Lucene search

K
MozillaFirefox

2852 matches found

CVE
CVE
added 2021/08/05 8:15 p.m.111 views

CVE-2021-29975

Through a series of DOM manipulations, a message, over which the attacker had control of the text but not HTML or formatting, could be overlaid on top of another domain (with the new domain correctly shown in the address bar) resulting in possible user confusion. This vulnerability affects Firefox

6.5CVSS6.5AI score0.00391EPSS
CVE
CVE
added 2021/11/03 1:15 a.m.111 views

CVE-2021-29993

Firefox for Android allowed navigations through the intent:// protocol, which could be used to cause crashes and UI spoofs. This bug only affects Firefox for Android. Other operating systems are unaffected. . This vulnerability affects Firefox

8.1CVSS7.2AI score0.00401EPSS
CVE
CVE
added 2022/12/22 8:15 p.m.111 views

CVE-2022-34476

ASN.1 parsing of an indefinite SEQUENCE inside an indefinite GROUP could have resulted in the parser accepting malformed ASN.1. This vulnerability affects Firefox

9.8CVSS8.7AI score0.00265EPSS
CVE
CVE
added 2022/12/22 8:15 p.m.111 views

CVE-2022-38475

An attacker could have written a value to the first element in a zero-length JavaScript array. Although the array was zero-length, the value was not written to an invalid memory address. This vulnerability affects Firefox

6.5CVSS6.5AI score0.00132EPSS
CVE
CVE
added 2023/06/02 5:15 p.m.111 views

CVE-2023-23606

Memory safety bugs present in Firefox 108. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox

8.8CVSS9AI score0.00159EPSS
CVE
CVE
added 2023/06/19 10:15 a.m.111 views

CVE-2023-29531

An attacker could have caused an out of bounds memory access using WebGL APIs, leading to memory corruption and a potentially exploitable crash. This bug only affects Firefox and Thunderbird for macOS. Other operating systems are unaffected. This vulnerability affects Firefox < 112, Firefox ESR ...

9.8CVSS9AI score0.00954EPSS
CVE
CVE
added 2023/06/02 5:15 p.m.111 views

CVE-2023-32213

When reading a file, an uninitialized value could have been used as read limit. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird

8.8CVSS8.1AI score0.00177EPSS
CVE
CVE
added 2023/07/05 9:15 a.m.111 views

CVE-2023-37202

Cross-compartment wrappers wrapping a scripted proxy could have caused objects from other compartments to be stored in the main compartment resulting in a use-after-free. This vulnerability affects Firefox < 115, Firefox ESR < 102.13, and Thunderbird

8.8CVSS8AI score0.0039EPSS
CVE
CVE
added 2024/03/19 12:15 p.m.111 views

CVE-2024-2606

Passing invalid data could have led to invalid wasm values being created, such as arbitrary integers turning into pointer values. This vulnerability affects Firefox

3.7CVSS5.8AI score0.00222EPSS
CVE
CVE
added 2025/04/01 1:15 p.m.111 views

CVE-2025-3028

JavaScript code running while transforming a document with the XSLTProcessor could lead to a use-after-free. This vulnerability affects Firefox < 137, Firefox ESR < 115.22, Firefox ESR < 128.9, Thunderbird < 137, and Thunderbird

6.5CVSS6.4AI score0.00182EPSS
CVE
CVE
added 2012/08/29 10:56 a.m.110 views

CVE-2012-3959

Use-after-free vulnerability in the nsRangeUpdater::SelAdjDeleteNode function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code or cause a denial of...

10CVSS9.5AI score0.0352EPSS
CVE
CVE
added 2013/04/03 11:56 a.m.110 views

CVE-2013-0788

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 20.0, Firefox ESR 17.x before 17.0.5, Thunderbird before 17.0.5, Thunderbird ESR 17.x before 17.0.5, and SeaMonkey before 2.17 allow remote attackers to cause a denial of service (memory corruption and application ...

10CVSS9.9AI score0.01351EPSS
CVE
CVE
added 2014/03/19 10:55 a.m.110 views

CVE-2014-1510

The Web IDL implementation in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allows remote attackers to execute arbitrary JavaScript code with chrome privileges by using an IDL fragment to trigger a window.open call.

9.8CVSS9.2AI score0.75716EPSS
CVE
CVE
added 2016/03/13 6:59 p.m.110 views

CVE-2016-2796

Heap-based buffer overflow in the graphite2::vm::Machine::Code::Code function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted Graphite sm...

8.8CVSS7.6AI score0.00683EPSS
CVE
CVE
added 2018/06/11 9:29 p.m.110 views

CVE-2017-5428

An integer overflow in "createImageBitmap()" was reported through the Pwn2Own contest. The fix for this vulnerability disables the experimental extensions to the "createImageBitmap" API. This function runs in the content sandbox, requiring a second vulnerability to compromise a user's computer. Thi...

9.8CVSS8.8AI score0.03363EPSS
CVE
CVE
added 2018/10/18 1:29 p.m.110 views

CVE-2018-12368

Windows 10 does not warn users before opening executable files with the SettingContent-ms extension even when they have been downloaded from the internet and have the "Mark of the Web." Without the warning, unsuspecting users unfamiliar with this new file type might run an unwanted executable. This...

9.3CVSS8AI score0.02011EPSS
CVE
CVE
added 2018/10/18 1:29 p.m.110 views

CVE-2018-12370

In Reader View SameSite cookie protections are not checked on exiting. This allows for a payload to be triggered when Reader View is exited if loaded by a malicious site while Reader mode is active, bypassing CSRF protections. This vulnerability affects Firefox

8.8CVSS7.9AI score0.00384EPSS
CVE
CVE
added 2019/02/28 6:29 p.m.110 views

CVE-2018-12403

If a site is loaded over a HTTPS connection but loads a favicon resource over HTTP, the mixed content warning is not displayed to users. This vulnerability affects Firefox

5.3CVSS6.1AI score0.00435EPSS
CVE
CVE
added 2019/07/23 2:15 p.m.110 views

CVE-2019-11697

If the ALT and "a" keys are pressed when users receive an extension installation prompt, the extension will be installed without the install prompt delay that keeps the prompt visible in order for users to accept or decline the installation. A malicious web page could use this with spoofing on the ...

6.5CVSS4.7AI score0.00203EPSS
CVE
CVE
added 2020/07/09 3:15 p.m.110 views

CVE-2020-12411

Mozilla developers reported memory safety bugs present in Firefox 76. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox

9.3CVSS8.9AI score0.00465EPSS
CVE
CVE
added 2022/12/22 8:15 p.m.110 views

CVE-2022-38473

A cross-origin iframe referencing an XSLT document would inherit the parent domain's permissions (such as microphone or camera access). This vulnerability affects Thunderbird < 102.2, Thunderbird < 91.13, Firefox ESR < 91.13, Firefox ESR < 102.2, and Firefox

8.8CVSS8.3AI score0.00253EPSS
CVE
CVE
added 2022/12/22 8:15 p.m.110 views

CVE-2022-45419

If the user added a security exception for an invalid TLS certificate, opened an ongoing TLS connection with a server that used that certificate, and then deleted the exception, Firefox would have kept the connection alive, making it seem like the certificate was still trusted. This vulnerability a...

6.5CVSS7AI score0.00113EPSS
CVE
CVE
added 2023/06/02 5:15 p.m.110 views

CVE-2023-28161

If temporary "one-time" permissions, such as the ability to use the Camera, were granted to a document loaded using a file: URL, that permission persisted in that tab for all other documents loaded from a file: URL. This is potentially dangerous if the local files came from different sources, such ...

8.8CVSS7.8AI score0.00116EPSS
CVE
CVE
added 2023/07/05 9:15 a.m.110 views

CVE-2023-37201

An attacker could have triggered a use-after-free condition when creating a WebRTC connection over HTTPS. This vulnerability affects Firefox < 115, Firefox ESR < 102.13, and Thunderbird

8.8CVSS8.1AI score0.00486EPSS
CVE
CVE
added 2023/11/21 3:15 p.m.110 views

CVE-2023-6204

On some systems—depending on the graphics settings and drivers—it was possible to force an out-of-bounds read and leak memory data into the images created on the canvas element. This vulnerability affects Firefox < 120, Firefox ESR < 115.5.0, and Thunderbird

6.5CVSS6.7AI score0.00303EPSS
CVE
CVE
added 2009/07/01 1:0 p.m.109 views

CVE-2009-0689

Array index error in the (1) dtoa implementation in dtoa.c (aka pdtoa.c) and the (2) gdtoa (aka new dtoa) implementation in gdtoa/misc.c in libc, as used in multiple operating systems and products including in FreeBSD 6.4 and 7.2, NetBSD 5.0, OpenBSD 4.5, Mozilla Firefox 3.0.x before 3.0.15 and 3.5...

6.8CVSS7.5AI score0.41051EPSS
CVE
CVE
added 2009/04/22 6:30 p.m.109 views

CVE-2009-1307

The view-source: URI implementation in Mozilla Firefox before 3.0.9, Thunderbird, and SeaMonkey does not properly implement the Same Origin Policy, which allows remote attackers to (1) bypass crossdomain.xml restrictions and connect to arbitrary web sites via a Flash file; (2) read, create, or modi...

6.8CVSS9.2AI score0.01373EPSS
CVE
CVE
added 2011/09/29 12:55 a.m.109 views

CVE-2011-2372

Mozilla Firefox before 3.6.23 and 4.x through 6, Thunderbird before 7.0, and SeaMonkey before 2.4 do not prevent the starting of a download in response to the holding of the Enter key, which allows user-assisted remote attackers to bypass intended access restrictions via a crafted web site.

3.5CVSS9.1AI score0.00429EPSS
CVE
CVE
added 2014/02/06 5:44 a.m.109 views

CVE-2014-1490

Race condition in libssl in Mozilla Network Security Services (NSS) before 3.15.4, as used in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, SeaMonkey before 2.24, and other products, allows remote attackers to cause a denial of service (use-after-free) or possi...

9.3CVSS8.8AI score0.00915EPSS
CVE
CVE
added 2015/07/06 2:1 a.m.109 views

CVE-2015-2739

The ArrayBufferBuilder::append function in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and Thunderbird before 38.1 accesses unintended memory locations, which has unspecified impact and attack vectors.

10CVSS4.4AI score0.00748EPSS
CVE
CVE
added 2015/12/16 11:59 a.m.109 views

CVE-2015-7201

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.5 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

10CVSS8.6AI score0.01913EPSS
CVE
CVE
added 2016/03/13 6:59 p.m.109 views

CVE-2016-1979

Use-after-free vulnerability in the PK11_ImportDERPrivateKeyInfoAndReturnKey function in Mozilla Network Security Services (NSS) before 3.21.1, as used in Mozilla Firefox before 45.0, allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted key data...

8.8CVSS9.1AI score0.00905EPSS
CVE
CVE
added 2018/06/11 9:29 p.m.109 views

CVE-2016-5297

An error in argument length checking in JavaScript, leading to potential integer overflows or other bounds checking issues. This vulnerability affects Thunderbird < 45.5, Firefox ESR < 45.5, and Firefox

9.8CVSS7.8AI score0.01914EPSS
CVE
CVE
added 2018/06/11 9:29 p.m.109 views

CVE-2017-5429

Memory safety bugs were reported in Firefox 52, Firefox ESR 45.8, Firefox ESR 52, and Thunderbird 52. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird &l...

9.8CVSS9AI score0.02016EPSS
CVE
CVE
added 2018/10/18 1:29 p.m.109 views

CVE-2018-12375

Memory safety bugs present in Firefox 61. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox

8.8CVSS7.7AI score0.01957EPSS
CVE
CVE
added 2019/02/28 6:29 p.m.109 views

CVE-2018-12399

When a new protocol handler is registered, the API accepts a title argument which can be used to mislead users about which domain is registering the new protocol. This may result in the user approving a protocol handler that they otherwise would not have. This vulnerability affects Firefox

4.3CVSS5.5AI score0.00353EPSS
CVE
CVE
added 2018/06/11 9:29 p.m.109 views

CVE-2018-5151

Memory safety bugs were reported in Firefox 59. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox

10CVSS7.6AI score0.04615EPSS
CVE
CVE
added 2018/06/11 9:29 p.m.109 views

CVE-2018-5173

The filename appearing in the "Downloads" panel improperly renders some Unicode characters, allowing for the file name to be spoofed. This can be used to obscure the file extension of potentially executable files from user view in the panel. Note: the dialog to open the file will show the full, cor...

5.3CVSS6.2AI score0.00927EPSS
CVE
CVE
added 2020/01/08 9:15 p.m.109 views

CVE-2019-17000

An object tag with a data URI did not correctly inherit the document's Content Security Policy. This allowed a CSP bypass in a cross-origin frame if the document's policy explicitly allowed data: URIs. This vulnerability affects Firefox

6.1CVSS6.3AI score0.00162EPSS
CVE
CVE
added 2020/01/08 10:15 p.m.109 views

CVE-2019-17014

If an image had not loaded correctly (such as when it is not actually an image), it could be dragged and dropped cross-domain, resulting in a cross-origin information leak. This vulnerability affects Firefox

7.4CVSS7.1AI score0.00344EPSS
CVE
CVE
added 2021/02/26 3:15 a.m.109 views

CVE-2021-23962

Incorrect use of the '' method could have led to a user-after-poison and a potentially exploitable crash. This vulnerability affects Firefox

8.8CVSS8AI score0.00342EPSS
CVE
CVE
added 2023/06/02 5:15 p.m.109 views

CVE-2023-25734

After downloading a Windows .url shortcut from the local filesystem, an attacker could supply a remote path that would lead to unexpected network requests from the operating system. This also had the potential to leak NTLM credentials to the resource.This bug only affects Firefox on Windows. Other ...

8.1CVSS7AI score0.00168EPSS
CVE
CVE
added 2023/06/02 5:15 p.m.109 views

CVE-2023-28177

Memory safety bugs present in Firefox 110. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox

8.8CVSS9AI score0.00224EPSS
CVE
CVE
added 2015/07/06 2:1 a.m.108 views

CVE-2015-2734

The CairoTextureClientD3D9::BorrowDrawTarget function in the Direct3D 9 implementation in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and Thunderbird before 38.1 reads data from uninitialized memory locations, which has unspecified impact and attack vectors.

10CVSS4.4AI score0.00945EPSS
CVE
CVE
added 2015/11/05 5:59 a.m.108 views

CVE-2015-7198

Buffer overflow in the rx::TextureStorage11 class in ANGLE, as used in Mozilla Firefox before 42.0 and Firefox ESR 38.x before 38.4, allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via crafted texture data.

7.5CVSS9.8AI score0.0387EPSS
CVE
CVE
added 2015/11/05 5:59 a.m.108 views

CVE-2015-7199

The (1) AddWeightedPathSegLists and (2) SVGPathSegListSMILType::Interpolate functions in Mozilla Firefox before 42.0 and Firefox ESR 38.x before 38.4 lack status checking, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a ...

7.5CVSS9.5AI score0.02497EPSS
CVE
CVE
added 2016/03/13 6:59 p.m.108 views

CVE-2016-2797

The graphite2::TtfUtil::CmapSubtable12Lookup function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted Graphite smart f...

8.8CVSS7.3AI score0.00787EPSS
CVE
CVE
added 2018/06/11 9:29 p.m.108 views

CVE-2017-7749

A use-after-free vulnerability when using an incorrect URL during the reloading of a docshell. This results in a potentially exploitable crash. This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and Thunderbird

9.8CVSS8.1AI score0.03594EPSS
CVE
CVE
added 2021/03/31 2:15 p.m.108 views

CVE-2021-23988

Mozilla developers reported memory safety bugs present in Firefox 86. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox

8.8CVSS8.9AI score0.00323EPSS
CVE
CVE
added 2021/06/24 2:15 p.m.108 views

CVE-2021-29961

When styling and rendering an oversized element, Firefox did not apply correct clipping which allowed an attacker to paint over the user interface. This vulnerability affects Firefox

4.3CVSS5.2AI score0.00316EPSS
Total number of security vulnerabilities2852