Lucene search
+L

1214 matches found

cve
cve
added 2021/03/31 1:42 p.m.322 views

CVE-2021-23982

CVE-2021-23982 is a concrete WebRTC-based information-disclosure vulnerability affecting Mozilla products. The connected documents confirm that a malicious webpage could probe an internal network’s hosts and services running on the user’s machine via WebRTC. Affected products/versions: Firefox ES...

6.5CVSS6.6AI score0.00743EPSS
cve
cve
added 2022/12/22 12:0 a.m.321 views

CVE-2022-34478

Summary: CVE-2022-34478 affects Thunderbird on Windows, where the ms-msdt, search, and search-ms protocols could deliver content to Microsoft apps via prompts opened by user interaction. The underlying risk is exploitation of a prompt-based handling in these protocols that bypasses the browser. T...

6.5CVSS6.7AI score0.00783EPSS
In wild
cve
cve
added 2024/10/29 12:19 p.m.321 views

CVE-2024-10458

CVE-2024-10458 describes a permission leak from a trusted site to an untrusted site via embed/object in Firefox and Thunderbird. Affected products and ranges shown in the connected documents include Firefox and Thunderbird before 132 (and ESR before 128.4/115.17 for Firefox, and Thunderbird befor...

7.5CVSS6AI score0.00611EPSS
cve
cve
added 2024/06/11 12:40 p.m.321 views

CVE-2024-5691

The CVE-2024-5691 entry describes a vulnerability where an attacker could trick a sandboxed iframe using an X-Frame-Options header to present a button that, if clicked, bypasses sandbox restrictions and opens a new window. Affected products (per the provided documents) include Mozilla Firefox and...

4.7CVSS5.2AI score0.00654EPSS
cve
cve
added 2019/04/26 4:9 p.m.320 views

CVE-2019-9813

CVE-2019-9813 describes an IonMonkey JIT type confusion caused by incorrect handling of proto mutations, enabling potential arbitrary memory read/write. Affected products include Firefox prior to 66.0.1, Firefox ESR prior to 60.6.1, and Thunderbird prior to 60.6.1. The underlying issue is a type-...

8.8CVSS8.2AI score0.07387EPSS
cve
cve
added 2021/08/05 7:46 p.m.320 views

CVE-2021-29976

CVE-2021-29976 is a memory-safety issue affecting Mozilla code shared by Firefox and Thunderbird. The advisory details indicate memory-safety bugs that could be exploited to run arbitrary code, impacting Thunderbird < 78.12, Firefox ESR < 78.12, and Firefox

8.8CVSS7.4AI score0.01223EPSS
cve
cve
added 2025/02/04 1:58 p.m.320 views

CVE-2025-1012

CVE-2025-1012 describes a race during concurrent delazification that can cause a use-after-free in Firefox and Thunderbird. Affected products include Firefox <135, Firefox ESR <115.20, Firefox ESR <128.7, Thunderbird <128.7, and Thunderbird

9.8CVSS7.2AI score0.00436EPSS
cve
cve
added 2019/07/23 1:26 p.m.319 views

CVE-2019-9800

CVE-2019-9800 is supported by multiple connected advisories indicating memory safety bugs in Mozilla products (Thunderbird 60.x, Firefox ESR 60.x, Firefox 66–67 range) that could allow arbitrary code execution. The root cause is memory safety issues leading to memory corruption; affected versions...

9.8CVSS7.2AI score0.01775EPSS
cve
cve
added 2020/10/22 8:32 p.m.319 views

CVE-2020-15683

CVE-2020-15683 : Mozilla Firefox and Thunderbird memory-safety issues reported affecting Firefox ESR < 78.4, Firefox < 82, and Thunderbird

9.8CVSS9.9AI score0.0262EPSS
cve
cve
added 2021/03/31 1:42 p.m.319 views

CVE-2021-23981

CVE-2021-23981 describes a memory-safety issue in WebGL where uploading a Texture into a Pixel Buffer Object could confuse WebGL and skip binding the buffer used to unpack it, leading to an out-of-bounds read and potential information leak or crash. Affected software includes Firefox ESR < 78....

8.1CVSS8.2AI score0.01135EPSS
cve
cve
added 2021/03/31 1:41 p.m.319 views

CVE-2021-23984

The CVE-2021-23984 entry describes a vulnerability in which a malicious extension could open a popup window without an address bar, allowing spoofing of a site and credential theft. Affected products include Firefox ESR < 78.9, Firefox < 87, and Thunderbird

6.5CVSS6.7AI score0.01113EPSS
cve
cve
added 2023/11/21 2:28 p.m.319 views

CVE-2023-6209

CVE-2023-6209 corresponds to a parsing vulnerability where relative URLs starting with three slashes and a "/../" path could override the specified host, potentially enabling security issues on affected sites. The issue is documented for Firefox and Thunderbird, with affected versions cited as Fi...

6.5CVSS6.9AI score0.01406EPSS
In wild
cve
cve
added 2024/10/29 12:19 p.m.319 views

CVE-2024-10459

CVE-2024-10459 is a use-after-free vulnerability triggered when accessibility features are enabled, potentially causing a crash. The issue affects Firefox versions earlier than 132, Firefox ESR prior to 128.4 and 115.17, and Thunderbird versions earlier than 132 or 128.4, as noted across multiple...

7.5CVSS6.3AI score0.00597EPSS
cve
cve
added 2024/06/11 12:40 p.m.319 views

CVE-2024-5690

Vulnerability CVE-2024-5690 affects Mozilla Firefox and Thunderbird components via a timing-attack on external protocol handler detection. Affected products explicitly include Firefox < 127, Firefox ESR < 115.12, and Thunderbird

4.3CVSS5.3AI score0.00736EPSS
cve
cve
added 2024/07/09 2:25 p.m.319 views

CVE-2024-6603

The CVE-2024-6603 entry describes an out-of-memory scenario where an allocation can fail but the pointer is free’d afterward, leading to memory corruption. Affected software: Firefox < 128, Firefox ESR < 115.13, Thunderbird < 115.13, and Thunderbird

7.4CVSS7.7AI score0.00532EPSS
cve
cve
added 2024/10/01 3:13 p.m.319 views

CVE-2024-9401

CVE-2024-9401 affects Firefox and Thunderbird memory-safety bugs (memory corruption) in Firefox 130, ESR 115.15, ESR 128.2, and Thunderbird 128.2; vulnerable ranges extend to Firefox < 131, ESR < 128.3, ESR < 115.16, Thunderbird < 128.3, and Thunderbird

9.8CVSS7.5AI score0.00733EPSS
cve
cve
added 2019/09/27 5:17 p.m.318 views

CVE-2019-11743

CVE-2019-11743 describes cross-origin access to unload event attributes, enabling timing-side-channel exposure of history in certain browsers. Connected docs confirm affected products and versions, with fixes noted in Thunderbird updates (e.g., Thunderbird 60.9.0) and Firefox/ESR advisories addre...

4.3CVSS5.9AI score0.01798EPSS
cve
cve
added 2020/03/02 4:5 a.m.318 views

CVE-2020-6797

CVE-2020-6797 describes a macOS-specific issue where downloading a file with the .fileloc extension could cause a semi-privileged extension to launch an arbitrary application on the user’s Mac. The attacker is constrained by the ability to download only quarantined files and cannot pass command-l...

4.3CVSS5.5AI score0.01442EPSS
cve
cve
added 2021/08/17 7:12 p.m.318 views

CVE-2021-29984

CVE-2021-29984 involves instruction reordering that allowed a GC-related object misevaluation, causing memory corruption and potentially exploitable crashes in Mozilla components. Affected products include Thunderbird and Firefox ESR/Firefox releases prior to 78.13/91; the exploit would require m...

8.8CVSS8.7AI score0.01386EPSS
cve
cve
added 2024/11/26 1:34 p.m.318 views

CVE-2024-11698

CVE-2024-11698 is a macOS-specific fullscreen lock-up in Firefox/Thunderbird when a modal dialog interrupts a fullscreen transition. Affected products are Firefox and Thunderbird desktop releases older than Firefox 133, Firefox ESR 128.5, Thunderbird 133, and Thunderbird ESR 128.5. The issue can ...

9.8CVSS6AI score0.00693EPSS
cve
cve
added 2024/07/09 2:25 p.m.318 views

CVE-2024-6611

In CVE-2024-6611, a nested iframe could trigger cross-site navigation and allow cookies with SameSite=Strict or Lax to be sent. Affected products are Mozilla Firefox and Thunderbird prior to version 128. root cause: improper handling of SameSite cookies in nested iframes; impact includes potentia...

9.8CVSS8.6AI score0.00662EPSS
cve
cve
added 2019/07/23 1:16 p.m.317 views

CVE-2019-11730

CVE-2019-11730 describes a same-origin policy violation where opening a locally saved HTML file could allow file: URIs to access files in the same directory or subdirectories, enabling the Fetch API to read contents and potentially exfiltrate them. The issue affects Firefox ESR < 60.8, Firefox...

6.5CVSS6.9AI score0.20271EPSS
cve
cve
added 2024/06/11 12:40 p.m.317 views

CVE-2024-5692

The CVE-2024-5692 entry affects Mozilla Firefox and Thunderbird on Windows 10, where the Save As flow could bypass filename extension restrictions by including an invalid character in the extension, enabling saving with a disallowed extension like .url. Connected Mozilla advisories (MFSA) corrobo...

6.5CVSS5.4AI score0.0062EPSS
cve
cve
added 2024/07/09 2:25 p.m.317 views

CVE-2024-6607

CVE-2024-6607 affects Mozilla Firefox (pre-128) and Mozilla Thunderbird (pre-128). The issue allows a user flow disruption where a user can be prevented from exiting pointerlock by pressing Escape and can overlay customValidity notifications from a element over permission prompts, potentially co...

8.8CVSS8.6AI score0.00563EPSS
cve
cve
added 2025/01/07 4:7 p.m.317 views

CVE-2025-0240

CVE-2025-0240 affects Mozilla Firefox and Thunderbird (Firefox < 134, Firefox ESR < 128.6, Thunderbird < 134, Thunderbird

4CVSS6.7AI score0.00658EPSS
cve
cve
added 2020/03/25 9:11 p.m.316 views

CVE-2020-6814

CVE-2020-6814 refers to memory-safety bugs in Mozilla Firefox and Thunderbird (68.5 timeframe) with potential to run arbitrary code. Affected products/versions: Thunderbird < 68.6, Firefox < 74, Firefox ESR < 68.6, and Firefox ESR

9.8CVSS9.9AI score0.01823EPSS
cve
cve
added 2024/07/09 2:26 p.m.316 views

CVE-2024-6614

CVE-2024-6614 impacts Mozilla Firefox and Thunderbird before version 128, where the frame iterator could loop when processing certain wasm frames, causing incorrect stack traces. The issue, confirmed in Mozilla advisories, is addressed by upgrading to the 128.* release series (Firefox 128 / Thund...

4.3CVSS8.6AI score0.0037EPSS
cve
cve
added 2019/07/23 1:18 p.m.315 views

CVE-2019-11717

CVE-2019-11717 affects Firefox ESR <60.8, Firefox <68, and Thunderbird

5.3CVSS6.4AI score0.02131EPSS
cve
cve
added 2019/09/27 5:18 p.m.315 views

CVE-2019-11742

CVE-2019-11742 describes a same-origin policy violation enabling theft of cross-origin images via a combination of SVG filters and a element, due to an error in how cached image content is treated. Affected: Firefox versions before 69, Thunderbird before 68.1 (and before 60.9 for ESR branches), ...

6.5CVSS6.9AI score0.01692EPSS
cve
cve
added 2020/01/08 9:23 p.m.315 views

CVE-2019-17011

CVE-2019-17011 : A race condition in DocShell antitracking can cause a use-after-free and potentially crash the process. Affected: Thunderbird < 68.3, Firefox ESR < 68.3, Firefox

7.5CVSS7.7AI score0.01524EPSS
cve
cve
added 2020/05/26 5:1 p.m.315 views

CVE-2020-12392

CVE-2020-12392 is a local vulnerability in Mozilla products where the “Copy as cURL” feature in DevTools network tab could improperly escape HTTP POST data, enabling potential arbitrary local file disclosure when the generated curl command is pasted and run. Affected are Firefox ESR < 68.8, Fi...

5.5CVSS6.4AI score0.00347EPSS
cve
cve
added 2024/11/26 1:33 p.m.315 views

CVE-2024-11696

CVE-2024-11696 describes an Unhandled Exception in Add-on Signature Verification due to how loadManifestFromFile handles invalid/unsupported extension manifests, potentially bypassing enforcement of signature validation for unrelated Firefox/Thunderbird add-ons. Affected software and versions per...

5.4CVSS6.2AI score0.0035EPSS
cve
cve
added 2024/05/14 5:21 p.m.315 views

CVE-2024-4769

CVE-2024-4769 : In Firefox and Thunderbird, Web Workers handling could reveal cross-origin information by distinguishing between responses with the content-type application/javascript vs non-script types. This could lead to information disclosure across origins. Affected products are Firefox befo...

5.9CVSS5.4AI score0.00366EPSS
cve
cve
added 2025/01/07 4:7 p.m.315 views

CVE-2025-0239

CVE-2025-0239 affects Mozilla Firefox and Thunderbird components via Alt-Svc with ALPN: certificates were not properly validated when the original server redirects to an insecure site. Affected versions are Firefox < 134, Firefox ESR < 128.6, Thunderbird < 134, and Thunderbird

4CVSS6.7AI score0.00226EPSS
cve
cve
added 2020/01/08 9:17 p.m.314 views

CVE-2019-17008

CVE-2019-17008 describes a use-after-free vulnerability that can occur during the destruction of nested workers, leading to a potentially exploitable crash. Affected products include Thunderbird < 68.3, Firefox ESR < 68.3, and Firefox

8.8CVSS8.5AI score0.01877EPSS
cve
cve
added 2019/04/26 4:13 p.m.314 views

CVE-2019-9795

CVE-2019-9795 describes a vulnerability in the IonMonkey JIT compiler where a type-confusion could be exploited by malicious JavaScript to trigger a crash. Public references indicate affected products include Thunderbird < 60.6, Firefox ESR < 60.6, and Firefox

9.8CVSS9.1AI score0.01699EPSS
cve
cve
added 2024/11/26 1:33 p.m.314 views

CVE-2024-11693

The CVE-2024-11693 issue is a Windows-only vulnerability in Mozilla Firefox/Thunderbird where the executable warning was not shown when downloading .library-ms files. Affected products and versions are Firefox < 133, Firefox ESR < 128.5, Thunderbird < 133, and Thunderbird

9.8CVSS6.2AI score0.00833EPSS
cve
cve
added 2019/09/27 5:16 p.m.313 views

CVE-2019-11746

CVE-2019-11746 is a use-after-free in video element handling that can cause a crash. Public sources in connected advisories confirm impact on Firefox versions below 69, Thunderbird <68.1 and <60.9 (and ESR branches

8.8CVSS8.8AI score0.01713EPSS
cve
cve
added 2024/06/11 12:40 p.m.313 views

CVE-2024-5693

Offscreen Canvas cross-origin tainting tracked incorrectly, enabling potential access to image data from other sites. Affected: Firefox <127, Firefox ESR <115.12, Thunderbird

6.1CVSS5.2AI score0.00573EPSS
cve
cve
added 2019/02/05 9:0 p.m.312 views

CVE-2018-18500

CVE-2018-18500 is a use-after-free in the HTML5 stream parser when handling custom HTML elements, causing the parser object to be freed while still in use. Affected products include Thunderbird < 60.5, Firefox ESR < 60.5, and Firefox

9.8CVSS7.1AI score0.12658EPSS
cve
cve
added 2019/07/23 1:19 p.m.312 views

CVE-2019-11712

CVE-2019-11712 describes a vulnerability where NPAPI plugins (e.g., Flash) performing POST requests that follow a 308 redirect can bypass CORS, enabling CSRF. Affected products include Mozilla Firefox ESR < 60.8, Firefox < 68, and Thunderbird

8.8CVSS8.8AI score0.01047EPSS
cve
cve
added 2019/07/23 1:23 p.m.312 views

CVE-2019-9819

The CVE-2019-9819 issue is a JavaScript compartment mismatch involving the fetch API that can cause a crash. Affected products include Thunderbird (and Firefox components) with versions below 60.7 for Thunderbird and below 67 for Firefox/Firefox ESR; impact is described as potentially exploitable...

9.8CVSS6.1AI score0.01685EPSS
cve
cve
added 2021/06/24 1:25 p.m.312 views

CVE-2021-23999

CVE-2021-23999 describes a sandbox/privilege issue where a Blob URL loaded via an unusual user interaction could be executed with System Principal privileges, affecting Firefox ESR < 78.10, Thunderbird < 78.10, and Firefox

8.8CVSS6.4AI score0.01279EPSS
cve
cve
added 2024/05/14 5:21 p.m.312 views

CVE-2024-4777

CVE-2024-4777 concerns memory-safety bugs in Firefox 125, Firefox ESR 115.10, and Thunderbird 115.10, potentially allowing arbitrary code execution. Public sources in connected documents confirm affected products and versions: Firefox < 126, Firefox ESR < 115.11, and Thunderbird

8.8CVSS7AI score0.00536EPSS
cve
cve
added 2021/06/24 1:25 p.m.311 views

CVE-2021-23998

CVE-2021-23998 describes a content spoofing vulnerability in Firefox/Thunderbird: through complex navigation involving new windows, an HTTP page could inherit the lock icon from an HTTPS page. Affected products are Firefox ESR < 78.10, Thunderbird < 78.10, and Firefox

6.5CVSS6.3AI score0.00554EPSS
cve
cve
added 2023/06/02 12:0 a.m.311 views

CVE-2023-23601

CVE-2023-23601 is a browser navigation/vulnerability caused by dragging a URL from a cross-origin iframe into the same tab, enabling potential spoofing. Public records confirm impact on Firefox (less than 109) and Firefox ESR (less than 102.7) and Thunderbird (less than 102.7). Multiple advisorie...

6.5CVSS6.6AI score0.00347EPSS
cve
cve
added 2024/07/09 2:25 p.m.311 views

CVE-2024-6609

The CVE-2024-6609 entry concerns NSS memory management: when memory is nearly exhausted, an elliptic curve key that was never allocated could be freed again, potentially enabling memory corruption or related instability. Affected products cited in connected docs include Mozilla Firefox and Mozill...

8.8CVSS8.8AI score0.00576EPSS
cve
cve
added 2019/07/23 1:23 p.m.310 views

CVE-2019-11692

CVE-2019-11692 is a use-after-free in the event listener manager that can occur when listeners are removed while still in use, causing a crash in Thunderbird <=60.6.x/60.7.0, Firefox <=66-67 (and ESR

9.8CVSS6.3AI score0.01603EPSS
cve
cve
added 2023/06/02 12:0 a.m.310 views

CVE-2023-23603

CVE-2023-23603 describes that Regular expressions used to filter forbidden properties/values from style directives in calls to console.log did not account for external URLs, enabling potential data exfiltration from the browser. Affected: Firefox <= 108/109 and Firefox ESR <= 102.7, Thunder...

6.5CVSS7AI score0.00641EPSS
cve
cve
added 2020/05/26 4:58 p.m.309 views

CVE-2020-12395

CVE-2020-12395 refers to memory-safety bugs reported in Mozilla Firefox and Thunderbird. Mozilla noted memory corruption in bugs affecting Firefox 75/ESR 68.7 and stated that with enough effort some bugs could be exploited to run arbitrary code. The vulnerability impacts Firefox ESR < 68.8, Fi...

10CVSS9.8AI score0.02259EPSS
Total number of security vulnerabilities1214