Lucene search
K

1214 matches found

CVE
CVE
added 2023/06/02 12:0 a.m.351 views

CVE-2023-23598

CVE-2023-23598 describes an Arbitrary file read via GTK drag-and-drop in Firefox/Thunderbird where the GTK wrapper uses text/plain for drag data; GTK treats text/plain MIMEs with file URLs as dragged, enabling DataTransfer.setData to read local files. Affected versions: Firefox < 109, Firefox ...

6.5CVSS6.8AI score0.00641EPSS
CVE
CVE
added 2020/03/02 4:5 a.m.350 views

CVE-2020-6798

CVE-2020-6798 involves incorrect parsing when a template tag is used inside a select tag, enabling JavaScript injection under browser-like contexts. The vulnerability affects Thunderbird versions prior to 68.5 (and Firefox before 73 / ESR 68.5); exploitation is discussed in the context of cross-s...

6.1CVSS6.6AI score0.02056EPSS
CVE
CVE
added 2021/08/17 7:12 p.m.350 views

CVE-2021-29980

CVE-2021-29980 is a memory safety issue caused by uninitialized memory in a canvas object, potentially enabling memory corruption and a crash. Documents show affected products include Thunderbird and Firefox variants: Thunderbird 78.x/91.x and Firefox ESR 78.x as well as Firefox

8.8CVSS8.7AI score0.01406EPSS
CVE
CVE
added 2024/06/11 12:40 p.m.346 views

CVE-2024-5688

CVE-2024-5688 is a use-after-free in object transplant triggered by garbage collection timing, affecting Firefox versions before 127 and Firefox ESR before 115.12, and Thunderbird before 115.12. Root cause: memory safety issue during object transplant that can lead to heap corruption if GC runs a...

8.1CVSS5.4AI score0.0107EPSS
CVE
CVE
added 2019/09/27 5:14 p.m.345 views

CVE-2019-11752

CVE-2019-11752 is a use-after-free in IndexedDB: deleting a key value during conversion may allow a crash and potential exploitation. Affected products include Firefox versions before 69 and Thunderbird versions before 68.1/60.9 (and corresponding ESR lines). Several connected advisories note fix...

9.3CVSS8.6AI score0.0216EPSS
CVE
CVE
added 2024/11/26 1:33 p.m.345 views

CVE-2024-11704

CVE-2024-11704 is a double-free in sec_pkcs7_decoder_start_decrypt() triggered on an error path, potentially leading to memory corruption. Affected products include Firefox < 133, Thunderbird < 133, Firefox ESR < 128.7, and Thunderbird

9.8CVSS5.9AI score0.00919EPSS
CVE
CVE
added 2019/07/23 1:18 p.m.343 views

CVE-2019-11713

CVE-2019-11713 is a use-after-free in HTTP/2 when a cached stream is closed while still in use, leading to a potentially exploitable crash. Affected products include Firefox ESR < 60.8, Firefox < 68, and Thunderbird

9.8CVSS9.3AI score0.02149EPSS
CVE
CVE
added 2024/06/11 12:40 p.m.343 views

CVE-2024-5700

CVE-2024-5700 is a memory-safety issue affecting Firefox 126, ESR 115.11, and Thunderbird 115.11 (Firefox <127, ESR <115.12, Thunderbird

7CVSS6.7AI score0.0044EPSS
CVE
CVE
added 2021/02/26 1:57 a.m.342 views

CVE-2021-23969

The CVE-2021-23969 entry concerns a Content Security Policy (CSP) violation report handling issue in Firefox and related Mozilla products. Affected components: Firefox (and Thunderbird) CSP violation reporting when redirects occur. Root cause: during certain redirects, the reporter could set the ...

4.3CVSS5.6AI score0.01212EPSS
CVE
CVE
added 2024/10/29 12:19 p.m.342 views

CVE-2024-10464

CVE-2024-10464 refers to a vulnerability where repeated writes to history interface attributes could be exploited to cause a Denial of Service in the browser. Publicly documented impact shows affected products include Firefox below 132, Firefox ESR below 128.4, Thunderbird below 128.4, and Thunde...

7.5CVSS6.1AI score0.006EPSS
CVE
CVE
added 2021/08/17 7:12 p.m.339 views

CVE-2021-29989

CVE-2021-29989 covers memory safety bugs in Firefox 90/ESR 78.12 that could lead to memory corruption and potentially arbitrary code execution; affected products include Thunderbird <78.13, Firefox ESR <78.13, and Firefox

8.8CVSS9.3AI score0.01268EPSS
CVE
CVE
added 2024/03/19 12:2 p.m.339 views

CVE-2024-2612

CVE-2024-2612 affects Firefox <124, Firefox ESR <115.9, and Thunderbird

8.1CVSS7AI score0.00971EPSS
CVE
CVE
added 2024/07/09 2:25 p.m.339 views

CVE-2024-6600

CVE-2024-6600 describes a memory-out-of-bounds in Angle’s GLSL shader allocation on macOS when allocating more than 8192 ints in private shader memory, leading to potential memory corruption. Affected products per sources include Mozilla Firefox and Thunderbird (and ESR branches) with versions pr...

6.3CVSS6.7AI score0.00397EPSS
CVE
CVE
added 2024/07/09 2:25 p.m.339 views

CVE-2024-6606

CVE-2024-6606 : The issue is an out-of-bounds read in the clipboard component caused by clipboard code failing to check the index on an array access. Affected products are Mozilla Firefox and Mozilla Thunderbird, with exploitable impact on versions earlier than 128. The vulnerability is described...

8.2CVSS8.7AI score0.00399EPSS
CVE
CVE
added 2024/10/01 3:13 p.m.339 views

CVE-2024-9393

Summary: CVE-2024-9393 describes a cross-origin JavaScript execution in PDFs via a crafted multipart response, allowing access to cross-origin content under the resource://pdf.js origin. Affected software (from provided docs): Mozilla Firefox and Thunderbird (including ESR branches). Desktop Site...

7.5CVSS6.5AI score0.00394EPSS
CVE
CVE
added 2018/06/11 9:0 p.m.338 views

CVE-2016-9905

CVE-2016-9905 is tied to a crash in EnumerateSubDocuments when adding or removing sub-documents, affecting Thunderbird and Firefox ESR prior to 45.6. The connected sources consistently identify a crash/memory safety context (e.g., use-after-free and memory corruption patterns across related CVEs)...

8.8CVSS8.7AI score0.024EPSS
CVE
CVE
added 2021/06/24 1:26 p.m.338 views

CVE-2021-23994

CVE-2021-23994 describes a WebGL-related memory corruption due to a framebuffer not initialized early enough, causing an out-of-bounds write. Affected products are Firefox ESR versions earlier than 78.10, Thunderbird versions earlier than 78.10, and Firefox versions earlier than 88. The root caus...

8.8CVSS6.6AI score0.01764EPSS
CVE
CVE
added 2024/03/19 12:2 p.m.338 views

CVE-2024-2605

CVE-2024-2605 affects Firefox and related Mozilla products on Windows, where the Windows Error Reporter can be abused as a sandbox escape to run arbitrary code. The description states affected versions: Firefox < 124, Firefox ESR < 115.9, and Thunderbird

5.9CVSS6.8AI score0.00583EPSS
CVE
CVE
added 2024/07/09 2:25 p.m.338 views

CVE-2024-6602

CVE-2024-6602 is a memory corruption vulnerability caused by a mismatch between the allocator and deallocator in NSS. It affects Firefox < 128, Firefox ESR < 115.13, Thunderbird < 115.13, and Thunderbird

9.8CVSS8.9AI score0.00977EPSS
CVE
CVE
added 2023/06/02 12:0 a.m.335 views

CVE-2023-25735

CVE-2023-25735 describes a use-after-free caused by cross-compartment wrappers wrapping a scripted proxy, which could cause objects from other compartments to be stored in the main compartment during unwrapping. Affected products include Firefox <110, Thunderbird <102.8, and Firefox ESR

8.8CVSS8.1AI score0.00716EPSS
CVE
CVE
added 2024/10/01 3:13 p.m.335 views

CVE-2024-9392

CVE-2024-9392 impacts Firefox and Thunderbird before version 131 (and ESR before 128.3/115.16) where a compromised content process could bypass site isolation and load cross-origin content. This could enable cross-origin access to PDF/JSON via multipart responses and, in some cases, broader arbit...

9.8CVSS6.3AI score0.00531EPSS
CVE
CVE
added 2020/04/24 3:55 p.m.332 views

CVE-2020-6821

CVE-2020-6821: WebGL copyTexSubImage reads outside the source resource; memory that should be zero is uninitialized, enabling potential data disclosure. Affected products include Thunderbird < 68.7.0, Firefox ESR < 68.7, and Firefox

7.5CVSS7.9AI score0.01468EPSS
CVE
CVE
added 2024/06/11 12:40 p.m.332 views

CVE-2024-5696

The CVE-2024-5696 entry concerns memory corruption caused by manipulating text in an tag, affecting Firefox < 127, Firefox ESR < 115.12, and Thunderbird

8.6CVSS5.4AI score0.00807EPSS
CVE
CVE
added 2019/07/23 1:23 p.m.331 views

CVE-2019-9820

The CVE-2019-9820 issue is a use-after-free in the ChromeEventHandler by DocShell that can cause a crash in Thunderbird and Firefox (including ESR). Affected products and versions, per sources: Thunderbird < 60.7, Firefox < 67, and Firefox ESR

9.8CVSS6.3AI score0.01638EPSS
CVE
CVE
added 2021/08/05 7:46 p.m.330 views

CVE-2021-29970

CVE-2021-29970 concerns a use-after-free/memory corruption issue triggered by a malicious webpage when accessibility is enabled. Affected products include Thunderbird < 78.12, Firefox ESR < 78.12, and Firefox

8.8CVSS6.1AI score0.01428EPSS
CVE
CVE
added 2021/08/17 7:12 p.m.330 views

CVE-2021-29985

CVE-2021-29985 is a use-after-free in media channels causing memory corruption, affecting Thunderbird (versions < 78.13 and < 91), Firefox ESR (<78.13) and Firefox (

8.8CVSS8.8AI score0.01451EPSS
CVE
CVE
added 2021/12/08 9:22 p.m.330 views

CVE-2021-38503

The CVE-2021-38503 issue: the iframe sandbox rules were not correctly applied to XSLT stylesheets, allowing an iframe to bypass restrictions such as executing scripts or navigating the top-level frame. Affected products include Firefox (versions before 94), Thunderbird (before 91.3), and Firefox ...

10CVSS8.9AI score0.0383EPSS
CVE
CVE
added 2024/08/06 12:38 p.m.330 views

CVE-2024-7519

CVE-2024-7519 describes memory corruption due to insufficient checks when processing graphics shared memory, enabling sandbox escape. Affected products include Firefox <129, Firefox ESR <115.14, Firefox ESR <128.1, Thunderbird <128.1, and Thunderbird

9.6CVSS8.9AI score0.00589EPSS
CVE
CVE
added 2010/06/30 6:0 p.m.329 views

CVE-2010-1205

CVE-2010-1205 is a buffer overflow in libpng (pngpread.c) that could allow remote code execution via a crafted PNG image. Affected libpng versions are prior to 1.2.44 and prior to 1.4.3. The overflow is tied to the internal copy in pngpread.c and is described across advisories mentioning memory c...

9.8CVSS9.9AI score0.43382EPSS
CVE
CVE
added 2020/12/09 12:24 a.m.329 views

CVE-2020-26965

CVE-2020-26965 is a browser/password-input issue affecting Firefox (including ESR) versions older than 83/78.5 and Thunderbird older than 78.5. The problem arises when a user’s password is revealed via a “Show Password” control, and, in conjunction with a software keyboard that remembers input, t...

6.5CVSS6.8AI score0.01236EPSS
CVE
CVE
added 2024/07/09 2:25 p.m.329 views

CVE-2024-6601

CVE-2024-6601 describes a race condition in Mozilla products where a cross-origin container could gain permissions of the top-level origin. Affected are Firefox < 128, Firefox ESR < 115.13, Thunderbird < 115.13, and Thunderbird

4.7CVSS7.5AI score0.0039EPSS
CVE
CVE
added 2021/08/17 7:12 p.m.328 views

CVE-2021-29986

CVE-2021-29986 describes a race condition in getaddrinfo that can cause memory corruption and a potentially exploitable crash on Linux. Affected products include Thunderbird and Firefox variants: Thunderbird < 78.13 and < 91, Firefox ESR < 78.13, and Firefox

8.1CVSS8.3AI score0.01263EPSS
CVE
CVE
added 2021/02/26 1:53 a.m.327 views

CVE-2021-23973

CVE-2021-23973 describes a cross-origin loading issue in audio/video contexts where a decoding error could leak information about the resource. Affected software: Firefox versions older than 86, Thunderbird older than 78.8, and Firefox ESR older than 78.8. Public-facing details confirm this vulne...

6.5CVSS6.6AI score0.01368EPSS
CVE
CVE
added 2020/10/01 6:43 p.m.326 views

CVE-2020-15664

The CVE-2020-15664 issue arises from a malicious page holding a reference to eval() from an about:blank window, allowing access to InstallTrigger and prompting users to install an extension. Affected products include Firefox < 80, Thunderbird < 78.2/68.12, Firefox ESR < 68.12/78.2, and F...

6.5CVSS6.7AI score0.01378EPSS
CVE
CVE
added 2021/02/26 2:11 a.m.326 views

CVE-2021-23953

CVE-2021-23953 concerns an information-disclosure vulnerability in the PDF handling of Mozilla Firefox (before 85.0) and Thunderbird (before 78.7), plus Firefox ESR before 78.7. The issue arises when a user opens a specially crafted PDF, which could leak cross-origin data served as chunked data. ...

4.3CVSS5.5AI score0.01047EPSS
CVE
CVE
added 2024/07/09 2:26 p.m.326 views

CVE-2024-6615

CVE-2024-6615 relates to memory safety bugs in Mozilla Firefox and Thunderbird, with issues present in Firefox 127 and Thunderbird 127 that could lead to memory corruption and arbitrary code execution. Connected advisories (MFSA2024-32, MFSA2024-29) confirm multiple memory-safety and related issu...

8.8CVSS9.7AI score0.00448EPSS
CVE
CVE
added 2019/07/23 1:18 p.m.325 views

CVE-2019-11715

CVE-2019-11715: HTML parsing error can contribute to content XSS. Affected: Firefox ESR <60.8, Firefox <68, Thunderbird

6.1CVSS6.9AI score0.01502EPSS
CVE
CVE
added 2024/05/14 5:21 p.m.325 views

CVE-2024-4768

CVE-2024-4768 involves a bug in the interaction between popup notifications and WebAuthn that could enable a user-permission bypass in the affected Mozilla products. The concrete impact described in connected advisories applies to Firefox and Firefox ESR (and Thunderbird): an attacker could trick...

6.1CVSS5.6AI score0.00534EPSS
CVE
CVE
added 2020/04/24 3:50 p.m.324 views

CVE-2020-6825

CVE-2020-6825 is a memory-safety issue in Mozilla Firefox/Thunderbird affecting Thunderbird < 68.7.0, Firefox ESR < 68.7, and Firefox

9.8CVSS9.9AI score0.01905EPSS
CVE
CVE
added 2024/08/06 12:38 p.m.324 views

CVE-2024-7528

CVE-2024-7528 describes a use-after-free in IndexedDB caused by incorrect garbage collection interaction, affecting Mozilla Firefox before 129, Firefox ESR before 128.1, and Thunderbird before 128.1. Connected advisories indicate remediation by upgrading to the latest Firefox/Thunderbird versions...

9.8CVSS8.8AI score0.00487EPSS
CVE
CVE
added 2025/01/07 4:7 p.m.324 views

CVE-2025-0247

CVE-2025-0247 concerns memory safety bugs in Mozilla Firefox 133 and Thunderbird 133, with impact on Firefox < 134 and Thunderbird

9.8CVSS7.4AI score0.09348EPSS
CVE
CVE
added 2025/02/04 1:58 p.m.324 views

CVE-2025-1011

CVE-2025-1011 is a WebAssembly code-generation bug that could crash the affected Mozilla components and, per the connected advisories, may enable remote code execution. Public references indicate the vulnerability affects Firefox up to version 135 (and ESR 128.7) and Thunderbird up to 128.7 (and ...

9.8CVSS7.3AI score0.00628EPSS
CVE
CVE
added 2019/07/23 1:23 p.m.323 views

CVE-2019-11691

CVE-2019-11691 is a use-after-free vulnerability in XMLHttpRequest (XHR) triggered by an event loop, causing the XHR main thread to be invoked after the object is freed. Affects Thunderbird versions < 60.7 and Firefox/Firefox ESR versions

9.8CVSS6.3AI score0.01606EPSS
CVE
CVE
added 2019/04/26 4:13 p.m.323 views

CVE-2019-9788

CVE-2019-9788 affects Mozilla Thunderbird and Firefox components via memory-safety bugs that could allow arbitrary code execution. The provided documents identify memory-corruption opportunities in Thunderbird < 60.6, Firefox ESR < 60.6, and Firefox

9.8CVSS9.9AI score0.02244EPSS
CVE
CVE
added 2021/08/17 7:12 p.m.323 views

CVE-2021-29988

The CVE-2021-29988 issue is a memory safety vulnerability in Mozilla code where Firefox incorrectly treated an inline list-item as a block element, leading to an out-of-bounds read or memory corruption and a potentially exploitable crash. Affected products and versions: Thunderbird < 78.13 and...

8.8CVSS8.5AI score0.01386EPSS
CVE
CVE
added 2024/06/11 12:40 p.m.323 views

CVE-2024-5702

The CVE-2024-5702 entry is confirmed with concrete details in connected advisories: memory corruption in the networking stack affecting Mozilla Firefox before 125, Firefox ESR before 115.12, and Thunderbird before 115.12. The root cause is memory corruption in the networking component, potentiall...

7.5CVSS5.7AI score0.00857EPSS
CVE
CVE
added 2019/02/05 9:0 p.m.322 views

CVE-2018-18505

CVE-2018-18505 concerns an IPC privilege-escalation in Mozilla products where an authentication added during IPC process creation is not applied to channels created later, enabling potential sandbox escape through IPC channels. Public advisories tie this to Thunderbird and Firefox releases prior ...

10CVSS7.2AI score0.04538EPSS
CVE
CVE
added 2019/04/26 4:13 p.m.322 views

CVE-2019-9796

CVE-2019-9796 is a use-after-free in the SMIL animation controller where double registration with the refresh driver leads to a dangling pointer after the controller is removed. Affected products include Thunderbird and Firefox (Firefox ESR < 60.6, Firefox

9.8CVSS9.1AI score0.02043EPSS
CVE
CVE
added 2020/05/26 5:5 p.m.322 views

CVE-2020-6831

CVE-2020-6831 is a bug described in Debian security advisories as a buffer overflow in the SCTP chunk input validation in the usrsctp library. The Debian entries explicitly tie this CVE to Firefox ESR (<68.8), Firefox (<76) and Thunderbird (

9.8CVSS9.5AI score0.05803EPSS
CVE
CVE
added 2021/03/31 1:42 p.m.322 views

CVE-2021-23982

CVE-2021-23982 is a concrete WebRTC-based information-disclosure vulnerability affecting Mozilla products. The connected documents confirm that a malicious webpage could probe an internal network’s hosts and services running on the user’s machine via WebRTC. Affected products/versions: Firefox ES...

6.5CVSS6.6AI score0.00743EPSS
Total number of security vulnerabilities1214