Lucene search

K
MozillaFirefox Esr

741 matches found

CVE
CVE
added 2021/11/03 1:15 a.m.327 views

CVE-2021-38493

Mozilla developers reported memory safety bugs present in Firefox 91 and Firefox ESR 78.13. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR < 78.14...

8.8CVSS9.1AI score0.00332EPSS
CVE
CVE
added 2023/06/02 5:15 p.m.326 views

CVE-2023-23598

Due to the Firefox GTK wrapper code's use of text/plain for drag data and GTK treating all text/plain MIMEs containing file URLs as being dragged a website could arbitrarily read a file via a call to DataTransfer.setData. This vulnerability affects Firefox < 109, Thunderbird < 102.7, and Fire...

6.5CVSS6.5AI score0.00179EPSS
CVE
CVE
added 2023/07/12 2:15 p.m.326 views

CVE-2023-3600

During the worker lifecycle, a use-after-free condition could have occured, which could have led to a potentially exploitable crash. This vulnerability affects Firefox < 115.0.2, Firefox ESR < 115.0.2, and Thunderbird

8.8CVSS8.6AI score0.00229EPSS
CVE
CVE
added 2019/04/26 5:29 p.m.325 views

CVE-2019-9792

The IonMonkey just-in-time (JIT) compiler can leak an internal JS_OPTIMIZED_OUT magic value to the running script during a bailout. This magic value can then be used by JavaScript to achieve memory corruption, which results in a potentially exploitable crash. This vulnerability affects Thunderbird ...

9.8CVSS9.1AI score0.19723EPSS
CVE
CVE
added 2018/06/11 9:29 p.m.323 views

CVE-2016-9905

A potentially exploitable crash in "EnumerateSubDocuments" while adding or removing sub-documents. This vulnerability affects Firefox ESR < 45.6 and Thunderbird

8.8CVSS8.7AI score0.01236EPSS
CVE
CVE
added 2020/03/02 5:15 a.m.321 views

CVE-2020-6798

If a template tag was used in a select tag, the parser could be confused and allow JavaScript parsing and execution when it should not be allowed. A site that relied on the browser behaving correctly could suffer a cross-site scripting vulnerability as a result. In general, this flaw cannot be expl...

6.1CVSS6.6AI score0.01265EPSS
CVE
CVE
added 2021/08/17 8:15 p.m.320 views

CVE-2021-29980

Uninitialized memory in a canvas object could have caused an incorrect free() leading to memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird < 78.13, Thunderbird < 91, Firefox ESR < 78.13, and Firefox

8.8CVSS8.7AI score0.00233EPSS
CVE
CVE
added 2019/07/23 2:15 p.m.318 views

CVE-2019-11713

A use-after-free vulnerability can occur in HTTP/2 when a cached HTTP/2 stream is closed while still in use, resulting in a potentially exploitable crash. This vulnerability affects Firefox ESR < 60.8, Firefox < 68, and Thunderbird

9.8CVSS9.3AI score0.02291EPSS
CVE
CVE
added 2019/09/27 6:15 p.m.318 views

CVE-2019-11752

It is possible to delete an IndexedDB key value and subsequently try to extract it during conversion. This results in a use-after-free and a potentially exploitable crash. This vulnerability affects Firefox < 69, Thunderbird < 68.1, Thunderbird < 60.9, Firefox ESR < 60.9, and Firefox ES...

9.3CVSS8.6AI score0.00893EPSS
CVE
CVE
added 2021/02/26 2:15 a.m.316 views

CVE-2021-23969

As specified in the W3C Content Security Policy draft, when creating a violation report, "User agents need to ensure that the source file is the URL requested by the page, pre-redirects. If that’s not possible, user agents need to strip the URL down to an origin to avoid unintentional leakage." Und...

4.3CVSS5.6AI score0.00971EPSS
CVE
CVE
added 2023/06/02 5:15 p.m.315 views

CVE-2023-32205

In multiple cases browser prompts could have been obscured by popups controlled by content. These could have led to potential user confusion and spoofing attacks. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird

4.3CVSS5.8AI score0.00143EPSS
CVE
CVE
added 2023/08/01 4:15 p.m.315 views

CVE-2023-4057

Memory safety bugs present in Firefox 115, Firefox ESR 115.0, and Thunderbird 115.0. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 116, Firefox ESR...

9.8CVSS9.8AI score0.0022EPSS
CVE
CVE
added 2021/06/24 2:15 p.m.314 views

CVE-2021-23994

A WebGL framebuffer was not initialized early enough, resulting in memory corruption and an out of bound write. This vulnerability affects Firefox ESR < 78.10, Thunderbird < 78.10, and Firefox

8.8CVSS6.6AI score0.0035EPSS
CVE
CVE
added 2021/08/17 8:15 p.m.313 views

CVE-2021-29989

Mozilla developers reported memory safety bugs present in Firefox 90 and Firefox ESR 78.12. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird < 78.13...

8.8CVSS9.3AI score0.00347EPSS
CVE
CVE
added 2023/06/02 5:15 p.m.310 views

CVE-2023-25735

Cross-compartment wrappers wrapping a scripted proxy could have caused objects from other compartments to be stored in the main compartment resulting in a use-after-free after unwrapping the proxy. This vulnerability affects Firefox < 110, Thunderbird < 102.8, and Firefox ESR

8.8CVSS8.1AI score0.00156EPSS
CVE
CVE
added 2019/07/23 2:15 p.m.306 views

CVE-2019-9820

A use-after-free vulnerability can occur in the chrome event handler when it is freed while still in use. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 60.7, Firefox < 67, and Firefox ESR

9.8CVSS6.3AI score0.00554EPSS
CVE
CVE
added 2020/04/24 4:15 p.m.306 views

CVE-2020-6825

Mozilla developers and community members Tyson Smith and Christian Holler reported memory safety bugs present in Firefox 74 and Firefox ESR 68.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary c...

9.8CVSS9.9AI score0.00701EPSS
CVE
CVE
added 2020/12/09 1:15 a.m.305 views

CVE-2020-26965

Some websites have a feature "Show Password" where clicking a button will change a password field into a textbook field, revealing the typed password. If, when using a software keyboard that remembers user input, a user typed their password and used that feature, the type of the password field was ...

6.5CVSS6.8AI score0.00444EPSS
CVE
CVE
added 2020/04/24 4:15 p.m.304 views

CVE-2020-6821

When reading from areas partially or fully outside the source resource with WebGL's copyTexSubImage method, the specification requires the returned values be zero. Previously, this memory was uninitialized, leading to potentially sensitive data disclosure. This vulnerability affects Thunderbird &lt...

7.5CVSS7.9AI score0.00541EPSS
CVE
CVE
added 2021/12/08 10:15 p.m.303 views

CVE-2021-38503

The iframe sandbox rules were not correctly applied to XSLT stylesheets, allowing an iframe to bypass restrictions such as executing scripts or navigating the top-level frame. This vulnerability affects Firefox < 94, Thunderbird < 91.3, and Firefox ESR

10CVSS8.9AI score0.01389EPSS
CVE
CVE
added 2020/03/02 5:15 a.m.302 views

CVE-2020-6799

Command line arguments could have been injected during Firefox invocation as a shell handler for certain unsupported file types. This required Firefox to be configured as the default handler for a given file type and for a file downloaded to be opened in a third party application that insufficientl...

8.8CVSS8.2AI score0.00474EPSS
CVE
CVE
added 2020/05/26 6:15 p.m.301 views

CVE-2020-6831

A buffer overflow could occur when parsing and validating SCTP chunks in WebRTC. This could have led to memory corruption and a potentially exploitable crash. This vulnerability affects Firefox ESR < 68.8, Firefox < 76, and Thunderbird

9.8CVSS9.5AI score0.1015EPSS
CVE
CVE
added 2019/02/05 9:29 p.m.300 views

CVE-2018-18505

An earlier fix for an Inter-process Communication (IPC) vulnerability, CVE-2011-3079, added authentication to communication between IPC endpoints and server parents during IPC process creation. This authentication is insufficient for channels created after the IPC process is started, leading to the...

10CVSS7.2AI score0.0372EPSS
CVE
CVE
added 2021/02/26 2:15 a.m.300 views

CVE-2021-23973

When trying to load a cross-origin resource in an audio/video context a decoding error may have resulted, and the content of that error may have revealed information about the resource. This vulnerability affects Firefox < 86, Thunderbird < 78.8, and Firefox ESR

6.5CVSS6.6AI score0.00681EPSS
CVE
CVE
added 2021/08/17 8:15 p.m.300 views

CVE-2021-29986

A suspected race condition when calling getaddrinfo led to memory corruption and a potentially exploitable crash. Note: This issue only affected Linux operating systems. Other operating systems are unaffected. This vulnerability affects Thunderbird < 78.13, Thunderbird < 91, Firefox ESR < ...

8.1CVSS8.3AI score0.00308EPSS
CVE
CVE
added 2021/03/31 2:15 p.m.299 views

CVE-2021-23984

A malicious extension could have opened a popup window lacking an address bar. The title of the popup lacking an address bar should not be fully controllable, but in this situation was. This could have been used to spoof a website and attempt to trick the user into providing credentials. This vulne...

6.5CVSS6.7AI score0.00267EPSS
CVE
CVE
added 2021/08/17 8:15 p.m.299 views

CVE-2021-29985

A use-after-free vulnerability in media channels could have led to memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird < 78.13, Thunderbird < 91, Firefox ESR < 78.13, and Firefox

8.8CVSS8.8AI score0.00546EPSS
CVE
CVE
added 2020/03/02 5:15 a.m.297 views

CVE-2020-6797

By downloading a file with the .fileloc extension, a semi-privileged extension could launch an arbitrary application on the user's computer. The attacker is restricted as they are unable to download non-quarantined files or supply command line arguments to the application, limiting the impact. Note...

4.3CVSS5.5AI score0.0102EPSS
CVE
CVE
added 2020/03/25 10:15 p.m.297 views

CVE-2020-6814

Mozilla developers reported memory safety bugs present in Firefox and Thunderbird 68.5. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird < 68.6, Fir...

9.8CVSS9.9AI score0.00919EPSS
CVE
CVE
added 2024/09/03 1:15 p.m.296 views

CVE-2024-8381

A potentially exploitable type confusion could be triggered when looking up a property name on an object being used as the with environment. This vulnerability affects Firefox < 130, Firefox ESR < 128.2, Firefox ESR < 115.15, Thunderbird < 128.2, and Thunderbird

9.8CVSS8.8AI score0.19431EPSS
CVE
CVE
added 2019/04/26 5:29 p.m.295 views

CVE-2019-9796

A use-after-free vulnerability can occur when the SMIL animation controller incorrectly registers with the refresh driver twice when only a single registration is expected. When a registration is later freed with the removal of the animation controller element, the refresh driver incorrectly leaves...

9.8CVSS9.1AI score0.00756EPSS
CVE
CVE
added 2019/07/23 2:15 p.m.295 views

CVE-2019-9800

Mozilla developers and community members reported memory safety bugs present in Firefox 66, Firefox ESR 60.6, and Thunderbird 60.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulner...

9.8CVSS7.2AI score0.00554EPSS
CVE
CVE
added 2020/10/01 7:15 p.m.295 views

CVE-2020-15664

By holding a reference to the eval() function from an about:blank window, a malicious webpage could have gained access to the InstallTrigger object which would allow them to prompt the user to install an extension. Combined with user confusion, this could result in an unintended or malicious extens...

6.5CVSS6.7AI score0.00371EPSS
CVE
CVE
added 2024/10/01 4:15 p.m.295 views

CVE-2024-9393

An attacker could, via a specially crafted multipart response, execute arbitrary JavaScript under the resource://pdf.js origin. This could allow them to access cross-origin PDF content. This access is limited to "same site" documents by the Site Isolation feature on desktop clients, but full cross-...

7.5CVSS6.5AI score0.00152EPSS
CVE
CVE
added 2019/07/23 2:15 p.m.294 views

CVE-2019-11691

A use-after-free vulnerability can occur when working with XMLHttpRequest (XHR) in an event loop, causing the XHR main thread to be called after it has been freed. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 60.7, Firefox < 67, and Firefox ESR

9.8CVSS6.3AI score0.00516EPSS
CVE
CVE
added 2019/07/23 2:15 p.m.294 views

CVE-2019-11717

A vulnerability exists where the caret ("^") character is improperly escaped constructing some URIs due to it being used as a separator, allowing for possible spoofing of origin attributes. This vulnerability affects Firefox ESR < 60.8, Firefox < 68, and Thunderbird

5.3CVSS6.4AI score0.05027EPSS
CVE
CVE
added 2021/03/31 2:15 p.m.294 views

CVE-2021-23982

Using techniques that built on the slipstream research, a malicious webpage could have scanned both an internal network's hosts as well as services running on the user's local machine utilizing WebRTC connections. This vulnerability affects Firefox ESR < 78.9, Firefox < 87, and Thunderbird

6.5CVSS6.6AI score0.00196EPSS
CVE
CVE
added 2022/12/22 8:15 p.m.294 views

CVE-2022-34478

The ms-msdt, search, and search-ms protocols deliver content to Microsoft applications, bypassing the browser, when a user accepts a prompt. These applications have had known vulnerabilities, exploited in the wild (although we know of none exploited through Thunderbird), so in this release Thunderb...

6.5CVSS6.7AI score0.00028EPSS
In wild
CVE
CVE
added 2019/07/23 2:15 p.m.293 views

CVE-2019-11715

Due to an error while parsing page content, it is possible for properly sanitized user input to be misinterpreted and lead to XSS hazards on web sites in certain circumstances. This vulnerability affects Firefox ESR < 60.8, Firefox < 68, and Thunderbird

6.1CVSS6.9AI score0.00773EPSS
CVE
CVE
added 2019/09/27 6:15 p.m.293 views

CVE-2019-11743

Navigation events were not fully adhering to the W3C's "Navigation-Timing Level 2" draft specification in some instances for the unload event, which restricts access to detailed timing attributes to only be same-origin. This resulted in potential cross-origin information exposure of history through...

4.3CVSS5.9AI score0.00989EPSS
CVE
CVE
added 2019/04/26 5:29 p.m.293 views

CVE-2019-9788

Mozilla developers and community members reported memory safety bugs present in Firefox 65, Firefox ESR 60.5, and Thunderbird 60.5. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulner...

9.8CVSS9.9AI score0.02189EPSS
CVE
CVE
added 2021/03/31 2:15 p.m.293 views

CVE-2021-23981

A texture upload of a Pixel Buffer Object could have confused the WebGL code to skip binding the buffer used to unpack it, resulting in memory corruption and a potentially exploitable information leak or crash. This vulnerability affects Firefox ESR < 78.9, Firefox < 87, and Thunderbird

8.1CVSS8.2AI score0.00461EPSS
CVE
CVE
added 2019/09/27 6:15 p.m.292 views

CVE-2019-11742

A same-origin policy violation occurs allowing the theft of cross-origin images through a combination of SVG filters and a element due to an error in how same-origin policy is applied to cached image content. The resulting same-origin policy violation could allow for data theft. This vulnerability...

6.5CVSS6.9AI score0.0053EPSS
CVE
CVE
added 2019/04/26 5:29 p.m.292 views

CVE-2019-9795

A vulnerability where type-confusion in the IonMonkey just-in-time (JIT) compiler could potentially be used by malicious JavaScript to trigger a potentially exploitable crash. This vulnerability affects Thunderbird < 60.6, Firefox ESR < 60.6, and Firefox

9.8CVSS9.1AI score0.00756EPSS
CVE
CVE
added 2014/09/25 5:55 p.m.291 views

CVE-2014-1568

Mozilla Network Security Services (NSS) before 3.16.2.1, 3.16.x before 3.16.5, and 3.17.x before 3.17.1, as used in Mozilla Firefox before 32.0.3, Mozilla Firefox ESR 24.x before 24.8.1 and 31.x before 31.1.1, Mozilla Thunderbird before 24.8.1 and 31.x before 31.1.2, Mozilla SeaMonkey before 2.29.1...

7.5CVSS5.3AI score0.41418EPSS
CVE
CVE
added 2020/01/08 10:15 p.m.291 views

CVE-2019-17008

When using nested workers, a use-after-free could occur during worker destruction. This resulted in a potentially exploitable crash. This vulnerability affects Thunderbird < 68.3, Firefox ESR < 68.3, and Firefox

8.8CVSS8.5AI score0.00854EPSS
CVE
CVE
added 2021/08/05 8:15 p.m.291 views

CVE-2021-29976

Mozilla developers reported memory safety bugs present in code shared between Firefox and Thunderbird. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird...

8.8CVSS7.4AI score0.006EPSS
CVE
CVE
added 2019/09/27 6:15 p.m.290 views

CVE-2019-11733

When a master password is set, it is required to be entered again before stored passwords can be accessed in the 'Saved Logins' dialog. It was found that locally stored passwords can be copied to the clipboard thorough the 'copy password' context menu item without re-entering the master password if...

9.8CVSS8.7AI score0.0039EPSS
CVE
CVE
added 2021/08/17 8:15 p.m.290 views

CVE-2021-29988

Firefox incorrectly treated an inline list-item element as a block element, resulting in an out of bounds read or memory corruption, and a potentially exploitable crash. This vulnerability affects Thunderbird < 78.13, Thunderbird < 91, Firefox ESR < 78.13, and Firefox

8.8CVSS8.5AI score0.0027EPSS
CVE
CVE
added 2019/04/26 5:29 p.m.289 views

CVE-2019-9813

Incorrect handling of proto mutations may lead to type confusion in IonMonkey JIT code and can be leveraged for arbitrary memory read and write. This vulnerability affects Firefox < 66.0.1, Firefox ESR < 60.6.1, and Thunderbird

8.8CVSS8.2AI score0.51921EPSS
Total number of security vulnerabilities741