1568 matches found
Security Vulnerabilities fixed in Thunderbird 147.0.2 and 140.7.2 — Mozilla
In general, these flaws cannot be exploited through email in the Thunderbird product because scripting is disabled when reading mail, but are potentially risks in browser or browser-like contexts. CVE-2026-2447: Heap buffer overflow in libvpx Reporter jayjayjazz Impact high References Bug 2014390...
Security Vulnerabilities fixed in Firefox 147.0.4, ESR 140.7.1, and ESR 115.32.1 — Mozilla
CVE-2026-2447: Heap buffer overflow in libvpx Reporter jayjayjazz Impact high References Bug 2014390...
Security Vulnerabilities fixed in Firefox for iOS 147.2.1 — Mozilla
Malicious scripts that interrupt new tab page loading could cause desynchronization between the address bar and page content, allowing the attacker to spoof arbitrary HTML under a trusted domain...
Security Vulnerabilities fixed in Thunderbird 147.0.1 — Mozilla
When a user explicitly requested Thunderbird to decrypt an inline OpenPGP message that was embedded in a text section of an email that was formatted and styled with HTML and CSS, then the decrypted contents were rendered in a context in which the CSS styles from the outer messages were active. If...
Security Vulnerabilities fixed in Firefox 147.0.2 — Mozilla
CVE-2026-24868: Mitigation bypass in the Privacy: Anti-Tracking component Reporter Masato Kinugawa Impact moderate References Bug 2007302 CVE-2026-24869: Use-after-free in the Layout: Scrolling and Overflow component Reporter Hiroyuki Ikezoe Impact high References Bug 2008698...
Security Vulnerabilities fixed in Thunderbird 140.7.1 — Mozilla
When a user explicitly requested Thunderbird to decrypt an inline OpenPGP message that was embedded in a text section of an email that was formatted and styled with HTML and CSS, then the decrypted contents were rendered in a context in which the CSS styles from the outer messages were active. If...
Security Vulnerabilities fixed in Thunderbird 147 — Mozilla
Memory safety bugs present in Firefox ESR 140.6, Thunderbird ESR 140.6, Firefox 146 and Thunderbird 146. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. Memory safety bugs present in...
Security Vulnerabilities fixed in Thunderbird 140.7 — Mozilla
Memory safety bugs present in Firefox ESR 140.6, Thunderbird ESR 140.6, Firefox 146 and Thunderbird 146. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code...
Security Vulnerabilities fixed in Firefox 147 — Mozilla
Memory safety bugs present in Firefox ESR 140.6, Thunderbird ESR 140.6, Firefox 146 and Thunderbird 146. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. Memory safety bugs present in...
Security Vulnerabilities fixed in Firefox ESR 115.32 — Mozilla
CVE-2026-0877: Mitigation bypass in the DOM: Security component Reporter Mingi Jung 정민기입니다 Impact high References Bug 1999257 CVE-2026-0879: Sandbox escape due to incorrect boundary conditions in the Graphics component Reporter Oskar L Impact high References Bug 2004602 CVE-2026-0880: Sandbox...
Security Vulnerabilities fixed in Firefox ESR 140.7 — Mozilla
Memory safety bugs present in Firefox ESR 140.6, Thunderbird ESR 140.6, Firefox 146 and Thunderbird 146. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code...
Security Vulnerabilities fixed in Firefox 146.0.1 — Mozilla
Memory safety bugs present in Firefox 146. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code...
Security Vulnerabilities fixed in Firefox for iOS 144.0 — Mozilla
Unicode RTLO characters could allow malicious websites to spoof filenames in the downloads UI for Firefox for iOS, potentially tricking users into saving files of an unexpected file type...
Security Vulnerabilities fixed in Firefox ESR 115.31 — Mozilla
CVE-2025-14322: Sandbox escape due to incorrect boundary conditions in the Graphics: CanvasWebGL component Reporter Oskar L Impact high References Bug 1996473 CVE-2025-14323: Privilege escalation in the DOM: Notifications component Reporter tiebuchen Impact high References Bug 1996555...
Security Vulnerabilities fixed in Thunderbird 140.6 — Mozilla
Memory safety bugs present in Firefox ESR 140.5, Thunderbird ESR 140.5, Firefox 145 and Thunderbird 145. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code...
Security Vulnerabilities fixed in Firefox 146 — Mozilla
Memory safety bugs present in Firefox 145 and Thunderbird 145. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. Memory safety bugs present in Firefox ESR 140.5, Thunderbird ESR 140.5,...
Security Vulnerabilities fixed in Thunderbird 146 — Mozilla
Memory safety bugs present in Firefox 145 and Thunderbird 145. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. Memory safety bugs present in Firefox ESR 140.5, Thunderbird ESR 140.5,...
Security Vulnerabilities fixed in Firefox ESR 140.6 — Mozilla
Memory safety bugs present in Firefox ESR 140.5, Thunderbird ESR 140.5, Firefox 145 and Thunderbird 145. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code...
Security Vulnerabilities fixed in Thunderbird 145 — Mozilla
Memory safety bugs present in Firefox 144 and Thunderbird 144. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code...
Security Vulnerabilities fixed in Thunderbird 140.5 — Mozilla
In general, these flaws cannot be exploited through email in the Thunderbird product because scripting is disabled when reading mail, but are potentially risks in browser or browser-like contexts. CVE-2025-13012: Race condition in the Graphics component Reporter Irvan Kurniawan Impact high...
Security Vulnerabilities fixed in Firefox ESR 140.5 — Mozilla
CVE-2025-13012: Race condition in the Graphics component Reporter Irvan Kurniawan Impact high References Bug 1991458 CVE-2025-13016: Incorrect boundary conditions in the JavaScript: WebAssembly component Reporter Igor Morgenstern Impact high References Bug 1992130 CVE-2025-13017: Same-origin poli...
Security Vulnerabilities fixed in Firefox 145 — Mozilla
Memory safety bugs present in Firefox 144 and Thunderbird 144. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code...
Security Vulnerabilities fixed in Firefox ESR 115.30 — Mozilla
CVE-2025-13012: Race condition in the Graphics component Reporter Irvan Kurniawan Impact high References Bug 1991458 CVE-2025-13013: Mitigation bypass in the DOM: Core & HTML component Reporter Masato Kinugawa Impact moderate References Bug 1991945 CVE-2025-13014: Use-after-free in the Audio/Vide...
Security Vulnerabilities fixed in Firefox 144.0.2 — Mozilla
Starting with Firefox 142, it was possible for a compromised child process to trigger a use-after-free in the GPU or browser process using WebGPU-related IPC calls. This may have been usable to escape the child process sandbox...
Security Vulnerabilities fixed in Firefox ESR 115.29 — Mozilla
A compromised web process was able to trigger out of bounds reads and writes in a more privileged process using manipulated WebGL textures. A compromised web process using malicious IPC messages could have caused the privileged browser process to reveal blocks of its memory to the compromised...
Security Vulnerabilities fixed in Firefox 144 — Mozilla
Use-after-free in MediaTrackGraphImpl::GetInstance A compromised web process was able to trigger out of bounds reads and writes in a more privileged process using manipulated WebGL textures. A compromised web process using malicious IPC messages could have caused the privileged browser process to...
Security Vulnerabilities fixed in Firefox ESR 140.4 — Mozilla
Use-after-free in MediaTrackGraphImpl::GetInstance A compromised web process was able to trigger out of bounds reads and writes in a more privileged process using manipulated WebGL textures. A compromised web process using malicious IPC messages could have caused the privileged browser process to...
Security Vulnerabilities fixed in Thunderbird 144 — Mozilla
Use-after-free in MediaTrackGraphImpl::GetInstance A compromised web process was able to trigger out of bounds reads and writes in a more privileged process using manipulated WebGL textures. A compromised web process using malicious IPC messages could have caused the privileged browser process to...
Security Vulnerabilities fixed in Thunderbird 140.4 — Mozilla
Use-after-free in MediaTrackGraphImpl::GetInstance A compromised web process was able to trigger out of bounds reads and writes in a more privileged process using manipulated WebGL textures. A compromised web process using malicious IPC messages could have caused the privileged browser process to...
Security Vulnerabilities fixed in Firefox 143.0.3 — Mozilla
CVE-2025-11152: Sandbox escape due to integer overflow in the Graphics: Canvas2D component Reporter Oskar L Impact high References Bug 1987246 CVE-2025-11153: JIT miscompilation in the JavaScript Engine: JIT component Reporter Nan Wang Impact high References Bug 1987481...
Security Vulnerabilities fixed in Firefox for iOS 143.1 — Mozilla
Cookie storage for non-HTML temporary documents was being shared incorrectly with normal browsing content, allowing information from private tabs to escape Incognito mode even after the user closed all tabs...
Security Vulnerabilities fixed in Thunderbird 143 — Mozilla
Memory safety bugs present in Firefox ESR 140.2, Thunderbird ESR 140.2, Firefox 142 and Thunderbird 142. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code...
Security Vulnerabilities fixed in Firefox ESR 115.28 — Mozilla
CVE-2025-10533: Integer overflow in the SVG component Reporter Andrew Creskey Impact moderate References Bug 1980788...
Security Vulnerabilities fixed in Firefox ESR 140.3 — Mozilla
Memory safety bugs present in Firefox ESR 140.2, Thunderbird ESR 140.2, Firefox 142 and Thunderbird 142. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code...
Security Vulnerabilities fixed in Firefox 143 — Mozilla
Memory safety bugs present in Firefox ESR 140.2, Thunderbird ESR 140.2, Firefox 142 and Thunderbird 142. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code...
Security Vulnerabilities fixed in Thunderbird 140.3 — Mozilla
Memory safety bugs present in Firefox ESR 140.2, Thunderbird ESR 140.2, Firefox 142 and Thunderbird 142. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code...
Security Vulnerabilities fixed in Focus for iOS 143.0 — Mozilla
Opening links via the contextual menu in Focus iOS for certain URL schemes would fail to load but would not refresh the toolbar correctly, allowing attackers to spoof websites if users were coerced into opening a link explicitly through a long-press...
Security Vulnerabilities fixed in Thunderbird 140.2 — Mozilla
An attacker was able to perform memory corruption in the GMP process which processes encrypted media. This process is also heavily sandboxed, but represents slightly different privileges from the content process. Same-origin policy bypass in the Graphics: Canvas2D component. Uninitialized memory ...
Security Vulnerabilities fixed in Focus for iOS 142 — Mozilla
Focus for iOS would not respect a Content-Disposition header of type Attachment and would incorrectly display the content inline, potentially allowing for XSS attacks Dragging JavaScript links to the URL bar in Focus for iOS could be utilized to run malicious scripts, potentially resulting in XSS...
Security Vulnerabilities fixed in Firefox ESR 128.14 — Mozilla
An attacker was able to perform memory corruption in the GMP process which processes encrypted media. This process is also heavily sandboxed, but represents slightly different privileges from the content process. Same-origin policy bypass in the Graphics: Canvas2D component. Uninitialized memory ...
Security Vulnerabilities fixed in Thunderbird 128.14 — Mozilla
An attacker was able to perform memory corruption in the GMP process which processes encrypted media. This process is also heavily sandboxed, but represents slightly different privileges from the content process. Same-origin policy bypass in the Graphics: Canvas2D component. Uninitialized memory ...
Security Vulnerabilities fixed in Firefox for iOS 142 — Mozilla
Firefox for iOS would not respect a Content-Disposition header of type Attachment and would incorrectly display the content inline rather than downloading, potentially allowing for XSS attacks Malicious scripts utilizing repetitive JavaScript alerts could prevent client user interaction in some...
Security Vulnerabilities fixed in Thunderbird 142 — Mozilla
An attacker was able to perform memory corruption in the GMP process which processes encrypted media. This process is also heavily sandboxed, but represents slightly different privileges from the content process. Same-origin policy bypass in the Graphics: Canvas2D component. Uninitialized memory ...
Security Vulnerabilities fixed in Firefox ESR 140.2 — Mozilla
An attacker was able to perform memory corruption in the GMP process which processes encrypted media. This process is also heavily sandboxed, but represents slightly different privileges from the content process. Same-origin policy bypass in the Graphics: Canvas2D component. Uninitialized memory ...
Security Vulnerabilities fixed in Firefox ESR 115.27 — Mozilla
An attacker was able to perform memory corruption in the GMP process which processes encrypted media. This process is also heavily sandboxed, but represents slightly different privileges from the content process. Same-origin policy bypass in the Graphics: Canvas2D component. Memory safety bugs...
Security Vulnerabilities fixed in Firefox 142 — Mozilla
An attacker was able to perform memory corruption in the GMP process which processes encrypted media. This process is also heavily sandboxed, but represents slightly different privileges from the content process. Same-origin policy bypass in the Graphics: Canvas2D component. Uninitialized memory ...
Security Vulnerabilities fixed in Thunderbird 140.1 — Mozilla
On 64-bit platforms IonMonkey-JIT only wrote 32 bits of the 64-bit return value space on the stack. Baseline-JIT, however, read the entire 64 bits. On arm64, a WASM brtable instruction with a lot of entries could lead to the label being too far from the instruction causing truncation and incorrec...
Security Vulnerabilities fixed in Firefox 141 — Mozilla
On 64-bit platforms IonMonkey-JIT only wrote 32 bits of the 64-bit return value space on the stack. Baseline-JIT, however, read the entire 64 bits. On arm64, a WASM brtable instruction with a lot of entries could lead to the label being too far from the instruction causing truncation and incorrec...
Security Vulnerabilities fixed in Thunderbird 141 — Mozilla
On 64-bit platforms IonMonkey-JIT only wrote 32 bits of the 64-bit return value space on the stack. Baseline-JIT, however, read the entire 64 bits. On arm64, a WASM brtable instruction with a lot of entries could lead to the label being too far from the instruction causing truncation and incorrec...
Security Vulnerabilities fixed in Thunderbird 128.13 — Mozilla
On 64-bit platforms IonMonkey-JIT only wrote 32 bits of the 64-bit return value space on the stack. Baseline-JIT, however, read the entire 64 bits. On arm64, a WASM brtable instruction with a lot of entries could lead to the label being too far from the instruction causing truncation and incorrec...