VYPR

Firefox

by Mozilla Corporation

Source repositories

CVEs (3,179)

  • CVE-2025-1934MedMar 4, 2025
    risk 0.42cvss 6.5epss 0.00

    It was possible to interrupt the processing of a RegExp bailout and run additional JavaScript, potentially triggering garbage collection when the engine was not expecting it. This vulnerability was fixed in Firefox 136, Firefox ESR 128.8, Thunderbird 136, and Thunderbird 128.8.

  • CVE-2025-1414MedFeb 18, 2025
    risk 0.42cvss 6.5epss 0.00

    Memory safety bugs present in Firefox 135. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 135.0.1.

  • CVE-2025-1013MedFeb 4, 2025
    risk 0.42cvss 6.5epss 0.00

    A race condition could have led to private browsing tabs being opened in normal browsing windows. This could have resulted in a potential privacy leak. This vulnerability was fixed in Firefox 135, Firefox ESR 128.7, Thunderbird 128.7, and Thunderbird 135.

  • CVE-2025-23109MedJan 11, 2025
    risk 0.42cvss 6.5epss 0.00

    Long hostnames in URLs could be leveraged to obscure the actual host of the website or spoof the website address. This vulnerability was fixed in Firefox for iOS 134.

  • CVE-2025-0246MedJan 7, 2025
    risk 0.42cvss 6.5epss 0.00

    When using an invalid protocol scheme, an attacker could spoof the address bar. *Note: This issue only affected Android operating systems. Other operating systems are unaffected.* *Note: This issue is a different issue from CVE-2025-0244. This vulnerability was fixed in Firefox…

  • CVE-2024-11708MedNov 26, 2024
    risk 0.42cvss 6.5epss 0.00

    Missing thread synchronization primitives could have led to a data race on members of the PlaybackParams structure. This vulnerability affects Firefox < 133 and Thunderbird < 133.

  • CVE-2024-11706MedNov 26, 2024
    risk 0.42cvss 6.5epss 0.00

    A null pointer dereference may have inadvertently occurred in `pk12util`, and specifically in the `SEC_ASN1DecodeItem_Util` function, when handling malformed or improperly formatted input files. This vulnerability affects Firefox < 133 and Thunderbird < 133.

  • CVE-2024-10941MedNov 6, 2024
    risk 0.42cvss 6.5epss 0.00

    A malicious website could have included an iframe with an malformed URI resulting in a non-exploitable browser crash. This vulnerability affects Firefox < 126.

  • CVE-2024-10465MedOct 29, 2024
    risk 0.42cvss 6.5epss 0.01

    A clipboard "paste" button could persist across tabs which allowed a spoofing attack. This vulnerability affects Firefox < 132, Firefox ESR < 128.4, Thunderbird < 128.4, and Thunderbird < 132.

  • CVE-2024-10464MedOct 29, 2024
    risk 0.42cvss 6.5epss 0.01

    Repeated writes to history interface attributes could have been used to cause a Denial of Service condition in the browser. This was addressed by introducing rate-limiting to this API. This vulnerability affects Firefox < 132, Firefox ESR < 128.4, Thunderbird < 128.4, and…

  • CVE-2024-10463MedOct 29, 2024
    risk 0.42cvss 6.5epss 0.01

    Video frames could have been leaked between origins in some situations. This vulnerability affects Firefox < 132, Firefox ESR < 128.4, Firefox ESR < 115.17, Thunderbird < 128.4, and Thunderbird < 132.

  • CVE-2024-10462MedOct 29, 2024
    risk 0.42cvss 6.5epss 0.01

    Truncation of a long URL could have allowed origin spoofing in a permission prompt. This vulnerability affects Firefox < 132, Firefox ESR < 128.4, Thunderbird < 128.4, and Thunderbird < 132.

  • CVE-2024-9936MedOct 14, 2024
    risk 0.42cvss 6.5epss 0.00

    When manipulating the selection node cache, an attacker may have been able to cause unexpected behavior, potentially leading to an exploitable crash. This vulnerability affects Firefox < 131.0.3.

  • CVE-2024-9391MedOct 1, 2024
    risk 0.42cvss 6.5epss 0.00

    A user who enables full-screen mode on a specially crafted web page could potentially be prevented from exiting full screen mode. This may allow spoofing of other sites as the address bar is no longer visible. *This bug only affects Firefox Focus for Android. Other versions of…

  • CVE-2024-7531MedAug 6, 2024
    risk 0.42cvss 6.5epss 0.00

    Calling `PK11_Encrypt()` in NSS using CKM_CHACHA20 and the same buffer for input and output can result in plaintext on an Intel Sandy Bridge processor. In Firefox this only affects the QUIC header protection feature when the connection is using the ChaCha20-Poly1305 cipher…

  • CVE-2024-7529MedAug 6, 2024
    risk 0.42cvss 6.5epss 0.00

    The date picker could partially obscure security prompts. This could be used by a malicious site to trick a user into granting permissions. This vulnerability affects Firefox < 129, Firefox ESR < 115.14, Firefox ESR < 128.1, Thunderbird < 128.1, and Thunderbird < 115.14.

  • CVE-2024-7526MedAug 6, 2024
    risk 0.42cvss 6.5epss 0.01

    ANGLE failed to initialize parameters which lead to reading from uninitialized memory. This could be leveraged to leak sensitive data from memory. This vulnerability affects Firefox < 129, Firefox ESR < 115.14, Firefox ESR < 128.1, Thunderbird < 128.1, and Thunderbird < 115.14.

  • CVE-2024-7518MedAug 6, 2024
    risk 0.42cvss 6.5epss 0.00

    Select options could obscure the fullscreen notification dialog. This could be used by a malicious site to perform a spoofing attack. This vulnerability affects Firefox < 129, Firefox ESR < 128.1, and Thunderbird < 128.1.

  • CVE-2024-5692MedJun 11, 2024
    risk 0.42cvss 6.5epss 0.01

    On Windows 10, when using the 'Save As' functionality, an attacker could have tricked the browser into saving the file with a disallowed extension such as `.url` by including an invalid character in the extension. *Note:* This issue only affected Windows operating systems. Other…

  • CVE-2024-4774MedMay 14, 2024
    risk 0.42cvss 6.5epss 0.00

    The `ShmemCharMapHashEntry()` code was susceptible to potentially undefined behavior by bypassing the move semantics for one of its data members. This vulnerability affects Firefox < 126.

Page 62 of 159