Firefox
Source repositories
CVEs (3,179)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2023-32209 | Hig | 0.49 | 7.5 | 0.01 | Jun 19, 2023 | A maliciously crafted favicon could have led to an out of memory crash. This vulnerability affects Firefox < 113. | ||
| CVE-2023-29537 | Hig | 0.49 | 7.5 | 0.01 | Jun 2, 2023 | Multiple race conditions in the font initialization could have led to memory corruption and execution of attacker-controlled code. This vulnerability affects Firefox for Android < 112, Firefox < 112, and Focus for Android < 112. | ||
| CVE-2023-25743 | Hig | 0.49 | 7.5 | 0.01 | Jun 2, 2023 | A lack of in app notification for entering fullscreen mode could have lead to a malicious website spoofing browser chrome.*This bug only affects Firefox Focus. Other versions of Firefox are unaffected.*. This vulnerability affects Firefox < 110 and Firefox ESR < 102.8. | ||
| CVE-2022-45407 | Hig | 0.49 | 7.5 | 0.01 | Dec 22, 2022 | If an attacker loaded a font using FontFace() on a background worker, a use-after-free could have occurred, leading to a potentially exploitable crash. This vulnerability affects Firefox < 107. | ||
| CVE-2022-38476 | Hig | 0.49 | 7.5 | 0.01 | Dec 22, 2022 | A data race could occur in the PK11_ChangePW function, potentially leading to a use-after-free vulnerability. In Firefox, this lock protected the data when a user changed their master password. This vulnerability affects Firefox ESR < 102.2 and Thunderbird < 102.2. | ||
| CVE-2022-36319 | Hig | 0.49 | 7.5 | 0.01 | Dec 22, 2022 | When combining CSS properties for overflow and transform, the mouse cursor could interact with different coordinates than displayed. This vulnerability affects Firefox ESR < 102.1, Firefox ESR < 91.12, Firefox < 103, Thunderbird < 102.1, and Thunderbird < 91.12. | ||
| CVE-2022-34477 | Hig | 0.49 | 7.5 | 0.01 | Dec 22, 2022 | The MediaError message property should be consistent to avoid leaking information about cross-origin resources; however for a same-site cross-origin resource, the message could have leaked information enabling XS-Leaks attacks. This vulnerability affects Firefox < 102. | ||
| CVE-2022-26387 | Hig | 0.49 | 7.5 | 0.01 | Dec 22, 2022 | When installing an add-on, Firefox verified the signature before prompting the user; but while the user was confirming the prompt, the underlying add-on file could have been modified and Firefox would not have noticed. This vulnerability affects Firefox < 98, Firefox ESR < 91.7,… | ||
| CVE-2022-22741 | Hig | 0.49 | 7.5 | 0.01 | Dec 22, 2022 | When resizing a popup while requesting fullscreen access, the popup would have become unable to leave fullscreen mode. This vulnerability affects Firefox ESR < 91.5, Firefox < 96, and Thunderbird < 91.5. | ||
| CVE-2022-22737 | Hig | 0.49 | 7.5 | 0.01 | Dec 22, 2022 | Constructing audio sinks could have lead to a race condition when playing audio files and closing windows. This could have lead to a use-after-free causing a potentially exploitable crash. This vulnerability affects Firefox ESR < 91.5, Firefox < 96, and Thunderbird < 91.5. | ||
| CVE-2021-35053 | Hig | 0.49 | 7.5 | 0.03 | Nov 3, 2021 | Possible system denial of service in case of arbitrary changing Firefox browser parameters. An attacker could change specific Firefox browser parameters file in a certain way and then reboot the system to make the system unbootable. | ||
| CVE-2021-38498 | Hig | 0.49 | 7.5 | 0.01 | Nov 3, 2021 | During process shutdown, a document could have caused a use-after-free of a languages service object, leading to memory corruption and a potentially exploitable crash. This vulnerability affects Firefox < 93, Thunderbird < 91.2, and Firefox ESR < 91.2. | ||
| CVE-2021-29952 | Hig | 0.49 | 7.5 | 0.01 | Jun 24, 2021 | When Web Render components were destructed, a race condition could have caused undefined behavior, and we presume that with enough effort may have been exploitable to run arbitrary code. This vulnerability affects Firefox < 88.0.1 and Firefox for Android < 88.1.3. | ||
| CVE-2020-15681 | Hig | 0.49 | 7.5 | 0.01 | Oct 22, 2020 | When multiple WASM threads had a reference to a module, and were looking up exported functions, one WASM thread could have overwritten another's entry in a shared stub table, resulting in a potentially exploitable crash. This vulnerability affects Firefox < 82. | ||
| CVE-2020-12391 | Hig | 0.49 | 7.5 | 0.01 | May 26, 2020 | Documents formed using data: URLs in an OBJECT element failed to inherit the CSP of the creating context. This allowed the execution of scripts that should have been blocked, albeit with a unique opaque origin. This vulnerability affects Firefox < 76. | ||
| CVE-2020-6828 | Hig | 0.49 | 7.5 | 0.01 | Apr 24, 2020 | A malicious Android application could craft an Intent that would have been processed by Firefox for Android and potentially result in a file overwrite in the user's profile directory. One exploitation vector for this would be to supply a user.js file providing arbitrary… | ||
| CVE-2020-6821 | Hig | 0.49 | 7.5 | 0.01 | Apr 24, 2020 | When reading from areas partially or fully outside the source resource with WebGL's copyTexSubImage method, the specification requires the returned values be zero. Previously, this memory was uninitialized, leading to potentially sensitive data disclosure. This… | ||
| CVE-2020-6809 | Hig | 0.49 | 7.5 | 0.01 | Mar 25, 2020 | When a Web Extension had the all-urls permission and made a fetch request with a mode set to 'same-origin', it was possible for the Web Extension to read local files. This vulnerability affects Firefox < 74. | ||
| CVE-2019-17011 | Hig | 0.49 | 7.5 | 0.02 | Jan 8, 2020 | Under certain conditions, when retrieving a document from a DocShell in the antitracking code, a race condition could cause a use-after-free condition and a potentially exploitable crash. This vulnerability affects Thunderbird < 68.3, Firefox ESR < 68.3, and Firefox < 71. | ||
| CVE-2019-17010 | Hig | 0.49 | 7.5 | 0.02 | Jan 8, 2020 | Under certain conditions, when checking the Resist Fingerprinting preference during device orientation checks, a race condition could have caused a use-after-free and a potentially exploitable crash. This vulnerability affects Thunderbird < 68.3, Firefox ESR < 68.3, and Firefox… |
- risk 0.49cvss 7.5epss 0.01
A maliciously crafted favicon could have led to an out of memory crash. This vulnerability affects Firefox < 113.
- risk 0.49cvss 7.5epss 0.01
Multiple race conditions in the font initialization could have led to memory corruption and execution of attacker-controlled code. This vulnerability affects Firefox for Android < 112, Firefox < 112, and Focus for Android < 112.
- risk 0.49cvss 7.5epss 0.01
A lack of in app notification for entering fullscreen mode could have lead to a malicious website spoofing browser chrome.*This bug only affects Firefox Focus. Other versions of Firefox are unaffected.*. This vulnerability affects Firefox < 110 and Firefox ESR < 102.8.
- risk 0.49cvss 7.5epss 0.01
If an attacker loaded a font using FontFace() on a background worker, a use-after-free could have occurred, leading to a potentially exploitable crash. This vulnerability affects Firefox < 107.
- risk 0.49cvss 7.5epss 0.01
A data race could occur in the PK11_ChangePW function, potentially leading to a use-after-free vulnerability. In Firefox, this lock protected the data when a user changed their master password. This vulnerability affects Firefox ESR < 102.2 and Thunderbird < 102.2.
- risk 0.49cvss 7.5epss 0.01
When combining CSS properties for overflow and transform, the mouse cursor could interact with different coordinates than displayed. This vulnerability affects Firefox ESR < 102.1, Firefox ESR < 91.12, Firefox < 103, Thunderbird < 102.1, and Thunderbird < 91.12.
- risk 0.49cvss 7.5epss 0.01
The MediaError message property should be consistent to avoid leaking information about cross-origin resources; however for a same-site cross-origin resource, the message could have leaked information enabling XS-Leaks attacks. This vulnerability affects Firefox < 102.
- risk 0.49cvss 7.5epss 0.01
When installing an add-on, Firefox verified the signature before prompting the user; but while the user was confirming the prompt, the underlying add-on file could have been modified and Firefox would not have noticed. This vulnerability affects Firefox < 98, Firefox ESR < 91.7,…
- risk 0.49cvss 7.5epss 0.01
When resizing a popup while requesting fullscreen access, the popup would have become unable to leave fullscreen mode. This vulnerability affects Firefox ESR < 91.5, Firefox < 96, and Thunderbird < 91.5.
- risk 0.49cvss 7.5epss 0.01
Constructing audio sinks could have lead to a race condition when playing audio files and closing windows. This could have lead to a use-after-free causing a potentially exploitable crash. This vulnerability affects Firefox ESR < 91.5, Firefox < 96, and Thunderbird < 91.5.
- risk 0.49cvss 7.5epss 0.03
Possible system denial of service in case of arbitrary changing Firefox browser parameters. An attacker could change specific Firefox browser parameters file in a certain way and then reboot the system to make the system unbootable.
- risk 0.49cvss 7.5epss 0.01
During process shutdown, a document could have caused a use-after-free of a languages service object, leading to memory corruption and a potentially exploitable crash. This vulnerability affects Firefox < 93, Thunderbird < 91.2, and Firefox ESR < 91.2.
- risk 0.49cvss 7.5epss 0.01
When Web Render components were destructed, a race condition could have caused undefined behavior, and we presume that with enough effort may have been exploitable to run arbitrary code. This vulnerability affects Firefox < 88.0.1 and Firefox for Android < 88.1.3.
- risk 0.49cvss 7.5epss 0.01
When multiple WASM threads had a reference to a module, and were looking up exported functions, one WASM thread could have overwritten another's entry in a shared stub table, resulting in a potentially exploitable crash. This vulnerability affects Firefox < 82.
- risk 0.49cvss 7.5epss 0.01
Documents formed using data: URLs in an OBJECT element failed to inherit the CSP of the creating context. This allowed the execution of scripts that should have been blocked, albeit with a unique opaque origin. This vulnerability affects Firefox < 76.
- risk 0.49cvss 7.5epss 0.01
A malicious Android application could craft an Intent that would have been processed by Firefox for Android and potentially result in a file overwrite in the user's profile directory. One exploitation vector for this would be to supply a user.js file providing arbitrary…
- risk 0.49cvss 7.5epss 0.01
When reading from areas partially or fully outside the source resource with WebGL's copyTexSubImage method, the specification requires the returned values be zero. Previously, this memory was uninitialized, leading to potentially sensitive data disclosure. This…
- risk 0.49cvss 7.5epss 0.01
When a Web Extension had the all-urls permission and made a fetch request with a mode set to 'same-origin', it was possible for the Web Extension to read local files. This vulnerability affects Firefox < 74.
- risk 0.49cvss 7.5epss 0.02
Under certain conditions, when retrieving a document from a DocShell in the antitracking code, a race condition could cause a use-after-free condition and a potentially exploitable crash. This vulnerability affects Thunderbird < 68.3, Firefox ESR < 68.3, and Firefox < 71.
- risk 0.49cvss 7.5epss 0.02
Under certain conditions, when checking the Resist Fingerprinting preference during device orientation checks, a race condition could have caused a use-after-free and a potentially exploitable crash. This vulnerability affects Thunderbird < 68.3, Firefox ESR < 68.3, and Firefox…
Page 52 of 159