31 matches found
CVE-2026-4723
Use-after-free in the JavaScript Engine component. This vulnerability was fixed in Firefox 149 and Thunderbird 149...
Mozilla Firefox < 149.0
The version of Firefox installed on the remote macOS or Mac OS X host is prior to 149.0. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2026-20 advisory. - Sandbox escape due to use-after-free in the Graphics: Canvas2D component. This vulnerability affects Firefox...
Mozilla Firefox < 148.0.2
The version of Firefox installed on the remote macOS or Mac OS X host is prior to 148.0.2. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2026-19 advisory. - Memory safety bugs present in Firefox 148.0.2. Some of these bugs showed evidence of memory corruption and...
PT-2026-21719
Name of the Vulnerable Software and Affected Versions Firefox versions prior to 148 Firefox ESR versions prior to 140.8 Thunderbird versions prior to 148 Thunderbird versions prior to 140.8 Description A use-after-free issue exists in the JavaScript Engine component. This condition occurs when...
Mozilla Firefox < 2.0.0.19
The version of Firefox installed on the remote Windows host is prior to 2.0.0.19. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2008-68 advisory. - Multiple unspecified vulnerabilities in Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19, Thunderbird 2.x...
Mozilla Firefox < 22.0
The version of Firefox installed on the remote macOS or Mac OS X host is prior to 22.0. It is, therefore, affected by a vulnerability as referenced in the mfsa2013-54 advisory. - Do not send data XHR HEAD requestCVE-2013-1692 CVE-2013-1692 Note that Nessus has not tested for this issue but has...
Mozilla Firefox < 68.10.1
The version of Firefox installed on the remote Windows host is prior to 68.10.1. It is, therefore, affected by a vulnerability as referenced in the mfsa2020-27 advisory. - A Content Provider in Firefox for Android allowed local files accessible by the browser to be read by a remote webpage, leadi...
Mozilla Firefox < 60.0.2
The version of Firefox installed on the remote macOS or Mac OS X host is prior to 60.0.2. It is, therefore, affected by a vulnerability as referenced in the mfsa2018-14 advisory. - A heap buffer overflow can occur in the Skia library when rasterizing paths using a maliciously crafted SVG file wit...
Mozilla Firefox < 61.0
The version of Firefox installed on the remote Windows host is prior to 61.0. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2018-15 advisory. - Mozilla developers and community members Alex Gaynor, Christoph Diehl, Christian Holler, Jason Kratzer, David Major, Jo...
Linux Distros Unpatched Vulnerability : CVE-2024-1556
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The incorrect object was checked for NULL in the built-in profiler, potentially leading to invalid memory access and undefined behavior. Note: This issue only...
Linux Distros Unpatched Vulnerability : CVE-2024-3860
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An out-of-memory condition during object initialization could result in an empty shape list. If the JIT subsequently traced the object it would crash. This...
Linux Distros Unpatched Vulnerability : CVE-2017-7783
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - If a long user name is used in a username/password combination in a site URL such as http://UserName:[email protected], the resulting modal prompt will hang ...
Linux Distros Unpatched Vulnerability : CVE-2019-9809
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - If the source for resources on a page is through an FTP connection, it is possible to trigger a series of modal alert messages for these resources through inval...
Linux Distros Unpatched Vulnerability : CVE-2021-23985
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - If an attacker is able to alter specific about:config values for example malware running on the user's computer, the Devtools remote debugging feature could hav...
Linux Distros Unpatched Vulnerability : CVE-2025-6433
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - If a user visited a webpage with an invalid TLS certificate, and granted an exception, the webpage was able to provide a WebAuthn challenge that the user would ...
SUSE CVE-2025-0245
Under certain circumstances, a user opt-in setting that Focus should require authentication before use could have been be bypassed. This vulnerability was fixed in Firefox 134...
SUSE CVE-2024-6610
Form validation popups could capture escape key presses. Therefore, spamming form validation messages could be used to prevent users from exiting full-screen mode. This vulnerability affects Firefox 128 and Thunderbird 128...
UBUNTU-CVE-2024-3865
Memory safety bugs present in Firefox 124. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox 125...
SUSE CVE-2013-0794
Mozilla Firefox before 20.0 and SeaMonkey before 2.17 do not prevent origin spoofing of tab-modal dialogs, which allows remote attackers to conduct phishing attacks via a crafted web site...
SUSE CVE-2020-26978
Using techniques that built on the slipstream research, a malicious webpage could have exposed both an internal network's hosts as well as services running on the user's local machine. This vulnerability affects Firefox 84, Thunderbird 78.6, and Firefox ESR 78.6...