Vendor CVEs
Mozilla Corporation
All CVEs
3,628 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2017-5417 | Med | 0.35 | 5.3 | 0.01 | Jun 11, 2018 | When dragging content from the primary browser pane to the addressbar on a malicious site, it is possible to change the addressbar so that the displayed location following navigation does not match the URL of the newly loaded page. This allows for spoofing attacks. This… | ||
| CVE-2017-5408 | Med | 0.35 | 5.3 | 0.03 | Jun 11, 2018 | Video files loaded video captions cross-origin without checking for the presence of CORS headers permitting such cross-origin use, leading to potential information disclosure for video captions. This vulnerability affects Firefox < 52, Firefox ESR < 45.8, Thunderbird < 52, and… | ||
| CVE-2017-5405 | Med | 0.35 | 5.3 | 0.03 | Jun 11, 2018 | Certain response codes in FTP connections can result in the use of uninitialized values for ports in FTP operations. This vulnerability affects Firefox < 52, Firefox ESR < 45.8, Thunderbird < 52, and Thunderbird < 45.8. | ||
| CVE-2017-5383 | Med | 0.35 | 5.3 | 0.02 | Jun 11, 2018 | URLs containing certain unicode glyphs for alternative hyphens and quotes do not properly trigger punycode display, allowing for domain name spoofing attacks in the location bar. This vulnerability affects Thunderbird < 45.7, Firefox ESR < 45.7, and Firefox < 51. | ||
| CVE-2016-9071 | Med | 0.35 | 5.3 | 0.02 | Jun 11, 2018 | Content Security Policy combined with HTTP to HTTPS redirection can be used by malicious server to verify whether a known site is within a user's browser history. This vulnerability affects Firefox < 50. | ||
| CVE-2016-5267 | Med | 0.35 | 5.3 | 0.01 | Aug 5, 2016 | Mozilla Firefox before 48.0 on Android allows remote attackers to spoof the address bar via left-to-right characters in conjunction with a right-to-left character set. | ||
| CVE-2016-2817 | Med | 0.35 | 5.4 | 0.01 | Apr 30, 2016 | The WebExtension sandbox feature in browser/components/extensions/ext-tabs.js in Mozilla Firefox before 46.0 does not properly restrict principal inheritance during chrome.tabs.create and chrome.tabs.update API calls, which allows remote attackers to conduct Universal XSS (UXSS)… | ||
| CVE-2016-1940 | Med | 0.35 | 5.3 | 0.01 | Jan 31, 2016 | Mozilla Firefox before 44.0 on Android allows remote attackers to spoof the address bar via a data: URL that is mishandled during (1) shortcut opening or (2) BOOKMARK intent processing. | ||
| CVE-2016-1939 | Med | 0.35 | 5.3 | 0.02 | Jan 31, 2016 | Mozilla Firefox before 44.0 stores cookies with names containing vertical tab characters, which allows remote attackers to obtain sensitive information by reading HTTP Cookie headers. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-7208. | ||
| CVE-2015-4000 | Low | 0.35 | 3.7 | 1.00 | May 21, 2015 | The TLS protocol 1.2 and earlier, when a DHE_EXPORT ciphersuite is enabled on a server but not on a client, does not properly convey a DHE_EXPORT choice, which allows man-in-the-middle attackers to conduct cipher-downgrade attacks by rewriting a ClientHello with DHE replaced by… | ||
| CVE-2026-12329 | Med | 0.34 | 5.3 | 0.00 | Jun 16, 2026 | Memory safety bug fixed in Thunderbird ESR 140.12. This vulnerability was fixed in Firefox ESR 140.12 and Thunderbird 140.12. | ||
| CVE-2026-12308 | Med | 0.34 | 5.3 | 0.00 | Jun 16, 2026 | Memory safety bug fixed in Thunderbird 152. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Thunderbird 152, and Thunderbird 140.12. | ||
| CVE-2026-12307 | Med | 0.34 | 5.3 | 0.00 | Jun 16, 2026 | Memory safety bug fixed in Thunderbird 152. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Thunderbird 152, and Thunderbird 140.12. | ||
| CVE-2026-12306 | Med | 0.34 | 5.3 | 0.00 | Jun 16, 2026 | Memory safety bug fixed in Thunderbird 152. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Thunderbird 152, and Thunderbird 140.12. | ||
| CVE-2026-12301 | Med | 0.34 | 5.3 | 0.00 | Jun 16, 2026 | Memory safety bug fixed in Thunderbird 152. This vulnerability was fixed in Firefox 152 and Thunderbird 152. | ||
| CVE-2026-12300 | Med | 0.34 | 5.3 | 0.00 | Jun 16, 2026 | Memory safety bug fixed in Thunderbird 152. This vulnerability was fixed in Firefox 152 and Thunderbird 152. | ||
| CVE-2026-8391 | Med | 0.34 | 5.3 | 0.00 | May 12, 2026 | Other issue in the JavaScript Engine component. This vulnerability was fixed in Firefox 150.0.3, Firefox ESR 115.36, Firefox ESR 140.11, and Thunderbird 140.11. | ||
| CVE-2026-6783 | Med | 0.34 | 5.3 | 0.00 | Apr 21, 2026 | Incorrect boundary conditions, integer overflow in the Audio/Video: Playback component. This vulnerability was fixed in Firefox 150 and Thunderbird 150. | ||
| CVE-2026-6779 | Med | 0.34 | 5.3 | 0.00 | Apr 21, 2026 | Other issue in the JavaScript Engine component. This vulnerability was fixed in Firefox 150 and Thunderbird 150. | ||
| CVE-2026-6778 | Med | 0.34 | 5.3 | 0.00 | Apr 21, 2026 | Invalid pointer in the Audio/Video: Playback component. This vulnerability was fixed in Firefox 150 and Thunderbird 150. | ||
| CVE-2026-6777 | Med | 0.34 | 5.3 | 0.00 | Apr 21, 2026 | Other issue in the Networking: DNS component. This vulnerability was fixed in Firefox 150 and Thunderbird 150. | ||
| CVE-2026-6775 | Med | 0.34 | 5.3 | 0.00 | Apr 21, 2026 | Incorrect boundary conditions in the WebRTC component. This vulnerability was fixed in Firefox 150 and Thunderbird 150. | ||
| CVE-2026-6767 | Med | 0.34 | 5.3 | 0.00 | Apr 21, 2026 | Other issue in the Libraries component in NSS. This vulnerability was fixed in Firefox 150, Firefox ESR 115.35, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10. | ||
| CVE-2026-6765 | Med | 0.34 | 5.3 | 0.00 | Apr 21, 2026 | Information disclosure in the Form Autofill component. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10. | ||
| CVE-2026-0888 | Med | 0.34 | 5.3 | 0.00 | Jan 13, 2026 | Information disclosure in the XML component. This vulnerability was fixed in Firefox 147 and Thunderbird 147. | ||
| CVE-2026-0886 | Med | 0.34 | 5.3 | 0.00 | Jan 13, 2026 | Incorrect boundary conditions in the Graphics component. This vulnerability was fixed in Firefox 147, Firefox ESR 115.32, Firefox ESR 140.7, Thunderbird 147, and Thunderbird 140.7. | ||
| CVE-2026-0883 | Med | 0.34 | 5.3 | 0.00 | Jan 13, 2026 | Information disclosure in the Networking component. This vulnerability was fixed in Firefox 147, Firefox ESR 140.7, Thunderbird 147, and Thunderbird 140.7. | ||
| CVE-2025-8041 | Med | 0.34 | 5.3 | 0.00 | Aug 19, 2025 | In the address bar, Firefox for Android truncated the display of URLs from the end instead of prioritizing the origin. This vulnerability was fixed in Firefox 141. | ||
| CVE-2025-4090 | Med | 0.34 | 5.3 | 0.00 | Apr 29, 2025 | A vulnerability existed in Thunderbird for Android where potentially sensitive library locations were logged via Logcat. This vulnerability was fixed in Firefox 138 and Thunderbird 138. | ||
| CVE-2025-3035 | Med | 0.34 | 5.3 | 0.00 | Apr 1, 2025 | By first using the AI chatbot in one tab and later activating it in another tab, the document title of the previous tab would leak into the chat prompt. This vulnerability was fixed in Firefox 137. | ||
| CVE-2025-26695 | Med | 0.34 | 5.3 | 0.00 | Mar 10, 2025 | When requesting an OpenPGP key from a WKD server, an incorrect padding size was used and a network observer could have learned the length of the requested email address. This vulnerability was fixed in Thunderbird 136 and Thunderbird 128.8. | ||
| CVE-2025-1018 | Med | 0.34 | 5.3 | 0.00 | Feb 4, 2025 | The fullscreen notification is prematurely hidden when fullscreen is re-requested quickly by the user. This could have been leveraged to perform a potential spoofing attack. This vulnerability was fixed in Firefox 135 and Thunderbird 135. | ||
| CVE-2025-0238 | Med | 0.34 | 5.3 | 0.01 | Jan 7, 2025 | Assuming a controlled failed memory allocation, an attacker could have caused a use-after-free, leading to a potentially exploitable crash. This vulnerability was fixed in Firefox 134, Firefox ESR 128.6, Firefox ESR 115.19, Thunderbird 134, and Thunderbird 128.6. | ||
| CVE-2018-5109 | Med | 0.34 | 5.3 | 0.01 | Jun 11, 2018 | An audio capture session can started under an incorrect origin from the site making the capture request. Users are still prompted to allow the request but the prompt can display the wrong origin, leading to user confusion about which site is making the request to capture an… | ||
| CVE-2017-15837 | Med | 0.34 | 5.3 | 0.00 | Apr 3, 2018 | In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel before security patch level 2018-04-05, a policy for the packet pattern attribute NL80211_PKTPAT_OFFSET is not defined which can lead to a buffer over-read… | ||
| CVE-2016-1948 | Med | 0.34 | 5.3 | 0.00 | Jan 31, 2016 | Mozilla Firefox before 44.0 on Android does not ensure that HTTPS is used for a lightweight-theme installation, which allows man-in-the-middle attackers to replace a theme's images and colors by modifying the client-server data stream. | ||
| CVE-2026-6654 | Med | 0.33 | 5.1 | 0.00 | Apr 20, 2026 | Double-Free / Use-After-Free (UAF) in the `IntoIter::drop` and `ThinVec::clear` functions in the thin_vec crate. A panic in `ptr::drop_in_place` skips setting the length to zero. | ||
| CVE-2025-4089 | Med | 0.33 | 5.1 | 0.00 | Apr 29, 2025 | Due to insufficient escaping of special characters in the "copy as cURL" feature, an attacker could trick a user into using this command, potentially leading to local code execution on the user's system. This vulnerability was fixed in Firefox 138 and Thunderbird 138. | ||
| CVE-2025-0243 | Med | 0.33 | 5.1 | 0.00 | Jan 7, 2025 | Memory safety bugs present in Firefox 133, Thunderbird 133, Firefox ESR 128.5, and Thunderbird 128.5. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability… | ||
| CVE-2016-2810 | Med | 0.33 | 5.0 | 0.01 | Apr 30, 2016 | Mozilla Firefox before 46.0 on Android before 5.0 allows attackers to bypass intended Signature access requirements via a crafted application that leverages content-provider permissions, as demonstrated by reading the browser history or a saved password. | ||
| CVE-2026-12313 | Med | 0.31 | 4.7 | 0.00 | Jun 16, 2026 | Information disclosure, sandbox escape in the Security: Process Sandboxing component. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Thunderbird 152, and Thunderbird 140.12. | ||
| CVE-2026-12311 | Med | 0.31 | 4.7 | 0.00 | Jun 16, 2026 | Information disclosure, sandbox escape in the Security: Process Sandboxing component. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Thunderbird 152, and Thunderbird 140.12. | ||
| CVE-2025-5265 | Med | 0.31 | 4.8 | 0.00 | May 27, 2025 | Due to insufficient escaping of the ampersand character in the “Copy as cURL” feature, an attacker could trick a user into using this command, potentially leading to local code execution on the user's system. *This bug only affects Firefox for Windows. Other versions of… | ||
| CVE-2025-5264 | Med | 0.31 | 4.8 | 0.00 | May 27, 2025 | Due to insufficient escaping of the newline character in the “Copy as cURL” feature, an attacker could trick a user into using this command, potentially leading to local code execution on the user's system. This vulnerability was fixed in Firefox 139, Firefox ESR 115.24,… | ||
| CVE-2025-4087 | Med | 0.31 | 4.8 | 0.00 | Apr 29, 2025 | A vulnerability was identified in Thunderbird where XPath parsing could trigger undefined behavior due to missing null checks during attribute access. This could lead to out-of-bounds read access and potentially, memory corruption. This vulnerability was fixed in Firefox 138,… | ||
| CVE-2017-7796 | Med | 0.31 | 4.7 | 0.00 | Jun 11, 2018 | On Windows systems, the logger run by the Windows updater deletes the file "update.log" before it runs in order to write a new log of that name. The path to this file is supplied at the command line to the updater and could be used in concert with another local exploit to delete… | ||
| CVE-2016-5253 | Med | 0.31 | 4.7 | 0.00 | Aug 5, 2016 | The Updater in Mozilla Firefox before 48.0 on Windows allows local users to write to arbitrary files via vectors involving the callback application-path parameter and a hard link. | ||
| CVE-2016-1947 | Med | 0.31 | 4.7 | 0.02 | Jan 31, 2016 | Mozilla Firefox 43.x mishandles attempts to connect to the Application Reputation service, which makes it easier for remote attackers to trigger an unintended download by leveraging the absence of reputation data. | ||
| CVE-2016-1943 | Med | 0.31 | 4.7 | 0.01 | Jan 31, 2016 | Mozilla Firefox before 44.0 on Android allows remote attackers to spoof the address bar via the scrollTo method. | ||
| CVE-2015-8508 | Med | 0.31 | 4.7 | 0.01 | Jan 3, 2016 | Cross-site scripting (XSS) vulnerability in showdependencygraph.cgi in Bugzilla 2.x, 3.x, and 4.x before 4.2.16, 4.3.x and 4.4.x before 4.4.11, and 4.5.x and 5.0.x before 5.0.2, when a local dot configuration is used, allows remote attackers to inject arbitrary web script or… |
- risk 0.35cvss 5.3epss 0.01
When dragging content from the primary browser pane to the addressbar on a malicious site, it is possible to change the addressbar so that the displayed location following navigation does not match the URL of the newly loaded page. This allows for spoofing attacks. This…
- risk 0.35cvss 5.3epss 0.03
Video files loaded video captions cross-origin without checking for the presence of CORS headers permitting such cross-origin use, leading to potential information disclosure for video captions. This vulnerability affects Firefox < 52, Firefox ESR < 45.8, Thunderbird < 52, and…
- risk 0.35cvss 5.3epss 0.03
Certain response codes in FTP connections can result in the use of uninitialized values for ports in FTP operations. This vulnerability affects Firefox < 52, Firefox ESR < 45.8, Thunderbird < 52, and Thunderbird < 45.8.
- risk 0.35cvss 5.3epss 0.02
URLs containing certain unicode glyphs for alternative hyphens and quotes do not properly trigger punycode display, allowing for domain name spoofing attacks in the location bar. This vulnerability affects Thunderbird < 45.7, Firefox ESR < 45.7, and Firefox < 51.
- risk 0.35cvss 5.3epss 0.02
Content Security Policy combined with HTTP to HTTPS redirection can be used by malicious server to verify whether a known site is within a user's browser history. This vulnerability affects Firefox < 50.
- risk 0.35cvss 5.3epss 0.01
Mozilla Firefox before 48.0 on Android allows remote attackers to spoof the address bar via left-to-right characters in conjunction with a right-to-left character set.
- risk 0.35cvss 5.4epss 0.01
The WebExtension sandbox feature in browser/components/extensions/ext-tabs.js in Mozilla Firefox before 46.0 does not properly restrict principal inheritance during chrome.tabs.create and chrome.tabs.update API calls, which allows remote attackers to conduct Universal XSS (UXSS)…
- risk 0.35cvss 5.3epss 0.01
Mozilla Firefox before 44.0 on Android allows remote attackers to spoof the address bar via a data: URL that is mishandled during (1) shortcut opening or (2) BOOKMARK intent processing.
- risk 0.35cvss 5.3epss 0.02
Mozilla Firefox before 44.0 stores cookies with names containing vertical tab characters, which allows remote attackers to obtain sensitive information by reading HTTP Cookie headers. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-7208.
- risk 0.35cvss 3.7epss 1.00
The TLS protocol 1.2 and earlier, when a DHE_EXPORT ciphersuite is enabled on a server but not on a client, does not properly convey a DHE_EXPORT choice, which allows man-in-the-middle attackers to conduct cipher-downgrade attacks by rewriting a ClientHello with DHE replaced by…
- risk 0.34cvss 5.3epss 0.00
Memory safety bug fixed in Thunderbird ESR 140.12. This vulnerability was fixed in Firefox ESR 140.12 and Thunderbird 140.12.
- risk 0.34cvss 5.3epss 0.00
Memory safety bug fixed in Thunderbird 152. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Thunderbird 152, and Thunderbird 140.12.
- risk 0.34cvss 5.3epss 0.00
Memory safety bug fixed in Thunderbird 152. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Thunderbird 152, and Thunderbird 140.12.
- risk 0.34cvss 5.3epss 0.00
Memory safety bug fixed in Thunderbird 152. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Thunderbird 152, and Thunderbird 140.12.
- risk 0.34cvss 5.3epss 0.00
Memory safety bug fixed in Thunderbird 152. This vulnerability was fixed in Firefox 152 and Thunderbird 152.
- risk 0.34cvss 5.3epss 0.00
Memory safety bug fixed in Thunderbird 152. This vulnerability was fixed in Firefox 152 and Thunderbird 152.
- risk 0.34cvss 5.3epss 0.00
Other issue in the JavaScript Engine component. This vulnerability was fixed in Firefox 150.0.3, Firefox ESR 115.36, Firefox ESR 140.11, and Thunderbird 140.11.
- risk 0.34cvss 5.3epss 0.00
Incorrect boundary conditions, integer overflow in the Audio/Video: Playback component. This vulnerability was fixed in Firefox 150 and Thunderbird 150.
- risk 0.34cvss 5.3epss 0.00
Other issue in the JavaScript Engine component. This vulnerability was fixed in Firefox 150 and Thunderbird 150.
- risk 0.34cvss 5.3epss 0.00
Invalid pointer in the Audio/Video: Playback component. This vulnerability was fixed in Firefox 150 and Thunderbird 150.
- risk 0.34cvss 5.3epss 0.00
Other issue in the Networking: DNS component. This vulnerability was fixed in Firefox 150 and Thunderbird 150.
- risk 0.34cvss 5.3epss 0.00
Incorrect boundary conditions in the WebRTC component. This vulnerability was fixed in Firefox 150 and Thunderbird 150.
- risk 0.34cvss 5.3epss 0.00
Other issue in the Libraries component in NSS. This vulnerability was fixed in Firefox 150, Firefox ESR 115.35, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10.
- risk 0.34cvss 5.3epss 0.00
Information disclosure in the Form Autofill component. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10.
- risk 0.34cvss 5.3epss 0.00
Information disclosure in the XML component. This vulnerability was fixed in Firefox 147 and Thunderbird 147.
- risk 0.34cvss 5.3epss 0.00
Incorrect boundary conditions in the Graphics component. This vulnerability was fixed in Firefox 147, Firefox ESR 115.32, Firefox ESR 140.7, Thunderbird 147, and Thunderbird 140.7.
- risk 0.34cvss 5.3epss 0.00
Information disclosure in the Networking component. This vulnerability was fixed in Firefox 147, Firefox ESR 140.7, Thunderbird 147, and Thunderbird 140.7.
- risk 0.34cvss 5.3epss 0.00
In the address bar, Firefox for Android truncated the display of URLs from the end instead of prioritizing the origin. This vulnerability was fixed in Firefox 141.
- risk 0.34cvss 5.3epss 0.00
A vulnerability existed in Thunderbird for Android where potentially sensitive library locations were logged via Logcat. This vulnerability was fixed in Firefox 138 and Thunderbird 138.
- risk 0.34cvss 5.3epss 0.00
By first using the AI chatbot in one tab and later activating it in another tab, the document title of the previous tab would leak into the chat prompt. This vulnerability was fixed in Firefox 137.
- risk 0.34cvss 5.3epss 0.00
When requesting an OpenPGP key from a WKD server, an incorrect padding size was used and a network observer could have learned the length of the requested email address. This vulnerability was fixed in Thunderbird 136 and Thunderbird 128.8.
- risk 0.34cvss 5.3epss 0.00
The fullscreen notification is prematurely hidden when fullscreen is re-requested quickly by the user. This could have been leveraged to perform a potential spoofing attack. This vulnerability was fixed in Firefox 135 and Thunderbird 135.
- risk 0.34cvss 5.3epss 0.01
Assuming a controlled failed memory allocation, an attacker could have caused a use-after-free, leading to a potentially exploitable crash. This vulnerability was fixed in Firefox 134, Firefox ESR 128.6, Firefox ESR 115.19, Thunderbird 134, and Thunderbird 128.6.
- risk 0.34cvss 5.3epss 0.01
An audio capture session can started under an incorrect origin from the site making the capture request. Users are still prompted to allow the request but the prompt can display the wrong origin, leading to user confusion about which site is making the request to capture an…
- risk 0.34cvss 5.3epss 0.00
In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel before security patch level 2018-04-05, a policy for the packet pattern attribute NL80211_PKTPAT_OFFSET is not defined which can lead to a buffer over-read…
- risk 0.34cvss 5.3epss 0.00
Mozilla Firefox before 44.0 on Android does not ensure that HTTPS is used for a lightweight-theme installation, which allows man-in-the-middle attackers to replace a theme's images and colors by modifying the client-server data stream.
- risk 0.33cvss 5.1epss 0.00
Double-Free / Use-After-Free (UAF) in the `IntoIter::drop` and `ThinVec::clear` functions in the thin_vec crate. A panic in `ptr::drop_in_place` skips setting the length to zero.
- risk 0.33cvss 5.1epss 0.00
Due to insufficient escaping of special characters in the "copy as cURL" feature, an attacker could trick a user into using this command, potentially leading to local code execution on the user's system. This vulnerability was fixed in Firefox 138 and Thunderbird 138.
- risk 0.33cvss 5.1epss 0.00
Memory safety bugs present in Firefox 133, Thunderbird 133, Firefox ESR 128.5, and Thunderbird 128.5. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability…
- risk 0.33cvss 5.0epss 0.01
Mozilla Firefox before 46.0 on Android before 5.0 allows attackers to bypass intended Signature access requirements via a crafted application that leverages content-provider permissions, as demonstrated by reading the browser history or a saved password.
- risk 0.31cvss 4.7epss 0.00
Information disclosure, sandbox escape in the Security: Process Sandboxing component. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Thunderbird 152, and Thunderbird 140.12.
- risk 0.31cvss 4.7epss 0.00
Information disclosure, sandbox escape in the Security: Process Sandboxing component. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Thunderbird 152, and Thunderbird 140.12.
- risk 0.31cvss 4.8epss 0.00
Due to insufficient escaping of the ampersand character in the “Copy as cURL” feature, an attacker could trick a user into using this command, potentially leading to local code execution on the user's system. *This bug only affects Firefox for Windows. Other versions of…
- risk 0.31cvss 4.8epss 0.00
Due to insufficient escaping of the newline character in the “Copy as cURL” feature, an attacker could trick a user into using this command, potentially leading to local code execution on the user's system. This vulnerability was fixed in Firefox 139, Firefox ESR 115.24,…
- risk 0.31cvss 4.8epss 0.00
A vulnerability was identified in Thunderbird where XPath parsing could trigger undefined behavior due to missing null checks during attribute access. This could lead to out-of-bounds read access and potentially, memory corruption. This vulnerability was fixed in Firefox 138,…
- risk 0.31cvss 4.7epss 0.00
On Windows systems, the logger run by the Windows updater deletes the file "update.log" before it runs in order to write a new log of that name. The path to this file is supplied at the command line to the updater and could be used in concert with another local exploit to delete…
- risk 0.31cvss 4.7epss 0.00
The Updater in Mozilla Firefox before 48.0 on Windows allows local users to write to arbitrary files via vectors involving the callback application-path parameter and a hard link.
- risk 0.31cvss 4.7epss 0.02
Mozilla Firefox 43.x mishandles attempts to connect to the Application Reputation service, which makes it easier for remote attackers to trigger an unintended download by leveraging the absence of reputation data.
- risk 0.31cvss 4.7epss 0.01
Mozilla Firefox before 44.0 on Android allows remote attackers to spoof the address bar via the scrollTo method.
- risk 0.31cvss 4.7epss 0.01
Cross-site scripting (XSS) vulnerability in showdependencygraph.cgi in Bugzilla 2.x, 3.x, and 4.x before 4.2.16, 4.3.x and 4.4.x before 4.4.11, and 4.5.x and 5.0.x before 5.0.2, when a local dot configuration is used, allows remote attackers to inject arbitrary web script or…
Page 19 of 73