Lucene search
+L

1887 matches found

CVE
CVE
added 2024/06/13 8:1 p.m.305 views

CVE-2024-38313

CVE-2024-38313 describes a spoofing vulnerability in Firefox for iOS where, in certain scenarios, a malicious website could attempt to display a fake location URL bar to mislead users about the actual website address. The vulnerability is documented to affect Firefox for iOS versions prior to 127...

4.3CVSS6.3AI score0.00244EPSS
CVE
CVE
added 2024/07/09 2:25 p.m.305 views

CVE-2024-6605

CVE-2024-6605 affects Firefox for Android, where an immediate interaction with permission prompts can enable tapjacking. The description in sources states Firefox Android

8.8CVSS6.3AI score0.00355EPSS
CVE
CVE
added 2024/10/01 3:13 p.m.305 views

CVE-2024-9402

CVE-2024-9402 concerns memory safety bugs in Firefox 130, Firefox ESR 128.2, and Thunderbird 128.2, with evidence of memory corruption that could potentially be exploited to run arbitrary code. Affected products and versions include Firefox < 131, Firefox ESR < 128.3, Thunderbird < 128.3...

9.8CVSS7.5AI score0.0061EPSS
CVE
CVE
added 2021/02/26 3:28 p.m.304 views

CVE-2021-23978

CVE-2021-23978 affects Mozilla products (Firefox and Thunderbird/Firefox ESR). The connected documents confirm memory safety bugs in Firefox 85 and ESR 78.7, with potential memory corruption that could lead to arbitrary code execution. Impact is described for Firefox < 86, Thunderbird < 78....

8.8CVSS9.1AI score0.0153EPSS
CVE
CVE
added 2024/11/26 1:33 p.m.304 views

CVE-2024-11702

CVE-2024-11702 concerns Mozilla Firefox and Mozilla Thunderbird information disclosure due to insufficient clipboard protection in Android Private Browsing mode. Affected products: Firefox and Thunderbird with versions prior to 133. Root cause: clipboard data (sensitive data such as passwords) co...

7.5CVSS5.7AI score0.00538EPSS
CVE
CVE
added 2024/06/11 12:40 p.m.304 views

CVE-2024-5689

Mozilla Firefox before 127 had multiple vulnerabilities including a UI spoofing issue where an overlay of the My Shots button could direct users to a phishing replica Firefox Screenshots page; this CVE-2024-5689 is identified in MFSA2024-25 as part of the fixes for Firefox 127. The affected produ...

4.3CVSS6.2AI score0.00398EPSS
CVE
CVE
added 2024/08/06 12:38 p.m.304 views

CVE-2024-7520

CVE-2024-7520 is a type confusion vulnerability in WebAssembly that could enable code execution. The available documents confirm impact on Mozilla Firefox (pre-129 and ESR pre-128.1) and Mozilla Thunderbird (pre-128.1). The underlying issue is a WebAssembly type confusion, with several advisories...

8.8CVSS8.2AI score0.00638EPSS
CVE
CVE
added 2024/10/01 3:13 p.m.304 views

CVE-2024-9396

The CVE-2024-9396 issue is a memory safety concern arising from cloning certain objects via the structured clone algorithm, potentially causing memory corruption. Affected products include Firefox (versions earlier than 131), Firefox ESR (earlier than 128.3), Thunderbird (earlier than 128.3), and...

8.8CVSS6.3AI score0.00549EPSS
CVE
CVE
added 2020/03/25 9:14 p.m.303 views

CVE-2020-6806

CVE-2020-6806 is a memory-safety bug causing an out-of-bounds read during promise resolution that could lead to memory corruption and a potentially exploitable crash. The vulnerability affects Thunderbird < 68.6, Firefox < 74, Firefox ESR < 68.6, and Firefox ESR

8.8CVSS9AI score0.02543EPSS
CVE
CVE
added 2024/11/26 1:34 p.m.303 views

CVE-2024-11705

The CVE-2024-11705 issue is due to NSC_DeriveKey assuming phKey is non-NULL; passing NULL leads to a segmentation fault (crash). Affected products reported across sources include Firefox and Thunderbird prior to version 133. The vulnerability description and linked advisories indicate this NULL d...

9.1CVSS6.2AI score0.00659EPSS
CVE
CVE
added 2019/07/23 1:21 p.m.302 views

CVE-2019-11698

CVE-2019-11698 concerns theft of browser history via drag-and-drop of crafted hyperlinks to bookmarks that are dragged into web content. Public documents confirm affected products and versions: Thunderbird < 60.7, Firefox < 67, and Firefox ESR

5.3CVSS5.6AI score0.01392EPSS
CVE
CVE
added 2024/11/26 1:33 p.m.302 views

CVE-2024-11695

CVE-2024-11695 describes a spoofing vulnerability in Mozilla Firefox and Thunderbird where a crafted URL containing Arabic script and whitespace could hide the page’s true origin, enabling spoofing. Affected versions: Firefox < 133 and Firefox ESR < 128.5; Thunderbird < 133 and Thunderbird

5.4CVSS6.1AI score0.00444EPSS
CVE
CVE
added 2024/11/26 1:33 p.m.302 views

CVE-2024-11700

The CVE-2024-11700 issue concerns Firefox and Thunderbird with versions earlier than 133, where tapjacking could let malicious sites synthesize user intent confirmations to launch external applications. This is described across multiple connected advisories (e.g., Gentoo GLSA references and Alpin...

8.1CVSS7.5AI score0.00488EPSS
CVE
CVE
added 2024/08/06 12:38 p.m.302 views

CVE-2024-7521

CVE-2024-7521 is a Firefox/Thunderbird vulnerability caused by incomplete WebAssembly exception handling that could lead to a use-after-free and memory corruption. Affected: Firefox <129, ESR <115.14, ESR <128.1, Thunderbird <128.1, Thunderbird

9.8CVSS8.7AI score0.00616EPSS
CVE
CVE
added 2024/08/06 12:38 p.m.302 views

CVE-2024-7522

Concrete details from connected documents show CVE-2024-7522: an editor component failed to check an attribute value, causing an out-of-bounds read. Affected products include Firefox (versions before 129) and Thunderbird (before 128.1/115.14 ESR). The issue is consistent with Mozilla advisories a...

9.1CVSS8.9AI score0.00634EPSS
CVE
CVE
added 2019/02/05 9:0 p.m.301 views

CVE-2018-18501

CVE-2018-18501 corresponds to multiple memory-safety issues in Mozilla products, affecting Thunderbird < 60.5, Firefox ESR < 60.5, and Firefox

9.8CVSS8AI score0.03466EPSS
CVE
CVE
added 2019/07/23 1:26 p.m.301 views

CVE-2019-9811

CVE-2019-9811 corresponds to a sandbox-escape vulnerability demonstrated in a Pwn2Own entry. The issue affects Mozilla products: Firefox ESR before 60.8, Firefox before 68, and Thunderbird before 60.8, with a malicious language-pack installation used to compromise the translation feature to escap...

8.3CVSS8.6AI score0.02574EPSS
CVE
CVE
added 2024/10/15 9:29 p.m.301 views

CVE-2024-10004

CVE-2024-10004 technical details are not publicly provided in the supplied documents. Monitor for updates.

9.1CVSS6.5AI score0.00376EPSS
CVE
CVE
added 2021/06/24 1:20 p.m.300 views

CVE-2021-24002

CVE-2021-24002 is a vulnerability observed in Firefox before 88 and Thunderbird before 78.10 where clicking an FTP URL containing encoded newline characters (%0A, %0D) could cause the server to interpret newlines and execute arbitrary commands. Affected products include Firefox ESR < 78.10, Fi...

8.8CVSS6.5AI score0.01218EPSS
CVE
CVE
added 2024/08/06 12:38 p.m.300 views

CVE-2024-7518

CVE-2024-7518 describes that select options could obscure the fullscreen notification dialog, enabling spoofing by a malicious site. Affected products and versions identified in connected docs include Mozilla Firefox (older builds: Firefox < 129 and Firefox ESR < 128.1) and Mozilla Thunderb...

6.5CVSS8.7AI score0.00509EPSS
CVE
CVE
added 2024/10/01 3:13 p.m.300 views

CVE-2024-9394

CVE-2024-9394 describes a cross-origin information disclosure in Mozilla Firefox/Thunderbird via specially crafted multipart responses that can execute JavaScript under resource://devtools. Desktop Site Isolation limits cross-origin access, but Android versions may enable full cross-origin access...

7.5CVSS6.5AI score0.00487EPSS
CVE
CVE
added 2024/10/01 3:13 p.m.300 views

CVE-2024-9398

CVE-2024-9398 affects Mozilla Firefox and Thunderbird: an attacker could enumerate external protocol handlers by exploiting a check of window.open results, effectively testing whether a protocol handler is installed. Affected: Firefox < 131, Firefox ESR < 128.3, Thunderbird < 128.3, and ...

5.3CVSS6.2AI score0.00561EPSS
CVE
CVE
added 2025/02/04 1:58 p.m.300 views

CVE-2025-1019

CVE-2025-1019 affects Firefox and Thunderbird where the z-order of fullscreen notifications can be manipulated to hide the notification, enabling a potential spoofing attack. Affected versions are Firefox and Thunderbird prior to 135. The underlying issue is the fullscreen notification display or...

4.3CVSS5.8AI score0.00352EPSS
CVE
CVE
added 2025/03/27 1:27 p.m.300 views

CVE-2025-2857

Firefox on Windows was vulnerable to a sandbox-escape in the IPC code where a compromised child process could cause the parent to return an unintentionally powerful handle. This pattern mirrors the Chrome/CVE-2025-2783 lineage and was exploited in the wild. The issue affected Firefox on Windows o...

10CVSS7.3AI score0.01894EPSS
In wild
CVE
CVE
added 2019/07/23 1:22 p.m.299 views

CVE-2019-11693

CVE-2019-11693 describes a Linux-specific buffer overflow in WebGL’s bufferdata, affecting Thunderbird and Firefox (Thunderbird <60.7, Firefox <67, ESR

9.8CVSS6.5AI score0.02408EPSS
CVE
CVE
added 2020/01/08 9:14 p.m.299 views

CVE-2019-17005

The CVE-2019-17005 issue is a memory safety vulnerability in Mozilla’s plain text serializer where a fixed-size array for the number of elements could overflow, causing memory corruption and a potentially exploitable crash. Affected products include Thunderbird, Firefox ESR, and Firefox (all ver...

8.8CVSS8.7AI score0.01892EPSS
CVE
CVE
added 2021/02/26 2:5 a.m.299 views

CVE-2021-23960

CVE-2021-23960 is corroborated by connected documents: a memory-safety issue in Firefox/Thunderbird where garbage collection on re-declared JavaScript variables can cause a use-after-poison and potentially crash the process. Affected versions are Firefox < 85, Thunderbird < 78.7, and Firefo...

8.8CVSS8.2AI score0.01196EPSS
CVE
CVE
added 2024/10/29 12:19 p.m.299 views

CVE-2024-10462

CVE-2024-10462 describes a truncation of long URLs that could allow origin spoofing in a permission prompt for Mozilla Firefox and Thunderbird. The connected documents confirm affected products and versions: Firefox and Firefox ESR up to certain releases (Firefox < 132; ESR < 128.4), Thunde...

7.5CVSS6.1AI score0.0054EPSS
CVE
CVE
added 2024/11/26 1:34 p.m.299 views

CVE-2024-11708

The CVE-2024-11708 entry concerns Firefox and Thunderbird: a missing thread synchronization primitive could cause a data race in the PlaybackParams structure, affecting Firefox < 133 and Thunderbird

6.5CVSS6.1AI score0.00337EPSS
CVE
CVE
added 2024/09/03 12:32 p.m.299 views

CVE-2024-8386

CVE-2024-8386 : A spoofing vulnerability where, if a site has permission to open popup windows, Select elements can appear on top of another site. Affected: Firefox versions before 130, Firefox ESR before 128.2, and Thunderbird before 128.2. Impact is described in external advisories; no exploita...

6.1CVSS6.6AI score0.00366EPSS
CVE
CVE
added 2024/09/03 12:32 p.m.299 views

CVE-2024-8388

CVE-2024-8388 affects Mozilla Firefox for Android. A masked/overlapped notification sequence (Android Toast) used to announce fullscreen transition after the CVE-2023-6870 fix can be leveraged to spoof the browser UI. Root cause: prompts/panels from Firefox and Android OS obscuring the transition...

5.3CVSS6.1AI score0.00342EPSS
CVE
CVE
added 2025/01/07 4:7 p.m.299 views

CVE-2025-0246

CVE-2025-0246 describes a vulnerability where an invalid protocol scheme could allow spoofing of the address bar. The most concrete detail across sources is that this issue affected Firefox on Android and Firefox versions earlier than 134; the Android-specific note is repeated in multiple entries...

6.5CVSS6.6AI score0.00433EPSS
CVE
CVE
added 2020/07/09 2:45 p.m.298 views

CVE-2020-12406

CVE-2020-12406 involves a missing type check during unboxed objects removal in Mozilla code, leading to a crash that could be exploited to run arbitrary code. Affected products/versions from the provided documents include Thunderbird < 68.9.0, Firefox < 77, and Firefox ESR

9.3CVSS8.3AI score0.0102EPSS
CVE
CVE
added 2022/12/22 12:0 a.m.298 views

CVE-2021-4140

CVE-2021-4140 is a vulnerability where crafted XSLT markup could bypass the iframe sandbox, affecting Mozilla Firefox/Thunderbird products. Connected advisories consistently describe an iframe sandbox bypass with XSLT as the issue (CVE-2021-4140) and document affected versions such as Firefox ESR...

10CVSS8.8AI score0.0134EPSS
CVE
CVE
added 2019/02/28 6:0 p.m.297 views

CVE-2018-18492

CVE-2018-18492 is a use-after-free in the Firefox/ Thunderbird codebase: after deleting a selection element, a weak reference in the options collection can lead to a potentially exploitable crash. Affected products include Thunderbird < 60.4, Firefox ESR < 60.4, and Firefox

9.8CVSS7.5AI score0.09646EPSS
CVE
CVE
added 2020/01/08 8:2 p.m.297 views

CVE-2019-11764

CVE-2019-11764 refers to memory safety bugs in Mozilla Firefox (including ESR) and Thunderbird. The issues show evidence of memory corruption and, with sufficient effort, could be exploited to run arbitrary code. Affected products/versions (as stated): Firefox versions before 70, Thunderbird befo...

8.8CVSS9.1AI score0.0146EPSS
CVE
CVE
added 2020/03/25 9:13 p.m.297 views

CVE-2020-6807

CVE-2020-6807 describes a use-after-free in Thunderbird involving stream-reinit when a device/stream is modified as it is being destroyed. Affected products include Thunderbird

8.8CVSS9AI score0.01239EPSS
CVE
CVE
added 2023/06/02 12:0 a.m.297 views

CVE-2023-23602

CVE-2023-23602 describes a mishandled security check when creating a WebSocket in a WebWorker, causing the Content Security Policy connect-src header to be ignored. Affected products in the provided sources include Firefox (versions before 109), Firefox ESR (before 102.7), and Thunderbird (before...

6.5CVSS6.6AI score0.00601EPSS
CVE
CVE
added 2024/08/06 12:38 p.m.297 views

CVE-2024-7529

CVE-2024-7529: The date picker can partially obscure security prompts in Mozilla Firefox and Thunderbird up to specific versions (Firefox < 129, ESR < 115.14/128.1; Thunderbird

8.1CVSS7.6AI score0.00522EPSS
CVE
CVE
added 2021/01/07 1:52 p.m.296 views

CVE-2020-26976

The CVE-2020-26976 entry describes a vulnerability in Firefox where, if a HTTPS page is embedded in HTTP and a service worker exists for the secure page, the service worker could intercept the secure page request despite the iframe not being in a secure context. Affected product: Firefox (version...

6.5CVSS6.8AI score0.01556EPSS
CVE
CVE
added 2021/12/08 9:21 p.m.296 views

CVE-2021-38507

CVE-2021-38507 describes a vulnerability in HTTP/2 Opportunistic Encryption (RFC 8164) where, if a second encrypted port on the same IP (e.g., 8443) did not opt in, a network attacker could forward 443 to 8443 and trick the browser into treating the content as same-origin with HTTP. The issue was...

6.5CVSS7AI score0.00805EPSS
CVE
CVE
added 2023/09/11 8:1 a.m.296 views

CVE-2023-4579

CVE-2023-4579 affects Mozilla Firefox when the default search engine may render a well-formed URL from a query as the navigated URL, enabling potential spoofing. Connected advisories confirm the issue targets Firefox versions prior to 117 and involve the default search engine handling, across mul...

3.1CVSS5AI score0.00382EPSS
CVE
CVE
added 2024/08/06 12:38 p.m.296 views

CVE-2024-7524

CVE-2024-7524 affects Mozilla Firefox and Firefox ESR prior to 129/115.14-128.1. The issue arises when Firefox’s web-compatibility shims, used for blocked tracking scripts by Enhanced Tracking Protection, are injected on a site protected by CSP in strict-dynamic mode. An attacker who can inject a...

6.1CVSS5.9AI score0.00489EPSS
CVE
CVE
added 2020/01/08 9:24 p.m.295 views

CVE-2019-17012

Mozilla reported memory safety bugs in Firefox 70 and Firefox ESR 68.2, with potential to exploit for arbitrary code. Affected: Thunderbird < 68.3, Firefox ESR < 68.3, Firefox

8.8CVSS9.2AI score0.01976EPSS
CVE
CVE
added 2020/01/08 7:53 p.m.294 views

CVE-2019-11762

The CVE-2019-11762 issue is a cross-origin origin isolation bug where two same-origin documents setting document.domain differently could allow calling arbitrary DOM methods/getters/setters on the now-cross-origin window. Affected products include Firefox (<70) and Firefox ESR (<68.2), and ...

6.1CVSS6.7AI score0.00609EPSS
CVE
CVE
added 2019/07/23 1:24 p.m.294 views

CVE-2019-9817

CVE-2019-9817 describes cross-origin image access via canvas that can leak image data across domains. Publicly reported impact affects Mozilla products including Thunderbird and Firefox (non-ESR and ESR lines) prior to version thresholds: Thunderbird <60.7, Firefox <67, ESR

5.3CVSS5.4AI score0.00825EPSS
CVE
CVE
added 2020/12/09 12:22 a.m.294 views

CVE-2020-26959

CVE-2020-26959 is a use-after-free in the WebRequestService during browser shutdown, potentially enabling memory corruption and a crash in Firefox/Thunderbird prior to the fixed versions. Connected advisories confirm this affects Firefox <83, Firefox ESR <78.5, and Thunderbird

8.8CVSS8.3AI score0.0127EPSS
CVE
CVE
added 2024/11/26 1:33 p.m.294 views

CVE-2024-11697

The CVE-2024-11697 entry concerns Mozilla Firefox and Thunderbird and involves improper handling of keypresses in the Executable File Confirmation dialog. Affected versions are Firefox < 133, Firefox ESR < 128.5, Thunderbird < 133, and Thunderbird

8.8CVSS6.6AI score0.00768EPSS
CVE
CVE
added 2020/05/26 5:4 p.m.293 views

CVE-2020-12388

CVE-2020-12388 concerns Firefox on Windows where the content-process sandbox was not sufficiently lockdown, enabling a sandbox escape. Public writeups describe this as a sandbox-escape chain that abuses the Windows token/ACL handling of the content process to break out of the sandbox; the issue a...

10CVSS8.8AI score0.02714EPSS
CVE
CVE
added 2020/12/09 12:21 a.m.293 views

CVE-2020-26956

CVE-2020-26956 is an XSS issue caused by removing HTML elements during sanitization, which could leave SVG event handlers active. Affected: Firefox <83, Firefox ESR <78.5, Thunderbird

6.1CVSS6.5AI score0.01218EPSS
Total number of security vulnerabilities1887