Vendor CVEs
Mozilla Corporation
All CVEs
3,627 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-3032 | Hig | 0.48 | 7.4 | 0.00 | Apr 1, 2025 | Leaking of file descriptors from the fork server to web content processes could allow for privilege escalation attacks. This vulnerability was fixed in Firefox 137 and Thunderbird 137. | ||
| CVE-2018-5144 | Hig | 0.48 | 7.3 | 0.03 | Jun 11, 2018 | An integer overflow can occur during conversion of text to some Unicode character sets due to an unchecked length parameter. This vulnerability affects Firefox ESR < 52.7 and Thunderbird < 52.7. | ||
| CVE-2017-7835 | Hig | 0.48 | 7.3 | 0.02 | Jun 11, 2018 | Mixed content blocking of insecure (HTTP) sub-resources in a secure (HTTPS) document was not correctly applied for resources that redirect from HTTPS to HTTP, allowing content that should be blocked, such as scripts, to be loaded on a page. This vulnerability affects Firefox <… | ||
| CVE-2017-5386 | Hig | 0.48 | 7.3 | 0.02 | Jun 11, 2018 | WebExtension scripts can use the "data:" protocol to affect pages loaded by other web extensions using this protocol, leading to potential data disclosure or privilege escalation in affected extensions. This vulnerability affects Firefox ESR < 45.7 and Firefox < 51. | ||
| CVE-2016-5284 | Hig | 0.48 | 7.4 | 0.02 | Sep 22, 2016 | Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4, and Thunderbird < 45.4 rely on unintended expiration dates for Preloaded Public Key Pinning, which allows man-in-the-middle attackers to spoof add-on updates by leveraging possession of an X.509 server certificate for… | ||
| CVE-2016-1978 | Hig | 0.48 | 7.3 | 0.02 | Mar 13, 2016 | Use-after-free vulnerability in the ssl3_HandleECDHServerKeyExchange function in Mozilla Network Security Services (NSS) before 3.21, as used in Mozilla Firefox before 44.0, allows remote attackers to cause a denial of service or possibly have unspecified other impact by making… | ||
| CVE-2016-1963 | Hig | 0.48 | 7.4 | 0.00 | Mar 13, 2016 | The FileReader class in Mozilla Firefox before 45.0 allows local users to gain privileges or cause a denial of service (memory corruption) by changing a file during a FileReader API read operation. | ||
| CVE-2016-1942 | Hig | 0.48 | 7.4 | 0.02 | Jan 31, 2016 | Mozilla Firefox before 44.0 allows user-assisted remote attackers to spoof a trailing substring in the address bar by leveraging a user's paste of a (1) wyciwyg: URI or (2) resource: URI. | ||
| CVE-2013-2566 | Med | 0.48 | 5.9 | 0.84 | Mar 15, 2013 | The RC4 algorithm, as used in the TLS protocol and SSL protocol, has many single-byte biases, which makes it easier for remote attackers to conduct plaintext-recovery attacks via statistical analysis of ciphertext in a large number of sessions that use the same plaintext. | ||
| CVE-2012-5822 | Hig | 0.48 | 7.4 | 0.01 | Nov 4, 2012 | The contribution feature in Zamboni does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid… | ||
| CVE-2026-12327 | Hig | 0.47 | 7.3 | 0.00 | Jun 16, 2026 | Memory safety bugs present in Firefox ESR 140.11, Thunderbird ESR 140.11, Firefox 151 and Thunderbird 151. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This… | ||
| CVE-2026-12326 | Hig | 0.47 | 7.3 | 0.00 | Jun 16, 2026 | Memory safety bugs present in Firefox 151 and Thunderbird 151. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 152 and… | ||
| CVE-2026-12324 | Hig | 0.47 | 7.3 | 0.00 | Jun 16, 2026 | Incorrect boundary conditions in the Graphics: CanvasWebGL component. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Thunderbird 152, and Thunderbird 140.12. | ||
| CVE-2026-12318 | Hig | 0.47 | 7.3 | 0.00 | Jun 16, 2026 | Incorrect boundary conditions in the Libraries component in NSS. This vulnerability was fixed in Firefox 152 and Thunderbird 152. | ||
| CVE-2026-8947 | Hig | 0.47 | 7.3 | 0.00 | May 19, 2026 | Use-after-free in the DOM: Bindings (WebIDL) component. This vulnerability was fixed in Firefox 151, Firefox ESR 115.36, Firefox ESR 140.11, Thunderbird 151, and Thunderbird 140.11. | ||
| CVE-2026-8390 | Hig | 0.47 | 7.3 | 0.00 | May 12, 2026 | Use-after-free in the JavaScript: WebAssembly component. This vulnerability was fixed in Firefox 150.0.3. | ||
| CVE-2026-8090 | Hig | 0.47 | 7.3 | 0.00 | May 7, 2026 | Use-after-free in the DOM: Networking component. This vulnerability was fixed in Firefox 150.0.2, Firefox ESR 140.10.2, Firefox ESR 115.35.2, Thunderbird 150.0.2, and Thunderbird 140.10.2. | ||
| CVE-2026-7324 | Hig | 0.47 | 7.3 | 0.00 | Apr 28, 2026 | Memory safety bugs present in Thunderbird 150.0.0. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 150.0.1 and Thunderbird… | ||
| CVE-2026-7323 | Hig | 0.47 | 7.3 | 0.00 | Apr 28, 2026 | Memory safety bugs present in Thunderbird ESR 140.10.0 and Thunderbird 150.0.0. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox… | ||
| CVE-2026-7322 | Hig | 0.47 | 7.3 | 0.00 | Apr 28, 2026 | Memory safety bugs present in Thunderbird ESR 140.10.0 and Thunderbird 150.0.0. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox… | ||
| CVE-2026-6753 | Hig | 0.47 | 7.3 | 0.00 | Apr 21, 2026 | Incorrect boundary conditions in the WebRTC component. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10. | ||
| CVE-2026-6752 | Hig | 0.47 | 7.3 | 0.00 | Apr 21, 2026 | Incorrect boundary conditions in the WebRTC component. This vulnerability was fixed in Firefox 150, Firefox ESR 115.35, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10. | ||
| CVE-2026-6751 | Hig | 0.47 | 7.3 | 0.00 | Apr 21, 2026 | Uninitialized memory in the Audio/Video: Web Codecs component. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10. | ||
| CVE-2025-14332 | Hig | 0.47 | 7.3 | 0.00 | Dec 9, 2025 | Memory safety bugs present in Firefox 145 and Thunderbird 145. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 146 and… | ||
| CVE-2025-14325 | Hig | 0.47 | 7.3 | 0.00 | Dec 9, 2025 | JIT miscompilation in the JavaScript Engine: JIT component. This vulnerability was fixed in Firefox 146, Firefox ESR 140.6, Thunderbird 146, and Thunderbird 140.6. | ||
| CVE-2025-10528 | Hig | 0.47 | 7.3 | 0.00 | Sep 16, 2025 | Sandbox escape due to undefined behavior, invalid pointer in the Graphics: Canvas2D component. This vulnerability was fixed in Firefox 143, Firefox ESR 140.3, Thunderbird 143, and Thunderbird 140.3. | ||
| CVE-2025-5272 | Hig | 0.47 | 7.3 | 0.00 | May 27, 2025 | Memory safety bugs present in Firefox 138 and Thunderbird 138. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 139 and… | ||
| CVE-2025-3029 | Hig | 0.47 | 7.3 | 0.00 | Apr 1, 2025 | A crafted URL containing specific Unicode characters could have hidden the true origin of the page, resulting in a potential spoofing attack. This vulnerability was fixed in Firefox 137, Firefox ESR 128.9, Thunderbird 137, and Thunderbird 128.9. | ||
| CVE-2025-1936 | Hig | 0.47 | 7.3 | 0.00 | Mar 4, 2025 | jar: URLs retrieve local file content packaged in a ZIP archive. The null and everything after it was ignored when retrieving the content from the archive, but the fake extension after the null was used to determine the type of content. This could have been used to hide code in… | ||
| CVE-2026-27375 | Hig | 0.46 | 7.1 | 0.00 | Mar 5, 2026 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in JanStudio Gecko gecko allows Reflected XSS.This issue affects Gecko: from n/a through <= 1.9.8. | ||
| CVE-2025-10527 | Hig | 0.46 | 7.1 | 0.00 | Sep 16, 2025 | Sandbox escape due to use-after-free in the Graphics: Canvas2D component. This vulnerability was fixed in Firefox 143, Firefox ESR 140.3, Thunderbird 143, and Thunderbird 140.3. | ||
| CVE-2025-4085 | Hig | 0.46 | 7.1 | 0.00 | Apr 29, 2025 | An attacker with control over a content process could potentially leverage the privileged UITour actor to leak sensitive information or escalate privileges. This vulnerability was fixed in Firefox 138 and Thunderbird 138. | ||
| CVE-2025-26696 | Hig | 0.46 | 7.0 | 0.00 | Mar 10, 2025 | Certain crafted MIME email messages that claimed to contain an encrypted OpenPGP message, which instead contained an OpenPGP signed message, were wrongly shown as being encrypted. This vulnerability was fixed in Thunderbird 136 and Thunderbird 128.8. | ||
| CVE-2025-1940 | Hig | 0.46 | 7.1 | 0.00 | Mar 4, 2025 | A select option could partially obscure the confirmation prompt shown before launching external apps. This could be used to trick a user in to launching an external app unexpectedly. *This issue only affects Android versions of Firefox.*. This vulnerability was fixed in Firefox… | ||
| CVE-2016-9077 | Hig | 0.46 | 7.0 | 0.01 | Jun 11, 2018 | Canvas allows the use of the "feDisplacementMap" filter on images loaded cross-origin. The rendering by the filter is variable depending on the input pixel, allowing for timing attacks when the images are loaded from third party locations. This vulnerability affects Firefox < 50. | ||
| CVE-2016-5867 | Hig | 0.46 | 7.0 | 0.01 | Aug 16, 2017 | In a sound driver in Android for MSM, Firefox OS for MSM, QRD Android, some variables are from userspace and values can be chosen that could result in stack overflow. | ||
| CVE-2025-5687 | Hig | 0.44 | 7.8 | 0.00 | Jun 11, 2025 | A vulnerability in Mozilla VPN on macOS allows privilege escalation from a normal user to root. *This bug only affects Mozilla VPN on macOS. Other operating systems are unaffected.*. This vulnerability was fixed in Mozilla VPN 2.28.0 (macOS). | ||
| CVE-2017-16541 | Med | 0.43 | 6.5 | 0.04 | Nov 4, 2017 | Tor Browser before 7.0.9 on macOS and Linux allows remote attackers to bypass the intended anonymity feature and discover a client IP address via vectors involving a crafted web site that leverages file:// mishandling in Firefox, aka TorMoil. NOTE: Tails is unaffected. | ||
| CVE-2014-1523 | Med | 0.43 | 6.5 | 0.03 | Apr 30, 2014 | Heap-based buffer overflow in the read_u32 function in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted JPEG… | ||
| CVE-2026-53899 | Med | 0.42 | 6.5 | 0.00 | Jun 16, 2026 | Firefox for iOS used partial domain matching when attaching cookies to PDF requests, allowing a malicious site on a suffix domain to receive cookies belonging to the target site. This vulnerability was fixed in Firefox for iOS 152.0. | ||
| CVE-2026-12325 | Med | 0.42 | 6.5 | 0.00 | Jun 16, 2026 | Denial-of-service in the Graphics: ImageLib component. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Firefox ESR 115.37, Thunderbird 152, and Thunderbird 140.12. | ||
| CVE-2026-12319 | Med | 0.42 | 6.5 | 0.00 | Jun 16, 2026 | Denial-of-service in the Audio/Video: Playback component. This vulnerability was fixed in Firefox 152 and Thunderbird 152. | ||
| CVE-2026-12309 | Med | 0.42 | 6.5 | 0.00 | Jun 16, 2026 | Memory safety bug fixed in Thunderbird 152. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Thunderbird 152, and Thunderbird 140.12. | ||
| CVE-2026-12302 | Med | 0.42 | 6.5 | 0.00 | Jun 16, 2026 | Mitigation bypass in the DOM: Security component. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Firefox ESR 115.37, Thunderbird 152, and Thunderbird 140.12. | ||
| CVE-2026-8706 | Med | 0.42 | 6.5 | 0.00 | May 19, 2026 | Firefox for iOS hosted Reader mode on an unauthenticated local web server, allowing another application on the same device to request arbitrary URLs and receive the response rendered with the signed-in user's cookies. This vulnerability was fixed in Firefox for iOS 151.0. | ||
| CVE-2026-8971 | Med | 0.42 | 6.5 | 0.00 | May 19, 2026 | Same-origin policy bypass in the Networking: JAR component. This vulnerability was fixed in Firefox 151 and Thunderbird 151. | ||
| CVE-2026-8961 | Med | 0.42 | 6.5 | 0.00 | May 19, 2026 | Spoofing issue in the Form Autofill component. This vulnerability was fixed in Firefox 151, Firefox ESR 140.11, Thunderbird 151, and Thunderbird 140.11. | ||
| CVE-2026-8951 | Med | 0.42 | 6.5 | 0.00 | May 19, 2026 | Spoofing issue in the Toolbar component in Firefox for Android. This vulnerability was fixed in Firefox 151. | ||
| CVE-2026-8388 | Med | 0.42 | 6.5 | 0.00 | May 12, 2026 | Incorrect boundary conditions in the JavaScript Engine: JIT component. This vulnerability was fixed in Firefox 150.0.3, Firefox ESR 115.36, Firefox ESR 140.11, and Thunderbird 140.11. | ||
| CVE-2026-6770 | Med | 0.42 | 6.5 | 0.05 | Apr 21, 2026 | Other issue in the Storage: IndexedDB component. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10. |
- risk 0.48cvss 7.4epss 0.00
Leaking of file descriptors from the fork server to web content processes could allow for privilege escalation attacks. This vulnerability was fixed in Firefox 137 and Thunderbird 137.
- risk 0.48cvss 7.3epss 0.03
An integer overflow can occur during conversion of text to some Unicode character sets due to an unchecked length parameter. This vulnerability affects Firefox ESR < 52.7 and Thunderbird < 52.7.
- risk 0.48cvss 7.3epss 0.02
Mixed content blocking of insecure (HTTP) sub-resources in a secure (HTTPS) document was not correctly applied for resources that redirect from HTTPS to HTTP, allowing content that should be blocked, such as scripts, to be loaded on a page. This vulnerability affects Firefox <…
- risk 0.48cvss 7.3epss 0.02
WebExtension scripts can use the "data:" protocol to affect pages loaded by other web extensions using this protocol, leading to potential data disclosure or privilege escalation in affected extensions. This vulnerability affects Firefox ESR < 45.7 and Firefox < 51.
- risk 0.48cvss 7.4epss 0.02
Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4, and Thunderbird < 45.4 rely on unintended expiration dates for Preloaded Public Key Pinning, which allows man-in-the-middle attackers to spoof add-on updates by leveraging possession of an X.509 server certificate for…
- risk 0.48cvss 7.3epss 0.02
Use-after-free vulnerability in the ssl3_HandleECDHServerKeyExchange function in Mozilla Network Security Services (NSS) before 3.21, as used in Mozilla Firefox before 44.0, allows remote attackers to cause a denial of service or possibly have unspecified other impact by making…
- risk 0.48cvss 7.4epss 0.00
The FileReader class in Mozilla Firefox before 45.0 allows local users to gain privileges or cause a denial of service (memory corruption) by changing a file during a FileReader API read operation.
- risk 0.48cvss 7.4epss 0.02
Mozilla Firefox before 44.0 allows user-assisted remote attackers to spoof a trailing substring in the address bar by leveraging a user's paste of a (1) wyciwyg: URI or (2) resource: URI.
- risk 0.48cvss 5.9epss 0.84
The RC4 algorithm, as used in the TLS protocol and SSL protocol, has many single-byte biases, which makes it easier for remote attackers to conduct plaintext-recovery attacks via statistical analysis of ciphertext in a large number of sessions that use the same plaintext.
- risk 0.48cvss 7.4epss 0.01
The contribution feature in Zamboni does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid…
- risk 0.47cvss 7.3epss 0.00
Memory safety bugs present in Firefox ESR 140.11, Thunderbird ESR 140.11, Firefox 151 and Thunderbird 151. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This…
- risk 0.47cvss 7.3epss 0.00
Memory safety bugs present in Firefox 151 and Thunderbird 151. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 152 and…
- risk 0.47cvss 7.3epss 0.00
Incorrect boundary conditions in the Graphics: CanvasWebGL component. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Thunderbird 152, and Thunderbird 140.12.
- risk 0.47cvss 7.3epss 0.00
Incorrect boundary conditions in the Libraries component in NSS. This vulnerability was fixed in Firefox 152 and Thunderbird 152.
- risk 0.47cvss 7.3epss 0.00
Use-after-free in the DOM: Bindings (WebIDL) component. This vulnerability was fixed in Firefox 151, Firefox ESR 115.36, Firefox ESR 140.11, Thunderbird 151, and Thunderbird 140.11.
- risk 0.47cvss 7.3epss 0.00
Use-after-free in the JavaScript: WebAssembly component. This vulnerability was fixed in Firefox 150.0.3.
- risk 0.47cvss 7.3epss 0.00
Use-after-free in the DOM: Networking component. This vulnerability was fixed in Firefox 150.0.2, Firefox ESR 140.10.2, Firefox ESR 115.35.2, Thunderbird 150.0.2, and Thunderbird 140.10.2.
- risk 0.47cvss 7.3epss 0.00
Memory safety bugs present in Thunderbird 150.0.0. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 150.0.1 and Thunderbird…
- risk 0.47cvss 7.3epss 0.00
Memory safety bugs present in Thunderbird ESR 140.10.0 and Thunderbird 150.0.0. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox…
- risk 0.47cvss 7.3epss 0.00
Memory safety bugs present in Thunderbird ESR 140.10.0 and Thunderbird 150.0.0. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox…
- risk 0.47cvss 7.3epss 0.00
Incorrect boundary conditions in the WebRTC component. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10.
- risk 0.47cvss 7.3epss 0.00
Incorrect boundary conditions in the WebRTC component. This vulnerability was fixed in Firefox 150, Firefox ESR 115.35, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10.
- risk 0.47cvss 7.3epss 0.00
Uninitialized memory in the Audio/Video: Web Codecs component. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10.
- risk 0.47cvss 7.3epss 0.00
Memory safety bugs present in Firefox 145 and Thunderbird 145. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 146 and…
- risk 0.47cvss 7.3epss 0.00
JIT miscompilation in the JavaScript Engine: JIT component. This vulnerability was fixed in Firefox 146, Firefox ESR 140.6, Thunderbird 146, and Thunderbird 140.6.
- risk 0.47cvss 7.3epss 0.00
Sandbox escape due to undefined behavior, invalid pointer in the Graphics: Canvas2D component. This vulnerability was fixed in Firefox 143, Firefox ESR 140.3, Thunderbird 143, and Thunderbird 140.3.
- risk 0.47cvss 7.3epss 0.00
Memory safety bugs present in Firefox 138 and Thunderbird 138. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 139 and…
- risk 0.47cvss 7.3epss 0.00
A crafted URL containing specific Unicode characters could have hidden the true origin of the page, resulting in a potential spoofing attack. This vulnerability was fixed in Firefox 137, Firefox ESR 128.9, Thunderbird 137, and Thunderbird 128.9.
- risk 0.47cvss 7.3epss 0.00
jar: URLs retrieve local file content packaged in a ZIP archive. The null and everything after it was ignored when retrieving the content from the archive, but the fake extension after the null was used to determine the type of content. This could have been used to hide code in…
- risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in JanStudio Gecko gecko allows Reflected XSS.This issue affects Gecko: from n/a through <= 1.9.8.
- risk 0.46cvss 7.1epss 0.00
Sandbox escape due to use-after-free in the Graphics: Canvas2D component. This vulnerability was fixed in Firefox 143, Firefox ESR 140.3, Thunderbird 143, and Thunderbird 140.3.
- risk 0.46cvss 7.1epss 0.00
An attacker with control over a content process could potentially leverage the privileged UITour actor to leak sensitive information or escalate privileges. This vulnerability was fixed in Firefox 138 and Thunderbird 138.
- risk 0.46cvss 7.0epss 0.00
Certain crafted MIME email messages that claimed to contain an encrypted OpenPGP message, which instead contained an OpenPGP signed message, were wrongly shown as being encrypted. This vulnerability was fixed in Thunderbird 136 and Thunderbird 128.8.
- risk 0.46cvss 7.1epss 0.00
A select option could partially obscure the confirmation prompt shown before launching external apps. This could be used to trick a user in to launching an external app unexpectedly. *This issue only affects Android versions of Firefox.*. This vulnerability was fixed in Firefox…
- risk 0.46cvss 7.0epss 0.01
Canvas allows the use of the "feDisplacementMap" filter on images loaded cross-origin. The rendering by the filter is variable depending on the input pixel, allowing for timing attacks when the images are loaded from third party locations. This vulnerability affects Firefox < 50.
- risk 0.46cvss 7.0epss 0.01
In a sound driver in Android for MSM, Firefox OS for MSM, QRD Android, some variables are from userspace and values can be chosen that could result in stack overflow.
- risk 0.44cvss 7.8epss 0.00
A vulnerability in Mozilla VPN on macOS allows privilege escalation from a normal user to root. *This bug only affects Mozilla VPN on macOS. Other operating systems are unaffected.*. This vulnerability was fixed in Mozilla VPN 2.28.0 (macOS).
- risk 0.43cvss 6.5epss 0.04
Tor Browser before 7.0.9 on macOS and Linux allows remote attackers to bypass the intended anonymity feature and discover a client IP address via vectors involving a crafted web site that leverages file:// mishandling in Firefox, aka TorMoil. NOTE: Tails is unaffected.
- risk 0.43cvss 6.5epss 0.03
Heap-based buffer overflow in the read_u32 function in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted JPEG…
- risk 0.42cvss 6.5epss 0.00
Firefox for iOS used partial domain matching when attaching cookies to PDF requests, allowing a malicious site on a suffix domain to receive cookies belonging to the target site. This vulnerability was fixed in Firefox for iOS 152.0.
- risk 0.42cvss 6.5epss 0.00
Denial-of-service in the Graphics: ImageLib component. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Firefox ESR 115.37, Thunderbird 152, and Thunderbird 140.12.
- risk 0.42cvss 6.5epss 0.00
Denial-of-service in the Audio/Video: Playback component. This vulnerability was fixed in Firefox 152 and Thunderbird 152.
- risk 0.42cvss 6.5epss 0.00
Memory safety bug fixed in Thunderbird 152. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Thunderbird 152, and Thunderbird 140.12.
- risk 0.42cvss 6.5epss 0.00
Mitigation bypass in the DOM: Security component. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Firefox ESR 115.37, Thunderbird 152, and Thunderbird 140.12.
- risk 0.42cvss 6.5epss 0.00
Firefox for iOS hosted Reader mode on an unauthenticated local web server, allowing another application on the same device to request arbitrary URLs and receive the response rendered with the signed-in user's cookies. This vulnerability was fixed in Firefox for iOS 151.0.
- risk 0.42cvss 6.5epss 0.00
Same-origin policy bypass in the Networking: JAR component. This vulnerability was fixed in Firefox 151 and Thunderbird 151.
- risk 0.42cvss 6.5epss 0.00
Spoofing issue in the Form Autofill component. This vulnerability was fixed in Firefox 151, Firefox ESR 140.11, Thunderbird 151, and Thunderbird 140.11.
- risk 0.42cvss 6.5epss 0.00
Spoofing issue in the Toolbar component in Firefox for Android. This vulnerability was fixed in Firefox 151.
- risk 0.42cvss 6.5epss 0.00
Incorrect boundary conditions in the JavaScript Engine: JIT component. This vulnerability was fixed in Firefox 150.0.3, Firefox ESR 115.36, Firefox ESR 140.11, and Thunderbird 140.11.
- risk 0.42cvss 6.5epss 0.05
Other issue in the Storage: IndexedDB component. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10.
Page 14 of 73