VYPR

Firefox

by Mozilla Corporation

Source repositories

CVEs (3,179)

  • CVE-2026-12319MedJun 16, 2026
    risk 0.42cvss 6.5epss 0.00

    Denial-of-service in the Audio/Video: Playback component. This vulnerability was fixed in Firefox 152 and Thunderbird 152.

  • CVE-2026-12309MedJun 16, 2026
    risk 0.42cvss 6.5epss 0.00

    Memory safety bug fixed in Thunderbird 152. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Thunderbird 152, and Thunderbird 140.12.

  • CVE-2026-12302MedJun 16, 2026
    risk 0.42cvss 6.5epss 0.00

    Mitigation bypass in the DOM: Security component. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Firefox ESR 115.37, Thunderbird 152, and Thunderbird 140.12.

  • CVE-2026-8706MedMay 19, 2026
    risk 0.42cvss 6.5epss 0.00

    Firefox for iOS hosted Reader mode on an unauthenticated local web server, allowing another application on the same device to request arbitrary URLs and receive the response rendered with the signed-in user's cookies. This vulnerability was fixed in Firefox for iOS 151.0.

  • CVE-2026-8971MedMay 19, 2026
    risk 0.42cvss 6.5epss 0.00

    Same-origin policy bypass in the Networking: JAR component. This vulnerability was fixed in Firefox 151 and Thunderbird 151.

  • CVE-2026-8961MedMay 19, 2026
    risk 0.42cvss 6.5epss 0.00

    Spoofing issue in the Form Autofill component. This vulnerability was fixed in Firefox 151, Firefox ESR 140.11, Thunderbird 151, and Thunderbird 140.11.

  • CVE-2026-8951MedMay 19, 2026
    risk 0.42cvss 6.5epss 0.00

    Spoofing issue in the Toolbar component in Firefox for Android. This vulnerability was fixed in Firefox 151.

  • CVE-2026-8388MedMay 12, 2026
    risk 0.42cvss 6.5epss 0.00

    Incorrect boundary conditions in the JavaScript Engine: JIT component. This vulnerability was fixed in Firefox 150.0.3, Firefox ESR 115.36, Firefox ESR 140.11, and Thunderbird 140.11.

  • CVE-2026-6770MedApr 21, 2026
    risk 0.42cvss 6.5epss 0.05

    Other issue in the Storage: IndexedDB component. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10.

  • CVE-2026-6764MedApr 21, 2026
    risk 0.42cvss 6.5epss 0.00

    Incorrect boundary conditions in the DOM: Device Interfaces component. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10.

  • CVE-2026-6763MedApr 21, 2026
    risk 0.42cvss 6.5epss 0.00

    Mitigation bypass in the File Handling component. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10.

  • CVE-2026-6755MedApr 21, 2026
    risk 0.42cvss 6.5epss 0.00

    Mitigation bypass in the DOM: postMessage component. This vulnerability was fixed in Firefox 150 and Thunderbird 150.

  • CVE-2026-4728MedMar 24, 2026
    risk 0.42cvss 6.5epss 0.00

    Spoofing issue in the Privacy: Anti-Tracking component. This vulnerability was fixed in Firefox 149 and Thunderbird 149.

  • CVE-2026-3846MedMar 10, 2026
    risk 0.42cvss 6.5epss 0.00

    Same-origin policy bypass in the CSS Parsing and Computation component. This vulnerability was fixed in Firefox 148.0.2.

  • CVE-2026-24868MedJan 27, 2026
    risk 0.42cvss 6.5epss 0.00

    Mitigation bypass in the Privacy: Anti-Tracking component. This vulnerability was fixed in Firefox 147.0.2.

  • CVE-2026-0885MedJan 13, 2026
    risk 0.42cvss 6.5epss 0.00

    Use-after-free in the JavaScript: GC component. This vulnerability was fixed in Firefox 147, Firefox ESR 140.7, Thunderbird 147, and Thunderbird 140.7.

  • CVE-2025-14744MedDec 18, 2025
    risk 0.42cvss 6.5epss 0.00

    Unicode RTLO characters could allow malicious websites to spoof filenames in the downloads UI for Firefox for iOS, potentially tricking users into saving files of an unexpected file type. This vulnerability was fixed in Firefox for iOS 144.0.

  • CVE-2025-14331MedDec 9, 2025
    risk 0.42cvss 6.5epss 0.00

    Same-origin policy bypass in the Request Handling component. This vulnerability was fixed in Firefox 146, Firefox ESR 115.31, Firefox ESR 140.6, Thunderbird 146, and Thunderbird 140.6.

  • CVE-2025-11718MedOct 14, 2025
    risk 0.42cvss 6.5epss 0.00

    When the address bar was hidden due to scrolling on Android, a malicious page could create a fake address bar to fool the user in response to a visibilitychange event. This vulnerability was fixed in Firefox 144.

  • CVE-2025-11716MedOct 14, 2025
    risk 0.42cvss 6.5epss 0.00

    Links in a sandboxed iframe could open an external app on Android without the required "allow-" permission. This vulnerability was fixed in Firefox 144 and Thunderbird 144.

Page 60 of 159