20 matches found
Astra Linux – Vulnerability in Firefox and Thunderbird
If the Content Security Policy blocks frame navigation, the full destination of a redirect served within the frame is reported in the violation report; instead of just the original frame URI. This could be used to disclose sensitive information contained in such URIs. This vulnerability affects...
CVE-2026-5734
Memory safety bugs present in Firefox ESR 140.9.0, Thunderbird ESR 140.9.0, Firefox 149.0.1 and Thunderbird 149.0.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was...
EUVD-2026-14853
Incorrect boundary conditions in the Graphics: Text component. This vulnerability affects Firefox 149 and Firefox ESR 140.9...
CVE-2026-2783
Information disclosure due to JIT miscompilation in the JavaScript Engine: JIT component. This vulnerability was fixed in Firefox 148, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8...
CVE-2026-2781
Integer overflow in the Libraries component in NSS. This vulnerability was fixed in Firefox 148, Firefox ESR 140.8, Thunderbird 148, Thunderbird 140.8, and Firefox ESR 115.35...
CVE-2026-2777 Privilege escalation in the Messaging System component
Privilege escalation in the Messaging System component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8...
firefox: Spoofing issue in the Downloads Panel component
A flaw was found in Firefox. The Mozilla Foundation's Security Advisory describes the following issue: Spoofing issue in the Downloads Panel component...
firefox: thunderbird: Sandbox escape due to integer overflow in the Graphics component
A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Sandbox escape due to integer overflow in the Graphics component...
firefox: thunderbird: JIT miscompilation in the JavaScript Engine: JIT component
A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: JIT miscompilation in the JavaScript Engine: JIT component...
firefox: thunderbird: Mitigation bypass in the DOM: Core & HTML component
A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Mitigation bypass in the DOM: Core & HTML component...
firefox: thunderbird: Race condition in the Graphics component
A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Race condition in the Graphics component...
If an attacker could find a way to trigger a particular code path in `SafeRefPtr`, it could have triggered a crash or potentially be leveraged to achieve code execution. This vulnerability affects Firefox < 124, Firefox ESR < 115.9, and Thunderbird < 115.9.
...
SUSE CVE-2025-9183
Spoofing issue in the Address Bar component. This vulnerability was fixed in Firefox 142 and Firefox ESR 140.2...
firefox: Clickjacking the registerProtocolHandler info-bar Reporter
A flaw was found in Firefox. The Mozilla Foundation's Security Advisory describes the following issue: A web page could trick a user into setting that site as the default handler for a custom URL protocol...
DEBIAN-CVE-2023-6859
A use-after-free condition affected TLS socket creation when under memory pressure. This vulnerability affects Firefox ESR 115.6, Thunderbird 115.6, and Firefox 121...
SUSE CVE-2023-25729
Permission prompts for opening external schemes were only shown for ContentPrincipals resulting in extensions being able to open them without user interaction via ExpandedPrincipals. This could lead to further malicious actions such as downloading files or interacting with software already...
DEBIAN-CVE-2021-38504
When interacting with an HTML input element's file picker dialog with webkitdirectory set, a use-after-free could have resulted, leading to memory corruption and a potentially exploitable crash. This vulnerability affects Firefox 94, Thunderbird 91.3, and Firefox ESR 91.3...
UBUNTU-CVE-2019-11746
A use-after-free vulnerability can occur while manipulating video elements if the body is freed while still in use. This results in a potentially exploitable crash. This vulnerability affects Firefox 69, Thunderbird 68.1, Thunderbird 60.9, Firefox ESR 60.9, and Firefox ESR 68.1...
DEBIAN-CVE-2016-9895
Event handlers on "marquee" elements were executed despite a strict Content Security Policy CSP that disallowed inline JavaScript. This vulnerability affects Firefox 50.1, Firefox ESR 45.6, and Thunderbird 45.6...
Mozilla: Same-origin bypass of PDF Viewer to view protected PDF files
Same-origin protections for the PDF viewer can be bypassed, allowing a malicious site to intercept messages meant for the viewer. This could allow the site to retrieve PDF files restricted to viewing by an authenticated user on a third-party website. This vulnerability affects Firefox ESR 52.8 an...