9 matches found
SUSE CVE-2026-4710
Incorrect boundary conditions in the Audio/Video component. This vulnerability was fixed in Firefox 149, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9...
EUVD-2026-8490
Sandbox escape in the Storage: IndexedDB component. This vulnerability affects Firefox 148 and Firefox ESR 140.8...
Mozilla Firefox 安全漏洞
Mozilla Firefox is an open source web browser from the Mozilla Foundation in the United States. A security vulnerability exists in Mozilla Firefox versions prior to ESR 128.11, which stems from a memory corruption that could lead to the execution of arbitrary code...
CVE-2023-3482
When Firefox is configured to block storage of all cookies, it was still possible to store data in localstorage by using an iframe with a source of 'about:blank'. This could have led to malicious websites storing tracking data without permission. This vulnerability affects Firefox 115...
SUSE CVE-2020-26956
In some cases, removing HTML elements during sanitization would keep existing SVG event handlers and therefore lead to XSS. This vulnerability affects Firefox 83, Firefox ESR 78.5, and Thunderbird 78.5...
PT-2021-6936 · Mozilla +7 · Firefox Esr +9
Name of the Vulnerable Software and Affected Versions: Firefox versions prior to 95 Firefox ESR versions prior to 91.4.0 Thunderbird versions prior to 91.4.0 Description: The issue is related to memory safety bugs, including evidence of memory corruption, which could potentially be exploited to r...
UBUNTU-CVE-2021-29989
Mozilla developers reported memory safety bugs present in Firefox 90 and Firefox ESR 78.12. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird 78.13,...
CVE-2017-5417
When dragging content from the primary browser pane to the addressbar on a malicious site, it is possible to change the addressbar so that the displayed location following navigation does not match the URL of the newly loaded page. This allows for spoofing attacks. This vulnerability affects...
CVE-2017-5384
Proxy Auto-Config PAC files can specify a JavaScript function called for all URL requests with the full URL path which exposes more information than would be sent to the proxy itself in the case of HTTPS. Normally the Proxy Auto-Config file is specified by the user or machine owner and presumed t...