VYPR

Firefox

by Mozilla Corporation

Source repositories

CVEs (3,179)

  • CVE-2014-1479HigFeb 6, 2014
    risk 0.49cvss 7.5epss 0.05

    The System Only Wrapper (SOW) implementation in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, and SeaMonkey before 2.24 does not prevent certain cloning operations, which allows remote attackers to bypass intended restrictions on XUL content…

  • CVE-2009-1837HigJun 12, 2009
    risk 0.49cvss 7.5epss 0.04

    Race condition in the NPObjWrapper_NewResolve function in modules/plugin/base/src/nsJSNPRuntime.cpp in xul.dll in Mozilla Firefox 3 before 3.0.11 might allow remote attackers to execute arbitrary code via a page transition during Java applet loading, related to a use-after-free…

  • CVE-2025-3032HigApr 1, 2025
    risk 0.48cvss 7.4epss 0.00

    Leaking of file descriptors from the fork server to web content processes could allow for privilege escalation attacks. This vulnerability was fixed in Firefox 137 and Thunderbird 137.

  • CVE-2024-6603HigJul 9, 2024
    risk 0.48cvss 7.4epss 0.01

    In an out-of-memory scenario an allocation could fail but free would have been called on the pointer afterwards leading to memory corruption. This vulnerability affects Firefox < 128, Firefox ESR < 115.13, Thunderbird < 115.13, and Thunderbird < 128.

  • CVE-2023-5170HigSep 27, 2023
    risk 0.48cvss 7.4epss 0.01

    In canvas rendering, a compromised content process could have caused a surface to change unexpectedly, leading to a memory leak of a privileged process. This memory leak could be used to effect a sandbox escape if the correct data was leaked. This vulnerability affects Firefox <…

  • CVE-2021-23961HigFeb 26, 2021
    risk 0.48cvss 7.4epss 0.01

    Further techniques that built on the slipstream research combined with a malicious webpage could have exposed both an internal network's hosts as well as services running on the user's local machine. This vulnerability affects Firefox < 85.

  • CVE-2021-23957HigFeb 26, 2021
    risk 0.48cvss 7.4epss 0.01

    Navigations through the Android-specific `intent` URL scheme could have been misused to escape iframe sandbox. Note: This issue only affected Firefox for Android. Other operating systems are unaffected. This vulnerability affects Firefox < 85.

  • CVE-2019-17014HigJan 8, 2020
    risk 0.48cvss 7.4epss 0.01

    If an image had not loaded correctly (such as when it is not actually an image), it could be dragged and dropped cross-domain, resulting in a cross-origin information leak. This vulnerability affects Firefox < 71.

  • CVE-2019-9803HigApr 26, 2019
    risk 0.48cvss 7.4epss 0.01

    The Upgrade-Insecure-Requests (UIR) specification states that if UIR is enabled through Content Security Policy (CSP), navigation to a same-origin URL must be upgraded to HTTPS. Firefox will incorrectly navigate to an HTTP URL rather than perform the security upgrade requested…

  • CVE-2019-9798HigApr 26, 2019
    risk 0.48cvss 7.4epss 0.01

    On Android systems, Firefox can load a library from APITRACE_LIB, which is writable by all users and applications. This could allow malicious third party applications to execute a man-in-the-middle attack if a malicious code was written to that location and loaded. *Note: This…

  • CVE-2018-5144HigJun 11, 2018
    risk 0.48cvss 7.3epss 0.03

    An integer overflow can occur during conversion of text to some Unicode character sets due to an unchecked length parameter. This vulnerability affects Firefox ESR < 52.7 and Thunderbird < 52.7.

  • CVE-2017-7835HigJun 11, 2018
    risk 0.48cvss 7.3epss 0.02

    Mixed content blocking of insecure (HTTP) sub-resources in a secure (HTTPS) document was not correctly applied for resources that redirect from HTTPS to HTTP, allowing content that should be blocked, such as scripts, to be loaded on a page. This vulnerability affects Firefox <…

  • CVE-2017-5386HigJun 11, 2018
    risk 0.48cvss 7.3epss 0.02

    WebExtension scripts can use the "data:" protocol to affect pages loaded by other web extensions using this protocol, leading to potential data disclosure or privilege escalation in affected extensions. This vulnerability affects Firefox ESR < 45.7 and Firefox < 51.

  • CVE-2016-5284HigSep 22, 2016
    risk 0.48cvss 7.4epss 0.02

    Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4, and Thunderbird < 45.4 rely on unintended expiration dates for Preloaded Public Key Pinning, which allows man-in-the-middle attackers to spoof add-on updates by leveraging possession of an X.509 server certificate for…

  • CVE-2016-1978HigMar 13, 2016
    risk 0.48cvss 7.3epss 0.02

    Use-after-free vulnerability in the ssl3_HandleECDHServerKeyExchange function in Mozilla Network Security Services (NSS) before 3.21, as used in Mozilla Firefox before 44.0, allows remote attackers to cause a denial of service or possibly have unspecified other impact by making…

  • CVE-2016-1963HigMar 13, 2016
    risk 0.48cvss 7.4epss 0.00

    The FileReader class in Mozilla Firefox before 45.0 allows local users to gain privileges or cause a denial of service (memory corruption) by changing a file during a FileReader API read operation.

  • CVE-2016-1942HigJan 31, 2016
    risk 0.48cvss 7.4epss 0.02

    Mozilla Firefox before 44.0 allows user-assisted remote attackers to spoof a trailing substring in the address bar by leveraging a user's paste of a (1) wyciwyg: URI or (2) resource: URI.

  • CVE-2013-2566MedMar 15, 2013
    risk 0.48cvss 5.9epss 0.84

    The RC4 algorithm, as used in the TLS protocol and SSL protocol, has many single-byte biases, which makes it easier for remote attackers to conduct plaintext-recovery attacks via statistical analysis of ciphertext in a large number of sessions that use the same plaintext.

  • CVE-2026-12327HigJun 16, 2026
    risk 0.47cvss 7.3epss 0.00

    Memory safety bugs present in Firefox ESR 140.11, Thunderbird ESR 140.11, Firefox 151 and Thunderbird 151. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This…

  • CVE-2026-12326HigJun 16, 2026
    risk 0.47cvss 7.3epss 0.00

    Memory safety bugs present in Firefox 151 and Thunderbird 151. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 152 and…

Page 57 of 159