VYPR

Vendor CVEs

Mozilla Corporation

All CVEs

3,627 total · sorted by risk
  • CVE-2016-9900HigJun 11, 2018
    risk 0.50cvss 7.5epss 0.10

    External resources that should be blocked when loaded by SVG images can bypass security restrictions through the use of "data:" URLs. This could allow for cross-domain data leakage. This vulnerability affects Firefox < 50.1, Firefox ESR < 45.6, and Thunderbird < 45.6.

  • CVE-2016-9066HigJun 11, 2018
    risk 0.50cvss 7.5epss 0.12

    A buffer overflow resulting in a potentially exploitable crash due to memory allocation issues when handling large amounts of incoming data. This vulnerability affects Thunderbird < 45.5, Firefox ESR < 45.5, and Firefox < 50.

  • CVE-2026-12317HigJun 16, 2026
    risk 0.49cvss 7.5epss 0.00

    Memory safety bug fixed in Thunderbird 152. This vulnerability was fixed in Firefox 152 and Thunderbird 152.

  • CVE-2026-12314HigJun 16, 2026
    risk 0.49cvss 7.5epss 0.00

    Memory safety bug fixed in Thunderbird 152. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Thunderbird 152, and Thunderbird 140.12.

  • CVE-2026-12312HigJun 16, 2026
    risk 0.49cvss 7.5epss 0.00

    Memory safety bug fixed in Thunderbird 152. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Thunderbird 152, and Thunderbird 140.12.

  • CVE-2026-12310HigJun 16, 2026
    risk 0.49cvss 7.5epss 0.00

    Memory safety bug fixed in Thunderbird 152. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Thunderbird 152, and Thunderbird 140.12.

  • CVE-2026-12305HigJun 16, 2026
    risk 0.49cvss 7.5epss 0.00

    Memory safety bug fixed in Thunderbird 152. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Thunderbird 152, and Thunderbird 140.12.

  • CVE-2026-11799HigJun 9, 2026
    risk 0.49cvss 7.5epss 0.00

    UXSS in Focus for iOS / Klar Webkit navigation. This vulnerability was fixed in Focus for iOS 151.3.1 and Klar for iOS 151.3.1.

  • CVE-2026-10701HigJun 2, 2026
    risk 0.49cvss 7.5epss 0.00

    Incorrect boundary conditions in the Graphics: Text component. This vulnerability was fixed in Firefox 151.0.3.

  • CVE-2026-8968HigMay 19, 2026
    risk 0.49cvss 7.5epss 0.00

    Denial-of-service due to invalid pointer in the Audio/Video: Web Codecs component. This vulnerability was fixed in Firefox 151, Firefox ESR 140.11, Thunderbird 151, and Thunderbird 140.11.

  • CVE-2026-8967HigMay 19, 2026
    risk 0.49cvss 7.5epss 0.00

    Information disclosure in the Graphics: WebGPU component. This vulnerability was fixed in Firefox 151 and Thunderbird 151.

  • CVE-2026-8966HigMay 19, 2026
    risk 0.49cvss 7.5epss 0.00

    Information disclosure in the IP Protection component. This vulnerability was fixed in Firefox 151 and Thunderbird 151.

  • CVE-2026-8965HigMay 19, 2026
    risk 0.49cvss 7.5epss 0.00

    Information disclosure in the DOM: Security component. This vulnerability was fixed in Firefox 151 and Thunderbird 151.

  • CVE-2026-8964HigMay 19, 2026
    risk 0.49cvss 7.5epss 0.00

    Spoofing issue in the Popup Blocker component. This vulnerability was fixed in Firefox 151 and Thunderbird 151.

  • CVE-2026-8963HigMay 19, 2026
    risk 0.49cvss 7.5epss 0.00

    Spoofing issue in the Web Speech component. This vulnerability was fixed in Firefox 151 and Thunderbird 151.

  • CVE-2026-8960HigMay 19, 2026
    risk 0.49cvss 7.5epss 0.00

    Spoofing issue in WebExtensions. This vulnerability was fixed in Firefox 151 and Thunderbird 151.

  • CVE-2026-8954HigMay 19, 2026
    risk 0.49cvss 7.5epss 0.00

    Incorrect boundary conditions, integer overflow in the Audio/Video component. This vulnerability was fixed in Firefox 151, Firefox ESR 140.11, Thunderbird 151, and Thunderbird 140.11.

  • CVE-2026-8949HigMay 19, 2026
    risk 0.49cvss 7.5epss 0.01

    Integer overflow in the Widget: Win32 component. This vulnerability was fixed in Firefox 151, Firefox ESR 140.11, Thunderbird 151, and Thunderbird 140.11.

  • CVE-2026-8946HigMay 19, 2026
    risk 0.49cvss 7.5epss 0.01

    Incorrect boundary conditions in the Audio/Video: Web Codecs component. This vulnerability was fixed in Firefox 151, Firefox ESR 115.36, Firefox ESR 140.11, Thunderbird 151, and Thunderbird 140.11.

  • CVE-2026-8945HigMay 19, 2026
    risk 0.49cvss 7.5epss 0.00

    Sandbox escape in Firefox and Firefox Focus for Android. This vulnerability was fixed in Firefox 151.

  • CVE-2026-7320HigApr 28, 2026
    risk 0.49cvss 7.5epss 0.00

    Information disclosure due to incorrect boundary conditions in the Audio/Video component. This vulnerability was fixed in Firefox 150.0.1, Firefox ESR 140.10.1, Firefox ESR 115.35.1, Thunderbird 150.0.1, and Thunderbird 140.10.1.

  • CVE-2026-6786HigApr 26, 2026
    risk 0.49cvss 7.5epss 0.01

    Memory safety bugs present in Firefox ESR 140.9, Thunderbird ESR 140.9, Firefox 149 and Thunderbird 149. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This…

  • CVE-2026-6785HigApr 26, 2026
    risk 0.49cvss 7.5epss 0.01

    Memory safety bugs present in Firefox ESR 115.34, Firefox ESR 140.9, Thunderbird ESR 140.9, Firefox 149 and Thunderbird 149. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary…

  • CVE-2026-6784HigApr 21, 2026
    risk 0.49cvss 7.5epss 0.00

    Memory safety bugs present in Firefox 149 and Thunderbird 149. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 150 and…

  • CVE-2026-6782HigApr 21, 2026
    risk 0.49cvss 7.5epss 0.00

    Information disclosure in the IP Protection component. This vulnerability was fixed in Firefox 150 and Thunderbird 150.

  • CVE-2026-6781HigApr 21, 2026
    risk 0.49cvss 7.5epss 0.00

    Denial-of-service in the Audio/Video: Playback component. This vulnerability was fixed in Firefox 150 and Thunderbird 150.

  • CVE-2026-6780HigApr 21, 2026
    risk 0.49cvss 7.5epss 0.00

    Denial-of-service in the Audio/Video: Playback component. This vulnerability was fixed in Firefox 150 and Thunderbird 150.

  • CVE-2026-6773HigApr 21, 2026
    risk 0.49cvss 7.5epss 0.00

    Denial-of-service due to integer overflow in the Graphics: WebGPU component. This vulnerability was fixed in Firefox 150 and Thunderbird 150.

  • CVE-2026-6772HigApr 21, 2026
    risk 0.49cvss 7.5epss 0.00

    Incorrect boundary conditions in the Libraries component in NSS. This vulnerability was fixed in Firefox 150, Firefox ESR 115.35, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10.

  • CVE-2026-6766HigApr 21, 2026
    risk 0.49cvss 7.5epss 0.00

    Incorrect boundary conditions in the Libraries component in NSS. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10.

  • CVE-2026-6759HigApr 21, 2026
    risk 0.49cvss 7.5epss 0.00

    Use-after-free in the Widget: Cocoa component. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10.

  • CVE-2026-6758HigApr 21, 2026
    risk 0.49cvss 7.5epss 0.00

    Use-after-free in the JavaScript: WebAssembly component. This vulnerability was fixed in Firefox 150 and Thunderbird 150.

  • CVE-2026-6756HigApr 21, 2026
    risk 0.49cvss 7.5epss 0.00

    Mitigation bypass in Firefox for Android. This vulnerability was fixed in Firefox 150.

  • CVE-2026-6754HigApr 21, 2026
    risk 0.49cvss 7.5epss 0.00

    Use-after-free in the JavaScript Engine component. This vulnerability was fixed in Firefox 150, Firefox ESR 115.35, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10.

  • CVE-2026-6749HigApr 21, 2026
    risk 0.49cvss 7.5epss 0.00

    Information disclosure due to uninitialized memory in the Graphics: Canvas2D component. This vulnerability was fixed in Firefox 150, Firefox ESR 115.35, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10.

  • CVE-2026-6747HigApr 21, 2026
    risk 0.49cvss 7.5epss 0.00

    Use-after-free in the WebRTC component. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10.

  • CVE-2026-6746HigApr 21, 2026
    risk 0.49cvss 7.5epss 0.01

    Use-after-free in the DOM: Core & HTML component. This vulnerability was fixed in Firefox 150, Firefox ESR 115.35, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10.

  • CVE-2026-4727HigMar 24, 2026
    risk 0.49cvss 7.5epss 0.01

    Denial-of-service in the Libraries component in NSS. This vulnerability was fixed in Firefox 149 and Thunderbird 149.

  • CVE-2026-4726HigMar 24, 2026
    risk 0.49cvss 7.5epss 0.01

    Denial-of-service in the XML component. This vulnerability was fixed in Firefox 149 and Thunderbird 149.

  • CVE-2026-4719HigMar 24, 2026
    risk 0.49cvss 7.5epss 0.00

    Incorrect boundary conditions in the Graphics: Text component. This vulnerability was fixed in Firefox 149, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9.

  • CVE-2026-4714HigMar 24, 2026
    risk 0.49cvss 7.5epss 0.00

    Incorrect boundary conditions in the Audio/Video component. This vulnerability was fixed in Firefox 149, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9.

  • CVE-2026-4713HigMar 24, 2026
    risk 0.49cvss 7.5epss 0.00

    Incorrect boundary conditions in the Graphics component. This vulnerability was fixed in Firefox 149, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9.

  • CVE-2026-4712HigMar 24, 2026
    risk 0.49cvss 7.5epss 0.00

    Information disclosure in the Widget: Cocoa component. This vulnerability was fixed in Firefox 149, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9.

  • CVE-2026-4709HigMar 24, 2026
    risk 0.49cvss 7.5epss 0.00

    Incorrect boundary conditions in the Audio/Video: GMP component. This vulnerability was fixed in Firefox 149, Firefox ESR 115.34, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9.

  • CVE-2026-4708HigMar 24, 2026
    risk 0.49cvss 7.5epss 0.00

    Incorrect boundary conditions in the Graphics component. This vulnerability was fixed in Firefox 149, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9.

  • CVE-2026-4707HigMar 24, 2026
    risk 0.49cvss 7.5epss 0.01

    Incorrect boundary conditions in the Graphics: Canvas2D component. This vulnerability was fixed in Firefox 149, Firefox ESR 115.34, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9.

  • CVE-2026-4706HigMar 24, 2026
    risk 0.49cvss 7.5epss 0.00

    Incorrect boundary conditions in the Graphics: Canvas2D component. This vulnerability was fixed in Firefox 149, Firefox ESR 115.34, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9.

  • CVE-2026-4704HigMar 24, 2026
    risk 0.49cvss 7.5epss 0.00

    Denial-of-service in the WebRTC: Signaling component. This vulnerability was fixed in Firefox 149, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9.

  • CVE-2026-4699HigMar 24, 2026
    risk 0.49cvss 7.5epss 0.01

    Incorrect boundary conditions in the Layout: Text and Fonts component. This vulnerability was fixed in Firefox 149, Firefox ESR 115.34, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9.

  • CVE-2026-4697HigMar 24, 2026
    risk 0.49cvss 7.5epss 0.01

    Incorrect boundary conditions in the Audio/Video: Web Codecs component. This vulnerability was fixed in Firefox 149, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9.

Page 11 of 73