Vendor CVEs
Mozilla Corporation
All CVEs
3,628 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2019-9803 | Hig | 0.48 | 7.4 | 0.01 | Apr 26, 2019 | The Upgrade-Insecure-Requests (UIR) specification states that if UIR is enabled through Content Security Policy (CSP), navigation to a same-origin URL must be upgraded to HTTPS. Firefox will incorrectly navigate to an HTTP URL rather than perform the security upgrade requested… | ||
| CVE-2019-9798 | Hig | 0.48 | 7.4 | 0.01 | Apr 26, 2019 | On Android systems, Firefox can load a library from APITRACE_LIB, which is writable by all users and applications. This could allow malicious third party applications to execute a man-in-the-middle attack if a malicious code was written to that location and loaded. *Note: This… | ||
| CVE-2018-5144 | Hig | 0.48 | 7.3 | 0.03 | Jun 11, 2018 | An integer overflow can occur during conversion of text to some Unicode character sets due to an unchecked length parameter. This vulnerability affects Firefox ESR < 52.7 and Thunderbird < 52.7. | ||
| CVE-2017-7835 | Hig | 0.48 | 7.3 | 0.02 | Jun 11, 2018 | Mixed content blocking of insecure (HTTP) sub-resources in a secure (HTTPS) document was not correctly applied for resources that redirect from HTTPS to HTTP, allowing content that should be blocked, such as scripts, to be loaded on a page. This vulnerability affects Firefox <… | ||
| CVE-2017-5386 | Hig | 0.48 | 7.3 | 0.02 | Jun 11, 2018 | WebExtension scripts can use the "data:" protocol to affect pages loaded by other web extensions using this protocol, leading to potential data disclosure or privilege escalation in affected extensions. This vulnerability affects Firefox ESR < 45.7 and Firefox < 51. | ||
| CVE-2016-5284 | Hig | 0.48 | 7.4 | 0.02 | Sep 22, 2016 | Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4, and Thunderbird < 45.4 rely on unintended expiration dates for Preloaded Public Key Pinning, which allows man-in-the-middle attackers to spoof add-on updates by leveraging possession of an X.509 server certificate for… | ||
| CVE-2016-1978 | Hig | 0.48 | 7.3 | 0.02 | Mar 13, 2016 | Use-after-free vulnerability in the ssl3_HandleECDHServerKeyExchange function in Mozilla Network Security Services (NSS) before 3.21, as used in Mozilla Firefox before 44.0, allows remote attackers to cause a denial of service or possibly have unspecified other impact by making… | ||
| CVE-2016-1963 | Hig | 0.48 | 7.4 | 0.00 | Mar 13, 2016 | The FileReader class in Mozilla Firefox before 45.0 allows local users to gain privileges or cause a denial of service (memory corruption) by changing a file during a FileReader API read operation. | ||
| CVE-2016-1942 | Hig | 0.48 | 7.4 | 0.02 | Jan 31, 2016 | Mozilla Firefox before 44.0 allows user-assisted remote attackers to spoof a trailing substring in the address bar by leveraging a user's paste of a (1) wyciwyg: URI or (2) resource: URI. | ||
| CVE-2013-2566 | Med | 0.48 | 5.9 | 0.84 | Mar 15, 2013 | The RC4 algorithm, as used in the TLS protocol and SSL protocol, has many single-byte biases, which makes it easier for remote attackers to conduct plaintext-recovery attacks via statistical analysis of ciphertext in a large number of sessions that use the same plaintext. | ||
| CVE-2012-5822 | Hig | 0.48 | 7.4 | 0.01 | Nov 4, 2012 | The contribution feature in Zamboni does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid… | ||
| CVE-2026-12327 | Hig | 0.47 | 7.3 | 0.00 | Jun 16, 2026 | Memory safety bugs present in Firefox ESR 140.11, Thunderbird ESR 140.11, Firefox 151 and Thunderbird 151. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This… | ||
| CVE-2026-12326 | Hig | 0.47 | 7.3 | 0.00 | Jun 16, 2026 | Memory safety bugs present in Firefox 151 and Thunderbird 151. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 152 and… | ||
| CVE-2026-12324 | Hig | 0.47 | 7.3 | 0.00 | Jun 16, 2026 | Incorrect boundary conditions in the Graphics: CanvasWebGL component. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Thunderbird 152, and Thunderbird 140.12. | ||
| CVE-2026-12318 | Hig | 0.47 | 7.3 | 0.00 | Jun 16, 2026 | Incorrect boundary conditions in the Libraries component in NSS. This vulnerability was fixed in Firefox 152 and Thunderbird 152. | ||
| CVE-2026-8947 | Hig | 0.47 | 7.3 | 0.00 | May 19, 2026 | Use-after-free in the DOM: Bindings (WebIDL) component. This vulnerability was fixed in Firefox 151, Firefox ESR 115.36, Firefox ESR 140.11, Thunderbird 151, and Thunderbird 140.11. | ||
| CVE-2026-8390 | Hig | 0.47 | 7.3 | 0.00 | May 12, 2026 | Use-after-free in the JavaScript: WebAssembly component. This vulnerability was fixed in Firefox 150.0.3. | ||
| CVE-2026-8090 | Hig | 0.47 | 7.3 | 0.00 | May 7, 2026 | Use-after-free in the DOM: Networking component. This vulnerability was fixed in Firefox 150.0.2, Firefox ESR 140.10.2, Firefox ESR 115.35.2, Thunderbird 150.0.2, and Thunderbird 140.10.2. | ||
| CVE-2026-7324 | Hig | 0.47 | 7.3 | 0.00 | Apr 28, 2026 | Memory safety bugs present in Thunderbird 150.0.0. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 150.0.1 and Thunderbird… | ||
| CVE-2026-7323 | Hig | 0.47 | 7.3 | 0.00 | Apr 28, 2026 | Memory safety bugs present in Thunderbird ESR 140.10.0 and Thunderbird 150.0.0. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox… | ||
| CVE-2026-7322 | Hig | 0.47 | 7.3 | 0.00 | Apr 28, 2026 | Memory safety bugs present in Thunderbird ESR 140.10.0 and Thunderbird 150.0.0. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox… | ||
| CVE-2026-6753 | Hig | 0.47 | 7.3 | 0.00 | Apr 21, 2026 | Incorrect boundary conditions in the WebRTC component. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10. | ||
| CVE-2026-6752 | Hig | 0.47 | 7.3 | 0.00 | Apr 21, 2026 | Incorrect boundary conditions in the WebRTC component. This vulnerability was fixed in Firefox 150, Firefox ESR 115.35, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10. | ||
| CVE-2026-6751 | Hig | 0.47 | 7.3 | 0.00 | Apr 21, 2026 | Uninitialized memory in the Audio/Video: Web Codecs component. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10. | ||
| CVE-2025-14332 | Hig | 0.47 | 7.3 | 0.00 | Dec 9, 2025 | Memory safety bugs present in Firefox 145 and Thunderbird 145. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 146 and… | ||
| CVE-2025-14325 | Hig | 0.47 | 7.3 | 0.00 | Dec 9, 2025 | JIT miscompilation in the JavaScript Engine: JIT component. This vulnerability was fixed in Firefox 146, Firefox ESR 140.6, Thunderbird 146, and Thunderbird 140.6. | ||
| CVE-2025-10528 | Hig | 0.47 | 7.3 | 0.00 | Sep 16, 2025 | Sandbox escape due to undefined behavior, invalid pointer in the Graphics: Canvas2D component. This vulnerability was fixed in Firefox 143, Firefox ESR 140.3, Thunderbird 143, and Thunderbird 140.3. | ||
| CVE-2025-5272 | Hig | 0.47 | 7.3 | 0.00 | May 27, 2025 | Memory safety bugs present in Firefox 138 and Thunderbird 138. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 139 and… | ||
| CVE-2025-3029 | Hig | 0.47 | 7.3 | 0.00 | Apr 1, 2025 | A crafted URL containing specific Unicode characters could have hidden the true origin of the page, resulting in a potential spoofing attack. This vulnerability was fixed in Firefox 137, Firefox ESR 128.9, Thunderbird 137, and Thunderbird 128.9. | ||
| CVE-2025-1936 | Hig | 0.47 | 7.3 | 0.00 | Mar 4, 2025 | jar: URLs retrieve local file content packaged in a ZIP archive. The null and everything after it was ignored when retrieving the content from the archive, but the fake extension after the null was used to determine the type of content. This could have been used to hide code in… | ||
| CVE-2026-27375 | Hig | 0.46 | 7.1 | 0.00 | Mar 5, 2026 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in JanStudio Gecko gecko allows Reflected XSS.This issue affects Gecko: from n/a through <= 1.9.8. | ||
| CVE-2025-10527 | Hig | 0.46 | 7.1 | 0.00 | Sep 16, 2025 | Sandbox escape due to use-after-free in the Graphics: Canvas2D component. This vulnerability was fixed in Firefox 143, Firefox ESR 140.3, Thunderbird 143, and Thunderbird 140.3. | ||
| CVE-2025-4085 | Hig | 0.46 | 7.1 | 0.00 | Apr 29, 2025 | An attacker with control over a content process could potentially leverage the privileged UITour actor to leak sensitive information or escalate privileges. This vulnerability was fixed in Firefox 138 and Thunderbird 138. | ||
| CVE-2025-26696 | Hig | 0.46 | 7.0 | 0.00 | Mar 10, 2025 | Certain crafted MIME email messages that claimed to contain an encrypted OpenPGP message, which instead contained an OpenPGP signed message, were wrongly shown as being encrypted. This vulnerability was fixed in Thunderbird 136 and Thunderbird 128.8. | ||
| CVE-2025-1940 | Hig | 0.46 | 7.1 | 0.00 | Mar 4, 2025 | A select option could partially obscure the confirmation prompt shown before launching external apps. This could be used to trick a user in to launching an external app unexpectedly. *This issue only affects Android versions of Firefox.*. This vulnerability was fixed in Firefox… | ||
| CVE-2022-42930 | Hig | 0.46 | 7.1 | 0.00 | Dec 22, 2022 | If two Workers were simultaneously initializing their CacheStorage, a data race could have occurred in the `ThirdPartyUtil` component. This vulnerability affects Firefox < 106. | ||
| CVE-2022-22753 | Hig | 0.46 | 7.1 | 0.01 | Dec 22, 2022 | A Time-of-Check Time-of-Use bug existed in the Maintenance (Updater) Service that could be abused to grant Users write access to an arbitrary directory. This could have been used to escalate to SYSTEM access.*This bug only affects Firefox on Windows. Other operating systems… | ||
| CVE-2022-22736 | Hig | 0.46 | 7.0 | 0.00 | Dec 22, 2022 | If Firefox was installed to a world-writable directory, a local privilege escalation could occur when Firefox searched the current directory for system libraries. However the install directory is not world-writable by default.*This bug only affects Firefox for Windows in a… | ||
| CVE-2021-29964 | Hig | 0.46 | 7.1 | 0.01 | Jun 24, 2021 | A locally-installed hostile program could send `WM_COPYDATA` messages that Firefox would process incorrectly, leading to an out-of-bounds read. *This bug only affects Firefox on Windows. Other operating systems are unaffected.*. This vulnerability affects Thunderbird < 78.11,… | ||
| CVE-2019-11736 | Hig | 0.46 | 7.0 | 0.00 | Sep 27, 2019 | The Mozilla Maintenance Service does not guard against files being hardlinked to another file in the updates directory, allowing for the replacement of local files, including the Maintenance Service executable, which is run with privileged access. Additionally, there was a race… | ||
| CVE-2017-7771 | Hig | 0.46 | 8.1 | 0.01 | Apr 15, 2019 | Out-of-bounds read in Graphite2 Library in Firefox before 54 in graphite2::Pass::readPass function. | ||
| CVE-2018-12397 | Hig | 0.46 | 7.1 | 0.00 | Feb 28, 2019 | A WebExtension can request access to local files without the warning prompt stating that the extension will "Access your data for all websites" being displayed to the user. This allows extensions to run content scripts in local pages without permission warnings when a local file… | ||
| CVE-2018-12385 | Hig | 0.46 | 7.0 | 0.00 | Oct 18, 2018 | A potentially exploitable crash in TransportSecurityInfo used for SSL can be triggered by data stored in the local cache in the user profile directory. This issue is only exploitable in combination with another vulnerability allowing an attacker to write data into the local… | ||
| CVE-2016-9077 | Hig | 0.46 | 7.0 | 0.01 | Jun 11, 2018 | Canvas allows the use of the "feDisplacementMap" filter on images loaded cross-origin. The rendering by the filter is variable depending on the input pixel, allowing for timing attacks when the images are loaded from third party locations. This vulnerability affects Firefox < 50. | ||
| CVE-2016-5867 | Hig | 0.46 | 7.0 | 0.01 | Aug 16, 2017 | In a sound driver in Android for MSM, Firefox OS for MSM, QRD Android, some variables are from userspace and values can be chosen that could result in stack overflow. | ||
| CVE-2025-5687 | Hig | 0.44 | 7.8 | 0.00 | Jun 11, 2025 | A vulnerability in Mozilla VPN on macOS allows privilege escalation from a normal user to root. *This bug only affects Mozilla VPN on macOS. Other operating systems are unaffected.*. This vulnerability was fixed in Mozilla VPN 2.28.0 (macOS). | ||
| CVE-2021-23991 | Med | 0.44 | 6.8 | 0.01 | Jun 24, 2021 | If a Thunderbird user has previously imported Alice's OpenPGP key, and Alice has extended the validity period of her key, but Alice's updated key has not yet been imported, an attacker may send an email containing a crafted version of Alice's key with an invalid subkey,… | ||
| CVE-2020-26964 | Med | 0.44 | 6.8 | 0.01 | Dec 9, 2020 | If the Remote Debugging via USB feature was enabled in Firefox for Android on an Android version prior to Android 6.0, untrusted apps could have connected to the feature and operated with the privileges of the browser to read and interact with web content. The feature was… | ||
| CVE-2019-11730 | Med | 0.44 | 6.5 | 0.20 | Jul 23, 2019 | A vulnerability exists where if a user opens a locally saved HTML file, this file can use file: URIs to access other files in the same directory or sub-directories if the names are known or guessed. The Fetch API can then be used to read the contents of any files stored in these… | ||
| CVE-2018-12366 | Med | 0.43 | 6.5 | 0.03 | Oct 18, 2018 | An invalid grid size during QCMS (color profile) transformations can result in the out-of-bounds read interpreted as a float value. This could leak private data into the output. This vulnerability affects Thunderbird < 60, Thunderbird < 52.9, Firefox ESR < 60.1, Firefox ESR <… |
- risk 0.48cvss 7.4epss 0.01
The Upgrade-Insecure-Requests (UIR) specification states that if UIR is enabled through Content Security Policy (CSP), navigation to a same-origin URL must be upgraded to HTTPS. Firefox will incorrectly navigate to an HTTP URL rather than perform the security upgrade requested…
- risk 0.48cvss 7.4epss 0.01
On Android systems, Firefox can load a library from APITRACE_LIB, which is writable by all users and applications. This could allow malicious third party applications to execute a man-in-the-middle attack if a malicious code was written to that location and loaded. *Note: This…
- risk 0.48cvss 7.3epss 0.03
An integer overflow can occur during conversion of text to some Unicode character sets due to an unchecked length parameter. This vulnerability affects Firefox ESR < 52.7 and Thunderbird < 52.7.
- risk 0.48cvss 7.3epss 0.02
Mixed content blocking of insecure (HTTP) sub-resources in a secure (HTTPS) document was not correctly applied for resources that redirect from HTTPS to HTTP, allowing content that should be blocked, such as scripts, to be loaded on a page. This vulnerability affects Firefox <…
- risk 0.48cvss 7.3epss 0.02
WebExtension scripts can use the "data:" protocol to affect pages loaded by other web extensions using this protocol, leading to potential data disclosure or privilege escalation in affected extensions. This vulnerability affects Firefox ESR < 45.7 and Firefox < 51.
- risk 0.48cvss 7.4epss 0.02
Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4, and Thunderbird < 45.4 rely on unintended expiration dates for Preloaded Public Key Pinning, which allows man-in-the-middle attackers to spoof add-on updates by leveraging possession of an X.509 server certificate for…
- risk 0.48cvss 7.3epss 0.02
Use-after-free vulnerability in the ssl3_HandleECDHServerKeyExchange function in Mozilla Network Security Services (NSS) before 3.21, as used in Mozilla Firefox before 44.0, allows remote attackers to cause a denial of service or possibly have unspecified other impact by making…
- risk 0.48cvss 7.4epss 0.00
The FileReader class in Mozilla Firefox before 45.0 allows local users to gain privileges or cause a denial of service (memory corruption) by changing a file during a FileReader API read operation.
- risk 0.48cvss 7.4epss 0.02
Mozilla Firefox before 44.0 allows user-assisted remote attackers to spoof a trailing substring in the address bar by leveraging a user's paste of a (1) wyciwyg: URI or (2) resource: URI.
- risk 0.48cvss 5.9epss 0.84
The RC4 algorithm, as used in the TLS protocol and SSL protocol, has many single-byte biases, which makes it easier for remote attackers to conduct plaintext-recovery attacks via statistical analysis of ciphertext in a large number of sessions that use the same plaintext.
- risk 0.48cvss 7.4epss 0.01
The contribution feature in Zamboni does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid…
- risk 0.47cvss 7.3epss 0.00
Memory safety bugs present in Firefox ESR 140.11, Thunderbird ESR 140.11, Firefox 151 and Thunderbird 151. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This…
- risk 0.47cvss 7.3epss 0.00
Memory safety bugs present in Firefox 151 and Thunderbird 151. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 152 and…
- risk 0.47cvss 7.3epss 0.00
Incorrect boundary conditions in the Graphics: CanvasWebGL component. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Thunderbird 152, and Thunderbird 140.12.
- risk 0.47cvss 7.3epss 0.00
Incorrect boundary conditions in the Libraries component in NSS. This vulnerability was fixed in Firefox 152 and Thunderbird 152.
- risk 0.47cvss 7.3epss 0.00
Use-after-free in the DOM: Bindings (WebIDL) component. This vulnerability was fixed in Firefox 151, Firefox ESR 115.36, Firefox ESR 140.11, Thunderbird 151, and Thunderbird 140.11.
- risk 0.47cvss 7.3epss 0.00
Use-after-free in the JavaScript: WebAssembly component. This vulnerability was fixed in Firefox 150.0.3.
- risk 0.47cvss 7.3epss 0.00
Use-after-free in the DOM: Networking component. This vulnerability was fixed in Firefox 150.0.2, Firefox ESR 140.10.2, Firefox ESR 115.35.2, Thunderbird 150.0.2, and Thunderbird 140.10.2.
- risk 0.47cvss 7.3epss 0.00
Memory safety bugs present in Thunderbird 150.0.0. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 150.0.1 and Thunderbird…
- risk 0.47cvss 7.3epss 0.00
Memory safety bugs present in Thunderbird ESR 140.10.0 and Thunderbird 150.0.0. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox…
- risk 0.47cvss 7.3epss 0.00
Memory safety bugs present in Thunderbird ESR 140.10.0 and Thunderbird 150.0.0. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox…
- risk 0.47cvss 7.3epss 0.00
Incorrect boundary conditions in the WebRTC component. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10.
- risk 0.47cvss 7.3epss 0.00
Incorrect boundary conditions in the WebRTC component. This vulnerability was fixed in Firefox 150, Firefox ESR 115.35, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10.
- risk 0.47cvss 7.3epss 0.00
Uninitialized memory in the Audio/Video: Web Codecs component. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10.
- risk 0.47cvss 7.3epss 0.00
Memory safety bugs present in Firefox 145 and Thunderbird 145. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 146 and…
- risk 0.47cvss 7.3epss 0.00
JIT miscompilation in the JavaScript Engine: JIT component. This vulnerability was fixed in Firefox 146, Firefox ESR 140.6, Thunderbird 146, and Thunderbird 140.6.
- risk 0.47cvss 7.3epss 0.00
Sandbox escape due to undefined behavior, invalid pointer in the Graphics: Canvas2D component. This vulnerability was fixed in Firefox 143, Firefox ESR 140.3, Thunderbird 143, and Thunderbird 140.3.
- risk 0.47cvss 7.3epss 0.00
Memory safety bugs present in Firefox 138 and Thunderbird 138. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 139 and…
- risk 0.47cvss 7.3epss 0.00
A crafted URL containing specific Unicode characters could have hidden the true origin of the page, resulting in a potential spoofing attack. This vulnerability was fixed in Firefox 137, Firefox ESR 128.9, Thunderbird 137, and Thunderbird 128.9.
- risk 0.47cvss 7.3epss 0.00
jar: URLs retrieve local file content packaged in a ZIP archive. The null and everything after it was ignored when retrieving the content from the archive, but the fake extension after the null was used to determine the type of content. This could have been used to hide code in…
- risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in JanStudio Gecko gecko allows Reflected XSS.This issue affects Gecko: from n/a through <= 1.9.8.
- risk 0.46cvss 7.1epss 0.00
Sandbox escape due to use-after-free in the Graphics: Canvas2D component. This vulnerability was fixed in Firefox 143, Firefox ESR 140.3, Thunderbird 143, and Thunderbird 140.3.
- risk 0.46cvss 7.1epss 0.00
An attacker with control over a content process could potentially leverage the privileged UITour actor to leak sensitive information or escalate privileges. This vulnerability was fixed in Firefox 138 and Thunderbird 138.
- risk 0.46cvss 7.0epss 0.00
Certain crafted MIME email messages that claimed to contain an encrypted OpenPGP message, which instead contained an OpenPGP signed message, were wrongly shown as being encrypted. This vulnerability was fixed in Thunderbird 136 and Thunderbird 128.8.
- risk 0.46cvss 7.1epss 0.00
A select option could partially obscure the confirmation prompt shown before launching external apps. This could be used to trick a user in to launching an external app unexpectedly. *This issue only affects Android versions of Firefox.*. This vulnerability was fixed in Firefox…
- risk 0.46cvss 7.1epss 0.00
If two Workers were simultaneously initializing their CacheStorage, a data race could have occurred in the `ThirdPartyUtil` component. This vulnerability affects Firefox < 106.
- risk 0.46cvss 7.1epss 0.01
A Time-of-Check Time-of-Use bug existed in the Maintenance (Updater) Service that could be abused to grant Users write access to an arbitrary directory. This could have been used to escalate to SYSTEM access.*This bug only affects Firefox on Windows. Other operating systems…
- risk 0.46cvss 7.0epss 0.00
If Firefox was installed to a world-writable directory, a local privilege escalation could occur when Firefox searched the current directory for system libraries. However the install directory is not world-writable by default.*This bug only affects Firefox for Windows in a…
- risk 0.46cvss 7.1epss 0.01
A locally-installed hostile program could send `WM_COPYDATA` messages that Firefox would process incorrectly, leading to an out-of-bounds read. *This bug only affects Firefox on Windows. Other operating systems are unaffected.*. This vulnerability affects Thunderbird < 78.11,…
- risk 0.46cvss 7.0epss 0.00
The Mozilla Maintenance Service does not guard against files being hardlinked to another file in the updates directory, allowing for the replacement of local files, including the Maintenance Service executable, which is run with privileged access. Additionally, there was a race…
- risk 0.46cvss 8.1epss 0.01
Out-of-bounds read in Graphite2 Library in Firefox before 54 in graphite2::Pass::readPass function.
- risk 0.46cvss 7.1epss 0.00
A WebExtension can request access to local files without the warning prompt stating that the extension will "Access your data for all websites" being displayed to the user. This allows extensions to run content scripts in local pages without permission warnings when a local file…
- risk 0.46cvss 7.0epss 0.00
A potentially exploitable crash in TransportSecurityInfo used for SSL can be triggered by data stored in the local cache in the user profile directory. This issue is only exploitable in combination with another vulnerability allowing an attacker to write data into the local…
- risk 0.46cvss 7.0epss 0.01
Canvas allows the use of the "feDisplacementMap" filter on images loaded cross-origin. The rendering by the filter is variable depending on the input pixel, allowing for timing attacks when the images are loaded from third party locations. This vulnerability affects Firefox < 50.
- risk 0.46cvss 7.0epss 0.01
In a sound driver in Android for MSM, Firefox OS for MSM, QRD Android, some variables are from userspace and values can be chosen that could result in stack overflow.
- risk 0.44cvss 7.8epss 0.00
A vulnerability in Mozilla VPN on macOS allows privilege escalation from a normal user to root. *This bug only affects Mozilla VPN on macOS. Other operating systems are unaffected.*. This vulnerability was fixed in Mozilla VPN 2.28.0 (macOS).
- risk 0.44cvss 6.8epss 0.01
If a Thunderbird user has previously imported Alice's OpenPGP key, and Alice has extended the validity period of her key, but Alice's updated key has not yet been imported, an attacker may send an email containing a crafted version of Alice's key with an invalid subkey,…
- risk 0.44cvss 6.8epss 0.01
If the Remote Debugging via USB feature was enabled in Firefox for Android on an Android version prior to Android 6.0, untrusted apps could have connected to the feature and operated with the privileges of the browser to read and interact with web content. The feature was…
- risk 0.44cvss 6.5epss 0.20
A vulnerability exists where if a user opens a locally saved HTML file, this file can use file: URIs to access other files in the same directory or sub-directories if the names are known or guessed. The Fetch API can then be used to read the contents of any files stored in these…
- risk 0.43cvss 6.5epss 0.03
An invalid grid size during QCMS (color profile) transformations can result in the out-of-bounds read interpreted as a float value. This could leak private data into the output. This vulnerability affects Thunderbird < 60, Thunderbird < 52.9, Firefox ESR < 60.1, Firefox ESR <…
Page 23 of 73