35 matches found
CVE-2026-4725
Sandbox escape due to use-after-free in the Graphics: Canvas2D component. This vulnerability was fixed in Firefox 149 and Thunderbird 149...
CVE-2026-2795
Use-after-free in the JavaScript: GC component. This vulnerability was fixed in Firefox 148 and Thunderbird 148...
CVE-2026-2804
Use-after-free in the JavaScript: WebAssembly component. This vulnerability was fixed in Firefox 148 and Thunderbird 148...
firefox: thunderbird: Information disclosure in the Networking component
A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Information disclosure in the Networking component...
CVE-2026-0881
Sandbox escape in the Messaging System component. This vulnerability was fixed in Firefox 147 and Thunderbird 147...
CVE-2025-14326
Use-after-free in the Audio/Video: GMP component. This vulnerability was fixed in Firefox 146 and Thunderbird 146...
CVE-2025-13025
Incorrect boundary conditions in the Graphics: WebGPU component. This vulnerability affects Firefox 145 and Thunderbird 145...
EUVD-2025-29553
Malicious code in bioql PyPI...
CVE-2025-11153
JIT miscompilation in the JavaScript Engine: JIT component. This vulnerability affects Firefox 143.0.3...
CVE-2025-11153 JIT miscompilation in the JavaScript Engine: JIT component
JIT miscompilation in the JavaScript Engine: JIT component. This vulnerability was fixed in Firefox 143.0.3...
Linux Distros Unpatched Vulnerability : CVE-2021-23955
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The browser could have been confused into transferring a pointer lock state into another tab, which could have lead to clickjacking attacks. This vulnerability...
CVE-2025-3031
An attacker could read 32 bits of values spilled onto the stack in a JIT compiled function. This vulnerability affects Firefox 137 and Thunderbird 137...
SUSE CVE-2024-6608
It was possible to move the cursor using pointerlock from an iframe. This allowed moving the cursor outside of the viewport and the Firefox window. This vulnerability affects Firefox 128 and Thunderbird 128...
UBUNTU-CVE-2023-37209
A use-after-free condition existed in NotifyOnHistoryReload where a LoadingSessionHistoryEntry object was freed and a reference to that object remained. This resulted in a potentially exploitable condition when the reference to that object was later reused. This vulnerability affects Firefox 115...
UBUNTU-CVE-2023-37208
When opening Diagcab files, Firefox did not warn the user that these files may contain malicious code. This vulnerability affects Firefox 115, Firefox ESR 102.13, and Thunderbird 102.13...
SUSE CVE-2017-5384
Proxy Auto-Config PAC files can specify a JavaScript function called for all URL requests with the full URL path which exposes more information than would be sent to the proxy itself in the case of HTTPS. Normally the Proxy Auto-Config file is specified by the user or machine owner and presumed t...
SUSE CVE-2017-5420
A "javascript:" url loaded by a malicious page can obfuscate its location by blanking the URL displayed in the addressbar, allowing for an attacker to spoof an existing page without the malicious page's address being displayed correctly. This vulnerability affects Firefox 52...
SUSE CVE-2018-5121
Low descenders on some Tibetan characters in several fonts on OS X are clipped when rendered in the addressbar. When used as part of an Internationalized Domain Name IDN this can be used for domain name spoofing attacks. Note: This attack only affects OS X operating systems. Other operating syste...
SUSE CVE-2018-12388
Mozilla developers and community members reported memory safety bugs present in Firefox 62. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox 63...
SUSE CVE-2019-11749
A vulnerability exists in WebRTC where malicious web content can use probing techniques on the getUserMedia API using constraints to reveal device properties of cameras on the system without triggering a user prompt or notification. This allows for the potential fingerprinting of users. This...