Lucene search

K
MozillaFirefox Esr

905 matches found

CVE
CVE
added 2018/06/11 9:29 p.m.133 views

CVE-2018-5147

The libtremor library has the same flaw as CVE-2018-5146. This library is used by Firefox in place of libvorbis on Android and ARM platforms. This vulnerability affects Firefox ESR < 52.7.2 and Firefox

9.8CVSS7.3AI score0.26243EPSS
CVE
CVE
added 2023/06/02 5:15 p.m.133 views

CVE-2023-32206

An out-of-bound read could have led to a crash in the RLBox Expat driver. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird

6.5CVSS6.6AI score0.00145EPSS
CVE
CVE
added 2018/06/11 9:29 p.m.132 views

CVE-2017-5407

Using SVG filters that don't use the fixed point math implementation on a target iframe, a malicious page can extract pixel values from a targeted user. This can be used to extract history information and read text values across domains. This violates same-origin policy and leads to information dis...

6.5CVSS6.7AI score0.01101EPSS
CVE
CVE
added 2018/06/11 9:29 p.m.132 views

CVE-2017-5435

A use-after-free vulnerability occurs during transaction processing in the editor during design mode interactions. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox

9.8CVSS8.3AI score0.02485EPSS
CVE
CVE
added 2018/06/11 9:29 p.m.132 views

CVE-2018-5127

A buffer overflow can occur when manipulating the SVG "animatedPathSegList" through script. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.7, Firefox ESR < 52.7, and Firefox

8.8CVSS9.2AI score0.18402EPSS
CVE
CVE
added 2023/06/02 5:15 p.m.132 views

CVE-2023-29550

Memory safety bugs present in Firefox 111 and Firefox ESR 102.9. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 112, Focus for Android < 112, Fir...

8.8CVSS9.1AI score0.00136EPSS
CVE
CVE
added 2018/06/11 9:29 p.m.131 views

CVE-2017-5433

A use-after-free vulnerability in SMIL animation functions occurs when pointers to animation elements in an array are dropped from the animation controller while still in use. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, F...

9.8CVSS8.3AI score0.02016EPSS
CVE
CVE
added 2018/10/18 1:29 p.m.131 views

CVE-2018-12369

WebExtensions bundled with embedded experiments were not correctly checked for proper authorization. This allowed a malicious WebExtension to gain full browser permissions. This vulnerability affects Firefox ESR < 60.1 and Firefox

9.8CVSS8AI score0.01798EPSS
CVE
CVE
added 2018/06/11 9:29 p.m.131 views

CVE-2018-5183

Mozilla developers backported selected changes in the Skia library. These changes correct memory corruption issues including invalid buffer reads and writes during graphic operations. This vulnerability affects Thunderbird ESR < 52.8, Thunderbird < 52.8, and Firefox ESR

9.8CVSS7.2AI score0.03792EPSS
CVE
CVE
added 2023/06/02 5:15 p.m.131 views

CVE-2023-25746

Memory safety bugs present in Firefox ESR 102.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird < 102.8 and Firefox ESR

8.8CVSS9.3AI score0.00136EPSS
CVE
CVE
added 2023/06/02 5:15 p.m.131 views

CVE-2023-25752

When accessing throttled streams, the count of available bytes needed to be checked in the calling function to be within bounds. This may have lead future code to be incorrect and vulnerable. This vulnerability affects Firefox < 111, Firefox ESR < 102.9, and Thunderbird

6.5CVSS6.8AI score0.00098EPSS
CVE
CVE
added 2018/06/11 9:29 p.m.130 views

CVE-2017-5444

A buffer overflow vulnerability while parsing "application/http-index-format" format content when the header contains improperly formatted data. This allows for an out-of-bounds read of data from memory. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1,...

7.5CVSS8.2AI score0.027EPSS
CVE
CVE
added 2018/06/11 9:29 p.m.130 views

CVE-2017-5459

A buffer overflow in WebGL triggerable by web content, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox

9.8CVSS8.5AI score0.06622EPSS
CVE
CVE
added 2018/06/11 9:29 p.m.130 views

CVE-2017-7779

Memory safety bugs were reported in Firefox 54, Firefox ESR 52.2, and Thunderbird 52.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 52.3, Firef...

10CVSS9AI score0.02182EPSS
CVE
CVE
added 2018/10/18 1:29 p.m.130 views

CVE-2018-5187

Memory safety bugs present in Firefox 60 and Firefox ESR 60. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 60, Firefox ESR < 60.1, and Firefox

9.8CVSS8.9AI score0.03688EPSS
CVE
CVE
added 2023/06/02 5:15 p.m.130 views

CVE-2023-32211

A type checking bug would have led to invalid code being compiled. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird

6.5CVSS6.8AI score0.00145EPSS
CVE
CVE
added 2018/06/11 9:29 p.m.129 views

CVE-2017-5408

Video files loaded video captions cross-origin without checking for the presence of CORS headers permitting such cross-origin use, leading to potential information disclosure for video captions. This vulnerability affects Firefox < 52, Firefox ESR < 45.8, Thunderbird < 52, and Thunderbird

5.3CVSS6.1AI score0.01068EPSS
CVE
CVE
added 2018/06/11 9:29 p.m.129 views

CVE-2017-5440

A use-after-free vulnerability during XSLT processing due to a failure to propagate error conditions during matching while evaluating context, leading to objects being used when they no longer exist. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.1, ...

9.8CVSS8.3AI score0.02016EPSS
CVE
CVE
added 2018/06/11 9:29 p.m.129 views

CVE-2017-7810

Memory safety bugs were reported in Firefox 55 and Firefox ESR 52.3. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 56, Firefox ESR < 52.4, and Thu...

10CVSS8.9AI score0.02513EPSS
CVE
CVE
added 2018/06/11 9:29 p.m.129 views

CVE-2018-5157

Same-origin protections for the PDF viewer can be bypassed, allowing a malicious site to intercept messages meant for the viewer. This could allow the site to retrieve PDF files restricted to viewing by an authenticated user on a third-party website. This vulnerability affects Firefox ESR < 52.8...

7.5CVSS6.1AI score0.00606EPSS
CVE
CVE
added 2022/12/22 8:15 p.m.129 views

CVE-2022-40956

When injecting an HTML base element, some requests would ignore the CSP's base-uri settings and accept the injected element's base instead. This vulnerability affects Firefox ESR < 102.3, Thunderbird < 102.3, and Firefox

6.1CVSS6.6AI score0.00154EPSS
CVE
CVE
added 2022/12/22 8:15 p.m.129 views

CVE-2022-45406

If an out-of-memory condition occurred when creating a JavaScript global, a JavaScript realm may be deleted while references to it lived on in a BaseShape. This could lead to a use-after-free causing a potentially exploitable crash. This vulnerability affects Firefox ESR < 102.5, Thunderbird &lt...

9.8CVSS9.1AI score0.00283EPSS
CVE
CVE
added 2023/06/02 5:15 p.m.129 views

CVE-2023-25730

A background script invoking requestFullscreen and then blocking the main thread could force the browser into fullscreen mode indefinitely, resulting in potential user confusion or spoofing attacks. This vulnerability affects Firefox < 110, Thunderbird < 102.8, and Firefox ESR

5.4CVSS6.1AI score0.00095EPSS
CVE
CVE
added 2015/03/24 12:59 a.m.128 views

CVE-2015-0818

Mozilla Firefox before 36.0.4, Firefox ESR 31.x before 31.5.3, and SeaMonkey before 2.33.1 allow remote attackers to bypass the Same Origin Policy and execute arbitrary JavaScript code with chrome privileges via vectors involving SVG hash navigation.

7.5CVSS9.3AI score0.01278EPSS
CVE
CVE
added 2018/06/11 9:29 p.m.128 views

CVE-2016-5290

Memory safety bugs were reported in Firefox 49 and Firefox ESR 45.4. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 45.5, Firefox ESR < 45.5, a...

9.8CVSS8.9AI score0.01973EPSS
CVE
CVE
added 2018/06/11 9:29 p.m.128 views

CVE-2017-5446

An out-of-bounds read when an HTTP/2 connection to a servers sends "DATA" frames with incorrect data content. This leads to a potentially exploitable crash. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox

9.8CVSS8AI score0.01427EPSS
CVE
CVE
added 2018/06/11 9:29 p.m.128 views

CVE-2017-5448

An out-of-bounds write in "ClearKeyDecryptor" while decrypting some Clearkey-encrypted media content. The "ClearKeyDecryptor" code runs within the Gecko Media Plugin (GMP) sandbox. If a second mechanism is found to escape the sandbox, this vulnerability allows for the writing of arbitrary data with...

8.6CVSS8.2AI score0.01377EPSS
CVE
CVE
added 2018/06/11 9:29 p.m.128 views

CVE-2017-7793

A use-after-free vulnerability can occur in the Fetch API when the worker or the associated window are freed when still in use, resulting in a potentially exploitable crash. This vulnerability affects Firefox < 56, Firefox ESR < 52.4, and Thunderbird

9.8CVSS8.1AI score0.03238EPSS
CVE
CVE
added 2018/06/11 9:29 p.m.127 views

CVE-2017-5442

A use-after-free vulnerability during changes in style when manipulating DOM elements. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox

9.8CVSS8.3AI score0.02016EPSS
CVE
CVE
added 2018/06/11 9:29 p.m.127 views

CVE-2017-5460

A use-after-free vulnerability in frame selection triggered by a combination of malicious script content and key presses by a user. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox

9.8CVSS8.3AI score0.02016EPSS
CVE
CVE
added 2018/06/11 9:29 p.m.127 views

CVE-2017-7753

An out-of-bounds read occurs when applying style rules to pseudo-elements, such as ::first-line, using cached style data. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox

9.1CVSS7.8AI score0.01812EPSS
CVE
CVE
added 2023/06/02 5:15 p.m.127 views

CVE-2023-28164

Dragging a URL from a cross-origin iframe that was removed during the drag could have led to user confusion and website spoofing attacks. This vulnerability affects Firefox < 111, Firefox ESR < 102.9, and Thunderbird

6.5CVSS6.5AI score0.0008EPSS
CVE
CVE
added 2024/01/23 2:15 p.m.127 views

CVE-2024-0750

A bug in popup notifications delay calculation could have made it possible for an attacker to trick a user into granting permissions. This vulnerability affects Firefox < 122, Firefox ESR < 115.7, and Thunderbird

8.8CVSS8AI score0.0062EPSS
CVE
CVE
added 2018/06/11 9:29 p.m.126 views

CVE-2017-5449

A possibly exploitable crash triggered during layout and manipulation of bidirectional unicode text in concert with CSS animations. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 52.1, and Firefox

7.5CVSS8.1AI score0.0164EPSS
CVE
CVE
added 2018/06/11 9:29 p.m.126 views

CVE-2017-7823

The content security policy (CSP) "sandbox" directive did not create a unique origin for the document, causing it to behave as if the "allow-same-origin" keyword were always specified. This could allow a Cross-Site Scripting (XSS) attack to be launched from unsafe content. This vulnerability affect...

5.4CVSS6.1AI score0.01416EPSS
CVE
CVE
added 2018/06/11 9:29 p.m.126 views

CVE-2018-5131

Under certain circumstances the "fetch()" API can return transient local copies of resources that were sent with a "no-store" or "no-cache" cache header instead of downloading a copy from the network as it should. This can result in previously stored, locally cached data of a website being accessib...

5.9CVSS6.3AI score0.01451EPSS
CVE
CVE
added 2022/12/22 8:15 p.m.126 views

CVE-2022-22744

The constructed curl command from the "Copy as curl" feature in DevTools was not properly escaped for PowerShell. This could have lead to command injection if pasted into a Powershell prompt.This bug only affects Thunderbird for Windows. Other operating systems are unaffected. . This vulnerability ...

8.8CVSS8.5AI score0.00414EPSS
CVE
CVE
added 2023/06/02 5:15 p.m.126 views

CVE-2023-29533

A website could have obscured the fullscreen notification by using a combination of window.open, fullscreen requests, window.name assignments, and setInterval calls. This could have led to user confusion and possible spoofing attacks. This vulnerability affects Firefox < 112, Focus for Android &...

4.3CVSS5.4AI score0.00099EPSS
CVE
CVE
added 2015/02/25 11:59 a.m.125 views

CVE-2015-0822

The Form Autocompletion feature in Mozilla Firefox before 36.0, Firefox ESR 31.x before 31.5, and Thunderbird before 31.5 allows remote attackers to read arbitrary files via crafted JavaScript code.

4.3CVSS9.2AI score0.00637EPSS
CVE
CVE
added 2018/06/11 9:29 p.m.125 views

CVE-2017-5410

Memory corruption resulting in a potentially exploitable crash during garbage collection of JavaScript due errors in how incremental sweeping is managed for memory cleanup. This vulnerability affects Firefox < 52, Firefox ESR < 45.8, Thunderbird < 52, and Thunderbird

9.8CVSS8.2AI score0.02663EPSS
CVE
CVE
added 2018/06/11 9:29 p.m.125 views

CVE-2017-5466

If a page is loaded from an original site through a hyperlink and contains a redirect to a "data:text/html" URL, triggering a reload will run the reloaded "data:text/html" page with its origin set incorrectly. This allows for a cross-site scripting (XSS) attack. This vulnerability affects Thunderbi...

6.1CVSS6.3AI score0.00624EPSS
CVE
CVE
added 2018/06/11 9:29 p.m.125 views

CVE-2017-7819

A use-after-free vulnerability can occur in design mode when image objects are resized if objects referenced during the resizing have been freed from memory. This results in a potentially exploitable crash. This vulnerability affects Firefox < 56, Firefox ESR < 52.4, and Thunderbird

9.8CVSS8.3AI score0.09EPSS
CVE
CVE
added 2020/07/09 2:15 p.m.125 views

CVE-2018-12371

An integer overflow vulnerability in the Skia library when allocating memory for edge builders on some systems with at least 16 GB of RAM. This results in the use of uninitialized memory, resulting in a potentially exploitable crash. This vulnerability affects Firefox ESR < 60.1, Thunderbird &lt...

8.8CVSS8.2AI score0.00442EPSS
CVE
CVE
added 2022/12/22 8:15 p.m.125 views

CVE-2022-45405

Freeing arbitrary nsIInputStream's on a different thread than creation could have led to a use-after-free and potentially exploitable crash. This vulnerability affects Firefox ESR < 102.5, Thunderbird < 102.5, and Firefox

6.5CVSS7.5AI score0.00089EPSS
CVE
CVE
added 2022/12/22 8:15 p.m.125 views

CVE-2022-45409

The garbage collector could have been aborted in several states and zones and GCRuntime::finishCollection may not have been called, leading to a use-after-free and potentially exploitable crash. This vulnerability affects Firefox ESR < 102.5, Thunderbird < 102.5, and Firefox

8.8CVSS8.9AI score0.00128EPSS
CVE
CVE
added 2022/12/22 8:15 p.m.125 views

CVE-2022-45411

Cross-Site Tracing occurs when a server will echo a request back via the Trace method, allowing an XSS attack to access to authorization headers and cookies inaccessible to JavaScript (such as cookies protected by HTTPOnly). To mitigate this attack, browsers placed limits on fetch() and XMLHttpRequ...

6.1CVSS6.9AI score0.00111EPSS
CVE
CVE
added 2015/07/06 2:1 a.m.124 views

CVE-2015-2738

The YCbCrImageDataDeserializer::ToDataSourceSurface function in the YCbCr implementation in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and Thunderbird before 38.1 reads data from uninitialized memory locations, which has unspecified impact and attack vectors.

10CVSS4.4AI score0.00945EPSS
CVE
CVE
added 2015/07/06 2:0 a.m.123 views

CVE-2015-2724

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and Thunderbird before 38.1 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code ...

10CVSS6.2AI score0.01739EPSS
CVE
CVE
added 2018/06/11 9:29 p.m.123 views

CVE-2017-5401

A crash triggerable by web content in which an "ErrorResult" references unassigned memory due to a logic error. The resulting crash may be exploitable. This vulnerability affects Firefox < 52, Firefox ESR < 45.8, Thunderbird < 52, and Thunderbird

9.8CVSS7.7AI score0.02314EPSS
CVE
CVE
added 2018/06/11 9:29 p.m.123 views

CVE-2017-7814

File downloads encoded with "blob:" and "data:" URL elements bypassed normal file download checks though the Phishing and Malware Protection feature and its block lists of suspicious sites and files. This would allow malicious sites to lure users into downloading executables that would otherwise be...

7.8CVSS7.6AI score0.00319EPSS
Total number of security vulnerabilities905