Lucene search
+L

192 matches found

UbuntuCve
UbuntuCve
added 2025/03/04 2:15 p.m.13 views

CVE-2025-1940

A select option could partially obscure the confirmation prompt shown before launching external apps. This could be used to trick a user in to launching an external app unexpectedly. This issue only affects Android versions of Firefox.. This vulnerability was fixed in Firefox 136...

7.1CVSS6AI score0.0023EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2025/03/04 2:15 p.m.12 views

CVE-2025-1936

jar: URLs retrieve local file content packaged in a ZIP archive. The null and everything after it was ignored when retrieving the content from the archive, but the fake extension after the null was used to determine the type of content. This could have been used to hide code in a web extension...

7.3CVSS6.9AI score0.00413EPSS
Exploits0References10
UbuntuCve
UbuntuCve
added 2025/03/04 2:15 p.m.20 views

CVE-2025-27425

Scanning certain QR codes that included text with a website URL could allow the URL to be opened without presenting the user with a confirmation alert first. This vulnerability was fixed in Firefox for iOS 136...

4.3CVSS5.8AI score0.00215EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2025/03/04 2:15 p.m.17 views

CVE-2025-1942

When String.toUpperCase caused a string to get longer it was possible for uninitialized memory to be incorporated into the result string. This vulnerability was fixed in Firefox 136 and Thunderbird 136...

9.8CVSS6.9AI score0.00446EPSS
Exploits0References7
UbuntuCve
UbuntuCve
added 2025/03/04 2:15 p.m.19 views

CVE-2025-1943

Memory safety bugs present in Firefox 135 and Thunderbird 135. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 136 and Thunderbird 136...

8.2CVSS7.3AI score0.00401EPSS
Exploits0References6
UbuntuCve
UbuntuCve
added 2025/03/04 2:15 p.m.7 views

CVE-2025-1930

On Windows, a compromised content process could use bad StreamData sent over AudioIPC to trigger a use-after-free in the Browser process. This could have led to a sandbox escape. This vulnerability was fixed in Firefox 136, Firefox ESR 115.21, Firefox ESR 128.8, Thunderbird 136, and Thunderbird...

8.8CVSS7.3AI score0.00373EPSS
Exploits0References10
UbuntuCve
UbuntuCve
added 2025/02/06 12:0 a.m.9 views

CVE-2025-1014

Certificate length was not properly checked when added to a certificate store. In practice only trusted data was processed. This vulnerability was fixed in Firefox 135, Firefox ESR 128.7, Thunderbird 128.7, and Thunderbird 135...

8.8CVSS7.3AI score0.00376EPSS
Exploits0References11
UbuntuCve
UbuntuCve
added 2025/02/06 12:0 a.m.7 views

CVE-2025-1013

A race condition could have led to private browsing tabs being opened in normal browsing windows. This could have resulted in a potential privacy leak. This vulnerability was fixed in Firefox 135, Firefox ESR 128.7, Thunderbird 128.7, and Thunderbird 135...

6.5CVSS7AI score0.00313EPSS
Exploits0References11
UbuntuCve
UbuntuCve
added 2025/02/06 12:0 a.m.13 views

CVE-2025-1011

A bug in WebAssembly code generation could have lead to a crash. It may have been possible for an attacker to leverage this to achieve code execution. This vulnerability was fixed in Firefox 135, Firefox ESR 128.7, Thunderbird 128.7, and Thunderbird 135...

9.8CVSS7.3AI score0.00628EPSS
Exploits0References11
UbuntuCve
UbuntuCve
added 2025/02/06 12:0 a.m.13 views

CVE-2025-1017

Memory safety bugs present in Firefox 134, Thunderbird 134, Firefox ESR 128.6, and Thunderbird 128.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firef...

9.8CVSS7.4AI score0.00558EPSS
Exploits0References11
UbuntuCve
UbuntuCve
added 2025/02/04 2:15 p.m.10 views

CVE-2025-1020

Memory safety bugs present in Firefox 134 and Thunderbird 134. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 135 and Thunderbird 135...

9.8CVSS7.3AI score0.00524EPSS
Exploits0References7
UbuntuCve
UbuntuCve
added 2025/02/04 2:15 p.m.9 views

CVE-2025-1018

The fullscreen notification is prematurely hidden when fullscreen is re-requested quickly by the user. This could have been leveraged to perform a potential spoofing attack. This vulnerability was fixed in Firefox 135 and Thunderbird 135...

7.3CVSS6.1AI score0.00401EPSS
Exploits0References7
UbuntuCve
UbuntuCve
added 2025/02/04 2:15 p.m.12 views

CVE-2025-1019

The z-order of the browser windows could be manipulated to hide the fullscreen notification. This could potentially be leveraged to perform a spoofing attack. This vulnerability was fixed in Firefox 135 and Thunderbird 135...

4.3CVSS5.8AI score0.00352EPSS
Exploits0References7
UbuntuCve
UbuntuCve
added 2025/01/07 4:15 p.m.9 views

CVE-2025-0239

When using Alt-Svc, ALPN did not properly validate certificates when the original server is redirecting to an insecure site. This vulnerability was fixed in Firefox 134, Firefox ESR 128.6, Thunderbird 134, and Thunderbird 128.6...

4CVSS6.8AI score0.00226EPSS
Exploits0References8
UbuntuCve
UbuntuCve
added 2025/01/07 4:15 p.m.6 views

CVE-2025-0240

Parsing a JavaScript module as JSON could, under some circumstances, cause cross-compartment access, which may result in a use-after-free. This vulnerability was fixed in Firefox 134, Firefox ESR 128.6, Thunderbird 134, and Thunderbird 128.6...

4CVSS6.8AI score0.00658EPSS
Exploits0References8
UbuntuCve
UbuntuCve
added 2025/01/07 4:15 p.m.8 views

CVE-2025-0245

Under certain circumstances, a user opt-in setting that Focus should require authentication before use could have been be bypassed. This vulnerability was fixed in Firefox 134...

3.3CVSS6AI score0.00284EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2025/01/07 4:15 p.m.11 views

CVE-2025-0242

Memory safety bugs present in Firefox 133, Thunderbird 133, Firefox ESR 115.18, Firefox ESR 128.5, Thunderbird 115.18, and Thunderbird 128.5. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary cod...

6.5CVSS6.9AI score0.1307EPSS
Exploits0References9
UbuntuCve
UbuntuCve
added 2024/11/26 12:0 a.m.9 views

CVE-2024-11698

A flaw in handling fullscreen transitions may have inadvertently caused the application to become stuck in fullscreen mode when a modal dialog was opened during the transition. This issue left users unable to exit fullscreen mode using standard actions like pressing "Esc" or accessing right-click...

9.8CVSS6.8AI score0.00693EPSS
Exploits0References9
UbuntuCve
UbuntuCve
added 2024/11/26 12:0 a.m.14 views

CVE-2024-53976

Under certain circumstances, navigating to a webpage would result in the address missing from the location URL bar, making it unclear what the URL was for the loaded webpage. This vulnerability affects Firefox for iOS 133...

5.4CVSS5.9AI score0.00294EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2024/11/26 12:0 a.m.17 views

CVE-2024-11694

Enhanced Tracking Protection's Strict mode may have inadvertently allowed a CSP frame-src bypass and DOM-based XSS through the Google SafeFrame shim in the Web Compatibility extension. This issue could have exposed users to malicious frames masquerading as legitimate content. This vulnerability...

6.1CVSS6.9AI score0.00499EPSS
Exploits0References12
Rows per page
Query Builder