Lucene search
K
Database
Vendors
Products
Timeline
Vulnerabilities
Perimeter Scanner
Scanning
Projects
Scanner
Agent Scanning
API Scanning
Manual Audit
Email
Webhook
Resources
Documents
Blog
Glossary
FAQ
Plugins
Pricing
Contacts
About Us
Partners
Branding Guideline
Settings
Sign in
MozillaFirefox Esr

65 matches found

CVE
CVEadded 2021/12/08 10:15 p.m.223 views

CVE-2021-38506

Through a series of navigations, Firefox could have entered fullscreen mode without notification or warning to the user. This could lead to spoofing attacks on the browser UI including phishing. This vulnerability affects Firefox < 94, Thunderbird < 91.3, and Firefox ESR

4.3CVSS6AI score0.00241EPSS
CVE
CVEadded 2021/12/08 10:15 p.m.221 views

CVE-2021-43542

Using XMLHttpRequest, an attacker could have identified installed applications by probing error messages for loading external protocols. This vulnerability affects Thunderbird < 91.4.0, Firefox ESR < 91.4.0, and Firefox

6.5CVSS7.3AI score0.00422EPSS
CVE
CVEadded 2021/12/08 10:15 p.m.220 views

CVE-2021-38509

Due to an unusual sequence of attacker-controlled events, a Javascript alert() dialog with arbitrary (although unstyled) contents could be displayed over top an uncontrolled webpage of the attacker's choosing. This vulnerability affects Firefox < 94, Thunderbird < 91.3, and Firefox ESR

4.3CVSS6.1AI score0.00398EPSS
CVE
CVEadded 2021/01/07 2:15 p.m.217 views

CVE-2020-35112

If a user downloaded a file lacking an extension on Windows, and then "Open"-ed it from the downloads panel, if there was an executable file in the downloads directory with the same name but with an executable extension (such as .bat or .exe) that executable would have been launched instead. Note: ...

8.8CVSS7.9AI score0.00532EPSS
CVE
CVEadded 2021/12/08 10:15 p.m.216 views

CVE-2021-43545

Using the Location API in a loop could have caused severe application hangs and crashes. This vulnerability affects Thunderbird < 91.4.0, Firefox ESR < 91.4.0, and Firefox

6.5CVSS7.3AI score0.00188EPSS
CVE
CVEadded 2021/06/24 2:15 p.m.207 views

CVE-2021-29951

The Mozilla Maintenance Service granted SERVICE_START access to BUILTIN|Users which, in a domain network, grants normal remote users access to start or stop the service. This could be used to prevent the browser update service from operating (if an attacker spammed the 'Stop' command); but also exp...

6.5CVSS6.2AI score0.00394EPSS
CVE
CVEadded 2021/11/03 1:15 a.m.194 views

CVE-2021-38495

Mozilla developers reported memory safety bugs present in Thunderbird 78.13.0. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird < 91.1 and Firefox E...

8.8CVSS9.5AI score0.0044EPSS
CVE
CVEadded 2021/11/03 1:15 a.m.194 views

CVE-2021-38498

During process shutdown, a document could have caused a use-after-free of a languages service object, leading to memory corruption and a potentially exploitable crash. This vulnerability affects Firefox < 93, Thunderbird < 91.2, and Firefox ESR

7.5CVSS8.2AI score0.00356EPSS
CVE
CVEadded 2021/11/03 1:15 a.m.193 views

CVE-2021-38501

Mozilla developers reported memory safety bugs present in Firefox 92 and Firefox ESR 91.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 93, Thunde...

8.8CVSS9.6AI score0.00878EPSS
CVE
CVEadded 2021/11/03 1:15 a.m.183 views

CVE-2021-38492

When delegating navigations to the operating system, Firefox would accept the mk scheme which might allow attackers to launch pages and execute scripts in Internet Explorer in unprivileged mode. This bug only affects Firefox for Windows. Other operating systems are unaffected. . This vulnerability ...

6.5CVSS6.5AI score0.00438EPSS
CVE
CVEadded 2021/11/03 1:15 a.m.179 views

CVE-2021-38497

Through use of reportValidity() and window.open(), a plain-text validation message could have been overlaid on another origin, leading to possible user confusion and spoofing attacks. This vulnerability affects Firefox < 93, Thunderbird < 91.2, and Firefox ESR

6.5CVSS7.1AI score0.00198EPSS
CVE
CVEadded 2021/12/08 10:15 p.m.156 views

CVE-2021-38510

The executable file warning was not presented when downloading .inetloc files, which, due to a flaw in Mac OS, can run commands on a user's computer.Note: This issue only affected Mac OS operating systems. Other operating systems are unaffected. . This vulnerability affects Firefox < 94, Thunder...

8.8CVSS8.3AI score0.0047EPSS
CVE
CVEadded 2021/12/08 10:15 p.m.151 views

CVE-2021-43535

A use-after-free could have occured when an HTTP2 session object was released on a different thread, leading to memory corruption and a potentially exploitable crash. This vulnerability affects Firefox < 93, Thunderbird < 91.3, and Firefox ESR

8.8CVSS8.8AI score0.0136EPSS
CVE
CVEadded 2021/12/08 10:15 p.m.150 views

CVE-2021-38505

Microsoft introduced a new feature in Windows 10 known as Cloud Clipboard which, if enabled, will record data copied to the clipboard to the cloud, and make it available on other computers in certain scenarios. Applications that wish to prevent copied data from being recorded in Cloud History must ...

6.5CVSS6.7AI score0.00444EPSS
CVE
CVEadded 2021/12/08 10:15 p.m.147 views

CVE-2021-43534

Mozilla developers and community members reported memory safety bugs present in Firefox 93 and Firefox ESR 91.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects F...

8.8CVSS9.4AI score0.01788EPSS
Total number of security vulnerabilities65