Lucene search
+L

1214 matches found

CVE
CVE
added 2018/06/11 9:0 p.m.186 views

CVE-2017-7814

This CVE (CVE-2017-7814) affects Mozilla products (Firefox < 56, Firefox ESR < 52.4, Thunderbird

7.8CVSS7.6AI score0.01232EPSS
CVE
CVE
added 2022/12/22 12:0 a.m.186 views

CVE-2022-45416

CVE-2022-45416 affects Firefox ESR < 102.5, Thunderbird < 102.5, and Firefox

6.5CVSS7.3AI score0.00672EPSS
CVE
CVE
added 2023/06/02 12:0 a.m.186 views

CVE-2023-1945

CVE-2023-1945 is a vulnerability in Mozilla code paths related to the Safe Browsing API. The initial data from the Safe Browsing API could lead to memory corruption and a potentially exploitable crash. Affected products per the connected data: Thunderbird and Firefox ESR, affected when using vers...

6.5CVSS7.3AI score0.00644EPSS
CVE
CVE
added 2023/06/02 12:0 a.m.186 views

CVE-2023-25732

CVE-2023-25732 involves an out-of-bounds memory write caused by incorrect calculation of the input size when encoding data from inputStream in xpcom. The vulnerability affects Firefox before 110, Thunderbird before 102.8, and Firefox ESR before 102.8. Connected advisories corroborate the issue an...

8.8CVSS8.2AI score0.00737EPSS
CVE
CVE
added 2023/06/02 12:0 a.m.186 views

CVE-2023-25737

CVE-2023-25737 describes an invalid downcast from nsTextNode to SVGElement that could lead to undefined behavior. The vulnerability is observed in Mozilla Firefox (versions before 110), Thunderbird (versions before 102.8), and Firefox ESR (versions before 102.8). Connected advisories consistently...

8.8CVSS8AI score0.00702EPSS
CVE
CVE
added 2023/06/02 12:0 a.m.186 views

CVE-2023-25739

CVE-2023-25739 affects Firefox <110, Thunderbird <102.8, and Firefox ESR

8.8CVSS8.1AI score0.00682EPSS
CVE
CVE
added 2018/06/11 9:0 p.m.185 views

CVE-2016-9895

CVE-2016-9895 affects Mozilla Firefox (<50.1) and Firefox ESR (<45.6) and Thunderbird (

6.1CVSS7AI score0.01839EPSS
CVE
CVE
added 2018/06/11 9:0 p.m.185 views

CVE-2017-7809

CVE-2017-7809 is a use-after-free in an editor DOM node during tree traversal that can crash the process. Affected products cited across connected docs include Mozilla Thunderbird and Mozilla Firefox components; IBM SONAS ships vulnerable Firefox releases and lists a fix in IBM SONAS version 1.5....

9.8CVSS8.2AI score0.02677EPSS
CVE
CVE
added 2018/06/11 9:0 p.m.184 views

CVE-2017-5434

CVE-2017-5434 is a use-after-free in Firefox/Thunderbird related to focus-handling that can cause a potentially exploitable crash. Public details in connected advisories show the flaw affects Firefox versions before 53 (and ESR branches before 53/52.1) with Firefox 53+ fixes and ESR updates deliv...

9.8CVSS8.3AI score0.03622EPSS
CVE
CVE
added 2018/06/11 9:0 p.m.184 views

CVE-2017-5439

CVE-2017-5439 is a use-after-free in XSLT processing caused by improper handling of template parameters (nsTArray Length()) in Mozilla code, affecting Firefox and Thunderbird. It targets Firefox < 53 (and related ESR branches) and Thunderbird

9.8CVSS8.3AI score0.03622EPSS
CVE
CVE
added 2018/06/11 9:0 p.m.184 views

CVE-2017-5465

CVE-2017-5465 is an out-of-bounds read in ConvolvePixel used when processing SVG content. The issue can crash the application and may copy memory into SVG content, potentially affecting rendering. Affected products include Thunderbird and Mozilla Firefox variants: Thunderbird < 52.1, Firefox E...

9.1CVSS7.9AI score0.18756EPSS
CVE
CVE
added 2018/06/11 9:0 p.m.184 views

CVE-2017-7787

CVE-2017-7787 is a same-origin policy bypass vulnerability affecting Thunderbird and Firefox browsers. Affected products include Thunderbird versions older than 52.3, Firefox ESR older than 52.3, and Firefox older than 55. The issue occurs on pages with embedded iframes during page reloads, allow...

7.5CVSS7.6AI score0.02376EPSS
CVE
CVE
added 2018/06/11 9:0 p.m.184 views

CVE-2017-7793

CVE-2017-7793 is a use-after-free in Thunderbird/Fetch API where the worker or window is freed while in use, leading to a potentially exploitable crash. Public details reference Thunderbird

9.8CVSS8.1AI score0.02344EPSS
CVE
CVE
added 2023/10/24 12:47 p.m.184 views

CVE-2023-5726

The CVE-2023-5726 issue is a macOS-only browser UI vulnerability where an obscured fullscreen notification could be exposed via the file-open dialog, potentially enabling spoofing or user confusion. Affected products/versions are Firefox older than 119, Firefox ESR older than 115.4, and Thunderbi...

4.3CVSS5.3AI score0.00598EPSS
CVE
CVE
added 2018/06/11 9:0 p.m.183 views

CVE-2017-5438

CVE-2017-5438 is a use-after-free in XSLT processing caused by the result handler being held by a freed handler. Publicly documented impact includes crashes and potential code execution in affected Mozilla products. Affected: Firefox

9.8CVSS8.3AI score0.03622EPSS
CVE
CVE
added 2018/06/11 9:0 p.m.183 views

CVE-2017-5445

CVE-2017-5445 describes a memory-read vulnerability in Mozilla products when parsing the application/http-index-format content, caused by uninitialized values used to create an array. The impact is information disclosure by reading uninitialized memory in affected components. Affected versions pe...

7.5CVSS7.9AI score0.02698EPSS
CVE
CVE
added 2018/06/11 9:0 p.m.183 views

CVE-2017-7785

CVE-2017-7785 is a buffer overflow in ARIA attribute handling within the DOM that affects Thunderbird (< 52.3) and Firefox components (Firefox ESR < 52.3, Firefox

9.8CVSS8.4AI score0.04187EPSS
CVE
CVE
added 2018/06/11 9:0 p.m.183 views

CVE-2017-7786

A buffer overflow in the image renderer can be triggered when painting non-displayable SVG elements, causing a crash and, in some advisories, potential arbitrary-code execution. Affected products include Mozilla Thunderbird and Firefox/Firefox ESR prior to certain versions (Thunderbird < 52.3,...

9.8CVSS8.3AI score0.04187EPSS
CVE
CVE
added 2018/06/11 9:0 p.m.183 views

CVE-2017-7792

The CVE-2017-7792 issue affects Thunderbird (< 52.3), Firefox ESR (< 52.3), and Firefox (

9.8CVSS8.4AI score0.03261EPSS
CVE
CVE
added 2018/06/11 9:0 p.m.183 views

CVE-2017-7800

CVE-2017-7800 is a use-after-free in WebSockets that can trigger a crash when the connection object is freed before disconnection finishes. Affected: Thunderbird < 52.3, Firefox ESR < 52.3, Firefox

9.8CVSS8.2AI score0.03036EPSS
CVE
CVE
added 2018/06/11 9:0 p.m.182 views

CVE-2017-7791

CVE-2017-7791: A data: protocol-based modal alert spoofing vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox

5.3CVSS6.5AI score0.01837EPSS
CVE
CVE
added 2022/12/22 12:0 a.m.182 views

CVE-2022-46875

CVE-2022-46875 concerns Mozilla Firefox/Thunderbird on Mac OS where the executable warning was not shown when downloading .atloc/.ftploc files, enabling potential command execution. Affects Firefox < 108, Firefox ESR < 102.6, and Thunderbird

6.5CVSS6.9AI score0.00634EPSS
CVE
CVE
added 2025/04/01 12:28 p.m.182 views

CVE-2025-3028

CVE-2025-3028 describes a use-after-free in memory handling when JavaScript runs during XSLTProcessor document transformation. Affected products include Firefox versions before 137 and Firefox ESR before 115.22/128.9, and Thunderbird versions before 137/128.9. Public advisories (e.g., ALAS2FIREFO...

6.5CVSS7AI score0.00824EPSS
CVE
CVE
added 2014/03/19 10:0 a.m.181 views

CVE-2014-1505

CVE-2014-1505 affects Mozilla Firefox (and related Mozilla components) where SVG filter operations in feDisplacementMap could leak displacement-correlation data and potentially bypass Same Origin Policy via a timing attack, enabling partial information disclosure from a different domain. Affected...

7.5CVSS8.5AI score0.04002EPSS
CVE
CVE
added 2014/03/19 10:0 a.m.181 views

CVE-2014-1510

CVE-2014-1510 is a WebIDL-related remote code execution in Mozilla Firefox family (Firefox, Thunderbird, SeaMonkey) where an IDL fragment can trigger window.open with chrome privileges. Affected products and versions are Mozilla Firefox (pre-28.0 and ESR 24.x before 24.4 for some branches), Thund...

9.8CVSS9.2AI score0.82339EPSS
CVE
CVE
added 2018/06/11 9:0 p.m.181 views

CVE-2017-5407

CVE-2017-5407 describes a information-disclosure flaw in SVG filters due to floating-point timing side channels that can leak pixel data and history across origins. Affected products include Mozilla Firefox and Thunderbird versions older than 52 (Firefox ESR older than 45.8; Thunderbird older tha...

6.5CVSS6.7AI score0.02806EPSS
CVE
CVE
added 2018/06/11 9:0 p.m.181 views

CVE-2017-5464

CVE-2017-5464 affects Mozilla products: Thunderbird

9.8CVSS8.3AI score0.02567EPSS
CVE
CVE
added 2018/06/11 9:0 p.m.181 views

CVE-2017-7784

The CVE-2017-7784 issue is a use-after-free in the image observer during frame reconstruction after the observer has been freed, affecting Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox

9.8CVSS8.3AI score0.03618EPSS
CVE
CVE
added 2018/06/11 9:0 p.m.181 views

CVE-2017-7826

CVE-2017-7826 ties to memory-safety bugs in Firefox 56/ESR 52.4 and Thunderbird prior to 52.5. Affected versions: Firefox < 57, Firefox ESR < 52.5, Thunderbird

10CVSS8.9AI score0.03343EPSS
CVE
CVE
added 2022/12/22 12:0 a.m.181 views

CVE-2022-40956

CVE-2022-40956 describes a CSP bypass in which injecting an HTML element causes requests to ignore the CSP base-uri setting and use the injected base instead. Affected products include Firefox ESR before 102.3, Thunderbird before 102.3, and Firefox before 105. The vulnerability’s root cause is t...

6.1CVSS6.6AI score0.00877EPSS
CVE
CVE
added 2022/12/22 12:0 a.m.181 views

CVE-2022-45411

CVE-2022-45411: Cross-Site Tracing vulnerability in Firefox/Thunderbird due to servers echoing Trace requests and exposure of authorization headers/cookies; mitigations have been implemented via browser fetch/XHR limits and non-standard headers like X-Http-Method-Override. The issue is acknowledg...

6.1CVSS6.9AI score0.00575EPSS
CVE
CVE
added 2023/06/02 12:0 a.m.181 views

CVE-2023-32212

The CVE-2023-32212 issue is a UI spoofing vulnerability in Mozilla Firefox and Thunderbird where an attacker could position a datalist element to obscure the address bar. Affected products include Firefox versions before 113, Firefox ESR before 102.11, and Thunderbird before 102.11. The connected...

4.3CVSS5.9AI score0.00647EPSS
CVE
CVE
added 2014/02/06 2:0 a.m.180 views

CVE-2014-1490

CVE-2014-1490 : A race condition in NSS libssl session ticket processing (use-after-free) could allow remote attackers to cause a denial of service or, per the description, potentially other impact via a resumption handshake. Affected: NSS up to 3.15.4 and, by extension, Mozilla products (Firefox...

9.3CVSS8.8AI score0.0399EPSS
CVE
CVE
added 2018/06/11 9:0 p.m.180 views

CVE-2016-9898

CVE-2016-9898 is a use-after-free vulnerability in Mozilla Firefox/Thunderbird affecting Firefox <50.1, Firefox ESR <45.6, and Thunderbird

9.8CVSS8.9AI score0.03558EPSS
CVE
CVE
added 2018/06/11 9:0 p.m.180 views

CVE-2017-5432

CVE-2017-5432 is a use-after-free in Firefox < 53 that can trigger a potentially exploitable crash during certain text-input selection. The vulnerability also affects related Mozilla products in older ESR/thunderbird branches (e.g., Thunderbird < 52.1; ESR

9.8CVSS8.3AI score0.0318EPSS
CVE
CVE
added 2018/06/11 9:0 p.m.180 views

CVE-2017-7807

CVE-2017-7807 describes a domain URL hijack via AppCache fallback, resolved by requiring fallback files to be inside the manifest directory. Affected products include Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox

8.1CVSS7.8AI score0.02136EPSS
CVE
CVE
added 2018/06/11 9:0 p.m.180 views

CVE-2018-5129

The CVE-2018-5129 entry relates to a memory-safety/IPC validation issue where a lack of parameter validation on IPC messages can cause an out-of-bounds write, potentially enabling sandbox escape. Affected products include Mozilla Thunderbird < 52.7, Firefox ESR < 52.7, and Firefox

8.6CVSS9.2AI score0.03045EPSS
CVE
CVE
added 2022/12/22 12:0 a.m.180 views

CVE-2022-40957

In Firefox on ARM64, CVE-2022-40957 is caused by inconsistent data in the instruction and data caches while building WebAssembly code, leading to a potentially exploitable crash. Affected products include Firefox on ARM64 and Firefox ESR < 102.3, Thunderbird < 102.3, and Firefox

6.5CVSS6.9AI score0.01082EPSS
CVE
CVE
added 2023/06/02 12:0 a.m.180 views

CVE-2023-25729

CVE-2023-25729 involves a permissions prompt issue for external schemes that was only shown for ContentPrincipals, allowing extensions using ExpandedPrincipals to open them without user interaction. This could enable actions like downloading files or interacting with installed software. Affected:...

8.8CVSS8.1AI score0.00681EPSS
CVE
CVE
added 2012/10/10 5:0 p.m.179 views

CVE-2012-4186

CVE-2012-4186 : Heap-based buffer overflow in Mozilla Firefox’s nsWaveReader::DecodeAudioData. Affected products include Firefox before 16.0 (and Firefox ESR 10.x before 10.0.8), Thunderbird before 16.0, and SeaMonkey before 2.13. Vectors are unspecified in the provided docs, but exploitation wou...

9.3CVSS9.6AI score0.147EPSS
CVE
CVE
added 2018/06/11 9:0 p.m.179 views

CVE-2017-5404

CVE-2017-5404 is a use-after-free in Firefox/Thunderbird when manipulating ranges in selections with one node inside a native anonymous tree and one node outside it, leading to a potentially exploitable crash. Affected: Firefox versions before 52 and Firefox ESR before 45.8; Thunderbird versions ...

9.8CVSS8.1AI score0.17484EPSS
CVE
CVE
added 2023/06/02 12:0 a.m.179 views

CVE-2023-25742

CVE-2023-25742 : When importing a SPKI RSA public key as ECDSA P-256, the key is handled incorrectly, causing the tab to crash. Affected products per provided docs: Firefox < 110, Thunderbird < 102.8, and Firefox ESR

6.5CVSS6.6AI score0.00648EPSS
CVE
CVE
added 2023/06/02 12:0 a.m.179 views

CVE-2023-29535

CVE-2023-29535: The vulnerability arises from a garbage collector compaction issue in Firefox/related products where a weak map could be accessed before proper tracing, leading to memory corruption and a potentially exploitable crash. Affected software per documents includes Firefox (and derivati...

6.5CVSS7.3AI score0.00741EPSS
CVE
CVE
added 2018/06/11 9:0 p.m.178 views

CVE-2017-5408

CVE-2017-5408: Cross-origin reading of video captions in Mozilla products due to missing CORS header checks. Affected: Firefox < 52, Firefox ESR < 45.8, Thunderbird < 52, Thunderbird

5.3CVSS6.1AI score0.02631EPSS
CVE
CVE
added 2023/06/02 12:0 a.m.178 views

CVE-2023-32211

CVE-2023-32211 describes a type checking bug in Mozilla Firefox and Thunderbird that could lead to invalid code being compiled. The connected documents confirm the flaw affects Firefox versions prior to 113, Firefox ESR prior to 102.11, and Thunderbird prior to 102.11. Multiple security advisorie...

6.5CVSS6.8AI score0.00738EPSS
CVE
CVE
added 2023/07/05 8:51 a.m.178 views

CVE-2023-37201

CVE-2023-37201 is a WebRTC-related use-after-free in Firefox/Thunderbird: an attacker could trigger memory corruption during HTTPS WebRTC setup. Affected: Firefox <115, Firefox ESR <102.13, Thunderbird

8.8CVSS8.1AI score0.00755EPSS
CVE
CVE
added 2018/06/11 9:0 p.m.177 views

CVE-2017-7810

CVE-2017-7810 refers to memory-safety bugs reported in Firefox 55 and Firefox ESR 52.3, with potential to exploit memory corruption to run arbitrary code. Connected documents confirm that Thunderbird

10CVSS8.9AI score0.02804EPSS
CVE
CVE
added 2022/12/22 12:0 a.m.177 views

CVE-2022-38476

CVE-2022-38476 describes a data race in PK11_ChangePW that could cause a use-after-free, affecting Firefox ESR < 102.2 and Thunderbird

7.5CVSS7.4AI score0.0082EPSS
CVE
CVE
added 2018/06/11 9:0 p.m.176 views

CVE-2016-9897

CVE-2016-9897 affects Mozilla Firefox (versions < 50.1) and Firefox ESR (< 45.6) and Thunderbird (

7.5CVSS8.1AI score0.03312EPSS
CVE
CVE
added 2022/12/22 12:0 a.m.176 views

CVE-2022-45406

CVE-2022-45406 describes a memory-safety flaw in JavaScript: when an out-of-memory condition occurs during creation of a global, a JavaScript realm can be deleted while references linger in a BaseShape, leading to a use-after-free and potentially exploitable crash. Affected products include Firef...

9.8CVSS9.1AI score0.01061EPSS
Total number of security vulnerabilities1214