Lucene search
K

32 matches found

Vulnrichment
Vulnrichment
added 2026/03/24 12:30 p.m.6 views

CVE-2026-4705 Undefined behavior in the WebRTC: Signaling component

Undefined behavior in the WebRTC: Signaling component. This vulnerability was fixed in Firefox 149, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9...

7.2AI score0.00418EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/03/24 12:30 p.m.23 views

CVE-2026-4689 Sandbox escape due to incorrect boundary conditions, integer overflow in the XPCOM component

Sandbox escape due to incorrect boundary conditions, integer overflow in the XPCOM component. This vulnerability was fixed in Firefox 149, Firefox ESR 115.34, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9...

0.00665EPSS
Exploits0References6
NVD
NVD
added 2026/02/16 3:18 p.m.10 views

CVE-2026-2447

Heap buffer overflow in libvpx. This vulnerability was fixed in Firefox 147.0.4, Firefox ESR 140.7.1, Firefox ESR 115.32.1, Thunderbird 140.7.2, and Thunderbird 147.0.2...

8.8CVSS0.006EPSS
Exploits0References49
Positive Technologies
Positive Technologies
added 2026/01/01 12:0 a.m.2 views

PT-2026-27408

Name of the Vulnerable Software and Affected Versions Firefox versions prior to 149 Firefox ESR versions prior to 140.9 Thunderbird versions prior to 149 Thunderbird versions prior to 140.9 Description An issue exists due to incorrect boundary conditions within the Audio/Video component...

10CVSS6.3AI score0.00773EPSS
Exploits0References259
EUVD
EUVD
added 2025/10/03 8:7 p.m.1 views

EUVD-2022-27884

Malicious code in bioql PyPI...

7.5CVSS8.6AI score0.00652EPSS
Exploits0References5
Debian CVE
Debian CVE
added 2025/07/22 8:49 p.m.3 views

CVE-2025-8034

Memory safety bugs present in Firefox ESR 115.25, Firefox ESR 128.12, Thunderbird ESR 128.12, Firefox ESR 140.0, Thunderbird ESR 140.0, Firefox 140 and Thunderbird 140. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been...

8.8CVSS8.5AI score0.00375EPSS
Exploits0
NVD
NVD
added 2025/06/24 1:15 p.m.9 views

CVE-2025-6425

An attacker who enumerated resources from the WebCompat extension could have obtained a persistent UUID that identified the browser, and persisted between containers and normal/private browsing mode, but not profiles. This vulnerability was fixed in Firefox 140, Firefox ESR 115.25, Firefox ESR...

4.3CVSS0.00249EPSS
Exploits0References8
Cvelist
Cvelist
added 2025/06/24 12:27 p.m.6 views

CVE-2025-6425 The WebCompat WebExtension shipped with Firefox exposed a persistent UUID

An attacker who enumerated resources from the WebCompat extension could have obtained a persistent UUID that identified the browser, and persisted between containers and normal/private browsing mode, but not profiles. This vulnerability was fixed in Firefox 140, Firefox ESR 115.25, Firefox ESR...

0.00249EPSS
Exploits0References6
AlpineLinux
AlpineLinux
added 2025/03/04 2:15 p.m.1 views

CVE-2025-1930

On Windows, a compromised content process could use bad StreamData sent over AudioIPC to trigger a use-after-free in the Browser process. This could have led to a sandbox escape. This vulnerability affects Firefox 136, Firefox ESR 115.21, Firefox ESR 128.8, Thunderbird 136, and Thunderbird 128.8...

8.8CVSS6AI score0.00373EPSS
Exploits0References6
OSV
OSV
added 2024/08/06 1:15 p.m.1 views

UBUNTU-CVE-2024-7521

Incomplete WebAssembly exception handing could have led to a use-after-free. This vulnerability affects Firefox 129, Firefox ESR 115.14, Firefox ESR 128.1, Thunderbird 128.1, and Thunderbird 115.14...

9.8CVSS6.9AI score0.00581EPSS
Exploits0References12
SUSE CVE
SUSE CVE
added 2024/01/25 2:48 a.m.3 views

SUSE CVE-2024-0753

In specific HSTS configurations an attacker could have bypassed HSTS on a subdomain. This vulnerability affects Firefox 122, Firefox ESR 115.7, and Thunderbird 115.7...

6.5CVSS7.1AI score0.00711EPSS
Exploits0References8
ATTACKERKB
ATTACKERKB
added 2023/06/02 5:15 p.m.3 views

CVE-2023-25730

A background script invoking requestFullscreen and then blocking the main thread could force the browser into fullscreen mode indefinitely, resulting in potential user confusion or spoofing attacks. This vulnerability affects Firefox 110, Thunderbird 102.8, and Firefox ESR 102.8...

5.4CVSS5.9AI score0.00546EPSS
Exploits0References5
OSV
OSV
added 2023/06/02 5:15 p.m.4 views

DEBIAN-CVE-2023-25729

Permission prompts for opening external schemes were only shown for ContentPrincipals resulting in extensions being able to open them without user interaction via ExpandedPrincipals. This could lead to further malicious actions such as downloading files or interacting with software already...

8.8CVSS7.9AI score0.00681EPSS
Exploits0References1
SUSE CVE
SUSE CVE
added 2023/02/15 4:26 a.m.2 views

SUSE CVE-2018-12368

Windows 10 does not warn users before opening executable files with the SettingContent-ms extension even when they have been downloaded from the internet and have the "Mark of the Web." Without the warning, unsuspecting users unfamiliar with this new file type might run an unwanted executable. Th...

5CVSS7.4AI score0.04831EPSS
Exploits1References7
OSV
OSV
added 2022/12/22 8:15 p.m.6 views

CVE-2022-34481

In the nsTArrayImpl::ReplaceElementsAt function, an integer overflow could have occurred when the number of elements to replace was too large for the container. This vulnerability affects Firefox 102, Firefox ESR 91.11, Thunderbird 102, and Thunderbird 91.11...

8.8CVSS8.9AI score
Exploits0References4
OSV
OSV
added 2022/04/06 12:0 a.m.1 views

UBUNTU-CVE-2022-28281

If a compromised content process sent an unexpected number of WebAuthN Extensions in a Register command to the parent process, an out of bounds write would have occurred leading to memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird 91.8, Firefox 99, and...

8.8CVSS7.3AI score0.02556EPSS
Exploits1References7
OSV
OSV
added 2021/12/08 10:15 p.m.2 views

DEBIAN-CVE-2021-38503

The iframe sandbox rules were not correctly applied to XSLT stylesheets, allowing an iframe to bypass restrictions such as executing scripts or navigating the top-level frame. This vulnerability affects Firefox 94, Thunderbird 91.3, and Firefox ESR 91.3...

10CVSS8.4AI score0.0383EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2021/10/13 9:30 a.m.3 views

Mozilla: Validation message could have been overlaid on another origin

Through use of reportValidity and window.open, a plain-text validation message could have been overlaid on another origin, leading to possible user confusion and spoofing attacks. This vulnerability affects Firefox 93, Thunderbird 91.2, and Firefox ESR 91.2...

6.5CVSS7.3AI score0.00531EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2021/10/11 8:16 a.m.3 views

Mozilla: Use-after-free in MessageTask

During operations on MessageTasks, a task may have been removed while it was still scheduled, resulting in memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird 78.15, Thunderbird 91.2, Firefox ESR 91.2, Firefox ESR 78.15, and Firefox 93...

8.8CVSS7.3AI score0.01593EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2021/08/16 10:23 a.m.6 views

Mozilla: Incorrect instruction reordering during JIT optimization

Instruction reordering resulted in a sequence of instructions that would cause an object to be incorrectly considered during garbage collection. This led to memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird 78.13, Thunderbird 91, Firefox ESR 78.13, and...

8.8CVSS7.2AI score0.01386EPSS
Exploits1References4
Rows per page
Query Builder