Lucene search
+L

1887 matches found

CVE
CVE
added 2019/02/05 9:0 p.m.313 views

CVE-2018-18500

CVE-2018-18500 is a use-after-free in the HTML5 stream parser when handling custom HTML elements, causing the parser object to be freed while still in use. Affected products include Thunderbird < 60.5, Firefox ESR < 60.5, and Firefox

9.8CVSS7.1AI score0.12658EPSS
CVE
CVE
added 2019/09/27 5:22 p.m.313 views

CVE-2019-11733

CVE-2019-11733 affects Firefox before 68.0.2 (and ESR before 68.0.2). When a master password is set, stored passwords in the Saved Logins dialog could be copied to the clipboard via the copy password action without re-entering the master password in the same session, enabling potential theft of s...

9.8CVSS8.7AI score0.01411EPSS
CVE
CVE
added 2019/07/23 1:23 p.m.313 views

CVE-2019-9819

The CVE-2019-9819 issue is a JavaScript compartment mismatch involving the fetch API that can cause a crash. Affected products include Thunderbird (and Firefox components) with versions below 60.7 for Thunderbird and below 67 for Firefox/Firefox ESR; impact is described as potentially exploitable...

9.8CVSS6.1AI score0.01685EPSS
CVE
CVE
added 2024/06/11 12:40 p.m.313 views

CVE-2024-5693

Offscreen Canvas cross-origin tainting tracked incorrectly, enabling potential access to image data from other sites. Affected: Firefox <127, Firefox ESR <115.12, Thunderbird

6.1CVSS5.2AI score0.00573EPSS
CVE
CVE
added 2019/07/23 1:19 p.m.312 views

CVE-2019-11712

CVE-2019-11712 describes a vulnerability where NPAPI plugins (e.g., Flash) performing POST requests that follow a 308 redirect can bypass CORS, enabling CSRF. Affected products include Mozilla Firefox ESR < 60.8, Firefox < 68, and Thunderbird

8.8CVSS8.8AI score0.01047EPSS
CVE
CVE
added 2021/06/24 1:25 p.m.312 views

CVE-2021-23999

CVE-2021-23999 describes a sandbox/privilege issue where a Blob URL loaded via an unusual user interaction could be executed with System Principal privileges, affecting Firefox ESR < 78.10, Thunderbird < 78.10, and Firefox

8.8CVSS6.4AI score0.01279EPSS
CVE
CVE
added 2024/05/14 5:21 p.m.312 views

CVE-2024-4777

CVE-2024-4777 concerns memory-safety bugs in Firefox 125, Firefox ESR 115.10, and Thunderbird 115.10, potentially allowing arbitrary code execution. Public sources in connected documents confirm affected products and versions: Firefox < 126, Firefox ESR < 115.11, and Thunderbird

8.8CVSS7AI score0.00536EPSS
CVE
CVE
added 2025/01/07 4:7 p.m.312 views

CVE-2025-0245

CVE-2025-0245 affects Firefox before version 134. The issue is that an opt-in authentication setting could be bypassed under certain circumstances, enabling local access without proper authentication and with user interaction required. Root cause details are not fully disclosed in the provided do...

3.3CVSS5.9AI score0.00284EPSS
CVE
CVE
added 2021/06/24 1:25 p.m.311 views

CVE-2021-23998

CVE-2021-23998 describes a content spoofing vulnerability in Firefox/Thunderbird: through complex navigation involving new windows, an HTTP page could inherit the lock icon from an HTTPS page. Affected products are Firefox ESR < 78.10, Thunderbird < 78.10, and Firefox

6.5CVSS6.3AI score0.00554EPSS
CVE
CVE
added 2023/06/02 12:0 a.m.311 views

CVE-2023-23601

CVE-2023-23601 is a browser navigation/vulnerability caused by dragging a URL from a cross-origin iframe into the same tab, enabling potential spoofing. Public records confirm impact on Firefox (less than 109) and Firefox ESR (less than 102.7) and Thunderbird (less than 102.7). Multiple advisorie...

6.5CVSS6.6AI score0.00347EPSS
CVE
CVE
added 2023/06/02 12:0 a.m.311 views

CVE-2023-23603

CVE-2023-23603 describes that Regular expressions used to filter forbidden properties/values from style directives in calls to console.log did not account for external URLs, enabling potential data exfiltration from the browser. Affected: Firefox <= 108/109 and Firefox ESR <= 102.7, Thunder...

6.5CVSS7AI score0.00641EPSS
CVE
CVE
added 2024/07/09 2:25 p.m.311 views

CVE-2024-6609

The CVE-2024-6609 entry concerns NSS memory management: when memory is nearly exhausted, an elliptic curve key that was never allocated could be freed again, potentially enabling memory corruption or related instability. Affected products cited in connected docs include Mozilla Firefox and Mozill...

8.8CVSS8.8AI score0.00576EPSS
CVE
CVE
added 2024/09/03 12:32 p.m.311 views

CVE-2024-8382

The CVE-2024-8382 entry describes a vulnerability where privileged EventHandler interfaces were exposed to web content during execution of their listener callbacks. Affected software includes Firefox (less than 130; ESR <128.2 and ESR

8.8CVSS8.3AI score0.00561EPSS
CVE
CVE
added 2019/07/23 1:23 p.m.310 views

CVE-2019-11692

CVE-2019-11692 is a use-after-free in the event listener manager that can occur when listeners are removed while still in use, causing a crash in Thunderbird <=60.6.x/60.7.0, Firefox <=66-67 (and ESR

9.8CVSS6.3AI score0.01603EPSS
CVE
CVE
added 2020/05/26 4:58 p.m.310 views

CVE-2020-12395

CVE-2020-12395 refers to memory-safety bugs reported in Mozilla Firefox and Thunderbird. Mozilla noted memory corruption in bugs affecting Firefox 75/ESR 68.7 and stated that with enough effort some bugs could be exploited to run arbitrary code. The vulnerability impacts Firefox ESR < 68.8, Fi...

10CVSS9.8AI score0.02259EPSS
CVE
CVE
added 2024/10/29 12:19 p.m.310 views

CVE-2024-10466

CVE-2024-10466: A specially crafted push message can hang the parent process, making the browser unresponsive. Affected: Firefox < 132, Firefox ESR < 128.4, Thunderbird

7.5CVSS6.2AI score0.00809EPSS
CVE
CVE
added 2024/07/09 2:25 p.m.310 views

CVE-2024-6610

The CVE-2024-6610 issue is disclosed across multiple sources as a UI vulnerability in Mozilla Firefox and Thunderbird prior to version 128, caused by form validation popups that can capture escape key presses and block exiting full-screen mode. Affected products: Firefox <128 and Thunderbird

6.3CVSS8.6AI score0.00342EPSS
CVE
CVE
added 2020/10/08 12:0 a.m.309 views

CVE-2020-12400

CVE-2020-12400 is an NSS-related timing vulnerability affecting Firefox < 80 and Firefox for Android

4.7CVSS5.7AI score0.00268EPSS
CVE
CVE
added 2021/03/31 1:40 p.m.309 views

CVE-2021-23987

CVE-2021-23987 corresponds to memory safety bugs reported in Mozilla Firefox (including Firefox ESR 78.8 branch) that could allow memory corruption and potentially arbitrary code execution. The CVE is stated to affect Firefox ESR < 78.9, Firefox < 87, and Thunderbird

8.8CVSS9.1AI score0.01404EPSS
CVE
CVE
added 2021/12/08 9:21 p.m.309 views

CVE-2021-38504

The CVE-2021-38504 issue is a real vulnerability affecting Firefox < 94, Thunderbird < 91.3, and Firefox ESR

8.8CVSS9AI score0.01586EPSS
CVE
CVE
added 2024/11/26 1:33 p.m.309 views

CVE-2024-11692

CVE-2024-11692 describes a spoofing-related issue in Mozilla Firefox/Thunderbird where a select dropdown could be rendered over another tab, causing user confusion. The vulnerability affects Firefox versions before 133, Firefox ESR before 128.5, Thunderbird before 133, and Thunderbird before 128....

4.3CVSS6AI score0.00473EPSS
CVE
CVE
added 2024/06/11 12:40 p.m.309 views

CVE-2024-5695

CVE-2024-5695 describes an out-of-memory condition in Mozilla Firefox’s probabilistic heap checker allocations that could trigger an assertion and, in rarer cases, memory corruption. Affected software: Firefox versions older than 127. The root cause is tied to the probabilistic heap checker alloc...

9.8CVSS6.7AI score0.00577EPSS
CVE
CVE
added 2024/06/13 8:1 p.m.308 views

CVE-2024-38312

Concisely: CVE-2024-38312 affects Firefox for iOS versions before 127. When private tabs are used, location history data and webpage thumbnails could be persisted in the sandboxed app bundle after termination, exposing potentially sensitive information. Exploitation details are not provided in th...

6.5CVSS6.3AI score0.00292EPSS
CVE
CVE
added 2024/07/09 2:26 p.m.308 views

CVE-2024-6613

CVE-2024-6613 affects Mozilla Firefox and Thunderbird. The issue is a bug in the frame/stack handling, where the frame iterator can loop when encountering certain wasm frames, causing incorrect stack traces. Affected products are Firefox <128 and Thunderbird

5.5CVSS8.6AI score0.00186EPSS
CVE
CVE
added 2025/01/07 4:7 p.m.308 views

CVE-2025-0243

CVE-2025-0243 concerns memory-safety bugs in Mozilla Firefox and Thunderbird. Affected products include Firefox 133 and Thunderbird 133, and their ESR lines (Firefox ESR 128.5, Thunderbird ESR 128.5) with exploitation potential for memory corruption that could allow executing arbitrary code. The ...

5.1CVSS6.9AI score0.00245EPSS
CVE
CVE
added 2025/02/04 1:58 p.m.308 views

CVE-2025-1018

The CVE-2025-1018 entry concerns Firefox and Thunderbird before version 135, where the fullscreen notification is prematurely hidden when fullscreen is re-requested quickly by the user. The underlying issue can allow spoofing, with a resulting impact described as partial integrity/availability co...

7.3CVSS6AI score0.00401EPSS
CVE
CVE
added 2019/07/23 1:19 p.m.307 views

CVE-2019-11711

CVE-2019-11711 involves reuse of an inner window that neglects document.domain cross-origin protections, enabling script injection across subdomains. Affected software per connected docs: Firefox ESR < 60.8, Firefox < 68, and Thunderbird

8.8CVSS8.7AI score0.01633EPSS
CVE
CVE
added 2020/03/25 9:12 p.m.307 views

CVE-2020-6812

CVE-2020-6812: Affected software includes Thunderbird

5.3CVSS6.6AI score0.01561EPSS
CVE
CVE
added 2021/06/24 1:19 p.m.307 views

CVE-2021-29946

CVE-2021-29946 affects Firefox/Thunderbird components where ports written as an integer overflow beyond 16-bit bounds could bypass port blocking when used in the Alt-Svc header. Connected advisories show the issue is labeled as port blocking bypass (access restriction bypass) with remediation via...

8.8CVSS6.5AI score0.01167EPSS
CVE
CVE
added 2024/08/06 12:38 p.m.307 views

CVE-2024-7526

The connected sources confirm CVE-2024-7526 is an ANGLE initialization bug that could allow an attacker to read uninitialized memory in affected Mozilla products. Affected software include Firefox prior to 129 and Firefox ESR prior to 115.14/128.1, Thunderbird prior to 128.1/115.14, and related c...

7.5CVSS7AI score0.0058EPSS
CVE
CVE
added 2024/08/06 12:38 p.m.307 views

CVE-2024-7527

The CVE-2024-7527 issue (use-after-free at the start of sweeping) affects Firefox <129 and Thunderbird

8.8CVSS8.2AI score0.00607EPSS
CVE
CVE
added 2024/09/03 12:32 p.m.307 views

CVE-2024-8384

CVE-2024-8384 describes a memory safety issue in the JavaScript engine’s garbage collector where cross-compartment objects could be mis-colored under certain OOM timing, leading to memory corruption. Affected products per connected sources include Firefox and Thunderbird up to specific versions: ...

9.8CVSS8.8AI score0.00719EPSS
CVE
CVE
added 2025/01/07 4:7 p.m.307 views

CVE-2025-0244

CVE-2025-0244 affects Firefox on Android prior to version 134. The issue arises when redirecting to an invalid protocol scheme, enabling an attacker to spoof the address bar. Other operating systems are unaffected. The connected sources confirm a Firefox-specific Android exposure without specifyi...

5.3CVSS6.6AI score0.06597EPSS
CVE
CVE
added 2019/07/23 1:24 p.m.306 views

CVE-2019-9816

Summary: CVE-2019-9816 is a type confusion vulnerability involving manipulation of JavaScript objects in object groups, affecting Mozilla products (Thunderbird and Firefox/Firefox ESR) and specifically related to UnboxedObjects, which are disabled by default on all supported releases. The issue i...

5.9CVSS6AI score0.06175EPSS
CVE
CVE
added 2020/12/09 12:23 a.m.306 views

CVE-2020-26960

CVE-2020-26960 is a use-after-free vulnerability caused by reallocation during Compact() on nsTArray, affecting Firefox <83, Firefox ESR <78.5, and Thunderbird

9.3CVSS8.3AI score0.01544EPSS
CVE
CVE
added 2024/10/29 12:19 p.m.306 views

CVE-2024-10465

The CVE-2024-10465 issue is confirmed in connected advisories: a clipboard “paste” button could persist across browser tabs, enabling spoofing. Affected products/versions include Firefox <132, Firefox ESR <128.4, Thunderbird <128.4, and Thunderbird

7.5CVSS6AI score0.0054EPSS
CVE
CVE
added 2024/06/11 12:40 p.m.306 views

CVE-2024-5694

The CVE-2024-5694 entry describes a use-after-free in the Firefox JavaScript engine that allows reading memory from the JavaScript string heap. Affected product: Mozilla Firefox earlier than 127. Impact: potential local memory read/unspecified escalation within the JS heap; exploitation guidance ...

7.5CVSS6.2AI score0.0047EPSS
CVE
CVE
added 2024/07/09 2:25 p.m.306 views

CVE-2024-6608

The CVE-2024-6608 issue affects Mozilla Firefox (and related Thunderbird components) where pointerlock can move the cursor from within an iframe to outside the viewport and even outside the Firefox window. Affected versions are Firefox < 128 and Thunderbird

4.3CVSS8.6AI score0.00377EPSS
CVE
CVE
added 2024/10/01 3:13 p.m.306 views

CVE-2024-9397

CVE-2024-9397 is a concrete issue: a missing delay in the directory upload UI could enable clickjacking to trick users into granting permissions. Affected products include Firefox (versions prior to 131 and ESR prior to 128.3) and Thunderbird (prior to 131/128.3). Connected advisories (ALSA/ALAS)...

6.1CVSS6.3AI score0.00351EPSS
CVE
CVE
added 2024/10/01 3:13 p.m.306 views

CVE-2024-9399

CVE-2024-9399 describes a denial-of-service in Firefox/Thunderbird caused by a website initiating a specially crafted WebTransport session that crashes the browser. Affected versions: Firefox before 131 and Firefox ESR before 128.3; Thunderbird before 128.3; Thunderbird before 131. The issue is t...

7.5CVSS6.1AI score0.00491EPSS
CVE
CVE
added 2025/01/07 4:7 p.m.306 views

CVE-2025-0238

CVE-2025-0238 describes a memory-safety issue (use-after-free) caused by a controlled failed memory allocation, potentially leading to a crash in Firefox and Thunderbird before certain versions. Affected products/versions (per connected advisories): Firefox < 134; Firefox ESR < 128.6 (and &...

5.3CVSS6.8AI score0.00811EPSS
CVE
CVE
added 2024/10/29 12:19 p.m.305 views

CVE-2024-10460

The CVE-2024-10460 issue is a data: URL-based spoofing vulnerability in an iframe that obscures the origin of an external protocol handler prompt. Affected: Firefox <132, Firefox ESR <128.4, Thunderbird <128.4, and Thunderbird

5.4CVSS6.3AI score0.00291EPSS
CVE
CVE
added 2024/10/29 12:19 p.m.305 views

CVE-2024-10463

CVE-2024-10463 : Video frames could be leaked between origins in certain scenarios. Affected products include Mozilla Firefox and Thunderbird families with versions older than Firefox 132, ESR 128.4/115.17, and Thunderbird 128.4/132.0.1. The connected advisories confirm the issue and provide reme...

7.5CVSS6.3AI score0.00701EPSS
CVE
CVE
added 2024/10/29 12:19 p.m.305 views

CVE-2024-10467

Summary (CVE-2024-10467) Memory-safety bugs in Firefox 131, Firefox ESR 128.3, and Thunderbird 128.3 have shown memory corruption with potential for arbitrary code execution. Affected: Firefox < 132, Firefox ESR < 128.4, Thunderbird < 128.4, and Thunderbird

9.8CVSS7.3AI score0.00595EPSS
CVE
CVE
added 2024/10/29 12:19 p.m.305 views

CVE-2024-10468

CVE-2024-10468 describes potential race conditions in IndexedDB that could cause memory corruption, leading to a potentially exploitable crash. Affected products are Mozilla Firefox and Mozilla Thunderbird earlier than version 132. Multiple connected sources-confirm this same issue across distrib...

9.8CVSS6.3AI score0.00395EPSS
CVE
CVE
added 2024/11/26 1:34 p.m.305 views

CVE-2024-11706

CVE-2024-11706 involves a null pointer dereference in pk12util, specifically in SEC_ASN1DecodeItem_Util, triggered by malformed input. Affected products include Firefox <= 132/133? and Thunderbird <= 132/133? The connected sources consistently cite Firefox and Thunderbird with the vulnerabi...

6.5CVSS6.3AI score0.0047EPSS
CVE
CVE
added 2024/06/13 8:1 p.m.305 views

CVE-2024-38313

CVE-2024-38313 describes a spoofing vulnerability in Firefox for iOS where, in certain scenarios, a malicious website could attempt to display a fake location URL bar to mislead users about the actual website address. The vulnerability is documented to affect Firefox for iOS versions prior to 127...

4.3CVSS6.3AI score0.00244EPSS
CVE
CVE
added 2024/07/09 2:25 p.m.305 views

CVE-2024-6605

CVE-2024-6605 affects Firefox for Android, where an immediate interaction with permission prompts can enable tapjacking. The description in sources states Firefox Android

8.8CVSS6.3AI score0.00355EPSS
CVE
CVE
added 2024/07/09 2:26 p.m.305 views

CVE-2024-6612

CVE-2024-6612 describes a CSP violation leakage in devtools that caused DNS prefetching to reveal the CSP violation. Credible sources in the provided connected documents show impact on Mozilla Firefox and Thunderbird when running versions older than 128. The vulnerability is an information disclo...

5.3CVSS6.2AI score0.00496EPSS
CVE
CVE
added 2024/08/06 12:38 p.m.305 views

CVE-2024-7531

CVE-2024-7531 involves Mozilla Firefox and Firefox ESR. The connected documents confirm the underlying vulnerability: calling PK11_Encrypt() in NSS with CKM_CHACHA20 and using the same buffer for input and output can expose plaintext on Intel Sandy Bridge CPUs. In Firefox, the impact is limited t...

6.5CVSS6.4AI score0.00434EPSS
Total number of security vulnerabilities1887