VYPR

Firefox

by Mozilla Corporation

Source repositories

CVEs (3,179)

  • CVE-2026-12307MedJun 16, 2026
    risk 0.34cvss 5.3epss 0.00

    Memory safety bug fixed in Thunderbird 152. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Thunderbird 152, and Thunderbird 140.12.

  • CVE-2026-12306MedJun 16, 2026
    risk 0.34cvss 5.3epss 0.00

    Memory safety bug fixed in Thunderbird 152. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Thunderbird 152, and Thunderbird 140.12.

  • CVE-2026-12301MedJun 16, 2026
    risk 0.34cvss 5.3epss 0.00

    Memory safety bug fixed in Thunderbird 152. This vulnerability was fixed in Firefox 152 and Thunderbird 152.

  • CVE-2026-12300MedJun 16, 2026
    risk 0.34cvss 5.3epss 0.00

    Memory safety bug fixed in Thunderbird 152. This vulnerability was fixed in Firefox 152 and Thunderbird 152.

  • CVE-2026-8391MedMay 12, 2026
    risk 0.34cvss 5.3epss 0.00

    Other issue in the JavaScript Engine component. This vulnerability was fixed in Firefox 150.0.3, Firefox ESR 115.36, Firefox ESR 140.11, and Thunderbird 140.11.

  • CVE-2026-6783MedApr 21, 2026
    risk 0.34cvss 5.3epss 0.00

    Incorrect boundary conditions, integer overflow in the Audio/Video: Playback component. This vulnerability was fixed in Firefox 150 and Thunderbird 150.

  • CVE-2026-6779MedApr 21, 2026
    risk 0.34cvss 5.3epss 0.00

    Other issue in the JavaScript Engine component. This vulnerability was fixed in Firefox 150 and Thunderbird 150.

  • CVE-2026-6778MedApr 21, 2026
    risk 0.34cvss 5.3epss 0.00

    Invalid pointer in the Audio/Video: Playback component. This vulnerability was fixed in Firefox 150 and Thunderbird 150.

  • CVE-2026-6777MedApr 21, 2026
    risk 0.34cvss 5.3epss 0.00

    Other issue in the Networking: DNS component. This vulnerability was fixed in Firefox 150 and Thunderbird 150.

  • CVE-2026-6775MedApr 21, 2026
    risk 0.34cvss 5.3epss 0.00

    Incorrect boundary conditions in the WebRTC component. This vulnerability was fixed in Firefox 150 and Thunderbird 150.

  • CVE-2026-6767MedApr 21, 2026
    risk 0.34cvss 5.3epss 0.00

    Other issue in the Libraries component in NSS. This vulnerability was fixed in Firefox 150, Firefox ESR 115.35, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10.

  • CVE-2026-6765MedApr 21, 2026
    risk 0.34cvss 5.3epss 0.00

    Information disclosure in the Form Autofill component. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10.

  • CVE-2026-0888MedJan 13, 2026
    risk 0.34cvss 5.3epss 0.00

    Information disclosure in the XML component. This vulnerability was fixed in Firefox 147 and Thunderbird 147.

  • CVE-2026-0886MedJan 13, 2026
    risk 0.34cvss 5.3epss 0.00

    Incorrect boundary conditions in the Graphics component. This vulnerability was fixed in Firefox 147, Firefox ESR 115.32, Firefox ESR 140.7, Thunderbird 147, and Thunderbird 140.7.

  • CVE-2026-0883MedJan 13, 2026
    risk 0.34cvss 5.3epss 0.00

    Information disclosure in the Networking component. This vulnerability was fixed in Firefox 147, Firefox ESR 140.7, Thunderbird 147, and Thunderbird 140.7.

  • CVE-2025-8041MedAug 19, 2025
    risk 0.34cvss 5.3epss 0.00

    In the address bar, Firefox for Android truncated the display of URLs from the end instead of prioritizing the origin. This vulnerability was fixed in Firefox 141.

  • CVE-2025-4090MedApr 29, 2025
    risk 0.34cvss 5.3epss 0.00

    A vulnerability existed in Thunderbird for Android where potentially sensitive library locations were logged via Logcat. This vulnerability was fixed in Firefox 138 and Thunderbird 138.

  • CVE-2025-3035MedApr 1, 2025
    risk 0.34cvss 5.3epss 0.00

    By first using the AI chatbot in one tab and later activating it in another tab, the document title of the previous tab would leak into the chat prompt. This vulnerability was fixed in Firefox 137.

  • CVE-2025-1018MedFeb 4, 2025
    risk 0.34cvss 5.3epss 0.00

    The fullscreen notification is prematurely hidden when fullscreen is re-requested quickly by the user. This could have been leveraged to perform a potential spoofing attack. This vulnerability was fixed in Firefox 135 and Thunderbird 135.

  • CVE-2024-10468MedOct 29, 2024
    risk 0.34cvss 5.3epss 0.00

    Potential race conditions in IndexedDB could have caused memory corruption, leading to a potentially exploitable crash. This vulnerability affects Firefox < 132 and Thunderbird < 132.

Page 86 of 159