Firefox
Source repositories
CVEs (3,179)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-5265 | Med | 0.31 | 4.8 | 0.00 | May 27, 2025 | Due to insufficient escaping of the ampersand character in the “Copy as cURL” feature, an attacker could trick a user into using this command, potentially leading to local code execution on the user's system. *This bug only affects Firefox for Windows. Other versions of… | ||
| CVE-2025-5264 | Med | 0.31 | 4.8 | 0.00 | May 27, 2025 | Due to insufficient escaping of the newline character in the “Copy as cURL” feature, an attacker could trick a user into using this command, potentially leading to local code execution on the user's system. This vulnerability was fixed in Firefox 139, Firefox ESR 115.24,… | ||
| CVE-2025-4087 | Med | 0.31 | 4.8 | 0.00 | Apr 29, 2025 | A vulnerability was identified in Thunderbird where XPath parsing could trigger undefined behavior due to missing null checks during attribute access. This could lead to out-of-bounds read access and potentially, memory corruption. This vulnerability was fixed in Firefox 138,… | ||
| CVE-2024-6601 | Med | 0.31 | 4.7 | 0.00 | Jul 9, 2024 | A race condition could lead to a cross-origin container obtaining permissions of the top-level origin. This vulnerability affects Firefox < 128, Firefox ESR < 115.13, Thunderbird < 115.13, and Thunderbird < 128. | ||
| CVE-2024-5691 | Med | 0.31 | 4.7 | 0.01 | Jun 11, 2024 | By tricking the browser with a `X-Frame-Options` header, a sandboxed iframe could have presented a button that, if clicked by a user, would bypass restrictions to open a new window. This vulnerability affects Firefox < 127, Firefox ESR < 115.12, and Thunderbird < 115.12. | ||
| CVE-2024-26281 | Med | 0.31 | 4.7 | 0.00 | Feb 22, 2024 | Upon scanning a JavaScript URI with the QR code scanner, an attacker could have executed unauthorized scripts on the current top origin sites in the URL bar. This vulnerability affects Firefox for iOS < 123. | ||
| CVE-2020-12401 | Med | 0.31 | 4.7 | 0.00 | Oct 8, 2020 | During ECDSA signature generation, padding applied in the nonce designed to ensure constant-time scalar multiplication was removed, resulting in variable-time execution dependent on secret data. This vulnerability affects Firefox < 80 and Firefox for Android < 80. | ||
| CVE-2020-12400 | Med | 0.31 | 4.7 | 0.00 | Oct 8, 2020 | When converting coordinates from projective to affine, the modular inversion was not performed in constant time, resulting in a possible timing-based side channel attack. This vulnerability affects Firefox < 80 and Firefox for Android < 80. | ||
| CVE-2020-6827 | Med | 0.31 | 4.7 | 0.01 | Apr 24, 2020 | When following a link that opened an intent://-schemed URL, causing a custom tab to be opened, Firefox for Android could be tricked into displaying the incorrect URI. *Note: This issue only affects Firefox for Android. Other operating systems are unaffected.*. This… | ||
| CVE-2019-11728 | Med | 0.31 | 4.7 | 0.01 | Jul 23, 2019 | The HTTP Alternative Services header, Alt-Svc, can be used by a malicious site to scan all TCP ports of any host that the accessible to a user when web content is loaded. This vulnerability affects Firefox < 68. | ||
| CVE-2017-7796 | Med | 0.31 | 4.7 | 0.00 | Jun 11, 2018 | On Windows systems, the logger run by the Windows updater deletes the file "update.log" before it runs in order to write a new log of that name. The path to this file is supplied at the command line to the updater and could be used in concert with another local exploit to delete… | ||
| CVE-2016-5253 | Med | 0.31 | 4.7 | 0.00 | Aug 5, 2016 | The Updater in Mozilla Firefox before 48.0 on Windows allows local users to write to arbitrary files via vectors involving the callback application-path parameter and a hard link. | ||
| CVE-2016-1947 | Med | 0.31 | 4.7 | 0.02 | Jan 31, 2016 | Mozilla Firefox 43.x mishandles attempts to connect to the Application Reputation service, which makes it easier for remote attackers to trigger an unintended download by leveraging the absence of reputation data. | ||
| CVE-2016-1943 | Med | 0.31 | 4.7 | 0.01 | Jan 31, 2016 | Mozilla Firefox before 44.0 on Android allows remote attackers to spoof the address bar via the scrollTo method. | ||
| CVE-2015-8512 | Med | 0.30 | 4.6 | 0.00 | Jan 9, 2016 | The lockscreen feature in Mozilla Firefox OS before 2.5 does not properly restrict failed authentication attempts, which makes it easier for physically proximate attackers to obtain access by entering many passcode guesses. | ||
| CVE-2020-12402 | Med | 0.29 | 4.4 | 0.00 | Jul 9, 2020 | During RSA key generation, bignum implementations used a variation of the Binary Extended Euclidean Algorithm which entailed significantly input-dependent flow. This allowed an attacker able to perform electromagnetic-based side channel attacks to record traces leading to the… | ||
| CVE-2020-12399 | Med | 0.29 | 4.4 | 0.01 | Jul 9, 2020 | NSS has shown timing differences when performing DSA signatures, which was exploitable and could eventually leak private keys. This vulnerability affects Thunderbird < 68.9.0, Firefox < 77, and Firefox ESR < 68.9. | ||
| CVE-2026-12320 | Med | 0.28 | 4.3 | 0.00 | Jun 16, 2026 | Information disclosure in the Password Manager component. This vulnerability was fixed in Firefox 152 and Thunderbird 152. | ||
| CVE-2026-12303 | Med | 0.28 | 4.3 | 0.00 | Jun 16, 2026 | Information disclosure due to incorrect boundary conditions in the Graphics: WebGPU component. This vulnerability was fixed in Firefox 152 and Thunderbird 152. | ||
| CVE-2026-10702 | Med | 0.28 | 4.3 | 0.00 | Jun 2, 2026 | JIT miscompilation in the JavaScript Engine: JIT component. This vulnerability was fixed in Firefox 151.0.3. |
- risk 0.31cvss 4.8epss 0.00
Due to insufficient escaping of the ampersand character in the “Copy as cURL” feature, an attacker could trick a user into using this command, potentially leading to local code execution on the user's system. *This bug only affects Firefox for Windows. Other versions of…
- risk 0.31cvss 4.8epss 0.00
Due to insufficient escaping of the newline character in the “Copy as cURL” feature, an attacker could trick a user into using this command, potentially leading to local code execution on the user's system. This vulnerability was fixed in Firefox 139, Firefox ESR 115.24,…
- risk 0.31cvss 4.8epss 0.00
A vulnerability was identified in Thunderbird where XPath parsing could trigger undefined behavior due to missing null checks during attribute access. This could lead to out-of-bounds read access and potentially, memory corruption. This vulnerability was fixed in Firefox 138,…
- risk 0.31cvss 4.7epss 0.00
A race condition could lead to a cross-origin container obtaining permissions of the top-level origin. This vulnerability affects Firefox < 128, Firefox ESR < 115.13, Thunderbird < 115.13, and Thunderbird < 128.
- risk 0.31cvss 4.7epss 0.01
By tricking the browser with a `X-Frame-Options` header, a sandboxed iframe could have presented a button that, if clicked by a user, would bypass restrictions to open a new window. This vulnerability affects Firefox < 127, Firefox ESR < 115.12, and Thunderbird < 115.12.
- risk 0.31cvss 4.7epss 0.00
Upon scanning a JavaScript URI with the QR code scanner, an attacker could have executed unauthorized scripts on the current top origin sites in the URL bar. This vulnerability affects Firefox for iOS < 123.
- risk 0.31cvss 4.7epss 0.00
During ECDSA signature generation, padding applied in the nonce designed to ensure constant-time scalar multiplication was removed, resulting in variable-time execution dependent on secret data. This vulnerability affects Firefox < 80 and Firefox for Android < 80.
- risk 0.31cvss 4.7epss 0.00
When converting coordinates from projective to affine, the modular inversion was not performed in constant time, resulting in a possible timing-based side channel attack. This vulnerability affects Firefox < 80 and Firefox for Android < 80.
- risk 0.31cvss 4.7epss 0.01
When following a link that opened an intent://-schemed URL, causing a custom tab to be opened, Firefox for Android could be tricked into displaying the incorrect URI. *Note: This issue only affects Firefox for Android. Other operating systems are unaffected.*. This…
- risk 0.31cvss 4.7epss 0.01
The HTTP Alternative Services header, Alt-Svc, can be used by a malicious site to scan all TCP ports of any host that the accessible to a user when web content is loaded. This vulnerability affects Firefox < 68.
- risk 0.31cvss 4.7epss 0.00
On Windows systems, the logger run by the Windows updater deletes the file "update.log" before it runs in order to write a new log of that name. The path to this file is supplied at the command line to the updater and could be used in concert with another local exploit to delete…
- risk 0.31cvss 4.7epss 0.00
The Updater in Mozilla Firefox before 48.0 on Windows allows local users to write to arbitrary files via vectors involving the callback application-path parameter and a hard link.
- risk 0.31cvss 4.7epss 0.02
Mozilla Firefox 43.x mishandles attempts to connect to the Application Reputation service, which makes it easier for remote attackers to trigger an unintended download by leveraging the absence of reputation data.
- risk 0.31cvss 4.7epss 0.01
Mozilla Firefox before 44.0 on Android allows remote attackers to spoof the address bar via the scrollTo method.
- risk 0.30cvss 4.6epss 0.00
The lockscreen feature in Mozilla Firefox OS before 2.5 does not properly restrict failed authentication attempts, which makes it easier for physically proximate attackers to obtain access by entering many passcode guesses.
- risk 0.29cvss 4.4epss 0.00
During RSA key generation, bignum implementations used a variation of the Binary Extended Euclidean Algorithm which entailed significantly input-dependent flow. This allowed an attacker able to perform electromagnetic-based side channel attacks to record traces leading to the…
- risk 0.29cvss 4.4epss 0.01
NSS has shown timing differences when performing DSA signatures, which was exploitable and could eventually leak private keys. This vulnerability affects Thunderbird < 68.9.0, Firefox < 77, and Firefox ESR < 68.9.
- risk 0.28cvss 4.3epss 0.00
Information disclosure in the Password Manager component. This vulnerability was fixed in Firefox 152 and Thunderbird 152.
- risk 0.28cvss 4.3epss 0.00
Information disclosure due to incorrect boundary conditions in the Graphics: WebGPU component. This vulnerability was fixed in Firefox 152 and Thunderbird 152.
- risk 0.28cvss 4.3epss 0.00
JIT miscompilation in the JavaScript Engine: JIT component. This vulnerability was fixed in Firefox 151.0.3.
Page 88 of 159