Lucene search
+L

1887 matches found

CVE
CVE
added 2022/12/22 12:0 a.m.505 views

CVE-2022-34470

CVE-2022-34470 is a real-use-after-free vulnerability in Firefox/Thunderbird related to session-history navigations that could cause a crash. The connected documents identify the affected products and versions: Firefox and Firefox ESR (Firefox < 102, ESR < 91.11) and Thunderbird (Thunderbir...

9.8CVSS9.1AI score0.01064EPSS
CVE
CVE
added 2022/12/22 12:0 a.m.504 views

CVE-2022-22761

CVE-2022-22761 fixes a vulnerability where the frame-ancestors CSP directive was not enforced for moz-extension:// pages, affecting Firefox < 97, Thunderbird < 91.6, and Firefox ESR

8.8CVSS8.4AI score0.00743EPSS
CVE
CVE
added 2022/12/22 12:0 a.m.500 views

CVE-2022-31740

CVE-2022-31740 describes a register allocation bug in arm64 WASM code that could cause an exploitable crash. Publicly listed impact covers Thunderbird < 91.10, Firefox < 101, and Firefox ESR

8.8CVSS8.9AI score0.00651EPSS
CVE
CVE
added 2022/12/22 12:0 a.m.500 views

CVE-2022-31747

CVE-2022-31747 involves memory safety bugs in Mozilla Firefox 100 and Firefox ESR 91.9 that could lead to memory corruption and potential arbitrary code execution. Affected products include Thunderbird < 91.10, Firefox < 101, and Firefox ESR

9.8CVSS9.9AI score0.00878EPSS
CVE
CVE
added 2022/12/22 12:0 a.m.499 views

CVE-2022-28289

CVE-2022-28289 corresponds to Mozilla Thunderbird memory-safety bugs reported by the Mozilla Fuzzing Team, with evidence of memory corruption and the possibility that, with enough effort, some flaws could be exploited to run arbitrary code. The vulnerability affects Thunderbird versions earlier t...

8.8CVSS8.4AI score0.00697EPSS
CVE
CVE
added 2019/04/26 4:10 p.m.497 views

CVE-2019-9810

CVE-2019-9810 is an IonMonkey JIT bug in Firefox/Thunderbird where incorrect alias information for Array.prototype.slice can skip bounds checks, enabling a buffer overflow and potential remote code execution. Affected: Firefox prior to 66.0.1 and Firefox ESR prior to 60.6.1; Thunderbird prior to ...

8.8CVSS8.2AI score0.29514EPSS
In wild
CVE
CVE
added 2022/12/22 12:0 a.m.495 views

CVE-2022-45415

This CVE affects Mozilla Firefox. When downloading an HTML file, if the page title is formatted as a filename with a malicious extension, Firefox may save the file with that extension, potentially allowing system compromise if the file is executed. Affected versions are Firefox

7.8CVSS7.7AI score0.00232EPSS
CVE
CVE
added 2022/12/22 12:0 a.m.493 views

CVE-2022-31738

CVE-2022-31738 concerns an issue where, when exiting fullscreen mode, an iframe could mislead the browser about the current fullscreen state, enabling user confusion or spoofing. Affected: Thunderbird < 91.10, Firefox < 101, and Firefox ESR

6.5CVSS7.3AI score0.00584EPSS
CVE
CVE
added 2022/12/22 12:0 a.m.490 views

CVE-2022-2200

CVE-2022-2200 affects Firefox and Thunderbird where an attacker could corrupt an object prototype to set undesired attributes on a JavaScript object, leading to privileged code execution. Affected versions are Firefox < 102, Firefox ESR < 91.11, Thunderbird < 102, and Thunderbird

8.8CVSS8.7AI score0.23941EPSS
CVE
CVE
added 2023/06/02 12:0 a.m.490 views

CVE-2023-23605

CVE-2023-23605 corresponds to memory-safety bugs in Mozilla Firefox 108 and Firefox ESR 102.6 (Thunderbird < 102.7; Firefox < 109; ESR

8.8CVSS8.6AI score0.00702EPSS
CVE
CVE
added 2019/07/23 1:17 p.m.487 views

CVE-2019-11719

CVE-2019-11719 describes an out-of-bounds read in NSS when importing a curve25519 private key in PKCS#8 format with leading 0x00 bytes, potentially leading to information disclosure. Affected products include Mozilla Firefox ESR and Thunderbird releases prior to 60.8, and Firefox versions prior t...

7.5CVSS6.7AI score0.02202EPSS
CVE
CVE
added 2021/02/26 2:10 a.m.486 views

CVE-2021-23954

CVE-2021-23954 : A memory corruption vulnerability in Firefox/Thunderbird was caused by using the new logical assignment operators inside a JavaScript switch, leading to a type confusion and potentially exploitable crash. Affected: Firefox <= 85.0 (fixed in 85.0+), Thunderbird

8.8CVSS8.4AI score0.011EPSS
CVE
CVE
added 2022/12/22 12:0 a.m.484 views

CVE-2022-34479

CVE-2022-34479 describes a vulnerability where a malicious website could create a popup that is resized to overlay the browser address bar, potentially causing user confusion or spoofing. The issue explicitly affects Thunderbird for Linux and, per the referenced advisories, Firefox and Thunderbir...

6.5CVSS7.1AI score0.00744EPSS
CVE
CVE
added 2022/12/22 12:0 a.m.484 views

CVE-2022-34484

CVE-2022-34484 is a memory-corruption issue reported by the Mozilla Fuzzing Team affecting Mozilla Thunderbird and Firefox/Firefox ESR: Thunderbird < 102 and Thunderbird < 91.11, Firefox < 102, and Firefox ESR

8.8CVSS9.4AI score0.00981EPSS
CVE
CVE
added 2022/12/22 12:0 a.m.482 views

CVE-2022-31739

CVE-2022-31739 is a Windows file-save path traversal in Mozilla Thunderbird (versions 91.0–91.9.1 per CNVD). An input-validation flaw could allow a downloaded file to be saved to attacker-controlled paths (e.g., using environment variables like %HOMEPATH% or %APPDATA%). No public fix/version deta...

8.8CVSS8.2AI score0.00662EPSS
CVE
CVE
added 2025/02/04 1:58 p.m.479 views

CVE-2025-1009

CVE-2025-1009 is a use-after-free in XSLT processing that affects Firefox < 135, Firefox ESR < 115.20, Firefox ESR < 128.7, Thunderbird < 128.7, and Thunderbird

9.8CVSS7.3AI score0.01196EPSS
CVE
CVE
added 2019/07/23 1:16 p.m.478 views

CVE-2019-11727

CVE-2019-11727 concerns Mozilla NSS and affects Firefox versions earlier than 68. The issue allows NSS to sign TLS 1.3 CertificateVerify messages with PKCS#1 v1.5 signatures when those are the only ones advertised by the server in CertificateRequest. This is inappropriate for TLS 1.3 and is the u...

5.3CVSS6.3AI score0.01741EPSS
CVE
CVE
added 2022/12/22 12:0 a.m.472 views

CVE-2022-45418

CVE-2022-45418 describes a UI spoofing risk where a custom CSS mouse cursor could be drawn over the browser UI, potentially confusing users. Affected products include Firefox ESR and Firefox releases prior to 102.5, and Thunderbird prior to 102.5. Public sources in connected documents consistentl...

6.1CVSS7.1AI score0.00728EPSS
CVE
CVE
added 2022/12/22 12:0 a.m.470 views

CVE-2022-34468

CVE-2022-34468: An iframe that is not allowed to run scripts could execute scripts when a user clicked a javascript: link. Affected: Firefox <102, Firefox ESR <91.11, Thunderbird <102, Thunderbird

8.8CVSS8.5AI score0.00937EPSS
CVE
CVE
added 2022/12/22 12:0 a.m.469 views

CVE-2022-22753

CVE-2022-22753 affects Mozilla Firefox on Windows, with a Time-of-Check Time-of-Use bug in the Maintenance (Updater) Service that could grant a user write access to an arbitrary directory and escalate to SYSTEM. The umbrella set includes Firefox versions below 97 and affected Thunderbird ESR line...

7.1CVSS7.3AI score0.00632EPSS
CVE
CVE
added 2022/12/22 12:0 a.m.465 views

CVE-2022-31736

CVE-2022-31736 is a cross-origin length disclosure in Mozilla products: a malicious site could learn the length of a cross-origin resource that supports Range requests. Affected are Thunderbird < 91.10, Firefox < 101, and Firefox ESR

9.8CVSS8.9AI score0.01055EPSS
CVE
CVE
added 2022/12/22 12:0 a.m.464 views

CVE-2022-42927

CVE-2022-42927 is a same-origin policy violation that could leak cross-origin URL entries and the redirect result via performance.getEntries(). Connected sources confirm impact on Firefox before version 106, Firefox ESR before 102.4, and Thunderbird before 102.4. Mitigations referenced include up...

8.1CVSS7.7AI score0.00414EPSS
CVE
CVE
added 2019/04/26 4:13 p.m.461 views

CVE-2019-9797

CVE-2019-9797: Cross-origin images can be read in violation of the same-origin policy by exporting an image after read-through createImageBitmap and rendering the bitmap on a canvas. Affected product: Mozilla Firefox; impact is cross-origin image theft via canvas rendering. The vulnerability expl...

5.3CVSS5.8AI score0.01109EPSS
CVE
CVE
added 2019/07/23 1:16 p.m.460 views

CVE-2019-11729

CVE-2019-11729 is confirmed in the connected documents as an NSS vulnerability: empty or malformed p256-ECDH public keys may cause a segmentation fault due to improper sanitization during memory copy. The issue affects NSS-related components used by Firefox ESR (<60.8), Firefox (<68), Thund...

7.5CVSS7.3AI score0.02794EPSS
CVE
CVE
added 2024/04/16 3:14 p.m.460 views

CVE-2024-3864

CVE-2024-3864 is a memory-safety vulnerability in Mozilla Firefox and Thunderbird. It affects Firefox <125, Firefox ESR <115.10, and Thunderbird

8.1CVSS6.5AI score0.00847EPSS
CVE
CVE
added 2022/12/22 12:0 a.m.459 views

CVE-2022-0843

CVE-2022-0843 concerns memory safety bugs in Mozilla Firefox 97 that could be exploited to run arbitrary code, affecting Firefox versions older than 98. The issue is documented across multiple sources (including MFSA 2022-10); the practical impact is potential remote code execution with high seve...

8.8CVSS9.3AI score0.0056EPSS
CVE
CVE
added 2020/12/09 12:19 a.m.457 views

CVE-2020-26950

CVE-2020-26950 concerns a write-side effect in the MCallGetProperty opcode causing a use-after-free in Mozilla Firefox/Thunderbird. Affected software: Firefox < 82.0.3, Firefox ESR < 78.4.1, Thunderbird

9.3CVSS8.3AI score0.42327EPSS
CVE
CVE
added 2020/01/08 9:30 p.m.456 views

CVE-2019-17023

CVE-2019-17023 is a protocol-downgrade vulnerability in NSS (Network Security Services). After a HelloRetryRequest is sent during TLS, a client may negotiate a lower protocol than TLS 1.3, causing an invalid TLS state transition and causing subsequent Application Data records to be ignored. This ...

6.5CVSS6.9AI score0.0134EPSS
CVE
CVE
added 2021/02/26 2:2 a.m.448 views

CVE-2021-23961

CVE-2021-23961 is an information-disclosure vulnerability affecting Mozilla Firefox prior to 85, with related entries in Thunderbird. The connected advisories describe that a malicious webpage leveraging slipstream techniques could expose internal network hosts and services on the client’s machin...

7.4CVSS6.8AI score0.01323EPSS
CVE
CVE
added 2022/12/22 12:0 a.m.446 views

CVE-2022-45421

CVE-2022-45421 describes memory safety bugs reported in Thunderbird 102.4 (and related Gecko code paths) with evidence of memory corruption; the advisory notes these could be exploited to execute arbitrary code. Affected products include Thunderbird < 102.5, Firefox ESR < 102.5, and Firefox

8.8CVSS9.6AI score0.00702EPSS
CVE
CVE
added 2022/12/22 12:0 a.m.444 views

CVE-2022-31748

CVE-2022-31748 affects Mozilla Firefox versions earlier than 101. The issue comprises memory-safety bugs in Firefox 100 (Mozilla Fuzzing Team reports) with evidence of memory corruption; some bugs could be exploited to run arbitrary code, according to the provided description. Affected component ...

9.8CVSS9.7AI score0.00656EPSS
CVE
CVE
added 2022/12/22 12:0 a.m.443 views

CVE-2022-26385

CVE-2022-26385 describes a Firefox memory-safety issue where, in unusual shutdown scenarios, an individual thread may outlive its manager, causing a use-after-free that can lead to a potentially exploitable crash. Affected software: Mozilla Firefox, versions older than 98. Root cause: post-shutdo...

6.5CVSS6.9AI score0.00554EPSS
CVE
CVE
added 2022/12/22 12:0 a.m.441 views

CVE-2022-42932

CVE-2022-42932 involves memory safety bugs in Mozilla Firefox/Thunderbird. Affected products: Firefox 105 and ESR 102.3 (and older branches) with vulnerability present in Firefox < 106, ESR < 102.4, and Thunderbird

8.8CVSS9.1AI score0.00712EPSS
CVE
CVE
added 2022/12/22 12:0 a.m.440 views

CVE-2022-45404

CVE-2022-45404 : The vulnerability is a fullscreen notification bypass caused by a sequence of popup/window.print() calls that lets a window go fullscreen without the user prompt. Affected products include Firefox ESR < 102.5, Thunderbird < 102.5, and Firefox

6.5CVSS7.1AI score0.0061EPSS
CVE
CVE
added 2022/12/22 12:0 a.m.438 views

CVE-2022-45412

CVE-2022-45412 is a memory-unclear error that occurs when resolving the symlink file:///proc/self/fd/1, producing an error message with uninitialized memory content. The issue affects Thunderbird on Unix-based systems (Android, Linux, macOS) and also involves Firefox ESR <102.5 and Firefox

8.8CVSS8.5AI score0.00789EPSS
CVE
CVE
added 2022/12/22 12:0 a.m.437 views

CVE-2022-42929

Affects Firefox and Thunderbird: CVE-2022-42929 describes a denial-of-service vulnerability triggered by a particular handling of window.print(), with exploits leading to browser DoS that may persist across restarts depending on session restore. Public sources (CVE entry, Astra Linux advisory, De...

6.5CVSS6.6AI score0.0073EPSS
CVE
CVE
added 2022/12/22 12:0 a.m.435 views

CVE-2022-45420

CVE-2022-45420 describes a phishing/spoofing risk where iframe content could be rendered outside the iframe boundaries in Firefox ESR < 102.5, Thunderbird < 102.5, and Firefox

6.5CVSS7.2AI score0.0057EPSS
CVE
CVE
added 2022/12/22 12:0 a.m.433 views

CVE-2022-26382

CVE-2022-26382 concerns Mozilla Firefox versions earlier than 98.0. The issue arises from rendering text in Autofill tooltips using page fonts, enabling side‑channel inference of the displayed text. Affected product: Firefox

4.3CVSS5.4AI score0.00493EPSS
CVE
CVE
added 2020/07/09 2:52 p.m.432 views

CVE-2020-12399

CVE-2020-12399 involves NSS showing timing differences during DSA signatures, a vulnerability that could allow leakage of DSA private keys. The connected documents consistently state affected software as Thunderbird < 68.9.0, Firefox < 77, and Firefox ESR

4.4CVSS5.9AI score0.00651EPSS
CVE
CVE
added 2022/12/22 12:0 a.m.431 views

CVE-2022-22746

CVE-2022-22746 describes a race condition that could bypass the fullscreen notification, potentially enabling a fullscreen window spoof in Firefox on Windows. The vulnerability affects Firefox ESR < 91.5, Firefox < 96, and Thunderbird

5.9CVSS6.1AI score0.0059EPSS
CVE
CVE
added 2022/12/22 12:0 a.m.429 views

CVE-2022-29918

CVE-2022-29918 refers to memory-safety bugs in Mozilla Firefox 99 that could potentially be exploited to run arbitrary code. The vulnerability affects Firefox versions older than 100.0. The Mozilla MFSA advisories corroborate memory-safety issues/possible code execution with Firefox 99-era builds...

8.8CVSS9.4AI score0.00521EPSS
CVE
CVE
added 2022/12/22 12:0 a.m.427 views

CVE-2022-28283

Summary (CVE-2022-28283) : The Firefox devtools sourceMapURL feature lacked security checks, potentially allowing a webpage to access local files or otherwise inaccessible resources. Affected: Firefox versions earlier than 99. Impact as described: confidentiality impact (local file access) with n...

6.5CVSS6.4AI score0.00572EPSS
CVE
CVE
added 2022/12/22 12:0 a.m.427 views

CVE-2022-29915

CVE-2022-29915 affects Mozilla Firefox (pre-100.0). The Performance API failed to hide whether a cross-origin resource observed redirects, enabling information disclosure. Affected: Firefox versions prior to 100.0. The issue is described in multiple advisories; upstream remediation and Arch Linux...

4.3CVSS5.6AI score0.00284EPSS
CVE
CVE
added 2016/05/26 4:0 p.m.426 views

CVE-2016-0718

CVE-2016-0718 is evidenced in connected Apple documents as part of the Expat (libexpat) updates applied to OS X El Capitan and iTunes-related components. The Expat/libexpat entry notes that processing XML can trigger vulnerabilities in affected builds, with CVE-2016-0718 specifically associated w...

9.8CVSS8.7AI score0.13802EPSS
CVE
CVE
added 2021/06/24 1:19 p.m.422 views

CVE-2021-29945

CVE-2021-29945 concerns the WebAssembly JIT: the JIT could miscalculate the size of a return type, causing a null read and a crash on x86-32. Affected products per the provided documents include Firefox ESR and Firefox releases prior to 78.10 and Thunderbird prior to 78.10 (Firefox

6.5CVSS6.2AI score0.01208EPSS
CVE
CVE
added 2020/03/02 4:5 a.m.421 views

CVE-2020-6796

CVE-2020-6796 targets Mozilla Firefox: a missing bounds check on shared memory reads in the parent process could cause memory corruption via an out-of-bounds write, potentially exploitable. Affected: Firefox old releases prior to 73 and ESR prior to 68.5. Remediation per connected docs: upgrade t...

8.8CVSS8.2AI score0.01552EPSS
CVE
CVE
added 2022/12/22 12:0 a.m.416 views

CVE-2022-45408

Summary: CVE-2022-45408 describes a web/browser UI issue where a sequence of popups that reuse the same windowName can force a window into fullscreen mode without showing the notification prompt, enabling user confusion or spoofing. Affected products/versions: Firefox ESR and Firefox, Thunderbird...

6.5CVSS7.1AI score0.007EPSS
CVE
CVE
added 2021/06/24 1:14 p.m.415 views

CVE-2021-29967

CVE-2021-29967 is a set of memory-safety bugs in Mozilla’s Firefox stack (affecting Firefox 88/ESR 78.11 path) that Mozilla indicated could be exploited to run arbitrary code. Affected products include Thunderbird < 78.11, Firefox < 89, and Firefox ESR

8.8CVSS7.3AI score0.01368EPSS
CVE
CVE
added 2018/06/11 9:0 p.m.414 views

CVE-2016-9063

The CVE-2016-9063 entry concerns an integer overflow in the Expat XML parser used by Firefox up to version 50. The connected advisory explicitly notes that an overflow can lead to buffer overflows and arbitrary code execution. It also provides mitigation guidance in the cited advisory (e.g., rest...

9.8CVSS9.1AI score0.05742EPSS
CVE
CVE
added 2022/12/22 12:0 a.m.412 views

CVE-2022-0511

CVE-2022-0511 corresponds to memory-safety bugs in Mozilla Firefox 96 that could have allowed arbitrary code execution via memory corruption. The public records indicate these issues affected Firefox versions prior to 97 and were addressed in Firefox 97+ and related ESR branches. The Mozilla advi...

8.8CVSS9.3AI score0.00521EPSS
Total number of security vulnerabilities1887