Firefox
Source repositories
CVEs (3,179)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2016-5279 | Med | 0.28 | 4.3 | 0.01 | Sep 22, 2016 | Mozilla Firefox before 49.0 allows user-assisted remote attackers to obtain sensitive full-pathname information during a local-file drag-and-drop operation via crafted JavaScript code. | ||
| CVE-2016-5268 | Med | 0.28 | 4.3 | 0.01 | Aug 5, 2016 | Mozilla Firefox before 48.0 does not properly set the LINKABLE and URI_SAFE_FOR_UNTRUSTED_CONTENT flags of about: URLs that are used for error pages, which makes it easier for remote attackers to conduct spoofing attacks via a crafted URL, as demonstrated by misleading text… | ||
| CVE-2016-5251 | Med | 0.28 | 4.3 | 0.01 | Aug 5, 2016 | Mozilla Firefox before 48.0 allows remote attackers to spoof the location bar via crafted characters in the media type of a data: URL. | ||
| CVE-2016-5250 | Med | 0.28 | 4.3 | 0.02 | Aug 5, 2016 | Mozilla Firefox before 48.0, Firefox ESR < 45.4 and Thunderbird < 45.4 allow remote attackers to obtain sensitive information about the previously retrieved page via Resource Timing API calls. | ||
| CVE-2016-2830 | Med | 0.28 | 4.3 | 0.01 | Aug 5, 2016 | Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 preserve the network connection used for favicon resource retrieval after the associated browser window is closed, which makes it easier for remote web servers to track users by observing network traffic from multiple… | ||
| CVE-2016-2832 | Med | 0.28 | 4.3 | 0.01 | Jun 13, 2016 | Mozilla Firefox before 47.0 allows remote attackers to discover the list of disabled plugins via a fingerprinting attack involving Cascading Style Sheets (CSS) pseudo-classes. | ||
| CVE-2016-2820 | Med | 0.28 | 4.3 | 0.01 | Apr 30, 2016 | The Firefox Health Reports (aka FHR or about:healthreport) feature in Mozilla Firefox before 46.0 does not properly restrict the origin of events, which makes it easier for remote attackers to modify sharing preferences by leveraging access to the remote-report IFRAME element. | ||
| CVE-2016-1965 | Med | 0.28 | 4.3 | 0.02 | Mar 13, 2016 | Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 mishandle a navigation sequence that returns to the original page, which allows remote attackers to spoof the address bar via vectors involving the history.back method and the location.protocol property. | ||
| CVE-2016-1958 | Med | 0.28 | 4.3 | 0.02 | Mar 13, 2016 | browser/base/content/browser.js in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allows remote attackers to spoof the address bar via a javascript: URL. | ||
| CVE-2016-1957 | Med | 0.28 | 4.3 | 0.02 | Mar 13, 2016 | Memory leak in libstagefright in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allows remote attackers to cause a denial of service (memory consumption) via an MPEG-4 file that triggers a delete operation on an array. | ||
| CVE-2016-1955 | Med | 0.28 | 4.3 | 0.02 | Mar 13, 2016 | Mozilla Firefox before 45.0 allows remote attackers to bypass the Same Origin Policy and obtain sensitive information by reading a Content Security Policy (CSP) violation report that contains path information associated with an IFRAME element. | ||
| CVE-2026-2802 | Med | 0.27 | 4.2 | 0.00 | Feb 24, 2026 | Race condition in the JavaScript: GC component. This vulnerability was fixed in Firefox 148 and Thunderbird 148. | ||
| CVE-2025-10859 | Med | 0.26 | 4.0 | 0.00 | Sep 30, 2025 | Cookie storage for non-HTML temporary documents was being shared incorrectly with normal browsing content, allowing information from private tabs to escape Incognito mode even after the user closed all tabs. This vulnerability was fixed in Firefox for iOS 143.1. | ||
| CVE-2025-0240 | Med | 0.26 | 4.0 | 0.01 | Jan 7, 2025 | Parsing a JavaScript module as JSON could, under some circumstances, cause cross-compartment access, which may result in a use-after-free. This vulnerability was fixed in Firefox 134, Firefox ESR 128.6, Thunderbird 134, and Thunderbird 128.6. | ||
| CVE-2025-0239 | Med | 0.26 | 4.0 | 0.00 | Jan 7, 2025 | When using Alt-Svc, ALPN did not properly validate certificates when the original server is redirecting to an insecure site. This vulnerability was fixed in Firefox 134, Firefox ESR 128.6, Thunderbird 134, and Thunderbird 128.6. | ||
| CVE-2024-3861 | Med | 0.26 | 4.0 | 0.00 | Apr 16, 2024 | If an AlignedBuffer were assigned to itself, the subsequent self-move could result in an incorrect reference count and later use-after-free. This vulnerability affects Firefox < 125, Firefox ESR < 115.10, and Thunderbird < 115.10. | ||
| CVE-2025-1939 | Low | 0.25 | 3.9 | 0.00 | Mar 4, 2025 | Android apps can load web pages using the Custom Tabs feature. This feature supports a transition animation that could have been used to trick a user into granting sensitive permissions by hiding what the user was actually clicking. This vulnerability was fixed in Firefox 136. | ||
| CVE-2024-3302 | Low | 0.24 | 3.7 | 0.01 | Apr 16, 2024 | There was no limit to the number of HTTP/2 CONTINUATION frames that would be processed. A server could abuse this to create an Out of Memory condition in the browser. This vulnerability affects Firefox < 125, Firefox ESR < 115.10, and Thunderbird < 115.10. | ||
| CVE-2024-2606 | Low | 0.24 | 3.7 | 0.00 | Mar 19, 2024 | Passing invalid data could have led to invalid wasm values being created, such as arbitrary integers turning into pointer values. This vulnerability affects Firefox < 124. | ||
| CVE-2019-11743 | Low | 0.24 | 3.7 | 0.02 | Sep 27, 2019 | Navigation events were not fully adhering to the W3C's "Navigation-Timing Level 2" draft specification in some instances for the unload event, which restricts access to detailed timing attributes to only be same-origin. This resulted in potential cross-origin information… |
- risk 0.28cvss 4.3epss 0.01
Mozilla Firefox before 49.0 allows user-assisted remote attackers to obtain sensitive full-pathname information during a local-file drag-and-drop operation via crafted JavaScript code.
- risk 0.28cvss 4.3epss 0.01
Mozilla Firefox before 48.0 does not properly set the LINKABLE and URI_SAFE_FOR_UNTRUSTED_CONTENT flags of about: URLs that are used for error pages, which makes it easier for remote attackers to conduct spoofing attacks via a crafted URL, as demonstrated by misleading text…
- risk 0.28cvss 4.3epss 0.01
Mozilla Firefox before 48.0 allows remote attackers to spoof the location bar via crafted characters in the media type of a data: URL.
- risk 0.28cvss 4.3epss 0.02
Mozilla Firefox before 48.0, Firefox ESR < 45.4 and Thunderbird < 45.4 allow remote attackers to obtain sensitive information about the previously retrieved page via Resource Timing API calls.
- risk 0.28cvss 4.3epss 0.01
Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 preserve the network connection used for favicon resource retrieval after the associated browser window is closed, which makes it easier for remote web servers to track users by observing network traffic from multiple…
- risk 0.28cvss 4.3epss 0.01
Mozilla Firefox before 47.0 allows remote attackers to discover the list of disabled plugins via a fingerprinting attack involving Cascading Style Sheets (CSS) pseudo-classes.
- risk 0.28cvss 4.3epss 0.01
The Firefox Health Reports (aka FHR or about:healthreport) feature in Mozilla Firefox before 46.0 does not properly restrict the origin of events, which makes it easier for remote attackers to modify sharing preferences by leveraging access to the remote-report IFRAME element.
- risk 0.28cvss 4.3epss 0.02
Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 mishandle a navigation sequence that returns to the original page, which allows remote attackers to spoof the address bar via vectors involving the history.back method and the location.protocol property.
- risk 0.28cvss 4.3epss 0.02
browser/base/content/browser.js in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allows remote attackers to spoof the address bar via a javascript: URL.
- risk 0.28cvss 4.3epss 0.02
Memory leak in libstagefright in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allows remote attackers to cause a denial of service (memory consumption) via an MPEG-4 file that triggers a delete operation on an array.
- risk 0.28cvss 4.3epss 0.02
Mozilla Firefox before 45.0 allows remote attackers to bypass the Same Origin Policy and obtain sensitive information by reading a Content Security Policy (CSP) violation report that contains path information associated with an IFRAME element.
- risk 0.27cvss 4.2epss 0.00
Race condition in the JavaScript: GC component. This vulnerability was fixed in Firefox 148 and Thunderbird 148.
- risk 0.26cvss 4.0epss 0.00
Cookie storage for non-HTML temporary documents was being shared incorrectly with normal browsing content, allowing information from private tabs to escape Incognito mode even after the user closed all tabs. This vulnerability was fixed in Firefox for iOS 143.1.
- risk 0.26cvss 4.0epss 0.01
Parsing a JavaScript module as JSON could, under some circumstances, cause cross-compartment access, which may result in a use-after-free. This vulnerability was fixed in Firefox 134, Firefox ESR 128.6, Thunderbird 134, and Thunderbird 128.6.
- risk 0.26cvss 4.0epss 0.00
When using Alt-Svc, ALPN did not properly validate certificates when the original server is redirecting to an insecure site. This vulnerability was fixed in Firefox 134, Firefox ESR 128.6, Thunderbird 134, and Thunderbird 128.6.
- risk 0.26cvss 4.0epss 0.00
If an AlignedBuffer were assigned to itself, the subsequent self-move could result in an incorrect reference count and later use-after-free. This vulnerability affects Firefox < 125, Firefox ESR < 115.10, and Thunderbird < 115.10.
- risk 0.25cvss 3.9epss 0.00
Android apps can load web pages using the Custom Tabs feature. This feature supports a transition animation that could have been used to trick a user into granting sensitive permissions by hiding what the user was actually clicking. This vulnerability was fixed in Firefox 136.
- risk 0.24cvss 3.7epss 0.01
There was no limit to the number of HTTP/2 CONTINUATION frames that would be processed. A server could abuse this to create an Out of Memory condition in the browser. This vulnerability affects Firefox < 125, Firefox ESR < 115.10, and Thunderbird < 115.10.
- risk 0.24cvss 3.7epss 0.00
Passing invalid data could have led to invalid wasm values being created, such as arbitrary integers turning into pointer values. This vulnerability affects Firefox < 124.
- risk 0.24cvss 3.7epss 0.02
Navigation events were not fully adhering to the W3C's "Navigation-Timing Level 2" draft specification in some instances for the unload event, which restricts access to detailed timing attributes to only be same-origin. This resulted in potential cross-origin information…
Page 94 of 159