Lucene search
+L

1214 matches found

CVE
CVE
added 2020/05/26 4:58 p.m.309 views

CVE-2020-12395

CVE-2020-12395 refers to memory-safety bugs reported in Mozilla Firefox and Thunderbird. Mozilla noted memory corruption in bugs affecting Firefox 75/ESR 68.7 and stated that with enough effort some bugs could be exploited to run arbitrary code. The vulnerability impacts Firefox ESR < 68.8, Fi...

10CVSS9.8AI score0.02259EPSS
CVE
CVE
added 2021/03/31 1:40 p.m.309 views

CVE-2021-23987

CVE-2021-23987 corresponds to memory safety bugs reported in Mozilla Firefox (including Firefox ESR 78.8 branch) that could allow memory corruption and potentially arbitrary code execution. The CVE is stated to affect Firefox ESR < 78.9, Firefox < 87, and Thunderbird

8.8CVSS9.1AI score0.01404EPSS
CVE
CVE
added 2021/12/08 9:21 p.m.309 views

CVE-2021-38504

The CVE-2021-38504 issue is a real vulnerability affecting Firefox < 94, Thunderbird < 91.3, and Firefox ESR

8.8CVSS9AI score0.01586EPSS
CVE
CVE
added 2024/11/26 1:33 p.m.309 views

CVE-2024-11692

CVE-2024-11692 describes a spoofing-related issue in Mozilla Firefox/Thunderbird where a select dropdown could be rendered over another tab, causing user confusion. The vulnerability affects Firefox versions before 133, Firefox ESR before 128.5, Thunderbird before 133, and Thunderbird before 128....

4.3CVSS6AI score0.00473EPSS
CVE
CVE
added 2024/07/09 2:25 p.m.309 views

CVE-2024-6610

The CVE-2024-6610 issue is disclosed across multiple sources as a UI vulnerability in Mozilla Firefox and Thunderbird prior to version 128, caused by form validation popups that can capture escape key presses and block exiting full-screen mode. Affected products: Firefox <128 and Thunderbird

6.3CVSS8.6AI score0.00342EPSS
CVE
CVE
added 2020/03/02 4:5 a.m.308 views

CVE-2020-6792

CVE-2020-6792 affects Mozilla Thunderbird prior to 68.5. When deriving an identifier for an email message, uninitialized memory was used in addition to the message contents, a memory-safety issue. The vulnerability is listed against Thunderbird

4.3CVSS5.6AI score0.01299EPSS
CVE
CVE
added 2024/07/09 2:26 p.m.308 views

CVE-2024-6613

CVE-2024-6613 affects Mozilla Firefox and Thunderbird. The issue is a bug in the frame/stack handling, where the frame iterator can loop when encountering certain wasm frames, causing incorrect stack traces. Affected products are Firefox <128 and Thunderbird

5.5CVSS8.6AI score0.00186EPSS
CVE
CVE
added 2025/01/07 4:7 p.m.308 views

CVE-2025-0243

CVE-2025-0243 concerns memory-safety bugs in Mozilla Firefox and Thunderbird. Affected products include Firefox 133 and Thunderbird 133, and their ESR lines (Firefox ESR 128.5, Thunderbird ESR 128.5) with exploitation potential for memory corruption that could allow executing arbitrary code. The ...

5.1CVSS6.9AI score0.00245EPSS
CVE
CVE
added 2019/07/23 1:19 p.m.307 views

CVE-2019-11711

CVE-2019-11711 involves reuse of an inner window that neglects document.domain cross-origin protections, enabling script injection across subdomains. Affected software per connected docs: Firefox ESR < 60.8, Firefox < 68, and Thunderbird

8.8CVSS8.7AI score0.01633EPSS
CVE
CVE
added 2020/03/02 4:5 a.m.307 views

CVE-2020-6794

CVE-2020-6794 (Thunderbird) : The vulnerability occurs when a user who saved passwords before Thunderbird 60 later sets a master password; an unencrypted copy of those passwords remains accessible because the legacy password file isn’t deleted during data migration to the new format introduced in...

6.5CVSS6.8AI score0.00991EPSS
CVE
CVE
added 2020/03/25 9:12 p.m.307 views

CVE-2020-6812

CVE-2020-6812: Affected software includes Thunderbird

5.3CVSS6.6AI score0.01561EPSS
CVE
CVE
added 2021/06/24 1:19 p.m.307 views

CVE-2021-29946

CVE-2021-29946 affects Firefox/Thunderbird components where ports written as an integer overflow beyond 16-bit bounds could bypass port blocking when used in the Alt-Svc header. Connected advisories show the issue is labeled as port blocking bypass (access restriction bypass) with remediation via...

8.8CVSS6.5AI score0.01167EPSS
CVE
CVE
added 2024/08/06 12:38 p.m.307 views

CVE-2024-7526

The connected sources confirm CVE-2024-7526 is an ANGLE initialization bug that could allow an attacker to read uninitialized memory in affected Mozilla products. Affected software include Firefox prior to 129 and Firefox ESR prior to 115.14/128.1, Thunderbird prior to 128.1/115.14, and related c...

7.5CVSS7AI score0.0058EPSS
CVE
CVE
added 2024/08/06 12:38 p.m.307 views

CVE-2024-7527

The CVE-2024-7527 issue (use-after-free at the start of sweeping) affects Firefox <129 and Thunderbird

8.8CVSS8.2AI score0.00607EPSS
CVE
CVE
added 2024/10/29 12:19 p.m.306 views

CVE-2024-10465

The CVE-2024-10465 issue is confirmed in connected advisories: a clipboard “paste” button could persist across browser tabs, enabling spoofing. Affected products/versions include Firefox <132, Firefox ESR <128.4, Thunderbird <128.4, and Thunderbird

7.5CVSS6AI score0.0054EPSS
CVE
CVE
added 2024/07/09 2:25 p.m.306 views

CVE-2024-6608

The CVE-2024-6608 issue affects Mozilla Firefox (and related Thunderbird components) where pointerlock can move the cursor from within an iframe to outside the viewport and even outside the Firefox window. Affected versions are Firefox < 128 and Thunderbird

4.3CVSS8.6AI score0.00377EPSS
CVE
CVE
added 2024/10/01 3:13 p.m.306 views

CVE-2024-9399

CVE-2024-9399 describes a denial-of-service in Firefox/Thunderbird caused by a website initiating a specially crafted WebTransport session that crashes the browser. Affected versions: Firefox before 131 and Firefox ESR before 128.3; Thunderbird before 128.3; Thunderbird before 131. The issue is t...

7.5CVSS6.1AI score0.00491EPSS
CVE
CVE
added 2025/01/07 4:7 p.m.306 views

CVE-2025-0238

CVE-2025-0238 describes a memory-safety issue (use-after-free) caused by a controlled failed memory allocation, potentially leading to a crash in Firefox and Thunderbird before certain versions. Affected products/versions (per connected advisories): Firefox < 134; Firefox ESR < 128.6 (and &...

5.3CVSS6.8AI score0.00811EPSS
CVE
CVE
added 2019/07/23 1:24 p.m.305 views

CVE-2019-9816

Summary: CVE-2019-9816 is a type confusion vulnerability involving manipulation of JavaScript objects in object groups, affecting Mozilla products (Thunderbird and Firefox/Firefox ESR) and specifically related to UnboxedObjects, which are disabled by default on all supported releases. The issue i...

5.9CVSS6AI score0.06175EPSS
CVE
CVE
added 2020/12/09 12:23 a.m.305 views

CVE-2020-26960

CVE-2020-26960 is a use-after-free vulnerability caused by reallocation during Compact() on nsTArray, affecting Firefox <83, Firefox ESR <78.5, and Thunderbird

9.3CVSS8.3AI score0.01544EPSS
CVE
CVE
added 2024/10/29 12:19 p.m.305 views

CVE-2024-10460

The CVE-2024-10460 issue is a data: URL-based spoofing vulnerability in an iframe that obscures the origin of an external protocol handler prompt. Affected: Firefox <132, Firefox ESR <128.4, Thunderbird <128.4, and Thunderbird

5.4CVSS6.3AI score0.00291EPSS
CVE
CVE
added 2024/10/29 12:19 p.m.305 views

CVE-2024-10467

Summary (CVE-2024-10467) Memory-safety bugs in Firefox 131, Firefox ESR 128.3, and Thunderbird 128.3 have shown memory corruption with potential for arbitrary code execution. Affected: Firefox < 132, Firefox ESR < 128.4, Thunderbird < 128.4, and Thunderbird

9.8CVSS7.3AI score0.00595EPSS
CVE
CVE
added 2024/10/29 12:19 p.m.305 views

CVE-2024-10468

CVE-2024-10468 describes potential race conditions in IndexedDB that could cause memory corruption, leading to a potentially exploitable crash. Affected products are Mozilla Firefox and Mozilla Thunderbird earlier than version 132. Multiple connected sources-confirm this same issue across distrib...

9.8CVSS6.3AI score0.00395EPSS
CVE
CVE
added 2024/07/09 2:26 p.m.305 views

CVE-2024-6612

CVE-2024-6612 describes a CSP violation leakage in devtools that caused DNS prefetching to reveal the CSP violation. Credible sources in the provided connected documents show impact on Mozilla Firefox and Thunderbird when running versions older than 128. The vulnerability is an information disclo...

5.3CVSS6.2AI score0.00496EPSS
CVE
CVE
added 2024/10/01 3:13 p.m.305 views

CVE-2024-9402

CVE-2024-9402 concerns memory safety bugs in Firefox 130, Firefox ESR 128.2, and Thunderbird 128.2, with evidence of memory corruption that could potentially be exploited to run arbitrary code. Affected products and versions include Firefox < 131, Firefox ESR < 128.3, Thunderbird < 128.3...

9.8CVSS7.5AI score0.0061EPSS
CVE
CVE
added 2021/02/26 3:28 p.m.304 views

CVE-2021-23978

CVE-2021-23978 affects Mozilla products (Firefox and Thunderbird/Firefox ESR). The connected documents confirm memory safety bugs in Firefox 85 and ESR 78.7, with potential memory corruption that could lead to arbitrary code execution. Impact is described for Firefox < 86, Thunderbird < 78....

8.8CVSS9.1AI score0.0153EPSS
CVE
CVE
added 2024/11/26 1:34 p.m.304 views

CVE-2024-11706

CVE-2024-11706 involves a null pointer dereference in pk12util, specifically in SEC_ASN1DecodeItem_Util, triggered by malformed input. Affected products include Firefox <= 132/133? and Thunderbird <= 132/133? The connected sources consistently cite Firefox and Thunderbird with the vulnerabi...

6.5CVSS6.3AI score0.0047EPSS
CVE
CVE
added 2024/08/06 12:38 p.m.304 views

CVE-2024-7520

CVE-2024-7520 is a type confusion vulnerability in WebAssembly that could enable code execution. The available documents confirm impact on Mozilla Firefox (pre-129 and ESR pre-128.1) and Mozilla Thunderbird (pre-128.1). The underlying issue is a WebAssembly type confusion, with several advisories...

8.8CVSS8.2AI score0.00638EPSS
CVE
CVE
added 2024/10/01 3:13 p.m.304 views

CVE-2024-9396

The CVE-2024-9396 issue is a memory safety concern arising from cloning certain objects via the structured clone algorithm, potentially causing memory corruption. Affected products include Firefox (versions earlier than 131), Firefox ESR (earlier than 128.3), Thunderbird (earlier than 128.3), and...

8.8CVSS6.3AI score0.00549EPSS
CVE
CVE
added 2024/10/01 3:13 p.m.304 views

CVE-2024-9397

CVE-2024-9397 is a concrete issue: a missing delay in the directory upload UI could enable clickjacking to trick users into granting permissions. Affected products include Firefox (versions prior to 131 and ESR prior to 128.3) and Thunderbird (prior to 131/128.3). Connected advisories (ALSA/ALAS)...

6.1CVSS6.3AI score0.00351EPSS
CVE
CVE
added 2021/12/08 9:20 p.m.303 views

CVE-2021-43537

CVE-2021-43537: An incorrect type conversion of sizes from 64-bit to 32-bit integers causes a heap buffer overflow during structured cloning, leading to memory corruption and potentially exploitable crashes. Affected: Firefox before 95 and Thunderbird before 91.4.0. Remediation: upgrade to Firefo...

8.8CVSS8.8AI score0.0202EPSS
CVE
CVE
added 2024/10/29 12:19 p.m.303 views

CVE-2024-10463

CVE-2024-10463 : Video frames could be leaked between origins in certain scenarios. Affected products include Mozilla Firefox and Thunderbird families with versions older than Firefox 132, ESR 128.4/115.17, and Thunderbird 128.4/132.0.1. The connected advisories confirm the issue and provide reme...

7.5CVSS6.3AI score0.00701EPSS
CVE
CVE
added 2024/11/26 1:33 p.m.303 views

CVE-2024-11702

CVE-2024-11702 concerns Mozilla Firefox and Mozilla Thunderbird information disclosure due to insufficient clipboard protection in Android Private Browsing mode. Affected products: Firefox and Thunderbird with versions prior to 133. Root cause: clipboard data (sensitive data such as passwords) co...

7.5CVSS5.7AI score0.00538EPSS
CVE
CVE
added 2020/03/25 9:14 p.m.302 views

CVE-2020-6806

CVE-2020-6806 is a memory-safety bug causing an out-of-bounds read during promise resolution that could lead to memory corruption and a potentially exploitable crash. The vulnerability affects Thunderbird < 68.6, Firefox < 74, Firefox ESR < 68.6, and Firefox ESR

8.8CVSS9AI score0.02543EPSS
CVE
CVE
added 2020/04/24 3:54 p.m.302 views

CVE-2020-6822

CVE-2020-6822 is an out-of-bounds write in GMPDecodeData when processing images larger than 4 GB on 32-bit builds, potentially allowing arbitrary code execution. Affected products include Thunderbird and Firefox (Thunderbird < 68.7.0, Firefox ESR < 68.7, Firefox

8.8CVSS8.9AI score0.01293EPSS
CVE
CVE
added 2024/11/26 1:33 p.m.302 views

CVE-2024-11695

CVE-2024-11695 describes a spoofing vulnerability in Mozilla Firefox and Thunderbird where a crafted URL containing Arabic script and whitespace could hide the page’s true origin, enabling spoofing. Affected versions: Firefox < 133 and Firefox ESR < 128.5; Thunderbird < 133 and Thunderbird

5.4CVSS6.1AI score0.00444EPSS
CVE
CVE
added 2024/11/26 1:33 p.m.302 views

CVE-2024-11700

The CVE-2024-11700 issue concerns Firefox and Thunderbird with versions earlier than 133, where tapjacking could let malicious sites synthesize user intent confirmations to launch external applications. This is described across multiple connected advisories (e.g., Gentoo GLSA references and Alpin...

8.1CVSS7.5AI score0.00488EPSS
CVE
CVE
added 2024/11/26 1:34 p.m.302 views

CVE-2024-11705

The CVE-2024-11705 issue is due to NSC_DeriveKey assuming phKey is non-NULL; passing NULL leads to a segmentation fault (crash). Affected products reported across sources include Firefox and Thunderbird prior to version 133. The vulnerability description and linked advisories indicate this NULL d...

9.1CVSS6.2AI score0.00659EPSS
CVE
CVE
added 2019/02/05 9:0 p.m.301 views

CVE-2018-18501

CVE-2018-18501 corresponds to multiple memory-safety issues in Mozilla products, affecting Thunderbird < 60.5, Firefox ESR < 60.5, and Firefox

9.8CVSS8AI score0.03466EPSS
CVE
CVE
added 2019/07/23 1:21 p.m.301 views

CVE-2019-11698

CVE-2019-11698 concerns theft of browser history via drag-and-drop of crafted hyperlinks to bookmarks that are dragged into web content. Public documents confirm affected products and versions: Thunderbird < 60.7, Firefox < 67, and Firefox ESR

5.3CVSS5.6AI score0.01392EPSS
CVE
CVE
added 2019/07/23 1:26 p.m.301 views

CVE-2019-9811

CVE-2019-9811 corresponds to a sandbox-escape vulnerability demonstrated in a Pwn2Own entry. The issue affects Mozilla products: Firefox ESR before 60.8, Firefox before 68, and Thunderbird before 60.8, with a malicious language-pack installation used to compromise the translation feature to escap...

8.3CVSS8.6AI score0.02574EPSS
CVE
CVE
added 2024/08/06 12:38 p.m.301 views

CVE-2024-7521

CVE-2024-7521 is a Firefox/Thunderbird vulnerability caused by incomplete WebAssembly exception handling that could lead to a use-after-free and memory corruption. Affected: Firefox <129, ESR <115.14, ESR <128.1, Thunderbird <128.1, Thunderbird

9.8CVSS8.7AI score0.00616EPSS
CVE
CVE
added 2021/06/24 1:20 p.m.300 views

CVE-2021-24002

CVE-2021-24002 is a vulnerability observed in Firefox before 88 and Thunderbird before 78.10 where clicking an FTP URL containing encoded newline characters (%0A, %0D) could cause the server to interpret newlines and execute arbitrary commands. Affected products include Firefox ESR < 78.10, Fi...

8.8CVSS6.5AI score0.01218EPSS
CVE
CVE
added 2024/08/06 12:38 p.m.300 views

CVE-2024-7522

Concrete details from connected documents show CVE-2024-7522: an editor component failed to check an attribute value, causing an out-of-bounds read. Affected products include Firefox (versions before 129) and Thunderbird (before 128.1/115.14 ESR). The issue is consistent with Mozilla advisories a...

9.1CVSS8.9AI score0.00634EPSS
CVE
CVE
added 2024/10/01 3:13 p.m.300 views

CVE-2024-9394

CVE-2024-9394 describes a cross-origin information disclosure in Mozilla Firefox/Thunderbird via specially crafted multipart responses that can execute JavaScript under resource://devtools. Desktop Site Isolation limits cross-origin access, but Android versions may enable full cross-origin access...

7.5CVSS6.5AI score0.00487EPSS
CVE
CVE
added 2019/07/23 1:22 p.m.299 views

CVE-2019-11693

CVE-2019-11693 describes a Linux-specific buffer overflow in WebGL’s bufferdata, affecting Thunderbird and Firefox (Thunderbird <60.7, Firefox <67, ESR

9.8CVSS6.5AI score0.02408EPSS
CVE
CVE
added 2020/01/08 9:14 p.m.299 views

CVE-2019-17005

The CVE-2019-17005 issue is a memory safety vulnerability in Mozilla’s plain text serializer where a fixed-size array for the number of elements could overflow, causing memory corruption and a potentially exploitable crash. Affected products include Thunderbird, Firefox ESR, and Firefox (all ver...

8.8CVSS8.7AI score0.01892EPSS
CVE
CVE
added 2021/02/26 2:5 a.m.299 views

CVE-2021-23960

CVE-2021-23960 is corroborated by connected documents: a memory-safety issue in Firefox/Thunderbird where garbage collection on re-declared JavaScript variables can cause a use-after-poison and potentially crash the process. Affected versions are Firefox < 85, Thunderbird < 78.7, and Firefo...

8.8CVSS8.2AI score0.01196EPSS
CVE
CVE
added 2024/10/29 12:19 p.m.299 views

CVE-2024-10462

CVE-2024-10462 describes a truncation of long URLs that could allow origin spoofing in a permission prompt for Mozilla Firefox and Thunderbird. The connected documents confirm affected products and versions: Firefox and Firefox ESR up to certain releases (Firefox < 132; ESR < 128.4), Thunde...

7.5CVSS6.1AI score0.0054EPSS
CVE
CVE
added 2024/11/26 1:34 p.m.299 views

CVE-2024-11708

The CVE-2024-11708 entry concerns Firefox and Thunderbird: a missing thread synchronization primitive could cause a data race in the PlaybackParams structure, affecting Firefox < 133 and Thunderbird

6.5CVSS6.1AI score0.00337EPSS
Total number of security vulnerabilities1214