21 matches found
Linux Distros Unpatched Vulnerability : CVE-2026-2769
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Use-after-free in the Storage: IndexedDB component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird 148, and...
CVE-2026-24869
CVE-2026-24869 documents a Use-after-free in Firefox’s Layout: Scrolling and Overflow component, affecting Firefox versions earlier than 147.0.2. The vulnerability is described in multiple sources as a use-after-free issue with potential impact to memory safety in that UI/layout area. Nessus/Free...
MiracleLinux 4 : firefox-24.8.0-1.0.1.AXS4 (AXSA:2014-520:04)
The remote MiracleLinux 4 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2014-520:04 advisory. Description : Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability. Security issues fixed wi...
Linux Distros Unpatched Vulnerability : CVE-2025-14322
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Sandbox escape due to incorrect boundary conditions in the Graphics: CanvasWebGL component. This vulnerability was fixed in Firefox 146, Firefox ESR 115.31,...
Linux Distros Unpatched Vulnerability : CVE-2025-11721
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Memory safety bug present in Firefox 143 and Thunderbird 143. This bug showed evidence of memory corruption and we presume that with enough effort this could ha...
Mozilla Firefox < 143.0.3
The version of Firefox installed on the remote Windows host is prior to 143.0.3. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2025-80 advisory. - Sandbox escape due to integer overflow in the Graphics: Canvas2D component. This vulnerability affects Firefox...
Linux Distros Unpatched Vulnerability : CVE-2025-49710
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An integer overflow was present in OrderedHashTable used by the JavaScript engine. This vulnerability was fixed in Firefox 139.0.4. CVE-2025-49710 Note that...
Linux Distros Unpatched Vulnerability : CVE-2024-2608
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - AppendEncodedAttributeValue, ExtraSpaceNeededForAttrEncoding and AppendEncodedCharacters could have experienced integer overflows, causing underallocation of an...
Linux Distros Unpatched Vulnerability : CVE-2025-6432
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - When Multi-Account Containers was enabled, DNS requests could have bypassed a SOCKS proxy when the domain name was invalid or the SOCKS proxy was not responding...
PT-2025-30477
Name of the Vulnerable Software and Affected Versions Firefox versions prior to 141 Firefox ESR versions prior to 115.26 Firefox ESR versions prior to 128.13 Firefox ESR versions prior to 140.1 Thunderbird versions prior to 141 Thunderbird versions prior to 128.13 Thunderbird versions prior to...
PT-2025-22990
Name of the Vulnerable Software and Affected Versions Firefox versions prior to 139 Firefox ESR versions prior to 115.24 Firefox ESR versions prior to 128.11 Description The issue arises from insufficient escaping of the ampersand character in the "Copy as cURL" feature. This could allow an...
PT-2025-9664
Name of the Vulnerable Software and Affected Versions Firefox versions prior to 136 Description The Custom Tabs feature in Android apps can load web pages and supports a transition animation. This animation could be used to deceive users into granting sensitive permissions by concealing what they...
PT-2025-9666
Name of the Vulnerable Software and Affected Versions Firefox versions prior to 136 Description A user opt-in setting that requires authentication before use could be bypassed under certain circumstances. Recommendations For versions prior to 136, update to version 136 or later to resolve the iss...
PT-2025-4133
Name of the Vulnerable Software and Affected Versions Firefox versions prior to 135 Thunderbird versions prior to 135 Description Memory safety bugs are present in Firefox and Thunderbird, with evidence of memory corruption. It is presumed that with enough effort, some of these bugs could be...
PT-2025-4125 · Mozilla +10 · Thunderbird +12
Name of the Vulnerable Software and Affected Versions: Firefox versions prior to 135 Firefox ESR versions prior to 115.20 Firefox ESR versions prior to 128.7 Thunderbird versions prior to 128.7 Thunderbird versions prior to 135 Description: A race during concurrent delazification could have led t...
CVE-2022-22764
Mozilla developers Paul Adenot and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 96 and Firefox ESR 91.5. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This...
Denial Of Service (DoS)
Mozilla Firefox is vulnerable to denial of service DoS.Due to the flaws found in the processing of malformed web content, a web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox...
CVE-2019-11749
A vulnerability exists in WebRTC where malicious web content can use probing techniques on the getUserMedia API using constraints to reveal device properties of cameras on the system without triggering a user prompt or notification. This allows for the potential fingerprinting of users. This...
Mozilla: Use-after-free with HTTP/2 cached stream
A use-after-free vulnerability can occur in HTTP/2 when a cached HTTP/2 stream is closed while still in use, resulting in a potentially exploitable crash. This vulnerability affects Firefox ESR 60.8, Firefox 68, and Thunderbird 60.8...
CVE-2017-5397
The cache directory on the local file system is set to be world writable. Firefox defaults to extracting libraries from this cache. This allows for the possibility of an installed malicious application or tools with write access to the file system to replace files used by Firefox with their own...