Lucene search
K
MozillaFirefox Esr

488 matches found

CVE
CVE
added 2023/06/19 10:3 a.m.1921 views

CVE-2023-29542

Technical details for CVE-2023-29542 are not publicly disclosed in the provided documents. No affected products, root cause, or mitigation are specified here. Monitor for updates from the sources to obtain concrete information.

9.8CVSS8.7AI score0.0094EPSS
CVE
CVE
added 2023/06/19 9:58 a.m.1721 views

CVE-2023-29532

CVE-2023-29532 describes a local, Windows-only vulnerability where an attacker can trick the Mozilla Maintenance Service into applying an unsigned update file by pointing the service to a malicious SMB server. The update can be replaced after the signature check but before use because the service...

5.5CVSS6AI score0.00185EPSS
CVE
CVE
added 2023/06/02 12:0 a.m.1433 views

CVE-2023-0767

CVE-2023-0767 describes a vulnerability where an attacker could construct a PKCS#12 cert bundle in a way that mishandles Safe Bag attributes, enabling arbitrary memory writes. Affected software: Firefox < 110, Thunderbird < 102.8, and Firefox ESR

8.8CVSS8.1AI score0.00817EPSS
CVE
CVE
added 2015/05/21 12:0 a.m.1253 views

CVE-2015-4000

CVE-2015-4000 is the Logjam vulnerability: when a server enables DHE_EXPORT ciphers and the client does not, the TLS handshake may downgrade to 512‑bit export‑grade DH, allowing a MITM to decrypt traffic. Public details describe the issue in TLS as a downgrade attack on Diffie–Hellman key exchang...

4.3CVSS4.8AI score0.9986EPSS
In wild
CVE
CVE
added 2023/06/19 10:17 a.m.918 views

CVE-2023-34416

CVE-2023-34416 involves memory-safety bugs in Mozilla Firefox and Thunderbird. The vulnerability affects Firefox 113 and Firefox ESR 102.11, with possible memory corruption that could be exploited to execute arbitrary code; affected list includes Firefox < 114, ESR < 102.12, and Thunderbird

9.8CVSS10AI score0.0093EPSS
CVE
CVE
added 2023/06/02 12:0 a.m.882 views

CVE-2023-23599

CVE-2023-23599 affects Firefox <109, Firefox ESR <102.7, and Thunderbird

6.5CVSS6.9AI score0.00601EPSS
CVE
CVE
added 2022/12/22 12:0 a.m.656 views

CVE-2022-29917

CVE-2022-29917 involves memory-safety bugs in Firefox 99 and Firefox ESR 91.8 (Mozilla Fuzzing Team). Some bugs showed memory corruption and, with enough effort, could be exploited to run arbitrary code. affected products include Thunderbird < 91.9, Firefox ESR < 91.9, and Firefox

9.8CVSS9.9AI score0.01005EPSS
CVE
CVE
added 2022/12/22 12:0 a.m.618 views

CVE-2022-1529

CVE-2022-1529 is a prototype-pollution vulnerability in Mozilla products triggered by an attacker sending a message to a parent process, leading to attacker-controlled JavaScript execution in a privileged context. Affected: Firefox ESR < 91.9.1, Firefox < 100.0.2, Firefox for Android < 1...

8.8CVSS7.8AI score0.17103EPSS
CVE
CVE
added 2022/12/22 12:0 a.m.609 views

CVE-2022-26384

Summary: CVE-2022-26384 is a sandbox bypass in Firefox/Thunderbird caused by allowing popups in an iframe sandbox without allow-scripts, enabling crafted links to execute JavaScript in violation of the sandbox. Connected advisories confirm affected products (Firefox < 98, Firefox ESR < 91.7...

9.6CVSS8.7AI score0.00931EPSS
CVE
CVE
added 2022/12/22 12:0 a.m.609 views

CVE-2022-29914

CVE-2022-29914 describes a memory-safety/logic issue in Firefox/Thunderbird where reusing existing popups could cover the fullscreen notification UI, enabling browser spoofing attacks. Affected products include Thunderbird < 91.9, Firefox ESR < 91.9, and Firefox

6.5CVSS7.1AI score0.0062EPSS
CVE
CVE
added 2022/12/22 12:0 a.m.609 views

CVE-2022-31737

CVE-2022-31737 describes an out-of-bounds write in WebGL that could cause memory corruption and a potentially exploitable crash. Affected products include Thunderbird < 91.10, Firefox < 101, and Firefox ESR

9.8CVSS9.4AI score0.00814EPSS
CVE
CVE
added 2022/12/22 12:0 a.m.604 views

CVE-2022-1802

CVE-2022-1802 involves prototype pollution in JavaScript arrays, enabling attacker-controlled code execution in a privileged context when methods of an Array object can be corrupted. Affected software includes Mozilla Firefox ESR < 91.9.1, Firefox < 100.0.2, Firefox for Android < 100.3.0...

8.8CVSS8AI score0.26709EPSS
CVE
CVE
added 2023/06/19 10:14 a.m.600 views

CVE-2023-34414

CVE-2023-34414 describes a click-jacking risk where the error page for TLS certificate errors could be hijacked due to a rendering lag, enabling a user click to override a certificate error under precise timing conditions. Affected products and versions (per provided documents): Firefox ESR < ...

3.1CVSS5.6AI score0.00897EPSS
CVE
CVE
added 2022/12/22 12:0 a.m.593 views

CVE-2022-28285

CVE-2022-28285 describes an incorrect AliasSet used during MLoadTypedArrayElementHole JIT codegen, enabling a potential out-of-bounds read when combined with another vulnerability. Affected products include Thunderbird < 91.8, Firefox < 99, and Firefox ESR

6.5CVSS7.2AI score0.00759EPSS
CVE
CVE
added 2022/12/22 12:0 a.m.571 views

CVE-2022-26387

The CVE-2022-26387 issue is a Mozilla add-on verification weakness. A time-of-check/time-of-use (TOCTOU) bug could allow the add-on file to be altered after Firefox/Thunderbird signatures were checked but before user confirmation, leaving the user exposed. Affected products and versions per conne...

7.5CVSS7.8AI score0.00657EPSS
CVE
CVE
added 2022/12/22 12:0 a.m.571 views

CVE-2022-28282

Summary: CVE-2022-28282 is a use-after-free in the L10n/TranslateDocument path triggered when destroying an object during JavaScript execution and then referencing it via a freed pointer, with exploits tied to Firefox/Thunderbird. Affected versions: Thunderbird < 91.8, Firefox < 99, and Fir...

6.5CVSS7.1AI score0.02012EPSS
CVE
CVE
added 2022/12/22 12:0 a.m.564 views

CVE-2022-29911

CVE-2022-29911 is an iframe sandbox bypass vulnerability described as an improper implementation of allow-top-navigation-by-user-activation that could permit script execution without allow-scripts. Affected products include Thunderbird (<91.9), Firefox ESR (<91.9), and Firefox (

6.1CVSS7.3AI score0.00561EPSS
CVE
CVE
added 2022/12/22 12:0 a.m.562 views

CVE-2022-26383

CVE-2022-26383 concerns a UI/UX issue in Firefox and Thunderbird where, after requesting fullscreen, resizing the popup prevented the fullscreen notification from displaying. Connected docs confirm the flaw affects Firefox < 98, Firefox ESR < 91.7, and Thunderbird

4.3CVSS6AI score0.00655EPSS
CVE
CVE
added 2022/12/22 12:0 a.m.557 views

CVE-2022-22751

CVE-2022-22751 relates to memory-safety bugs in Firefox 95 and Firefox ESR 91.4, with evidence of memory corruption and a presumption that some could be exploited to run arbitrary code. Affected: Firefox ESR < 91.5, Firefox < 96, and Thunderbird

8.8CVSS9.6AI score0.0087EPSS
CVE
CVE
added 2022/12/22 12:0 a.m.557 views

CVE-2022-29909

CVE-2022-29909 is a Firefox/Thunderbird vulnerability described as privilege escalation via deeply-nested cross-origin browsing contexts that could inherit top-level permissions. Affected products and versions from connected advisories: Thunderbird < 91.9 and Firefox (including ESR)

8.8CVSS8.7AI score0.00848EPSS
CVE
CVE
added 2022/12/22 12:0 a.m.555 views

CVE-2022-22747

Summary: CVE-2022-22747 describes a denial of service caused by incorrect parsing of empty PKCS#7 sequences after accepting an untrusted certificate, leading to a crash. The vulnerability affects Firefox ESR < 91.5, Firefox < 96, and Thunderbird

6.5CVSS7.1AI score0.0063EPSS
CVE
CVE
added 2022/12/22 12:0 a.m.555 views

CVE-2022-26386

The CVE-2022-26386 issue concerns Firefox ESR versions prior to 91.7 and Thunderbird versions prior to 91.7. Previously, Firefox on macOS/Linux downloaded temporary files to a user-specific directory in /tmp; this was changed to /tmp where other local users could affect the files. The behavior wa...

6.5CVSS6.9AI score0.0068EPSS
CVE
CVE
added 2022/12/22 12:0 a.m.553 views

CVE-2022-22740

CVE-2022-22740 is confirmed in connected documents as a use-after-free caused by freeing network request objects too early, potentially enabling a crash. Affected products: Firefox ESR < 91.5, Firefox < 96, and Thunderbird

8.8CVSS8.8AI score0.0096EPSS
CVE
CVE
added 2022/12/22 12:0 a.m.550 views

CVE-2022-29916

CVE-2022-29916 is an information-disclosure issue where Firefox behaves differently when loading CSS resources with CSS variables, potentially allowing history probing. Affected products in public advisories include Thunderbird and Firefox variants (Thunderbird < 91.9, Firefox/ ESR < 91.9, ...

6.5CVSS7.4AI score0.00723EPSS
CVE
CVE
added 2022/12/22 12:0 a.m.548 views

CVE-2022-26381

CVE-2022-26381 describes a use-after-free risk caused by forcing a text reflow in an SVG object, potentially exploitable as a crash. Affected products include Mozilla Firefox (less than 98) and Firefox ESR (less than 91.7) and Mozilla Thunderbird (less than 91.7). External documents (Astra Linux,...

8.8CVSS8.6AI score0.00849EPSS
CVE
CVE
added 2022/12/22 12:0 a.m.542 views

CVE-2022-22739

CVE-2022-22739 describes a vulnerability where malicious websites could lure users into launching a program to handle an external URL protocol. Public references in the provided documents indicate affected products are Mozilla Firefox (Firefox ESR < 91.5, Firefox < 96) and Thunderbird (

6.5CVSS7AI score0.00679EPSS
CVE
CVE
added 2022/12/22 12:0 a.m.542 views

CVE-2022-29912

The CVE-2022-29912 issue concerns the handling of SameSite cookies in reader mode. Affected products include Thunderbird < 91.9, Firefox ESR < 91.9, and Firefox

6.1CVSS7.2AI score0.00644EPSS
CVE
CVE
added 2022/12/22 12:0 a.m.539 views

CVE-2022-22742

CVE-2022-22742 is confirmed in connected records as an out-of-bounds memory access in Firefox/Thunderbird when inserting text in edit mode. Affected products include Firefox ESR < 91.5, Firefox < 96, and Thunderbird

6.5CVSS7.3AI score0.00796EPSS
CVE
CVE
added 2022/12/22 12:0 a.m.538 views

CVE-2022-22738

The CVE-2022-22738 entry concerns a heap-buffer-overflow caused by applying a CSS filter, potentially exploitable via memory corruption. Affected products are Mozilla Firefox/Thunderbird: Firefox ESR < 91.5, Firefox < 96, and Thunderbird

8.8CVSS8.7AI score0.00995EPSS
CVE
CVE
added 2022/12/22 12:0 a.m.538 views

CVE-2022-22745

CVE-2022-22745 describes a cross-origin information leak via SecurityPolicyViolation events for frame-ancestors violations. Public documents associate this with Firefox ESR versions earlier than 91.5, Firefox versions earlier than 96, and Thunderbird versions earlier than 91.5. The connected advi...

6.5CVSS7.1AI score0.00646EPSS
CVE
CVE
added 2022/12/22 12:0 a.m.536 views

CVE-2022-22741

CVE-2022-22741 : A fullscreen-related issue in Firefox/Thunderbird where resizing a popup while requesting fullscreen could trap the popup in fullscreen and prevent exit. Affected: Firefox ESR < 91.5, Firefox < 96, Thunderbird

7.5CVSS7.7AI score0.00652EPSS
CVE
CVE
added 2022/12/22 12:0 a.m.535 views

CVE-2022-22737

The CVE-2022-22737 entry is supported by connected advisories showing a race condition in constructing audio sinks that can lead to a use-after-free and potentially exploitable crash in Mozilla Firefox ESR < 91.5, Firefox < 96, and Thunderbird

7.5CVSS8AI score0.0075EPSS
CVE
CVE
added 2022/12/22 12:0 a.m.533 views

CVE-2022-22754

CVE-2022-22754: Affects Firefox <97, Thunderbird <91.6, and Firefox ESR

6.5CVSS7AI score0.00644EPSS
CVE
CVE
added 2022/12/22 12:0 a.m.533 views

CVE-2022-22760

CVE-2022-22760: A cross-origin information disclosure in Firefox/Thunderbird arises when importing resources via Web Workers, where error messages could reveal whether a response is JavaScript (application/javascript) or not. Affected: Firefox < 97, Thunderbird < 91.6, and Firefox ESR

6.5CVSS7AI score0.00759EPSS
CVE
CVE
added 2022/12/22 12:0 a.m.529 views

CVE-2022-1097

The CVE-2022-1097 entry concerns NSSToken objects that could be accessed unsafely across threads, causing a use-after-free and potentially exploitable crash. Affected products explicitly named in connected documents include Thunderbird (versions earlier than 91.8), Firefox (versions earlier than ...

6.5CVSS7.3AI score0.00917EPSS
CVE
CVE
added 2022/12/22 12:0 a.m.529 views

CVE-2022-22743

CVE-2022-22743 affects Firefox ESR < 91.5, Firefox < 96, and Thunderbird

4.3CVSS6AI score0.00643EPSS
CVE
CVE
added 2022/12/22 12:0 a.m.523 views

CVE-2022-22756

CVE-2022-22756 describes a drag-and-drop image object that could be turned into an executable script, enabling arbitrary code execution when clicked. Affected products and versions include Firefox <97, Thunderbird <91.6, and Firefox ESR

8.8CVSS8.6AI score0.00926EPSS
CVE
CVE
added 2022/12/22 12:0 a.m.521 views

CVE-2022-22764

CVE-2022-22764 is a set of memory-safety bugs in Mozilla Firefox (affecting Firefox < 97 and Firefox ESR < 91.6) and related Thunderbird components (Thunderbird

8.8CVSS9.5AI score0.00702EPSS
CVE
CVE
added 2022/12/22 12:0 a.m.518 views

CVE-2022-42928

CVE-2022-42928 is a memory-corruption vulnerability affecting Firefox and Thunderbird prior to the specified versions (Firefox <106, ESR <102.4, Thunderbird

8.8CVSS8.5AI score0.0083EPSS
CVE
CVE
added 2020/01/08 7:22 p.m.517 views

CVE-2019-11745

CVE-2019-11745 is a heap-based out-of-bounds write in Mozilla NSS (NSC_EncryptUpdate) when data smaller than the block size is encrypted. This could allow a remote attacker to trigger a crash or execute arbitrary code with the user’s privileges (attack surface includes NSS-enabled apps such as Th...

8.8CVSS8.7AI score0.02994EPSS
CVE
CVE
added 2022/12/22 12:0 a.m.514 views

CVE-2022-22748

CVE-2022-22748 is a cross-origin spoof vulnerability in Mozilla components where malicious websites could confuse Thunderbird or a browser dialog about launching a program to handle an external URL protocol, resulting in a spoofed origin. Public documentation in connected advisories ties this to ...

6.5CVSS7.1AI score0.00737EPSS
CVE
CVE
added 2022/12/22 12:0 a.m.511 views

CVE-2022-28286

The CVE-2022-28286 issue is a layout-related vulnerability where iframe contents could render outside their border, potentially enabling spoofing or user confusion. Affected products and versions identified in connected documents include Thunderbird < 91.8, Firefox < 99, and Firefox ESR

5.4CVSS6.3AI score0.00561EPSS
CVE
CVE
added 2022/12/22 12:0 a.m.511 views

CVE-2022-31741

CVE-2022-31741 is a memory-safety issue triggered by processing a crafted CMS message, affecting Thunderbird < 91.10, Firefox < 101, and Firefox ESR

8.8CVSS8.8AI score0.00662EPSS
CVE
CVE
added 2022/12/22 12:0 a.m.509 views

CVE-2022-22759

The CVE-2022-22759 issue describes a flaw where a sandboxed iframe that lacks allow-scripts could still execute an appended element’s JavaScript (e.g., event handlers) when that element is added to the iframe’s document. Affected products and versions include Firefox < 97, Thunderbird < 91....

9.6CVSS8.6AI score0.00743EPSS
CVE
CVE
added 2022/12/22 12:0 a.m.507 views

CVE-2022-1196

CVE-2022-1196 involves a use-after-free caused by retaining a reference to a VR Process after destruction, potentially allowing an exploitable crash. The vulnerability affects Thunderbird before 91.8 and Firefox ESR before 91.8. The connected advisories indicate remediation by upgrading Thunderbi...

6.5CVSS7.3AI score0.00718EPSS
CVE
CVE
added 2022/12/22 12:0 a.m.505 views

CVE-2022-28281

CVE-2022-28281 describes a memory safety vulnerability in Mozilla Firefox/Thunderbird where a compromised content process could send an unexpected number of WebAuthN Extensions in a Register command to the parent process, causing an out-of-bounds write and memory corruption that could lead to a p...

8.8CVSS8.1AI score0.02556EPSS
CVE
CVE
added 2022/12/22 12:0 a.m.505 views

CVE-2022-34470

CVE-2022-34470 is a real-use-after-free vulnerability in Firefox/Thunderbird related to session-history navigations that could cause a crash. The connected documents identify the affected products and versions: Firefox and Firefox ESR (Firefox < 102, ESR < 91.11) and Thunderbird (Thunderbir...

9.8CVSS9.1AI score0.01064EPSS
CVE
CVE
added 2022/12/22 12:0 a.m.502 views

CVE-2022-22763

CVE-2022-22763 describes a post-shutdown script execution issue in Mozilla Firefox, Thunderbird and Firefox ESR where a worker could run late in the lifecycle after it should be prevented. Affected products: Firefox < 96, Thunderbird < 91.6, Firefox ESR

8.8CVSS8.3AI score0.00564EPSS
CVE
CVE
added 2022/12/22 12:0 a.m.501 views

CVE-2022-22761

CVE-2022-22761 fixes a vulnerability where the frame-ancestors CSP directive was not enforced for moz-extension:// pages, affecting Firefox < 97, Thunderbird < 91.6, and Firefox ESR

8.8CVSS8.4AI score0.00743EPSS
CVE
CVE
added 2022/12/22 12:0 a.m.500 views

CVE-2022-31740

CVE-2022-31740 describes a register allocation bug in arm64 WASM code that could cause an exploitable crash. Publicly listed impact covers Thunderbird < 91.10, Firefox < 101, and Firefox ESR

8.8CVSS8.9AI score0.00651EPSS
Total number of security vulnerabilities488