VYPR

Firefox

by Mozilla Corporation

Source repositories

CVEs (3,179)

  • CVE-2016-1976MedMar 13, 2016
    risk 0.36cvss 5.5epss 0.01

    Use-after-free vulnerability in the DesktopDisplayDevice class in the WebRTC implementation in Mozilla Firefox before 45.0 on Windows might allow remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.

  • CVE-2014-1496MedMar 19, 2014
    risk 0.36cvss 5.5epss 0.00

    Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 might allow local users to gain privileges by modifying the extracted Mar contents during an update.

  • CVE-2026-12330MedJun 16, 2026
    risk 0.35cvss 5.4epss 0.00

    Incorrect boundary conditions in the Internationalization component. This vulnerability was fixed in Firefox ESR 140.12, Firefox ESR 115.37, and Thunderbird 140.12.

  • CVE-2026-12323MedJun 16, 2026
    risk 0.35cvss 5.4epss 0.00

    Spoofing issue in the DOM: Core & HTML component. This vulnerability was fixed in Firefox 152 and Thunderbird 152.

  • CVE-2026-12322MedJun 16, 2026
    risk 0.35cvss 5.4epss 0.00

    Clickjacking issue in the Widget: Gtk component. This vulnerability was fixed in Firefox 152 and Thunderbird 152.

  • CVE-2026-12321MedJun 16, 2026
    risk 0.35cvss 5.4epss 0.00

    JIT miscompilation in the JavaScript: WebAssembly component. This vulnerability was fixed in Firefox 152 and Thunderbird 152.

  • CVE-2026-12299MedJun 16, 2026
    risk 0.35cvss 5.4epss 0.00

    JIT miscompilation in the DOM: Core & HTML component. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Firefox ESR 115.37, Thunderbird 152, and Thunderbird 140.12.

  • CVE-2026-12298MedJun 16, 2026
    risk 0.35cvss 5.4epss 0.00

    Memory safety bug fixed in Thunderbird 152. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Thunderbird 152, and Thunderbird 140.12.

  • CVE-2026-9308MedJun 1, 2026
    risk 0.35cvss 5.4epss 0.00

    Firefox for iOS Reader View replaced page content in its HTML template before replacing other internal placeholders. A malicious page could include a placeholder string that was later substituted with JSON-LD data, potentially resulting in arbitrary JavaScript execution. This…

  • CVE-2026-6774MedApr 21, 2026
    risk 0.35cvss 5.4epss 0.00

    Mitigation bypass in the DOM: Security component. This vulnerability was fixed in Firefox 150 and Thunderbird 150.

  • CVE-2026-2804MedFeb 24, 2026
    risk 0.35cvss 5.4epss 0.00

    Use-after-free in the JavaScript: WebAssembly component. This vulnerability was fixed in Firefox 148 and Thunderbird 148.

  • CVE-2026-0890MedJan 13, 2026
    risk 0.35cvss 5.4epss 0.00

    Spoofing issue in the DOM: Copy & Paste and Drag & Drop component. This vulnerability was fixed in Firefox 147, Firefox ESR 140.7, Thunderbird 147, and Thunderbird 140.7.

  • CVE-2025-10531MedSep 16, 2025
    risk 0.35cvss 5.4epss 0.00

    Mitigation bypass in the Web Compatibility: Tooling component. This vulnerability was fixed in Firefox 143 and Thunderbird 143.

  • CVE-2025-54144MedAug 19, 2025
    risk 0.35cvss 5.4epss 0.00

    The URL scheme used by Firefox to facilitate searching of text queries could incorrectly allow attackers to open arbitrary website URLs or internal pages if a user was tricked into clicking a link. This vulnerability was fixed in Firefox for iOS 141.

  • CVE-2025-5267MedMay 27, 2025
    risk 0.35cvss 5.4epss 0.00

    A clickjacking vulnerability could have been used to trick a user into leaking saved payment card details to a malicious page. This vulnerability was fixed in Firefox 139, Firefox ESR 128.11, Thunderbird 139, and Thunderbird 128.11.

  • CVE-2025-27426MedMar 4, 2025
    risk 0.35cvss 5.4epss 0.00

    Malicious websites utilizing a server-side redirect to an internal error page could result in a spoofed website URL. This vulnerability was fixed in Firefox for iOS 136.

  • CVE-2025-0244MedJan 7, 2025
    risk 0.35cvss 5.3epss 0.07

    When redirecting to an invalid protocol scheme, an attacker could spoof the address bar. *Note: This issue only affected Android operating systems. Other operating systems are unaffected.*. This vulnerability was fixed in Firefox 134.

  • CVE-2025-0238MedJan 7, 2025
    risk 0.35cvss 5.3epss 0.01

    Assuming a controlled failed memory allocation, an attacker could have caused a use-after-free, leading to a potentially exploitable crash. This vulnerability was fixed in Firefox 134, Firefox ESR 128.6, Firefox ESR 115.19, Thunderbird 134, and Thunderbird 128.6.

  • CVE-2025-0237MedJan 7, 2025
    risk 0.35cvss 5.4epss 0.01

    The WebChannel API, which is used to transport various information across processes, did not check the sending principal but rather accepted the principal being sent. This could have led to privilege escalation attacks. This vulnerability was fixed in Firefox 134, Firefox ESR…

  • CVE-2024-11696MedNov 26, 2024
    risk 0.35cvss 5.4epss 0.00

    The application failed to account for exceptions thrown by the `loadManifestFromFile` method during add-on signature verification. This flaw, triggered by an invalid or unsupported extension manifest, could have caused runtime errors that disrupted the signature validation…

Page 81 of 159