Lucene search

K
MozillaFirefox Esr

905 matches found

CVE
CVE
added 2021/03/31 2:15 p.m.273 views

CVE-2021-23981

A texture upload of a Pixel Buffer Object could have confused the WebGL code to skip binding the buffer used to unpack it, resulting in memory corruption and a potentially exploitable information leak or crash. This vulnerability affects Firefox ESR < 78.9, Firefox < 87, and Thunderbird

8.1CVSS8.2AI score0.00461EPSS
CVE
CVE
added 2022/12/22 8:15 p.m.273 views

CVE-2022-34478

The ms-msdt, search, and search-ms protocols deliver content to Microsoft applications, bypassing the browser, when a user accepts a prompt. These applications have had known vulnerabilities, exploited in the wild (although we know of none exploited through Thunderbird), so in this release Thunderb...

6.5CVSS6.7AI score0.00028EPSS
In wild
CVE
CVE
added 2024/05/14 6:15 p.m.273 views

CVE-2024-4768

A bug in popup notifications' interaction with WebAuthn made it easier for an attacker to trick a user into granting permissions. This vulnerability affects Firefox < 126, Firefox ESR < 115.11, and Thunderbird

6.1CVSS5.6AI score0.00479EPSS
CVE
CVE
added 2024/09/03 1:15 p.m.273 views

CVE-2024-8381

A potentially exploitable type confusion could be triggered when looking up a property name on an object being used as the with environment. This vulnerability affects Firefox < 130, Firefox ESR < 128.2, Firefox ESR < 115.15, Thunderbird < 128.2, and Thunderbird

9.8CVSS8.8AI score0.19431EPSS
CVE
CVE
added 2024/10/01 4:15 p.m.273 views

CVE-2024-9393

An attacker could, via a specially crafted multipart response, execute arbitrary JavaScript under the resource://pdf.js origin. This could allow them to access cross-origin PDF content. This access is limited to "same site" documents by the Site Isolation feature on desktop clients, but full cross-...

7.5CVSS6.5AI score0.0014EPSS
CVE
CVE
added 2019/09/27 6:15 p.m.272 views

CVE-2019-11742

A same-origin policy violation occurs allowing the theft of cross-origin images through a combination of SVG filters and a element due to an error in how same-origin policy is applied to cached image content. The resulting same-origin policy violation could allow for data theft. This vulnerability...

6.5CVSS6.9AI score0.0053EPSS
CVE
CVE
added 2019/04/26 5:29 p.m.272 views

CVE-2019-9795

A vulnerability where type-confusion in the IonMonkey just-in-time (JIT) compiler could potentially be used by malicious JavaScript to trigger a potentially exploitable crash. This vulnerability affects Thunderbird < 60.6, Firefox ESR < 60.6, and Firefox

9.8CVSS9.1AI score0.00756EPSS
CVE
CVE
added 2020/01/08 10:15 p.m.271 views

CVE-2019-17008

When using nested workers, a use-after-free could occur during worker destruction. This resulted in a potentially exploitable crash. This vulnerability affects Thunderbird < 68.3, Firefox ESR < 68.3, and Firefox

8.8CVSS8.5AI score0.00854EPSS
CVE
CVE
added 2024/11/26 2:15 p.m.271 views

CVE-2024-11691

Certain WebGL operations on Apple silicon M series devices could have lead to an out-of-bounds write and memory corruption due to a flaw in Apple's GPU driver.This bug only affected the application on Apple M series hardware. Other platforms were unaffected. This vulnerability affects Firefox < ...

8.8CVSS8AI score0.00395EPSS
CVE
CVE
added 2025/02/04 2:15 p.m.271 views

CVE-2025-1017

Memory safety bugs present in Firefox 134, Thunderbird 134, Firefox ESR 128.6, and Thunderbird 128.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox <...

9.8CVSS7.3AI score0.00272EPSS
CVE
CVE
added 2019/09/27 6:15 p.m.270 views

CVE-2019-11733

When a master password is set, it is required to be entered again before stored passwords can be accessed in the 'Saved Logins' dialog. It was found that locally stored passwords can be copied to the clipboard thorough the 'copy password' context menu item without re-entering the master password if...

9.8CVSS8.7AI score0.0039EPSS
CVE
CVE
added 2021/02/26 3:15 a.m.269 views

CVE-2021-23953

If a user clicked into a specifically crafted PDF, the PDF reader could be confused into leaking cross-origin information, when said information is served as chunked data. This vulnerability affects Firefox < 85, Thunderbird < 78.7, and Firefox ESR

4.3CVSS5.5AI score0.00382EPSS
CVE
CVE
added 2021/08/05 8:15 p.m.269 views

CVE-2021-29976

Mozilla developers reported memory safety bugs present in code shared between Firefox and Thunderbird. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird...

8.8CVSS7.4AI score0.00336EPSS
CVE
CVE
added 2021/08/17 8:15 p.m.269 views

CVE-2021-29988

Firefox incorrectly treated an inline list-item element as a block element, resulting in an out of bounds read or memory corruption, and a potentially exploitable crash. This vulnerability affects Thunderbird < 78.13, Thunderbird < 91, Firefox ESR < 78.13, and Firefox

8.8CVSS8.5AI score0.0027EPSS
CVE
CVE
added 2023/11/21 3:15 p.m.269 views

CVE-2023-6209

Relative URLs starting with three slashes were incorrectly parsed, and a path-traversal "/../" part in the path could be used to override the specified host. This could contribute to security problems in web sites. This vulnerability affects Firefox < 120, Firefox ESR < 115.5.0, and Thunderbi...

6.5CVSS6.9AI score0.00397EPSS
In wild
CVE
CVE
added 2024/06/11 1:15 p.m.269 views

CVE-2024-5702

Memory corruption in the networking stack could have led to a potentially exploitable crash. This vulnerability affects Firefox < 125, Firefox ESR < 115.12, and Thunderbird

7.5CVSS5.7AI score0.00798EPSS
CVE
CVE
added 2025/02/04 2:15 p.m.269 views

CVE-2025-1011

A bug in WebAssembly code generation could have lead to a crash. It may have been possible for an attacker to leverage this to achieve code execution. This vulnerability affects Firefox < 135, Firefox ESR < 128.7, Thunderbird < 128.7, and Thunderbird

9.8CVSS6.6AI score0.00144EPSS
CVE
CVE
added 2025/02/04 2:15 p.m.269 views

CVE-2025-1016

Memory safety bugs present in Firefox 134, Thunderbird 134, Firefox ESR 115.19, Firefox ESR 128.6, Thunderbird 115.19, and Thunderbird 128.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code....

9.8CVSS7.3AI score0.00337EPSS
CVE
CVE
added 2019/07/23 2:15 p.m.268 views

CVE-2019-11730

A vulnerability exists where if a user opens a locally saved HTML file, this file can use file: URIs to access other files in the same directory or sub-directories if the names are known or guessed. The Fetch API can then be used to read the contents of any files stored in these directories and the...

6.5CVSS6.9AI score0.34646EPSS
CVE
CVE
added 2019/04/26 5:29 p.m.268 views

CVE-2019-9813

Incorrect handling of proto mutations may lead to type confusion in IonMonkey JIT code and can be leveraged for arbitrary memory read and write. This vulnerability affects Firefox < 66.0.1, Firefox ESR < 60.6.1, and Thunderbird

8.8CVSS8.2AI score0.51921EPSS
Web
CVE
CVE
added 2021/06/24 2:15 p.m.268 views

CVE-2021-23999

If a Blob URL was loaded through some unusual user interaction, it could have been loaded by the System Principal and granted additional privileges that should not be granted to web content. This vulnerability affects Firefox ESR < 78.10, Thunderbird < 78.10, and Firefox

8.8CVSS6.4AI score0.00191EPSS
CVE
CVE
added 2024/11/26 2:15 p.m.268 views

CVE-2024-11698

A flaw in handling fullscreen transitions may have inadvertently caused the application to become stuck in fullscreen mode when a modal dialog was opened during the transition. This issue left users unable to exit fullscreen mode using standard actions like pressing "Esc" or accessing right-click m...

9.8CVSS6AI score0.00528EPSS
CVE
CVE
added 2024/07/09 3:15 p.m.268 views

CVE-2024-6600

Due to large allocation checks in Angle for GLSL shaders being too lenient an out-of-bounds access could occur when allocating more than 8192 ints in private shader memory on mac OS. This vulnerability affects Firefox < 128, Firefox ESR < 115.13, Thunderbird < 115.13, and Thunderbird

6.3CVSS8.7AI score0.00125EPSS
CVE
CVE
added 2021/08/17 8:15 p.m.267 views

CVE-2021-29984

Instruction reordering resulted in a sequence of instructions that would cause an object to be incorrectly considered during garbage collection. This led to memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird < 78.13, Thunderbird < 91, Firefox ESR &lt...

8.8CVSS8.7AI score0.00295EPSS
CVE
CVE
added 2023/06/02 5:15 p.m.267 views

CVE-2023-23601

Navigations were being allowed when dragging a URL from a cross-origin iframe into the same tab which could lead to website spoofing attacks. This vulnerability affects Firefox < 109, Thunderbird < 102.7, and Firefox ESR

6.5CVSS6.5AI score0.00082EPSS
CVE
CVE
added 2024/06/11 1:15 p.m.267 views

CVE-2024-5691

By tricking the browser with a X-Frame-Options header, a sandboxed iframe could have presented a button that, if clicked by a user, would bypass restrictions to open a new window. This vulnerability affects Firefox < 127, Firefox ESR < 115.12, and Thunderbird

4.7CVSS5.2AI score0.00187EPSS
CVE
CVE
added 2024/06/11 1:15 p.m.267 views

CVE-2024-5692

On Windows 10, when using the 'Save As' functionality, an attacker could have tricked the browser into saving the file with a disallowed extension such as .url by including an invalid character in the extension. Note: This issue only affected Windows operating systems. Other operating systems are u...

6.5CVSS5.4AI score0.00406EPSS
CVE
CVE
added 2024/08/06 1:15 p.m.267 views

CVE-2024-7519

Insufficient checks when processing graphics shared memory could have led to memory corruption. This could be leveraged by an attacker to perform a sandbox escape. This vulnerability affects Firefox < 129, Firefox ESR < 115.14, Firefox ESR < 128.1, Thunderbird < 128.1, and Thunderbird

9.6CVSS8.9AI score0.00371EPSS
CVE
CVE
added 2019/09/27 6:15 p.m.266 views

CVE-2019-11746

A use-after-free vulnerability can occur while manipulating video elements if the body is freed while still in use. This results in a potentially exploitable crash. This vulnerability affects Firefox < 69, Thunderbird < 68.1, Thunderbird < 60.9, Firefox ESR < 60.9, and Firefox ESR

8.8CVSS8.8AI score0.00651EPSS
CVE
CVE
added 2019/04/26 5:29 p.m.266 views

CVE-2019-9790

A use-after-free vulnerability can occur when a raw pointer to a DOM element on a page is obtained using JavaScript and the element is then removed while still in use. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 60.6, Firefox ESR < 60.6, and Firef...

9.8CVSS9.3AI score0.00756EPSS
CVE
CVE
added 2020/10/22 9:15 p.m.266 views

CVE-2020-15683

Mozilla developers and community members reported memory safety bugs present in Firefox 81 and Firefox ESR 78.3. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects F...

9.8CVSS9.9AI score0.01566EPSS
CVE
CVE
added 2024/06/11 1:15 p.m.266 views

CVE-2024-5693

Offscreen Canvas did not properly track cross-origin tainting, which could be used to access image data from another site in violation of same-origin policy. This vulnerability affects Firefox < 127, Firefox ESR < 115.12, and Thunderbird

6.1CVSS5.2AI score0.01595EPSS
CVE
CVE
added 2019/02/05 9:29 p.m.265 views

CVE-2018-18500

A use-after-free vulnerability can occur while parsing an HTML5 stream in concert with custom HTML elements. This results in the stream parser object being freed while still in use, leading to a potentially exploitable crash. This vulnerability affects Thunderbird < 60.5, Firefox ESR < 60.5, ...

9.8CVSS7.1AI score0.28802EPSS
CVE
CVE
added 2020/05/26 6:15 p.m.265 views

CVE-2020-12392

The 'Copy as cURL' feature of Devtools' network tab did not properly escape the HTTP POST data of a request, which can be controlled by the website. If a user used the 'Copy as cURL' feature and pasted the command into a terminal, it could have resulted in the disclosure of local files. This vulner...

5.5CVSS6.4AI score0.00151EPSS
CVE
CVE
added 2020/01/08 10:15 p.m.264 views

CVE-2019-17011

Under certain conditions, when retrieving a document from a DocShell in the antitracking code, a race condition could cause a use-after-free condition and a potentially exploitable crash. This vulnerability affects Thunderbird < 68.3, Firefox ESR < 68.3, and Firefox

7.5CVSS7.7AI score0.00953EPSS
CVE
CVE
added 2023/06/02 5:15 p.m.264 views

CVE-2023-23603

Regular expressions used to filter out forbidden properties and values from style directives in calls to console.log weren't accounting for external URLs. Data could then be potentially exfiltrated from the browser. This vulnerability affects Firefox < 109, Thunderbird < 102.7, and Firefox ES...

6.5CVSS6.7AI score0.0016EPSS
CVE
CVE
added 2024/10/29 1:15 p.m.264 views

CVE-2024-10459

An attacker could have caused a use-after-free when accessibility was enabled, leading to a potentially exploitable crash. This vulnerability affects Firefox < 132, Firefox ESR < 128.4, Firefox ESR < 115.17, Thunderbird < 128.4, and Thunderbird

7.5CVSS6.3AI score0.00589EPSS
CVE
CVE
added 2024/06/11 1:15 p.m.264 views

CVE-2024-5690

By monitoring the time certain operations take, an attacker could have guessed which external protocol handlers were functional on a user's system. This vulnerability affects Firefox < 127, Firefox ESR < 115.12, and Thunderbird

4.3CVSS5.3AI score0.04021EPSS
CVE
CVE
added 2024/08/06 1:15 p.m.264 views

CVE-2024-7528

Incorrect garbage collection interaction in IndexedDB could have led to a use-after-free. This vulnerability affects Firefox < 129, Firefox ESR < 128.1, and Thunderbird

9.8CVSS8.8AI score0.00362EPSS
CVE
CVE
added 2024/10/01 4:15 p.m.264 views

CVE-2024-9401

Memory safety bugs present in Firefox 130, Firefox ESR 115.15, Firefox ESR 128.2, and Thunderbird 128.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox &...

9.8CVSS7.5AI score0.00801EPSS
CVE
CVE
added 2025/01/07 4:15 p.m.264 views

CVE-2025-0239

When using Alt-Svc, ALPN did not properly validate certificates when the original server is redirecting to an insecure site. This vulnerability affects Firefox < 134, Firefox ESR < 128.6, Thunderbird < 134, and Thunderbird

4CVSS4.8AI score0.00035EPSS
CVE
CVE
added 2019/07/23 2:15 p.m.263 views

CVE-2019-9819

A vulnerability where a JavaScript compartment mismatch can occur while working with the fetch API, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird < 60.7, Firefox < 67, and Firefox ESR

9.8CVSS6.1AI score0.00554EPSS
CVE
CVE
added 2020/05/26 5:15 p.m.263 views

CVE-2020-12395

Mozilla developers and community members reported memory safety bugs present in Firefox 75 and Firefox ESR 68.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects F...

10CVSS9.8AI score0.01231EPSS
CVE
CVE
added 2024/07/09 3:15 p.m.263 views

CVE-2024-6603

In an out-of-memory scenario an allocation could fail but free would have been called on the pointer afterwards leading to memory corruption. This vulnerability affects Firefox < 128, Firefox ESR < 115.13, Thunderbird < 115.13, and Thunderbird

7.4CVSS7.7AI score0.00374EPSS
CVE
CVE
added 2019/07/23 2:15 p.m.262 views

CVE-2019-11711

When an inner window is reused, it does not consider the use of document.domain for cross-origin protections. If pages on different subdomains ever cooperatively use document.domain, then either page can abuse this to inject script into arbitrary pages on the other subdomain, even those that did no...

8.8CVSS8.7AI score0.0226EPSS
CVE
CVE
added 2019/07/23 2:15 p.m.261 views

CVE-2019-11692

A use-after-free vulnerability can occur when listeners are removed from the event listener manager while still in use, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird < 60.7, Firefox < 67, and Firefox ESR

9.8CVSS6.3AI score0.00516EPSS
CVE
CVE
added 2020/04/24 4:15 p.m.261 views

CVE-2020-6822

On 32-bit builds, an out of bounds write could have occurred when processing an image larger than 4 GB in GMPDecodeData. It is possible that with enough effort this could have been exploited to run arbitrary code. This vulnerability affects Thunderbird < 68.7.0, Firefox ESR < 68.7, and Firefo...

8.8CVSS8.9AI score0.00817EPSS
CVE
CVE
added 2021/08/05 8:15 p.m.261 views

CVE-2021-29970

A malicious webpage could have triggered a use-after-free, memory corruption, and a potentially exploitable crash. This bug could only be triggered when accessibility was enabled. . This vulnerability affects Thunderbird < 78.12, Firefox ESR < 78.12, and Firefox

8.8CVSS6.1AI score0.00312EPSS
CVE
CVE
added 2024/11/26 2:15 p.m.261 views

CVE-2024-11696

The application failed to account for exceptions thrown by the loadManifestFromFile method during add-on signature verification. This flaw, triggered by an invalid or unsupported extension manifest, could have caused runtime errors that disrupted the signature validation process. As a result, the e...

5.4CVSS6.2AI score0.001EPSS
CVE
CVE
added 2024/05/14 6:15 p.m.261 views

CVE-2024-4769

When importing resources using Web Workers, error messages would distinguish the difference between application/javascript responses and non-script responses. This could have been abused to learn information cross-origin. This vulnerability affects Firefox < 126, Firefox ESR < 115.11, and Thu...

5.9CVSS5.4AI score0.0047EPSS
Total number of security vulnerabilities905