Lucene search

K
MozillaFirefox Esr

905 matches found

CVE
CVE
added 2023/12/19 2:15 p.m.112 views

CVE-2023-6856

The WebGL DrawElementsInstanced method was susceptible to a heap buffer overflow when used on systems with the Mesa VM driver. This issue could allow an attacker to perform remote code execution and sandbox escape. This vulnerability affects Firefox ESR < 115.6, Thunderbird < 115.6, and Firef...

8.8CVSS8.7AI score0.08516EPSS
CVE
CVE
added 2025/04/29 2:15 p.m.112 views

CVE-2025-4091

Memory safety bugs present in Firefox 137, Thunderbird 137, Firefox ESR 128.9, and Thunderbird 128.9. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox <...

6.5CVSS8.2AI score0.00087EPSS
CVE
CVE
added 2014/04/30 10:49 a.m.111 views

CVE-2014-1518

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary cod...

9.3CVSS8.9AI score0.02818EPSS
CVE
CVE
added 2014/07/23 11:12 a.m.111 views

CVE-2014-1556

Mozilla Firefox before 31.0, Firefox ESR 24.x before 24.7, and Thunderbird before 24.7 allow remote attackers to execute arbitrary code via crafted WebGL content constructed with the Cesium JavaScript library.

9.3CVSS9.6AI score0.00519EPSS
CVE
CVE
added 2015/07/06 2:1 a.m.111 views

CVE-2015-2739

The ArrayBufferBuilder::append function in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and Thunderbird before 38.1 accesses unintended memory locations, which has unspecified impact and attack vectors.

10CVSS4.4AI score0.00748EPSS
CVE
CVE
added 2018/10/18 1:29 p.m.111 views

CVE-2018-12368

Windows 10 does not warn users before opening executable files with the SettingContent-ms extension even when they have been downloaded from the internet and have the "Mark of the Web." Without the warning, unsuspecting users unfamiliar with this new file type might run an unwanted executable. This...

9.3CVSS8AI score0.02011EPSS
CVE
CVE
added 2024/01/23 2:15 p.m.111 views

CVE-2024-0753

In specific HSTS configurations an attacker could have bypassed HSTS on a subdomain. This vulnerability affects Firefox < 122, Firefox ESR < 115.7, and Thunderbird

6.5CVSS6.8AI score0.00228EPSS
CVE
CVE
added 2015/04/01 10:59 a.m.110 views

CVE-2015-0813

Use-after-free vulnerability in the AppendElements function in Mozilla Firefox before 37.0, Firefox ESR 31.x before 31.6, and Thunderbird before 31.6 on Linux, when the Fluendo MP3 plugin for GStreamer is used, allows remote attackers to execute arbitrary code or cause a denial of service (heap mem...

5.1CVSS9.4AI score0.02842EPSS
CVE
CVE
added 2016/06/13 10:59 a.m.110 views

CVE-2016-2815

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 47.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

8.8CVSS9.2AI score0.00261EPSS
CVE
CVE
added 2018/06/11 9:29 p.m.110 views

CVE-2016-5291

A same-origin policy bypass with local shortcut files to load arbitrary local content from disk. This vulnerability affects Thunderbird < 45.5, Firefox ESR < 45.5, and Firefox

5.5CVSS6.4AI score0.00037EPSS
CVE
CVE
added 2018/06/11 9:29 p.m.110 views

CVE-2016-9066

A buffer overflow resulting in a potentially exploitable crash due to memory allocation issues when handling large amounts of incoming data. This vulnerability affects Thunderbird < 45.5, Firefox ESR < 45.5, and Firefox

7.5CVSS8.2AI score0.20609EPSS
Web
CVE
CVE
added 2018/06/11 9:29 p.m.110 views

CVE-2017-7749

A use-after-free vulnerability when using an incorrect URL during the reloading of a docshell. This results in a potentially exploitable crash. This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and Thunderbird

9.8CVSS8.1AI score0.01973EPSS
CVE
CVE
added 2023/06/19 10:15 a.m.110 views

CVE-2023-32214

Protocol handlers ms-cxh and ms-cxh-full could have been leveraged to trigger a denial of service.Note: This attack only affects Windows. Other operating systems are not affected. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird

7.5CVSS7AI score0.00175EPSS
CVE
CVE
added 2023/11/21 3:15 p.m.110 views

CVE-2023-6205

It was possible to cause the use of a MessagePort after it had already been freed, which could potentially have led to an exploitable crash. This vulnerability affects Firefox < 120, Firefox ESR < 115.5.0, and Thunderbird

6.5CVSS6.8AI score0.00435EPSS
CVE
CVE
added 2023/11/21 3:15 p.m.110 views

CVE-2023-6212

Memory safety bugs present in Firefox 119, Firefox ESR 115.4, and Thunderbird 115.4. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 120, Firefox ESR...

8.8CVSS9.2AI score0.00409EPSS
CVE
CVE
added 2024/09/06 7:15 p.m.110 views

CVE-2024-7652

An error in the ECMA-262 specification relating to Async Generators could have resulted in a type confusion, potentially leading to memory corruption and an exploitable crash. This vulnerability affects Firefox < 128, Firefox ESR < 115.13, Thunderbird < 115.13, and Thunderbird

7.5CVSS6.4AI score0.0085EPSS
CVE
CVE
added 2014/02/06 5:44 a.m.109 views

CVE-2014-1477

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, and SeaMonkey before 2.24 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary cod...

9.8CVSS9.3AI score0.00852EPSS
CVE
CVE
added 2018/06/11 9:29 p.m.109 views

CVE-2017-7830

The Resource Timing API incorrectly revealed navigations in cross-origin iframes. This is a same-origin policy violation and could allow for data theft of URLs loaded by users. This vulnerability affects Firefox < 57, Firefox ESR < 52.5, and Thunderbird

6.5CVSS7.1AI score0.00908EPSS
CVE
CVE
added 2024/01/23 2:15 p.m.109 views

CVE-2024-0751

A malicious devtools extension could have been used to escalate privileges. This vulnerability affects Firefox < 122, Firefox ESR < 115.7, and Thunderbird

8.8CVSS8.3AI score0.00312EPSS
CVE
CVE
added 2015/07/06 2:1 a.m.108 views

CVE-2015-2731

Use-after-free vulnerability in the CSPService::ShouldLoad function in the microtask implementation in Mozilla Firefox before 39.0, Firefox ESR 38.x before 38.1, and Thunderbird before 38.1 allows remote attackers to execute arbitrary code by leveraging client-side JavaScript that triggers removal ...

10CVSS5.1AI score0.03053EPSS
CVE
CVE
added 2018/06/11 9:29 p.m.108 views

CVE-2017-5430

Memory safety bugs were reported in Firefox 52, Firefox ESR 52, and Thunderbird 52. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 52.1, Firefox E...

9.8CVSS8.8AI score0.00786EPSS
CVE
CVE
added 2023/06/02 5:15 p.m.108 views

CVE-2023-25738

Members of the DEVMODEW struct set by the printer device driver weren't being validated and could have resulted in invalid values which in turn would cause the browser to attempt out of bounds access to related variables.This bug only affects Firefox on Windows. Other operating systems are unaffect...

6.5CVSS5.7AI score0.00134EPSS
CVE
CVE
added 2015/07/06 2:0 a.m.107 views

CVE-2015-2728

The IndexedDatabaseManager class in the IndexedDB implementation in Mozilla Firefox before 39.0 and Firefox ESR 31.x before 31.8 and 38.x before 38.1 misinterprets an unspecified IDBDatabase field as a pointer, which allows remote attackers to execute arbitrary code or cause a denial of service (me...

7.5CVSS5.6AI score0.03275EPSS
CVE
CVE
added 2018/06/11 9:29 p.m.107 views

CVE-2016-5296

A heap-buffer-overflow in Cairo when processing SVG content caused by compiler optimization, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird < 45.5, Firefox ESR < 45.5, and Firefox

7.5CVSS8AI score0.0257EPSS
CVE
CVE
added 2024/01/23 2:15 p.m.107 views

CVE-2024-0747

When a parent page loaded a child in an iframe with unsafe-inline, the parent Content Security Policy could have overridden the child Content Security Policy. This vulnerability affects Firefox < 122, Firefox ESR < 115.7, and Thunderbird

6.5CVSS6.8AI score0.00315EPSS
CVE
CVE
added 2025/03/04 2:15 p.m.107 views

CVE-2025-1933

On 64-bit CPUs, when the JIT compiles WASM i32 return values they can pick up bits from left over memory. This can potentially cause them to be treated as a different type. This vulnerability affects Firefox < 136, Firefox ESR < 115.21, Firefox ESR < 128.8, Thunderbird < 136, and Thunde...

7.6CVSS7.7AI score0.00178EPSS
CVE
CVE
added 2014/03/19 10:55 a.m.106 views

CVE-2014-1493

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary cod...

10CVSS9.8AI score0.01468EPSS
CVE
CVE
added 2014/03/19 10:55 a.m.106 views

CVE-2014-1497

The mozilla::WaveReader::DecodeAudioData function in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allows remote attackers to obtain sensitive information from process heap memory, cause a denial of service (out-of-bounds read and appl...

8.8CVSS9.4AI score0.00502EPSS
CVE
CVE
added 2015/04/01 10:59 a.m.106 views

CVE-2015-0807

The navigator.sendBeacon implementation in Mozilla Firefox before 37.0, Firefox ESR 31.x before 31.6, and Thunderbird before 31.6 processes HTTP 30x status codes for redirects after a preflight request has occurred, which allows remote attackers to bypass intended CORS access-control checks and con...

6.8CVSS9.4AI score0.00181EPSS
CVE
CVE
added 2023/06/02 5:15 p.m.106 views

CVE-2023-29547

When a secure cookie existed in the Firefox cookie jar an insecure cookie for the same domain could have been created, when it should have silently failed. This could have led to a desynchronization in expected results when reading from the secure cookie. This vulnerability affects Firefox for Andr...

6.5CVSS6.5AI score0.00153EPSS
CVE
CVE
added 2023/12/19 2:15 p.m.106 views

CVE-2023-6860

The VideoBridge allowed any content process to use textures produced by remote decoders. This could be abused to escape the sandbox. This vulnerability affects Firefox ESR < 115.6, Thunderbird < 115.6, and Firefox

6.5CVSS6.8AI score0.00378EPSS
CVE
CVE
added 2014/03/19 10:55 a.m.105 views

CVE-2014-1508

The libxul.so!gfxContext::Polygon function in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allows remote attackers to obtain sensitive information from process memory, cause a denial of service (out-of-bounds read and application cras...

9.1CVSS9.1AI score0.00986EPSS
CVE
CVE
added 2014/04/30 10:49 a.m.105 views

CVE-2014-1532

Use-after-free vulnerability in the nsHostResolver::ConditionallyRefreshRecord function in libxul.so in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26 allows remote attackers to execute arbitrary code or cause a denial of service (heap ...

9.8CVSS8.3AI score0.03612EPSS
CVE
CVE
added 2014/06/11 10:57 a.m.105 views

CVE-2014-1533

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 30.0, Firefox ESR 24.x before 24.6, and Thunderbird before 24.6 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

10CVSS10AI score0.03419EPSS
CVE
CVE
added 2014/12/11 11:59 a.m.105 views

CVE-2014-1587

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 34.0, Firefox ESR 31.x before 31.3, Thunderbird before 31.3, and SeaMonkey before 2.31 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary cod...

6.8CVSS5.7AI score0.01643EPSS
CVE
CVE
added 2019/02/28 6:29 p.m.105 views

CVE-2018-12391

During HTTP Live Stream playback on Firefox for Android, audio data can be accessed across origins in violation of security policies. Because the problem is in the underlying Android service, this issue is addressed by treating all HLS streams as cross-origin and opaque to access. Note: this issue ...

9.3CVSS8.1AI score0.0058EPSS
CVE
CVE
added 2020/08/10 6:15 p.m.105 views

CVE-2020-15650

Given an installed malicious file picker application, an attacker was able to overwrite local files and thus overwrite Firefox settings (but not access the previous profile). Note: This issue only affected Firefox for Android. Other operating systems are unaffected. . This vulnerability affects Fir...

5.5CVSS5.1AI score0.00248EPSS
CVE
CVE
added 2023/07/05 10:15 a.m.105 views

CVE-2023-37211

Memory safety bugs present in Firefox 114, Firefox ESR 102.12, and Thunderbird 102.12. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 115, Firefox E...

8.8CVSS9.1AI score0.00332EPSS
CVE
CVE
added 2023/12/19 2:15 p.m.105 views

CVE-2023-6863

The ShutdownObserver() was susceptible to potentially undefined behavior due to its reliance on a dynamic type that lacked a virtual destructor. This vulnerability affects Firefox ESR < 115.6, Thunderbird < 115.6, and Firefox

8.8CVSS8.1AI score0.00424EPSS
CVE
CVE
added 2025/05/27 1:15 p.m.105 views

CVE-2025-5268

Memory safety bugs present in Firefox 138, Thunderbird 138, Firefox ESR 128.10, and Thunderbird 128.10. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox &l...

6.5CVSS7.2AI score0.00074EPSS
CVE
CVE
added 2014/03/19 10:55 a.m.104 views

CVE-2014-1513

TypedArrayObject.cpp in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 does not prevent a zero-length transition during use of an ArrayBuffer object, which allows remote attackers to execute arbitrary code or cause a denial of service (...

9.3CVSS9.4AI score0.02025EPSS
CVE
CVE
added 2014/03/19 10:55 a.m.104 views

CVE-2014-1514

vmtypedarrayobject.cpp in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 does not validate the length of the destination array before a copy operation, which allows remote attackers to execute arbitrary code or cause a denial of service...

9.8CVSS9.5AI score0.04165EPSS
CVE
CVE
added 2015/02/25 11:59 a.m.104 views

CVE-2015-0836

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 36.0, Firefox ESR 31.x before 31.5, and Thunderbird before 31.5 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

7.5CVSS10AI score0.01513EPSS
CVE
CVE
added 2023/12/19 2:15 p.m.104 views

CVE-2023-6858

Firefox was susceptible to a heap buffer overflow in nsTextFragment due to insufficient OOM handling. This vulnerability affects Firefox ESR < 115.6, Thunderbird < 115.6, and Firefox

8.8CVSS8.4AI score0.00391EPSS
CVE
CVE
added 2023/12/19 2:15 p.m.104 views

CVE-2023-6861

The nsWindow::PickerOpen(void) method was susceptible to a heap buffer overflow when running in headless mode. This vulnerability affects Firefox ESR < 115.6, Thunderbird < 115.6, and Firefox

8.8CVSS8.4AI score0.00435EPSS
CVE
CVE
added 2023/12/19 2:15 p.m.104 views

CVE-2023-6862

A use-after-free was identified in the nsDNSService::Init. This issue appears to manifest rarely during start-up. This vulnerability affects Firefox ESR < 115.6 and Thunderbird

8.8CVSS8.3AI score0.00337EPSS
CVE
CVE
added 2014/02/06 5:44 a.m.103 views

CVE-2014-1481

Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, and SeaMonkey before 2.24 allow remote attackers to bypass intended restrictions on window objects by leveraging inconsistency in native getter methods across different JavaScript engines.

7.5CVSS8.5AI score0.02581EPSS
CVE
CVE
added 2014/09/03 10:55 a.m.103 views

CVE-2014-1567

Use-after-free vulnerability in DirectionalityUtils.cpp in Mozilla Firefox before 32.0, Firefox ESR 24.x before 24.8 and 31.x before 31.1, and Thunderbird 24.x before 24.8 and 31.x before 31.1 allows remote attackers to execute arbitrary code via text that is improperly handled during the interacti...

9.3CVSS9.6AI score0.01805EPSS
CVE
CVE
added 2015/05/14 10:59 a.m.103 views

CVE-2015-2710

Heap-based buffer overflow in the SVGTextFrame class in Mozilla Firefox before 38.0, Firefox ESR 31.x before 31.7, and Thunderbird before 31.7 allows remote attackers to execute arbitrary code via crafted SVG graphics data in conjunction with a crafted Cascading Style Sheets (CSS) token sequence.

6.8CVSS9.6AI score0.02581EPSS
CVE
CVE
added 2015/07/06 2:1 a.m.103 views

CVE-2015-2743

PDF.js in Mozilla Firefox before 39.0 and Firefox ESR 31.x before 31.8 and 38.x before 38.1 enables excessive privileges for internal Workers, which might allow remote attackers to execute arbitrary code by leveraging a Same Origin Policy bypass.

7.5CVSS5.2AI score0.01286EPSS
Total number of security vulnerabilities905