1214 matches found
CVE-2017-7814
This CVE (CVE-2017-7814) affects Mozilla products (Firefox < 56, Firefox ESR < 52.4, Thunderbird
CVE-2022-45416
CVE-2022-45416 affects Firefox ESR < 102.5, Thunderbird < 102.5, and Firefox
CVE-2023-1945
CVE-2023-1945 is a vulnerability in Mozilla code paths related to the Safe Browsing API. The initial data from the Safe Browsing API could lead to memory corruption and a potentially exploitable crash. Affected products per the connected data: Thunderbird and Firefox ESR, affected when using vers...
CVE-2023-25732
CVE-2023-25732 involves an out-of-bounds memory write caused by incorrect calculation of the input size when encoding data from inputStream in xpcom. The vulnerability affects Firefox before 110, Thunderbird before 102.8, and Firefox ESR before 102.8. Connected advisories corroborate the issue an...
CVE-2023-25737
CVE-2023-25737 describes an invalid downcast from nsTextNode to SVGElement that could lead to undefined behavior. The vulnerability is observed in Mozilla Firefox (versions before 110), Thunderbird (versions before 102.8), and Firefox ESR (versions before 102.8). Connected advisories consistently...
CVE-2023-25739
CVE-2023-25739 affects Firefox <110, Thunderbird <102.8, and Firefox ESR
CVE-2016-9895
CVE-2016-9895 affects Mozilla Firefox (<50.1) and Firefox ESR (<45.6) and Thunderbird (
CVE-2017-7809
CVE-2017-7809 is a use-after-free in an editor DOM node during tree traversal that can crash the process. Affected products cited across connected docs include Mozilla Thunderbird and Mozilla Firefox components; IBM SONAS ships vulnerable Firefox releases and lists a fix in IBM SONAS version 1.5....
CVE-2017-5434
CVE-2017-5434 is a use-after-free in Firefox/Thunderbird related to focus-handling that can cause a potentially exploitable crash. Public details in connected advisories show the flaw affects Firefox versions before 53 (and ESR branches before 53/52.1) with Firefox 53+ fixes and ESR updates deliv...
CVE-2017-5439
CVE-2017-5439 is a use-after-free in XSLT processing caused by improper handling of template parameters (nsTArray Length()) in Mozilla code, affecting Firefox and Thunderbird. It targets Firefox < 53 (and related ESR branches) and Thunderbird
CVE-2017-5465
CVE-2017-5465 is an out-of-bounds read in ConvolvePixel used when processing SVG content. The issue can crash the application and may copy memory into SVG content, potentially affecting rendering. Affected products include Thunderbird and Mozilla Firefox variants: Thunderbird < 52.1, Firefox E...
CVE-2017-7787
CVE-2017-7787 is a same-origin policy bypass vulnerability affecting Thunderbird and Firefox browsers. Affected products include Thunderbird versions older than 52.3, Firefox ESR older than 52.3, and Firefox older than 55. The issue occurs on pages with embedded iframes during page reloads, allow...
CVE-2017-7793
CVE-2017-7793 is a use-after-free in Thunderbird/Fetch API where the worker or window is freed while in use, leading to a potentially exploitable crash. Public details reference Thunderbird
CVE-2023-5726
The CVE-2023-5726 issue is a macOS-only browser UI vulnerability where an obscured fullscreen notification could be exposed via the file-open dialog, potentially enabling spoofing or user confusion. Affected products/versions are Firefox older than 119, Firefox ESR older than 115.4, and Thunderbi...
CVE-2017-5438
CVE-2017-5438 is a use-after-free in XSLT processing caused by the result handler being held by a freed handler. Publicly documented impact includes crashes and potential code execution in affected Mozilla products. Affected: Firefox
CVE-2017-5445
CVE-2017-5445 describes a memory-read vulnerability in Mozilla products when parsing the application/http-index-format content, caused by uninitialized values used to create an array. The impact is information disclosure by reading uninitialized memory in affected components. Affected versions pe...
CVE-2017-7785
CVE-2017-7785 is a buffer overflow in ARIA attribute handling within the DOM that affects Thunderbird (< 52.3) and Firefox components (Firefox ESR < 52.3, Firefox
CVE-2017-7786
A buffer overflow in the image renderer can be triggered when painting non-displayable SVG elements, causing a crash and, in some advisories, potential arbitrary-code execution. Affected products include Mozilla Thunderbird and Firefox/Firefox ESR prior to certain versions (Thunderbird < 52.3,...
CVE-2017-7792
The CVE-2017-7792 issue affects Thunderbird (< 52.3), Firefox ESR (< 52.3), and Firefox (
CVE-2017-7800
CVE-2017-7800 is a use-after-free in WebSockets that can trigger a crash when the connection object is freed before disconnection finishes. Affected: Thunderbird < 52.3, Firefox ESR < 52.3, Firefox
CVE-2017-7791
CVE-2017-7791: A data: protocol-based modal alert spoofing vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox
CVE-2022-46875
CVE-2022-46875 concerns Mozilla Firefox/Thunderbird on Mac OS where the executable warning was not shown when downloading .atloc/.ftploc files, enabling potential command execution. Affects Firefox < 108, Firefox ESR < 102.6, and Thunderbird
CVE-2025-3028
CVE-2025-3028 describes a use-after-free in memory handling when JavaScript runs during XSLTProcessor document transformation. Affected products include Firefox versions before 137 and Firefox ESR before 115.22/128.9, and Thunderbird versions before 137/128.9. Public advisories (e.g., ALAS2FIREFO...
CVE-2014-1505
CVE-2014-1505 affects Mozilla Firefox (and related Mozilla components) where SVG filter operations in feDisplacementMap could leak displacement-correlation data and potentially bypass Same Origin Policy via a timing attack, enabling partial information disclosure from a different domain. Affected...
CVE-2014-1510
CVE-2014-1510 is a WebIDL-related remote code execution in Mozilla Firefox family (Firefox, Thunderbird, SeaMonkey) where an IDL fragment can trigger window.open with chrome privileges. Affected products and versions are Mozilla Firefox (pre-28.0 and ESR 24.x before 24.4 for some branches), Thund...
CVE-2017-5407
CVE-2017-5407 describes a information-disclosure flaw in SVG filters due to floating-point timing side channels that can leak pixel data and history across origins. Affected products include Mozilla Firefox and Thunderbird versions older than 52 (Firefox ESR older than 45.8; Thunderbird older tha...
CVE-2017-5464
CVE-2017-5464 affects Mozilla products: Thunderbird
CVE-2017-7784
The CVE-2017-7784 issue is a use-after-free in the image observer during frame reconstruction after the observer has been freed, affecting Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox
CVE-2017-7826
CVE-2017-7826 ties to memory-safety bugs in Firefox 56/ESR 52.4 and Thunderbird prior to 52.5. Affected versions: Firefox < 57, Firefox ESR < 52.5, Thunderbird
CVE-2022-40956
CVE-2022-40956 describes a CSP bypass in which injecting an HTML element causes requests to ignore the CSP base-uri setting and use the injected base instead. Affected products include Firefox ESR before 102.3, Thunderbird before 102.3, and Firefox before 105. The vulnerability’s root cause is t...
CVE-2022-45411
CVE-2022-45411: Cross-Site Tracing vulnerability in Firefox/Thunderbird due to servers echoing Trace requests and exposure of authorization headers/cookies; mitigations have been implemented via browser fetch/XHR limits and non-standard headers like X-Http-Method-Override. The issue is acknowledg...
CVE-2023-32212
The CVE-2023-32212 issue is a UI spoofing vulnerability in Mozilla Firefox and Thunderbird where an attacker could position a datalist element to obscure the address bar. Affected products include Firefox versions before 113, Firefox ESR before 102.11, and Thunderbird before 102.11. The connected...
CVE-2014-1490
CVE-2014-1490 : A race condition in NSS libssl session ticket processing (use-after-free) could allow remote attackers to cause a denial of service or, per the description, potentially other impact via a resumption handshake. Affected: NSS up to 3.15.4 and, by extension, Mozilla products (Firefox...
CVE-2016-9898
CVE-2016-9898 is a use-after-free vulnerability in Mozilla Firefox/Thunderbird affecting Firefox <50.1, Firefox ESR <45.6, and Thunderbird
CVE-2017-5432
CVE-2017-5432 is a use-after-free in Firefox < 53 that can trigger a potentially exploitable crash during certain text-input selection. The vulnerability also affects related Mozilla products in older ESR/thunderbird branches (e.g., Thunderbird < 52.1; ESR
CVE-2017-7807
CVE-2017-7807 describes a domain URL hijack via AppCache fallback, resolved by requiring fallback files to be inside the manifest directory. Affected products include Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox
CVE-2018-5129
The CVE-2018-5129 entry relates to a memory-safety/IPC validation issue where a lack of parameter validation on IPC messages can cause an out-of-bounds write, potentially enabling sandbox escape. Affected products include Mozilla Thunderbird < 52.7, Firefox ESR < 52.7, and Firefox
CVE-2022-40957
In Firefox on ARM64, CVE-2022-40957 is caused by inconsistent data in the instruction and data caches while building WebAssembly code, leading to a potentially exploitable crash. Affected products include Firefox on ARM64 and Firefox ESR < 102.3, Thunderbird < 102.3, and Firefox
CVE-2023-25729
CVE-2023-25729 involves a permissions prompt issue for external schemes that was only shown for ContentPrincipals, allowing extensions using ExpandedPrincipals to open them without user interaction. This could enable actions like downloading files or interacting with installed software. Affected:...
CVE-2012-4186
CVE-2012-4186 : Heap-based buffer overflow in Mozilla Firefox’s nsWaveReader::DecodeAudioData. Affected products include Firefox before 16.0 (and Firefox ESR 10.x before 10.0.8), Thunderbird before 16.0, and SeaMonkey before 2.13. Vectors are unspecified in the provided docs, but exploitation wou...
CVE-2017-5404
CVE-2017-5404 is a use-after-free in Firefox/Thunderbird when manipulating ranges in selections with one node inside a native anonymous tree and one node outside it, leading to a potentially exploitable crash. Affected: Firefox versions before 52 and Firefox ESR before 45.8; Thunderbird versions ...
CVE-2023-25742
CVE-2023-25742 : When importing a SPKI RSA public key as ECDSA P-256, the key is handled incorrectly, causing the tab to crash. Affected products per provided docs: Firefox < 110, Thunderbird < 102.8, and Firefox ESR
CVE-2023-29535
CVE-2023-29535: The vulnerability arises from a garbage collector compaction issue in Firefox/related products where a weak map could be accessed before proper tracing, leading to memory corruption and a potentially exploitable crash. Affected software per documents includes Firefox (and derivati...
CVE-2017-5408
CVE-2017-5408: Cross-origin reading of video captions in Mozilla products due to missing CORS header checks. Affected: Firefox < 52, Firefox ESR < 45.8, Thunderbird < 52, Thunderbird
CVE-2023-32211
CVE-2023-32211 describes a type checking bug in Mozilla Firefox and Thunderbird that could lead to invalid code being compiled. The connected documents confirm the flaw affects Firefox versions prior to 113, Firefox ESR prior to 102.11, and Thunderbird prior to 102.11. Multiple security advisorie...
CVE-2023-37201
CVE-2023-37201 is a WebRTC-related use-after-free in Firefox/Thunderbird: an attacker could trigger memory corruption during HTTPS WebRTC setup. Affected: Firefox <115, Firefox ESR <102.13, Thunderbird
CVE-2017-7810
CVE-2017-7810 refers to memory-safety bugs reported in Firefox 55 and Firefox ESR 52.3, with potential to exploit memory corruption to run arbitrary code. Connected documents confirm that Thunderbird
CVE-2022-38476
CVE-2022-38476 describes a data race in PK11_ChangePW that could cause a use-after-free, affecting Firefox ESR < 102.2 and Thunderbird
CVE-2016-9897
CVE-2016-9897 affects Mozilla Firefox (versions < 50.1) and Firefox ESR (< 45.6) and Thunderbird (
CVE-2022-45406
CVE-2022-45406 describes a memory-safety flaw in JavaScript: when an out-of-memory condition occurs during creation of a global, a JavaScript realm can be deleted while references linger in a BaseShape, leading to a use-after-free and potentially exploitable crash. Affected products include Firef...