Lucene search
K
Database
Vendors
Products
Timeline
Vulnerabilities
Perimeter Scanner
Scanning
Projects
Scanner
Agent Scanning
API Scanning
Manual Audit
Email
Webhook
Resources
Documents
Blog
Glossary
FAQ
Plugins
Pricing
Contacts
About Us
Partners
Branding Guideline
Settings
Sign in
MozillaFirefox*

1558 matches found

CVE
CVEadded 2025/07/22 9:15 p.m.52 views

CVE-2025-8034

Memory safety bugs present in Firefox ESR 115.25, Firefox ESR 128.12, Thunderbird ESR 128.12, Firefox ESR 140.0, Thunderbird ESR 140.0, Firefox 140 and Thunderbird 140. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been explo...

8.8CVSS7.5AI score0.00048EPSS
CVE
CVEadded 2025/06/24 1:15 p.m.51 views

CVE-2025-6427

An attacker was able to bypass the connect-src directive of a Content Security Policy by manipulating subdocuments. This would have also hidden the connections from the Network tab in Devtools. This vulnerability affects Firefox < 140 and Thunderbird

9.1CVSS5.3AI score0.0006EPSS
CVE
CVEadded 2025/07/22 9:15 p.m.51 views

CVE-2025-8029

Thunderbird executed javascript: URLs when used in object and embed tags. This vulnerability affects Firefox < 141, Firefox ESR < 128.13, Firefox ESR < 140.1, Thunderbird < 141, Thunderbird < 128.13, and Thunderbird

8.1CVSS5.5AI score0.00046EPSS
CVE
CVEadded 2007/04/11 10:19 a.m.50 views

CVE-2007-1970

Mozilla Firefox does not warn the user about HTTP elements on an HTTPS page when the HTTP elements are dynamically created by a delayed document.write, which allows remote attackers to supply unauthenticated content and conduct phishing attacks.

5CVSS6.7AI score0.00273EPSS
CVE
CVEadded 2012/10/10 5:55 p.m.50 views

CVE-2012-5354

Mozilla Firefox before 16.0, Thunderbird before 16.0, and SeaMonkey before 2.13 do not properly handle navigation away from a web page that has multiple menus of SELECT elements active, which allows remote attackers to conduct clickjacking attacks via vectors involving an XPI file, the window.open ...

6.8CVSS9AI score0.01951EPSS
CVE
CVEadded 2018/06/11 9:29 p.m.50 views

CVE-2017-7770

A mechanism where when a new tab is loaded through JavaScript events, if fullscreen mode is then entered, the addressbar will not be rendered. This would allow a malicious site to displayed a spoofed addressbar, showing the location of an arbitrary website instead of the one loaded. Note: this issu...

5.9CVSS6AI score0.00369EPSS
CVE
CVEadded 2025/04/01 1:15 p.m.50 views

CVE-2025-3032

Leaking of file descriptors from the fork server to web content processes could allow for privilege escalation attacks. This vulnerability affects Firefox < 137 and Thunderbird

7.4CVSS6.7AI score0.00031EPSS
CVE
CVEadded 2025/06/24 1:15 p.m.50 views

CVE-2025-6434

The exception page for the HTTPS-Only feature, displayed when a website is opened via HTTP, lacked an anti-clickjacking delay, potentially allowing an attacker to trick a user into granting an exception and loading a webpage over HTTP. This vulnerability affects Firefox < 140 and Thunderbird

4.3CVSS5.3AI score0.00038EPSS
CVE
CVEadded 2025/07/22 9:15 p.m.50 views

CVE-2025-8035

Memory safety bugs present in Firefox ESR 128.12, Thunderbird ESR 128.12, Firefox ESR 140.0, Thunderbird ESR 140.0, Firefox 140 and Thunderbird 140. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrar...

8.8CVSS7.5AI score0.0005EPSS
CVE
CVEadded 2007/07/26 1:30 a.m.49 views

CVE-2007-4013

Multiple unspecified vulnerabilities in (1) Net6Helper.DLL (aka Net6Launcher Class) 4.5.2 and earlier, (2) npCtxCAO.dll (aka Citrix Endpoint Analysis Client) in a Firefox plugin directory, and (3) a second npCtxCAO.dll (aka CCAOControl Object) before 4.5.0.0 in Citrix Access Gateway Standard Editio...

9.3CVSS6.8AI score0.0117EPSS
CVE
CVEadded 2020/08/10 6:15 p.m.49 views

CVE-2020-15651

A unicode RTL order character in the downloaded file name can be used to change the file's name during the download UI flow to change the file extension. This vulnerability affects Firefox for iOS

4.3CVSS4.2AI score0.00186EPSS
CVE
CVEadded 2025/07/22 9:15 p.m.49 views

CVE-2025-8030

Insufficient escaping in the “Copy as cURL” feature could potentially be used to trick a user into executing unexpected code. This vulnerability affects Firefox < 141, Firefox ESR < 128.13, Firefox ESR < 140.1, Thunderbird < 141, Thunderbird < 128.13, and Thunderbird

8.1CVSS6.3AI score0.00046EPSS
CVE
CVEadded 2025/07/22 9:15 p.m.49 views

CVE-2025-8032

XSLT document loading did not correctly propagate the source document which bypassed its CSP. This vulnerability affects Firefox < 141, Firefox ESR < 128.13, Firefox ESR < 140.1, Thunderbird < 141, Thunderbird < 128.13, and Thunderbird

8.1CVSS6.3AI score0.00057EPSS
CVE
CVEadded 2025/08/19 9:15 p.m.49 views

CVE-2025-9179

An attacker was able to perform memory corruption in the GMP process which processes encrypted media. This process is also heavily sandboxed, but represents slightly different privileges from the content process. This vulnerability affects Firefox < 142, Firefox ESR < 115.27, Firefox ESR <...

9.8CVSS6.6AI score0.00059EPSS
CVE
CVEadded 2025/01/11 4:15 a.m.48 views

CVE-2025-23108

Opening Javascript links in a new tab via long-press in the Firefox iOS client could result in a malicious script spoofing the URL of the new tab. This vulnerability affects Firefox for iOS

4.3CVSS6.3AI score0.00117EPSS
CVE
CVEadded 2025/04/29 2:15 p.m.48 views

CVE-2025-4085

An attacker with control over a content process could potentially leverage the privileged UITour actor to leak sensitive information or escalate privileges. This vulnerability affects Firefox < 138 and Thunderbird

7.1CVSS5.5AI score0.00051EPSS
CVE
CVEadded 2025/04/29 2:15 p.m.48 views

CVE-2025-4089

Due to insufficient escaping of special characters in the "copy as cURL" feature, an attacker could trick a user into using this command, potentially leading to local code execution on the user's system. This vulnerability affects Firefox < 138 and Thunderbird

5.1CVSS4.8AI score0.00032EPSS
CVE
CVEadded 2025/07/22 9:15 p.m.48 views

CVE-2025-8028

On arm64, a WASM br_table instruction with a lot of entries could lead to the label being too far from the instruction causing truncation and incorrect computation of the branch address. This vulnerability affects Firefox < 141, Firefox ESR < 115.26, Firefox ESR < 128.13, Firefox ESR < ...

9.8CVSS6.3AI score0.00069EPSS
CVE
CVEadded 2025/07/22 9:15 p.m.48 views

CVE-2025-8031

The username:password part was not correctly stripped from URLs in CSP reports potentially leaking HTTP Basic Authentication credentials. This vulnerability affects Firefox < 141, Firefox ESR < 128.13, Firefox ESR < 140.1, Thunderbird < 141, Thunderbird < 128.13, and Thunderbird

9.8CVSS6.5AI score0.00141EPSS
CVE
CVEadded 2009/12/14 5:30 p.m.47 views

CVE-2009-4129

Race condition in Mozilla Firefox allows remote attackers to produce a JavaScript message with a spoofed domain association by writing the message in between the document request and document load for a web page in a different domain.

5.8CVSS6.3AI score0.00366EPSS
CVE
CVEadded 2020/07/09 3:15 p.m.47 views

CVE-2020-12404

For native-to-JS bridging the app requires a unique token to be passed that ensures non-app code can't call the bridging functions. That token could leak when used for downloading files. This vulnerability affects Firefox for iOS

4.3CVSS4.1AI score0.00264EPSS
CVE
CVEadded 2025/03/04 2:15 p.m.47 views

CVE-2025-27426

Malicious websites utilizing a server-side redirect to an internal error page could result in a spoofed website URL This vulnerability affects Firefox for iOS

5.4CVSS5.9AI score0.00044EPSS
CVE
CVEadded 2025/04/29 2:15 p.m.47 views

CVE-2025-4086

A specially crafted filename containing a large number of encoded newline characters could obscure the file's extension when displayed in the download dialog.This bug only affects Thunderbird for Android. Other versions of Thunderbird are unaffected. This vulnerability affects Firefox < 138 and ...

6.5CVSS6.2AI score0.00055EPSS
CVE
CVEadded 2025/04/29 2:15 p.m.47 views

CVE-2025-4090

A vulnerability existed in Thunderbird for Android where potentially sensitive library locations were logged via Logcat. This vulnerability affects Firefox < 138 and Thunderbird

6.5CVSS5.4AI score0.00052EPSS
CVE
CVEadded 2025/07/22 9:15 p.m.47 views

CVE-2025-8033

The JavaScript engine did not handle closed generators correctly and it was possible to resume them leading to a nullptr deref. This vulnerability affects Firefox < 141, Firefox ESR < 115.26, Firefox ESR < 128.13, Firefox ESR < 140.1, Thunderbird < 141, Thunderbird < 128.13, and T...

6.5CVSS6.2AI score0.00044EPSS
CVE
CVEadded 2025/07/22 9:15 p.m.46 views

CVE-2025-8027

On 64-bit platforms IonMonkey-JIT only wrote 32 bits of the 64-bit return value space on the stack. Baseline-JIT, however, read the entire 64 bits. This vulnerability affects Firefox < 141, Firefox ESR < 115.26, Firefox ESR < 128.13, Firefox ESR < 140.1, Thunderbird < 141, Thunderbir...

6.5CVSS6.3AI score0.00042EPSS
CVE
CVEadded 2025/05/27 1:15 p.m.45 views

CVE-2025-5271

Previewing a response in Devtools ignored CSP headers, which could have allowed content injection attacks. This vulnerability affects Firefox < 139 and Thunderbird

6.5CVSS4.8AI score0.00058EPSS
CVE
CVEadded 2007/07/17 9:30 p.m.44 views

CVE-2007-3827

Mozilla Firefox allows for cookies to be set with a null domain (aka "domainless cookies"), which allows remote attackers to pass information between arbitrary domains and track user activity, as demonstrated by the domain attribute in the document.cookie variable in a javascript: window.

5CVSS6.5AI score0.00273EPSS
CVE
CVEadded 2023/07/12 2:15 p.m.43 views

CVE-2023-37455

The permission request prompt from the site in the background tab was overlaid on top of the site in the foreground tab. This vulnerability affects Firefox for iOS

5.4CVSS4.9AI score0.0019EPSS
CVE
CVEadded 2009/12/14 5:30 p.m.42 views

CVE-2009-4130

Visual truncation vulnerability in the MakeScriptDialogTitle function in nsGlobalWindow.cpp in Mozilla Firefox allows remote attackers to spoof the origin domain name of a script via a long name.

5.8CVSS6.1AI score0.00513EPSS
CVE
CVEadded 2023/11/21 3:15 p.m.42 views

CVE-2023-49061

An attacker could have performed HTML template injection via Reader Mode and exfiltrated user information. This vulnerability affects Firefox for iOS

6.1CVSS6AI score0.002EPSS
CVE
CVEadded 2025/07/22 9:15 p.m.42 views

CVE-2025-8039

In some cases search terms persisted in the URL bar even after navigating away from the search page. This vulnerability affects Firefox < 141, Firefox ESR < 140.1, Thunderbird < 141, and Thunderbird

8.1CVSS6.4AI score0.0004EPSS
CVE
CVEadded 2025/08/19 9:15 p.m.42 views

CVE-2025-9185

Memory safety bugs present in Firefox ESR 115.26, Firefox ESR 128.13, Thunderbird ESR 128.13, Firefox ESR 140.1, Thunderbird ESR 140.1, Firefox 141 and Thunderbird 141. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been explo...

8.1CVSS7.5AI score0.00064EPSS
CVE
CVEadded 2025/07/22 9:15 p.m.41 views

CVE-2025-8040

Memory safety bugs present in Firefox ESR 140.0, Thunderbird ESR 140.0, Firefox 140 and Thunderbird 140. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox &...

8.8CVSS7.5AI score0.00049EPSS
CVE
CVEadded 2025/08/19 9:15 p.m.41 views

CVE-2025-9180

'Same-origin policy bypass in the Graphics: Canvas2D component.' This vulnerability affects Firefox < 142, Firefox ESR < 115.27, Firefox ESR < 128.14, Firefox ESR < 140.2, Thunderbird < 142, Thunderbird < 128.14, and Thunderbird

8.1CVSS6.5AI score0.00018EPSS
CVE
CVEadded 2008/04/17 10:5 p.m.40 views

CVE-2007-6715

Mozilla Firefox allows remote attackers to cause a denial of service (crash) via crafted image, as demonstrated by the zzuf lol-firefox.gif test case.

4.3CVSS6.5AI score0.0064EPSS
CVE
CVEadded 2025/07/22 9:15 p.m.40 views

CVE-2025-8036

Thunderbird cached CORS preflight responses across IP address changes. This allowed circumventing CORS with DNS rebinding. This vulnerability affects Firefox < 141, Firefox ESR < 140.1, Thunderbird < 141, and Thunderbird

8.1CVSS5.4AI score0.00039EPSS
CVE
CVEadded 2025/07/22 9:15 p.m.40 views

CVE-2025-8037

Setting a nameless cookie with an equals sign in the value shadowed other cookies. Even if the nameless cookie was set over HTTP and the shadowed cookie included the Secure attribute. This vulnerability affects Firefox < 141, Firefox ESR < 140.1, Thunderbird < 141, and Thunderbird

9.1CVSS6.4AI score0.0002EPSS
CVE
CVEadded 2021/06/02 5:15 p.m.39 views

CVE-2011-3656

Cross-site scripting (XSS) vulnerability in Mozilla Firefox before 3.6.24 and 4.x through 7 allows remote attackers to inject arbitrary web script or HTML via vectors involving HTTP 0.9 errors, non-default ports, and content-sniffing.

6.1CVSS5.9AI score0.00273EPSS
CVE
CVEadded 2025/07/22 9:15 p.m.38 views

CVE-2025-8038

Thunderbird ignored paths when checking the validity of navigations in a frame. This vulnerability affects Firefox < 141, Firefox ESR < 140.1, Thunderbird < 141, and Thunderbird

9.8CVSS5.3AI score0.00031EPSS
CVE
CVEadded 2025/08/19 9:15 p.m.37 views

CVE-2025-9181

Uninitialized memory in the JavaScript Engine component. This vulnerability affects Firefox < 142, Firefox ESR < 128.14, Firefox ESR < 140.2, Thunderbird < 142, Thunderbird < 128.14, and Thunderbird

6.5CVSS6.4AI score0.00038EPSS
CVE
CVEadded 2025/07/22 9:15 p.m.35 views

CVE-2025-8044

Memory safety bugs present in Firefox 140 and Thunderbird 140. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 141 and Thunderbird

9.8CVSS7.5AI score0.00061EPSS
CVE
CVEadded 2025/08/19 9:15 p.m.34 views

CVE-2025-9184

Memory safety bugs present in Firefox ESR 140.1, Thunderbird ESR 140.1, Firefox 141 and Thunderbird 141. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox &...

8.1CVSS7.5AI score0.00064EPSS
CVE
CVEadded 2025/08/19 9:15 p.m.33 views

CVE-2025-9182

'Denial-of-service due to out-of-memory in the Graphics: WebRender component.' This vulnerability affects Firefox < 142, Firefox ESR < 140.2, Thunderbird < 142, and Thunderbird

7.5CVSS6.3AI score0.00057EPSS
CVE
CVEadded 2025/08/19 9:15 p.m.31 views

CVE-2025-9183

Spoofing issue in the Address Bar component. This vulnerability affects Firefox < 142 and Firefox ESR

6.5CVSS6.5AI score0.00025EPSS
CVE
CVEadded 2025/08/19 9:15 p.m.23 views

CVE-2025-9187

Memory safety bugs present in Firefox 141 and Thunderbird 141. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 142 and Thunderbird

9.8CVSS7.5AI score0.00056EPSS
CVE
CVEadded 2025/06/24 1:15 p.m.21 views

CVE-2025-6428

When a URL was provided in a link querystring parameter, Firefox for Android would follow that URL instead of the correct URL, potentially leading to phishing attacks.This bug only affects Firefox for Android. Other versions of Firefox are unaffected. This vulnerability affects Firefox

4.3CVSS6.5AI score0.00042EPSS
CVE
CVEadded 2025/06/24 1:15 p.m.21 views

CVE-2025-6431

When a link can be opened in an external application, Firefox for Android will, by default, prompt the user before doing so. An attacker could have bypassed this prompt, potentially exposing the user to security vulnerabilities or privacy leaks in external applications.This bug only affects Firefox...

6.5CVSS6.7AI score0.0004EPSS
CVE
CVEadded 2025/07/22 9:15 p.m.11 views

CVE-2025-8043

Focus incorrectly truncated URLs towards the beginning instead of around the origin. This vulnerability affects Firefox < 141 and Thunderbird

9.8CVSS6.4AI score0.00076EPSS
CVE
CVEadded 2025/08/19 9:15 p.m.9 views

CVE-2025-55029

Malicious scripts could bypass the popup blocker to spam new tabs, potentially resulting in denial of service attacks This vulnerability affects Firefox for iOS

7.5CVSS6.6AI score0.00051EPSS
Total number of security vulnerabilities1558