Lucene search
K
MozillaMost viewed

1573 matches found

Mozilla
Mozilla
added 2025/08/19 12:0 a.m.9 views

Security Vulnerabilities fixed in Firefox 142 — Mozilla

An attacker was able to perform memory corruption in the GMP process which processes encrypted media. This process is also heavily sandboxed, but represents slightly different privileges from the content process. Same-origin policy bypass in the Graphics: Canvas2D component. Uninitialized memory ...

9.8CVSS8.5AI score0.0053EPSS
Exploits0References9Affected Software1
Mozilla
Mozilla
added 2025/06/24 12:0 a.m.9 views

Security Vulnerabilities fixed in Firefox ESR 115.25 — Mozilla

A use-after-free in FontFaceSet resulted in a potentially exploitable crash. An attacker who enumerated resources from the WebCompat extension could have obtained a persistent UUID that identified the browser, and persisted between containers and normal/private browsing mode, but not profiles...

9.8CVSS7.1AI score0.03057EPSS
Exploits0References2Affected Software1
Mozilla
Mozilla
added 2025/06/24 12:0 a.m.9 views

Security Vulnerabilities fixed in Firefox ESR 128.12 — Mozilla

A use-after-free in FontFaceSet resulted in a potentially exploitable crash. An attacker who enumerated resources from the WebCompat extension could have obtained a persistent UUID that identified the browser, and persisted between containers and normal/private browsing mode, but not profiles. Th...

9.8CVSS6.4AI score0.03057EPSS
Exploits0References5Affected Software1
Mozilla
Mozilla
added 2025/06/10 12:0 a.m.9 views

Security Vulnerabilities fixed in Thunderbird 128.11.1 — Mozilla

A crafted HTML email using mailbox:/// links can trigger automatic, unsolicited downloads of .pdf files to the user's desktop or home directory without prompting, even if auto-saving is disabled. This behavior can be abused to fill the disk with garbage data e.g. using /dev/urandom on Linux or to...

6.5CVSS7.3AI score0.00466EPSS
Exploits0References1Affected Software1
Mozilla
Mozilla
added 2025/01/07 12:0 a.m.9 views

Security Vulnerabilities fixed in Firefox ESR 128.6 — Mozilla

The WebChannel API, which is used to transport various information across processes, did not check the sending principal but rather accepted the principal being sent. This could have led to privilege escalation attacks. Assuming a controlled failed memory allocation, an attacker could have caused...

7.7CVSS7.3AI score0.1307EPSS
Exploits0References7Affected Software1
Mozilla
Mozilla
added yesterday8 views

Security Vulnerabilities fixed in Firefox for iOS 152.4 — Mozilla

Pages with malicious titles could potentially allow saved PDF content to overwrite PDF files or bundled content within the Firefox for iOS application sandbox...

5.3CVSS6.1AI score
Exploits0References1Affected Software1
Mozilla
Mozilla
added 2026/06/30 12:0 a.m.8 views

Security Vulnerabilities fixed in Thunderbird 152.0.1 — Mozilla

A malicious LDAP server, which a Thunderbird user is configured to query for address-book autocomplete, can stash arbitrarily large amounts of attacker-supplied data into the Thunderbird LDAP client until it crashes due to memory exhaustion. An attacker who can send HTML chat messages via Matrix ...

6.5CVSS5.9AI score0.00203EPSS
Exploits0References2Affected Software1
Mozilla
Mozilla
added 2026/03/24 12:0 a.m.8 views

Security Vulnerabilities fixed in Firefox ESR 140.9 — Mozilla

Memory safety bugs present in Firefox ESR 140.8, Thunderbird ESR 140.8, Firefox 148 and Thunderbird 148. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. Memory safety bugs present in...

10CVSS5.9AI score0.00773EPSS
Exploits0References39Affected Software1
Mozilla
Mozilla
added 2026/01/27 12:0 a.m.8 views

Security Vulnerabilities fixed in Thunderbird 140.7.1 — Mozilla

When a user explicitly requested Thunderbird to decrypt an inline OpenPGP message that was embedded in a text section of an email that was formatted and styled with HTML and CSS, then the decrypted contents were rendered in a context in which the CSS styles from the outer messages were active. If...

4.3CVSS5.9AI score0.00159EPSS
Exploits0References1Affected Software1
Mozilla
Mozilla
added 2026/01/13 12:0 a.m.8 views

Security Vulnerabilities fixed in Firefox 147 — Mozilla

Memory safety bugs present in Firefox ESR 140.6, Thunderbird ESR 140.6, Firefox 146 and Thunderbird 146. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. Memory safety bugs present in...

10CVSS7.8AI score0.0057EPSS
Exploits0References16Affected Software1
Mozilla
Mozilla
added 2026/01/13 12:0 a.m.8 views

Security Vulnerabilities fixed in Firefox ESR 140.7 — Mozilla

Memory safety bugs present in Firefox ESR 140.6, Thunderbird ESR 140.6, Firefox 146 and Thunderbird 146. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code...

9.8CVSS7.8AI score0.0057EPSS
Exploits0References13Affected Software1
Mozilla
Mozilla
added 2025/12/09 12:0 a.m.8 views

Security Vulnerabilities fixed in Firefox ESR 140.6 — Mozilla

Memory safety bugs present in Firefox ESR 140.5, Thunderbird ESR 140.5, Firefox 145 and Thunderbird 145. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code...

9.8CVSS7.8AI score0.00517EPSS
Exploits2References10Affected Software1
Mozilla
Mozilla
added 2025/12/09 12:0 a.m.8 views

Security Vulnerabilities fixed in Firefox 146 — Mozilla

Memory safety bugs present in Firefox 145 and Thunderbird 145. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. Memory safety bugs present in Firefox ESR 140.5, Thunderbird ESR 140.5,...

9.8CVSS7.8AI score0.00517EPSS
Exploits2References13Affected Software1
Mozilla
Mozilla
added 2025/10/28 12:0 a.m.8 views

Security Vulnerabilities fixed in Firefox 144.0.2 — Mozilla

Starting with Firefox 142, it was possible for a compromised child process to trigger a use-after-free in the GPU or browser process using WebGPU-related IPC calls. This may have been usable to escape the child process sandbox...

9.8CVSS6.9AI score0.00308EPSS
Exploits0References1Affected Software1
Mozilla
Mozilla
added 2025/10/14 12:0 a.m.8 views

Security Vulnerabilities fixed in Firefox 144 — Mozilla

Use-after-free in MediaTrackGraphImpl::GetInstance A compromised web process was able to trigger out of bounds reads and writes in a more privileged process using manipulated WebGL textures. A compromised web process using malicious IPC messages could have caused the privileged browser process to...

9.8CVSS7.1AI score0.00475EPSS
Exploits0References15Affected Software1
Mozilla
Mozilla
added 2025/09/16 12:0 a.m.8 views

Security Vulnerabilities fixed in Thunderbird 143 — Mozilla

Memory safety bugs present in Firefox ESR 140.2, Thunderbird ESR 140.2, Firefox 142 and Thunderbird 142. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code...

8.8CVSS7.8AI score0.00687EPSS
Exploits0References10Affected Software1
Mozilla
Mozilla
added 2025/09/16 12:0 a.m.8 views

Security Vulnerabilities fixed in Focus for iOS 143.0 — Mozilla

Opening links via the contextual menu in Focus iOS for certain URL schemes would fail to load but would not refresh the toolbar correctly, allowing attackers to spoof websites if users were coerced into opening a link explicitly through a long-press...

6.5CVSS6.8AI score0.00236EPSS
Exploits0References1Affected Software1
Mozilla
Mozilla
added 2005/02/24 12:0 a.m.8 views

HTTP auth prompt tab spoofing — Mozilla

The HTTP authentication prompt appears above the currently open tab regardless of which tab triggered it. A spoofer who could get a user to open a high value target in another tab might be able to capture the user's ID and password. HTTP auth dialogs are visually distinct from the web form logins...

6.8AI score
Exploits0References1Affected Software2
Mozilla
Mozilla
added 2025/11/13 12:0 a.m.7 views

Security Vulnerabilities fixed in Thunderbird 145 — Mozilla

Memory safety bugs present in Firefox 144 and Thunderbird 144. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code...

9.8CVSS7.7AI score0.00449EPSS
Exploits0References15Affected Software1
Mozilla
Mozilla
added 2025/11/12 12:0 a.m.7 views

Security Vulnerabilities fixed in Thunderbird 140.5 — Mozilla

In general, these flaws cannot be exploited through email in the Thunderbird product because scripting is disabled when reading mail, but are potentially risks in browser or browser-like contexts. CVE-2025-13012: Race condition in the Graphics component Reporter Irvan Kurniawan Impact high...

8.8CVSS7.3AI score0.00449EPSS
Exploits0References8Affected Software1
Mozilla
Mozilla
added 2026/06/30 12:0 a.m.6 views

Security Vulnerabilities fixed in Thunderbird 140.12.1 — Mozilla

A malicious LDAP server, which a Thunderbird user is configured to query for address-book autocomplete, can stash arbitrarily large amounts of attacker-supplied data into the Thunderbird LDAP client until it crashes due to memory exhaustion. An attacker who can send HTML chat messages via Matrix ...

6.5CVSS5.9AI score0.00203EPSS
Exploits0References2Affected Software1
Mozilla
Mozilla
added 2025/09/16 12:0 a.m.6 views

Security Vulnerabilities fixed in Firefox ESR 140.3 — Mozilla

Memory safety bugs present in Firefox ESR 140.2, Thunderbird ESR 140.2, Firefox 142 and Thunderbird 142. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code...

8.8CVSS7.8AI score0.00687EPSS
Exploits0References7Affected Software1
Mozilla
Mozilla
added 2025/09/16 12:0 a.m.6 views

Security Vulnerabilities fixed in Firefox 143 — Mozilla

Memory safety bugs present in Firefox ESR 140.2, Thunderbird ESR 140.2, Firefox 142 and Thunderbird 142. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code...

8.8CVSS7.8AI score0.00687EPSS
Exploits0References11Affected Software1
Total number of security vulnerabilities1573