VYPR

Vendor CVEs

Mozilla Corporation

All CVEs

3,627 total · sorted by risk
  • CVE-2025-8035HigJul 22, 2025
    risk 0.57cvss 8.8epss 0.00

    Memory safety bugs present in Firefox ESR 128.12, Thunderbird ESR 128.12, Firefox ESR 140.0, Thunderbird ESR 140.0, Firefox 140 and Thunderbird 140. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been…

  • CVE-2025-8034HigJul 22, 2025
    risk 0.57cvss 8.8epss 0.00

    Memory safety bugs present in Firefox ESR 115.25, Firefox ESR 128.12, Thunderbird ESR 128.12, Firefox ESR 140.0, Thunderbird ESR 140.0, Firefox 140 and Thunderbird 140. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these…

  • CVE-2025-6426HigJun 24, 2025
    risk 0.57cvss 8.8epss 0.00

    The executable file warning did not warn users before opening files with the `terminal` extension. *This bug only affects Firefox for macOS. Other versions of Firefox are unaffected.*. This vulnerability was fixed in Firefox 140, Firefox ESR 128.12, Thunderbird 140, and…

  • CVE-2025-4919HigMay 17, 2025
    risk 0.57cvss 8.8epss 0.06

    An attacker was able to perform an out-of-bounds read or write on a JavaScript object by confusing array index sizes. This vulnerability was fixed in Firefox 138.0.4, Firefox ESR 128.10.1, Firefox ESR 115.23.1, Thunderbird 128.10.2, and Thunderbird 138.0.2.

  • CVE-2025-2817HigApr 29, 2025
    risk 0.57cvss 8.8epss 0.01

    Thunderbird's update mechanism allowed a medium-integrity user process to interfere with the SYSTEM-level updater by manipulating the file-locking behavior. By injecting code into the user-privileged process, an attacker could bypass intended access controls, allowing…

  • CVE-2025-1930HigMar 4, 2025
    risk 0.57cvss 8.8epss 0.00

    On Windows, a compromised content process could use bad StreamData sent over AudioIPC to trigger a use-after-free in the Browser process. This could have led to a sandbox escape. This vulnerability was fixed in Firefox 136, Firefox ESR 115.21, Firefox ESR 128.8, Thunderbird 136,…

  • CVE-2025-1014HigFeb 4, 2025
    risk 0.57cvss 8.8epss 0.00

    Certificate length was not properly checked when added to a certificate store. In practice only trusted data was processed. This vulnerability was fixed in Firefox 135, Firefox ESR 128.7, Thunderbird 128.7, and Thunderbird 135.

  • CVE-2025-1011HigFeb 4, 2025
    risk 0.57cvss 8.8epss 0.01

    A bug in WebAssembly code generation could have lead to a crash. It may have been possible for an attacker to leverage this to achieve code execution. This vulnerability was fixed in Firefox 135, Firefox ESR 128.7, Thunderbird 128.7, and Thunderbird 135.

  • CVE-2025-1010HigFeb 4, 2025
    risk 0.57cvss 8.8epss 0.00

    An attacker could have caused a use-after-free via the Custom Highlight API, leading to a potentially exploitable crash. This vulnerability was fixed in Firefox 135, Firefox ESR 115.20, Firefox ESR 128.7, Thunderbird 128.7, and Thunderbird 135.

  • CVE-2018-5130HigJun 11, 2018
    risk 0.57cvss 8.8epss 0.02

    When packets with a mismatched RTP payload type are sent in WebRTC connections, in some circumstances a potentially exploitable crash is triggered. This vulnerability affects Firefox ESR < 52.7 and Firefox < 59.

  • CVE-2018-5125HigJun 11, 2018
    risk 0.57cvss 8.8epss 0.02

    Memory safety bugs were reported in Firefox 58 and Firefox ESR 52.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 52.7, Firefox…

  • CVE-2017-7846HigJun 11, 2018
    risk 0.57cvss 8.8epss 0.02

    It is possible to execute JavaScript in the parsed RSS feed when RSS feed is viewed as a website, e.g. via "View -> Feed article -> Website" or in the standard format of "View -> Feed article -> default format". This vulnerability affects Thunderbird < 52.5.2.

  • CVE-2017-7845HigJun 11, 2018
    risk 0.57cvss 8.8epss 0.03

    A buffer overflow occurs when drawing and validating elements using Direct 3D 9 with the ANGLE graphics library, used for WebGL content. This is due to an incorrect value being passed within the library during checks and results in a potentially exploitable crash. Note: This…

  • CVE-2017-7798HigJun 11, 2018
    risk 0.57cvss 8.8epss 0.02

    The Developer Tools feature suffers from a XUL injection vulnerability due to improper sanitization of the web page source code. In the worst case, this could allow arbitrary code execution when opening a malicious page with the style editor tool. This vulnerability affects…

  • CVE-2017-7752HigJun 11, 2018
    risk 0.57cvss 8.8epss 0.02

    A use-after-free vulnerability during specific user interactions with the input method editor (IME) in some languages due to how events are handled. This results in a potentially exploitable crash but would require specific user interaction to trigger. This vulnerability affects…

  • CVE-2017-5436HigJun 11, 2018
    risk 0.57cvss 8.8epss 0.02

    An out-of-bounds write in the Graphite 2 library triggered with a maliciously crafted Graphite font. This results in a potentially exploitable crash. This issue was fixed in the Graphite 2 library as well as Mozilla products. This vulnerability affects Thunderbird < 52.1,…

  • CVE-2017-5394HigJun 11, 2018
    risk 0.57cvss 8.8epss 0.01

    A location bar spoofing attack where the location bar of loaded page will be shown over the content of another tab due to a series of JavaScript events combined with fullscreen mode. Note: This issue only affects Firefox for Android. Other operating systems are not affected.…

  • CVE-2016-9905HigJun 11, 2018
    risk 0.57cvss 8.8epss 0.02

    A potentially exploitable crash in "EnumerateSubDocuments" while adding or removing sub-documents. This vulnerability affects Firefox ESR < 45.6 and Thunderbird < 45.6.

  • CVE-2016-9078HigJun 11, 2018
    risk 0.57cvss 8.8epss 0.02

    Redirection from an HTTP connection to a "data:" URL assigns the referring site's origin to the "data:" URL in some circumstances. This can result in same-origin violations against a domain if it loads resources from malicious sites. Cross-origin setting of cookies has been…

  • CVE-2016-9063CriJun 11, 2018
    risk 0.57cvss 9.8epss 0.06

    An integer overflow during the parsing of XML using the Expat library. This vulnerability affects Firefox < 50.

  • CVE-2017-5031HigApr 24, 2017
    risk 0.57cvss 8.8epss 0.01

    A use after free in ANGLE in Google Chrome prior to 57.0.2987.98 for Windows allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.

  • CVE-2016-5283HigSep 22, 2016
    risk 0.57cvss 8.8epss 0.01

    Mozilla Firefox before 49.0 allows remote attackers to bypass the Same Origin Policy via a crafted fragment identifier in the SRC attribute of an IFRAME element, leading to insufficient restrictions on link-color information after a document is resized.

  • CVE-2016-5275HigSep 22, 2016
    risk 0.57cvss 8.8epss 0.03

    Buffer overflow in the mozilla::gfx::FilterSupport::ComputeSourceNeededRegions function in Mozilla Firefox before 49.0 allows remote attackers to execute arbitrary code by leveraging improper interaction between empty filters and CANVAS element rendering.

  • CVE-2016-5273HigSep 22, 2016
    risk 0.57cvss 8.8epss 0.02

    The mozilla::a11y::HyperTextAccessible::GetChildOffset function in the accessibility implementation in Mozilla Firefox before 49.0 allows remote attackers to execute arbitrary code via a crafted web site.

  • CVE-2016-5272HigSep 22, 2016
    risk 0.57cvss 8.8epss 0.02

    The nsImageGeometryMixin class in Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4, and Thunderbird < 45.4 does not properly perform a cast of an unspecified variable during handling of INPUT elements, which allows remote attackers to execute arbitrary code via a…

  • CVE-2016-5264HigAug 5, 2016
    risk 0.57cvss 8.8epss 0.03

    Use-after-free vulnerability in the nsNodeUtils::NativeAnonymousChildListChange function in Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via an SVG element…

  • CVE-2016-5263HigAug 5, 2016
    risk 0.57cvss 8.8epss 0.02

    The nsDisplayList::HitTest function in Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 mishandles rendering display transformation, which allows remote attackers to execute arbitrary code via a crafted web site that leverages "type confusion."

  • CVE-2016-5259HigAug 5, 2016
    risk 0.57cvss 8.8epss 0.03

    Use-after-free vulnerability in the CanonicalizeXPCOMParticipant function in Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 allows remote attackers to execute arbitrary code via a script that closes its own Service Worker within a nested sync event loop.

  • CVE-2016-5258HigAug 5, 2016
    risk 0.57cvss 8.8epss 0.03

    Use-after-free vulnerability in the WebRTC socket thread in Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 allows remote attackers to execute arbitrary code by leveraging incorrect free operations on DTLS objects during the shutdown of a WebRTC session.

  • CVE-2016-5255HigAug 5, 2016
    risk 0.57cvss 8.8epss 0.02

    Use-after-free vulnerability in the js::PreliminaryObjectArray::sweep function in Mozilla Firefox before 48.0 allows remote attackers to execute arbitrary code via crafted JavaScript that is mishandled during incremental garbage collection.

  • CVE-2016-5252HigAug 5, 2016
    risk 0.57cvss 8.8epss 0.03

    Stack-based buffer underflow in the mozilla::gfx::BasePoint4d function in Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 allows remote attackers to execute arbitrary code via crafted two-dimensional graphics data that is mishandled during clipping-region…

  • CVE-2016-2836HigAug 5, 2016
    risk 0.57cvss 8.8epss 0.03

    Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to…

  • CVE-2016-2835HigAug 5, 2016
    risk 0.57cvss 8.8epss 0.03

    Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 48.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

  • CVE-2016-2834HigJun 13, 2016
    risk 0.57cvss 8.8epss 0.03

    Mozilla Network Security Services (NSS) before 3.23, as used in Mozilla Firefox before 47.0, allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via unknown vectors.

  • CVE-2016-2831HigJun 13, 2016
    risk 0.57cvss 8.8epss 0.01

    Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2 do not ensure that the user approves the fullscreen and pointerlock settings, which allows remote attackers to cause a denial of service (UI outage), or conduct clickjacking or spoofing attacks, via a crafted web site.

  • CVE-2016-2828HigJun 13, 2016
    risk 0.57cvss 8.8epss 0.03

    Use-after-free vulnerability in Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2 allows remote attackers to execute arbitrary code via WebGL content that triggers texture access after destruction of the texture's recycle pool.

  • CVE-2016-2824HigJun 13, 2016
    risk 0.57cvss 8.8epss 0.02

    The TSymbolTableLevel class in ANGLE, as used in Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2 on Windows, allows remote attackers to cause a denial of service (out-of-bounds write and application crash) or possibly have unspecified other impact by triggering use…

  • CVE-2016-2815HigJun 13, 2016
    risk 0.57cvss 8.8epss 0.03

    Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 47.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

  • CVE-2016-2811HigApr 30, 2016
    risk 0.57cvss 8.8epss 0.03

    Use-after-free vulnerability in the ServiceWorkerInfo class in the Service Worker subsystem in Mozilla Firefox before 46.0 allows remote attackers to execute arbitrary code via vectors related to the BeginReading method.

  • CVE-2016-2802HigMar 13, 2016
    risk 0.57cvss 8.8epss 0.02

    The graphite2::TtfUtil::CmapSubtable4NextCodepoint function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via…

  • CVE-2016-2801HigMar 13, 2016
    risk 0.57cvss 8.8epss 0.02

    The graphite2::TtfUtil::CmapSubtable12Lookup function in TtfUtil.cpp in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other…

  • CVE-2016-2800HigMar 13, 2016
    risk 0.57cvss 8.8epss 0.02

    The graphite2::Slot::getAttr function in Slot.cpp in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted…

  • CVE-2016-2798HigMar 13, 2016
    risk 0.57cvss 8.8epss 0.02

    The graphite2::GlyphCache::Loader::Loader function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted…

  • CVE-2016-2797HigMar 13, 2016
    risk 0.57cvss 8.8epss 0.03

    The graphite2::TtfUtil::CmapSubtable12Lookup function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a…

  • CVE-2016-2795HigMar 13, 2016
    risk 0.57cvss 8.8epss 0.02

    The graphite2::FileFace::get_table_fn function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, does not initialize memory for an unspecified data structure, which allows remote attackers to cause a denial of service or…

  • CVE-2016-2794HigMar 13, 2016
    risk 0.57cvss 8.8epss 0.03

    The graphite2::TtfUtil::CmapSubtable12NextCodepoint function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via…

  • CVE-2016-2793HigMar 13, 2016
    risk 0.57cvss 8.8epss 0.03

    CachedCmap.cpp in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted Graphite smart font.

  • CVE-2016-2792HigMar 13, 2016
    risk 0.57cvss 8.8epss 0.02

    The graphite2::Slot::getAttr function in Slot.cpp in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted…

  • CVE-2016-2791HigMar 13, 2016
    risk 0.57cvss 8.8epss 0.02

    The graphite2::GlyphCache::glyph function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted Graphite…

  • CVE-2016-2790HigMar 13, 2016
    risk 0.57cvss 8.8epss 0.02

    The graphite2::TtfUtil::GetTableInfo function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, does not initialize memory for an unspecified data structure, which allows remote attackers to cause a denial of service or possibly…

Page 8 of 73