VYPR

Vendor CVEs

Mozilla Corporation

All CVEs

3,628 total · sorted by risk
  • CVE-2019-9803HigApr 26, 2019
    risk 0.48cvss 7.4epss 0.01

    The Upgrade-Insecure-Requests (UIR) specification states that if UIR is enabled through Content Security Policy (CSP), navigation to a same-origin URL must be upgraded to HTTPS. Firefox will incorrectly navigate to an HTTP URL rather than perform the security upgrade requested…

  • CVE-2019-9798HigApr 26, 2019
    risk 0.48cvss 7.4epss 0.01

    On Android systems, Firefox can load a library from APITRACE_LIB, which is writable by all users and applications. This could allow malicious third party applications to execute a man-in-the-middle attack if a malicious code was written to that location and loaded. *Note: This…

  • CVE-2018-5144HigJun 11, 2018
    risk 0.48cvss 7.3epss 0.03

    An integer overflow can occur during conversion of text to some Unicode character sets due to an unchecked length parameter. This vulnerability affects Firefox ESR < 52.7 and Thunderbird < 52.7.

  • CVE-2017-7835HigJun 11, 2018
    risk 0.48cvss 7.3epss 0.02

    Mixed content blocking of insecure (HTTP) sub-resources in a secure (HTTPS) document was not correctly applied for resources that redirect from HTTPS to HTTP, allowing content that should be blocked, such as scripts, to be loaded on a page. This vulnerability affects Firefox <…

  • CVE-2017-5386HigJun 11, 2018
    risk 0.48cvss 7.3epss 0.02

    WebExtension scripts can use the "data:" protocol to affect pages loaded by other web extensions using this protocol, leading to potential data disclosure or privilege escalation in affected extensions. This vulnerability affects Firefox ESR < 45.7 and Firefox < 51.

  • CVE-2016-5284HigSep 22, 2016
    risk 0.48cvss 7.4epss 0.02

    Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4, and Thunderbird < 45.4 rely on unintended expiration dates for Preloaded Public Key Pinning, which allows man-in-the-middle attackers to spoof add-on updates by leveraging possession of an X.509 server certificate for…

  • CVE-2016-1978HigMar 13, 2016
    risk 0.48cvss 7.3epss 0.02

    Use-after-free vulnerability in the ssl3_HandleECDHServerKeyExchange function in Mozilla Network Security Services (NSS) before 3.21, as used in Mozilla Firefox before 44.0, allows remote attackers to cause a denial of service or possibly have unspecified other impact by making…

  • CVE-2016-1963HigMar 13, 2016
    risk 0.48cvss 7.4epss 0.00

    The FileReader class in Mozilla Firefox before 45.0 allows local users to gain privileges or cause a denial of service (memory corruption) by changing a file during a FileReader API read operation.

  • CVE-2016-1942HigJan 31, 2016
    risk 0.48cvss 7.4epss 0.02

    Mozilla Firefox before 44.0 allows user-assisted remote attackers to spoof a trailing substring in the address bar by leveraging a user's paste of a (1) wyciwyg: URI or (2) resource: URI.

  • CVE-2013-2566MedMar 15, 2013
    risk 0.48cvss 5.9epss 0.84

    The RC4 algorithm, as used in the TLS protocol and SSL protocol, has many single-byte biases, which makes it easier for remote attackers to conduct plaintext-recovery attacks via statistical analysis of ciphertext in a large number of sessions that use the same plaintext.

  • CVE-2012-5822HigNov 4, 2012
    risk 0.48cvss 7.4epss 0.01

    The contribution feature in Zamboni does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid…

  • CVE-2026-12327HigJun 16, 2026
    risk 0.47cvss 7.3epss 0.00

    Memory safety bugs present in Firefox ESR 140.11, Thunderbird ESR 140.11, Firefox 151 and Thunderbird 151. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This…

  • CVE-2026-12326HigJun 16, 2026
    risk 0.47cvss 7.3epss 0.00

    Memory safety bugs present in Firefox 151 and Thunderbird 151. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 152 and…

  • CVE-2026-12324HigJun 16, 2026
    risk 0.47cvss 7.3epss 0.00

    Incorrect boundary conditions in the Graphics: CanvasWebGL component. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Thunderbird 152, and Thunderbird 140.12.

  • CVE-2026-12318HigJun 16, 2026
    risk 0.47cvss 7.3epss 0.00

    Incorrect boundary conditions in the Libraries component in NSS. This vulnerability was fixed in Firefox 152 and Thunderbird 152.

  • CVE-2026-8947HigMay 19, 2026
    risk 0.47cvss 7.3epss 0.00

    Use-after-free in the DOM: Bindings (WebIDL) component. This vulnerability was fixed in Firefox 151, Firefox ESR 115.36, Firefox ESR 140.11, Thunderbird 151, and Thunderbird 140.11.

  • CVE-2026-8390HigMay 12, 2026
    risk 0.47cvss 7.3epss 0.00

    Use-after-free in the JavaScript: WebAssembly component. This vulnerability was fixed in Firefox 150.0.3.

  • CVE-2026-8090HigMay 7, 2026
    risk 0.47cvss 7.3epss 0.00

    Use-after-free in the DOM: Networking component. This vulnerability was fixed in Firefox 150.0.2, Firefox ESR 140.10.2, Firefox ESR 115.35.2, Thunderbird 150.0.2, and Thunderbird 140.10.2.

  • CVE-2026-7324HigApr 28, 2026
    risk 0.47cvss 7.3epss 0.00

    Memory safety bugs present in Thunderbird 150.0.0. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 150.0.1 and Thunderbird…

  • CVE-2026-7323HigApr 28, 2026
    risk 0.47cvss 7.3epss 0.00

    Memory safety bugs present in Thunderbird ESR 140.10.0 and Thunderbird 150.0.0. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox…

  • CVE-2026-7322HigApr 28, 2026
    risk 0.47cvss 7.3epss 0.00

    Memory safety bugs present in Thunderbird ESR 140.10.0 and Thunderbird 150.0.0. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox…

  • CVE-2026-6753HigApr 21, 2026
    risk 0.47cvss 7.3epss 0.00

    Incorrect boundary conditions in the WebRTC component. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10.

  • CVE-2026-6752HigApr 21, 2026
    risk 0.47cvss 7.3epss 0.00

    Incorrect boundary conditions in the WebRTC component. This vulnerability was fixed in Firefox 150, Firefox ESR 115.35, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10.

  • CVE-2026-6751HigApr 21, 2026
    risk 0.47cvss 7.3epss 0.00

    Uninitialized memory in the Audio/Video: Web Codecs component. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10.

  • CVE-2025-14332HigDec 9, 2025
    risk 0.47cvss 7.3epss 0.00

    Memory safety bugs present in Firefox 145 and Thunderbird 145. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 146 and…

  • CVE-2025-14325HigDec 9, 2025
    risk 0.47cvss 7.3epss 0.00

    JIT miscompilation in the JavaScript Engine: JIT component. This vulnerability was fixed in Firefox 146, Firefox ESR 140.6, Thunderbird 146, and Thunderbird 140.6.

  • CVE-2025-10528HigSep 16, 2025
    risk 0.47cvss 7.3epss 0.00

    Sandbox escape due to undefined behavior, invalid pointer in the Graphics: Canvas2D component. This vulnerability was fixed in Firefox 143, Firefox ESR 140.3, Thunderbird 143, and Thunderbird 140.3.

  • CVE-2025-5272HigMay 27, 2025
    risk 0.47cvss 7.3epss 0.00

    Memory safety bugs present in Firefox 138 and Thunderbird 138. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 139 and…

  • CVE-2025-3029HigApr 1, 2025
    risk 0.47cvss 7.3epss 0.00

    A crafted URL containing specific Unicode characters could have hidden the true origin of the page, resulting in a potential spoofing attack. This vulnerability was fixed in Firefox 137, Firefox ESR 128.9, Thunderbird 137, and Thunderbird 128.9.

  • CVE-2025-1936HigMar 4, 2025
    risk 0.47cvss 7.3epss 0.00

    jar: URLs retrieve local file content packaged in a ZIP archive. The null and everything after it was ignored when retrieving the content from the archive, but the fake extension after the null was used to determine the type of content. This could have been used to hide code in…

  • CVE-2026-27375HigMar 5, 2026
    risk 0.46cvss 7.1epss 0.00

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in JanStudio Gecko gecko allows Reflected XSS.This issue affects Gecko: from n/a through <= 1.9.8.

  • CVE-2025-10527HigSep 16, 2025
    risk 0.46cvss 7.1epss 0.00

    Sandbox escape due to use-after-free in the Graphics: Canvas2D component. This vulnerability was fixed in Firefox 143, Firefox ESR 140.3, Thunderbird 143, and Thunderbird 140.3.

  • CVE-2025-4085HigApr 29, 2025
    risk 0.46cvss 7.1epss 0.00

    An attacker with control over a content process could potentially leverage the privileged UITour actor to leak sensitive information or escalate privileges. This vulnerability was fixed in Firefox 138 and Thunderbird 138.

  • CVE-2025-26696HigMar 10, 2025
    risk 0.46cvss 7.0epss 0.00

    Certain crafted MIME email messages that claimed to contain an encrypted OpenPGP message, which instead contained an OpenPGP signed message, were wrongly shown as being encrypted. This vulnerability was fixed in Thunderbird 136 and Thunderbird 128.8.

  • CVE-2025-1940HigMar 4, 2025
    risk 0.46cvss 7.1epss 0.00

    A select option could partially obscure the confirmation prompt shown before launching external apps. This could be used to trick a user in to launching an external app unexpectedly. *This issue only affects Android versions of Firefox.*. This vulnerability was fixed in Firefox…

  • CVE-2022-42930HigDec 22, 2022
    risk 0.46cvss 7.1epss 0.00

    If two Workers were simultaneously initializing their CacheStorage, a data race could have occurred in the `ThirdPartyUtil` component. This vulnerability affects Firefox < 106.

  • CVE-2022-22753HigDec 22, 2022
    risk 0.46cvss 7.1epss 0.01

    A Time-of-Check Time-of-Use bug existed in the Maintenance (Updater) Service that could be abused to grant Users write access to an arbitrary directory. This could have been used to escalate to SYSTEM access.*This bug only affects Firefox on Windows. Other operating systems…

  • CVE-2022-22736HigDec 22, 2022
    risk 0.46cvss 7.0epss 0.00

    If Firefox was installed to a world-writable directory, a local privilege escalation could occur when Firefox searched the current directory for system libraries. However the install directory is not world-writable by default.*This bug only affects Firefox for Windows in a…

  • CVE-2021-29964HigJun 24, 2021
    risk 0.46cvss 7.1epss 0.01

    A locally-installed hostile program could send `WM_COPYDATA` messages that Firefox would process incorrectly, leading to an out-of-bounds read. *This bug only affects Firefox on Windows. Other operating systems are unaffected.*. This vulnerability affects Thunderbird < 78.11,…

  • CVE-2019-11736HigSep 27, 2019
    risk 0.46cvss 7.0epss 0.00

    The Mozilla Maintenance Service does not guard against files being hardlinked to another file in the updates directory, allowing for the replacement of local files, including the Maintenance Service executable, which is run with privileged access. Additionally, there was a race…

  • CVE-2017-7771HigApr 15, 2019
    risk 0.46cvss 8.1epss 0.01

    Out-of-bounds read in Graphite2 Library in Firefox before 54 in graphite2::Pass::readPass function.

  • CVE-2018-12397HigFeb 28, 2019
    risk 0.46cvss 7.1epss 0.00

    A WebExtension can request access to local files without the warning prompt stating that the extension will "Access your data for all websites" being displayed to the user. This allows extensions to run content scripts in local pages without permission warnings when a local file…

  • CVE-2018-12385HigOct 18, 2018
    risk 0.46cvss 7.0epss 0.00

    A potentially exploitable crash in TransportSecurityInfo used for SSL can be triggered by data stored in the local cache in the user profile directory. This issue is only exploitable in combination with another vulnerability allowing an attacker to write data into the local…

  • CVE-2016-9077HigJun 11, 2018
    risk 0.46cvss 7.0epss 0.01

    Canvas allows the use of the "feDisplacementMap" filter on images loaded cross-origin. The rendering by the filter is variable depending on the input pixel, allowing for timing attacks when the images are loaded from third party locations. This vulnerability affects Firefox < 50.

  • CVE-2016-5867HigAug 16, 2017
    risk 0.46cvss 7.0epss 0.01

    In a sound driver in Android for MSM, Firefox OS for MSM, QRD Android, some variables are from userspace and values can be chosen that could result in stack overflow.

  • CVE-2025-5687HigJun 11, 2025
    risk 0.44cvss 7.8epss 0.00

    A vulnerability in Mozilla VPN on macOS allows privilege escalation from a normal user to root. *This bug only affects Mozilla VPN on macOS. Other operating systems are unaffected.*. This vulnerability was fixed in Mozilla VPN 2.28.0 (macOS).

  • CVE-2021-23991MedJun 24, 2021
    risk 0.44cvss 6.8epss 0.01

    If a Thunderbird user has previously imported Alice's OpenPGP key, and Alice has extended the validity period of her key, but Alice's updated key has not yet been imported, an attacker may send an email containing a crafted version of Alice's key with an invalid subkey,…

  • CVE-2020-26964MedDec 9, 2020
    risk 0.44cvss 6.8epss 0.01

    If the Remote Debugging via USB feature was enabled in Firefox for Android on an Android version prior to Android 6.0, untrusted apps could have connected to the feature and operated with the privileges of the browser to read and interact with web content. The feature was…

  • CVE-2019-11730MedJul 23, 2019
    risk 0.44cvss 6.5epss 0.20

    A vulnerability exists where if a user opens a locally saved HTML file, this file can use file: URIs to access other files in the same directory or sub-directories if the names are known or guessed. The Fetch API can then be used to read the contents of any files stored in these…

  • CVE-2018-12366MedOct 18, 2018
    risk 0.43cvss 6.5epss 0.03

    An invalid grid size during QCMS (color profile) transformations can result in the out-of-bounds read interpreted as a float value. This could leak private data into the output. This vulnerability affects Thunderbird < 60, Thunderbird < 52.9, Firefox ESR < 60.1, Firefox ESR <…

Page 23 of 73