1887 matches found
CVE-2020-12388
CVE-2020-12388 concerns Firefox on Windows where the content-process sandbox was not sufficiently lockdown, enabling a sandbox escape. Public writeups describe this as a sandbox-escape chain that abuses the Windows token/ACL handling of the content process to break out of the sandbox; the issue a...
CVE-2020-26956
CVE-2020-26956 is an XSS issue caused by removing HTML elements during sanitization, which could leave SVG event handlers active. Affected: Firefox <83, Firefox ESR <78.5, Thunderbird
CVE-2020-26961
CVE-2020-26961 describes a DoH-related issue where IPv4 addresses mapped through IPv6 bypass RFC1918 filtering, enabling a DNS rebinding-like condition in Firefox/Thunderbird before versions 83/78.5. Connected sources (CentOS advisories) confirm Mozilla patches addressing multiple issues includin...
CVE-2025-0241
CVE-2025-0241 is a memory-corruption vulnerability in Mozilla Firefox/Thunderbird caused by faulty text segmentation. Affected products include Firefox < 134, Firefox ESR < 128.6, Thunderbird < 134, and Thunderbird
CVE-2019-17017
CVE-2019-17017 is a type confusion in Firefox/Thunderbird (XPCVariant.cpp) caused by a missing case handling object types, leading to a crash with potential for arbitrary code execution. Public disclosures in connected documents confirm impact on Thunderbird and Firefox ESR through versions befor...
CVE-2020-12405
The CVE-2020-12405 issue is a race condition in Thunderbird/Firefox SharedWorkerService that could cause a crash. It affects Thunderbird < 68.9.0, Firefox < 77, and Firefox ESR
CVE-2021-23997
Mozilla Firefox before 88 is affected by a use-after-free in the font cache caused by unexpected data-type conversions, which could allow arbitrary code execution. The issue affects Firefox
CVE-2024-11701
CVE-2024-11701 affects Mozilla Firefox and Mozilla Thunderbird. The issue is an incorrect domain being displayed in the address bar during interrupted navigation, which could enable spoofing attacks. Affected versions are Firefox < 133 and Thunderbird
CVE-2008-4059
CVE-2008-4059 affects the XPConnect component in Mozilla Firefox prior to 2.0.0.17, allowing a remote attacker to pollute XPCNativeWrappers and execute arbitrary code with chrome privileges via SCRIPT element vectors. The Ubuntu USN-645-2 advisory documents this CVE among Firefox/XULRunner-relate...
CVE-2018-18493
CVE-2018-18493 describes a buffer overflow in the Skia library used for hardware-accelerated 2D canvas, caused by 32-bit offset calculations where 64-bit calculations were needed. Affected products include Thunderbird < 60.4, Firefox ESR < 60.4, and Firefox
CVE-2020-12417
CVE-2020-12417 is a memory-corruption issue in Firefox/Thunderbird affecting ARM64 JavaScript ValueTags, permitting a cross-boundary pass for ARM64 objects. Affected: Firefox ESR < 68.10, Firefox < 78, and Thunderbird
CVE-2021-38508
CVE-2021-38508 is a vulnerability affecting Mozilla products where a form validity message shown in the same location as a permission prompt (e.g., geolocation) can obscure the prompt, potentially tricking users into granting permissions. Affected: Firefox < 94, Thunderbird < 91.3, and Fire...
CVE-2021-23995
CVE-2021-23995 is a use-after-free vulnerability in Responsive Design Mode that could allow arbitrary code execution. Affected products: Firefox ESR <78.10, Thunderbird <78.10, and Firefox
CVE-2021-24000
CVE-2021-24000 is a race-condition vulnerability in Mozilla Firefox prior to version 88, involving requestPointerLock() and setTimeout() that could allow a user to interact with one tab while believing they were on another tab. In conjunction with certain elements (e.g., ), this could cause infor...
CVE-2021-29964
CVE-2021-29964 is a local, Windows-only vulnerability in Mozilla Firefox where a hostile WM_COPYDATA message could cause an out-of-bounds read while parsing the message. Affected products include Thunderbird < 78.11, Firefox < 89, and Firefox ESR
CVE-2024-53976
CVE-2024-53976 affects Firefox for iOS
CVE-2019-11761
CVE-2019-11761 affects Thunderbird (and Firefox/Firefox ESR) via an unintended access to a privileged JSONView object that has been cloned into content. The root cause is exposure of this object through a form using a data: URI, enabling access to privileged content and bypassing defense-in-depth...
CVE-2019-11763
The CVE-2019-11763 entry concerns a parsing defect in handling null bytes in HTML entities, causing Firefox to mis-parse entities and potentially treat HTML comments as code. This could enable XSS in web apps under certain conditions and allow masking of actual characters by filters. Public detai...
CVE-2019-17016
CVE-2019-17016 describes a bypass of the CSS sanitizer for pasted rules, due to incorrect rewriting of a @namespace rule, enabling potential data exposure. Affected products include Thunderbird and Firefox releases prior to versions 68.4.1/72.x respectively (Thunderbird before 68.4.1; Firefox ES...
CVE-2020-12389
Technical details for CVE-2020-12389 (affected product, root cause, exploitability, and remediation) are not provided in the connected documents. Monitor for official updates and bulletins.
CVE-2020-15652
CVE-2020-15652 : The issue is a leak of the result of a cross-origin redirect observed from stack traces of JavaScript errors in web workers. Affected products include Firefox (and ESR branches) and Thunderbird before version 79/68.11–78.1 depending on branch. The root cause is described as a mem...
CVE-2020-26951
CVE-2020-26951 involves a parsing and event loading mismatch in Firefox’s SVG code that could allow load events to fire after sanitization, potentially bypassing a built-in sanitizer. Affected products include Firefox < 83, Firefox ESR < 78.5, and Thunderbird
CVE-2024-53975
CVE-2024-53975 affects Firefox for iOS before version 133. The issue is a spoofing vulnerability where accessing a non-secure HTTP site that uses a non-existent port could cause the SSL padlock to appear secure, misleading users. Root cause is UI/URL handling that fails to reflect the actual secu...
CVE-2020-15659
CVE-2020-15659 concerns memory safety bugs in Firefox 78 and Firefox ESR 78.x, with potential to run arbitrary code. The entry affects Firefox < 79 and Firefox ESR < 68.11/78.1, and Thunderbird
CVE-2020-26968
CVE-2020-26968 is a Mozilla Firefox/Thunderbird memory-safety issue. The provided documents indicate memory-safety bugs in Firefox 82 and ESR 78.4, with potential memory corruption that could allow running arbitrary code. Affected versions: Firefox < 83, Firefox ESR < 78.5, and Thunderbird
CVE-2024-7525
CVE-2024-7525 is linked to a vulnerability in Mozilla Firefox/Thunderbird where a web extension with minimal permissions could create a StreamFilter, enabling reading and modification of response bodies on any site due to a missing permission check when creating the StreamFilter. Affected product...
CVE-2009-2469
CVE-2009-2469 affects Mozilla Firefox prior to 3.0.12. The vulnerability arises from improper handling of an SVG element that has a property with a watch function and an defineSetter function, enabling memory corruption that can lead to a denial of service or potentially remote code execution via...
CVE-2019-11759
CVE-2019-11759 describes a stack buffer overflow in the HKDF output that could allow code execution or a crash. Affected products include Firefox < 70, Thunderbird < 68.2, and Firefox ESR
CVE-2019-17010
CVE-2019-17010 is a race-condition vulnerability that, during device orientation checks, can cause a use-after-free and a potentially exploitable crash in Thunderbird and Firefox products. It affects Thunderbird < 68.3, Firefox ESR < 68.3, and Firefox
CVE-2020-26971
CVE-2020-26971 describes a heap buffer overflow caused by unconstained blit values in user input, affecting Mozilla Firefox (unspecified versions), Thunderbird < 78.6 and Firefox ESR
CVE-2020-6805
CVE-2020-6805 affects Thunderbird (and Firefox) with a use-after-free in the Quota manager when removing data about origins for a recently closed tab, potentially causing a crash. Affected versions include Thunderbird < 68.6 and Firefox < 74/ESR68.6/ESR
CVE-2024-7530
Mozilla Firefox is affected by CVE-2024-7530 due to an incorrect garbage-collection interaction that can cause a use-after-free in the JavaScript/GC path. Affected: Firefox versions earlier than 129.0. Impact as described: potential crash and, per linked advisories, could lead to arbitrary code e...
CVE-2020-35111
CVE-2020-35111 covers a proxy.onRequest handling flaw: when an extension with proxy privileges registers for , view-source URLs fail to trigger the proxy.onRequest callback, potentially leaking the user’s IP when viewing source. Affected: Firefox < 84, Thunderbird < 78.6, Firefox ESR
CVE-2021-43536
CVE-2021-43536: The connected advisories confirm an information-disclosure/URL leakage flaw triggered when navigating asynchronously in Firefox/Thunderbird prior to fixed releases. Affected: Thunderbird < 91.4.0, Firefox ESR < 91.4.0, Firefox
CVE-2022-46872
CVE-2022-46872 describes an attacker who compromised a Thunderbird content process on Linux could partially escape the sandbox and read arbitrary files via clipboard-related IPC messages. Publicly cited texts indicate the vulnerability affects Firefox <108, Firefox ESR <102.6, and Thunderbird
CVE-2020-15673
CVE-2020-15673 refers to memory-safety bugs reported in Mozilla Firefox (including ESR) and Thunderbird. Affected products and versions include Firefox <81, Firefox ESR <78.3, and Thunderbird
CVE-2021-38496
CVE-2021-38496 describes a memory-safety issue: during MessageTask operations, a scheduled task could be removed, causing memory corruption and a potentially exploitable crash. Affected products include Thunderbird versions older than 78.15 and 91.2, Firefox ESR older than 91.2 and 78.15, and Fir...
CVE-2018-12405
The CVE-2018-12405 entry is supported by connected advisories showing memory safety bugs in Firefox 63/ESR 60.3 with potential for arbitrary code execution. Affected products include Thunderbird < 60.4, Firefox ESR < 60.4, and Firefox
CVE-2019-11757
CVE-2019-11757 affects Mozilla Firefox (versions before 70) and Firefox ESR (before 68.2) as well as Thunderbird (before 68.2). The issue stems from following a value’s prototype chain, which allowed retaining a reference to a locale, deleting it, and then referencing it again, causing a use-afte...
CVE-2019-9793
CVE-2019-9793 describes an issue where, if Spectre mitigations are disabled, bounds checking is loosened for string/array/typed array accesses, enabling an attacker to cause the range analysis to infer controlled, incorrect values in JavaScript. Connected advisories confirm affected products and ...
CVE-2019-9812
CVE-2019-9812 describes a sandbox-escape in Mozilla Firefox/Firefox ESR: by loading accounts.firefox.com in a compromised sandboxed content process and auto-logging into a malicious Firefox Sync account, the adversary could cause sandbox-disabled preferences to be written to the local machine and...
CVE-2020-15656
CVE-2020-15656 involves a type confusion for special arguments in IonMonkey affecting Firefox ESR <78.1, Firefox <79, and Thunderbird
CVE-2023-5176
CVE-2023-5176 concerns memory safety bugs in Firefox 117, Firefox ESR 115.2, and Thunderbird 115.2, with affected range Firefox <118, ESR <115.3, and Thunderbird
CVE-2021-43539
CVE-2021-43539 is a Mozilla Firefox/Thunderbird memory safety issue: GC rooting failure when calling wasm instance methods can cause a use-after-free and potentially exploitable crash. Connected sources confirm the flaw affects Firefox up to 95 and Thunderbird up to 91.4.0, linked advisories show...
CVE-2024-9403
CVE-2024-9403 involves memory safety bugs in Firefox 130 that could lead to memory corruption; Mozilla notes these bugs could potentially be exploited to run arbitrary code. The issue affects Firefox versions earlier than 131 and Thunderbird versions earlier than 131. The connected advisories ind...
CVE-2020-26978
CVE-2020-26978 is a Firefox/Thunderbird remote-info-exposure vulnerability. A malicious webpage could probe an internal network and access services on the user’s device due to slipstream-based techniques. Affected: Firefox < 84, Thunderbird < 78.6, Firefox ESR
CVE-2020-6801
CVE-2020-6801 refers to memory-safety bugs in Mozilla Firefox involving memory corruption that could be exploited to run arbitrary code. The cited description indicates these memory issues were found in Firefox 72 and could affect users on versions prior to 73, with potential impact on the browse...
CVE-2019-17024
CVE-2019-17024 corresponds to memory-safety bugs in Firefox (and Thunderbird) prior to fixed versions. Affected: Firefox ESR < 68.4 and Firefox
CVE-2021-43546
CVE-2021-43546 concerns cursor spoofing that could overlay the UI when a native cursor is zoomed. Affected products mentioned across connected documents include Thunderbird < 91.4.0 and Firefox < 95 (including Firefox ESR
CVE-2018-18498
CVE-2018-18498 is an integer overflow vulnerability in image buffer size calculations that can cause out-of-bounds writes. The description in connected advisories ties this CVE to Thunderbird and Firefox families (Thunderbird < 60.4, Firefox ESR < 60.4, Firefox