Lucene search

K
MozillaFirefox

2852 matches found

CVE
CVE
added 2024/10/29 1:15 p.m.238 views

CVE-2024-10462

Truncation of a long URL could have allowed origin spoofing in a permission prompt. This vulnerability affects Firefox < 132, Firefox ESR < 128.4, Thunderbird < 128.4, and Thunderbird

7.5CVSS6.1AI score0.00164EPSS
CVE
CVE
added 2024/10/29 1:15 p.m.238 views

CVE-2024-10468

Potential race conditions in IndexedDB could have caused memory corruption, leading to a potentially exploitable crash. This vulnerability affects Firefox < 132 and Thunderbird

9.8CVSS6.3AI score0.00184EPSS
CVE
CVE
added 2024/11/26 2:15 p.m.238 views

CVE-2024-11697

When handling keypress events, an attacker may have been able to trick a user into bypassing the "Open Executable File?" confirmation dialog. This could have led to malicious code execution. This vulnerability affects Firefox < 133, Firefox ESR < 128.5, Thunderbird < 133, and Thunderbird

8.8CVSS6.6AI score0.00377EPSS
CVE
CVE
added 2024/08/06 1:15 p.m.238 views

CVE-2024-7521

Incomplete WebAssembly exception handing could have led to a use-after-free. This vulnerability affects Firefox < 129, Firefox ESR < 115.14, Firefox ESR < 128.1, Thunderbird < 128.1, and Thunderbird

9.8CVSS8.7AI score0.00444EPSS
CVE
CVE
added 2024/09/03 1:15 p.m.238 views

CVE-2024-8388

Multiple prompts and panels from both Firefox and the Android OS could be used to obscure the notification announcing the transition to fullscreen mode after the fix for CVE-2023-6870 in Firefox 121. This could lead to spoofing the browser UI if the sudden appearance of the prompt distracted the us...

5.3CVSS6.1AI score0.00499EPSS
CVE
CVE
added 2019/02/28 6:29 p.m.237 views

CVE-2018-18492

A use-after-free vulnerability can occur after deleting a selection element due to a weak reference to the select element in the options collection. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 60.4, Firefox ESR < 60.4, and Firefox

9.8CVSS7.5AI score0.24EPSS
CVE
CVE
added 2019/02/28 6:29 p.m.237 views

CVE-2018-18493

A buffer overflow can occur in the Skia library during buffer offset calculations with hardware accelerated canvas 2D actions due to the use of 32-bit calculations instead of 64-bit. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 60.4, Firefox ESR < ...

9.8CVSS7.6AI score0.07844EPSS
CVE
CVE
added 2021/06/24 2:15 p.m.237 views

CVE-2021-23995

When Responsive Design Mode was enabled, it used references to objects that were previously freed. We presume that with enough effort this could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR < 78.10, Thunderbird < 78.10, and Firefox

8.8CVSS6.7AI score0.01023EPSS
CVE
CVE
added 2021/06/24 2:15 p.m.237 views

CVE-2021-23998

Through complicated navigations with new windows, an HTTP page could have inherited a secure lock icon from an HTTPS page. This vulnerability affects Firefox ESR < 78.10, Thunderbird < 78.10, and Firefox

6.5CVSS6.3AI score0.00241EPSS
CVE
CVE
added 2024/10/15 10:15 p.m.237 views

CVE-2024-10004

Opening an external link to an HTTP website when Firefox iOS was previously closed and had an HTTPS tab open could in some cases result in the padlock icon showing an HTTPS indicator incorrectly This vulnerability affects Firefox for iOS

9.1CVSS6.5AI score0.00142EPSS
CVE
CVE
added 2024/08/06 1:15 p.m.237 views

CVE-2024-7524

Firefox adds web-compatibility shims in place of some tracking scripts blocked by Enhanced Tracking Protection. On a site protected by Content Security Policy in "strict-dynamic" mode, an attacker able to inject an HTML element could have used a DOM Clobbering attack on some of the shims and achiev...

6.1CVSS5.9AI score0.0029EPSS
CVE
CVE
added 2024/09/03 1:15 p.m.237 views

CVE-2024-8386

If a site had been granted the permission to open popup windows, it could cause Select elements to appear on top of another site to perform a spoofing attack. This vulnerability affects Firefox < 130, Firefox ESR < 128.2, and Thunderbird

6.1CVSS6.6AI score0.00192EPSS
CVE
CVE
added 2020/01/08 8:15 p.m.236 views

CVE-2019-11759

An attacker could have caused 4 bytes of HMAC output to be written past the end of a buffer stored on the stack. This could be used by an attacker to execute arbitrary code or more likely lead to a crash. This vulnerability affects Firefox < 70, Thunderbird < 68.2, and Firefox ESR

8.8CVSS8.5AI score0.03345EPSS
CVE
CVE
added 2020/01/08 10:15 p.m.236 views

CVE-2019-9812

Given a compromised sandboxed content process due to a separate vulnerability, it is possible to escape that sandbox by loading accounts.firefox.com in that process and forcing a log-in to a malicious Firefox Sync account. Preference settings that disable the sandbox are then synchronized to the lo...

9.3CVSS8.6AI score0.0052EPSS
CVE
CVE
added 2020/12/09 1:15 a.m.236 views

CVE-2020-26968

Mozilla developers reported memory safety bugs present in Firefox 82 and Firefox ESR 78.4. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 83, Firefo...

9.3CVSS9.1AI score0.00635EPSS
CVE
CVE
added 2024/10/29 1:15 p.m.236 views

CVE-2024-10460

The origin of an external protocol handler prompt could have been obscured using a data: URL within an iframe. This vulnerability affects Firefox < 132, Firefox ESR < 128.4, Thunderbird < 128.4, and Thunderbird

5.4CVSS6.3AI score0.00101EPSS
CVE
CVE
added 2024/11/26 2:15 p.m.236 views

CVE-2024-11692

An attacker could cause a select dropdown to be shown over another tab; this could have led to user confusion and possible spoofing attacks. This vulnerability affects Firefox < 133, Firefox ESR < 128.5, Thunderbird < 133, and Thunderbird

4.3CVSS6AI score0.00153EPSS
CVE
CVE
added 2024/11/26 2:15 p.m.236 views

CVE-2024-11708

Missing thread synchronization primitives could have led to a data race on members of the PlaybackParams structure. This vulnerability affects Firefox < 133 and Thunderbird

6.5CVSS6.1AI score0.00078EPSS
CVE
CVE
added 2024/10/01 4:15 p.m.236 views

CVE-2024-9396

It is currently unknown if this issue is exploitable but a condition may arise where the structured clone of certain objects could lead to memory corruption. This vulnerability affects Firefox < 131, Firefox ESR < 128.3, Thunderbird < 128.3, and Thunderbird

8.8CVSS6.3AI score0.00324EPSS
CVE
CVE
added 2020/01/08 8:15 p.m.235 views

CVE-2019-11762

If two same-origin documents set document.domain differently to become cross-origin, it was possible for them to call arbitrary DOM methods/getters/setters on the now-cross-origin window. This vulnerability affects Firefox < 70, Thunderbird < 68.2, and Firefox ESR

6.1CVSS6.7AI score0.00405EPSS
CVE
CVE
added 2019/07/23 2:15 p.m.235 views

CVE-2019-9817

Images from a different domain can be read using a canvas object in some circumstances. This could be used to steal image data from a different site in violation of same-origin policy. This vulnerability affects Thunderbird < 60.7, Firefox < 67, and Firefox ESR

5.3CVSS5.4AI score0.00191EPSS
CVE
CVE
added 2020/03/25 10:15 p.m.235 views

CVE-2020-6805

When removing data about an origin whose tab was recently closed, a use-after-free could occur in the Quota manager, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird < 68.6, Firefox < 74, Firefox < ESR68.6, and Firefox ESR

8.8CVSS9AI score0.01554EPSS
CVE
CVE
added 2020/12/09 1:15 a.m.234 views

CVE-2020-26956

In some cases, removing HTML elements during sanitization would keep existing SVG event handlers and therefore lead to XSS. This vulnerability affects Firefox < 83, Firefox ESR < 78.5, and Thunderbird

6.1CVSS6.5AI score0.00526EPSS
CVE
CVE
added 2021/12/08 10:15 p.m.234 views

CVE-2021-38507

The Opportunistic Encryption feature of HTTP2 (RFC 8164) allows a connection to be transparently upgraded to TLS while retaining the visual properties of an HTTP connection, including being same-origin with unencrypted connections on port 80. However, if a second encrypted port on the same IP addre...

6.5CVSS7AI score0.00338EPSS
CVE
CVE
added 2024/10/29 1:15 p.m.234 views

CVE-2024-10461

In multipart/x-mixed-replace responses, Content-Disposition: attachment in the response header was not respected and did not force a download, which could allow XSS attacks. This vulnerability affects Firefox < 132, Firefox ESR < 128.4, Thunderbird < 128.4, and Thunderbird

6.1CVSS5.4AI score0.00156EPSS
CVE
CVE
added 2024/11/26 2:15 p.m.234 views

CVE-2024-11703

On Android, Firefox may have inadvertently allowed viewing saved passwords without the required device PIN authentication. This vulnerability affects Firefox

5.7CVSS6.3AI score0.00038EPSS
CVE
CVE
added 2025/01/07 4:15 p.m.234 views

CVE-2025-0241

When segmenting specially crafted text, segmentation would corrupt memory leading to a potentially exploitable crash. This vulnerability affects Firefox < 134, Firefox ESR < 128.6, Thunderbird < 134, and Thunderbird

7.7CVSS5.4AI score0.00201EPSS
CVE
CVE
added 2020/12/09 1:15 a.m.233 views

CVE-2020-26961

When DNS over HTTPS is in use, it intentionally filters RFC1918 and related IP ranges from the responses as these do not make sense coming from a DoH resolver. However when an IPv4 address was mapped through IPv6, these addresses were erroneously let through, leading to a potential DNS Rebinding at...

6.5CVSS6.8AI score0.00275EPSS
CVE
CVE
added 2020/01/08 8:15 p.m.232 views

CVE-2019-11761

By using a form with a data URI it was possible to gain access to the privileged JSONView object that had been cloned into content. Impact from exposing this object appears to be minimal, however it was a bypass of existing defense in depth mechanisms. This vulnerability affects Firefox < 70, Th...

5.8CVSS6.4AI score0.00473EPSS
CVE
CVE
added 2020/01/08 10:15 p.m.232 views

CVE-2019-17010

Under certain conditions, when checking the Resist Fingerprinting preference during device orientation checks, a race condition could have caused a use-after-free and a potentially exploitable crash. This vulnerability affects Thunderbird < 68.3, Firefox ESR < 68.3, and Firefox

7.5CVSS7.7AI score0.00953EPSS
CVE
CVE
added 2020/08/10 6:15 p.m.232 views

CVE-2020-15659

Mozilla developers and community members reported memory safety bugs present in Firefox 78 and Firefox ESR 78.0. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects F...

9.3CVSS9.2AI score0.0078EPSS
CVE
CVE
added 2024/08/06 1:15 p.m.232 views

CVE-2024-7525

It was possible for a web extension with minimal permissions to create a StreamFilter which could be used to read and modify the response body of requests on any site. This vulnerability affects Firefox < 129, Firefox ESR < 115.14, Firefox ESR < 128.1, Thunderbird < 128.1, and Thunderbi...

9.1CVSS8.6AI score0.00167EPSS
CVE
CVE
added 2024/08/06 1:15 p.m.232 views

CVE-2024-7529

The date picker could partially obscure security prompts. This could be used by a malicious site to trick a user into granting permissions. This vulnerability affects Firefox < 129, Firefox ESR < 115.14, Firefox ESR < 128.1, Thunderbird < 128.1, and Thunderbird

8.1CVSS7.6AI score0.00177EPSS
CVE
CVE
added 2016/01/09 2:59 a.m.231 views

CVE-2015-7575

Mozilla Network Security Services (NSS) before 3.20.2, as used in Mozilla Firefox before 43.0.2 and Firefox ESR 38.x before 38.5.2, does not reject MD5 signatures in Server Key Exchange messages in TLS 1.2 Handshake Protocol traffic, which makes it easier for man-in-the-middle attackers to spoof se...

5.9CVSS6.1AI score0.02005EPSS
CVE
CVE
added 2024/11/26 2:15 p.m.231 views

CVE-2024-53976

Under certain circumstances, navigating to a webpage would result in the address missing from the location URL bar, making it unclear what the URL was for the loaded webpage. This vulnerability affects Firefox for iOS

5.4CVSS6.3AI score0.00066EPSS
CVE
CVE
added 2024/08/06 1:15 p.m.231 views

CVE-2024-7530

Incorrect garbage collection interaction could have led to a use-after-free. This vulnerability affects Firefox

9.8CVSS6.3AI score0.00213EPSS
CVE
CVE
added 2024/10/01 4:15 p.m.231 views

CVE-2024-9398

By checking the result of calls to window.open with specifically set protocol handlers, an attacker could determine if the application which implements that protocol handler is installed. This vulnerability affects Firefox < 131, Firefox ESR < 128.3, Thunderbird < 128.3, and Thunderbird

5.3CVSS6.2AI score0.01042EPSS
CVE
CVE
added 2020/01/08 10:15 p.m.230 views

CVE-2019-17016

When pasting a tag from the clipboard into a rich text editor, the CSS sanitizer incorrectly rewrites a @namespace rule. This could allow for injection into certain types of websites resulting in data exfiltration. This vulnerability affects Firefox ESR < 68.4 and Firefox

6.1CVSS6.8AI score0.01834EPSS
CVE
CVE
added 2020/08/10 6:15 p.m.230 views

CVE-2020-15652

By observing the stack trace for JavaScript errors in web workers, it was possible to leak the result of a cross-origin redirect. This applied only to content that can be parsed as script. This vulnerability affects Firefox < 79, Firefox ESR < 68.11, Firefox ESR < 78.1, Thunderbird < 68...

6.5CVSS6.6AI score0.00592EPSS
CVE
CVE
added 2024/11/26 2:15 p.m.230 views

CVE-2024-53975

Accessing a non-secure HTTP site that uses a non-existent port may cause the SSL padlock icon in the location URL bar to, misleadingly, appear secure. This vulnerability affects Firefox for iOS

5.4CVSS6.3AI score0.00167EPSS
CVE
CVE
added 2009/07/22 6:30 p.m.229 views

CVE-2009-2469

Mozilla Firefox before 3.0.12 does not properly handle an SVG element that has a property with a watch function and an defineSetter function, which allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a crafted documen...

10CVSS9AI score0.05975EPSS
CVE
CVE
added 2020/01/08 8:15 p.m.229 views

CVE-2019-11763

Failure to correctly handle null bytes when processing HTML entities resulted in Firefox incorrectly parsing these entities. This could have led to HTML comment text being treated as HTML which could have led to XSS in a web application under certain conditions. It could have also led to HTML entit...

6.1CVSS6.5AI score0.01291EPSS
CVE
CVE
added 2019/04/26 5:29 p.m.229 views

CVE-2019-9793

A mechanism was discovered that removes some bounds checking for string, array, or typed array accesses if Spectre mitigations have been disabled. This vulnerability could allow an attacker to create an arbitrary value in compiled JavaScript, for which the range analysis will infer a fully controll...

5.9CVSS7.1AI score0.00323EPSS
CVE
CVE
added 2020/07/09 3:15 p.m.229 views

CVE-2020-12405

When browsing a malicious page, a race condition in our SharedWorkerService could occur and lead to a potentially exploitable crash. This vulnerability affects Thunderbird < 68.9.0, Firefox < 77, and Firefox ESR

5.3CVSS6.3AI score0.00693EPSS
CVE
CVE
added 2020/12/09 1:15 a.m.229 views

CVE-2020-26951

A parsing and event loading mismatch in Firefox's SVG code could have allowed load events to fire, even after sanitization. An attacker already capable of exploiting an XSS vulnerability in privileged internal pages could have used this attack to bypass our built-in sanitizer. This vulnerability af...

6.1CVSS6.5AI score0.00188EPSS
CVE
CVE
added 2021/01/07 2:15 p.m.229 views

CVE-2020-35111

When an extension with the proxy permission registered to receive , the proxy.onRequest callback was not triggered for view-source URLs. While web content cannot navigate to such URLs, a user opening View Source could have inadvertently leaked their IP address. This vulnerability affects Firefox &l...

4.3CVSS5.6AI score0.00455EPSS
CVE
CVE
added 2020/03/02 5:15 a.m.229 views

CVE-2020-6801

Mozilla developers reported memory safety bugs present in Firefox 72. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox

8.8CVSS8.9AI score0.00555EPSS
CVE
CVE
added 2022/12/22 8:15 p.m.229 views

CVE-2021-4140

It was possible to construct specific XSLT markup that would be able to bypass an iframe sandbox. This vulnerability affects Firefox ESR < 91.5, Firefox < 96, and Thunderbird

10CVSS8.8AI score0.00049EPSS
CVE
CVE
added 2024/11/26 2:15 p.m.229 views

CVE-2024-11701

The incorrect domain may have been displayed in the address bar during an interrupted navigation attempt. This could have led to user confusion and possible spoofing attacks. This vulnerability affects Firefox < 133 and Thunderbird

4.3CVSS6.2AI score0.00082EPSS
CVE
CVE
added 2008/09/24 8:37 p.m.228 views

CVE-2008-4059

The XPConnect component in Mozilla Firefox before 2.0.0.17 allows remote attackers to "pollute XPCNativeWrappers" and execute arbitrary code with chrome privileges via vectors related to a SCRIPT element.

7.5CVSS9.6AI score0.02918EPSS
Total number of security vulnerabilities2852