12 matches found
Linux Distros Unpatched Vulnerability : CVE-2026-2769
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Use-after-free in the Storage: IndexedDB component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird 148, and...
Linux Distros Unpatched Vulnerability : CVE-2025-14322
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Sandbox escape due to incorrect boundary conditions in the Graphics: CanvasWebGL component. This vulnerability was fixed in Firefox 146, Firefox ESR 115.31,...
Linux Distros Unpatched Vulnerability : CVE-2025-11721
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Memory safety bug present in Firefox 143 and Thunderbird 143. This bug showed evidence of memory corruption and we presume that with enough effort this could ha...
Linux Distros Unpatched Vulnerability : CVE-2025-6432
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - When Multi-Account Containers was enabled, DNS requests could have bypassed a SOCKS proxy when the domain name was invalid or the SOCKS proxy was not responding...
PT-2025-30477
Name of the Vulnerable Software and Affected Versions Firefox versions prior to 141 Firefox ESR versions prior to 115.26 Firefox ESR versions prior to 128.13 Firefox ESR versions prior to 140.1 Thunderbird versions prior to 141 Thunderbird versions prior to 128.13 Thunderbird versions prior to...
CVE-2025-4088 Cross-site request forgery via storage access API redirects
A security vulnerability in Thunderbird allowed malicious sites to use redirects to send credentialed requests to arbitrary endpoints on any site that had invoked the Storage Access API. This enabled potential Cross-Site Request Forgery attacks across origins. This vulnerability was fixed in...
PT-2025-10626 · Mozilla +5 · Thunderbird +5
Name of the Vulnerable Software and Affected Versions: Thunderbird versions prior to 136 Thunderbird versions prior to 128.8 Description: The issue arises from certain crafted MIME email messages that claim to contain an encrypted OpenPGP message but actually contain an OpenPGP signed message,...
PT-2025-4133
Name of the Vulnerable Software and Affected Versions Firefox versions prior to 135 Thunderbird versions prior to 135 Description Memory safety bugs are present in Firefox and Thunderbird, with evidence of memory corruption. It is presumed that with enough effort, some of these bugs could be...
PT-2025-4125 · Mozilla +10 · Thunderbird +12
Name of the Vulnerable Software and Affected Versions: Firefox versions prior to 135 Firefox ESR versions prior to 115.20 Firefox ESR versions prior to 128.7 Thunderbird versions prior to 128.7 Thunderbird versions prior to 135 Description: A race during concurrent delazification could have led t...
CVE-2022-22764
Mozilla developers Paul Adenot and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 96 and Firefox ESR 91.5. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This...
Mozilla: Use-after-free with HTTP/2 cached stream
A use-after-free vulnerability can occur in HTTP/2 when a cached HTTP/2 stream is closed while still in use, resulting in a potentially exploitable crash. This vulnerability affects Firefox ESR 60.8, Firefox 68, and Thunderbird 60.8...
Mozilla: Sandbox escape using Prompt:Open
Insufficient vetting of parameters passed with the Prompt:Open IPC message between child and parent processes can result in the non-sandboxed parent process opening web content chosen by a compromised child process. When combined with additional vulnerabilities this could result in executing...