VYPR

Firefox

by Mozilla Corporation

Source repositories

CVEs (3,179)

  • CVE-2024-4775MedMay 14, 2024
    risk 0.38cvss 5.9epss 0.00

    An iterator stop condition was missing when handling WASM code in the built-in profiler, potentially leading to invalid memory access and undefined behavior. *Note:* This issue only affects the application when the profiler is running. This vulnerability affects Firefox < 126.

  • CVE-2024-4772MedMay 14, 2024
    risk 0.38cvss 5.9epss 0.00

    An HTTP digest authentication nonce value was generated using `rand()` which could lead to predictable values. This vulnerability affects Firefox < 126.

  • CVE-2024-4769MedMay 14, 2024
    risk 0.38cvss 5.9epss 0.00

    When importing resources using Web Workers, error messages would distinguish the difference between `application/javascript` responses and non-script responses. This could have been abused to learn information cross-origin. This vulnerability affects Firefox < 126, Firefox ESR…

  • CVE-2024-3859MedApr 16, 2024
    risk 0.38cvss 5.9epss 0.01

    On 32-bit versions there were integer-overflows that led to an out-of-bounds-read that potentially could be triggered by a malformed OpenType font. This vulnerability affects Firefox < 125, Firefox ESR < 115.10, and Thunderbird < 115.10.

  • CVE-2024-2605MedMar 19, 2024
    risk 0.38cvss 5.9epss 0.01

    An attacker could have leveraged the Windows Error Reporter to run arbitrary code on the system escaping the sandbox. *Note:* This issue only affected Windows operating systems. Other operating systems are unaffected. This vulnerability affects Firefox < 124, Firefox ESR <…

  • CVE-2023-4049MedAug 1, 2023
    risk 0.38cvss 5.9epss 0.01

    Race conditions in reference counting code were found through code inspection. These could have resulted in potentially exploitable use-after-free vulnerabilities. This vulnerability affects Firefox < 116, Firefox ESR < 102.14, and Firefox ESR < 115.1.

  • CVE-2020-12413MedFeb 16, 2023
    risk 0.38cvss 5.9epss 0.01

    The Raccoon attack is a timing attack on DHE ciphersuites inherit in the TLS specification. To mitigate this vulnerability, Firefox disabled support for DHE ciphersuites.

  • CVE-2022-22746MedDec 22, 2022
    risk 0.38cvss 5.9epss 0.01

    A race condition could have allowed bypassing the fullscreen notification which could have lead to a fullscreen window spoof being unnoticed.*This bug only affects Firefox for Windows. Other operating systems are unaffected.*. This vulnerability affects Firefox ESR < 91.5,…

  • CVE-2019-9793MedApr 26, 2019
    risk 0.38cvss 5.9epss 0.02

    A mechanism was discovered that removes some bounds checking for string, array, or typed array accesses if Spectre mitigations have been disabled. This vulnerability could allow an attacker to create an arbitrary value in compiled JavaScript, for which the range analysis will…

  • CVE-2017-7770MedJun 11, 2018
    risk 0.38cvss 5.9epss 0.01

    A mechanism where when a new tab is loaded through JavaScript events, if fullscreen mode is then entered, the addressbar will not be rendered. This would allow a malicious site to displayed a spoofed addressbar, showing the location of an arbitrary website instead of the one…

  • CVE-2017-5415MedJun 11, 2018
    risk 0.38cvss 5.3epss 0.13

    An attack can use a blob URL and script to spoof an arbitrary addressbar URL prefaced by "blob:" as the protocol, leading to user confusion and further spoofing attacks. This vulnerability affects Firefox < 52.

  • CVE-2017-5384MedJun 11, 2018
    risk 0.38cvss 5.9epss 0.02

    Proxy Auto-Config (PAC) files can specify a JavaScript function called for all URL requests with the full URL path which exposes more information than would be sent to the proxy itself in the case of HTTPS. Normally the Proxy Auto-Config file is specified by the user or machine…

  • CVE-2016-9076MedJun 11, 2018
    risk 0.38cvss 5.9epss 0.02

    An issue where a "" dropdown menu can be used to cover location bar content, resulting in potential spoofing attacks. This attack requires e10s to be enabled in order to function. This vulnerability affects Firefox < 50.

  • CVE-2016-9064MedJun 11, 2018
    risk 0.38cvss 5.9epss 0.01

    Add-on updates failed to verify that the add-on ID inside the signed package matched the ID of the add-on being updated. An attacker who could perform a man-in-the-middle attack on the user's connection to the update server and defeat the certificate pinning protection could…

  • CVE-2016-5288MedJun 11, 2018
    risk 0.38cvss 5.9epss 0.02

    Web content could access information in the HTTP cache if e10s is disabled. This can reveal some visited URLs and the contents of those pages. This issue affects Firefox 48 and 49. This vulnerability affects Firefox < 49.0.2.

  • CVE-2025-4084MedApr 29, 2025
    risk 0.37cvss 5.7epss 0.00

    Due to insufficient escaping of the special characters in the "copy as cURL" feature, an attacker could trick a user into using this command, potentially leading to local code execution on the user's system. *This bug only affects Firefox for Windows. Other versions of Firefox…

  • CVE-2024-11703MedNov 26, 2024
    risk 0.37cvss 5.7epss 0.00

    On Android, Firefox may have inadvertently allowed viewing saved passwords without the required device PIN authentication. This vulnerability affects Firefox < 133.

  • CVE-2024-6613MedJul 9, 2024
    risk 0.36cvss 5.5epss 0.00

    The frame iterator could get stuck in a loop when encountering certain wasm frames leading to incorrect stack traces. This vulnerability affects Firefox < 128 and Thunderbird < 128.

  • CVE-2024-2611MedMar 19, 2024
    risk 0.36cvss 5.5epss 0.01

    A missing delay on when pointer lock was used could have allowed a malicious page to trick a user into granting permissions. This vulnerability affects Firefox < 124, Firefox ESR < 115.9, and Thunderbird < 115.9.

  • CVE-2023-4054MedAug 1, 2023
    risk 0.36cvss 5.5epss 0.00

    When opening appref-ms files, Firefox did not warn the user that these files may contain malicious code. *This bug only affects Firefox on Windows. Other operating systems are unaffected.* This vulnerability affects Firefox < 116, Firefox ESR < 102.14, Firefox ESR < 115.1,…

Page 79 of 159