1214 matches found
CVE-2020-12395
CVE-2020-12395 refers to memory-safety bugs reported in Mozilla Firefox and Thunderbird. Mozilla noted memory corruption in bugs affecting Firefox 75/ESR 68.7 and stated that with enough effort some bugs could be exploited to run arbitrary code. The vulnerability impacts Firefox ESR < 68.8, Fi...
CVE-2021-23987
CVE-2021-23987 corresponds to memory safety bugs reported in Mozilla Firefox (including Firefox ESR 78.8 branch) that could allow memory corruption and potentially arbitrary code execution. The CVE is stated to affect Firefox ESR < 78.9, Firefox < 87, and Thunderbird
CVE-2024-6610
The CVE-2024-6610 issue is disclosed across multiple sources as a UI vulnerability in Mozilla Firefox and Thunderbird prior to version 128, caused by form validation popups that can capture escape key presses and block exiting full-screen mode. Affected products: Firefox <128 and Thunderbird
CVE-2020-6792
CVE-2020-6792 affects Mozilla Thunderbird prior to 68.5. When deriving an identifier for an email message, uninitialized memory was used in addition to the message contents, a memory-safety issue. The vulnerability is listed against Thunderbird
CVE-2021-38504
The CVE-2021-38504 issue is a real vulnerability affecting Firefox < 94, Thunderbird < 91.3, and Firefox ESR
CVE-2024-11692
CVE-2024-11692 describes a spoofing-related issue in Mozilla Firefox/Thunderbird where a select dropdown could be rendered over another tab, causing user confusion. The vulnerability affects Firefox versions before 133, Firefox ESR before 128.5, Thunderbird before 133, and Thunderbird before 128....
CVE-2024-6613
CVE-2024-6613 affects Mozilla Firefox and Thunderbird. The issue is a bug in the frame/stack handling, where the frame iterator can loop when encountering certain wasm frames, causing incorrect stack traces. Affected products are Firefox <128 and Thunderbird
CVE-2025-0243
CVE-2025-0243 concerns memory-safety bugs in Mozilla Firefox and Thunderbird. Affected products include Firefox 133 and Thunderbird 133, and their ESR lines (Firefox ESR 128.5, Thunderbird ESR 128.5) with exploitation potential for memory corruption that could allow executing arbitrary code. The ...
CVE-2019-11711
CVE-2019-11711 involves reuse of an inner window that neglects document.domain cross-origin protections, enabling script injection across subdomains. Affected software per connected docs: Firefox ESR < 60.8, Firefox < 68, and Thunderbird
CVE-2020-6812
CVE-2020-6812: Affected software includes Thunderbird
CVE-2021-29946
CVE-2021-29946 affects Firefox/Thunderbird components where ports written as an integer overflow beyond 16-bit bounds could bypass port blocking when used in the Alt-Svc header. Connected advisories show the issue is labeled as port blocking bypass (access restriction bypass) with remediation via...
CVE-2024-7526
The connected sources confirm CVE-2024-7526 is an ANGLE initialization bug that could allow an attacker to read uninitialized memory in affected Mozilla products. Affected software include Firefox prior to 129 and Firefox ESR prior to 115.14/128.1, Thunderbird prior to 128.1/115.14, and related c...
CVE-2024-7527
The CVE-2024-7527 issue (use-after-free at the start of sweeping) affects Firefox <129 and Thunderbird
CVE-2020-6794
CVE-2020-6794 (Thunderbird) : The vulnerability occurs when a user who saved passwords before Thunderbird 60 later sets a master password; an unencrypted copy of those passwords remains accessible because the legacy password file isn’t deleted during data migration to the new format introduced in...
CVE-2024-10465
The CVE-2024-10465 issue is confirmed in connected advisories: a clipboard “paste” button could persist across browser tabs, enabling spoofing. Affected products/versions include Firefox <132, Firefox ESR <128.4, Thunderbird <128.4, and Thunderbird
CVE-2024-6608
The CVE-2024-6608 issue affects Mozilla Firefox (and related Thunderbird components) where pointerlock can move the cursor from within an iframe to outside the viewport and even outside the Firefox window. Affected versions are Firefox < 128 and Thunderbird
CVE-2024-9399
CVE-2024-9399 describes a denial-of-service in Firefox/Thunderbird caused by a website initiating a specially crafted WebTransport session that crashes the browser. Affected versions: Firefox before 131 and Firefox ESR before 128.3; Thunderbird before 128.3; Thunderbird before 131. The issue is t...
CVE-2025-0238
CVE-2025-0238 describes a memory-safety issue (use-after-free) caused by a controlled failed memory allocation, potentially leading to a crash in Firefox and Thunderbird before certain versions. Affected products/versions (per connected advisories): Firefox < 134; Firefox ESR < 128.6 (and &...
CVE-2020-26960
CVE-2020-26960 is a use-after-free vulnerability caused by reallocation during Compact() on nsTArray, affecting Firefox <83, Firefox ESR <78.5, and Thunderbird
CVE-2024-10468
CVE-2024-10468 describes potential race conditions in IndexedDB that could cause memory corruption, leading to a potentially exploitable crash. Affected products are Mozilla Firefox and Mozilla Thunderbird earlier than version 132. Multiple connected sources-confirm this same issue across distrib...
CVE-2024-6612
CVE-2024-6612 describes a CSP violation leakage in devtools that caused DNS prefetching to reveal the CSP violation. Credible sources in the provided connected documents show impact on Mozilla Firefox and Thunderbird when running versions older than 128. The vulnerability is an information disclo...
CVE-2019-9816
Summary: CVE-2019-9816 is a type confusion vulnerability involving manipulation of JavaScript objects in object groups, affecting Mozilla products (Thunderbird and Firefox/Firefox ESR) and specifically related to UnboxedObjects, which are disabled by default on all supported releases. The issue i...
CVE-2021-23978
CVE-2021-23978 affects Mozilla products (Firefox and Thunderbird/Firefox ESR). The connected documents confirm memory safety bugs in Firefox 85 and ESR 78.7, with potential memory corruption that could lead to arbitrary code execution. Impact is described for Firefox < 86, Thunderbird < 78....
CVE-2024-10460
The CVE-2024-10460 issue is a data: URL-based spoofing vulnerability in an iframe that obscures the origin of an external protocol handler prompt. Affected: Firefox <132, Firefox ESR <128.4, Thunderbird <128.4, and Thunderbird
CVE-2024-10467
Summary (CVE-2024-10467) Memory-safety bugs in Firefox 131, Firefox ESR 128.3, and Thunderbird 128.3 have shown memory corruption with potential for arbitrary code execution. Affected: Firefox < 132, Firefox ESR < 128.4, Thunderbird < 128.4, and Thunderbird
CVE-2024-7520
CVE-2024-7520 is a type confusion vulnerability in WebAssembly that could enable code execution. The available documents confirm impact on Mozilla Firefox (pre-129 and ESR pre-128.1) and Mozilla Thunderbird (pre-128.1). The underlying issue is a WebAssembly type confusion, with several advisories...
CVE-2024-9396
The CVE-2024-9396 issue is a memory safety concern arising from cloning certain objects via the structured clone algorithm, potentially causing memory corruption. Affected products include Firefox (versions earlier than 131), Firefox ESR (earlier than 128.3), Thunderbird (earlier than 128.3), and...
CVE-2024-9397
CVE-2024-9397 is a concrete issue: a missing delay in the directory upload UI could enable clickjacking to trick users into granting permissions. Affected products include Firefox (versions prior to 131 and ESR prior to 128.3) and Thunderbird (prior to 131/128.3). Connected advisories (ALSA/ALAS)...
CVE-2024-9402
CVE-2024-9402 concerns memory safety bugs in Firefox 130, Firefox ESR 128.2, and Thunderbird 128.2, with evidence of memory corruption that could potentially be exploited to run arbitrary code. Affected products and versions include Firefox < 131, Firefox ESR < 128.3, Thunderbird < 128.3...
CVE-2021-43537
CVE-2021-43537: An incorrect type conversion of sizes from 64-bit to 32-bit integers causes a heap buffer overflow during structured cloning, leading to memory corruption and potentially exploitable crashes. Affected: Firefox before 95 and Thunderbird before 91.4.0. Remediation: upgrade to Firefo...
CVE-2024-10463
CVE-2024-10463 : Video frames could be leaked between origins in certain scenarios. Affected products include Mozilla Firefox and Thunderbird families with versions older than Firefox 132, ESR 128.4/115.17, and Thunderbird 128.4/132.0.1. The connected advisories confirm the issue and provide reme...
CVE-2024-11702
CVE-2024-11702 concerns Mozilla Firefox and Mozilla Thunderbird information disclosure due to insufficient clipboard protection in Android Private Browsing mode. Affected products: Firefox and Thunderbird with versions prior to 133. Root cause: clipboard data (sensitive data such as passwords) co...
CVE-2024-11706
CVE-2024-11706 involves a null pointer dereference in pk12util, specifically in SEC_ASN1DecodeItem_Util, triggered by malformed input. Affected products include Firefox <= 132/133? and Thunderbird <= 132/133? The connected sources consistently cite Firefox and Thunderbird with the vulnerabi...
CVE-2020-6806
CVE-2020-6806 is a memory-safety bug causing an out-of-bounds read during promise resolution that could lead to memory corruption and a potentially exploitable crash. The vulnerability affects Thunderbird < 68.6, Firefox < 74, Firefox ESR < 68.6, and Firefox ESR
CVE-2020-6822
CVE-2020-6822 is an out-of-bounds write in GMPDecodeData when processing images larger than 4 GB on 32-bit builds, potentially allowing arbitrary code execution. Affected products include Thunderbird and Firefox (Thunderbird < 68.7.0, Firefox ESR < 68.7, Firefox
CVE-2024-11695
CVE-2024-11695 describes a spoofing vulnerability in Mozilla Firefox and Thunderbird where a crafted URL containing Arabic script and whitespace could hide the page’s true origin, enabling spoofing. Affected versions: Firefox < 133 and Firefox ESR < 128.5; Thunderbird < 133 and Thunderbird
CVE-2024-11700
The CVE-2024-11700 issue concerns Firefox and Thunderbird with versions earlier than 133, where tapjacking could let malicious sites synthesize user intent confirmations to launch external applications. This is described across multiple connected advisories (e.g., Gentoo GLSA references and Alpin...
CVE-2024-11705
The CVE-2024-11705 issue is due to NSC_DeriveKey assuming phKey is non-NULL; passing NULL leads to a segmentation fault (crash). Affected products reported across sources include Firefox and Thunderbird prior to version 133. The vulnerability description and linked advisories indicate this NULL d...
CVE-2019-11698
CVE-2019-11698 concerns theft of browser history via drag-and-drop of crafted hyperlinks to bookmarks that are dragged into web content. Public documents confirm affected products and versions: Thunderbird < 60.7, Firefox < 67, and Firefox ESR
CVE-2019-9811
CVE-2019-9811 corresponds to a sandbox-escape vulnerability demonstrated in a Pwn2Own entry. The issue affects Mozilla products: Firefox ESR before 60.8, Firefox before 68, and Thunderbird before 60.8, with a malicious language-pack installation used to compromise the translation feature to escap...
CVE-2024-7521
CVE-2024-7521 is a Firefox/Thunderbird vulnerability caused by incomplete WebAssembly exception handling that could lead to a use-after-free and memory corruption. Affected: Firefox <129, ESR <115.14, ESR <128.1, Thunderbird <128.1, Thunderbird
CVE-2018-18501
CVE-2018-18501 corresponds to multiple memory-safety issues in Mozilla products, affecting Thunderbird < 60.5, Firefox ESR < 60.5, and Firefox
CVE-2021-24002
CVE-2021-24002 is a vulnerability observed in Firefox before 88 and Thunderbird before 78.10 where clicking an FTP URL containing encoded newline characters (%0A, %0D) could cause the server to interpret newlines and execute arbitrary commands. Affected products include Firefox ESR < 78.10, Fi...
CVE-2024-7522
Concrete details from connected documents show CVE-2024-7522: an editor component failed to check an attribute value, causing an out-of-bounds read. Affected products include Firefox (versions before 129) and Thunderbird (before 128.1/115.14 ESR). The issue is consistent with Mozilla advisories a...
CVE-2024-9394
CVE-2024-9394 describes a cross-origin information disclosure in Mozilla Firefox/Thunderbird via specially crafted multipart responses that can execute JavaScript under resource://devtools. Desktop Site Isolation limits cross-origin access, but Android versions may enable full cross-origin access...
CVE-2019-11693
CVE-2019-11693 describes a Linux-specific buffer overflow in WebGL’s bufferdata, affecting Thunderbird and Firefox (Thunderbird <60.7, Firefox <67, ESR
CVE-2019-17005
The CVE-2019-17005 issue is a memory safety vulnerability in Mozilla’s plain text serializer where a fixed-size array for the number of elements could overflow, causing memory corruption and a potentially exploitable crash. Affected products include Thunderbird, Firefox ESR, and Firefox (all ver...
CVE-2021-23960
CVE-2021-23960 is corroborated by connected documents: a memory-safety issue in Firefox/Thunderbird where garbage collection on re-declared JavaScript variables can cause a use-after-poison and potentially crash the process. Affected versions are Firefox < 85, Thunderbird < 78.7, and Firefo...
CVE-2024-10462
CVE-2024-10462 describes a truncation of long URLs that could allow origin spoofing in a permission prompt for Mozilla Firefox and Thunderbird. The connected documents confirm affected products and versions: Firefox and Firefox ESR up to certain releases (Firefox < 132; ESR < 128.4), Thunde...
CVE-2024-11708
The CVE-2024-11708 entry concerns Firefox and Thunderbird: a missing thread synchronization primitive could cause a data race in the PlaybackParams structure, affecting Firefox < 133 and Thunderbird