Mozilla Firefox < 3.5.6

The version of Firefox installed on the remote Windows host is prior to 3.5.6. It is, therefore, affected by a vulnerability as referenced in the mfsa2009-68 advisory. - Mozilla Firefox before 3.0.16 and 3.5.x before 3.5.6, and SeaMonkey before 2.0.1, allows remote attackers to send authenticated...

Mozilla Firefox < 34.0

The version of Firefox installed on the remote Windows host is prior to 34.0. It is, therefore, affected by a vulnerability as referenced in the mfsa2014-90 advisory. - jemalloc poisoning plus Apple uninitialized variable usage triggers keylogging in /tmp/ on OSX 10.10CVE-2014-1595 CVE-2014-1595...

Linux Distros Unpatched Vulnerability : CVE-2023-4054

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - When opening appref-ms files, Firefox did not warn the user that these files may contain malicious code. This bug only affects Firefox on Windows. Other operati...

Linux Distros Unpatched Vulnerability : CVE-2023-5174

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - If Windows failed to duplicate a handle during process creation, the sandbox code may have inadvertently freed a pointer twice, resulting in a use-after-free an...

Linux Distros Unpatched Vulnerability : CVE-2020-12393

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The 'Copy as cURL' feature of Devtools' network tab did not properly escape the HTTP method of a request, which can be controlled by the website. If a user used...

Linux Distros Unpatched Vulnerability : CVE-2025-5265

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Due to insufficient escaping of the ampersand character in the Copy as cURL feature, an attacker could trick a user into using this command, potentially leading...

SUSE CVE-2025-4084

Due to insufficient escaping of the special characters in the "copy as cURL" feature, an attacker could trick a user into using this command, potentially leading to local code execution on the user's system. This bug only affects Firefox for Windows. Other versions of Firefox are unaffected.. Thi...

CVE-2025-4084

Due to insufficient escaping of the special characters in the "copy as cURL" feature, an attacker could trick a user into using this command, potentially leading to local code execution on the user's system. This bug only affects Firefox for Windows. Other versions of Firefox are unaffected. This...

UBUNTU-CVE-2025-4084

Due to insufficient escaping of the special characters in the "copy as cURL" feature, an attacker could trick a user into using this command, potentially leading to local code execution on the user's system. This bug only affects Firefox for Windows. Other versions of Firefox are unaffected. This...

UBUNTU-CVE-2023-5168

A compromised content process could have provided malicious data to FilterNodeD2D1 resulting in an out-of-bounds write, leading to a potentially exploitable crash in a privileged process. This bug only affects Firefox on Windows. Other operating systems are unaffected. This vulnerability affects...

CVE-2023-25740

After downloading a Windows .scf script from the local filesystem, an attacker could supply a remote path that would lead to unexpected network requests from the operating system. This also had the potential to leak NTLM credentials to the resource. This bug only affects Firefox for Windows. Othe...

CVE-2023-25740

The Mozilla Foundation Security Advisory: After downloading a Windows .scf script from the local filesystem, an attacker could supply a remote path that would lead to unexpected network requests from the operating system. This also had the potential to leak NTLM credentials to the resource. This...

SUSE CVE-2022-22750

By generally accepting and passing resource handles across processes, a compromised content process might have confused higher privileged processes to interact with handles that the unprivileged process should not have access to.This bug only affects Firefox for Windows and MacOS. Other operating...

UBUNTU-CVE-2022-22746

A race condition could have allowed bypassing the fullscreen notification which could have lead to a fullscreen window spoof being unnoticed.This bug only affects Firefox for Windows. Other operating systems are unaffected.. This vulnerability affects Firefox ESR 91.5, Firefox 96, and Thunderbird...

UBUNTU-CVE-2020-12393

The 'Copy as cURL' feature of Devtools' network tab did not properly escape the HTTP method of a request, which can be controlled by the website. If a user used the 'Copy as cURL' feature and pasted the command into a terminal, it could have resulted in command injection and arbitrary command...

Mozilla Firefox and Firefox ESR for Windows Security Bypass Vulnerability

Mozilla Firefox for Windows is an open source web browser for the Windows platform from the Mozilla Foundation in the U.S. Firefox ESR for Windows is an extended support version of Firefox for the Windows platform. A security bypass vulnerability exists in Windows-based versions of Mozilla Firefo...