Lucene search
K
Database
Vendors
Products
Timeline
Vulnerabilities
Perimeter Scanner
Scanning
Projects
Scanner
Agent Scanning
API Scanning
Manual Audit
Email
Webhook
Resources
Documents
Blog
Glossary
FAQ
Plugins
Pricing
Contacts
About Us
Partners
Branding Guideline
Settings
Sign in
MozillaFirefox Esr*

839 matches found

CVE
CVEadded 2018/06/11 9:29 p.m.138 views

CVE-2018-5127

A buffer overflow can occur when manipulating the SVG "animatedPathSegList" through script. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.7, Firefox ESR < 52.7, and Firefox

8.8CVSS9.2AI score0.18402EPSS
CVE
CVEadded 2023/06/02 5:15 p.m.138 views

CVE-2023-29550

Memory safety bugs present in Firefox 111 and Firefox ESR 102.9. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 112, Focus for Android < 112, Fir...

8.8CVSS9.1AI score0.00136EPSS
CVE
CVEadded 2018/06/11 9:29 p.m.137 views

CVE-2017-5444

A buffer overflow vulnerability while parsing "application/http-index-format" format content when the header contains improperly formatted data. This allows for an out-of-bounds read of data from memory. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1,...

7.5CVSS8.2AI score0.027EPSS
CVE
CVEadded 2018/06/11 9:29 p.m.137 views

CVE-2017-5459

A buffer overflow in WebGL triggerable by web content, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox

9.8CVSS8.5AI score0.06622EPSS
CVE
CVEadded 2018/06/11 9:29 p.m.137 views

CVE-2017-7779

Memory safety bugs were reported in Firefox 54, Firefox ESR 52.2, and Thunderbird 52.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 52.3, Firef...

10CVSS9AI score0.02182EPSS
CVE
CVEadded 2018/10/18 1:29 p.m.137 views

CVE-2018-12369

WebExtensions bundled with embedded experiments were not correctly checked for proper authorization. This allowed a malicious WebExtension to gain full browser permissions. This vulnerability affects Firefox ESR < 60.1 and Firefox

9.8CVSS8AI score0.01798EPSS
CVE
CVEadded 2023/06/02 5:15 p.m.137 views

CVE-2023-25752

When accessing throttled streams, the count of available bytes needed to be checked in the calling function to be within bounds. This may have lead future code to be incorrect and vulnerable. This vulnerability affects Firefox < 111, Firefox ESR < 102.9, and Thunderbird

6.5CVSS6.8AI score0.00098EPSS
CVE
CVEadded 2018/06/11 9:29 p.m.136 views

CVE-2017-5408

Video files loaded video captions cross-origin without checking for the presence of CORS headers permitting such cross-origin use, leading to potential information disclosure for video captions. This vulnerability affects Firefox < 52, Firefox ESR < 45.8, Thunderbird < 52, and Thunderbird

5.3CVSS6.1AI score0.01068EPSS
CVE
CVEadded 2018/06/11 9:29 p.m.136 views

CVE-2017-5440

A use-after-free vulnerability during XSLT processing due to a failure to propagate error conditions during matching while evaluating context, leading to objects being used when they no longer exist. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.1, ...

9.8CVSS8.3AI score0.02016EPSS
CVE
CVEadded 2018/06/11 9:29 p.m.136 views

CVE-2017-7793

A use-after-free vulnerability can occur in the Fetch API when the worker or the associated window are freed when still in use, resulting in a potentially exploitable crash. This vulnerability affects Firefox < 56, Firefox ESR < 52.4, and Thunderbird

9.8CVSS8.1AI score0.03238EPSS
CVE
CVEadded 2018/06/11 9:29 p.m.136 views

CVE-2017-7810

Memory safety bugs were reported in Firefox 55 and Firefox ESR 52.3. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 56, Firefox ESR < 52.4, and Thu...

10CVSS8.9AI score0.02513EPSS
CVE
CVEadded 2018/10/18 1:29 p.m.136 views

CVE-2018-5187

Memory safety bugs present in Firefox 60 and Firefox ESR 60. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 60, Firefox ESR < 60.1, and Firefox

9.8CVSS8.9AI score0.03688EPSS
CVE
CVEadded 2022/12/22 8:15 p.m.136 views

CVE-2022-40956

When injecting an HTML base element, some requests would ignore the CSP's base-uri settings and accept the injected element's base instead. This vulnerability affects Firefox ESR < 102.3, Thunderbird < 102.3, and Firefox

6.1CVSS6.6AI score0.00154EPSS
CVE
CVEadded 2022/12/22 8:15 p.m.136 views

CVE-2022-45406

If an out-of-memory condition occurred when creating a JavaScript global, a JavaScript realm may be deleted while references to it lived on in a BaseShape. This could lead to a use-after-free causing a potentially exploitable crash. This vulnerability affects Firefox ESR < 102.5, Thunderbird &lt...

9.8CVSS9.1AI score0.00283EPSS
CVE
CVEadded 2023/06/02 5:15 p.m.136 views

CVE-2023-32211

A type checking bug would have led to invalid code being compiled. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird

6.5CVSS6.8AI score0.00145EPSS
CVE
CVEadded 2018/06/11 9:29 p.m.135 views

CVE-2016-5290

Memory safety bugs were reported in Firefox 49 and Firefox ESR 45.4. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 45.5, Firefox ESR < 45.5, a...

9.8CVSS8.9AI score0.01973EPSS
CVE
CVEadded 2018/06/11 9:29 p.m.135 views

CVE-2017-5446

An out-of-bounds read when an HTTP/2 connection to a servers sends "DATA" frames with incorrect data content. This leads to a potentially exploitable crash. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox

9.8CVSS8AI score0.01427EPSS
CVE
CVEadded 2018/06/11 9:29 p.m.135 views

CVE-2017-5448

An out-of-bounds write in "ClearKeyDecryptor" while decrypting some Clearkey-encrypted media content. The "ClearKeyDecryptor" code runs within the Gecko Media Plugin (GMP) sandbox. If a second mechanism is found to escape the sandbox, this vulnerability allows for the writing of arbitrary data with...

8.6CVSS8.2AI score0.01377EPSS
CVE
CVEadded 2018/06/11 9:29 p.m.135 views

CVE-2017-7778

A number of security vulnerabilities in the Graphite 2 library including out-of-bounds reads, buffer overflow reads and writes, and the use of uninitialized memory. These issues were addressed in Graphite 2 version 1.3.10. This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and Thund...

9.8CVSS8.6AI score0.01117EPSS
CVE
CVEadded 2018/06/11 9:29 p.m.135 views

CVE-2018-5157

Same-origin protections for the PDF viewer can be bypassed, allowing a malicious site to intercept messages meant for the viewer. This could allow the site to retrieve PDF files restricted to viewing by an authenticated user on a third-party website. This vulnerability affects Firefox ESR < 52.8...

7.5CVSS6.1AI score0.00606EPSS
CVE
CVEadded 2023/06/02 5:15 p.m.135 views

CVE-2023-25730

A background script invoking requestFullscreen and then blocking the main thread could force the browser into fullscreen mode indefinitely, resulting in potential user confusion or spoofing attacks. This vulnerability affects Firefox < 110, Thunderbird < 102.8, and Firefox ESR

5.4CVSS6.1AI score0.00095EPSS
CVE
CVEadded 2018/06/11 9:29 p.m.134 views

CVE-2017-5442

A use-after-free vulnerability during changes in style when manipulating DOM elements. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox

9.8CVSS8.3AI score0.02016EPSS
CVE
CVEadded 2018/06/11 9:29 p.m.134 views

CVE-2017-5460

A use-after-free vulnerability in frame selection triggered by a combination of malicious script content and key presses by a user. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox

9.8CVSS8.3AI score0.02016EPSS
CVE
CVEadded 2018/06/11 9:29 p.m.134 views

CVE-2017-7753

An out-of-bounds read occurs when applying style rules to pseudo-elements, such as ::first-line, using cached style data. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox

9.1CVSS7.8AI score0.01812EPSS
CVE
CVEadded 2018/06/11 9:29 p.m.133 views

CVE-2017-5449

A possibly exploitable crash triggered during layout and manipulation of bidirectional unicode text in concert with CSS animations. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 52.1, and Firefox

7.5CVSS8.1AI score0.0164EPSS
CVE
CVEadded 2018/06/11 9:29 p.m.133 views

CVE-2017-7823

The content security policy (CSP) "sandbox" directive did not create a unique origin for the document, causing it to behave as if the "allow-same-origin" keyword were always specified. This could allow a Cross-Site Scripting (XSS) attack to be launched from unsafe content. This vulnerability affect...

5.4CVSS6.1AI score0.01416EPSS
CVE
CVEadded 2022/12/22 8:15 p.m.133 views

CVE-2022-22744

The constructed curl command from the "Copy as curl" feature in DevTools was not properly escaped for PowerShell. This could have lead to command injection if pasted into a Powershell prompt.This bug only affects Thunderbird for Windows. Other operating systems are unaffected. . This vulnerability ...

8.8CVSS8.5AI score0.00414EPSS
CVE
CVEadded 2023/06/02 5:15 p.m.133 views

CVE-2023-28164

Dragging a URL from a cross-origin iframe that was removed during the drag could have led to user confusion and website spoofing attacks. This vulnerability affects Firefox < 111, Firefox ESR < 102.9, and Thunderbird

6.5CVSS6.5AI score0.0008EPSS
CVE
CVEadded 2024/01/23 2:15 p.m.133 views

CVE-2024-0750

A bug in popup notifications delay calculation could have made it possible for an attacker to trick a user into granting permissions. This vulnerability affects Firefox < 122, Firefox ESR < 115.7, and Thunderbird

8.8CVSS8AI score0.0062EPSS
CVE
CVEadded 2018/06/11 9:29 p.m.132 views

CVE-2017-5410

Memory corruption resulting in a potentially exploitable crash during garbage collection of JavaScript due errors in how incremental sweeping is managed for memory cleanup. This vulnerability affects Firefox < 52, Firefox ESR < 45.8, Thunderbird < 52, and Thunderbird

9.8CVSS8.2AI score0.02663EPSS
CVE
CVEadded 2018/06/11 9:29 p.m.132 views

CVE-2017-5466

If a page is loaded from an original site through a hyperlink and contains a redirect to a "data:text/html" URL, triggering a reload will run the reloaded "data:text/html" page with its origin set incorrectly. This allows for a cross-site scripting (XSS) attack. This vulnerability affects Thunderbi...

6.1CVSS6.3AI score0.00624EPSS
CVE
CVEadded 2018/06/11 9:29 p.m.132 views

CVE-2017-7814

File downloads encoded with "blob:" and "data:" URL elements bypassed normal file download checks though the Phishing and Malware Protection feature and its block lists of suspicious sites and files. This would allow malicious sites to lure users into downloading executables that would otherwise be...

7.8CVSS7.6AI score0.00319EPSS
CVE
CVEadded 2018/06/11 9:29 p.m.132 views

CVE-2017-7819

A use-after-free vulnerability can occur in design mode when image objects are resized if objects referenced during the resizing have been freed from memory. This results in a potentially exploitable crash. This vulnerability affects Firefox < 56, Firefox ESR < 52.4, and Thunderbird

9.8CVSS8.3AI score0.09EPSS
CVE
CVEadded 2018/06/11 9:29 p.m.132 views

CVE-2018-5131

Under certain circumstances the "fetch()" API can return transient local copies of resources that were sent with a "no-store" or "no-cache" cache header instead of downloading a copy from the network as it should. This can result in previously stored, locally cached data of a website being accessib...

5.9CVSS6.3AI score0.01451EPSS
CVE
CVEadded 2022/12/22 8:15 p.m.132 views

CVE-2022-45405

Freeing arbitrary nsIInputStream's on a different thread than creation could have led to a use-after-free and potentially exploitable crash. This vulnerability affects Firefox ESR < 102.5, Thunderbird < 102.5, and Firefox

6.5CVSS7.5AI score0.00089EPSS
CVE
CVEadded 2022/12/22 8:15 p.m.132 views

CVE-2022-45409

The garbage collector could have been aborted in several states and zones and GCRuntime::finishCollection may not have been called, leading to a use-after-free and potentially exploitable crash. This vulnerability affects Firefox ESR < 102.5, Thunderbird < 102.5, and Firefox

8.8CVSS8.9AI score0.00128EPSS
CVE
CVEadded 2022/12/22 8:15 p.m.132 views

CVE-2022-45411

Cross-Site Tracing occurs when a server will echo a request back via the Trace method, allowing an XSS attack to access to authorization headers and cookies inaccessible to JavaScript (such as cookies protected by HTTPOnly). To mitigate this attack, browsers placed limits on fetch() and XMLHttpRequ...

6.1CVSS6.9AI score0.00111EPSS
CVE
CVEadded 2023/06/02 5:15 p.m.132 views

CVE-2023-29533

A website could have obscured the fullscreen notification by using a combination of window.open, fullscreen requests, window.name assignments, and setInterval calls. This could have led to user confusion and possible spoofing attacks. This vulnerability affects Firefox < 112, Focus for Android &...

4.3CVSS5.4AI score0.00099EPSS
CVE
CVEadded 2020/07/09 2:15 p.m.131 views

CVE-2018-12371

An integer overflow vulnerability in the Skia library when allocating memory for edge builders on some systems with at least 16 GB of RAM. This results in the use of uninitialized memory, resulting in a potentially exploitable crash. This vulnerability affects Firefox ESR < 60.1, Thunderbird &lt...

8.8CVSS8.2AI score0.00442EPSS
CVE
CVEadded 2018/06/11 9:29 p.m.131 views

CVE-2018-5183

Mozilla developers backported selected changes in the Skia library. These changes correct memory corruption issues including invalid buffer reads and writes during graphic operations. This vulnerability affects Thunderbird ESR < 52.8, Thunderbird < 52.8, and Firefox ESR

9.8CVSS7.2AI score0.03792EPSS
CVE
CVEadded 2023/06/02 5:15 p.m.131 views

CVE-2023-25746

Memory safety bugs present in Firefox ESR 102.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird < 102.8 and Firefox ESR

8.8CVSS9.3AI score0.00136EPSS
CVE
CVEadded 2018/06/11 9:29 p.m.130 views

CVE-2017-5401

A crash triggerable by web content in which an "ErrorResult" references unassigned memory due to a logic error. The resulting crash may be exploitable. This vulnerability affects Firefox < 52, Firefox ESR < 45.8, Thunderbird < 52, and Thunderbird

9.8CVSS7.7AI score0.02314EPSS
CVE
CVEadded 2018/06/11 9:29 p.m.129 views

CVE-2017-7803

When a page's content security policy (CSP) header contains a "sandbox" directive, other directives are ignored. This results in the incorrect enforcement of CSP. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox

7.5CVSS8AI score0.01098EPSS
CVE
CVEadded 2018/06/11 9:29 p.m.129 views

CVE-2018-5130

When packets with a mismatched RTP payload type are sent in WebRTC connections, in some circumstances a potentially exploitable crash is triggered. This vulnerability affects Firefox ESR < 52.7 and Firefox

8.8CVSS8.5AI score0.01193EPSS
CVE
CVEadded 2023/06/02 5:15 p.m.129 views

CVE-2023-28163

When downloading files through the Save As dialog on Windows with suggested filenames containing environment variable names, Windows would have resolved those in the context of the current user. This bug only affects Firefox on Windows. Other versions of Firefox are unaffected. . This vulnerability...

6.5CVSS5.7AI score0.0013EPSS
CVE
CVEadded 2023/06/02 5:15 p.m.129 views

CVE-2023-29548

A wrong lowering instruction in the ARM64 Ion compiler resulted in a wrong optimization result. This vulnerability affects Firefox < 112, Focus for Android < 112, Firefox ESR < 102.10, Firefox for Android < 112, and Thunderbird

6.5CVSS6.6AI score0.00099EPSS
CVE
CVEadded 2023/06/02 5:15 p.m.128 views

CVE-2023-29535

Following a Garbage Collector compaction, weak maps may have been accessed before they were correctly traced. This resulted in memory corruption and a potentially exploitable crash. This vulnerability affects Firefox < 112, Focus for Android < 112, Firefox ESR < 102.10, Firefox for Android...

6.5CVSS7.3AI score0.00099EPSS
CVE
CVEadded 2024/01/23 2:15 p.m.128 views

CVE-2024-0742

It was possible for certain browser prompts and dialogs to be activated or dismissed unintentionally by the user due to an incorrect timestamp used to prevent input after page load. This vulnerability affects Firefox < 122, Firefox ESR < 115.7, and Thunderbird

4.3CVSS5.8AI score0.01221EPSS
CVE
CVEadded 2018/06/11 9:29 p.m.127 views

CVE-2017-5398

Memory safety bugs were reported in Thunderbird 45.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 52, Firefox ESR < 45.8, Thunderbird < 52, a...

10CVSS8.8AI score0.03433EPSS
CVE
CVEadded 2018/06/11 9:29 p.m.127 views

CVE-2017-7818

A use-after-free vulnerability can occur when manipulating arrays of Accessible Rich Internet Applications (ARIA) elements within containers through the DOM. This results in a potentially exploitable crash. This vulnerability affects Firefox < 56, Firefox ESR < 52.4, and Thunderbird

9.8CVSS8.1AI score0.09EPSS
Total number of security vulnerabilities839