Lucene search
+L

1887 matches found

CVE
CVE
added 2020/05/26 5:4 p.m.293 views

CVE-2020-12388

CVE-2020-12388 concerns Firefox on Windows where the content-process sandbox was not sufficiently lockdown, enabling a sandbox escape. Public writeups describe this as a sandbox-escape chain that abuses the Windows token/ACL handling of the content process to break out of the sandbox; the issue a...

10CVSS8.8AI score0.02714EPSS
CVE
CVE
added 2020/12/09 12:21 a.m.293 views

CVE-2020-26956

CVE-2020-26956 is an XSS issue caused by removing HTML elements during sanitization, which could leave SVG event handlers active. Affected: Firefox <83, Firefox ESR <78.5, Thunderbird

6.1CVSS6.5AI score0.01218EPSS
CVE
CVE
added 2020/12/09 12:23 a.m.293 views

CVE-2020-26961

CVE-2020-26961 describes a DoH-related issue where IPv4 addresses mapped through IPv6 bypass RFC1918 filtering, enabling a DNS rebinding-like condition in Firefox/Thunderbird before versions 83/78.5. Connected sources (CentOS advisories) confirm Mozilla patches addressing multiple issues includin...

6.5CVSS6.8AI score0.01151EPSS
CVE
CVE
added 2025/01/07 4:7 p.m.293 views

CVE-2025-0241

CVE-2025-0241 is a memory-corruption vulnerability in Mozilla Firefox/Thunderbird caused by faulty text segmentation. Affected products include Firefox < 134, Firefox ESR < 128.6, Thunderbird < 134, and Thunderbird

7.7CVSS6.9AI score0.00725EPSS
CVE
CVE
added 2020/01/08 9:27 p.m.292 views

CVE-2019-17017

CVE-2019-17017 is a type confusion in Firefox/Thunderbird (XPCVariant.cpp) caused by a missing case handling object types, leading to a crash with potential for arbitrary code execution. Public disclosures in connected documents confirm impact on Thunderbird and Firefox ESR through versions befor...

8.8CVSS8.2AI score0.02489EPSS
CVE
CVE
added 2020/07/09 2:45 p.m.292 views

CVE-2020-12405

The CVE-2020-12405 issue is a race condition in Thunderbird/Firefox SharedWorkerService that could cause a crash. It affects Thunderbird < 68.9.0, Firefox < 77, and Firefox ESR

5.3CVSS6.3AI score0.01352EPSS
CVE
CVE
added 2024/11/26 1:33 p.m.292 views

CVE-2024-11701

CVE-2024-11701 affects Mozilla Firefox and Mozilla Thunderbird. The issue is an incorrect domain being displayed in the address bar during interrupted navigation, which could enable spoofing attacks. Affected versions are Firefox < 133 and Thunderbird

4.3CVSS6.2AI score0.00401EPSS
CVE
CVE
added 2008/09/24 6:0 p.m.291 views

CVE-2008-4059

CVE-2008-4059 affects the XPConnect component in Mozilla Firefox prior to 2.0.0.17, allowing a remote attacker to pollute XPCNativeWrappers and execute arbitrary code with chrome privileges via SCRIPT element vectors. The Ubuntu USN-645-2 advisory documents this CVE among Firefox/XULRunner-relate...

7.5CVSS9.6AI score0.04996EPSS
CVE
CVE
added 2019/02/28 6:0 p.m.291 views

CVE-2018-18493

CVE-2018-18493 describes a buffer overflow in the Skia library used for hardware-accelerated 2D canvas, caused by 32-bit offset calculations where 64-bit calculations were needed. Affected products include Thunderbird < 60.4, Firefox ESR < 60.4, and Firefox

9.8CVSS7.6AI score0.04975EPSS
CVE
CVE
added 2020/07/09 2:39 p.m.291 views

CVE-2020-12417

CVE-2020-12417 is a memory-corruption issue in Firefox/Thunderbird affecting ARM64 JavaScript ValueTags, permitting a cross-boundary pass for ARM64 objects. Affected: Firefox ESR < 68.10, Firefox < 78, and Thunderbird

9.3CVSS8.4AI score0.02688EPSS
CVE
CVE
added 2021/06/24 1:25 p.m.291 views

CVE-2021-23997

Mozilla Firefox before 88 is affected by a use-after-free in the font cache caused by unexpected data-type conversions, which could allow arbitrary code execution. The issue affects Firefox

8.8CVSS6.4AI score0.00816EPSS
CVE
CVE
added 2021/12/08 9:21 p.m.291 views

CVE-2021-38508

CVE-2021-38508 is a vulnerability affecting Mozilla products where a form validity message shown in the same location as a permission prompt (e.g., geolocation) can obscure the prompt, potentially tricking users into granting permissions. Affected: Firefox < 94, Thunderbird < 91.3, and Fire...

4.3CVSS6.1AI score0.01527EPSS
CVE
CVE
added 2021/06/24 1:26 p.m.290 views

CVE-2021-23995

CVE-2021-23995 is a use-after-free vulnerability in Responsive Design Mode that could allow arbitrary code execution. Affected products: Firefox ESR <78.10, Thunderbird <78.10, and Firefox

8.8CVSS6.7AI score0.01214EPSS
CVE
CVE
added 2021/06/24 1:20 p.m.290 views

CVE-2021-24000

CVE-2021-24000 is a race-condition vulnerability in Mozilla Firefox prior to version 88, involving requestPointerLock() and setTimeout() that could allow a user to interact with one tab while believing they were on another tab. In conjunction with certain elements (e.g., ), this could cause infor...

3.1CVSS5AI score0.00605EPSS
CVE
CVE
added 2021/06/24 1:15 p.m.290 views

CVE-2021-29964

CVE-2021-29964 is a local, Windows-only vulnerability in Mozilla Firefox where a hostile WM_COPYDATA message could cause an out-of-bounds read while parsing the message. Affected products include Thunderbird < 78.11, Firefox < 89, and Firefox ESR

7.1CVSS6.7AI score0.00787EPSS
CVE
CVE
added 2024/11/26 1:34 p.m.290 views

CVE-2024-53976

CVE-2024-53976 affects Firefox for iOS

5.4CVSS6.3AI score0.00294EPSS
CVE
CVE
added 2020/01/08 7:52 p.m.289 views

CVE-2019-11761

CVE-2019-11761 affects Thunderbird (and Firefox/Firefox ESR) via an unintended access to a privileged JSONView object that has been cloned into content. The root cause is exposure of this object through a form using a data: URI, enabling access to privileged content and bypassing defense-in-depth...

5.8CVSS6.4AI score0.00791EPSS
CVE
CVE
added 2020/01/08 7:59 p.m.289 views

CVE-2019-11763

The CVE-2019-11763 entry concerns a parsing defect in handling null bytes in HTML entities, causing Firefox to mis-parse entities and potentially treat HTML comments as code. This could enable XSS in web apps under certain conditions and allow masking of actual characters by filters. Public detai...

6.1CVSS6.5AI score0.00994EPSS
CVE
CVE
added 2020/01/08 9:27 p.m.289 views

CVE-2019-17016

CVE-2019-17016 describes a bypass of the CSS sanitizer for pasted rules, due to incorrect rewriting of a @namespace rule, enabling potential data exposure. Affected products include Thunderbird and Firefox releases prior to versions 68.4.1/72.x respectively (Thunderbird before 68.4.1; Firefox ES...

6.1CVSS6.8AI score0.01988EPSS
CVE
CVE
added 2020/05/26 5:3 p.m.289 views

CVE-2020-12389

Technical details for CVE-2020-12389 (affected product, root cause, exploitability, and remediation) are not provided in the connected documents. Monitor for official updates and bulletins.

10CVSS8.8AI score0.01728EPSS
CVE
CVE
added 2020/08/10 5:43 p.m.289 views

CVE-2020-15652

CVE-2020-15652 : The issue is a leak of the result of a cross-origin redirect observed from stack traces of JavaScript errors in web workers. Affected products include Firefox (and ESR branches) and Thunderbird before version 79/68.11–78.1 depending on branch. The root cause is described as a mem...

6.5CVSS6.6AI score0.01263EPSS
CVE
CVE
added 2024/11/26 1:34 p.m.289 views

CVE-2024-53975

CVE-2024-53975 affects Firefox for iOS before version 133. The issue is a spoofing vulnerability where accessing a non-secure HTTP site that uses a non-existent port could cause the SSL padlock to appear secure, misleading users. Root cause is UI/URL handling that fails to reflect the actual secu...

5.4CVSS6.3AI score0.00273EPSS
CVE
CVE
added 2020/08/10 5:43 p.m.288 views

CVE-2020-15659

CVE-2020-15659 concerns memory safety bugs in Firefox 78 and Firefox ESR 78.x, with potential to run arbitrary code. The entry affects Firefox < 79 and Firefox ESR < 68.11/78.1, and Thunderbird

9.3CVSS9.2AI score0.02401EPSS
CVE
CVE
added 2020/12/09 12:19 a.m.288 views

CVE-2020-26951

CVE-2020-26951 involves a parsing and event loading mismatch in Firefox’s SVG code that could allow load events to fire after sanitization, potentially bypassing a built-in sanitizer. Affected products include Firefox < 83, Firefox ESR < 78.5, and Thunderbird

6.1CVSS6.5AI score0.01038EPSS
CVE
CVE
added 2020/12/09 12:26 a.m.288 views

CVE-2020-26968

CVE-2020-26968 is a Mozilla Firefox/Thunderbird memory-safety issue. The provided documents indicate memory-safety bugs in Firefox 82 and ESR 78.4, with potential memory corruption that could allow running arbitrary code. Affected versions: Firefox < 83, Firefox ESR < 78.5, and Thunderbird

9.3CVSS9.1AI score0.01484EPSS
CVE
CVE
added 2024/08/06 12:38 p.m.288 views

CVE-2024-7525

CVE-2024-7525 is linked to a vulnerability in Mozilla Firefox/Thunderbird where a web extension with minimal permissions could create a StreamFilter, enabling reading and modification of response bodies on any site due to a missing permission check when creating the StreamFilter. Affected product...

9.1CVSS8.6AI score0.00598EPSS
CVE
CVE
added 2009/07/22 6:0 p.m.287 views

CVE-2009-2469

CVE-2009-2469 affects Mozilla Firefox prior to 3.0.12. The vulnerability arises from improper handling of an SVG element that has a property with a watch function and an defineSetter function, enabling memory corruption that can lead to a denial of service or potentially remote code execution via...

10CVSS9AI score0.05557EPSS
CVE
CVE
added 2020/01/08 7:48 p.m.287 views

CVE-2019-11759

CVE-2019-11759 describes a stack buffer overflow in the HKDF output that could allow code execution or a crash. Affected products include Firefox < 70, Thunderbird < 68.2, and Firefox ESR

8.8CVSS8.5AI score0.01799EPSS
CVE
CVE
added 2020/01/08 9:23 p.m.287 views

CVE-2019-17010

CVE-2019-17010 is a race-condition vulnerability that, during device orientation checks, can cause a use-after-free and a potentially exploitable crash in Thunderbird and Firefox products. It affects Thunderbird < 68.3, Firefox ESR < 68.3, and Firefox

7.5CVSS7.7AI score0.01566EPSS
CVE
CVE
added 2021/01/07 1:54 p.m.287 views

CVE-2020-26971

CVE-2020-26971 describes a heap buffer overflow caused by unconstained blit values in user input, affecting Mozilla Firefox (unspecified versions), Thunderbird < 78.6 and Firefox ESR

8.8CVSS8.3AI score0.01876EPSS
CVE
CVE
added 2020/03/25 9:14 p.m.287 views

CVE-2020-6805

CVE-2020-6805 affects Thunderbird (and Firefox) with a use-after-free in the Quota manager when removing data about origins for a recently closed tab, potentially causing a crash. Affected versions include Thunderbird < 68.6 and Firefox < 74/ESR68.6/ESR

8.8CVSS9AI score0.0125EPSS
CVE
CVE
added 2024/08/06 12:38 p.m.287 views

CVE-2024-7530

Mozilla Firefox is affected by CVE-2024-7530 due to an incorrect garbage-collection interaction that can cause a use-after-free in the JavaScript/GC path. Affected: Firefox versions earlier than 129.0. Impact as described: potential crash and, per linked advisories, could lead to arbitrary code e...

9.8CVSS6.3AI score0.00381EPSS
CVE
CVE
added 2021/01/07 1:50 p.m.285 views

CVE-2020-35111

CVE-2020-35111 covers a proxy.onRequest handling flaw: when an extension with proxy privileges registers for , view-source URLs fail to trigger the proxy.onRequest callback, potentially leaking the user’s IP when viewing source. Affected: Firefox < 84, Thunderbird < 78.6, Firefox ESR

4.3CVSS5.6AI score0.01172EPSS
CVE
CVE
added 2021/12/08 9:20 p.m.285 views

CVE-2021-43536

CVE-2021-43536: The connected advisories confirm an information-disclosure/URL leakage flaw triggered when navigating asynchronously in Firefox/Thunderbird prior to fixed releases. Affected: Thunderbird < 91.4.0, Firefox ESR < 91.4.0, Firefox

6.5CVSS7.2AI score0.0167EPSS
CVE
CVE
added 2022/12/22 12:0 a.m.285 views

CVE-2022-46872

CVE-2022-46872 describes an attacker who compromised a Thunderbird content process on Linux could partially escape the sandbox and read arbitrary files via clipboard-related IPC messages. Publicly cited texts indicate the vulnerability affects Firefox <108, Firefox ESR <102.6, and Thunderbird

8.6CVSS8.5AI score0.00772EPSS
CVE
CVE
added 2020/10/01 6:39 p.m.284 views

CVE-2020-15673

CVE-2020-15673 refers to memory-safety bugs reported in Mozilla Firefox (including ESR) and Thunderbird. Affected products and versions include Firefox <81, Firefox ESR <78.3, and Thunderbird

8.8CVSS9.1AI score0.01961EPSS
CVE
CVE
added 2021/11/03 12:3 a.m.284 views

CVE-2021-38496

CVE-2021-38496 describes a memory-safety issue: during MessageTask operations, a scheduled task could be removed, causing memory corruption and a potentially exploitable crash. Affected products include Thunderbird versions older than 78.15 and 91.2, Firefox ESR older than 91.2 and 78.15, and Fir...

8.8CVSS9.2AI score0.01593EPSS
CVE
CVE
added 2019/04/26 4:13 p.m.283 views

CVE-2019-9793

CVE-2019-9793 describes an issue where, if Spectre mitigations are disabled, bounds checking is loosened for string/array/typed array accesses, enabling an attacker to cause the range analysis to infer controlled, incorrect values in JavaScript. Connected advisories confirm affected products and ...

5.9CVSS7.1AI score0.0163EPSS
CVE
CVE
added 2020/01/08 9:41 p.m.283 views

CVE-2019-9812

CVE-2019-9812 describes a sandbox-escape in Mozilla Firefox/Firefox ESR: by loading accounts.firefox.com in a compromised sandboxed content process and auto-logging into a malicious Firefox Sync account, the adversary could cause sandbox-disabled preferences to be written to the local machine and...

9.3CVSS8.6AI score0.01302EPSS
CVE
CVE
added 2020/08/10 5:43 p.m.283 views

CVE-2020-15656

CVE-2020-15656 involves a type confusion for special arguments in IonMonkey affecting Firefox ESR <78.1, Firefox <79, and Thunderbird

9.3CVSS7.8AI score0.01511EPSS
CVE
CVE
added 2023/09/27 2:13 p.m.283 views

CVE-2023-5176

CVE-2023-5176 concerns memory safety bugs in Firefox 117, Firefox ESR 115.2, and Thunderbird 115.2, with affected range Firefox <118, ESR <115.3, and Thunderbird

9.8CVSS9.8AI score0.01233EPSS
CVE
CVE
added 2019/02/28 6:0 p.m.282 views

CVE-2018-12405

The CVE-2018-12405 entry is supported by connected advisories showing memory safety bugs in Firefox 63/ESR 60.3 with potential for arbitrary code execution. Affected products include Thunderbird < 60.4, Firefox ESR < 60.4, and Firefox

9.8CVSS8.3AI score0.03202EPSS
CVE
CVE
added 2020/01/08 7:26 p.m.282 views

CVE-2019-11757

CVE-2019-11757 affects Mozilla Firefox (versions before 70) and Firefox ESR (before 68.2) as well as Thunderbird (before 68.2). The issue stems from following a value’s prototype chain, which allowed retaining a reference to a locale, deleting it, and then referencing it again, causing a use-afte...

8.8CVSS8.3AI score0.01336EPSS
CVE
CVE
added 2021/12/08 9:20 p.m.282 views

CVE-2021-43539

CVE-2021-43539 is a Mozilla Firefox/Thunderbird memory safety issue: GC rooting failure when calling wasm instance methods can cause a use-after-free and potentially exploitable crash. Connected sources confirm the flaw affects Firefox up to 95 and Thunderbird up to 91.4.0, linked advisories show...

8.8CVSS8.9AI score0.0162EPSS
CVE
CVE
added 2024/10/01 3:13 p.m.282 views

CVE-2024-9403

CVE-2024-9403 involves memory safety bugs in Firefox 130 that could lead to memory corruption; Mozilla notes these bugs could potentially be exploited to run arbitrary code. The issue affects Firefox versions earlier than 131 and Thunderbird versions earlier than 131. The connected advisories ind...

7.3CVSS7.4AI score0.00444EPSS
CVE
CVE
added 2021/01/07 1:51 p.m.281 views

CVE-2020-26978

CVE-2020-26978 is a Firefox/Thunderbird remote-info-exposure vulnerability. A malicious webpage could probe an internal network and access services on the user’s device due to slipstream-based techniques. Affected: Firefox < 84, Thunderbird < 78.6, Firefox ESR

6.1CVSS6.5AI score0.01266EPSS
CVE
CVE
added 2020/03/02 4:5 a.m.280 views

CVE-2020-6801

CVE-2020-6801 refers to memory-safety bugs in Mozilla Firefox involving memory corruption that could be exploited to run arbitrary code. The cited description indicates these memory issues were found in Firefox 72 and could affect users on versions prior to 73, with potential impact on the browse...

8.8CVSS8.9AI score0.01411EPSS
CVE
CVE
added 2020/01/08 9:31 p.m.279 views

CVE-2019-17024

CVE-2019-17024 corresponds to memory-safety bugs in Firefox (and Thunderbird) prior to fixed versions. Affected: Firefox ESR < 68.4 and Firefox

8.8CVSS9.2AI score0.02455EPSS
CVE
CVE
added 2021/12/08 9:19 p.m.279 views

CVE-2021-43546

CVE-2021-43546 concerns cursor spoofing that could overlay the UI when a native cursor is zoomed. Affected products mentioned across connected documents include Thunderbird < 91.4.0 and Firefox < 95 (including Firefox ESR

4.3CVSS6.1AI score0.014EPSS
CVE
CVE
added 2019/02/28 6:0 p.m.278 views

CVE-2018-18498

CVE-2018-18498 is an integer overflow vulnerability in image buffer size calculations that can cause out-of-bounds writes. The description in connected advisories ties this CVE to Thunderbird and Firefox families (Thunderbird < 60.4, Firefox ESR < 60.4, Firefox

9.8CVSS7.4AI score0.04032EPSS
Total number of security vulnerabilities1887