Mozilla多款产品 安全漏洞

Mozilla Firefox, among others, are products of the American Mozilla Foundation. Mozilla Firefox is an open-source web browser. Mozilla Firefox ESR is a extended support version of Firefox the web browser. Mozilla Thunderbird is an email client software that emerged independently from the Mozilla...

CVE-2025-4087

A vulnerability was identified in Thunderbird where XPath parsing could trigger undefined behavior due to missing null checks during attribute access. This could lead to out-of-bounds read access and potentially, memory corruption. This vulnerability affects Firefox 138, Firefox ESR 128.10,...

CVE-2024-3856

A use-after-free could occur during WASM execution if garbage collection ran during the creation of an array. This vulnerability affects Firefox 125...

SUSE CVE-2018-12379

When the Mozilla Updater opens a MAR format file which contains a very long item filename, an out-of-bounds write can be triggered, leading to a potentially exploitable crash. This requires running the Mozilla Updater manually on the local system with the malicious MAR file in order to occur. Thi...

CVE-2018-12398

By using the reflected URL in some special resource URIs, such as chrome:, it is possible to inject stylesheets and bypass Content Security Policy CSP. This vulnerability affects Firefox 63...