VYPR

Vendor CVEs

Mozilla Corporation

All CVEs

3,627 total · sorted by risk
  • CVE-2016-2796HigMar 13, 2016
    risk 0.58cvss 8.8epss 0.04

    Heap-based buffer overflow in the graphite2::vm::Machine::Code::Code function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a…

  • CVE-2016-1968HigMar 13, 2016
    risk 0.58cvss 8.8epss 0.04

    Integer underflow in Brotli, as used in Mozilla Firefox before 45.0, allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow) via crafted data with brotli compression.

  • CVE-2016-1950HigMar 13, 2016
    risk 0.58cvss 8.8epss 0.04

    Heap-based buffer overflow in Mozilla Network Security Services (NSS) before 3.19.2.3 and 3.20.x and 3.21.x before 3.21.1, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to execute arbitrary code via crafted ASN.1 data in an…

  • CVE-2016-1522HigFeb 13, 2016
    risk 0.58cvss 8.8epss 0.08

    Code.cpp in Libgraphite in Graphite 2 1.2.4, as used in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.6.1, does not consider recursive load calls during a size check, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly…

  • CVE-2016-1521HigFeb 13, 2016
    risk 0.58cvss 8.8epss 0.04

    The directrun function in directmachine.cpp in Libgraphite in Graphite 2 1.2.4, as used in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.6.1, does not validate a certain skip operation, which allows remote attackers to execute arbitrary code, obtain sensitive…

  • CVE-2016-1935HigJan 31, 2016
    risk 0.58cvss 8.8epss 0.05

    Buffer overflow in the BufferSubData function in Mozilla Firefox before 44.0 and Firefox ESR 38.x before 38.6 allows remote attackers to execute arbitrary code via crafted WebGL content.

  • CVE-2014-1531HigApr 30, 2014
    risk 0.58cvss 8.8epss 0.06

    Use-after-free vulnerability in the nsGenericHTMLElement::GetWidthHeightForImage function in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26 allows remote attackers to execute arbitrary code or cause a denial of…

  • CVE-2014-1529HigApr 30, 2014
    risk 0.58cvss 8.8epss 0.04

    The Web Notification API in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26 allows remote attackers to bypass intended source-component restrictions and execute arbitrary JavaScript code in a privileged context via a…

  • CVE-2014-1518HigApr 30, 2014
    risk 0.58cvss 8.8epss 0.06

    Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly…

  • CVE-2014-1513HigMar 19, 2014
    risk 0.58cvss 8.8epss 0.06

    TypedArrayObject.cpp in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 does not prevent a zero-length transition during use of an ArrayBuffer object, which allows remote attackers to execute arbitrary code or cause a…

  • CVE-2014-1509HigMar 19, 2014
    risk 0.58cvss 8.8epss 0.05

    Buffer overflow in the _cairo_truetype_index_to_ucs4 function in cairo, as used in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25, allows remote attackers to execute arbitrary code via a crafted extension that…

  • CVE-2014-1482HigFeb 6, 2014
    risk 0.58cvss 8.8epss 0.06

    RasterImage.cpp in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, and SeaMonkey before 2.24 does not prevent access to discarded data, which allows remote attackers to execute arbitrary code or cause a denial of service (incorrect write…

  • CVE-2012-5830HigNov 21, 2012
    risk 0.58cvss 8.8epss 0.04

    Use-after-free vulnerability in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 on Mac OS X allows remote attackers to execute arbitrary code via an HTML document.

  • CVE-2010-2753HigJul 30, 2010
    risk 0.58cvss 8.8epss 0.07

    Integer overflow in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, Thunderbird 3.0.x before 3.0.6 and 3.1.x before 3.1.1, and SeaMonkey before 2.0.6 allows remote attackers to execute arbitrary code via a large selection attribute in a XUL tree element, which…

  • CVE-2010-1208HigJul 30, 2010
    risk 0.58cvss 8.8epss 0.05

    Use-after-free vulnerability in the attribute-cloning functionality in the DOM implementation in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, and SeaMonkey before 2.0.6, allows remote attackers to execute arbitrary code via vectors related to deletion of an event…

  • CVE-2026-12289HigJun 16, 2026
    risk 0.57cvss 8.8epss 0.00

    Privilege escalation in the Graphics: WebRender component. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Firefox ESR 115.37, Thunderbird 152, and Thunderbird 140.12.

  • CVE-2026-8975HigMay 19, 2026
    risk 0.57cvss 8.8epss 0.00

    Memory safety bugs present in Firefox ESR 115.35, Firefox ESR 140.10 and Firefox 150. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in…

  • CVE-2026-8974HigMay 19, 2026
    risk 0.57cvss 8.8epss 0.00

    Memory safety bugs present in Firefox ESR 140.10 and Firefox 150. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 151, Firefox…

  • CVE-2026-8973HigMay 19, 2026
    risk 0.57cvss 8.8epss 0.00

    Memory safety bugs present in Firefox 150. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 151 and Thunderbird 151.

  • CVE-2026-8972HigMay 19, 2026
    risk 0.57cvss 8.8epss 0.00

    Privilege escalation in the WebRTC: Audio/Video component. This vulnerability was fixed in Firefox 151 and Thunderbird 151.

  • CVE-2026-8970HigMay 19, 2026
    risk 0.57cvss 8.8epss 0.00

    Privilege escalation in the Security component. This vulnerability was fixed in Firefox 151, Firefox ESR 140.11, Thunderbird 151, and Thunderbird 140.11.

  • CVE-2026-8957HigMay 19, 2026
    risk 0.57cvss 8.8epss 0.00

    Privilege escalation in the Enterprise Policies component. This vulnerability was fixed in Firefox 151, Firefox ESR 140.11, Thunderbird 151, and Thunderbird 140.11.

  • CVE-2026-8955HigMay 19, 2026
    risk 0.57cvss 8.8epss 0.00

    Privilege escalation in the DOM: Workers component. This vulnerability was fixed in Firefox 151, Firefox ESR 140.11, Thunderbird 151, and Thunderbird 140.11.

  • CVE-2026-8952HigMay 19, 2026
    risk 0.57cvss 8.8epss 0.00

    Privilege escalation in the Application Update component. This vulnerability was fixed in Firefox 151 and Thunderbird 151.

  • CVE-2026-8389HigMay 12, 2026
    risk 0.57cvss 8.8epss 0.00

    JIT miscompilation in the JavaScript Engine: JIT component. This vulnerability was fixed in Firefox 150.0.3.

  • CVE-2026-6769HigApr 21, 2026
    risk 0.57cvss 8.8epss 0.00

    Privilege escalation in the Debugger component. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10.

  • CVE-2026-6761HigApr 21, 2026
    risk 0.57cvss 8.8epss 0.00

    Privilege escalation in the Networking component. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10.

  • CVE-2026-6750HigApr 21, 2026
    risk 0.57cvss 8.8epss 0.00

    Privilege escalation in the Graphics: WebRender component. This vulnerability was fixed in Firefox 150, Firefox ESR 115.35, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10.

  • CVE-2026-5733HigApr 7, 2026
    risk 0.57cvss 8.8epss 0.00

    Incorrect boundary conditions in the Graphics: WebGPU component. This vulnerability was fixed in Firefox 149.0.2 and Thunderbird 149.0.2.

  • CVE-2026-5732HigApr 7, 2026
    risk 0.57cvss 8.8epss 0.00

    Incorrect boundary conditions, integer overflow in the Graphics: Text component. This vulnerability was fixed in Firefox 149.0.2, Firefox ESR 140.9.1, Thunderbird 149.0.2, and Thunderbird 140.9.1.

  • CVE-2026-4722HigMar 24, 2026
    risk 0.57cvss 8.8epss 0.00

    Privilege escalation in the IPC component. This vulnerability was fixed in Firefox 149 and Thunderbird 149.

  • CVE-2026-3847HigMar 10, 2026
    risk 0.57cvss 8.8epss 0.00

    Memory safety bugs present in Firefox 148.0.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 148.0.2.

  • CVE-2026-3845HigMar 10, 2026
    risk 0.57cvss 8.8epss 0.00

    Heap buffer overflow in the Audio/Video: Playback component in Firefox for Android. This vulnerability was fixed in Firefox 148.0.2.

  • CVE-2026-2798HigFeb 24, 2026
    risk 0.57cvss 8.8epss 0.00

    Use-after-free in the DOM: Core & HTML component. This vulnerability was fixed in Firefox 148 and Thunderbird 148.

  • CVE-2026-2769HigFeb 24, 2026
    risk 0.57cvss 8.8epss 0.00

    Use-after-free in the Storage: IndexedDB component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8.

  • CVE-2026-2447HigFeb 16, 2026
    risk 0.57cvss 8.8epss 0.01

    Heap buffer overflow in libvpx. This vulnerability was fixed in Firefox 147.0.4, Firefox ESR 140.7.1, Firefox ESR 115.32.1, Thunderbird 140.7.2, and Thunderbird 147.0.2.

  • CVE-2026-24869HigJan 27, 2026
    risk 0.57cvss 8.8epss 0.00

    Use-after-free in the Layout: Scrolling and Overflow component. This vulnerability was fixed in Firefox 147.0.2.

  • CVE-2026-0882HigJan 13, 2026
    risk 0.57cvss 8.8epss 0.00

    Use-after-free in the IPC component. This vulnerability was fixed in Firefox 147, Firefox ESR 115.32, Firefox ESR 140.7, Thunderbird 147, and Thunderbird 140.7.

  • CVE-2026-0880HigJan 13, 2026
    risk 0.57cvss 8.8epss 0.01

    Sandbox escape due to integer overflow in the Graphics component. This vulnerability was fixed in Firefox 147, Firefox ESR 115.32, Firefox ESR 140.7, Thunderbird 147, and Thunderbird 140.7.

  • CVE-2025-14861HigDec 18, 2025
    risk 0.57cvss 8.8epss 0.00

    Memory safety bugs present in Firefox 146. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 146.0.1.

  • CVE-2025-14329HigDec 9, 2025
    risk 0.57cvss 8.8epss 0.00

    Privilege escalation in the Netmonitor component. This vulnerability was fixed in Firefox 146, Firefox ESR 140.6, Thunderbird 146, and Thunderbird 140.6.

  • CVE-2025-14328HigDec 9, 2025
    risk 0.57cvss 8.8epss 0.00

    Privilege escalation in the Netmonitor component. This vulnerability was fixed in Firefox 146, Firefox ESR 140.6, Thunderbird 146, and Thunderbird 140.6.

  • CVE-2025-14323HigDec 9, 2025
    risk 0.57cvss 8.8epss 0.00

    Privilege escalation in the DOM: Notifications component. This vulnerability was fixed in Firefox 146, Firefox ESR 115.31, Firefox ESR 140.6, Thunderbird 146, and Thunderbird 140.6.

  • CVE-2025-13020HigNov 11, 2025
    risk 0.57cvss 8.8epss 0.00

    Use-after-free in the WebRTC: Audio/Video component. This vulnerability was fixed in Firefox 145, Firefox ESR 140.5, Thunderbird 145, and Thunderbird 140.5.

  • CVE-2025-13014HigNov 11, 2025
    risk 0.57cvss 8.8epss 0.00

    Use-after-free in the Audio/Video component. This vulnerability was fixed in Firefox 145, Firefox ESR 140.5, Firefox ESR 115.30, Thunderbird 145, and Thunderbird 140.5.

  • CVE-2025-11715HigOct 14, 2025
    risk 0.57cvss 8.8epss 0.00

    Memory safety bugs present in Firefox ESR 140.3, Thunderbird ESR 140.3, Firefox 143 and Thunderbird 143. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This…

  • CVE-2025-11714HigOct 14, 2025
    risk 0.57cvss 8.8epss 0.00

    Memory safety bugs present in Firefox ESR 115.28, Firefox ESR 140.3, Thunderbird ESR 140.3, Firefox 143 and Thunderbird 143. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary…

  • CVE-2025-10537HigSep 16, 2025
    risk 0.57cvss 8.8epss 0.00

    Memory safety bugs present in Firefox ESR 140.2, Thunderbird ESR 140.2, Firefox 142 and Thunderbird 142. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This…

  • CVE-2025-10533HigSep 16, 2025
    risk 0.57cvss 8.8epss 0.01

    Integer overflow in the SVG component. This vulnerability was fixed in Firefox 143, Firefox ESR 115.28, Firefox ESR 140.3, Thunderbird 143, and Thunderbird 140.3.

  • CVE-2025-8040HigJul 22, 2025
    risk 0.57cvss 8.8epss 0.00

    Memory safety bugs present in Firefox ESR 140.0, Thunderbird ESR 140.0, Firefox 140 and Thunderbird 140. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This…

Page 7 of 73