Lucene search

K

1376 matches found

CVE
CVE
added 2020/08/10 6:15 p.m.220 views

CVE-2020-15659

Mozilla developers and community members reported memory safety bugs present in Firefox 78 and Firefox ESR 78.0. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects F...

9.3CVSS9.2AI score0.0078EPSS
CVE
CVE
added 2022/12/22 8:15 p.m.220 views

CVE-2021-4140

It was possible to construct specific XSLT markup that would be able to bypass an iframe sandbox. This vulnerability affects Firefox ESR < 91.5, Firefox < 96, and Thunderbird < 91.5.

10CVSS8.8AI score0.00053EPSS
CVE
CVE
added 2024/07/09 3:15 p.m.220 views

CVE-2024-6609

When almost out-of-memory an elliptic curve key which was never allocated could have been freed again. This vulnerability affects Firefox < 128 and Thunderbird < 128.

8.8CVSS8.8AI score0.00205EPSS
CVE
CVE
added 2025/02/04 2:15 p.m.220 views

CVE-2025-1012

A race during concurrent delazification could have led to a use-after-free. This vulnerability affects Firefox < 135, Firefox ESR < 115.20, Firefox ESR < 128.7, Thunderbird < 128.7, and Thunderbird < 135.

9.8CVSS6.1AI score0.00176EPSS
CVE
CVE
added 2020/08/10 6:15 p.m.219 views

CVE-2020-15652

By observing the stack trace for JavaScript errors in web workers, it was possible to leak the result of a cross-origin redirect. This applied only to content that can be parsed as script. This vulnerability affects Firefox < 79, Firefox ESR < 68.11, Firefox ESR < 78.1, Thunderbird < 68...

6.5CVSS6.6AI score0.00703EPSS
CVE
CVE
added 2020/08/10 6:15 p.m.219 views

CVE-2020-15656

JIT optimizations involving the Javascript arguments object could confuse later optimizations. This risk was already mitigated by various precautions in the code, resulting in this bug rated at only moderate severity. This vulnerability affects Firefox ESR < 78.1, Firefox < 79, and Thunderbir...

9.3CVSS7.8AI score0.00669EPSS
CVE
CVE
added 2021/01/07 2:15 p.m.219 views

CVE-2020-35111

When an extension with the proxy permission registered to receive <all_urls>, the proxy.onRequest callback was not triggered for view-source URLs. While web content cannot navigate to such URLs, a user opening View Source could have inadvertently leaked their IP address. This vulnerability af...

4.3CVSS5.6AI score0.00455EPSS
CVE
CVE
added 2024/11/26 2:15 p.m.219 views

CVE-2024-11696

The application failed to account for exceptions thrown by the loadManifestFromFile method during add-on signature verification. This flaw, triggered by an invalid or unsupported extension manifest, could have caused runtime errors that disrupted the signature validation process. As a result, the e...

5.4CVSS6.2AI score0.00064EPSS
CVE
CVE
added 2024/07/09 3:15 p.m.219 views

CVE-2024-6613

The frame iterator could get stuck in a loop when encountering certain wasm frames leading to incorrect stack traces. This vulnerability affects Firefox < 128 and Thunderbird < 128.

5.5CVSS8.6AI score0.00029EPSS
CVE
CVE
added 2024/10/01 4:15 p.m.219 views

CVE-2024-9401

Memory safety bugs present in Firefox 130, Firefox ESR 115.15, Firefox ESR 128.2, and Thunderbird 128.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox &...

9.8CVSS7.5AI score0.00682EPSS
CVE
CVE
added 2025/01/07 4:15 p.m.219 views

CVE-2025-0240

Parsing a JavaScript module as JSON could, under some circumstances, cause cross-compartment access, which may result in a use-after-free. This vulnerability affects Firefox < 134, Firefox ESR < 128.6, Thunderbird < 134, and Thunderbird < 128.6.

4CVSS5.5AI score0.00047EPSS
CVE
CVE
added 2020/01/08 8:15 p.m.218 views

CVE-2019-11758

Mozilla community member Philipp reported a memory safety bug present in Firefox 68 when 360 Total Security was installed. This bug showed evidence of memory corruption in the accessibility engine and we presume that with enough effort that it could be exploited to run arbitrary code. This vulnerab...

8.8CVSS8.6AI score0.00817EPSS
CVE
CVE
added 2020/07/09 3:15 p.m.218 views

CVE-2020-12417

Due to confusion about ValueTags on JavaScript Objects, an object may pass through the type barrier, resulting in memory corruption and a potentially exploitable crash. Note: this issue only affects Firefox on ARM64 platforms. This vulnerability affects Firefox ESR < 68.10, Firefox < 78, and ...

9.3CVSS8.4AI score0.00757EPSS
CVE
CVE
added 2020/12/09 1:15 a.m.218 views

CVE-2020-26951

A parsing and event loading mismatch in Firefox's SVG code could have allowed load events to fire, even after sanitization. An attacker already capable of exploiting an XSS vulnerability in privileged internal pages could have used this attack to bypass our built-in sanitizer. This vulnerability af...

6.1CVSS6.5AI score0.00188EPSS
CVE
CVE
added 2021/06/24 2:15 p.m.218 views

CVE-2021-29957

If a MIME encoded email contains an OpenPGP inline signed or encrypted message part, but also contains an additional unprotected part, Thunderbird did not indicate that only parts of the message are protected. This vulnerability affects Thunderbird < 78.10.2.

4.3CVSS5.7AI score0.00305EPSS
CVE
CVE
added 2024/11/26 2:15 p.m.218 views

CVE-2024-11705

NSC_DeriveKey inadvertently assumed that the phKey parameter is always non-NULL. When it was passed as NULL, a segmentation fault (SEGV) occurred, leading to crashes. This behavior conflicted with the PKCS#11 v3.0 specification, which allows phKey to be NULL for certain mechanisms. This vulnerabili...

9.1CVSS6.2AI score0.00224EPSS
CVE
CVE
added 2024/07/09 3:15 p.m.218 views

CVE-2024-6614

The frame iterator could get stuck in a loop when encountering certain wasm frames leading to incorrect stack traces. This vulnerability affects Firefox < 128 and Thunderbird < 128.

4.3CVSS8.6AI score0.00067EPSS
CVE
CVE
added 2025/01/07 4:15 p.m.218 views

CVE-2025-0238

Assuming a controlled failed memory allocation, an attacker could have caused a use-after-free, leading to a potentially exploitable crash. This vulnerability affects Firefox < 134, Firefox ESR < 128.6, Firefox ESR < 115.19, Thunderbird < 134, and Thunderbird < 128.6.

5.3CVSS5.4AI score0.00182EPSS
CVE
CVE
added 2025/02/04 2:15 p.m.218 views

CVE-2025-1014

Certificate length was not properly checked when added to a certificate store. In practice only trusted data was processed. This vulnerability affects Firefox < 135, Firefox ESR < 128.7, Thunderbird < 128.7, and Thunderbird < 135.

8.8CVSS6.1AI score0.00076EPSS
CVE
CVE
added 2019/04/26 5:29 p.m.217 views

CVE-2019-9793

A mechanism was discovered that removes some bounds checking for string, array, or typed array accesses if Spectre mitigations have been disabled. This vulnerability could allow an attacker to create an arbitrary value in compiled JavaScript, for which the range analysis will infer a fully controll...

5.9CVSS7.1AI score0.00314EPSS
CVE
CVE
added 2020/07/09 3:15 p.m.217 views

CVE-2020-12398

If Thunderbird is configured to use STARTTLS for an IMAP server, and the server sends a PREAUTH response, then Thunderbird will continue with an unencrypted connection, causing email data to be sent without protection. This vulnerability affects Thunderbird < 68.9.0.

7.5CVSS7.4AI score0.00245EPSS
CVE
CVE
added 2024/11/26 2:15 p.m.217 views

CVE-2024-11693

The executable file warning was not presented when downloading .library-ms files.Note: This issue only affected Windows operating systems. Other operating systems are unaffected. This vulnerability affects Firefox < 133, Firefox ESR < 128.5, Thunderbird < 133, and Thunderbird < 128.5.

9.8CVSS6.2AI score0.00291EPSS
CVE
CVE
added 2024/08/06 1:15 p.m.217 views

CVE-2024-7526

ANGLE failed to initialize parameters which lead to reading from uninitialized memory. This could be leveraged to leak sensitive data from memory. This vulnerability affects Firefox < 129, Firefox ESR < 115.14, Firefox ESR < 128.1, Thunderbird < 128.1, and Thunderbird < 115.14.

7.5CVSS7AI score0.00241EPSS
CVE
CVE
added 2024/10/29 1:15 p.m.216 views

CVE-2024-10466

By sending a specially crafted push message, a remote server could have hung the parent process, causing the browser to become unresponsive. This vulnerability affects Firefox < 132, Firefox ESR < 128.4, Thunderbird < 128.4, and Thunderbird < 132.

7.5CVSS6.2AI score0.00563EPSS
CVE
CVE
added 2021/01/07 2:15 p.m.215 views

CVE-2020-26971

Certain blit values provided by the user were not properly constrained leading to a heap buffer overflow on some video drivers. This vulnerability affects Firefox < 84, Thunderbird < 78.6, and Firefox ESR < 78.6.

8.8CVSS8.3AI score0.00874EPSS
CVE
CVE
added 2024/10/29 1:15 p.m.215 views

CVE-2024-10458

A permission leak could have occurred from a trusted site to an untrusted site via embed or object elements. This vulnerability affects Firefox < 132, Firefox ESR < 128.4, Firefox ESR < 115.17, Thunderbird < 128.4, and Thunderbird < 132.

7.5CVSS6AI score0.00158EPSS
CVE
CVE
added 2024/07/09 3:15 p.m.215 views

CVE-2024-6610

Form validation popups could capture escape key presses. Therefore, spamming form validation messages could be used to prevent users from exiting full-screen mode. This vulnerability affects Firefox < 128 and Thunderbird < 128.

6.3CVSS8.6AI score0.00151EPSS
CVE
CVE
added 2024/07/09 3:15 p.m.215 views

CVE-2024-6612

CSP violations generated links in the console tab of the developer tools, pointing to the violating resource. This caused a DNS prefetch which leaked that a CSP violation happened. This vulnerability affects Firefox < 128 and Thunderbird < 128.

5.3CVSS6.2AI score0.00054EPSS
CVE
CVE
added 2024/09/03 1:15 p.m.215 views

CVE-2024-8385

A difference in the handling of StructFields and ArrayTypes in WASM could be used to trigger an exploitable type confusion vulnerability. This vulnerability affects Firefox < 130, Firefox ESR < 128.2, and Thunderbird < 128.2.

9.8CVSS8.7AI score0.00606EPSS
CVE
CVE
added 2020/01/08 8:15 p.m.214 views

CVE-2019-11763

Failure to correctly handle null bytes when processing HTML entities resulted in Firefox incorrectly parsing these entities. This could have led to HTML comment text being treated as HTML which could have led to XSS in a web application under certain conditions. It could have also led to HTML entit...

6.1CVSS6.5AI score0.01133EPSS
CVE
CVE
added 2021/12/08 10:15 p.m.214 views

CVE-2021-38508

By displaying a form validity message in the correct location at the same time as a permission prompt (such as for geolocation), the validity message could have obscured the prompt, resulting in the user potentially being tricked into granting the permission. This vulnerability affects Firefox <...

4.3CVSS6.1AI score0.00384EPSS
CVE
CVE
added 2019/02/28 6:29 p.m.213 views

CVE-2018-18498

A potential vulnerability leading to an integer overflow can occur during buffer size calculations for images when a raw value is used instead of the checked value. This leads to a possible out-of-bounds write. This vulnerability affects Thunderbird < 60.4, Firefox ESR < 60.4, and Firefox &lt...

9.8CVSS7.4AI score0.02443EPSS
CVE
CVE
added 2020/10/01 7:15 p.m.213 views

CVE-2020-15673

Mozilla developers reported memory safety bugs present in Firefox 80 and Firefox ESR 78.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 81, Thunde...

8.8CVSS9.1AI score0.00869EPSS
CVE
CVE
added 2021/12/08 10:15 p.m.213 views

CVE-2021-43539

Failure to correctly record the location of live pointers across wasm instance calls resulted in a GC occurring within the call not tracing those live pointers. This could have led to a use-after-free causing a potentially exploitable crash. This vulnerability affects Thunderbird < 91.4.0, Firef...

8.8CVSS8.9AI score0.00526EPSS
CVE
CVE
added 2024/10/29 1:15 p.m.213 views

CVE-2024-10465

A clipboard "paste" button could persist across tabs which allowed a spoofing attack. This vulnerability affects Firefox < 132, Firefox ESR < 128.4, Thunderbird < 128.4, and Thunderbird < 132.

7.5CVSS6AI score0.00148EPSS
CVE
CVE
added 2024/10/29 1:15 p.m.213 views

CVE-2024-10467

Memory safety bugs present in Firefox 131, Firefox ESR 128.3, and Thunderbird 128.3. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 132, Firefox ESR...

9.8CVSS7.3AI score0.00253EPSS
CVE
CVE
added 2024/11/26 2:15 p.m.213 views

CVE-2024-11702

Copying sensitive information from Private Browsing tabs on Android, such as passwords, may have inadvertently stored data in the cloud-based clipboard history if enabled. This vulnerability affects Firefox < 133 and Thunderbird < 133.

7.5CVSS5.7AI score0.00105EPSS
CVE
CVE
added 2024/07/09 3:15 p.m.213 views

CVE-2024-6608

It was possible to move the cursor using pointerlock from an iframe. This allowed moving the cursor outside of the viewport and the Firefox window. This vulnerability affects Firefox < 128 and Thunderbird < 128.

4.3CVSS8.6AI score0.00141EPSS
CVE
CVE
added 2019/02/28 6:29 p.m.212 views

CVE-2018-12405

Mozilla developers and community members reported memory safety bugs present in Firefox 63 and Firefox ESR 60.3. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thu...

9.8CVSS8.3AI score0.03282EPSS
CVE
CVE
added 2021/01/07 2:15 p.m.212 views

CVE-2020-35113

Mozilla developers reported memory safety bugs present in Firefox 83 and Firefox ESR 78.5. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 84, Thunde...

8.8CVSS9.1AI score0.00532EPSS
CVE
CVE
added 2024/10/29 1:15 p.m.212 views

CVE-2024-10463

Video frames could have been leaked between origins in some situations. This vulnerability affects Firefox < 132, Firefox ESR < 128.4, Firefox ESR < 115.17, Thunderbird < 128.4, and Thunderbird < 132.

7.5CVSS6.3AI score0.00146EPSS
CVE
CVE
added 2024/11/26 2:15 p.m.212 views

CVE-2024-11700

Malicious websites may have been able to perform user intent confirmation through tapjacking. This could have led to users unknowingly approving the launch of external applications, potentially exposing them to underlying vulnerabilities. This vulnerability affects Firefox < 133 and Thunderbird ...

8.1CVSS7.5AI score0.00076EPSS
CVE
CVE
added 2024/09/03 1:15 p.m.212 views

CVE-2024-8387

Memory safety bugs present in Firefox 129, Firefox ESR 128.1, and Thunderbird 128.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 130, Firefox ESR...

9.8CVSS9.8AI score0.00787EPSS
CVE
CVE
added 2024/10/01 4:15 p.m.212 views

CVE-2024-9402

Memory safety bugs present in Firefox 130, Firefox ESR 128.2, and Thunderbird 128.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 131, Firefox ESR...

9.8CVSS7.5AI score0.00551EPSS
CVE
CVE
added 2025/02/04 2:15 p.m.212 views

CVE-2025-1018

The fullscreen notification is prematurely hidden when fullscreen is re-requested quickly by the user. This could have been leveraged to perform a potential spoofing attack. This vulnerability affects Firefox < 135 and Thunderbird < 135.

7.3CVSS6.2AI score0.00078EPSS
CVE
CVE
added 2019/09/27 6:15 p.m.211 views

CVE-2019-11739

Encrypted S/MIME parts in a crafted multipart/alternative message can leak plaintext when included in a a HTML reply/forward. This vulnerability affects Thunderbird < 68.1 and Thunderbird < 60.9.

6.5CVSS6.6AI score0.00266EPSS
CVE
CVE
added 2020/08/10 6:15 p.m.211 views

CVE-2020-15658

The code for downloading files did not properly take care of special characters, which led to an attacker being able to cut off the file ending at an earlier position, leading to a different file type being downloaded than shown in the dialog. This vulnerability affects Firefox ESR < 78.1, Firef...

6.5CVSS6.5AI score0.00457EPSS
CVE
CVE
added 2020/12/09 1:15 a.m.211 views

CVE-2020-26953

It was possible to cause the browser to enter fullscreen mode without displaying the security UI; thus making it possible to attempt a phishing attack or otherwise confuse the user. This vulnerability affects Firefox < 83, Firefox ESR < 78.5, and Thunderbird < 78.5.

4.3CVSS5.7AI score0.00283EPSS
CVE
CVE
added 2021/12/08 10:15 p.m.211 views

CVE-2021-43536

Under certain circumstances, asynchronous functions could have caused a navigation to fail but expose the target URL. This vulnerability affects Thunderbird < 91.4.0, Firefox ESR < 91.4.0, and Firefox < 95.

6.5CVSS7.2AI score0.00422EPSS
CVE
CVE
added 2023/09/27 3:19 p.m.211 views

CVE-2023-5176

Memory safety bugs present in Firefox 117, Firefox ESR 115.2, and Thunderbird 115.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 118, Firefox ESR...

9.8CVSS9.8AI score0.00561EPSS
Total number of security vulnerabilities1376