CVE-2025-10530

Spoofing issue in the WebAuthn component in Firefox for Android. This vulnerability was fixed in Firefox 143 and Thunderbird 143...

CVE-2025-8035

Memory safety bugs present in Firefox ESR 128.12, Thunderbird ESR 128.12, Firefox ESR 140.0, Thunderbird ESR 140.0, Firefox 140 and Thunderbird 140. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run...

CVE-2025-4089

Due to insufficient escaping of special characters in the "copy as cURL" feature, an attacker could trick a user into using this command, potentially leading to local code execution on the user's system. This vulnerability was fixed in Firefox 138 and Thunderbird 138...

CVE-2025-27425

Scanning certain QR codes that included text with a website URL could allow the URL to be opened without presenting the user with a confirmation alert first. This vulnerability was fixed in Firefox for iOS 136...

CVE-2025-27424

Websites redirecting to a non-HTTP scheme URL could allow a website address to be spoofed for a malicious page. This vulnerability was fixed in Firefox for iOS 136...

CVE-2024-5690

By monitoring the time certain operations take, an attacker could have guessed which external protocol handlers were functional on a user's system. This vulnerability affects Firefox 127, Firefox ESR 115.12, and Thunderbird 115.12...

CVE-2023-4577

When UpdateRegExpStatics attempted to access initialStringHeap it could already have been garbage collected prior to entering the function, which could potentially have led to an exploitable crash. This vulnerability affects Firefox 117, Firefox ESR 115.2, and Thunderbird 115.2...

USN-3918-1: Firefox vulnerabilities

Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash, denial of service via successive FTP authorization prompts or modal alerts, trick...

UBUNTU-CVE-2016-5279

Mozilla Firefox before 49.0 allows user-assisted remote attackers to obtain sensitive full-pathname information during a local-file drag-and-drop operation via crafted JavaScript code...

ProjectSend r582 - Multiple Cross-Site Scripting Vulnerabilities

Exploit for php platform in category web applications Exploit Title: Multiple persistent XSS in ProjectSend Discovery Date: 2016/02/19 Public Disclosure Date: 2016/03/17 Exploit Author: Michael Helwig Contact: https://twitter.com/c0dmtr1x Project Homepage: http://www.projectsend.org/ Software Lin...

Immunity Canvas: FIREFOX_PDFJS_FILEREADER

Name| firefoxpdfjsfilereader ---|--- CVE| CVE-2015-4495 Exploit Pack| CANVAS Description| firefoxpdfjsfilereader Notes| CVE Name: CVE-2015-4495 VENDOR: Mozilla NOTES: Tested on: Ubuntu 14.04.3 LTS Firefox 39.0 Under the Response tab of ClientD main window, the option "Respond directly with exploi...