Lucene search

K
MozillaFirefox Esr

905 matches found

CVE
CVE
added 2024/05/14 6:15 p.m.261 views

CVE-2024-4777

Memory safety bugs present in Firefox 125, Firefox ESR 115.10, and Thunderbird 115.10. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 126, Firefox E...

8.8CVSS7AI score0.00458EPSS
CVE
CVE
added 2025/01/07 4:15 p.m.261 views

CVE-2025-0240

Parsing a JavaScript module as JSON could, under some circumstances, cause cross-compartment access, which may result in a use-after-free. This vulnerability affects Firefox < 134, Firefox ESR < 128.6, Thunderbird < 134, and Thunderbird

4CVSS5.5AI score0.00054EPSS
CVE
CVE
added 2025/02/04 2:15 p.m.260 views

CVE-2025-1012

A race during concurrent delazification could have led to a use-after-free. This vulnerability affects Firefox < 135, Firefox ESR < 115.20, Firefox ESR < 128.7, Thunderbird < 128.7, and Thunderbird

9.8CVSS6.1AI score0.00201EPSS
CVE
CVE
added 2024/11/26 2:15 p.m.259 views

CVE-2024-11693

The executable file warning was not presented when downloading .library-ms files.Note: This issue only affected Windows operating systems. Other operating systems are unaffected. This vulnerability affects Firefox < 133, Firefox ESR < 128.5, Thunderbird < 133, and Thunderbird

9.8CVSS6.2AI score0.00497EPSS
CVE
CVE
added 2019/07/23 2:15 p.m.258 views

CVE-2019-11698

If a crafted hyperlink is dragged and dropped to the bookmark bar or sidebar and the resulting bookmark is subsequently dragged and dropped into the web content area, an arbitrary query of a user's browser history can be run and transmitted to the content page via drop event data. This allows for t...

5.3CVSS5.6AI score0.00379EPSS
CVE
CVE
added 2021/03/31 2:15 p.m.258 views

CVE-2021-23987

Mozilla developers and community members reported memory safety bugs present in Firefox 86 and Firefox ESR 78.8. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects F...

8.8CVSS9.1AI score0.00313EPSS
CVE
CVE
added 2021/06/24 2:15 p.m.258 views

CVE-2021-29946

Ports that were written as an integer overflow above the bounds of a 16-bit integer could have bypassed port blocking restrictions when used in the Alt-Svc header. This vulnerability affects Firefox ESR < 78.10, Thunderbird < 78.10, and Firefox

8.8CVSS6.5AI score0.0013EPSS
CVE
CVE
added 2024/08/06 1:15 p.m.258 views

CVE-2024-7526

ANGLE failed to initialize parameters which lead to reading from uninitialized memory. This could be leveraged to leak sensitive data from memory. This vulnerability affects Firefox < 129, Firefox ESR < 115.14, Firefox ESR < 128.1, Thunderbird < 128.1, and Thunderbird

7.5CVSS7AI score0.00241EPSS
CVE
CVE
added 2024/09/03 1:15 p.m.258 views

CVE-2024-8383

Firefox normally asks for confirmation before asking the operating system to find an application to handle a scheme that the browser does not support. It did not ask before doing so for the Usenet-related schemes news: and snews:. Since most operating systems don't have a trusted newsreader install...

7.5CVSS7.7AI score0.00214EPSS
CVE
CVE
added 2025/01/07 4:15 p.m.258 views

CVE-2025-0238

Assuming a controlled failed memory allocation, an attacker could have caused a use-after-free, leading to a potentially exploitable crash. This vulnerability affects Firefox < 134, Firefox ESR < 128.6, Firefox ESR < 115.19, Thunderbird < 134, and Thunderbird

5.3CVSS5.4AI score0.00234EPSS
CVE
CVE
added 2019/07/23 2:15 p.m.257 views

CVE-2019-11712

POST requests made by NPAPI plugins, such as Flash, that receive a status 308 redirect response can bypass CORS requirements. This can allow an attacker to perform Cross-Site Request Forgery (CSRF) attacks. This vulnerability affects Firefox ESR < 60.8, Firefox < 68, and Thunderbird

8.8CVSS8.8AI score0.00501EPSS
CVE
CVE
added 2020/12/09 1:15 a.m.257 views

CVE-2020-26960

If the Compact() method was called on an nsTArray, the array could have been reallocated without updating other pointers, leading to a potential use-after-free and exploitable crash. This vulnerability affects Firefox < 83, Firefox ESR < 78.5, and Thunderbird

9.3CVSS8.3AI score0.00665EPSS
CVE
CVE
added 2020/03/25 10:15 p.m.257 views

CVE-2020-6806

By carefully crafting promise resolutions, it was possible to cause an out-of-bounds read off the end of an array resized during script execution. This could have led to memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird < 68.6, Firefox < 74, Firefox...

8.8CVSS9AI score0.05209EPSS
CVE
CVE
added 2024/10/29 1:15 p.m.257 views

CVE-2024-10466

By sending a specially crafted push message, a remote server could have hung the parent process, causing the browser to become unresponsive. This vulnerability affects Firefox < 132, Firefox ESR < 128.4, Thunderbird < 128.4, and Thunderbird

7.5CVSS6.2AI score0.00797EPSS
CVE
CVE
added 2025/02/04 2:15 p.m.257 views

CVE-2025-1014

Certificate length was not properly checked when added to a certificate store. In practice only trusted data was processed. This vulnerability affects Firefox < 135, Firefox ESR < 128.7, Thunderbird < 128.7, and Thunderbird

8.8CVSS6.1AI score0.00087EPSS
CVE
CVE
added 2024/10/29 1:15 p.m.256 views

CVE-2024-10458

A permission leak could have occurred from a trusted site to an untrusted site via embed or object elements. This vulnerability affects Firefox < 132, Firefox ESR < 128.4, Firefox ESR < 115.17, Thunderbird < 128.4, and Thunderbird

7.5CVSS6AI score0.00206EPSS
CVE
CVE
added 2024/09/03 1:15 p.m.256 views

CVE-2024-8385

A difference in the handling of StructFields and ArrayTypes in WASM could be used to trigger an exploitable type confusion vulnerability. This vulnerability affects Firefox < 130, Firefox ESR < 128.2, and Thunderbird

9.8CVSS8.7AI score0.00606EPSS
CVE
CVE
added 2019/07/23 2:15 p.m.255 views

CVE-2019-11693

The bufferdata function in WebGL is vulnerable to a buffer overflow with specific graphics drivers on Linux. This could result in malicious content freezing a tab or triggering a potentially exploitable crash. Note: this issue only occurs on Linux. Other operating systems are unaffected. . This vul...

9.8CVSS6.5AI score0.00598EPSS
CVE
CVE
added 2020/01/08 10:15 p.m.255 views

CVE-2019-17005

The plain text serializer used a fixed-size array for the number of elements it could process; however it was possible to overflow the static-sized array leading to memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird < 68.3, Firefox ESR < 68.3, and F...

8.8CVSS8.7AI score0.01659EPSS
CVE
CVE
added 2019/07/23 2:15 p.m.255 views

CVE-2019-9816

A possible vulnerability exists where type confusion can occur when manipulating JavaScript objects in object groups, allowing for the bypassing of security checks within these groups. Note: this vulnerability has only been demonstrated with UnboxedObjects, which are disabled by default on all supp...

5.9CVSS6AI score0.38245EPSS
CVE
CVE
added 2020/03/25 10:15 p.m.255 views

CVE-2020-6812

The first time AirPods are connected to an iPhone, they become named after the user's name by default (e.g. Jane Doe's AirPods.) Websites with camera or microphone permission are able to enumerate device names, disclosing the user's name. To resolve this issue, Firefox added a special case that ren...

5.3CVSS6.6AI score0.00618EPSS
CVE
CVE
added 2021/12/08 10:15 p.m.255 views

CVE-2021-38504

When interacting with an HTML input element's file picker dialog with webkitdirectory set, a use-after-free could have resulted, leading to memory corruption and a potentially exploitable crash. This vulnerability affects Firefox < 94, Thunderbird < 91.3, and Firefox ESR

8.8CVSS9AI score0.00417EPSS
CVE
CVE
added 2024/10/29 1:15 p.m.255 views

CVE-2024-10463

Video frames could have been leaked between origins in some situations. This vulnerability affects Firefox < 132, Firefox ESR < 128.4, Firefox ESR < 115.17, Thunderbird < 128.4, and Thunderbird

7.5CVSS6.3AI score0.00207EPSS
CVE
CVE
added 2024/10/29 1:15 p.m.255 views

CVE-2024-10465

A clipboard "paste" button could persist across tabs which allowed a spoofing attack. This vulnerability affects Firefox < 132, Firefox ESR < 128.4, Thunderbird < 128.4, and Thunderbird

7.5CVSS6AI score0.00193EPSS
CVE
CVE
added 2024/10/29 1:15 p.m.254 views

CVE-2024-10467

Memory safety bugs present in Firefox 131, Firefox ESR 128.3, and Thunderbird 128.3. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 132, Firefox ESR...

9.8CVSS7.3AI score0.00359EPSS
CVE
CVE
added 2024/10/01 4:15 p.m.254 views

CVE-2024-9399

A website configured to initiate a specially crafted WebTransport session could crash the Firefox process leading to a denial of service condition. This vulnerability affects Firefox < 131, Firefox ESR < 128.3, Thunderbird < 128.3, and Thunderbird

7.5CVSS6.1AI score0.0086EPSS
CVE
CVE
added 2020/07/09 3:15 p.m.253 views

CVE-2020-12406

Mozilla Developer Iain Ireland discovered a missing type check during unboxed objects removal, resulting in a crash. We presume that with enough effort that it could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 68.9.0, Firefox < 77, and Firefox ESR

9.3CVSS8.3AI score0.00342EPSS
CVE
CVE
added 2024/08/06 1:15 p.m.253 views

CVE-2024-7531

Calling PK11_Encrypt() in NSS using CKM_CHACHA20 and the same buffer for input and output can result in plaintext on an Intel Sandy Bridge processor. In Firefox this only affects the QUIC header protection feature when the connection is using the ChaCha20-Poly1305 cipher suite. The most likely outc...

6.5CVSS6.4AI score0.00112EPSS
CVE
CVE
added 2024/10/01 4:15 p.m.253 views

CVE-2024-9402

Memory safety bugs present in Firefox 130, Firefox ESR 128.2, and Thunderbird 128.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 131, Firefox ESR...

9.8CVSS7.5AI score0.00647EPSS
CVE
CVE
added 2020/05/26 6:15 p.m.252 views

CVE-2020-12388

The Firefox content processes did not sufficiently lockdown access control which could result in a sandbox escape. Note: this issue only affects Firefox on Windows operating systems. . This vulnerability affects Firefox ESR < 68.8 and Firefox

10CVSS8.8AI score0.01503EPSS
CVE
CVE
added 2021/06/24 2:15 p.m.252 views

CVE-2021-24002

When a user clicked on an FTP URL containing encoded newline characters (%0A and %0D), the newlines would have been interpreted as such and allowed arbitrary commands to be sent to the FTP server. This vulnerability affects Firefox ESR < 78.10, Thunderbird < 78.10, and Firefox

8.8CVSS6.5AI score0.00122EPSS
CVE
CVE
added 2024/09/03 1:15 p.m.252 views

CVE-2024-8382

Internal browser event interfaces were exposed to web content when privileged EventHandler listener callbacks ran for those events. Web content that tried to use those interfaces would not be able to use them with elevated privileges, but their presence would indicate certain browser features had b...

8.8CVSS8.3AI score0.00322EPSS
CVE
CVE
added 2024/09/03 1:15 p.m.252 views

CVE-2024-8387

Memory safety bugs present in Firefox 129, Firefox ESR 128.1, and Thunderbird 128.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 130, Firefox ESR...

9.8CVSS9.8AI score0.00787EPSS
CVE
CVE
added 2019/02/05 9:29 p.m.251 views

CVE-2018-18501

Mozilla developers and community members reported memory safety bugs present in Firefox 64 and Firefox ESR 60.4. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thu...

9.8CVSS8AI score0.02592EPSS
CVE
CVE
added 2024/08/06 1:15 p.m.251 views

CVE-2024-7522

Editor code failed to check an attribute value. This could have led to an out-of-bounds read. This vulnerability affects Firefox < 129, Firefox ESR < 115.14, Firefox ESR < 128.1, Thunderbird < 128.1, and Thunderbird

9.1CVSS8.9AI score0.00444EPSS
CVE
CVE
added 2025/01/07 4:15 p.m.251 views

CVE-2025-0243

Memory safety bugs present in Firefox 133, Thunderbird 133, Firefox ESR 128.5, and Thunderbird 128.5. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox <...

5.1CVSS6.8AI score0.00058EPSS
CVE
CVE
added 2020/03/25 10:15 p.m.250 views

CVE-2020-6807

When a device was changed while a stream was about to be destroyed, the stream-reinit task may have been executed after the stream was destroyed, causing a use-after-free and a potentially exploitable crash. This vulnerability affects Thunderbird < 68.6, Firefox < 74, Firefox < ESR68.6, an...

8.8CVSS9AI score0.01383EPSS
CVE
CVE
added 2024/09/03 1:15 p.m.250 views

CVE-2024-8384

The JavaScript garbage collector could mis-color cross-compartment objects if OOM conditions were detected at the right point between two passes. This could have led to memory corruption. This vulnerability affects Firefox < 130, Firefox ESR < 128.2, Firefox ESR < 115.15, Thunderbird < ...

9.8CVSS8.8AI score0.00794EPSS
CVE
CVE
added 2024/10/01 4:15 p.m.250 views

CVE-2024-9394

An attacker could, via a specially crafted multipart response, execute arbitrary JavaScript under the resource://devtools origin. This could allow them to access cross-origin JSON content. This access is limited to "same site" documents by the Site Isolation feature on desktop clients, but full cro...

7.5CVSS6.5AI score0.00192EPSS
CVE
CVE
added 2021/02/26 4:15 p.m.249 views

CVE-2021-23978

Mozilla developers reported memory safety bugs present in Firefox 85 and Firefox ESR 78.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 86, Thunde...

8.8CVSS9.1AI score0.00754EPSS
CVE
CVE
added 2023/06/02 5:15 p.m.249 views

CVE-2023-23602

A mishandled security check when creating a WebSocket in a WebWorker caused the Content Security Policy connect-src header to be ignored. This could lead to connections to restricted origins from inside WebWorkers. This vulnerability affects Firefox < 109, Thunderbird < 102.7, and Firefox ESR

6.5CVSS6.6AI score0.00125EPSS
CVE
CVE
added 2024/11/26 2:15 p.m.249 views

CVE-2024-11695

A crafted URL containing Arabic script and whitespace characters could have hidden the true origin of the page, resulting in a potential spoofing attack. This vulnerability affects Firefox < 133, Firefox ESR < 128.5, Thunderbird < 133, and Thunderbird

5.4CVSS6.1AI score0.00153EPSS
CVE
CVE
added 2024/10/01 4:15 p.m.249 views

CVE-2024-9397

A missing delay in directory upload UI could have made it possible for an attacker to trick a user into granting permission via clickjacking. This vulnerability affects Firefox < 131, Firefox ESR < 128.3, Thunderbird < 128.3, and Thunderbird

6.1CVSS6.3AI score0.00194EPSS
CVE
CVE
added 2020/01/08 9:15 p.m.248 views

CVE-2019-11764

Mozilla developers and community members reported memory safety bugs present in Firefox 69 and Firefox ESR 68.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could be exploited to run arbitrary code. This vulnerability affects Firefox ...

8.8CVSS9.1AI score0.01071EPSS
CVE
CVE
added 2020/01/08 10:15 p.m.248 views

CVE-2019-17017

Due to a missing case handling object types, a type confusion vulnerability could occur, resulting in a crash. We presume that with enough effort that it could be exploited to run arbitrary code. This vulnerability affects Firefox ESR < 68.4 and Firefox

8.8CVSS8.2AI score0.0142EPSS
CVE
CVE
added 2019/07/23 2:15 p.m.248 views

CVE-2019-9811

As part of a winning Pwn2Own entry, a researcher demonstrated a sandbox escape by installing a malicious language pack and then opening a browser feature that used the compromised translation. This vulnerability affects Firefox ESR < 60.8, Firefox < 68, and Thunderbird

8.3CVSS8.6AI score0.01317EPSS
CVE
CVE
added 2024/10/29 1:15 p.m.248 views

CVE-2024-10462

Truncation of a long URL could have allowed origin spoofing in a permission prompt. This vulnerability affects Firefox < 132, Firefox ESR < 128.4, Thunderbird < 128.4, and Thunderbird

7.5CVSS6.1AI score0.00193EPSS
CVE
CVE
added 2024/11/26 2:15 p.m.248 views

CVE-2024-11697

When handling keypress events, an attacker may have been able to trick a user into bypassing the "Open Executable File?" confirmation dialog. This could have led to malicious code execution. This vulnerability affects Firefox < 133, Firefox ESR < 128.5, Thunderbird < 133, and Thunderbird

8.8CVSS6.6AI score0.00377EPSS
CVE
CVE
added 2024/08/06 1:15 p.m.248 views

CVE-2024-7520

A type confusion bug in WebAssembly could be leveraged by an attacker to potentially achieve code execution. This vulnerability affects Firefox < 129, Firefox ESR < 128.1, and Thunderbird

8.8CVSS8.2AI score0.00696EPSS
CVE
CVE
added 2024/08/06 1:15 p.m.248 views

CVE-2024-7527

Unexpected marking work at the start of sweeping could have led to a use-after-free. This vulnerability affects Firefox < 129, Firefox ESR < 115.14, Firefox ESR < 128.1, Thunderbird < 128.1, and Thunderbird

8.8CVSS8.2AI score0.00371EPSS
Total number of security vulnerabilities905