1887 matches found
CVE-2024-5701
CVE-2024-5701 is tied to memory safety bugs in Mozilla Firefox, affecting Firefox versions earlier than 127. The connected sources describe memory corruption risks with potential for arbitrary code execution and indicate the vulnerability is present in Firefox 126 (and affects Firefox
CVE-2024-8897
Technical details about CVE-2024-8897 are not publicly available in the provided documents; no specifics on affected products, versions, impact, or remediation are given here.
CVE-2024-9401
CVE-2024-9401 affects Firefox and Thunderbird memory-safety bugs (memory corruption) in Firefox 130, ESR 115.15, ESR 128.2, and Thunderbird 128.2; vulnerable ranges extend to Firefox < 131, ESR < 128.3, ESR < 115.16, Thunderbird < 128.3, and Thunderbird
CVE-2018-18505
CVE-2018-18505 concerns an IPC privilege-escalation in Mozilla products where an authentication added during IPC process creation is not applied to channels created later, enabling potential sandbox escape through IPC channels. Public advisories tie this to Thunderbird and Firefox releases prior ...
CVE-2019-9813
CVE-2019-9813 describes an IonMonkey JIT type confusion caused by incorrect handling of proto mutations, enabling potential arbitrary memory read/write. Affected products include Firefox prior to 66.0.1, Firefox ESR prior to 60.6.1, and Thunderbird prior to 60.6.1. The underlying issue is a type-...
CVE-2021-29988
The CVE-2021-29988 issue is a memory safety vulnerability in Mozilla code where Firefox incorrectly treated an inline list-item as a block element, leading to an out-of-bounds read or memory corruption and a potentially exploitable crash. Affected products and versions: Thunderbird < 78.13 and...
CVE-2024-5690
Vulnerability CVE-2024-5690 affects Mozilla Firefox and Thunderbird components via a timing-attack on external protocol handler detection. Affected products explicitly include Firefox < 127, Firefox ESR < 115.12, and Thunderbird
CVE-2024-5697
CVE-2024-5697 : A website could detect when a user took a page screenshot via Firefox’s built-in Screenshot feature. Affected: Firefox versions before 127. The connected documents confirm Firefox as the vulnerable product and the issue as a UI/behavioral flaw; no exploitation details or in-the-wi...
CVE-2020-15683
CVE-2020-15683 : Mozilla Firefox and Thunderbird memory-safety issues reported affecting Firefox ESR < 78.4, Firefox < 82, and Thunderbird
CVE-2024-5698
CVE-2024-5698 affects Mozilla Firefox prior to version 127, where manipulating the fullscreen feature when opening a data-list could overlay a text box on the address bar, enabling user confusion and potential spoofing. The issue is confirmed across multiple sources (Mozilla advisories and vendor...
CVE-2025-1017
CVE-2025-1017: Memory-safety bugs in Firefox 134/THUNDERBIRD 134 (and related ESR) with potential for arbitrary code execution. Affects Firefox <135, Firefox ESR <128.7, Thunderbird
CVE-2021-29976
CVE-2021-29976 is a memory-safety issue affecting Mozilla code shared by Firefox and Thunderbird. The advisory details indicate memory-safety bugs that could be exploited to run arbitrary code, impacting Thunderbird < 78.12, Firefox ESR < 78.12, and Firefox
CVE-2022-34478
Summary: CVE-2022-34478 affects Thunderbird on Windows, where the ms-msdt, search, and search-ms protocols could deliver content to Microsoft apps via prompts opened by user interaction. The underlying risk is exploitation of a prompt-based handling in these protocols that bypasses the browser. T...
CVE-2024-5699
CVE-2024-5699 affects Mozilla Firefox prior to version 127. The issue arises from cookie prefixes such as __Secure being ignored when capitalization isn’t correct, contrary to the spec that requires a case-insensitive check. This could allow behaviors not being honored as defined by the prefix, w...
CVE-2021-23984
The CVE-2021-23984 entry describes a vulnerability in which a malicious extension could open a popup window without an address bar, allowing spoofing of a site and credential theft. Affected products include Firefox ESR < 78.9, Firefox < 87, and Thunderbird
CVE-2024-6603
The CVE-2024-6603 entry describes an out-of-memory scenario where an allocation can fail but the pointer is free’d afterward, leading to memory corruption. Affected software: Firefox < 128, Firefox ESR < 115.13, Thunderbird < 115.13, and Thunderbird
CVE-2024-6611
In CVE-2024-6611, a nested iframe could trigger cross-site navigation and allow cookies with SameSite=Strict or Lax to be sent. Affected products are Mozilla Firefox and Thunderbird prior to version 128. root cause: improper handling of SameSite cookies in nested iframes; impact includes potentia...
CVE-2025-1012
CVE-2025-1012 describes a race during concurrent delazification that can cause a use-after-free in Firefox and Thunderbird. Affected products include Firefox <135, Firefox ESR <115.20, Firefox ESR <128.7, Thunderbird <128.7, and Thunderbird
CVE-2025-1020
The CVE-2025-1020 entries concern memory safety bugs in Mozilla Firefox 134 and Thunderbird 134. The connected sources confirm memory-safety issues that could lead to memory corruption, with the potential to execute arbitrary code, and apply to Firefox versions before 135 and Thunderbird versions...
CVE-2019-11730
CVE-2019-11730 describes a same-origin policy violation where opening a locally saved HTML file could allow file: URIs to access files in the same directory or subdirectories, enabling the Fetch API to read contents and potentially exfiltrate them. The issue affects Firefox ESR < 60.8, Firefox...
CVE-2019-11743
CVE-2019-11743 describes cross-origin access to unload event attributes, enabling timing-side-channel exposure of history in certain browsers. Connected docs confirm affected products and versions, with fixes noted in Thunderbird updates (e.g., Thunderbird 60.9.0) and Firefox/ESR advisories addre...
CVE-2019-9800
CVE-2019-9800 is supported by multiple connected advisories indicating memory safety bugs in Mozilla products (Thunderbird 60.x, Firefox ESR 60.x, Firefox 66–67 range) that could allow arbitrary code execution. The root cause is memory safety issues leading to memory corruption; affected versions...
CVE-2020-6797
CVE-2020-6797 describes a macOS-specific issue where downloading a file with the .fileloc extension could cause a semi-privileged extension to launch an arbitrary application on the user’s Mac. The attacker is constrained by the ability to download only quarantined files and cannot pass command-l...
CVE-2020-6829
CVE-2020-6829 is a vulnerability in NSS (Network Security Services) libraries (nss, nss-util, nss-softokn, nspr) where the wNAF scalar point multiplication during ECDSA signature generation leaks partial nonce information. This side-channel can enable an attacker with electromagnetic traces from ...
CVE-2021-23981
CVE-2021-23981 describes a memory-safety issue in WebGL where uploading a Texture into a Pixel Buffer Object could confuse WebGL and skip binding the buffer used to unpack it, leading to an out-of-bounds read and potential information leak or crash. Affected software includes Firefox ESR < 78....
CVE-2023-6209
CVE-2023-6209 corresponds to a parsing vulnerability where relative URLs starting with three slashes and a "/../" path could override the specified host, potentially enabling security issues on affected sites. The issue is documented for Firefox and Thunderbird, with affected versions cited as Fi...
CVE-2024-10459
CVE-2024-10459 is a use-after-free vulnerability triggered when accessibility features are enabled, potentially causing a crash. The issue affects Firefox versions earlier than 132, Firefox ESR prior to 128.4 and 115.17, and Thunderbird versions earlier than 132 or 128.4, as noted across multiple...
CVE-2024-11698
CVE-2024-11698 is a macOS-specific fullscreen lock-up in Firefox/Thunderbird when a modal dialog interrupts a fullscreen transition. Affected products are Firefox and Thunderbird desktop releases older than Firefox 133, Firefox ESR 128.5, Thunderbird 133, and Thunderbird ESR 128.5. The issue can ...
CVE-2025-1016
CVE-2025-1016 corresponds to memory-safety bugs in Firefox 134/Thunderbird 134 (and ESR lines) that could allow arbitrary code execution. Affected: Firefox <135, Firefox ESR <115.20/128.7, Thunderbird
CVE-2019-11742
CVE-2019-11742 describes a same-origin policy violation enabling theft of cross-origin images via a combination of SVG filters and a element, due to an error in how cached image content is treated. Affected: Firefox versions before 69, Thunderbird before 68.1 (and before 60.9 for ESR branches), ...
CVE-2020-6814
CVE-2020-6814 refers to memory-safety bugs in Mozilla Firefox and Thunderbird (68.5 timeframe) with potential to run arbitrary code. Affected products/versions: Thunderbird < 68.6, Firefox < 74, Firefox ESR < 68.6, and Firefox ESR
CVE-2021-29984
CVE-2021-29984 involves instruction reordering that allowed a GC-related object misevaluation, causing memory corruption and potentially exploitable crashes in Mozilla components. Affected products include Thunderbird and Firefox ESR/Firefox releases prior to 78.13/91; the exploit would require m...
CVE-2024-5692
The CVE-2024-5692 entry affects Mozilla Firefox and Thunderbird on Windows 10, where the Save As flow could bypass filename extension restrictions by including an invalid character in the extension, enabling saving with a disallowed extension like .url. Connected Mozilla advisories (MFSA) corrobo...
CVE-2024-6607
CVE-2024-6607 affects Mozilla Firefox (pre-128) and Mozilla Thunderbird (pre-128). The issue allows a user flow disruption where a user can be prevented from exiting pointerlock by pressing Escape and can overlay customValidity notifications from a element over permission prompts, potentially co...
CVE-2025-0240
CVE-2025-0240 affects Mozilla Firefox and Thunderbird (Firefox < 134, Firefox ESR < 128.6, Thunderbird < 134, Thunderbird
CVE-2019-11717
CVE-2019-11717 affects Firefox ESR <60.8, Firefox <68, and Thunderbird
CVE-2019-11746
CVE-2019-11746 is a use-after-free in video element handling that can cause a crash. Public sources in connected advisories confirm impact on Firefox versions below 69, Thunderbird <68.1 and <60.9 (and ESR branches
CVE-2020-12392
CVE-2020-12392 is a local vulnerability in Mozilla products where the “Copy as cURL” feature in DevTools network tab could improperly escape HTTP POST data, enabling potential arbitrary local file disclosure when the generated curl command is pasted and run. Affected are Firefox ESR < 68.8, Fi...
CVE-2019-17011
CVE-2019-17011 : A race condition in DocShell antitracking can cause a use-after-free and potentially crash the process. Affected: Thunderbird < 68.3, Firefox ESR < 68.3, Firefox
CVE-2024-11696
CVE-2024-11696 describes an Unhandled Exception in Add-on Signature Verification due to how loadManifestFromFile handles invalid/unsupported extension manifests, potentially bypassing enforcement of signature validation for unrelated Firefox/Thunderbird add-ons. Affected software and versions per...
CVE-2024-5687
CVE-2024-5687 affects Mozilla Firefox for Android (Firefox
CVE-2024-6614
CVE-2024-6614 impacts Mozilla Firefox and Thunderbird before version 128, where the frame iterator could loop when processing certain wasm frames, causing incorrect stack traces. The issue, confirmed in Mozilla advisories, is addressed by upgrading to the 128.* release series (Firefox 128 / Thund...
CVE-2025-0239
CVE-2025-0239 affects Mozilla Firefox and Thunderbird components via Alt-Svc with ALPN: certificates were not properly validated when the original server redirects to an insecure site. Affected versions are Firefox < 134, Firefox ESR < 128.6, Thunderbird < 134, and Thunderbird
CVE-2019-9795
CVE-2019-9795 describes a vulnerability in the IonMonkey JIT compiler where a type-confusion could be exploited by malicious JavaScript to trigger a crash. Public references indicate affected products include Thunderbird < 60.6, Firefox ESR < 60.6, and Firefox
CVE-2024-11693
The CVE-2024-11693 issue is a Windows-only vulnerability in Mozilla Firefox/Thunderbird where the executable warning was not shown when downloading .library-ms files. Affected products and versions are Firefox < 133, Firefox ESR < 128.5, Thunderbird < 133, and Thunderbird
CVE-2024-4769
CVE-2024-4769 : In Firefox and Thunderbird, Web Workers handling could reveal cross-origin information by distinguishing between responses with the content-type application/javascript vs non-script types. This could lead to information disclosure across origins. Affected products are Firefox befo...
CVE-2024-8385
CVE-2024-8385 is a WASM type confusion vulnerability caused by how StructFields and ArrayTypes are handled. Affects Firefox (versions before 130) and Firefox ESR (before 128.2) and Thunderbird (before 128.2). Exploitation could lead to high-impact outcomes per the CVE. Remediation in the public d...
CVE-2025-1014
CVE-2025-1014 describes that a certificate length check was not properly performed when adding certificates to a store, leading to exposure where processing could rely on untrusted data. The initial entry lists affected products as Firefox < 135, Firefox ESR < 128.7, Thunderbird < 128.7,...
CVE-2018-18500
CVE-2018-18500 is a use-after-free in the HTML5 stream parser when handling custom HTML elements, causing the parser object to be freed while still in use. Affected products include Thunderbird < 60.5, Firefox ESR < 60.5, and Firefox
CVE-2019-11712
CVE-2019-11712 describes a vulnerability where NPAPI plugins (e.g., Flash) performing POST requests that follow a 308 redirect can bypass CORS, enabling CSRF. Affected products include Mozilla Firefox ESR < 60.8, Firefox < 68, and Thunderbird