Lucene search
K

20 matches found

CVE
CVE
added 2026/02/24 1:33 p.m.24 views

CVE-2026-2806

CVE-2026-2806 involves an uninitialized memory issue in the Graphics: Text component of Firefox/Thunderbird. Affected products are Mozilla Firefox and Mozilla Thunderbird (before versions 148). Root cause per the documents is uninitialized memory in the Text rendering path, with a fix implemented...

9.1CVSS5.8AI score0.00387EPSS
Exploits0References3Affected Software2
RedHat Linux
RedHat Linux
added 2025/10/15 4:41 p.m.4 views

thunderbird: firefox: Cross-process information leaked due to malicious IPC messages

A flaw was found in Thunderbird and Firefox. The Mozilla Foundation's Security Advisory describes the following issue: A compromised web process using malicious IPC messages could have caused the privileged browser process to reveal blocks of its memory to the compromised process...

9.8CVSS7.3AI score0.00385EPSS
Exploits0References6
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2020-19475

Malware in sbrugna...

6.1CVSS7.8AI score0.01042EPSS
Exploits0References24
EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2022-31044

Malicious code in bioql PyPI...

9.6CVSS7.9AI score0.02349EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2023-58012

Malicious code in bioql PyPI...

4.3CVSS7.2AI score0.00598EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2025/08/12 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2022-22747

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - After accepting an untrusted certificate, handling an empty pkcs7 sequence as part of the certificate data could have lead to a crash. This crash is believed to...

6.5CVSS7.6AI score0.0063EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/08/08 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2020-26959

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - During browser shutdown, reference decrementing could have occured on a previously freed object, resulting in a use-after-free, memory corruption, and a...

8.8CVSS8.3AI score0.01275EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/08/08 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2024-9393

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An attacker could, via a specially crafted multipart response, execute arbitrary JavaScript under the resource://pdf.js origin. This could allow them to access...

7.5CVSS7.4AI score0.00402EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2025/08/08 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2024-0750

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A bug in popup notifications delay calculation could have made it possible for an attacker to trick a user into granting permissions. This vulnerability affects...

8.8CVSS8.3AI score0.00837EPSS
Exploits0References2
CVE
CVE
added 2025/07/22 8:49 p.m.86 views

CVE-2025-8029

CVE-2025-8029: Thunderbird and Firefox products are affected by a vulnerability where javascript: URLs are executed when used inside object and embed tags. The impact list states affected versions include Firefox < 141 and Thunderbird < 141 (and ESR branches

8.1CVSS7.2AI score0.00306EPSS
Exploits0References8Affected Software2
Vulnrichment
Vulnrichment
added 2025/07/22 8:49 p.m.6 views

CVE-2025-8028 Large branch table could lead to truncated instruction

On arm64, a WASM brtable instruction with a lot of entries could lead to the label being too far from the instruction causing truncation and incorrect computation of the branch address. This vulnerability was fixed in Firefox 141, Firefox ESR 115.26, Firefox ESR 128.13, Firefox ESR 140.1,...

7.2AI score0.00472EPSS
Exploits0References8
Debian CVE
Debian CVE
added 2025/06/24 12:28 p.m.4 views

CVE-2025-6430

When a file download is specified via the Content-Disposition header, that directive would be ignored if the file was included via a embed or object tag, potentially making a website vulnerable to a cross-site scripting attack. This vulnerability was fixed in Firefox 140, Firefox ESR 128.12,...

6.1CVSS5.7AI score0.00215EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/22 3:24 p.m.6 views

CVE-2020-26972

The lifecycle of IPC Actors allows managed actors to outlive their manager actors; and the former must ensure that they are not attempting to use a dead actor they have a reference to. Such a check was omitted in WebGL, resulting in a use-after-free and a potentially exploitable crash. This...

9.8CVSS6.3AI score0.01295EPSS
Exploits0
CVE
CVE
added 2025/05/17 9:7 p.m.96 views

CVE-2025-4921

CVE-2025-4921 is rejected/not used (duplicate of CVE-2025-4919).

6.2AI score
Exploits0
SUSE CVE
SUSE CVE
added 2024/08/07 2:54 a.m.4 views

SUSE CVE-2024-7531

Calling PK11Encrypt in NSS using CKMCHACHA20 and the same buffer for input and output can result in plaintext on an Intel Sandy Bridge processor. In Firefox this only affects the QUIC header protection feature when the connection is using the ChaCha20-Poly1305 cipher suite. The most likely outcom...

4.2CVSS6.3AI score0.00409EPSS
Exploits0References6
SUSE CVE
SUSE CVE
added 2023/02/15 3:23 a.m.1 views

SUSE CVE-2022-40962

Mozilla developers Nika Layzell, Timothy Nikkel, Sebastian Hengst, Andreas Pehrson, and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 104 and Firefox ESR 102.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these...

8.8CVSS9.5AI score0.01342EPSS
Exploits0References8
OSV
OSV
added 2021/06/24 2:15 p.m.2 views

DEBIAN-CVE-2021-29967

Mozilla developers reported memory safety bugs present in Firefox 88 and Firefox ESR 78.11. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird 78.11,...

8.8CVSS7.6AI score0.01368EPSS
Exploits0References1
OSV
OSV
added 2019/02/28 6:29 p.m.7 views

CVE-2018-12397

A WebExtension can request access to local files without the warning prompt stating that the extension will "Access your data for all websites" being displayed to the user. This allows extensions to run content scripts in local pages without permission warnings when a local file is opened. This...

7.1CVSS8.5AI score
Exploits0References11
OSV
OSV
added 2018/06/11 9:29 p.m.5 views

CVE-2017-5448

An out-of-bounds write in "ClearKeyDecryptor" while decrypting some Clearkey-encrypted media content. The "ClearKeyDecryptor" code runs within the Gecko Media Plugin GMP sandbox. If a second mechanism is found to escape the sandbox, this vulnerability allows for the writing of arbitrary data with...

8.6CVSS8.2AI score
Exploits0References9
RedHat Linux
RedHat Linux
added 2009/07/22 12:27 a.m.3 views

Mozilla Base64 decoding crash

Multiple integer overflows in the 1 PLBase64Decode and 2 PLBase64Encode functions in nsprpub/lib/libc/src/base64.c in Mozilla Firefox before 3.0.12, Thunderbird before 2.0.0.24, and SeaMonkey before 1.1.19 allow remote attackers to cause a denial of service memory corruption and application crash...

10CVSS6.4AI score0.06433EPSS
Exploits2References4
Rows per page
Query Builder