45 matches found
CVE-2026-4727
Denial-of-service in the Libraries component in NSS. This vulnerability was fixed in Firefox 149 and Thunderbird 149...
firefox: thunderbird: Information disclosure in the Networking component
A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Information disclosure in the Networking component...
firefox: thunderbird: Sandbox escape due to incorrect boundary conditions in the Graphics: CanvasWebGL component
A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Sandbox escape due to incorrect boundary conditions in the Graphics: CanvasWebGL component...
Mozilla Firefox < 3.0.18
The version of Firefox installed on the remote macOS or Mac OS X host is prior to 3.0.18. It is, therefore, affected by a vulnerability as referenced in the mfsa2010-05 advisory. - Mozilla Firefox 3.0.x before 3.0.18 and 3.5.x before 3.5.8, and SeaMonkey before 2.0.3, does not properly support th...
PT-2025-44159
Name of the Vulnerable Software and Affected Versions Firefox versions prior to 144.0.2 Description A compromised child process could trigger a use-after-free in the GPU or browser process through WebGPU-related IPC calls. This could potentially allow for escaping the child process sandbox...
CVE-2025-10529
Same-origin policy bypass in the Layout component. This vulnerability affects Firefox 143, Firefox ESR 140.3, Thunderbird 143, and Thunderbird 140.3...
CVE-2025-10527
The CVE-2025-10527 entry corresponds to a sandbox escape via use-after-free in the Graphics: Canvas2D component. Affected products include Firefox <143, Firefox ESR <140.3, Thunderbird <143, and Thunderbird
PT-2025-33870
Name of the Vulnerable Software and Affected Versions: Firefox versions prior to 142 Firefox ESR versions prior to 140.2 Thunderbird versions prior to 142 Thunderbird ESR versions prior to 140.2 Description: Memory safety bugs are present in the software, with some showing evidence of memory...
UBUNTU-CVE-2025-4088
A security vulnerability in Thunderbird allowed malicious sites to use redirects to send credentialed requests to arbitrary endpoints on any site that had invoked the Storage Access API. This enabled potential Cross-Site Request Forgery attacks across origins. This vulnerability was fixed in...
DEBIAN-CVE-2024-2612
If an attacker could find a way to trigger a particular code path in SafeRefPtr, it could have triggered a crash or potentially be leveraged to achieve code execution. This vulnerability affects Firefox 124, Firefox ESR 115.9, and Thunderbird 115.9...
SUSE CVE-2024-0742
It was possible for certain browser prompts and dialogs to be activated or dismissed unintentionally by the user due to an incorrect timestamp used to prevent input after page load. This vulnerability affects Firefox 122, Firefox ESR 115.7, and Thunderbird 115.7...
SUSE CVE-2010-2770
Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 on Mac OS X allow remote attackers to cause a denial of service memory corruption and application crash or possibly execute arbitrary code via a crafted font in a data...
SUSE CVE-2011-3079
The Inter-process Communication IPC implementation in Google Chrome before 18.0.1025.168, as used in Mozilla Firefox before 38.0 and other products, does not properly validate messages, which has unspecified impact and attack vectors...
SUSE CVE-2013-1686
Use-after-free vulnerability in the mozilla::ResetDir function in Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbird before 17.0.7, and Thunderbird ESR 17.x before 17.0.7 allows remote attackers to execute arbitrary code or cause a denial of service heap memory corruption vi...
SUSE CVE-2013-5619
Multiple integer overflows in the binary-search implementation in SpiderMonkey in Mozilla Firefox before 26.0 and SeaMonkey before 2.23 might allow remote attackers to cause a denial of service out-of-bounds array access or possibly have unspecified other impact via crafted JavaScript code...
SUSE CVE-2017-5376
Use-after-free while manipulating XSL in XSLT documents. This vulnerability affects Thunderbird 45.7, Firefox ESR 45.7, and Firefox 51...
SUSE CVE-2017-5391
Special "about:" pages used by web content, such as RSS feeds, can load privileged "about:" pages in an iframe. If a content-injection bug were found in one of those pages this could allow for potential privilege escalation. This vulnerability affects Firefox 51...
SUSE CVE-2017-5453
A mechanism to inject static HTML into the RSS reader preview page due to a failure to escape characters sent as URL parameters for a feed's "TITLE" element. This vulnerability allows for spoofing but no scripted content can be run. This vulnerability affects Firefox 53...
SUSE CVE-2017-7826
Memory safety bugs were reported in Firefox 56 and Firefox ESR 52.4. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox 57, Firefox ESR 52.5, and Thunderbird...
SUSE CVE-2019-9814
Mozilla developers and community members reported memory safety bugs present in Firefox 66. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox 67...