CVE-2026-4685

Incorrect boundary conditions in the Graphics: Canvas2D component. This vulnerability was fixed in Firefox 149, Firefox ESR 115.34, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9...

CVE-2026-4698

JIT miscompilation in the JavaScript Engine: JIT component. This vulnerability was fixed in Firefox 149, Firefox ESR 115.34, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9...

CVE-2026-2800

Spoofing issue in the WebAuthn component in Firefox for Android. This vulnerability was fixed in Firefox 148 and Thunderbird 148...

CVE-2026-2791 Mitigation bypass in the Networking: Cache component

Mitigation bypass in the Networking: Cache component. This vulnerability was fixed in Firefox 148, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8...

firefox: thunderbird: JIT miscompilation in the JavaScript Engine: JIT component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: JIT miscompilation in the JavaScript Engine: JIT component...

PT-2026-21716

Name of the Vulnerable Software and Affected Versions Firefox versions prior to 148 Firefox ESR versions prior to 140.8 Thunderbird versions prior to 148 Thunderbird versions prior to 140.8 Description An information disclosure issue exists due to Just-In-Time JIT miscompilation within the...

PT-2026-21717

Name of the Vulnerable Software and Affected Versions Firefox versions prior to 148 Firefox ESR versions prior to 140.8 Thunderbird versions prior to 148 Thunderbird versions prior to 140.8 Description A mitigation bypass exists in the DOM within the Security component. This issue impacts Firefox...

PT-2026-21708

Name of the Vulnerable Software and Affected Versions Firefox versions prior to 148 Firefox ESR versions prior to 115.33 Firefox ESR versions prior to 140.8 Thunderbird versions prior to 148 Thunderbird versions prior to 140.8 Description A mitigation bypass exists in the DOM: HTML Parser...

EUVD-2025-34180

A compromised web process was able to trigger out of bounds reads and writes in a more privileged process using manipulated WebGL textures. This vulnerability affects Firefox 144, Firefox ESR 115.29, Firefox ESR 140.4, Thunderbird 144, and Thunderbird 140.4...

EUVD-2021-10917

Malware in sbrugna...

Linux Distros Unpatched Vulnerability : CVE-2023-6210

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - When an https: web page created a pop-up from a javascript: URL, that pop-up was incorrectly allowed to load blockable content such as iframes from insecure htt...

Linux Distros Unpatched Vulnerability : CVE-2020-12421

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - When performing add-on updates, certificate chains terminating in non-built-in-roots were rejected even if they were legitimately added by an administrator. Thi...

firefox: Clickjacking the registerProtocolHandler info-bar Reporter

A flaw was found in Firefox. The Mozilla Foundation's Security Advisory describes the following issue: A web page could trick a user into setting that site as the default handler for a custom URL protocol...

Medium: nss-softokn

Issue Overview: Multiple NSS NIST curves were susceptible to a side-channel attack known as "Minerva". This attack could potentially allow an attacker to recover the private key. This vulnerability affects Firefox 121. CVE-2023-6135 Affected Packages: nss-softokn Note: This advisory is applicable...

SUSE CVE-2018-18496

When the RSS Feed preview about:feeds page is framed within another page, it can be used in concert with scripted content for a clickjacking attack that confuses users into downloading and executing an executable file from a temporary directory. Note: This issue only affects Windows operating...

UBUNTU-CVE-2021-23965

Mozilla developers reported memory safety bugs present in Firefox 84. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox 85...

UBUNTU-CVE-2020-15654

When in an endless loop, a website specifying a custom cursor using CSS could make it look like the user is interacting with the user interface, when they are not. This could lead to a perceived broken state, especially when interactions with existing browser dialogs and warnings do not work. Thi...

CVE-2017-7789

If a server sends two Strict-Transport-Security STS headers for a single connection, they will be rejected as invalid and HTTP Strict Transport Security HSTS will not be enabled for the connection. This vulnerability affects Firefox 55...

UBUNTU-CVE-2017-7797

Response header name interning does not have same-origin protections and these headers are stored in a global registry. This allows stored header names to be available cross-origin. This vulnerability affects Firefox 55...