Firefox
Products
1- 8 CVEs
Recent CVEs
8| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-6768 | Cri | 0.64 | 9.8 | 0.00 | Apr 21, 2026 | Mitigation bypass in the Networking: Cookies component. This vulnerability was fixed in Firefox 150 and Thunderbird 150. | ||
| CVE-2026-8093 | Hig | 0.53 | 8.1 | 0.00 | May 7, 2026 | Memory safety bugs present in Firefox 150.0.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 150.0.2 and Thunderbird 150.0.2. | ||
| CVE-2026-6758 | Hig | 0.49 | 7.5 | 0.00 | Apr 21, 2026 | Use-after-free in the JavaScript: WebAssembly component. This vulnerability was fixed in Firefox 150 and Thunderbird 150. | ||
| CVE-2026-6751 | Hig | 0.47 | 7.3 | 0.00 | Apr 21, 2026 | Uninitialized memory in the Audio/Video: Web Codecs component. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10. | ||
| CVE-2006-5633 | 0.04 | — | 0.07 | Oct 31, 2006 | Firefox 1.5.0.7 and 2.0, and Seamonkey 1.1b, allows remote attackers to cause a denial of service (crash) by creating a range object using createRange, calling selectNode on a DocType node (DOCUMENT_TYPE_NODE), then calling createContextualFragment on the range, which triggers a… | |||
| CVE-2008-5697 | 0.03 | — | 0.02 | Dec 22, 2008 | The skype_tool.copy_num method in the Skype extension BETA 2.2.0.95 for Firefox allows remote attackers to write arbitrary data to the clipboard via a string argument. | |||
| CVE-2006-1650 | 0.00 | — | 0.01 | Apr 6, 2006 | Firefox 1.5.0.1 allows remote attackers to spoof the address bar and possibly conduct phishing attacks by re-opening the window to a malicious Shockwave Flash application, then changing the window location back to a trusted URL while the Flash application is still loading. … | |||
| CVE-2005-2429 | 0.00 | — | 0.01 | Aug 3, 2005 | Firefox, when opening Microsoft Word documents, does not properly set the permissions on shared sections, which allows remote attackers to write arbitrary data to open applications in Microsoft Office. |
- risk 0.64cvss 9.8epss 0.00
Mitigation bypass in the Networking: Cookies component. This vulnerability was fixed in Firefox 150 and Thunderbird 150.
- risk 0.53cvss 8.1epss 0.00
Memory safety bugs present in Firefox 150.0.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 150.0.2 and Thunderbird 150.0.2.
- risk 0.49cvss 7.5epss 0.00
Use-after-free in the JavaScript: WebAssembly component. This vulnerability was fixed in Firefox 150 and Thunderbird 150.
- risk 0.47cvss 7.3epss 0.00
Uninitialized memory in the Audio/Video: Web Codecs component. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10.
- CVE-2006-5633Oct 31, 2006risk 0.04cvss —epss 0.07
Firefox 1.5.0.7 and 2.0, and Seamonkey 1.1b, allows remote attackers to cause a denial of service (crash) by creating a range object using createRange, calling selectNode on a DocType node (DOCUMENT_TYPE_NODE), then calling createContextualFragment on the range, which triggers a…
- CVE-2008-5697Dec 22, 2008risk 0.03cvss —epss 0.02
The skype_tool.copy_num method in the Skype extension BETA 2.2.0.95 for Firefox allows remote attackers to write arbitrary data to the clipboard via a string argument.
- CVE-2006-1650Apr 6, 2006risk 0.00cvss —epss 0.01
Firefox 1.5.0.1 allows remote attackers to spoof the address bar and possibly conduct phishing attacks by re-opening the window to a malicious Shockwave Flash application, then changing the window location back to a trusted URL while the Flash application is still loading. …
- CVE-2005-2429Aug 3, 2005risk 0.00cvss —epss 0.01
Firefox, when opening Microsoft Word documents, does not properly set the permissions on shared sections, which allows remote attackers to write arbitrary data to open applications in Microsoft Office.