Firefox
Source repositories
CVEs (3,179)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-1940 | Hig | 0.46 | 7.1 | 0.00 | Mar 4, 2025 | A select option could partially obscure the confirmation prompt shown before launching external apps. This could be used to trick a user in to launching an external app unexpectedly. *This issue only affects Android versions of Firefox.*. This vulnerability was fixed in Firefox… | ||
| CVE-2024-5700 | Hig | 0.46 | 7.0 | 0.00 | Jun 11, 2024 | Memory safety bugs present in Firefox 126, Firefox ESR 115.11, and Thunderbird 115.11. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox… | ||
| CVE-2022-42930 | Hig | 0.46 | 7.1 | 0.00 | Dec 22, 2022 | If two Workers were simultaneously initializing their CacheStorage, a data race could have occurred in the `ThirdPartyUtil` component. This vulnerability affects Firefox < 106. | ||
| CVE-2022-22753 | Hig | 0.46 | 7.1 | 0.01 | Dec 22, 2022 | A Time-of-Check Time-of-Use bug existed in the Maintenance (Updater) Service that could be abused to grant Users write access to an arbitrary directory. This could have been used to escalate to SYSTEM access.*This bug only affects Firefox on Windows. Other operating systems… | ||
| CVE-2022-22736 | Hig | 0.46 | 7.0 | 0.00 | Dec 22, 2022 | If Firefox was installed to a world-writable directory, a local privilege escalation could occur when Firefox searched the current directory for system libraries. However the install directory is not world-writable by default.*This bug only affects Firefox for Windows in a… | ||
| CVE-2021-29964 | Hig | 0.46 | 7.1 | 0.01 | Jun 24, 2021 | A locally-installed hostile program could send `WM_COPYDATA` messages that Firefox would process incorrectly, leading to an out-of-bounds read. *This bug only affects Firefox on Windows. Other operating systems are unaffected.*. This vulnerability affects Thunderbird < 78.11,… | ||
| CVE-2019-11736 | Hig | 0.46 | 7.0 | 0.00 | Sep 27, 2019 | The Mozilla Maintenance Service does not guard against files being hardlinked to another file in the updates directory, allowing for the replacement of local files, including the Maintenance Service executable, which is run with privileged access. Additionally, there was a race… | ||
| CVE-2017-7771 | Hig | 0.46 | 8.1 | 0.01 | Apr 15, 2019 | Out-of-bounds read in Graphite2 Library in Firefox before 54 in graphite2::Pass::readPass function. | ||
| CVE-2018-12397 | Hig | 0.46 | 7.1 | 0.00 | Feb 28, 2019 | A WebExtension can request access to local files without the warning prompt stating that the extension will "Access your data for all websites" being displayed to the user. This allows extensions to run content scripts in local pages without permission warnings when a local file… | ||
| CVE-2018-12385 | Hig | 0.46 | 7.0 | 0.00 | Oct 18, 2018 | A potentially exploitable crash in TransportSecurityInfo used for SSL can be triggered by data stored in the local cache in the user profile directory. This issue is only exploitable in combination with another vulnerability allowing an attacker to write data into the local… | ||
| CVE-2016-9077 | Hig | 0.46 | 7.0 | 0.01 | Jun 11, 2018 | Canvas allows the use of the "feDisplacementMap" filter on images loaded cross-origin. The rendering by the filter is variable depending on the input pixel, allowing for timing attacks when the images are loaded from third party locations. This vulnerability affects Firefox < 50. | ||
| CVE-2016-5867 | Hig | 0.46 | 7.0 | 0.01 | Aug 16, 2017 | In a sound driver in Android for MSM, Firefox OS for MSM, QRD Android, some variables are from userspace and values can be chosen that could result in stack overflow. | ||
| CVE-2020-26964 | Med | 0.44 | 6.8 | 0.01 | Dec 9, 2020 | If the Remote Debugging via USB feature was enabled in Firefox for Android on an Android version prior to Android 6.0, untrusted apps could have connected to the feature and operated with the privileges of the browser to read and interact with web content. The feature was… | ||
| CVE-2019-11730 | Med | 0.44 | 6.5 | 0.20 | Jul 23, 2019 | A vulnerability exists where if a user opens a locally saved HTML file, this file can use file: URIs to access other files in the same directory or sub-directories if the names are known or guessed. The Fetch API can then be used to read the contents of any files stored in these… | ||
| CVE-2025-0242 | Med | 0.43 | 6.5 | 0.13 | Jan 7, 2025 | Memory safety bugs present in Firefox 133, Thunderbird 133, Firefox ESR 115.18, Firefox ESR 128.5, Thunderbird 115.18, and Thunderbird 128.5. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to… | ||
| CVE-2018-12366 | Med | 0.43 | 6.5 | 0.03 | Oct 18, 2018 | An invalid grid size during QCMS (color profile) transformations can result in the out-of-bounds read interpreted as a float value. This could leak private data into the output. This vulnerability affects Thunderbird < 60, Thunderbird < 52.9, Firefox ESR < 60.1, Firefox ESR <… | ||
| CVE-2018-12365 | Med | 0.43 | 6.5 | 0.03 | Oct 18, 2018 | A compromised IPC child process can escape the content sandbox and list the names of arbitrary files on the file system without user consent or interaction. This could result in exposure of private local files. This vulnerability affects Thunderbird < 60, Thunderbird < 52.9,… | ||
| CVE-2017-16541 | Med | 0.43 | 6.5 | 0.04 | Nov 4, 2017 | Tor Browser before 7.0.9 on macOS and Linux allows remote attackers to bypass the intended anonymity feature and discover a client IP address via vectors involving a crafted web site that leverages file:// mishandling in Firefox, aka TorMoil. NOTE: Tails is unaffected. | ||
| CVE-2014-1523 | Med | 0.43 | 6.5 | 0.03 | Apr 30, 2014 | Heap-based buffer overflow in the read_u32 function in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted JPEG… | ||
| CVE-2026-12325 | Med | 0.42 | 6.5 | 0.00 | Jun 16, 2026 | Denial-of-service in the Graphics: ImageLib component. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Firefox ESR 115.37, Thunderbird 152, and Thunderbird 140.12. |
- risk 0.46cvss 7.1epss 0.00
A select option could partially obscure the confirmation prompt shown before launching external apps. This could be used to trick a user in to launching an external app unexpectedly. *This issue only affects Android versions of Firefox.*. This vulnerability was fixed in Firefox…
- risk 0.46cvss 7.0epss 0.00
Memory safety bugs present in Firefox 126, Firefox ESR 115.11, and Thunderbird 115.11. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox…
- risk 0.46cvss 7.1epss 0.00
If two Workers were simultaneously initializing their CacheStorage, a data race could have occurred in the `ThirdPartyUtil` component. This vulnerability affects Firefox < 106.
- risk 0.46cvss 7.1epss 0.01
A Time-of-Check Time-of-Use bug existed in the Maintenance (Updater) Service that could be abused to grant Users write access to an arbitrary directory. This could have been used to escalate to SYSTEM access.*This bug only affects Firefox on Windows. Other operating systems…
- risk 0.46cvss 7.0epss 0.00
If Firefox was installed to a world-writable directory, a local privilege escalation could occur when Firefox searched the current directory for system libraries. However the install directory is not world-writable by default.*This bug only affects Firefox for Windows in a…
- risk 0.46cvss 7.1epss 0.01
A locally-installed hostile program could send `WM_COPYDATA` messages that Firefox would process incorrectly, leading to an out-of-bounds read. *This bug only affects Firefox on Windows. Other operating systems are unaffected.*. This vulnerability affects Thunderbird < 78.11,…
- risk 0.46cvss 7.0epss 0.00
The Mozilla Maintenance Service does not guard against files being hardlinked to another file in the updates directory, allowing for the replacement of local files, including the Maintenance Service executable, which is run with privileged access. Additionally, there was a race…
- risk 0.46cvss 8.1epss 0.01
Out-of-bounds read in Graphite2 Library in Firefox before 54 in graphite2::Pass::readPass function.
- risk 0.46cvss 7.1epss 0.00
A WebExtension can request access to local files without the warning prompt stating that the extension will "Access your data for all websites" being displayed to the user. This allows extensions to run content scripts in local pages without permission warnings when a local file…
- risk 0.46cvss 7.0epss 0.00
A potentially exploitable crash in TransportSecurityInfo used for SSL can be triggered by data stored in the local cache in the user profile directory. This issue is only exploitable in combination with another vulnerability allowing an attacker to write data into the local…
- risk 0.46cvss 7.0epss 0.01
Canvas allows the use of the "feDisplacementMap" filter on images loaded cross-origin. The rendering by the filter is variable depending on the input pixel, allowing for timing attacks when the images are loaded from third party locations. This vulnerability affects Firefox < 50.
- risk 0.46cvss 7.0epss 0.01
In a sound driver in Android for MSM, Firefox OS for MSM, QRD Android, some variables are from userspace and values can be chosen that could result in stack overflow.
- risk 0.44cvss 6.8epss 0.01
If the Remote Debugging via USB feature was enabled in Firefox for Android on an Android version prior to Android 6.0, untrusted apps could have connected to the feature and operated with the privileges of the browser to read and interact with web content. The feature was…
- risk 0.44cvss 6.5epss 0.20
A vulnerability exists where if a user opens a locally saved HTML file, this file can use file: URIs to access other files in the same directory or sub-directories if the names are known or guessed. The Fetch API can then be used to read the contents of any files stored in these…
- risk 0.43cvss 6.5epss 0.13
Memory safety bugs present in Firefox 133, Thunderbird 133, Firefox ESR 115.18, Firefox ESR 128.5, Thunderbird 115.18, and Thunderbird 128.5. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to…
- risk 0.43cvss 6.5epss 0.03
An invalid grid size during QCMS (color profile) transformations can result in the out-of-bounds read interpreted as a float value. This could leak private data into the output. This vulnerability affects Thunderbird < 60, Thunderbird < 52.9, Firefox ESR < 60.1, Firefox ESR <…
- risk 0.43cvss 6.5epss 0.03
A compromised IPC child process can escape the content sandbox and list the names of arbitrary files on the file system without user consent or interaction. This could result in exposure of private local files. This vulnerability affects Thunderbird < 60, Thunderbird < 52.9,…
- risk 0.43cvss 6.5epss 0.04
Tor Browser before 7.0.9 on macOS and Linux allows remote attackers to bypass the intended anonymity feature and discover a client IP address via vectors involving a crafted web site that leverages file:// mishandling in Firefox, aka TorMoil. NOTE: Tails is unaffected.
- risk 0.43cvss 6.5epss 0.03
Heap-based buffer overflow in the read_u32 function in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted JPEG…
- risk 0.42cvss 6.5epss 0.00
Denial-of-service in the Graphics: ImageLib component. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Firefox ESR 115.37, Thunderbird 152, and Thunderbird 140.12.
Page 59 of 159