Lucene search
K
Database
Vendors
Products
Timeline
Vulnerabilities
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
MozillaThunderbird*

1360 matches found

CVE
CVEadded 2025/06/24 1:15 p.m.31 views

CVE-2025-6424

A use-after-free in FontFaceSet resulted in a potentially exploitable crash. This vulnerability affects Firefox < 140, Firefox ESR < 115.25, Firefox ESR < 128.12, Thunderbird < 140, and Thunderbird < 128.12.

9.8CVSS5.5AI score0.00092EPSS
CVE
CVEadded 2025/06/24 1:15 p.m.23 views

CVE-2025-6430

When a file download is specified via the Content-Disposition header, that directive would be ignored if the file was included via a <embed> or <object> tag, potentially making a website vulnerable to a cross-site scripting attack. This vulnerability affects Firefox < 140, Firefox ES...

6.1CVSS4.8AI score0.00064EPSS
CVE
CVEadded 2025/06/24 1:15 p.m.22 views

CVE-2025-6426

The executable file warning did not warn users before opening files with the terminal extension.This bug only affects Firefox for macOS. Other versions of Firefox are unaffected. This vulnerability affects Firefox < 140, Firefox ESR < 128.12, Thunderbird < 140, and Thunderbird < 128.12.

8.8CVSS5.3AI score0.0002EPSS
CVE
CVEadded 2025/06/24 1:15 p.m.20 views

CVE-2025-6429

Firefox could have incorrectly parsed a URL and rewritten it to the youtube.com domain when parsing the URL specified in an embed tag. This could have bypassed website security checks that restricted which domains users were allowed to embed. This vulnerability affects Firefox < 140, Firefox ESR...

6.5CVSS5.3AI score0.00062EPSS
CVE
CVEadded 2025/06/24 1:15 p.m.20 views

CVE-2025-6435

If a user saved a response from the Network tab in Devtools using the Save As context menu option, that file may not have been saved with the .download file extension. This could have led to the user inadvertently running a malicious executable. This vulnerability affects Firefox < 140 and Thund...

8.1CVSS5.4AI score0.00061EPSS
CVE
CVEadded 2025/06/24 1:15 p.m.19 views

CVE-2025-6425

An attacker who enumerated resources from the WebCompat extension could have obtained a persistent UUID that identified the browser, and persisted between containers and normal/private browsing mode, but not profiles. This vulnerability affects Firefox < 140, Firefox ESR < 115.25, Firefox ESR...

4.3CVSS5.1AI score0.00064EPSS
CVE
CVEadded 2025/06/24 1:15 p.m.18 views

CVE-2025-6427

An attacker was able to bypass the connect-src directive of a Content Security Policy by manipulating subdocuments. This would have also hidden the connections from the Network tab in Devtools. This vulnerability affects Firefox < 140 and Thunderbird < 140.

9.1CVSS5.3AI score0.00052EPSS
CVE
CVEadded 2025/06/24 1:15 p.m.18 views

CVE-2025-6433

If a user visited a webpage with an invalid TLS certificate, and granted an exception, the webpage was able to provide a WebAuthn challenge that the user would be prompted to complete. This is in violation of the WebAuthN spec which requires "a secure transport established without errors". This vul...

9.8CVSS5.2AI score0.00031EPSS
CVE
CVEadded 2025/06/24 1:15 p.m.17 views

CVE-2025-6432

When Multi-Account Containers was enabled, DNS requests could have bypassed a SOCKS proxy when the domain name was invalid or the SOCKS proxy was not responding. This vulnerability affects Firefox < 140 and Thunderbird < 140.

8.6CVSS5.3AI score0.00055EPSS
CVE
CVEadded 2025/06/24 1:15 p.m.17 views

CVE-2025-6434

The exception page for the HTTPS-Only feature, displayed when a website is opened via HTTP, lacked an anti-clickjacking delay, potentially allowing an attacker to trick a user into granting an exception and loading a webpage over HTTP. This vulnerability affects Firefox < 140 and Thunderbird &lt...

4.3CVSS5.3AI score0.0003EPSS
Total number of security vulnerabilities1360