Lucene search
K
Database
Vendors
Products
Timeline
Vulnerabilities
Perimeter Scanner
Scanning
Projects
Scanner
Agent Scanning
API Scanning
Manual Audit
Email
Webhook
Resources
Documents
Blog
Glossary
FAQ
Plugins
Pricing
Contacts
About Us
Partners
Branding Guideline
Settings
Sign in
MozillaFirefox

2852 matches found

CVE
CVEadded 2022/12/22 8:15 p.m.133 views

CVE-2022-34469

When a TLS Certificate error occurs on a domain protected by the HSTS header, the browser should not allow the user to bypass the certificate error. On Firefox for Android, the user was presented with the option to bypass the error; this could only have been done by the user explicitly. This bug on...

8.8CVSS8.1AI score0.00033EPSS
CVE
CVEadded 2022/12/22 8:15 p.m.133 views

CVE-2022-46877

By confusing the browser, the fullscreen notification could have been delayed or suppressed, resulting in potential user confusion or spoofing attacks. This vulnerability affects Firefox

4.3CVSS6.2AI score0.00453EPSS
CVE
CVEadded 2023/06/02 5:15 p.m.133 views

CVE-2023-25739

Module load requests that failed were not being checked as to whether or not they were cancelled causing a use-after-free in ScriptLoadContext. This vulnerability affects Firefox < 110, Thunderbird < 102.8, and Firefox ESR

8.8CVSS8.1AI score0.00147EPSS
CVE
CVEadded 2006/02/02 10:2 p.m.132 views

CVE-2006-0297

Multiple integer overflows in Mozilla Firefox 1.5, Thunderbird 1.5 if Javascript is enabled in mail, and SeaMonkey before 1.0 might allow remote attackers to execute arbitrary code via the (1) EscapeAttributeValue in jsxml.c for E4X, (2) nsSVGCairoSurface::Init in SVG, and (3) nsCanvasRenderingCont...

5.1CVSS7.3AI score0.10028EPSS
CVE
CVEadded 2012/11/21 12:55 p.m.132 views

CVE-2012-5829

Heap-based buffer overflow in the nsWindow::OnExposeEvent function in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 allows remote attackers to execute arbitrary code via unspecified vectors.

9.3CVSS9.2AI score0.06844EPSS
CVE
CVEadded 2014/07/23 11:12 a.m.132 views

CVE-2014-1544

Use-after-free vulnerability in the CERT_DestroyCertificate function in libnss3.so in Mozilla Network Security Services (NSS) 3.x, as used in Firefox before 31.0, Firefox ESR 24.x before 24.7, and Thunderbird before 24.7, allows remote attackers to execute arbitrary code via vectors that trigger ce...

10CVSS9.4AI score0.03216EPSS
CVE
CVEadded 2018/06/11 9:29 p.m.132 views

CVE-2016-9898

Use-after-free resulting in potentially exploitable crash when manipulating DOM subtrees in the Editor. This vulnerability affects Firefox < 50.1, Firefox ESR < 45.6, and Thunderbird

9.8CVSS8.9AI score0.03451EPSS
CVE
CVEadded 2018/06/11 9:29 p.m.132 views

CVE-2017-7778

A number of security vulnerabilities in the Graphite 2 library including out-of-bounds reads, buffer overflow reads and writes, and the use of uninitialized memory. These issues were addressed in Graphite 2 version 1.3.10. This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and Thund...

9.8CVSS8.6AI score0.02608EPSS
CVE
CVEadded 2018/06/11 9:29 p.m.132 views

CVE-2017-7792

A buffer overflow will occur when viewing a certificate in the certificate manager if the certificate has an extremely long object identifier (OID). This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox

9.8CVSS8.4AI score0.09561EPSS
CVE
CVEadded 2018/06/11 9:29 p.m.132 views

CVE-2017-7801

A use-after-free vulnerability can occur while re-computing layout for a "marquee" element during window resizing where the updated style object is freed while still in use. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and...

9.8CVSS8.3AI score0.03076EPSS
CVE
CVEadded 2021/08/17 8:15 p.m.132 views

CVE-2021-29983

Firefox for Android could get stuck in fullscreen mode and not exit it even after normal interactions that should cause it to exit. Note: This issue only affected Firefox for Android. Other operating systems are unaffected. . This vulnerability affects Firefox

6.5CVSS6.4AI score0.00292EPSS
CVE
CVEadded 2021/12/08 10:15 p.m.132 views

CVE-2021-38505

Microsoft introduced a new feature in Windows 10 known as Cloud Clipboard which, if enabled, will record data copied to the clipboard to the cloud, and make it available on other computers in certain scenarios. Applications that wish to prevent copied data from being recorded in Cloud History must ...

6.5CVSS6.7AI score0.00444EPSS
CVE
CVEadded 2022/12/22 8:15 p.m.132 views

CVE-2022-31745

If array shift operations are not used, the Garbage Collector may have become confused about valid objects. This vulnerability affects Firefox

4.3CVSS5.7AI score0.00135EPSS
CVE
CVEadded 2022/12/22 8:15 p.m.132 views

CVE-2022-38472

An attacker could have abused XSLT error handling to associate attacker-controlled content with another origin which was displayed in the address bar. This could have been used to fool the user into submitting data intended for the spoofed origin. This vulnerability affects Thunderbird < 102.2, ...

6.5CVSS7AI score0.00143EPSS
CVE
CVEadded 2023/06/02 5:15 p.m.132 views

CVE-2023-25737

An invalid downcast from nsTextNode to SVGElement could have lead to undefined behavior. This vulnerability affects Firefox < 110, Thunderbird < 102.8, and Firefox ESR

8.8CVSS8AI score0.00126EPSS
CVE
CVEadded 2025/06/11 12:15 p.m.132 views

CVE-2025-49710

An integer overflow was present in OrderedHashTable used by the JavaScript engine This vulnerability affects Firefox

9.8CVSS6.2AI score0.00067EPSS
CVE
CVEadded 2011/06/30 4:55 p.m.131 views

CVE-2011-2371

Integer overflow in the Array.reduceRight method in Mozilla Firefox before 3.6.18 and 4.x through 4.0.1, Thunderbird before 3.1.11, and SeaMonkey through 2.0.14 allows remote attackers to execute arbitrary code via vectors involving a long JavaScript Array object.

10CVSS9.7AI score0.87002EPSS
CVE
CVEadded 2018/06/11 9:29 p.m.131 views

CVE-2016-9895

Event handlers on "marquee" elements were executed despite a strict Content Security Policy (CSP) that disallowed inline JavaScript. This vulnerability affects Firefox < 50.1, Firefox ESR < 45.6, and Thunderbird

6.1CVSS7AI score0.00709EPSS
CVE
CVEadded 2021/02/26 3:15 a.m.131 views

CVE-2021-23955

The browser could have been confused into transferring a pointer lock state into another tab, which could have lead to clickjacking attacks. This vulnerability affects Firefox

6.1CVSS6.4AI score0.00238EPSS
CVE
CVEadded 2021/02/26 2:15 a.m.131 views

CVE-2021-23976

When accepting a malicious intent from other installed apps, Firefox for Android accepted manifests from arbitrary file paths and allowed declaring webapp manifests for other origins. This could be used to gain fullscreen access for UI spoofing and could also lead to cross-origin attacks on targete...

8.1CVSS5.4AI score0.00334EPSS
CVE
CVEadded 2022/12/22 8:15 p.m.131 views

CVE-2022-34482

An attacker who could have convinced a user to drag and drop an image to a filesystem could have manipulated the resulting filename to contain an executable extension, and by extension potentially tricked the user into executing malicious code. While very similar, this is a separate issue from CVE-...

8.8CVSS8.4AI score0.00195EPSS
CVE
CVEadded 2012/05/01 10:12 a.m.130 views

CVE-2011-3079

The Inter-process Communication (IPC) implementation in Google Chrome before 18.0.1025.168, as used in Mozilla Firefox before 38.0 and other products, does not properly validate messages, which has unspecified impact and attack vectors.

10CVSS6.8AI score0.00829EPSS
CVE
CVEadded 2018/06/11 9:29 p.m.130 views

CVE-2016-9901

HTML tags received from the Pocket server will be processed without sanitization and any JavaScript code executed will be run in the "about:pocket-saved" (unprivileged) page, giving it access to Pocket's messaging API through HTML injection. This vulnerability affects Firefox ESR < 45.6 and Fire...

9.8CVSS8.8AI score0.02223EPSS
CVE
CVEadded 2018/06/11 9:29 p.m.130 views

CVE-2017-7786

A buffer overflow can occur when the image renderer attempts to paint non-displayable SVG elements. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox

9.8CVSS8.3AI score0.11011EPSS
CVE
CVEadded 2023/06/02 5:15 p.m.130 views

CVE-2023-25732

When encoding data from an inputStream in xpcom the size of the input being encoded was not correctly calculated potentially leading to an out of bounds memory write. This vulnerability affects Firefox < 110, Thunderbird < 102.8, and Firefox ESR

8.8CVSS8.2AI score0.00143EPSS
CVE
CVEadded 2025/05/17 10:15 p.m.130 views

CVE-2025-4919

An attacker was able to perform an out-of-bounds read or write on a JavaScript object by confusing array index sizes. This vulnerability affects Firefox < 138.0.4, Firefox ESR < 128.10.1, Firefox ESR < 115.23.1, Thunderbird < 128.10.2, and Thunderbird

8.8CVSS7.9AI score0.00042EPSS
CVE
CVEadded 2018/06/11 9:29 p.m.129 views

CVE-2017-5439

A use-after-free vulnerability during XSLT processing due to poor handling of template parameters. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox

9.8CVSS8.3AI score0.02016EPSS
CVE
CVEadded 2018/06/11 9:29 p.m.129 views

CVE-2017-7800

A use-after-free vulnerability can occur in WebSockets when the object holding the connection is freed before the disconnection operation is finished. This results in an exploitable crash. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox

9.8CVSS8.2AI score0.05637EPSS
CVE
CVEadded 2023/06/02 5:15 p.m.129 views

CVE-2023-25743

A lack of in app notification for entering fullscreen mode could have lead to a malicious website spoofing browser chrome.This bug only affects Firefox Focus. Other versions of Firefox are unaffected. . This vulnerability affects Firefox < 110 and Firefox ESR

7.5CVSS7.2AI score0.00079EPSS
CVE
CVEadded 2023/10/25 6:17 p.m.129 views

CVE-2023-5727

The executable file warning was not presented when downloading .msix, .msixbundle, .appx, and .appxbundle files, which can run commands on a user's computer.Note: This issue only affected Windows operating systems. Other operating systems are unaffected. This vulnerability affects Firefox < 119,...

6.5CVSS6.9AI score0.00162EPSS
CVE
CVEadded 2013/06/26 3:19 a.m.128 views

CVE-2013-1682

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbird before 17.0.7, and Thunderbird ESR 17.x before 17.0.7 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly exec...

10CVSS7.7AI score0.01266EPSS
CVE
CVEadded 2018/06/11 9:29 p.m.128 views

CVE-2016-9074

An existing mitigation of timing side-channel attacks is insufficient in some circumstances. This issue is addressed in Network Security Services (NSS) 3.26.1. This vulnerability affects Thunderbird < 45.5, Firefox ESR < 45.5, and Firefox

5.9CVSS6.5AI score0.01294EPSS
CVE
CVEadded 2018/06/11 9:29 p.m.128 views

CVE-2017-5432

A use-after-free vulnerability occurs during certain text input selection resulting in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox

9.8CVSS8.3AI score0.02016EPSS
CVE
CVEadded 2018/06/11 9:29 p.m.128 views

CVE-2017-5438

A use-after-free vulnerability during XSLT processing due to the result handler being held by a freed handler during handling. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox

9.8CVSS8.3AI score0.02016EPSS
CVE
CVEadded 2018/06/11 9:29 p.m.128 views

CVE-2017-5445

A vulnerability while parsing "application/http-index-format" format content where uninitialized values are used to create an array. This could allow the reading of uninitialized memory into the arrays affected. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR &l...

7.5CVSS7.9AI score0.02252EPSS
CVE
CVEadded 2018/06/11 9:29 p.m.128 views

CVE-2017-7787

Same-origin policy protections can be bypassed on pages with embedded iframes during page reloads, allowing the iframes to access content on the top level page, leading to information disclosure. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox

7.5CVSS7.6AI score0.01031EPSS
CVE
CVEadded 2018/06/11 9:29 p.m.128 views

CVE-2017-7809

A use-after-free vulnerability can occur when an editor DOM node is deleted prematurely during tree traversal while still bound to the document. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox

9.8CVSS8.2AI score0.03042EPSS
CVE
CVEadded 2018/06/11 9:29 p.m.128 views

CVE-2017-7843

When Private Browsing mode is used, it is possible for a web worker to write persistent data to IndexedDB and fingerprint a user uniquely. IndexedDB should not be available in Private Browsing mode and this stored data will persist across multiple private browsing mode sessions because it is not cl...

7.5CVSS6.7AI score0.01115EPSS
CVE
CVEadded 2019/02/28 6:29 p.m.128 views

CVE-2018-12406

Mozilla developers and community members reported memory safety bugs present in Firefox 63. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox

8.8CVSS8AI score0.00442EPSS
CVE
CVEadded 2021/02/26 3:15 a.m.128 views

CVE-2021-23956

An ambiguous file picker design could have confused users who intended to select and upload a single file into uploading a whole directory. This was addressed by adding a new prompt. This vulnerability affects Firefox

6.5CVSS6.5AI score0.00284EPSS
CVE
CVEadded 2022/12/22 8:15 p.m.128 views

CVE-2022-34483

An attacker who could have convinced a user to drag and drop an image to a filesystem could have manipulated the resulting filename to contain an executable extension, and by extension potentially tricked the user into executing malicious code. While very similar, this is a separate issue from CVE-...

8.8CVSS8.4AI score0.00195EPSS
CVE
CVEadded 2022/12/22 8:15 p.m.128 views

CVE-2022-36318

When visiting directory listings for chrome:// URLs as source text, some parameters were reflected. This vulnerability affects Firefox ESR < 102.1, Firefox ESR < 91.12, Firefox < 103, Thunderbird < 102.1, and Thunderbird

5.3CVSS6.3AI score0.00199EPSS
CVE
CVEadded 2023/06/02 5:15 p.m.128 views

CVE-2023-25742

When importing a SPKI RSA public key as ECDSA P-256, the key would be handled incorrectly causing the tab to crash. This vulnerability affects Firefox < 110, Thunderbird < 102.8, and Firefox ESR

6.5CVSS6.6AI score0.00099EPSS
CVE
CVEadded 2023/10/25 6:17 p.m.128 views

CVE-2023-5726

A website could have obscured the full screen notification by using the file open dialog. This could have led to user confusion and possible spoofing attacks.Note: This issue only affected macOS operating systems. Other operating systems are unaffected. This vulnerability affects Firefox < 119, ...

4.3CVSS5.3AI score0.00136EPSS
CVE
CVEadded 2006/02/02 8:6 p.m.127 views

CVE-2006-0294

Mozilla Firefox before 1.5.0.1, Thunderbird 1.5 if running Javascript in mail, and SeaMonkey before 1.0 allow remote attackers to execute arbitrary code by changing an element's style from position:relative to position:static, which causes Gecko to operate on freed memory.

7.5CVSS7.3AI score0.07642EPSS
CVE
CVEadded 2012/06/05 11:55 p.m.127 views

CVE-2012-0441

The ASN.1 decoder in the QuickDER decoder in Mozilla Network Security Services (NSS) before 3.13.4, as used in Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey before 2.10, allows remote attackers to cause a de...

5CVSS9.1AI score0.03581EPSS
CVE
CVEadded 2015/04/01 10:59 a.m.127 views

CVE-2015-0801

Mozilla Firefox before 37.0, Firefox ESR 31.x before 31.6, and Thunderbird before 31.6 allow remote attackers to bypass the Same Origin Policy and execute arbitrary JavaScript code with chrome privileges via vectors involving anchor navigation, a similar issue to CVE-2015-0818.

7.5CVSS9.6AI score0.01278EPSS
CVE
CVEadded 2018/06/11 9:29 p.m.127 views

CVE-2017-5434

A use-after-free vulnerability occurs when redirecting focus handling which results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox

9.8CVSS8.3AI score0.02016EPSS
CVE
CVEadded 2018/06/11 9:29 p.m.127 views

CVE-2017-5465

An out-of-bounds read while processing SVG content in "ConvolvePixel". This results in a crash and also allows for otherwise inaccessible memory being copied into SVG graphic content, which could then displayed. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR &l...

9.1CVSS7.9AI score0.17854EPSS
Web
CVE
CVEadded 2018/06/11 9:29 p.m.127 views

CVE-2017-7785

A buffer overflow can occur when manipulating Accessible Rich Internet Applications (ARIA) attributes within the DOM. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox

9.8CVSS8.4AI score0.10902EPSS
Total number of security vulnerabilities2852