20 matches found
CVE-2026-2806
CVE-2026-2806 involves an uninitialized memory issue in the Graphics: Text component of Firefox/Thunderbird. Affected products are Mozilla Firefox and Mozilla Thunderbird (before versions 148). Root cause per the documents is uninitialized memory in the Text rendering path, with a fix implemented...
thunderbird: firefox: Cross-process information leaked due to malicious IPC messages
A flaw was found in Thunderbird and Firefox. The Mozilla Foundation's Security Advisory describes the following issue: A compromised web process using malicious IPC messages could have caused the privileged browser process to reveal blocks of its memory to the compromised process...
EUVD-2020-19475
Malware in sbrugna...
EUVD-2022-31044
Malicious code in bioql PyPI...
EUVD-2023-58012
Malicious code in bioql PyPI...
Linux Distros Unpatched Vulnerability : CVE-2022-22747
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - After accepting an untrusted certificate, handling an empty pkcs7 sequence as part of the certificate data could have lead to a crash. This crash is believed to...
Linux Distros Unpatched Vulnerability : CVE-2020-26959
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - During browser shutdown, reference decrementing could have occured on a previously freed object, resulting in a use-after-free, memory corruption, and a...
Linux Distros Unpatched Vulnerability : CVE-2024-9393
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An attacker could, via a specially crafted multipart response, execute arbitrary JavaScript under the resource://pdf.js origin. This could allow them to access...
Linux Distros Unpatched Vulnerability : CVE-2024-0750
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A bug in popup notifications delay calculation could have made it possible for an attacker to trick a user into granting permissions. This vulnerability affects...
CVE-2025-8029
CVE-2025-8029: Thunderbird and Firefox products are affected by a vulnerability where javascript: URLs are executed when used inside object and embed tags. The impact list states affected versions include Firefox < 141 and Thunderbird < 141 (and ESR branches
CVE-2025-8028 Large branch table could lead to truncated instruction
On arm64, a WASM brtable instruction with a lot of entries could lead to the label being too far from the instruction causing truncation and incorrect computation of the branch address. This vulnerability was fixed in Firefox 141, Firefox ESR 115.26, Firefox ESR 128.13, Firefox ESR 140.1,...
CVE-2025-6430
When a file download is specified via the Content-Disposition header, that directive would be ignored if the file was included via a embed or object tag, potentially making a website vulnerable to a cross-site scripting attack. This vulnerability was fixed in Firefox 140, Firefox ESR 128.12,...
CVE-2020-26972
The lifecycle of IPC Actors allows managed actors to outlive their manager actors; and the former must ensure that they are not attempting to use a dead actor they have a reference to. Such a check was omitted in WebGL, resulting in a use-after-free and a potentially exploitable crash. This...
CVE-2025-4921
CVE-2025-4921 is rejected/not used (duplicate of CVE-2025-4919).
SUSE CVE-2024-7531
Calling PK11Encrypt in NSS using CKMCHACHA20 and the same buffer for input and output can result in plaintext on an Intel Sandy Bridge processor. In Firefox this only affects the QUIC header protection feature when the connection is using the ChaCha20-Poly1305 cipher suite. The most likely outcom...
SUSE CVE-2022-40962
Mozilla developers Nika Layzell, Timothy Nikkel, Sebastian Hengst, Andreas Pehrson, and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 104 and Firefox ESR 102.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these...
DEBIAN-CVE-2021-29967
Mozilla developers reported memory safety bugs present in Firefox 88 and Firefox ESR 78.11. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird 78.11,...
CVE-2018-12397
A WebExtension can request access to local files without the warning prompt stating that the extension will "Access your data for all websites" being displayed to the user. This allows extensions to run content scripts in local pages without permission warnings when a local file is opened. This...
CVE-2017-5448
An out-of-bounds write in "ClearKeyDecryptor" while decrypting some Clearkey-encrypted media content. The "ClearKeyDecryptor" code runs within the Gecko Media Plugin GMP sandbox. If a second mechanism is found to escape the sandbox, this vulnerability allows for the writing of arbitrary data with...
Mozilla Base64 decoding crash
Multiple integer overflows in the 1 PLBase64Decode and 2 PLBase64Encode functions in nsprpub/lib/libc/src/base64.c in Mozilla Firefox before 3.0.12, Thunderbird before 2.0.0.24, and SeaMonkey before 1.1.19 allow remote attackers to cause a denial of service memory corruption and application crash...