CVE-2025-1934

CVE-2025-1934 is a Firefox/Thunderbird memory-safety issue caused by interrupting the RegExp bailout, which could trigger garbage collection when not expected. Affected: Firefox before 136, Firefox ESR before 128.8, Thunderbird before 136, and Thunderbird before 128.8. Exploitation status is not ...

Linux Distros Unpatched Vulnerability : CVE-2017-5456

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A mechanism to bypass file system access protections in the sandbox using the file system request constructor through an IPC message. This allows for read and...

Linux Distros Unpatched Vulnerability : CVE-2013-6167

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Mozilla Firefox through 27 sends HTTP Cookie headers without first validating that they have the required character-set restrictions, which allows remote...

FreeBSD : librewolf -- Undefined behavior in selection node cache (b73d1f2a-96de-11ef-9e71-00d8612f03c8)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the b73d1f2a-96de-11ef-9e71-00d8612f03c8 advisory. [email protected] reports: When manipulating the selection node cache, an attacker may have been abl...

CVE-2024-2612

If an attacker could find a way to trigger a particular code path in SafeRefPtr, it could have triggered a crash or potentially be leveraged to achieve code execution. This vulnerability affects Firefox 124, Firefox ESR 115.9, and Thunderbird 115.9...

OESA-2024-1058 firefox security update

Mozilla Firefox is a standalone web browser, designed for standards compliance and performance. Its functionality can be enhanced via a plethora of extensions. Security Fixes: A vulnerability was found in SQLite SQLite3 up to 3.43.0 and classified as critical. This issue affects the function...

CVE-2022-22761

Web-accessible extension pages pages with a moz-extension:// scheme were not correctly enforcing the frame-ancestors directive when it was used in the Web Extension's Content Security Policy. This vulnerability affects Firefox 97, Thunderbird 91.6, and Firefox ESR 91.6...

CVE-2022-45419

If the user added a security exception for an invalid TLS certificate, opened an ongoing TLS connection with a server that used that certificate, and then deleted the exception, Firefox would have kept the connection alive, making it seem like the certificate was still trusted. This vulnerability...

CVE-2022-22757

Remote Agent, used in WebDriver, did not validate the Host or Origin headers. This could have allowed websites to connect back locally to the user's browser to control it. This bug only affected Firefox when WebDriver was enabled, which is not the default configuration.. This vulnerability affect...

CVE-2018-5157

Same-origin protections for the PDF viewer can be bypassed, allowing a malicious site to intercept messages meant for the viewer. This could allow the site to retrieve PDF files restricted to viewing by an authenticated user on a third-party website. This vulnerability affects Firefox ESR 52.8 an...

firefox -- arbitrary code execution from sidebar panel

A Mozilla Foundation Security Advisory states: If a user bookmarked a malicious page as a Firefox sidebar panel that page could execute arbitrary programs by opening a privileged page and injecting javascript into it...