VYPR

Firefox

by Mozilla Corporation

Source repositories

CVEs (3,179)

  • CVE-2025-49709CriJun 11, 2025
    risk 0.64cvss 9.8epss 0.01

    Certain canvas operations could have lead to memory corruption. This vulnerability was fixed in Firefox 139.0.4.

  • CVE-2025-4918CriMay 17, 2025
    risk 0.64cvss 9.8epss 0.09

    An attacker was able to perform an out-of-bounds read or write on a JavaScript `Promise` object. This vulnerability was fixed in Firefox 138.0.4, Firefox ESR 128.10.1, Firefox ESR 115.23.1, Thunderbird 128.10.2, and Thunderbird 138.0.2.

  • CVE-2025-1942CriMar 4, 2025
    risk 0.64cvss 9.8epss 0.00

    When String.toUpperCase() caused a string to get longer it was possible for uninitialized memory to be incorporated into the result string. This vulnerability was fixed in Firefox 136 and Thunderbird 136.

  • CVE-2025-1020CriFeb 4, 2025
    risk 0.64cvss 9.8epss 0.01

    Memory safety bugs present in Firefox 134 and Thunderbird 134. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 135 and…

  • CVE-2025-1017CriFeb 4, 2025
    risk 0.64cvss 9.8epss 0.01

    Memory safety bugs present in Firefox 134, Thunderbird 134, Firefox ESR 128.6, and Thunderbird 128.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability…

  • CVE-2025-1016CriFeb 4, 2025
    risk 0.64cvss 9.8epss 0.01

    Memory safety bugs present in Firefox 134, Thunderbird 134, Firefox ESR 115.19, Firefox ESR 128.6, Thunderbird 115.19, and Thunderbird 128.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to…

  • CVE-2025-1009CriFeb 4, 2025
    risk 0.64cvss 9.8epss 0.01

    An attacker could have caused a use-after-free via crafted XSLT data, leading to a potentially exploitable crash. This vulnerability was fixed in Firefox 135, Firefox ESR 115.20, Firefox ESR 128.7, Thunderbird 128.7, and Thunderbird 135.

  • CVE-2025-0247CriJan 7, 2025
    risk 0.64cvss 9.8epss 0.09

    Memory safety bugs present in Firefox 133 and Thunderbird 133. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 134 and…

  • CVE-2024-11704CriNov 26, 2024
    risk 0.64cvss 9.8epss 0.01

    A double-free issue could have occurred in `sec_pkcs7_decoder_start_decrypt()` when handling an error path. Under specific conditions, the same symmetric key could have been freed twice, potentially leading to memory corruption. This vulnerability affects Firefox < 133,…

  • CVE-2024-11698CriNov 26, 2024
    risk 0.64cvss 9.8epss 0.01

    A flaw in handling fullscreen transitions may have inadvertently caused the application to become stuck in fullscreen mode when a modal dialog was opened during the transition. This issue left users unable to exit fullscreen mode using standard actions like pressing "Esc" or…

  • CVE-2024-11693CriNov 26, 2024
    risk 0.64cvss 9.8epss 0.01

    The executable file warning was not presented when downloading .library-ms files. *Note: This issue only affected Windows operating systems. Other operating systems are unaffected.* This vulnerability affects Firefox < 133, Firefox ESR < 128.5, Thunderbird < 133, and…

  • CVE-2024-9402CriOct 1, 2024
    risk 0.64cvss 9.8epss 0.01

    Memory safety bugs present in Firefox 130, Firefox ESR 128.2, and Thunderbird 128.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox <…

  • CVE-2024-9401CriOct 1, 2024
    risk 0.64cvss 9.8epss 0.01

    Memory safety bugs present in Firefox 130, Firefox ESR 115.15, Firefox ESR 128.2, and Thunderbird 128.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This…

  • CVE-2024-9392CriOct 1, 2024
    risk 0.64cvss 9.8epss 0.01

    A compromised content process could have allowed for the arbitrary loading of cross-origin pages. This vulnerability affects Firefox < 131, Firefox ESR < 128.3, Firefox ESR < 115.16, Thunderbird < 128.3, and Thunderbird < 131.

  • CVE-2024-8389CriSep 3, 2024
    risk 0.64cvss 9.8epss 0.00

    Memory safety bugs present in Firefox 129. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 130.

  • CVE-2024-8387CriSep 3, 2024
    risk 0.64cvss 9.8epss 0.01

    Memory safety bugs present in Firefox 129, Firefox ESR 128.1, and Thunderbird 128.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox <…

  • CVE-2024-8385CriSep 3, 2024
    risk 0.64cvss 9.8epss 0.01

    A difference in the handling of StructFields and ArrayTypes in WASM could be used to trigger an exploitable type confusion vulnerability. This vulnerability affects Firefox < 130, Firefox ESR < 128.2, and Thunderbird < 128.2.

  • CVE-2024-8384CriSep 3, 2024
    risk 0.64cvss 9.8epss 0.01

    The JavaScript garbage collector could mis-color cross-compartment objects if OOM conditions were detected at the right point between two passes. This could have led to memory corruption. This vulnerability affects Firefox < 130, Firefox ESR < 128.2, Firefox ESR < 115.15,…

  • CVE-2024-8381CriSep 3, 2024
    risk 0.64cvss 9.8epss 0.04

    A potentially exploitable type confusion could be triggered when looking up a property name on an object being used as the `with` environment. This vulnerability affects Firefox < 130, Firefox ESR < 128.2, Firefox ESR < 115.15, Thunderbird < 128.2, and Thunderbird < 115.15.

  • CVE-2024-6611CriJul 9, 2024
    risk 0.64cvss 9.8epss 0.01

    A nested iframe, triggering a cross-site navigation, could send SameSite=Strict or Lax cookies. This vulnerability affects Firefox < 128 and Thunderbird < 128.

Page 8 of 159