Firefox
Source repositories
CVEs (3,179)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-11711 | Med | 0.42 | 6.5 | 0.00 | Oct 14, 2025 | There was a way to change the value of JavaScript Object properties that were supposed to be non-writeable. This vulnerability was fixed in Firefox 144, Firefox ESR 115.29, Firefox ESR 140.4, Thunderbird 144, and Thunderbird 140.4. | ||
| CVE-2025-10532 | Med | 0.42 | 6.5 | 0.00 | Sep 16, 2025 | Incorrect boundary conditions in the JavaScript: GC component. This vulnerability was fixed in Firefox 143, Firefox ESR 140.3, Thunderbird 143, and Thunderbird 140.3. | ||
| CVE-2025-10530 | Med | 0.42 | 6.5 | 0.00 | Sep 16, 2025 | Spoofing issue in the WebAuthn component in Firefox for Android. This vulnerability was fixed in Firefox 143 and Thunderbird 143. | ||
| CVE-2025-10529 | Med | 0.42 | 6.5 | 0.00 | Sep 16, 2025 | Same-origin policy bypass in the Layout component. This vulnerability was fixed in Firefox 143, Firefox ESR 140.3, Thunderbird 143, and Thunderbird 140.3. | ||
| CVE-2025-9186 | Med | 0.42 | 6.5 | 0.00 | Aug 19, 2025 | Spoofing issue in the Address Bar component of Firefox Focus for Android. This vulnerability was fixed in Firefox 142. | ||
| CVE-2025-9183 | Med | 0.42 | 6.5 | 0.00 | Aug 19, 2025 | Spoofing issue in the Address Bar component. This vulnerability was fixed in Firefox 142 and Firefox ESR 140.2. | ||
| CVE-2025-9181 | Med | 0.42 | 6.5 | 0.00 | Aug 19, 2025 | Uninitialized memory in the JavaScript Engine component. This vulnerability was fixed in Firefox 142, Firefox ESR 128.14, Firefox ESR 140.2, Thunderbird 142, Thunderbird 128.14, and Thunderbird 140.2. | ||
| CVE-2025-55028 | Med | 0.42 | 6.5 | 0.00 | Aug 19, 2025 | Malicious scripts utilizing repetitive JavaScript alerts could prevent client user interaction in some scenarios and allow for denial of service attacks. This vulnerability was fixed in Firefox for iOS 142. | ||
| CVE-2025-8033 | Med | 0.42 | 6.5 | 0.00 | Jul 22, 2025 | The JavaScript engine did not handle closed generators correctly and it was possible to resume them leading to a nullptr deref. This vulnerability was fixed in Firefox 141, Firefox ESR 115.26, Firefox ESR 128.13, Firefox ESR 140.1, Thunderbird 141, Thunderbird 128.13, and… | ||
| CVE-2025-8027 | Med | 0.42 | 6.5 | 0.00 | Jul 22, 2025 | On 64-bit platforms IonMonkey-JIT only wrote 32 bits of the 64-bit return value space on the stack. Baseline-JIT, however, read the entire 64 bits. This vulnerability was fixed in Firefox 141, Firefox ESR 115.26, Firefox ESR 128.13, Firefox ESR 140.1, Thunderbird 141,… | ||
| CVE-2025-6431 | Med | 0.42 | 6.5 | 0.00 | Jun 24, 2025 | When a link can be opened in an external application, Firefox for Android will, by default, prompt the user before doing so. An attacker could have bypassed this prompt, potentially exposing the user to security vulnerabilities or privacy leaks in external applications. *This… | ||
| CVE-2025-6429 | Med | 0.42 | 6.5 | 0.00 | Jun 24, 2025 | Firefox could have incorrectly parsed a URL and rewritten it to the youtube.com domain when parsing the URL specified in an `embed` tag. This could have bypassed website security checks that restricted which domains users were allowed to embed. This vulnerability was fixed in… | ||
| CVE-2025-5271 | Med | 0.42 | 6.5 | 0.00 | May 27, 2025 | Previewing a response in Devtools ignored CSP headers, which could have allowed content injection attacks. This vulnerability was fixed in Firefox 139 and Thunderbird 139. | ||
| CVE-2025-4092 | Med | 0.42 | 6.5 | 0.00 | Apr 29, 2025 | Memory safety bugs present in Firefox 137 and Thunderbird 137. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 138 and… | ||
| CVE-2025-4088 | Med | 0.42 | 6.5 | 0.00 | Apr 29, 2025 | A security vulnerability in Thunderbird allowed malicious sites to use redirects to send credentialed requests to arbitrary endpoints on any site that had invoked the Storage Access API. This enabled potential Cross-Site Request Forgery attacks across origins. This vulnerability… | ||
| CVE-2025-4086 | Med | 0.42 | 6.5 | 0.00 | Apr 29, 2025 | A specially crafted filename containing a large number of encoded newline characters could obscure the file's extension when displayed in the download dialog. *This bug only affects Thunderbird for Android. Other versions of Thunderbird are unaffected.*. This vulnerability was… | ||
| CVE-2025-3608 | Med | 0.42 | 6.5 | 0.00 | Apr 15, 2025 | A race condition existed in nsHttpTransaction that could have been exploited to cause memory corruption, potentially leading to an exploitable condition. This vulnerability was fixed in Firefox 137.0.2. | ||
| CVE-2025-3031 | Med | 0.42 | 6.5 | 0.00 | Apr 1, 2025 | An attacker could read 32 bits of values spilled onto the stack in a JIT compiled function. This vulnerability was fixed in Firefox 137 and Thunderbird 137. | ||
| CVE-2025-3028 | Med | 0.42 | 6.5 | 0.01 | Apr 1, 2025 | JavaScript code running while transforming a document with the XSLTProcessor could lead to a use-after-free. This vulnerability was fixed in Firefox 137, Firefox ESR 115.22, Firefox ESR 128.9, Thunderbird 137, and Thunderbird 128.9. | ||
| CVE-2025-1938 | Med | 0.42 | 6.5 | 0.00 | Mar 4, 2025 | Memory safety bugs present in Firefox 135, Thunderbird 135, Firefox ESR 128.7, and Thunderbird 128.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability… |
- risk 0.42cvss 6.5epss 0.00
There was a way to change the value of JavaScript Object properties that were supposed to be non-writeable. This vulnerability was fixed in Firefox 144, Firefox ESR 115.29, Firefox ESR 140.4, Thunderbird 144, and Thunderbird 140.4.
- risk 0.42cvss 6.5epss 0.00
Incorrect boundary conditions in the JavaScript: GC component. This vulnerability was fixed in Firefox 143, Firefox ESR 140.3, Thunderbird 143, and Thunderbird 140.3.
- risk 0.42cvss 6.5epss 0.00
Spoofing issue in the WebAuthn component in Firefox for Android. This vulnerability was fixed in Firefox 143 and Thunderbird 143.
- risk 0.42cvss 6.5epss 0.00
Same-origin policy bypass in the Layout component. This vulnerability was fixed in Firefox 143, Firefox ESR 140.3, Thunderbird 143, and Thunderbird 140.3.
- risk 0.42cvss 6.5epss 0.00
Spoofing issue in the Address Bar component of Firefox Focus for Android. This vulnerability was fixed in Firefox 142.
- risk 0.42cvss 6.5epss 0.00
Spoofing issue in the Address Bar component. This vulnerability was fixed in Firefox 142 and Firefox ESR 140.2.
- risk 0.42cvss 6.5epss 0.00
Uninitialized memory in the JavaScript Engine component. This vulnerability was fixed in Firefox 142, Firefox ESR 128.14, Firefox ESR 140.2, Thunderbird 142, Thunderbird 128.14, and Thunderbird 140.2.
- risk 0.42cvss 6.5epss 0.00
Malicious scripts utilizing repetitive JavaScript alerts could prevent client user interaction in some scenarios and allow for denial of service attacks. This vulnerability was fixed in Firefox for iOS 142.
- risk 0.42cvss 6.5epss 0.00
The JavaScript engine did not handle closed generators correctly and it was possible to resume them leading to a nullptr deref. This vulnerability was fixed in Firefox 141, Firefox ESR 115.26, Firefox ESR 128.13, Firefox ESR 140.1, Thunderbird 141, Thunderbird 128.13, and…
- risk 0.42cvss 6.5epss 0.00
On 64-bit platforms IonMonkey-JIT only wrote 32 bits of the 64-bit return value space on the stack. Baseline-JIT, however, read the entire 64 bits. This vulnerability was fixed in Firefox 141, Firefox ESR 115.26, Firefox ESR 128.13, Firefox ESR 140.1, Thunderbird 141,…
- risk 0.42cvss 6.5epss 0.00
When a link can be opened in an external application, Firefox for Android will, by default, prompt the user before doing so. An attacker could have bypassed this prompt, potentially exposing the user to security vulnerabilities or privacy leaks in external applications. *This…
- risk 0.42cvss 6.5epss 0.00
Firefox could have incorrectly parsed a URL and rewritten it to the youtube.com domain when parsing the URL specified in an `embed` tag. This could have bypassed website security checks that restricted which domains users were allowed to embed. This vulnerability was fixed in…
- risk 0.42cvss 6.5epss 0.00
Previewing a response in Devtools ignored CSP headers, which could have allowed content injection attacks. This vulnerability was fixed in Firefox 139 and Thunderbird 139.
- risk 0.42cvss 6.5epss 0.00
Memory safety bugs present in Firefox 137 and Thunderbird 137. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 138 and…
- risk 0.42cvss 6.5epss 0.00
A security vulnerability in Thunderbird allowed malicious sites to use redirects to send credentialed requests to arbitrary endpoints on any site that had invoked the Storage Access API. This enabled potential Cross-Site Request Forgery attacks across origins. This vulnerability…
- risk 0.42cvss 6.5epss 0.00
A specially crafted filename containing a large number of encoded newline characters could obscure the file's extension when displayed in the download dialog. *This bug only affects Thunderbird for Android. Other versions of Thunderbird are unaffected.*. This vulnerability was…
- risk 0.42cvss 6.5epss 0.00
A race condition existed in nsHttpTransaction that could have been exploited to cause memory corruption, potentially leading to an exploitable condition. This vulnerability was fixed in Firefox 137.0.2.
- risk 0.42cvss 6.5epss 0.00
An attacker could read 32 bits of values spilled onto the stack in a JIT compiled function. This vulnerability was fixed in Firefox 137 and Thunderbird 137.
- risk 0.42cvss 6.5epss 0.01
JavaScript code running while transforming a document with the XSLTProcessor could lead to a use-after-free. This vulnerability was fixed in Firefox 137, Firefox ESR 115.22, Firefox ESR 128.9, Thunderbird 137, and Thunderbird 128.9.
- risk 0.42cvss 6.5epss 0.00
Memory safety bugs present in Firefox 135, Thunderbird 135, Firefox ESR 128.7, and Thunderbird 128.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability…
Page 61 of 159