VYPR

Vendor CVEs

Mozilla Corporation

All CVEs

3,627 total · sorted by risk
  • CVE-2026-12299MedJun 16, 2026
    risk 0.35cvss 5.4epss 0.00

    JIT miscompilation in the DOM: Core & HTML component. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Firefox ESR 115.37, Thunderbird 152, and Thunderbird 140.12.

  • CVE-2026-12298MedJun 16, 2026
    risk 0.35cvss 5.4epss 0.00

    Memory safety bug fixed in Thunderbird 152. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Thunderbird 152, and Thunderbird 140.12.

  • CVE-2026-9309MedJun 1, 2026
    risk 0.35cvss 5.4epss 0.00

    Firefox for iOS Reader View did not properly escape HTML tags in JSON-LD metadata. A malicious page could inject markup that changed Reader View behavior and leaked sensitive URL parameters. These parameters could then be used to access internal pages, potentially resulting in…

  • CVE-2026-9308MedJun 1, 2026
    risk 0.35cvss 5.4epss 0.00

    Firefox for iOS Reader View replaced page content in its HTML template before replacing other internal placeholders. A malicious page could include a placeholder string that was later substituted with JSON-LD data, potentially resulting in arbitrary JavaScript execution. This…

  • CVE-2026-9078MedMay 25, 2026
    risk 0.35cvss 5.4epss 0.00

    Firefox for iOS displayed specially crafted right-to-left (RTL) and internationalized domain names (IDNs) incorrectly in link preview UI surfaces. A crafted RTL hostname could visually reorder portions of the displayed domain, causing attacker-controlled sites to appear as…

  • CVE-2026-6774MedApr 21, 2026
    risk 0.35cvss 5.4epss 0.00

    Mitigation bypass in the DOM: Security component. This vulnerability was fixed in Firefox 150 and Thunderbird 150.

  • CVE-2026-2804MedFeb 24, 2026
    risk 0.35cvss 5.4epss 0.00

    Use-after-free in the JavaScript: WebAssembly component. This vulnerability was fixed in Firefox 148 and Thunderbird 148.

  • CVE-2026-0890MedJan 13, 2026
    risk 0.35cvss 5.4epss 0.00

    Spoofing issue in the DOM: Copy & Paste and Drag & Drop component. This vulnerability was fixed in Firefox 147, Firefox ESR 140.7, Thunderbird 147, and Thunderbird 140.7.

  • CVE-2025-10531MedSep 16, 2025
    risk 0.35cvss 5.4epss 0.00

    Mitigation bypass in the Web Compatibility: Tooling component. This vulnerability was fixed in Firefox 143 and Thunderbird 143.

  • CVE-2025-54144MedAug 19, 2025
    risk 0.35cvss 5.4epss 0.00

    The URL scheme used by Firefox to facilitate searching of text queries could incorrectly allow attackers to open arbitrary website URLs or internal pages if a user was tricked into clicking a link. This vulnerability was fixed in Firefox for iOS 141.

  • CVE-2025-5267MedMay 27, 2025
    risk 0.35cvss 5.4epss 0.00

    A clickjacking vulnerability could have been used to trick a user into leaking saved payment card details to a malicious page. This vulnerability was fixed in Firefox 139, Firefox ESR 128.11, Thunderbird 139, and Thunderbird 128.11.

  • CVE-2025-27426MedMar 4, 2025
    risk 0.35cvss 5.4epss 0.00

    Malicious websites utilizing a server-side redirect to an internal error page could result in a spoofed website URL. This vulnerability was fixed in Firefox for iOS 136.

  • CVE-2025-0244MedJan 7, 2025
    risk 0.35cvss 5.3epss 0.07

    When redirecting to an invalid protocol scheme, an attacker could spoof the address bar. *Note: This issue only affected Android operating systems. Other operating systems are unaffected.*. This vulnerability was fixed in Firefox 134.

  • CVE-2025-0237MedJan 7, 2025
    risk 0.35cvss 5.4epss 0.01

    The WebChannel API, which is used to transport various information across processes, did not check the sending principal but rather accepted the principal being sent. This could have led to privilege escalation attacks. This vulnerability was fixed in Firefox 134, Firefox ESR…

  • CVE-2023-6857MedDec 19, 2023
    risk 0.35cvss 5.3epss 0.01

    When resolving a symlink, a race may occur where the buffer passed to `readlink` may actually be smaller than necessary. *This bug only affects Firefox on Unix-based operating systems (Android, Linux, MacOS). Windows is unaffected.* This vulnerability affects Firefox ESR <…

  • CVE-2023-6206MedNov 21, 2023
    risk 0.35cvss 5.4epss 0.01

    The black fade animation when exiting fullscreen is roughly the length of the anti-clickjacking delay on permission prompts. It was possible to use this fact to surprise users by luring them to click where the permission grant button would be about to appear. This vulnerability…

  • CVE-2023-5723MedOct 25, 2023
    risk 0.35cvss 5.3epss 0.01

    An attacker with temporary script access to a site could have set a cookie containing invalid characters using `document.cookie` that could have led to unknown errors. This vulnerability affects Firefox < 119.

  • CVE-2023-5722MedOct 25, 2023
    risk 0.35cvss 5.3epss 0.01

    Using iterative requests an attacker was able to learn the size of an opaque response, as well as the contents of a server-supplied Vary header. This vulnerability affects Firefox < 119.

  • CVE-2023-4046MedAug 1, 2023
    risk 0.35cvss 5.3epss 0.01

    In some circumstances, a stale value could have been used for a global variable in WASM JIT analysis. This resulted in incorrect compilation and a potentially exploitable crash in the content process. This vulnerability affects Firefox < 116, Firefox ESR < 102.14, and Firefox…

  • CVE-2023-37455MedJul 12, 2023
    risk 0.35cvss 5.4epss 0.00

    The permission request prompt from the site in the background tab was overlaid on top of the site in the foreground tab. This vulnerability affects Firefox for iOS < 115.

  • CVE-2023-29546MedJun 19, 2023
    risk 0.35cvss 6.5epss 0.00

    When recording the screen while in Private Browsing on Firefox for Android the address bar and keyboard were not hidden, potentially leaking sensitive information. *This bug only affects Firefox for Android. Other operating systems are unaffected.* This vulnerability affects…

  • CVE-2023-25730MedJun 2, 2023
    risk 0.35cvss 5.4epss 0.01

    A background script invoking requestFullscreen and then blocking the main thread could force the browser into fullscreen mode indefinitely, resulting in potential user confusion or spoofing attacks. This vulnerability affects Firefox < 110, Thunderbird < 102.8, and…

  • CVE-2022-28286MedDec 22, 2022
    risk 0.35cvss 5.4epss 0.01

    Due to a layout change, iframe contents could have been rendered outside of its border. This could have led to user confusion or spoofing attacks. This vulnerability affects Thunderbird < 91.8, Firefox < 99, and Firefox ESR < 91.8.

  • CVE-2022-1197MedDec 22, 2022
    risk 0.35cvss 5.4epss 0.00

    When importing a revoked key that specified key compromise as the revocation reason, Thunderbird did not update the existing copy of the key that was not yet revoked, and the existing key was kept as non-revoked. Revocation statements that used another revocation reason, or that…

  • CVE-2021-4138MedMay 2, 2022
    risk 0.35cvss 5.3epss 0.01

    Improved Host header checks to reject requests not sent to a well-known local hostname or IP, or the server-specified hostname.

  • CVE-2021-29965MedJun 24, 2021
    risk 0.35cvss 5.3epss 0.01

    A malicious website that causes an HTTP Authentication dialog to be spawned could trick the built-in password manager to suggest passwords for the currently active website instead of the website that triggered the dialog. *This bug only affects Firefox for Android. Other…

  • CVE-2021-29955MedJun 24, 2021
    risk 0.35cvss 5.3epss 0.02

    A transient execution vulnerability, named Floating Point Value Injection (FPVI) allowed an attacker to leak arbitrary memory addresses and may have also enabled JIT type confusion attacks. (A related vulnerability, Speculative Code Store Bypass (SCSB), did not affect Firefox.).…

  • CVE-2021-23977MedFeb 26, 2021
    risk 0.35cvss 5.3epss 0.01

    Firefox for Android suffered from a time-of-check-time-of-use vulnerability that allowed a malicious application to read sensitive data from application directories. Note: This issue is only affected Firefox for Android. Other operating systems are unaffected. This vulnerability…

  • CVE-2020-6829MedOct 28, 2020
    risk 0.35cvss 5.3epss 0.01

    When performing EC scalar point multiplication, the wNAF point multiplication algorithm was used; which leaked partial information about the nonce used during signature generation. Given an electro-magnetic trace of a few signature generations, the private key could have been…

  • CVE-2020-15680MedOct 22, 2020
    risk 0.35cvss 5.3epss 0.01

    If a valid external protocol handler was referenced in an image tag, the resulting broken image size could be distinguished from a broken image size of a non-existent protocol handler. This allowed an attacker to successfully probe whether an external protocol handler was…

  • CVE-2020-12405MedJul 9, 2020
    risk 0.35cvss 5.3epss 0.01

    When browsing a malicious page, a race condition in our SharedWorkerService could occur and lead to a potentially exploitable crash. This vulnerability affects Thunderbird < 68.9.0, Firefox < 77, and Firefox ESR < 68.9.

  • CVE-2020-6813MedMar 25, 2020
    risk 0.35cvss 5.3epss 0.01

    When protecting CSS blocks with the nonce feature of Content Security Policy, the @import statement in the CSS block could allow an attacker to inject arbitrary styles, bypassing the intent of the Content Security Policy. This vulnerability affects Firefox < 74.

  • CVE-2020-6812MedMar 25, 2020
    risk 0.35cvss 5.3epss 0.02

    The first time AirPods are connected to an iPhone, they become named after the user's name by default (e.g. Jane Doe's AirPods.) Websites with camera or microphone permission are able to enumerate device names, disclosing the user's name. To resolve this issue, Firefox added a…

  • CVE-2019-17021MedJan 8, 2020
    risk 0.35cvss 5.3epss 0.02

    During the initialization of a new content process, a race condition occurs that can allow a content process to disclose heap addresses from the parent process. *Note: this issue only occurs on Windows. Other operating systems are unaffected.*. This vulnerability affects Firefox…

  • CVE-2019-17018MedJan 8, 2020
    risk 0.35cvss 5.3epss 0.01

    When in Private Browsing Mode on Windows 10, the Windows keyboard may retain word suggestions to improve the accuracy of the keyboard. This vulnerability affects Firefox < 72.

  • CVE-2019-11761MedJan 8, 2020
    risk 0.35cvss 5.4epss 0.01

    By using a form with a data URI it was possible to gain access to the privileged JSONView object that had been cloned into content. Impact from exposing this object appears to be minimal, however it was a bypass of existing defense in depth mechanisms. This vulnerability affects…

  • CVE-2019-9817MedJul 23, 2019
    risk 0.35cvss 5.3epss 0.01

    Images from a different domain can be read using a canvas object in some circumstances. This could be used to steal image data from a different site in violation of same-origin policy. This vulnerability affects Thunderbird < 60.7, Firefox < 67, and Firefox ESR < 60.7.

  • CVE-2019-11727MedJul 23, 2019
    risk 0.35cvss 5.3epss 0.02

    A vulnerability exists where it possible to force Network Security Services (NSS) to sign CertificateVerify with PKCS#1 v1.5 signatures when those are the only ones advertised by server in CertificateRequest in TLS 1.3. PKCS#1 v1.5 signatures should not be used for TLS 1.3…

  • CVE-2019-11718MedJul 23, 2019
    risk 0.35cvss 5.3epss 0.01

    Activity Stream can display content from sent from the Snippet Service website. This content is written to innerHTML on the Activity Stream page without sanitization, allowing for a potential access to other information available to the Activity Stream, such as browsing history,…

  • CVE-2019-11717MedJul 23, 2019
    risk 0.35cvss 5.3epss 0.02

    A vulnerability exists where the caret ("^") character is improperly escaped constructing some URIs due to it being used as a separator, allowing for possible spoofing of origin attributes. This vulnerability affects Firefox ESR < 60.8, Firefox < 68, and Thunderbird < 60.8.

  • CVE-2019-11698MedJul 23, 2019
    risk 0.35cvss 5.3epss 0.01

    If a crafted hyperlink is dragged and dropped to the bookmark bar or sidebar and the resulting bookmark is subsequently dragged and dropped into the web content area, an arbitrary query of a user's browser history can be run and transmitted to the content page via drop event…

  • CVE-2019-9801MedApr 26, 2019
    risk 0.35cvss 5.3epss 0.01

    Firefox will accept any registered Program ID as an external protocol handler and offer to launch this local application when given a matching URL on Windows operating systems. This should only happen if the program has specifically registered itself as a "URL Handler" in the…

  • CVE-2019-9797MedApr 26, 2019
    risk 0.35cvss 5.3epss 0.01

    Cross-origin images can be read in violation of the same-origin policy by exporting an image after using createImageBitmap to read the image and then rendering the resulting bitmap image within a canvas element. This vulnerability affects Firefox < 66.

  • CVE-2018-18509MedApr 26, 2019
    risk 0.35cvss 5.3epss 0.02

    A flaw during verification of certain S/MIME signatures causes emails to be shown in Thunderbird as having a valid digital signature, even if the shown message contents aren't covered by the signature. The flaw allows an attacker to reuse a valid S/MIME signature to craft an…

  • CVE-2018-14498MedMar 7, 2019
    risk 0.35cvss 6.5epss 0.03

    get_8bit_row in rdbmp.c in libjpeg-turbo through 1.5.90 and MozJPEG through 3.3.1 allows attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted 8-bit BMP in which one or more of the color indices is out of range for the number of…

  • CVE-2018-12403MedFeb 28, 2019
    risk 0.35cvss 5.3epss 0.02

    If a site is loaded over a HTTPS connection but loads a favicon resource over HTTP, the mixed content warning is not displayed to users. This vulnerability affects Firefox < 63.

  • CVE-2018-12400MedFeb 28, 2019
    risk 0.35cvss 5.3epss 0.02

    In private browsing mode on Firefox for Android, favicons are cached in the cache/icons folder as they are in non-private mode. This allows information leakage of sites visited during private browsing sessions. *Note: this issue only affects Firefox for Android. Desktop versions…

  • CVE-2018-12382MedOct 18, 2018
    risk 0.35cvss 5.3epss 0.02

    The displayed addressbar URL can be spoofed on Firefox for Android using a javascript: URI in concert with JavaScript to insert text before the loaded domain name, scrolling the loaded domain out of view to the right. This can lead to user confusion. *This vulnerability only…

  • CVE-2018-12381MedOct 18, 2018
    risk 0.35cvss 5.3epss 0.02

    Manually dragging and dropping an Outlook email message into the browser will trigger a page navigation when the message's mail columns are incorrectly interpreted as a URL. *Note: this issue only affects Windows operating systems with Outlook installed. Other operating systems…

  • CVE-2016-8635MedAug 1, 2018
    risk 0.35cvss 5.3epss 0.02

    It was found that Diffie Hellman Client key exchange handling in NSS 3.21.x was vulnerable to small subgroup confinement attack. An attacker could use this flaw to recover private keys by confining the client DH key to small subgroup of the desired group.

Page 33 of 73