Lucene search
+L

1887 matches found

CVE
CVE
added 2023/08/01 2:57 p.m.411 views

CVE-2023-4048

CVE-2023-4048 involves an out-of-bounds read in DOMParser when parsing HTML in low-memory conditions, affecting Firefox < 116, Firefox ESR < 102.14, and Firefox ESR

7.5CVSS8AI score0.00827EPSS
CVE
CVE
added 2022/12/22 12:0 a.m.410 views

CVE-2022-22755

CVE-2022-22755 describes a vulnerability in Firefox

8.8CVSS8.3AI score0.00586EPSS
CVE
CVE
added 2022/12/22 12:0 a.m.410 views

CVE-2022-28287

Summary: CVE-2022-28287 affects Mozilla Firefox earlier than 99. In unusual circumstances, selecting text could cause text selection caching to misbehave and crash the browser. The associated data from connected sources confirms Firefox as the affected product and Firefox 99 or later as the fix/v...

6.5CVSS6.4AI score0.00549EPSS
CVE
CVE
added 2022/12/22 12:0 a.m.406 views

CVE-2022-42931

CVE-2022-42931 : Firefox stored a username file on disk in unencrypted form instead of using the Password Manager’s encrypted storage. The issue is caused by the Form Manager writing the username (not the password) to disk, exposing sensitive account identifiers. Affects Firefox versions earlier ...

3.3CVSS4.9AI score0.00136EPSS
CVE
CVE
added 2022/12/22 12:0 a.m.400 views

CVE-2022-42930

Mozilla Firefox prior to version 106 is affected by a data race in the ThirdPartyUtil component when two Workers initialize CacheStorage concurrently. The vulnerability could lead to memory corruption or a potentially exploitable crash. The fix is included in Firefox 106 (per MFSA2022-44). Mitiga...

7.1CVSS6.8AI score0.00391EPSS
CVE
CVE
added 2020/05/26 5:4 p.m.396 views

CVE-2020-12387

CVE-2020-12387 is a use-after-free vulnerability caused by a race condition during Web Worker shutdown in Mozilla Firefox/Thunderbird. Affected products include Firefox ESR < 68.8, Firefox < 76, and Thunderbird

8.1CVSS8.4AI score0.01403EPSS
CVE
CVE
added 2024/03/19 12:2 p.m.395 views

CVE-2024-2608

CVE-2024-2608 affects Mozilla Firefox (including ESR) and Thunderbird. The issue arises from integer overflow in encoding routines (AppendEncodedAttributeValue(), ExtraSpaceNeededForAttrEncoding(), and AppendEncodedCharacters()) that can underallocate an output buffer, leading to an out-of-bounds...

8.4CVSS6.9AI score0.00385EPSS
CVE
CVE
added 2020/01/08 7:23 p.m.388 views

CVE-2019-11756

CVE-2019-11756 is a Mozilla Firefox/NSS use-after-free vulnerability related to SFTKSession object handling. The connected AWS ALAS-2021-1522 aggregates NSS-related issues (including this CVE) and indicates affected Firefox/NSS components with suggested updates; it lists NSS-related packages (nsp...

8.8CVSS8.1AI score0.01501EPSS
CVE
CVE
added 2021/01/07 1:52 p.m.385 views

CVE-2020-26974

CVE-2020-26974 is a Firefox/Thunderbird vulnerability where using flex-basis on a table wrapper could cause a StyleGenericFlexBasis object to be cast to the wrong type, leading to a heap use-after-free and memory corruption, potentially crashing the browser. Affected: Firefox <84, Thunderbird ...

8.8CVSS8.3AI score0.01455EPSS
CVE
CVE
added 2020/03/02 4:5 a.m.383 views

CVE-2020-6800

CVE-2020-6800 involves memory safety bugs identified in Firefox 72 and Firefox ESR 68.4, with potential to corrupt memory and enable arbitrary code execution in browser-like contexts. Affected products include Thunderbird and Firefox versions older than 68.5/73 respectively (Thunderbird < 68.5...

8.8CVSS9.2AI score0.02274EPSS
CVE
CVE
added 2023/06/02 12:0 a.m.381 views

CVE-2023-28176

CVE-2023-28176 corresponds to memory safety bugs in Firefox 110 and Firefox ESR 102.8, with potential to cause memory corruption and possible arbitrary code execution. Affected products include Firefox <111, Firefox ESR <102.9, and Thunderbird

8.8CVSS9.1AI score0.00713EPSS
CVE
CVE
added 2019/02/05 9:0 p.m.379 views

CVE-2018-18506

CVE-2018-18506 is a PAC-related issue where a PAC file can cause localhost requests to be proxied. Connected documents confirm Thunderbird is affected and publicly patched: Thunderbird 60.6.1 fixes were released across AL2 (ALAS2-2019-1195), CentOS/RHEL advisories (RHSA-2019:0680/0681), and Debia...

5.9CVSS6.9AI score0.02177EPSS
CVE
CVE
added 2021/02/26 1:59 a.m.377 views

CVE-2021-23968

CVE-2021-23968 describes a disclosure risk where, if a Content Security Policy blocked frame navigation, the violation report could reveal the destination of a redirect instead of the original frame URI. This could leak sensitive information contained in those URIs. Affected products include Fire...

4.3CVSS5.4AI score0.01212EPSS
CVE
CVE
added 2024/03/22 12:55 p.m.374 views

CVE-2024-29944

The CVE-2024-29944 issue affects Mozilla Firefox on desktop (not mobile), allowing an attacker to inject an event handler into a privileged object to achieve arbitrary JavaScript execution in the parent process. Affects Firefox versions older than 124.0.1 and Firefox ESR older than 115.9.1; multi...

8.4CVSS6.7AI score0.047EPSS
CVE
CVE
added 2025/02/04 1:58 p.m.374 views

CVE-2025-1013

CVE-2025-1013 describes a race condition that could cause private browsing tabs to open in normal browsing windows, potentially leaking private data. The initial CVE entry asserts impact on Firefox < 135, Firefox ESR < 128.7, Thunderbird < 128.7, and Thunderbird

6.5CVSS7AI score0.00313EPSS
CVE
CVE
added 2018/06/11 9:0 p.m.373 views

CVE-2018-5146

CVE-2018-5146 describes an out-of-bounds memory write in Vorbis audio data processing. Affected are Mozilla Firefox (<59.0.1), Firefox ESR (<52.7.2), and Thunderbird (

8.8CVSS7AI score0.12054EPSS
CVE
CVE
added 2023/06/02 12:0 a.m.372 views

CVE-2023-32205

CVE-2023-32205 affects Firefox (versions < 113), Firefox ESR (< 102.11), and Thunderbird (

4.3CVSS5.8AI score0.00631EPSS
CVE
CVE
added 2019/04/26 4:13 p.m.371 views

CVE-2019-9791

CVE-2019-9791 affects Thunderbird and Firefox (including Firefox ESR) and stems from the IonMonkey JIT: type confusion for constructors entered via on-stack replacement. The advisory notes that the vulnerability can enable arbitrary reading/writing of objects during an exploitable crash, with fix...

9.8CVSS9.3AI score0.19762EPSS
CVE
CVE
added 2023/08/01 2:57 p.m.371 views

CVE-2023-4047

CVE-2023-4047 is a vulnerability in Firefox popup notifications delay calculation that could allow an attacker to trick a user into granting permissions. The issue affects Firefox < 116, Firefox ESR < 102.14, and Firefox ESR

8.8CVSS8.6AI score0.00582EPSS
CVE
CVE
added 2020/03/25 9:12 p.m.366 views

CVE-2020-6811

CVE-2020-6811 concerns Mozilla Firefox/Thunderbird where Devtools Network tab’s Copy as cURL did not properly escape the HTTP method. The underlying issue could allow command injection if the generated curl command is pasted into a terminal. Public advisories indicate affected products include Th...

8.8CVSS9.1AI score0.03191EPSS
CVE
CVE
added 2019/09/27 5:19 p.m.365 views

CVE-2019-11740

CVE-2019-11740 corresponds to memory-safety bugs in Firefox 68/ESR 68 and Firefox 60.8, with potential for arbitrary code execution. According to the consolidated sources, affected products include Firefox < 69, Thunderbird < 68.1/60.9, and Firefox ESR

8.8CVSS9.4AI score0.01643EPSS
CVE
CVE
added 2024/03/19 12:2 p.m.365 views

CVE-2024-2610

CVE-2024-2610 involves a markup-injection issue that could leak CSP nonces, enabling CSP policy leakage. Affected: Firefox <124, Firefox ESR <115.9, Thunderbird

6.1CVSS7AI score0.00704EPSS
CVE
CVE
added 2023/07/12 1:45 p.m.363 views

CVE-2023-3600

CVE-2023-3600 affects Firefox (all channels) < 115.0.2, Firefox ESR < 115.0.2, and Thunderbird

8.8CVSS7.8AI score0.00634EPSS
CVE
CVE
added 2023/08/01 2:57 p.m.363 views

CVE-2023-4046

CVE-2023-4046 corresponds to a bug where an incorrect value used during WASM JIT compilation could cause a stale global variable to influence compilation, yielding an exploitable crash in the content process. The vulnerability affects Firefox plus ESR branches: Firefox < 116, ESR < 102.14, ...

5.3CVSS6.9AI score0.01007EPSS
CVE
CVE
added 2021/11/03 12:3 a.m.362 views

CVE-2021-38493

CVE-2021-38493 covers memory-safety bugs in Mozilla Firefox 91/ESR 78.13 (and Thunderbird <78.14) that could lead to memory corruption and potentially arbitrary code execution. Affected: Firefox ESR <78.14, Thunderbird <78.14, and Firefox

8.8CVSS9.1AI score0.01205EPSS
CVE
CVE
added 2023/08/01 3:1 p.m.362 views

CVE-2023-4057

CVE-2023-4057 affects Firefox (115 and ESR 115.x) and Thunderbird 115.x. The connected sources confirm memory-safety bugs in Firefox/Thunderbird that could allow memory corruption and, with sufficient effort, arbitrary code execution. The documented impact states affected versions are Firefox &lt...

9.8CVSS9.8AI score0.00732EPSS
CVE
CVE
added 2019/09/27 5:17 p.m.361 views

CVE-2019-11744

CVE-2019-11744 concerns an XSS in HTML elements such as and where literal angle brackets can be left unescaped, allowing a crafted closing tag to be injected via innerHTML and make subsequent content appear outside the tag. Affected products include Firefox (versions before 69), Thunderbird (be...

6.1CVSS6.6AI score0.0145EPSS
CVE
CVE
added 2019/04/26 4:13 p.m.360 views

CVE-2019-9792

The CVE-2019-9792 issue is an IonMonkey JIT leak in Firefox/Thunderbird where the JS_OPTIMIZED_OUT magic value is leaked during bailout, enabling memory corruption and potentially a crash. Affected: Thunderbird < 60.6, Firefox ESR < 60.6, Firefox

9.8CVSS9.1AI score0.13197EPSS
CVE
CVE
added 2025/01/07 4:7 p.m.360 views

CVE-2025-0242

The connected documents confirm CVE-2025-0242 involves memory safety bugs in Firefox and Thunderbird (including ESR branches) with evidence of memory corruption and potential arbitrary code execution given sufficient effort. Affected products and versions stated: Firefox < 134, Firefox ESR &lt...

6.5CVSS7AI score0.1307EPSS
CVE
CVE
added 2023/08/01 2:56 p.m.359 views

CVE-2023-4045

CVE-2023-4045 involves Offscreen Canvas cross-origin taint tracking in Firefox and ESR branches. Affects Firefox < 116 and ESR

5.3CVSS6.8AI score0.00527EPSS
CVE
CVE
added 2024/03/19 12:2 p.m.359 views

CVE-2024-2607

CVE-2024-2607 is a concrete issue affecting Mozilla Firefox/Thunderbird components on Armv7-A: return registers may be overwritten during JIT/return handling , potentially enabling arbitrary code execution. The CVE is referenced in multiple advisories (Debian, AlmaLinux, CentOS) with explicit fix...

8.1CVSS7.2AI score0.01107EPSS
CVE
CVE
added 2024/10/01 3:13 p.m.357 views

CVE-2024-9400

A memory corruption vulnerability (CVE-2024-9400) can be triggered by triggering an OOM at a specific moment during JIT compilation, affecting Firefox versions before 131, Firefox ESR before 128.3, Thunderbird before 128.3, and Thunderbird before 131. The issue has been acknowledged in multiple a...

8.8CVSS6.4AI score0.00474EPSS
CVE
CVE
added 2023/06/02 12:0 a.m.356 views

CVE-2023-23598

CVE-2023-23598 describes an Arbitrary file read via GTK drag-and-drop in Firefox/Thunderbird where the GTK wrapper uses text/plain for drag data; GTK treats text/plain MIMEs with file URLs as dragged, enabling DataTransfer.setData to read local files. Affected versions: Firefox < 109, Firefox ...

6.5CVSS6.8AI score0.00641EPSS
CVE
CVE
added 2024/11/26 1:33 p.m.356 views

CVE-2024-11694

The CVE-2024-11694 issue is a CSP frame-src bypass and DOM-based XSS stemming from Enhanced Tracking Protection in Mozilla products via the Web Compatibility extension’s Google SafeFrame shim. Affected: Firefox versions <133, Firefox ESR <128.5, Firefox ESR <115.18, Thunderbird <133, ...

6.1CVSS6.3AI score0.00499EPSS
CVE
CVE
added 2024/05/14 5:21 p.m.355 views

CVE-2024-4767

CVE-2024-4767 is a fault in Firefox/Thunderbird where IndexedDB files were not properly deleted when a window closed if browser.privatebrowsing.autostart is enabled. Affected products include Firefox versions older than 126, Firefox ESR older than 115.11, and Thunderbird older than 115.11. The is...

4.3CVSS5.7AI score0.00488EPSS
CVE
CVE
added 2021/11/03 12:4 a.m.354 views

CVE-2021-29991

CVE-2021-29991 affects Mozilla Firefox and Mozilla Thunderbird. The issue arises when Firefox incorrectly accepts a newline in an HTTP/3 header, treating it as two separate headers, enabling a header-splitting scenario for servers using HTTP/3. Affected versions are Firefox < 91.0.1 and Thunde...

8.1CVSS7.7AI score0.00885EPSS
CVE
CVE
added 2023/08/01 3:1 p.m.354 views

CVE-2023-4055

CVE-2023-4055 concerns cookies per domain in the browser’s cookie jar. When domain cookie count exceeded, the actual sent cookie jar could diverge from the expected state, causing some cookies to be missing from requests. This affects Firefox < 116, Firefox ESR < 102.14, and Firefox ESR

7.5CVSS7.9AI score0.00614EPSS
CVE
CVE
added 2024/11/26 1:34 p.m.353 views

CVE-2024-11699

CVE-2024-11699 describes memory-safety bugs in Mozilla Firefox 132, Firefox ESR 128.4, and Thunderbird 128.4 that could allow arbitrary code execution; vulnerable when running Firefox <133, Firefox ESR <128.5, Thunderbird <133, or Thunderbird

8.8CVSS7.3AI score0.00686EPSS
CVE
CVE
added 2020/03/02 4:5 a.m.352 views

CVE-2020-6798

CVE-2020-6798 involves incorrect parsing when a template tag is used inside a select tag, enabling JavaScript injection under browser-like contexts. The vulnerability affects Thunderbird versions prior to 68.5 (and Firefox before 73 / ESR 68.5); exploitation is discussed in the context of cross-s...

6.1CVSS6.6AI score0.02056EPSS
CVE
CVE
added 2024/05/14 5:21 p.m.352 views

CVE-2024-4770

CVE-2024-4770 is a memory-safety use-after-free issue in PDF rendering when saving a page to PDF, reported for Firefox <126, Firefox ESR <115.11, and Thunderbird

8.8CVSS5.7AI score0.00587EPSS
CVE
CVE
added 2025/02/04 1:58 p.m.351 views

CVE-2025-1010

A CVE entry (CVE-2025-1010) describes a use-after-free via the Custom Highlight API that could lead to a crash. Affected products/versions include: Firefox fixed in 135, Firefox ESR fixed in 115.20 and 128.7, Thunderbird fixed in 128.7 and 135, and Thunderbird ESR variants similarly updated. The ...

9.8CVSS7.3AI score0.00451EPSS
CVE
CVE
added 2021/08/17 7:12 p.m.350 views

CVE-2021-29980

CVE-2021-29980 is a memory safety issue caused by uninitialized memory in a canvas object, potentially enabling memory corruption and a crash. Documents show affected products include Thunderbird and Firefox variants: Thunderbird 78.x/91.x and Firefox ESR 78.x as well as Firefox

8.8CVSS8.7AI score0.01406EPSS
CVE
CVE
added 2021/02/26 1:57 a.m.348 views

CVE-2021-23969

The CVE-2021-23969 entry concerns a Content Security Policy (CSP) violation report handling issue in Firefox and related Mozilla products. Affected components: Firefox (and Thunderbird) CSP violation reporting when redirects occur. Root cause: during certain redirects, the reporter could set the ...

4.3CVSS5.6AI score0.01212EPSS
CVE
CVE
added 2023/08/01 3:1 p.m.347 views

CVE-2023-4056

Memory safety bugs in Firefox 115/Thunderbird 115 and older (Firefox <116, ESR <102.14/115.1; Thunderbird

9.8CVSS10AI score0.00849EPSS
CVE
CVE
added 2024/11/26 1:33 p.m.347 views

CVE-2024-11704

CVE-2024-11704 is a double-free in sec_pkcs7_decoder_start_decrypt() triggered on an error path, potentially leading to memory corruption. Affected products include Firefox < 133, Thunderbird < 133, Firefox ESR < 128.7, and Thunderbird

9.8CVSS5.9AI score0.00919EPSS
CVE
CVE
added 2024/06/11 12:40 p.m.347 views

CVE-2024-5688

CVE-2024-5688 is a use-after-free in object transplant triggered by garbage collection timing, affecting Firefox versions before 127 and Firefox ESR before 115.12, and Thunderbird before 115.12. Root cause: memory safety issue during object transplant that can lead to heap corruption if GC runs a...

8.1CVSS5.4AI score0.0107EPSS
CVE
CVE
added 2019/07/23 1:18 p.m.346 views

CVE-2019-11713

CVE-2019-11713 is a use-after-free in HTTP/2 when a cached stream is closed while still in use, leading to a potentially exploitable crash. Affected products include Firefox ESR < 60.8, Firefox < 68, and Thunderbird

9.8CVSS9.3AI score0.02149EPSS
CVE
CVE
added 2019/09/27 5:14 p.m.346 views

CVE-2019-11752

CVE-2019-11752 is a use-after-free in IndexedDB: deleting a key value during conversion may allow a crash and potential exploitation. Affected products include Firefox versions before 69 and Thunderbird versions before 68.1/60.9 (and corresponding ESR lines). Several connected advisories note fix...

9.3CVSS8.6AI score0.0216EPSS
CVE
CVE
added 2020/10/08 12:0 a.m.346 views

CVE-2020-12401

CVE-2020-12401: In ECDSA signature generation, padding used to ensure constant-time scalar multiplication was removed, causing variable-time execution based on secret data. Affected: Firefox < 80 and Firefox for Android

4.7CVSS5.6AI score0.00323EPSS
CVE
CVE
added 2022/12/22 12:0 a.m.343 views

CVE-2022-1887

CVE-2022-1887: A SQL injection vulnerability in Firefox for iOS, triggered when the search term is supplied externally, affects Firefox for iOS versions prior to 101. The NVD and Red Hat entries confirm the issue and describe the impact as high confidentiality, integrity, and availability risk (C...

9.8CVSS9.2AI score0.00581EPSS
Total number of security vulnerabilities1887