1887 matches found
CVE-2024-10464
CVE-2024-10464 refers to a vulnerability where repeated writes to history interface attributes could be exploited to cause a Denial of Service in the browser. Publicly documented impact shows affected products include Firefox below 132, Firefox ESR below 128.4, Thunderbird below 128.4, and Thunde...
CVE-2024-6600
CVE-2024-6600 describes a memory-out-of-bounds in Angle’s GLSL shader allocation on macOS when allocating more than 8192 ints in private shader memory, leading to potential memory corruption. Affected products per sources include Mozilla Firefox and Thunderbird (and ESR branches) with versions pr...
CVE-2022-1887
CVE-2022-1887: A SQL injection vulnerability in Firefox for iOS, triggered when the search term is supplied externally, affects Firefox for iOS versions prior to 101. The NVD and Red Hat entries confirm the issue and describe the impact as high confidentiality, integrity, and availability risk (C...
CVE-2023-23597
Summary: CVE-2023-23597 affects Mozilla Firefox and concerns a compromised web child process that could bypass web security opening restrictions, allowing a new child process to spawn in the file:// context and potentially read arbitrary files. The issue is described as a vulnerability in Firefox...
CVE-2024-9393
Summary: CVE-2024-9393 describes a cross-origin JavaScript execution in PDFs via a crafted multipart response, allowing access to cross-origin content under the resource://pdf.js origin. Affected software (from provided docs): Mozilla Firefox and Thunderbird (including ESR branches). Desktop Site...
CVE-2016-9905
CVE-2016-9905 is tied to a crash in EnumerateSubDocuments when adding or removing sub-documents, affecting Thunderbird and Firefox ESR prior to 45.6. The connected sources consistently identify a crash/memory safety context (e.g., use-after-free and memory corruption patterns across related CVEs)...
CVE-2021-23994
CVE-2021-23994 describes a WebGL-related memory corruption due to a framebuffer not initialized early enough, causing an out-of-bounds write. Affected products are Firefox ESR versions earlier than 78.10, Thunderbird versions earlier than 78.10, and Firefox versions earlier than 88. The root caus...
CVE-2021-29989
CVE-2021-29989 covers memory safety bugs in Firefox 90/ESR 78.12 that could lead to memory corruption and potentially arbitrary code execution; affected products include Thunderbird <78.13, Firefox ESR <78.13, and Firefox
CVE-2024-6602
CVE-2024-6602 is a memory corruption vulnerability caused by a mismatch between the allocator and deallocator in NSS. It affects Firefox < 128, Firefox ESR < 115.13, Thunderbird < 115.13, and Thunderbird
CVE-2024-2605
CVE-2024-2605 affects Firefox and related Mozilla products on Windows, where the Windows Error Reporter can be abused as a sandbox escape to run arbitrary code. The description states affected versions: Firefox < 124, Firefox ESR < 115.9, and Thunderbird
CVE-2024-2612
CVE-2024-2612 affects Firefox <124, Firefox ESR <115.9, and Thunderbird
CVE-2024-6606
CVE-2024-6606 : The issue is an out-of-bounds read in the clipboard component caused by clipboard code failing to check the index on an array access. Affected products are Mozilla Firefox and Mozilla Thunderbird, with exploitable impact on versions earlier than 128. The vulnerability is described...
CVE-2023-4049
CVE-2023-4049: Race conditions in Firefox reference counting can lead to use-after-free. Affected: Firefox <116, ESR <102.14, ESR
CVE-2023-4050
CVE-2023-4050 affects Mozilla Firefox and Firefox ESR (and related Linux distro advisories). The root cause is untrusted input streams being copied to a stack buffer without proper size checks, leading to a potentially exploitable crash that could enable sandbox escape. Public-facing details acro...
CVE-2024-9392
CVE-2024-9392 impacts Firefox and Thunderbird before version 131 (and ESR before 128.3/115.16) where a compromised content process could bypass site isolation and load cross-origin content. This could enable cross-origin access to PDF/JSON via multipart responses and, in some cases, broader arbit...
CVE-2020-6821
CVE-2020-6821: WebGL copyTexSubImage reads outside the source resource; memory that should be zero is uninitialized, enabling potential data disclosure. Affected products include Thunderbird < 68.7.0, Firefox ESR < 68.7, and Firefox
CVE-2023-25735
CVE-2023-25735 describes a use-after-free caused by cross-compartment wrappers wrapping a scripted proxy, which could cause objects from other compartments to be stored in the main compartment during unwrapping. Affected products include Firefox <110, Thunderbird <102.8, and Firefox ESR
CVE-2024-8381
CVE-2024-8381 describes a potentially exploitable type confusion triggered when looking up a property name on an object used as the with environment. Affected products include Firefox (pre-130 and ESR pre-128.2/115.15) and Thunderbird (pre-128.2/115.15). The root cause is type confusion during pr...
CVE-2024-9936
CVE-2024-9936 affects Mozilla Firefox prior to 131.0.3. The issue stems from manipulating the selection node cache, which can cause unexpected behavior and potentially an exploitable crash. Affected product: Firefox; vulnerable component: selection node cache handling; root cause: cache manipulat...
CVE-2024-5696
The CVE-2024-5696 entry concerns memory corruption caused by manipulating text in an tag, affecting Firefox < 127, Firefox ESR < 115.12, and Thunderbird
CVE-2024-7519
CVE-2024-7519 describes memory corruption due to insufficient checks when processing graphics shared memory, enabling sandbox escape. Affected products include Firefox <129, Firefox ESR <115.14, Firefox ESR <128.1, Thunderbird <128.1, and Thunderbird
CVE-2010-1205
CVE-2010-1205 is a buffer overflow in libpng (pngpread.c) that could allow remote code execution via a crafted PNG image. Affected libpng versions are prior to 1.2.44 and prior to 1.4.3. The overflow is tied to the internal copy in pngpread.c and is described across advisories mentioning memory c...
CVE-2021-29970
CVE-2021-29970 concerns a use-after-free/memory corruption issue triggered by a malicious webpage when accessibility is enabled. Affected products include Thunderbird < 78.12, Firefox ESR < 78.12, and Firefox
CVE-2019-9820
The CVE-2019-9820 issue is a use-after-free in the ChromeEventHandler by DocShell that can cause a crash in Thunderbird and Firefox (including ESR). Affected products and versions, per sources: Thunderbird < 60.7, Firefox < 67, and Firefox ESR
CVE-2020-26965
CVE-2020-26965 is a browser/password-input issue affecting Firefox (including ESR) versions older than 83/78.5 and Thunderbird older than 78.5. The problem arises when a user’s password is revealed via a “Show Password” control, and, in conjunction with a software keyboard that remembers input, t...
CVE-2021-23972
The CVE-2021-23972 entry concerns Mozilla Firefox before version 86, where a phishing technique using an HTTP-Auth-style link (e.g., https://user@target) could bypass a warning dialog if a cached redirect was involved. The issue affects Firefox clients (network attack surface) and has high impact...
CVE-2021-29985
CVE-2021-29985 is a use-after-free in media channels causing memory corruption, affecting Thunderbird (versions < 78.13 and < 91), Firefox ESR (<78.13) and Firefox (
CVE-2021-38503
The CVE-2021-38503 issue: the iframe sandbox rules were not correctly applied to XSLT stylesheets, allowing an iframe to bypass restrictions such as executing scripts or navigating the top-level frame. Affected products include Firefox (versions before 94), Thunderbird (before 91.3), and Firefox ...
CVE-2024-6601
CVE-2024-6601 describes a race condition in Mozilla products where a cross-origin container could gain permissions of the top-level origin. Affected are Firefox < 128, Firefox ESR < 115.13, Thunderbird < 115.13, and Thunderbird
CVE-2021-23953
CVE-2021-23953 concerns an information-disclosure vulnerability in the PDF handling of Mozilla Firefox (before 85.0) and Thunderbird (before 78.7), plus Firefox ESR before 78.7. The issue arises when a user opens a specially crafted PDF, which could leak cross-origin data served as chunked data. ...
CVE-2021-23973
CVE-2021-23973 describes a cross-origin loading issue in audio/video contexts where a decoding error could leak information about the resource. Affected software: Firefox versions older than 86, Thunderbird older than 78.8, and Firefox ESR older than 78.8. Public-facing details confirm this vulne...
CVE-2021-29986
CVE-2021-29986 describes a race condition in getaddrinfo that can cause memory corruption and a potentially exploitable crash on Linux. Affected products include Thunderbird and Firefox variants: Thunderbird < 78.13 and < 91, Firefox ESR < 78.13, and Firefox
CVE-2024-6615
CVE-2024-6615 relates to memory safety bugs in Mozilla Firefox and Thunderbird, with issues present in Firefox 127 and Thunderbird 127 that could lead to memory corruption and arbitrary code execution. Connected advisories (MFSA2024-32, MFSA2024-29) confirm multiple memory-safety and related issu...
CVE-2020-15664
The CVE-2020-15664 issue arises from a malicious page holding a reference to eval() from an about:blank window, allowing access to InstallTrigger and prompting users to install an extension. Affected products include Firefox < 80, Thunderbird < 78.2/68.12, Firefox ESR < 68.12/78.2, and F...
CVE-2024-4768
CVE-2024-4768 involves a bug in the interaction between popup notifications and WebAuthn that could enable a user-permission bypass in the affected Mozilla products. The concrete impact described in connected advisories applies to Firefox and Firefox ESR (and Thunderbird): an attacker could trick...
CVE-2025-0247
CVE-2025-0247 concerns memory safety bugs in Mozilla Firefox 133 and Thunderbird 133, with impact on Firefox < 134 and Thunderbird
CVE-2019-11715
CVE-2019-11715: HTML parsing error can contribute to content XSS. Affected: Firefox ESR <60.8, Firefox <68, Thunderbird
CVE-2020-6825
CVE-2020-6825 is a memory-safety issue in Mozilla Firefox/Thunderbird affecting Thunderbird < 68.7.0, Firefox ESR < 68.7, and Firefox
CVE-2024-7528
CVE-2024-7528 describes a use-after-free in IndexedDB caused by incorrect garbage collection interaction, affecting Mozilla Firefox before 129, Firefox ESR before 128.1, and Thunderbird before 128.1. Connected advisories indicate remediation by upgrading to the latest Firefox/Thunderbird versions...
CVE-2019-9788
CVE-2019-9788 affects Mozilla Thunderbird and Firefox components via memory-safety bugs that could allow arbitrary code execution. The provided documents identify memory-corruption opportunities in Thunderbird < 60.6, Firefox ESR < 60.6, and Firefox
CVE-2024-11691
CVE-2024-11691: A memory corruption/out-of-bounds write flaw in Apple GPU drivers via WebGL on Apple Silicon M-series. Affected products include Firefox and Thunderbird releases listed in MFSA advisories: Firefox <133 and ESR <128.5; Thunderbird <133 and ESR
CVE-2024-5702
The CVE-2024-5702 entry is confirmed with concrete details in connected advisories: memory corruption in the networking stack affecting Mozilla Firefox before 125, Firefox ESR before 115.12, and Thunderbird before 115.12. The root cause is memory corruption in the networking component, potentiall...
CVE-2025-1011
CVE-2025-1011 is a WebAssembly code-generation bug that could crash the affected Mozilla components and, per the connected advisories, may enable remote code execution. Public references indicate the vulnerability affects Firefox up to version 135 (and ESR 128.7) and Thunderbird up to 128.7 (and ...
CVE-2019-11691
CVE-2019-11691 is a use-after-free vulnerability in XMLHttpRequest (XHR) triggered by an event loop, causing the XHR main thread to be invoked after the object is freed. Affects Thunderbird versions < 60.7 and Firefox/Firefox ESR versions
CVE-2019-9796
CVE-2019-9796 is a use-after-free in the SMIL animation controller where double registration with the refresh driver leads to a dangling pointer after the controller is removed. Affected products include Thunderbird and Firefox (Firefox ESR < 60.6, Firefox
CVE-2020-6799
CVE-2020-6799 is a vulnerability in Mozilla Firefox where command line arguments could be injected during Firefox invocation when Firefox is the default handler for non-default filetypes and a downloaded file is opened by a third‑party application that does not sanitize URL data. The issue could ...
CVE-2020-6831
CVE-2020-6831 is a bug described in Debian security advisories as a buffer overflow in the SCTP chunk input validation in the usrsctp library. The Debian entries explicitly tie this CVE to Firefox ESR (<68.8), Firefox (<76) and Thunderbird (
CVE-2021-23982
CVE-2021-23982 is a concrete WebRTC-based information-disclosure vulnerability affecting Mozilla products. The connected documents confirm that a malicious webpage could probe an internal network’s hosts and services running on the user’s machine via WebRTC. Affected products/versions: Firefox ES...
CVE-2024-5701
CVE-2024-5701 is tied to memory safety bugs in Mozilla Firefox, affecting Firefox versions earlier than 127. The connected sources describe memory corruption risks with potential for arbitrary code execution and indicate the vulnerability is present in Firefox 126 (and affects Firefox
CVE-2019-9813
CVE-2019-9813 describes an IonMonkey JIT type confusion caused by incorrect handling of proto mutations, enabling potential arbitrary memory read/write. Affected products include Firefox prior to 66.0.1, Firefox ESR prior to 60.6.1, and Thunderbird prior to 60.6.1. The underlying issue is a type-...