EUVD-2026-8469

Use-after-free in the Storage: IndexedDB component. This vulnerability affects Firefox 148, Firefox ESR 115.33, and Firefox ESR 140.8...

firefox: thunderbird: Use-after-free in the WebRTC: Audio/Video component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Use-after-free in the WebRTC: Audio/Video component...

CVE-2025-13018 Mitigation bypass in the DOM: Security component

Mitigation bypass in the DOM: Security component. This vulnerability was fixed in Firefox 145, Firefox ESR 140.5, Thunderbird 145, and Thunderbird 140.5...

CVE-2025-13016

Incorrect boundary conditions in the JavaScript: WebAssembly component. This vulnerability was fixed in Firefox 145, Firefox ESR 140.5, Thunderbird 145, and Thunderbird 140.5...

PT-2025-33866

Name of the Vulnerable Software and Affected Versions: Firefox versions prior to 142 Firefox ESR versions prior to 115.27 Firefox ESR versions prior to 128.14 Firefox ESR versions prior to 140.2 Thunderbird versions prior to 142 Thunderbird versions prior to 128.14 Thunderbird versions prior to...

Mozilla: Memory safety bugs fixed in Firefox 122, Firefox ESR 115.7, and Thunderbird 115.7

The Mozilla Foundation Security Advisory describes this flaw as: Memory safety bugs present in Firefox 121, Firefox ESR 115.6, and Thunderbird 115.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run...

Mozilla Firefox 缓冲区错误漏洞

Mozilla Firefox is an open source web browser from the Mozilla Foundation in the U.S. Mozilla Firefox ESR is Firefox Enterprise Edition. A denial of service vulnerability exists in Mozilla Firefox and Firefox ESR, which can be exploited by attackers to cause the browser to crash...

Mozilla Firefox 安全漏洞

Mozilla Firefox is an open source web browser from the Mozilla Foundation in the U.S. Mozilla Firefox ESR is Firefox Enterprise Edition. A security bypass vulnerability exists in Mozilla Firefox and Firefox ESR, which can be exploited by attackers to bypass security restrictions...

Mozilla Firefox 访问控制错误漏洞

Mozilla Firefox is an open source web browser from the Mozilla Foundation in the U.S. Mozilla Firefox ESR is Firefox Enterprise Edition. A security bypass vulnerability exists in Mozilla Firefox and Firefox ESR, which can be exploited by an attacker to bypass cross-domain restrictions and access...

Mozilla Firefox 安全漏洞

Mozilla Firefox is an open source web browser from the Mozilla Foundation in the U.S. Mozilla Firefox ESR is Firefox Enterprise Edition. A security bypass vulnerability exists in Mozilla Firefox and Firefox ESR, which can be exploited by an attacker to cause some cookies to be lost when sending a...

SUSE CVE-2023-29548

A wrong lowering instruction in the ARM64 Ion compiler resulted in a wrong optimization result. This vulnerability affects Firefox 112, Focus for Android 112, Firefox ESR 102.10, Firefox for Android 112, and Thunderbird 102.10...

SUSE CVE-2017-7786

A buffer overflow can occur when the image renderer attempts to paint non-displayable SVG elements. This results in a potentially exploitable crash. This vulnerability affects Thunderbird 52.3, Firefox ESR 52.3, and Firefox 55...

Mozilla: Port blocking could be bypassed

Ports that were written as an integer overflow above the bounds of a 16-bit integer could have bypassed port blocking restrictions when used in the Alt-Svc header. This vulnerability affects Firefox ESR 78.10, Thunderbird 78.10, and Firefox 88...

Mozilla: Blob URLs may have been granted additional privileges

If a Blob URL was loaded through some unusual user interaction, it could have been loaded by the System Principal and granted additional privileges that should not be granted to web content. This vulnerability affects Firefox ESR 78.10, Thunderbird 78.10, and Firefox 88...

Mozilla: Internal network hosts could have been probed by a malicious webpage

Using techniques that built on the slipstream research, a malicious webpage could have scanned both an internal network's hosts as well as services running on the user's local machine utilizing WebRTC connections. This vulnerability affects Firefox ESR 78.9, Firefox 87, and Thunderbird 78.9...

Mozilla: Content Security Policy violation report could have contained the destination of a redirect

As specified in the W3C Content Security Policy draft, when creating a violation report, "User agents need to ensure that the source file is the URL requested by the page, pre-redirects. If that’s not possible, user agents need to strip the URL down to an origin to avoid unintentional leakage."...