0.01 | Feb 20, 2024 | Incorrect code generation could have led to unexpected numeric conversions and potential undefined behavior.*Note:* This issue only affects 32-bit ARM devices. This vulnerability affects Firefox < 123, Firefox ESR < 115.8, and Thunderbird < 115.8. | ||
| CVE-2024-1546 | Hig | 0.49 | 7.5 | 0.01 | Feb 20, 2024 | When storing and re-accessing data on a networking channel, the length of buffers may have been confused, resulting in an out-of-bounds memory read. This vulnerability affects Firefox < 123, Firefox ESR < 115.8, and Thunderbird < 115.8. | ||
| CVE-2024-0744 | Hig | 0.49 | 7.5 | 0.01 | Jan 23, 2024 | In some circumstances, JIT compiled code could have dereferenced a wild pointer value. This could have led to an exploitable crash. This vulnerability affects Firefox < 122. | ||
| CVE-2024-0743 | Hig | 0.49 | 7.5 | 0.01 | Jan 23, 2024 | An unchecked return value in TLS handshake code could have caused a potentially exploitable crash. This vulnerability affects Firefox < 122, Firefox ESR < 115.9, and Thunderbird < 115.9. | ||
| CVE-2023-5728 | Hig | 0.49 | 7.5 | 0.01 | Oct 25, 2023 | During garbage collection extra operations were performed on a object that should not be. This could have led to a potentially exploitable crash. This vulnerability affects Firefox < 119, Firefox ESR < 115.4, and Thunderbird < 115.4.1. | ||
| CVE-2023-5724 | Hig | 0.49 | 7.5 | 0.02 | Oct 25, 2023 | Drivers are not always robust to extremely large draw calls and in some cases this scenario could have led to a crash. This vulnerability affects Firefox < 119, Firefox ESR < 115.4, and Thunderbird < 115.4.1. | ||
| CVE-2023-5173 | Hig | 0.49 | 7.5 | 0.01 | Sep 27, 2023 | In a non-standard configuration of Firefox, an integer overflow could have occurred based on network traffic (possibly under influence of a local unprivileged webpage), leading to an out-of-bounds write to privileged process memory. *This bug only affects Firefox if a… | ||
| CVE-2023-4583 | Hig | 0.49 | 7.5 | 0.01 | Sep 11, 2023 | When checking if the Browsing Context had been discarded in `HttpBaseChannel`, if the load group was not available then it was assumed to have already been discarded which was not always the case for private channels after the private session had ended. This vulnerability… | ||
| CVE-2023-4055 | Hig | 0.49 | 7.5 | 0.01 | Aug 1, 2023 | When the number of cookies per domain was exceeded in `document.cookie`, the actual cookie jar sent to the host was no longer consistent with expected cookie jar state. This could have caused requests to be sent with some cookies missing. This vulnerability affects Firefox <… | ||
| CVE-2023-4051 | Hig | 0.49 | 7.5 | 0.01 | Aug 1, 2023 | A website could have obscured the full screen notification by using the file open dialog. This could have led to user confusion and possible spoofing attacks. This vulnerability affects Firefox < 116, Firefox ESR < 115.2, and Thunderbird < 115.2. | ||
| CVE-2023-4048 | Hig | 0.49 | 7.5 | 0.01 | Aug 1, 2023 | An out-of-bounds read could have led to an exploitable crash when parsing HTML with DOMParser in low memory situations. This vulnerability affects Firefox < 116, Firefox ESR < 102.14, and Firefox ESR < 115.1. | ||
| CVE-2023-25733 | Hig | 0.49 | 7.5 | 0.01 | Jun 19, 2023 | The return value from `gfx::SourceSurfaceSkia::Map()` wasn't being verified which could have potentially lead to a null pointer dereference. This vulnerability affects Firefox < 110. | ||
| CVE-2023-32214 | Hig | 0.49 | 7.5 | 0.01 | Jun 19, 2023 | Protocol handlers `ms-cxh` and `ms-cxh-full` could have been leveraged to trigger a denial of service. *Note: This attack only affects Windows. Other operating systems are not affected.* This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11. |
- risk 0.49cvss 7.5epss 0.01
Memory corruption in the networking stack could have led to a potentially exploitable crash. This vulnerability affects Firefox < 125, Firefox ESR < 115.12, and Thunderbird < 115.12.
- risk 0.49cvss 7.5epss 0.00
An attacker could have caused a use-after-free in the JavaScript engine to read memory in the JavaScript string section of the heap. This vulnerability affects Firefox < 127.
- risk 0.49cvss 7.5epss 0.01
When a network error occurred during page load, the prior content could have remained in view with a blank URL bar. This could have been used to obfuscate a spoofed web site. This vulnerability affects Firefox < 126.
- risk 0.49cvss 7.5epss 0.01
It was possible to mutate a JavaScript object so that the JIT could crash while tracing it. This vulnerability affects Firefox < 125.
- risk 0.49cvss 7.5epss 0.00
A use-after-free could result if a JavaScript realm was in the process of being initialized when a garbage collection started. This vulnerability affects Firefox < 125.
- risk 0.49cvss 7.5epss 0.01
GetBoundName could return the wrong version of an object when JIT optimizations were applied. This vulnerability affects Firefox < 125, Firefox ESR < 115.10, and Thunderbird < 115.10.
- risk 0.49cvss 7.5epss 0.01
Data was not properly sanitized when decoding a QUIC ACK frame; this could have led to unrestricted memory consumption and a crash. This vulnerability affects Firefox < 124.
- risk 0.49cvss 7.5epss 0.01
Incorrect code generation could have led to unexpected numeric conversions and potential undefined behavior.*Note:* This issue only affects 32-bit ARM devices. This vulnerability affects Firefox < 123, Firefox ESR < 115.8, and Thunderbird < 115.8.
- risk 0.49cvss 7.5epss 0.01
When storing and re-accessing data on a networking channel, the length of buffers may have been confused, resulting in an out-of-bounds memory read. This vulnerability affects Firefox < 123, Firefox ESR < 115.8, and Thunderbird < 115.8.
- risk 0.49cvss 7.5epss 0.01
In some circumstances, JIT compiled code could have dereferenced a wild pointer value. This could have led to an exploitable crash. This vulnerability affects Firefox < 122.
- risk 0.49cvss 7.5epss 0.01
An unchecked return value in TLS handshake code could have caused a potentially exploitable crash. This vulnerability affects Firefox < 122, Firefox ESR < 115.9, and Thunderbird < 115.9.
- risk 0.49cvss 7.5epss 0.01
During garbage collection extra operations were performed on a object that should not be. This could have led to a potentially exploitable crash. This vulnerability affects Firefox < 119, Firefox ESR < 115.4, and Thunderbird < 115.4.1.
- risk 0.49cvss 7.5epss 0.02
Drivers are not always robust to extremely large draw calls and in some cases this scenario could have led to a crash. This vulnerability affects Firefox < 119, Firefox ESR < 115.4, and Thunderbird < 115.4.1.
- risk 0.49cvss 7.5epss 0.01
In a non-standard configuration of Firefox, an integer overflow could have occurred based on network traffic (possibly under influence of a local unprivileged webpage), leading to an out-of-bounds write to privileged process memory. *This bug only affects Firefox if a…
- risk 0.49cvss 7.5epss 0.01
When checking if the Browsing Context had been discarded in `HttpBaseChannel`, if the load group was not available then it was assumed to have already been discarded which was not always the case for private channels after the private session had ended. This vulnerability…
- risk 0.49cvss 7.5epss 0.01
When the number of cookies per domain was exceeded in `document.cookie`, the actual cookie jar sent to the host was no longer consistent with expected cookie jar state. This could have caused requests to be sent with some cookies missing. This vulnerability affects Firefox <…
- risk 0.49cvss 7.5epss 0.01
A website could have obscured the full screen notification by using the file open dialog. This could have led to user confusion and possible spoofing attacks. This vulnerability affects Firefox < 116, Firefox ESR < 115.2, and Thunderbird < 115.2.
- risk 0.49cvss 7.5epss 0.01
An out-of-bounds read could have led to an exploitable crash when parsing HTML with DOMParser in low memory situations. This vulnerability affects Firefox < 116, Firefox ESR < 102.14, and Firefox ESR < 115.1.
- risk 0.49cvss 7.5epss 0.01
The return value from `gfx::SourceSurfaceSkia::Map()` wasn't being verified which could have potentially lead to a null pointer dereference. This vulnerability affects Firefox < 110.
- risk 0.49cvss 7.5epss 0.01
Protocol handlers `ms-cxh` and `ms-cxh-full` could have been leveraged to trigger a denial of service. *Note: This attack only affects Windows. Other operating systems are not affected.* This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11.
Page 51 of 159