Lucene search

K
MozillaFirefox

2852 matches found

CVE
CVE
added 2024/11/26 2:15 p.m.246 views

CVE-2024-11702

Copying sensitive information from Private Browsing tabs on Android, such as passwords, may have inadvertently stored data in the cloud-based clipboard history if enabled. This vulnerability affects Firefox < 133 and Thunderbird

7.5CVSS5.7AI score0.00163EPSS
CVE
CVE
added 2024/06/11 1:15 p.m.246 views

CVE-2024-5687

If a specific sequence of actions is performed when opening a new tab, the triggering principal associated with the new tab may have been incorrect. The triggering principal is used to calculate many values, including the Referer and Sec-* headers, meaning there is the potential for incorrect secur...

5.3CVSS6.3AI score0.00584EPSS
CVE
CVE
added 2024/07/09 3:15 p.m.246 views

CVE-2024-6605

Firefox Android allowed immediate interaction with permission prompts. This could be used for tapjacking. This vulnerability affects Firefox

8.8CVSS6.3AI score0.00415EPSS
CVE
CVE
added 2025/01/07 4:15 p.m.246 views

CVE-2025-0244

When redirecting to an invalid protocol scheme, an attacker could spoof the address bar.Note: This issue only affected Android operating systems. Other operating systems are unaffected. This vulnerability affects Firefox

5.3CVSS5.8AI score0.00158EPSS
CVE
CVE
added 2019/07/23 2:15 p.m.245 views

CVE-2019-9816

A possible vulnerability exists where type confusion can occur when manipulating JavaScript objects in object groups, allowing for the bypassing of security checks within these groups. Note: this vulnerability has only been demonstrated with UnboxedObjects, which are disabled by default on all supp...

5.9CVSS6AI score0.38245EPSS
CVE
CVE
added 2020/07/09 3:15 p.m.245 views

CVE-2020-12406

Mozilla Developer Iain Ireland discovered a missing type check during unboxed objects removal, resulting in a crash. We presume that with enough effort that it could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 68.9.0, Firefox < 77, and Firefox ESR

9.3CVSS8.3AI score0.00342EPSS
CVE
CVE
added 2024/10/29 1:15 p.m.245 views

CVE-2024-10463

Video frames could have been leaked between origins in some situations. This vulnerability affects Firefox < 132, Firefox ESR < 128.4, Firefox ESR < 115.17, Thunderbird < 128.4, and Thunderbird

7.5CVSS6.3AI score0.00176EPSS
CVE
CVE
added 2024/10/29 1:15 p.m.245 views

CVE-2024-10465

A clipboard "paste" button could persist across tabs which allowed a spoofing attack. This vulnerability affects Firefox < 132, Firefox ESR < 128.4, Thunderbird < 128.4, and Thunderbird

7.5CVSS6AI score0.00164EPSS
CVE
CVE
added 2025/01/07 4:15 p.m.245 views

CVE-2025-0245

Under certain circumstances, a user opt-in setting that Focus should require authentication before use could have been be bypassed. This vulnerability affects Firefox

3.3CVSS6.6AI score0.0003EPSS
CVE
CVE
added 2020/05/26 6:15 p.m.244 views

CVE-2020-12388

The Firefox content processes did not sufficiently lockdown access control which could result in a sandbox escape. Note: this issue only affects Firefox on Windows operating systems. . This vulnerability affects Firefox ESR < 68.8 and Firefox

10CVSS8.8AI score0.01503EPSS
CVE
CVE
added 2021/06/24 2:15 p.m.244 views

CVE-2021-24002

When a user clicked on an FTP URL containing encoded newline characters (%0A and %0D), the newlines would have been interpreted as such and allowed arbitrary commands to be sent to the FTP server. This vulnerability affects Firefox ESR < 78.10, Thunderbird < 78.10, and Firefox

8.8CVSS6.5AI score0.00122EPSS
CVE
CVE
added 2021/06/24 2:15 p.m.244 views

CVE-2021-29955

A transient execution vulnerability, named Floating Point Value Injection (FPVI) allowed an attacker to leak arbitrary memory addresses and may have also enabled JIT type confusion attacks. (A related vulnerability, Speculative Code Store Bypass (SCSB), did not affect Firefox.). This vulnerability ...

5.3CVSS6.1AI score0.00884EPSS
CVE
CVE
added 2024/10/29 1:15 p.m.244 views

CVE-2024-10467

Memory safety bugs present in Firefox 131, Firefox ESR 128.3, and Thunderbird 128.3. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 132, Firefox ESR...

9.8CVSS7.3AI score0.00305EPSS
CVE
CVE
added 2024/06/13 8:15 p.m.244 views

CVE-2024-38313

In certain scenarios a malicious website could attempt to display a fake location URL bar which could mislead users as to the actual website address This vulnerability affects Firefox for iOS

4.3CVSS6.3AI score0.003EPSS
CVE
CVE
added 2024/06/11 1:15 p.m.244 views

CVE-2024-5694

An attacker could have caused a use-after-free in the JavaScript engine to read memory in the JavaScript string section of the heap. This vulnerability affects Firefox

7.5CVSS6.2AI score0.00416EPSS
CVE
CVE
added 2024/07/09 3:15 p.m.244 views

CVE-2024-6608

It was possible to move the cursor using pointerlock from an iframe. This allowed moving the cursor outside of the viewport and the Firefox window. This vulnerability affects Firefox < 128 and Thunderbird

4.3CVSS8.6AI score0.00125EPSS
CVE
CVE
added 2024/08/06 1:15 p.m.244 views

CVE-2024-7531

Calling PK11_Encrypt() in NSS using CKM_CHACHA20 and the same buffer for input and output can result in plaintext on an Intel Sandy Bridge processor. In Firefox this only affects the QUIC header protection feature when the connection is using the ChaCha20-Poly1305 cipher suite. The most likely outc...

6.5CVSS6.4AI score0.00112EPSS
CVE
CVE
added 2025/02/04 2:15 p.m.244 views

CVE-2025-1018

The fullscreen notification is prematurely hidden when fullscreen is re-requested quickly by the user. This could have been leveraged to perform a potential spoofing attack. This vulnerability affects Firefox < 135 and Thunderbird

7.3CVSS6.2AI score0.00078EPSS
CVE
CVE
added 2019/02/05 9:29 p.m.243 views

CVE-2018-18501

Mozilla developers and community members reported memory safety bugs present in Firefox 64 and Firefox ESR 60.4. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thu...

9.8CVSS8AI score0.02592EPSS
CVE
CVE
added 2024/11/26 2:15 p.m.243 views

CVE-2024-11700

Malicious websites may have been able to perform user intent confirmation through tapjacking. This could have led to users unknowingly approving the launch of external applications, potentially exposing them to underlying vulnerabilities. This vulnerability affects Firefox < 133 and Thunderbird

8.1CVSS7.5AI score0.00099EPSS
CVE
CVE
added 2024/09/03 1:15 p.m.243 views

CVE-2024-8387

Memory safety bugs present in Firefox 129, Firefox ESR 128.1, and Thunderbird 128.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 130, Firefox ESR...

9.8CVSS9.8AI score0.00787EPSS
CVE
CVE
added 2024/10/01 4:15 p.m.243 views

CVE-2024-9402

Memory safety bugs present in Firefox 130, Firefox ESR 128.2, and Thunderbird 128.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 131, Firefox ESR...

9.8CVSS7.5AI score0.00647EPSS
CVE
CVE
added 2020/03/25 10:15 p.m.242 views

CVE-2020-6807

When a device was changed while a stream was about to be destroyed, the stream-reinit task may have been executed after the stream was destroyed, causing a use-after-free and a potentially exploitable crash. This vulnerability affects Thunderbird < 68.6, Firefox < 74, Firefox < ESR68.6, an...

8.8CVSS9AI score0.01421EPSS
CVE
CVE
added 2023/09/11 9:15 a.m.242 views

CVE-2023-4579

Search queries in the default search engine could appear to have been the currently navigated URL if the search query itself was a well formed URL. This could have led to a site spoofing another if it had been maliciously set as the default search engine. This vulnerability affects Firefox

3.1CVSS5AI score0.00167EPSS
CVE
CVE
added 2024/08/06 1:15 p.m.242 views

CVE-2024-7522

Editor code failed to check an attribute value. This could have led to an out-of-bounds read. This vulnerability affects Firefox < 129, Firefox ESR < 115.14, Firefox ESR < 128.1, Thunderbird < 128.1, and Thunderbird

9.1CVSS8.9AI score0.00444EPSS
CVE
CVE
added 2024/09/03 1:15 p.m.242 views

CVE-2024-8382

Internal browser event interfaces were exposed to web content when privileged EventHandler listener callbacks ran for those events. Web content that tried to use those interfaces would not be able to use them with elevated privileges, but their presence would indicate certain browser features had b...

8.8CVSS8.3AI score0.0035EPSS
CVE
CVE
added 2024/10/01 4:15 p.m.242 views

CVE-2024-9399

A website configured to initiate a specially crafted WebTransport session could crash the Firefox process leading to a denial of service condition. This vulnerability affects Firefox < 131, Firefox ESR < 128.3, Thunderbird < 128.3, and Thunderbird

7.5CVSS6.1AI score0.0086EPSS
CVE
CVE
added 2025/01/07 4:15 p.m.242 views

CVE-2025-0243

Memory safety bugs present in Firefox 133, Thunderbird 133, Firefox ESR 128.5, and Thunderbird 128.5. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox <...

5.1CVSS6.8AI score0.00058EPSS
CVE
CVE
added 2021/02/26 4:15 p.m.241 views

CVE-2021-23978

Mozilla developers reported memory safety bugs present in Firefox 85 and Firefox ESR 78.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 86, Thunde...

8.8CVSS9.1AI score0.00754EPSS
CVE
CVE
added 2023/06/02 5:15 p.m.241 views

CVE-2023-23602

A mishandled security check when creating a WebSocket in a WebWorker caused the Content Security Policy connect-src header to be ignored. This could lead to connections to restricted origins from inside WebWorkers. This vulnerability affects Firefox < 109, Thunderbird < 102.7, and Firefox ESR

6.5CVSS6.6AI score0.00129EPSS
CVE
CVE
added 2024/11/26 2:15 p.m.241 views

CVE-2024-11706

A null pointer dereference may have inadvertently occurred in pk12util, and specifically in the SEC_ASN1DecodeItem_Util function, when handling malformed or improperly formatted input files. This vulnerability affects Firefox < 133 and Thunderbird

6.5CVSS6.3AI score0.00138EPSS
CVE
CVE
added 2024/09/03 1:15 p.m.241 views

CVE-2024-8384

The JavaScript garbage collector could mis-color cross-compartment objects if OOM conditions were detected at the right point between two passes. This could have led to memory corruption. This vulnerability affects Firefox < 130, Firefox ESR < 128.2, Firefox ESR < 115.15, Thunderbird < ...

9.8CVSS8.8AI score0.00862EPSS
CVE
CVE
added 2024/10/01 4:15 p.m.241 views

CVE-2024-9394

An attacker could, via a specially crafted multipart response, execute arbitrary JavaScript under the resource://devtools origin. This could allow them to access cross-origin JSON content. This access is limited to "same site" documents by the Site Isolation feature on desktop clients, but full cro...

7.5CVSS6.5AI score0.00192EPSS
CVE
CVE
added 2025/01/07 4:15 p.m.241 views

CVE-2025-0246

When using an invalid protocol scheme, an attacker could spoof the address bar.Note: This issue only affected Android operating systems. Other operating systems are unaffected. *Note: This issue is a different issue from CVE-2025-0244. This vulnerability affects Firefox

6.5CVSS5.8AI score0.00158EPSS
CVE
CVE
added 2025/02/04 2:15 p.m.241 views

CVE-2025-1019

The z-order of the browser windows could be manipulated to hide the fullscreen notification. This could potentially be leveraged to perform a spoofing attack. This vulnerability affects Firefox < 135 and Thunderbird

4.3CVSS6.1AI score0.00059EPSS
CVE
CVE
added 2015/11/05 5:59 a.m.240 views

CVE-2015-7182

Heap-based buffer overflow in the ASN.1 decoder in Mozilla Network Security Services (NSS) before 3.19.2.1 and 3.20.x before 3.20.1, as used in Firefox before 42.0 and Firefox ESR 38.x before 38.4 and other products, allows remote attackers to cause a denial of service (application crash) or possib...

9.8CVSS10AI score0.18408EPSS
CVE
CVE
added 2020/01/08 9:15 p.m.240 views

CVE-2019-11764

Mozilla developers and community members reported memory safety bugs present in Firefox 69 and Firefox ESR 68.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could be exploited to run arbitrary code. This vulnerability affects Firefox ...

8.8CVSS9.1AI score0.01071EPSS
CVE
CVE
added 2020/01/08 10:15 p.m.240 views

CVE-2019-17017

Due to a missing case handling object types, a type confusion vulnerability could occur, resulting in a crash. We presume that with enough effort that it could be exploited to run arbitrary code. This vulnerability affects Firefox ESR < 68.4 and Firefox

8.8CVSS8.2AI score0.0142EPSS
CVE
CVE
added 2021/06/24 2:15 p.m.240 views

CVE-2021-23997

Due to unexpected data type conversions, a use-after-free could have occurred when interacting with the font cache. We presume that with enough effort this could have been exploited to run arbitrary code. This vulnerability affects Firefox

8.8CVSS6.4AI score0.00349EPSS
CVE
CVE
added 2024/10/01 4:15 p.m.240 views

CVE-2024-9397

A missing delay in directory upload UI could have made it possible for an attacker to trick a user into granting permission via clickjacking. This vulnerability affects Firefox < 131, Firefox ESR < 128.3, Thunderbird < 128.3, and Thunderbird

6.1CVSS6.3AI score0.00194EPSS
CVE
CVE
added 2019/07/23 2:15 p.m.239 views

CVE-2019-9811

As part of a winning Pwn2Own entry, a researcher demonstrated a sandbox escape by installing a malicious language pack and then opening a browser feature that used the compromised translation. This vulnerability affects Firefox ESR < 60.8, Firefox < 68, and Thunderbird

8.3CVSS8.6AI score0.01317EPSS
CVE
CVE
added 2020/12/09 1:15 a.m.239 views

CVE-2020-26959

During browser shutdown, reference decrementing could have occured on a previously freed object, resulting in a use-after-free, memory corruption, and a potentially exploitable crash. This vulnerability affects Firefox < 83, Firefox ESR < 78.5, and Thunderbird

8.8CVSS8.3AI score0.00495EPSS
CVE
CVE
added 2021/02/26 3:15 a.m.239 views

CVE-2021-23960

Performing garbage collection on re-declared JavaScript variables resulted in a user-after-poison, and a potentially exploitable crash. This vulnerability affects Firefox < 85, Thunderbird < 78.7, and Firefox ESR

8.8CVSS8.2AI score0.00421EPSS
CVE
CVE
added 2021/06/24 2:15 p.m.239 views

CVE-2021-24000

A race condition with requestPointerLock() and setTimeout() could have resulted in a user interacting with one tab when they believed they were on a separate tab. In conjunction with certain elements (such as ) this could have led to an attack where a user was confused about the origin of the webpa...

3.1CVSS5AI score0.00234EPSS
CVE
CVE
added 2024/11/26 2:15 p.m.239 views

CVE-2024-11695

A crafted URL containing Arabic script and whitespace characters could have hidden the true origin of the page, resulting in a potential spoofing attack. This vulnerability affects Firefox < 133, Firefox ESR < 128.5, Thunderbird < 133, and Thunderbird

5.4CVSS6.1AI score0.00153EPSS
CVE
CVE
added 2024/08/06 1:15 p.m.239 views

CVE-2024-7520

A type confusion bug in WebAssembly could be leveraged by an attacker to potentially achieve code execution. This vulnerability affects Firefox < 129, Firefox ESR < 128.1, and Thunderbird

8.8CVSS8.2AI score0.00696EPSS
CVE
CVE
added 2024/08/06 1:15 p.m.239 views

CVE-2024-7527

Unexpected marking work at the start of sweeping could have led to a use-after-free. This vulnerability affects Firefox < 129, Firefox ESR < 115.14, Firefox ESR < 128.1, Thunderbird < 128.1, and Thunderbird

8.8CVSS8.2AI score0.00371EPSS
CVE
CVE
added 2020/01/08 10:15 p.m.238 views

CVE-2019-17012

Mozilla developers reported memory safety bugs present in Firefox 70 and Firefox ESR 68.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird < 68.3, ...

8.8CVSS9.2AI score0.0124EPSS
CVE
CVE
added 2020/05/26 6:15 p.m.238 views

CVE-2020-12389

The Firefox content processes did not sufficiently lockdown access control which could result in a sandbox escape. Note: this issue only affects Firefox on Windows operating systems. . This vulnerability affects Firefox ESR < 68.8 and Firefox

10CVSS8.8AI score0.00558EPSS
CVE
CVE
added 2021/12/08 10:15 p.m.238 views

CVE-2021-43537

An incorrect type conversion of sizes from 64bit to 32bit integers allowed an attacker to corrupt memory leading to a potentially exploitable crash. This vulnerability affects Thunderbird < 91.4.0, Firefox ESR < 91.4.0, and Firefox

8.8CVSS8.8AI score0.00595EPSS
Total number of security vulnerabilities2852