Lucene search
+L

1214 matches found

CVE
CVE
added 2019/02/28 6:0 p.m.251 views

CVE-2018-12392

CVE-2018-12392 is a vulnerability affecting Firefox (pre-63 and ESR pre-60.3) and Thunderbird (pre-60.3) where manipulating user events in nested loops while opening a document via script can trigger a crash due to poor event handling. Public advisories list the impact as a potentially exploitabl...

9.8CVSS7.2AI score0.03425EPSS
CVE
CVE
added 2020/10/01 6:31 p.m.251 views

CVE-2020-15676

CVE-2020-15676 affects Firefox (and related Mozilla products) where the onload handler for SVG elements could run after the DOM sanitizer removed content, enabling JavaScript execution when pasting attacker-controlled data into a contenteditable area. Affected versions: Firefox < 81, Thunderbi...

6.1CVSS6.5AI score0.01594EPSS
CVE
CVE
added 2023/09/27 2:12 p.m.250 views

CVE-2023-5168

CVE-2023-5168 refers to a vulnerability in Firefox on Windows where a compromised content process could supply malicious data to FilterNodeD2D1, causing an out-of-bounds write and potentially crashing a privileged process. The entry notes a high/critical risk with a base score of 9.8 (CVSSv3.1) a...

9.8CVSS8.6AI score0.00921EPSS
CVE
CVE
added 2023/09/11 7:59 a.m.249 views

CVE-2023-4573

The CVE-2023-4573 issue is a memory corruption/use-after-free in Mozilla's IPC path (mStream) that can be triggered when rendering data is received via IPC. Connected documents confirm affected products include Firefox and Thunderbird (multiple ESR branches) with vulnerable components tied to IPC...

6.5CVSS6.9AI score0.00545EPSS
CVE
CVE
added 2023/09/11 8:1 a.m.248 views

CVE-2023-4580

CVE-2023-4580 : Pushed notifications stored on disk in private browsing mode were not encrypted, potentially leaking sensitive information. Affected: Firefox < 117, Firefox ESR < 115.2, Thunderbird

6.5CVSS6.7AI score0.00361EPSS
CVE
CVE
added 2020/08/10 5:43 p.m.247 views

CVE-2020-15655

CVE-2020-15655 affects Mozilla Firefox (including ESR) and Thunderbird, where a redirected HTTP request observed or modified through a web extension could bypass Same-Origin Policy via extension APIs, potentially disclosing cross-origin information. Affected versions include Firefox ESR <78.1,...

6.5CVSS6.3AI score0.01528EPSS
CVE
CVE
added 2023/07/24 10:9 a.m.247 views

CVE-2023-3417

CVE-2023-3417 affects Mozilla Thunderbird. The issue arises from the Text Direction Override Unicode Character in filenames, which could cause an email attachment to appear as a non-executable document when it was actually an executable. Affected: Thunderbird versions before 115.0.1 and before 10...

7.5CVSS7.9AI score0.00556EPSS
CVE
CVE
added 2023/09/11 8:2 a.m.247 views

CVE-2023-4583

CVE-2023-4583 concerns a logic issue in the HTTP/Browsing Context handling within Mozilla Firefox/Thunderbird. The flaw occurs when HttpBaseChannel checks whether a Browsing Context has been discarded; if the load group is unavailable, it may assume discard even for private channels after a priva...

7.5CVSS7.2AI score0.00565EPSS
CVE
CVE
added 2019/07/23 1:23 p.m.245 views

CVE-2019-9818

CVE-2019-9818 is a use-after-free in the crash generation server used by Mozilla Firefox/Thunderbird on Windows. The issue, described as a race condition in the crash reporter server, can lead to a potentially exploitable crash and sandbox escape. Public references indicate the vulnerability affe...

8.3CVSS7.8AI score0.00954EPSS
CVE
CVE
added 2019/04/26 4:13 p.m.244 views

CVE-2019-9801

CVE-2019-9801 affects Mozilla Firefox and Thunderbird on Windows. The issue allows Firefox/Thunderbird to treat any registered Program ID as an external protocol handler and offer to launch a local application when a matching URL is opened, even if the program is not intended as a URL handler. Ro...

5.3CVSS6.1AI score0.0131EPSS
CVE
CVE
added 2023/06/02 12:0 a.m.243 views

CVE-2023-25751

CVE-2023-25751 affects Firefox and Thunderbird: root cause is incorrect code generation during JIT code invalidation when following an iterator, which could lead to a potentially exploitable crash. Affected: Firefox <=111 and Firefox ESR <=102.8/9, Thunderbird

6.5CVSS6.9AI score0.0069EPSS
CVE
CVE
added 2019/09/27 5:19 p.m.242 views

CVE-2019-11739

CVE-2019-11739 affects Mozilla Thunderbird; encrypted S/MIME parts in a crafted multipart/alternative message can leak plaintext when included in a HTML reply/forward. Affected versions: Thunderbird < 68.1 and Thunderbird

6.5CVSS6.6AI score0.00897EPSS
CVE
CVE
added 2009/07/30 7:0 p.m.241 views

CVE-2009-2408

CVE-2009-2408 affects Mozilla NSS up to 3.12.2/Firefox up to 3.0.12/ Thunderbird up to 2.0.0.22 and SeaMonkey up to 1.1.17. The issue is improper handling of a '\0' character in the domain name present in the certificate subject’s Common Name (CN) field of an X.509 certificate. This enables a man...

6.8CVSS6.1AI score0.05741EPSS
CVE
CVE
added 2021/08/17 7:12 p.m.241 views

CVE-2021-29981

CVE-2021-29981 affects Firefox < 91 and Thunderbird

8.8CVSS8AI score0.01004EPSS
CVE
CVE
added 2021/11/03 12:3 a.m.241 views

CVE-2021-38498

The CVE-2021-38498 entry describes a use-after-free of the nsLanguageAtomService (languages service object) during process shutdown, causing memory corruption and potentially a crash. Affected products include Firefox < 93, Thunderbird < 91.2, and Firefox ESR

7.5CVSS8.2AI score0.0142EPSS
CVE
CVE
added 2023/09/11 8:1 a.m.240 views

CVE-2023-4578

CVE-2023-4578 affects Firefox and Thunderbird: a failure in JS::CheckRegExpSyntax could mishandle an out-of-memory (OOM) condition as a Syntax Error, potentially leading to crashes. Affected versions are Firefox < 117, Firefox ESR < 115.2, and Thunderbird

6.5CVSS6.6AI score0.00528EPSS
CVE
CVE
added 2019/07/23 1:22 p.m.238 views

CVE-2019-11694

CVE-2019-11694 is a Windows-only vulnerability in the Mozilla Firefox/Thunderbird stack where an uninitialized memory value can leak from a broker into a renderer when accessing an otherwise unavailable file in the Windows sandbox. Affected products include Thunderbird < 60.7, Firefox < 67,...

7.5CVSS6.8AI score0.01509EPSS
CVE
CVE
added 2021/11/03 12:2 a.m.238 views

CVE-2021-38501

CVE-2021-38501 is a memory-safety issue affecting Firefox up to version 92/ESR 91.1 with memory-corruption risks; impacted products include Firefox <93, Thunderbird <91.2, and Firefox ESR

8.8CVSS9.6AI score0.01015EPSS
CVE
CVE
added 2021/12/08 9:21 p.m.238 views

CVE-2021-43528

CVE-2021-43528 : Thunderbird before 91.4.0 enables JavaScript in the composition area. The JS context is restricted to that area with no chrome privileges but could serve as a stepping stone to further attacks involving other vulnerabilities. Affected: Thunderbird

6.5CVSS7.3AI score0.01267EPSS
CVE
CVE
added 2024/01/23 1:48 p.m.238 views

CVE-2024-0741

CVE-2024-0741 describes an out-of-bounds write in ANGLE that could corrupt memory and cause a potentially exploitable crash. Affected software includes Firefox up to version 121/122 and Firefox ESR up to 115.7, as well as Thunderbird up to 115.7. The connected advisories indicate the root cause i...

6.5CVSS7AI score0.02155EPSS
CVE
CVE
added 2023/09/11 8:0 a.m.236 views

CVE-2023-4574

CVE-2023-4574 involves a use-after-free in the IPC ColorPickerShownCallback: creating multiple identical callbacks for the Color Picker over IPC, then destroying them all when one finishes. Affected: Firefox < 117, Firefox ESR < 102.15/115.2, Thunderbird

6.5CVSS7AI score0.00571EPSS
CVE
CVE
added 2023/09/11 8:0 a.m.236 views

CVE-2023-4575

CVE-2023-4575 describes a memory safety risk in Mozilla components where IPC FilePickerShownCallback could suffer a use-after-free due to multiple identical callbacks being created and destroyed concurrently during File Picker window invocation. Affected products include Firefox (all listed varia...

6.5CVSS7AI score0.00571EPSS
CVE
CVE
added 2023/09/11 8:1 a.m.236 views

CVE-2023-4577

CVE-2023-4577 is a memory-corruption issue in the Firefox/Thunderbird code path where UpdateRegExpStatics could access initialStringHeap after it had been garbage collected, potentially causing an exploitable crash. Connected advisories corroborate that affected products include Firefox versions ...

6.5CVSS6.8AI score0.00554EPSS
CVE
CVE
added 2018/06/11 9:0 p.m.234 views

CVE-2017-5390

CVE-2017-5390 concerns the JSON viewer in Mozilla/Thunderbird Developer Tools that uses insecure methods to copy/view JSON or HTTP header data, enabling potential privilege escalation. Concrete details in connected docs show this affects Thunderbird < 45.7, Firefox ESR < 45.7, and Firefox

9.8CVSS8.9AI score0.03933EPSS
CVE
CVE
added 2021/06/24 1:19 p.m.234 views

CVE-2021-29948

Thunderbird prior to 78.10.0 is affected by CVE-2021-29948, where signatures are written to disk before verification and may be at risk of a race condition if a local attacker replaces the file. Impact includes potential signature forgery; remediation is to upgrade Thunderbird to 78.10.0 or newer...

2.5CVSS5AI score0.00286EPSS
CVE
CVE
added 2023/06/02 12:0 a.m.234 views

CVE-2023-29536

The CVE-2023-29536 entry applies to Mozilla products (Firefox, Focus, Thunderbird, Firefox ESR, and Firefox for Android) with memory-management weakness in freeing a pointer to attacker-controlled memory. Impacted versions include Firefox <112, Focus for Android <112, Firefox ESR <102.10...

8.8CVSS8.1AI score0.00702EPSS
CVE
CVE
added 2023/10/24 12:47 p.m.234 views

CVE-2023-5728

CVE-2023-5728 : In the Firefox/Thunderbird stack, during garbage collection extra operations on an object that should not be touched could lead to a potentially exploitable crash. Affected: Firefox < 119, Firefox ESR < 115.4, and Thunderbird

7.5CVSS7.9AI score0.01184EPSS
CVE
CVE
added 2019/02/28 6:0 p.m.233 views

CVE-2018-12390

CVE-2018-12390 corresponds to memory-safety bugs in Mozilla Firefox and Thunderbird prior to patched versions. Affected: Firefox < 63, Firefox ESR < 60.3, Thunderbird

9.8CVSS8.3AI score0.03207EPSS
CVE
CVE
added 2019/04/26 4:13 p.m.232 views

CVE-2019-9794

CVE-2019-9794: Command line arguments are not discarded when Firefox is invoked as a shell handler for URLs on Windows, enabling potential remote file retrieval/execution. Affected: Thunderbird <60.6, Firefox ESR <60.6, Firefox

9.8CVSS8.9AI score0.01774EPSS
CVE
CVE
added 2023/09/11 8:1 a.m.232 views

CVE-2023-4582

CVE-2023-4582 is a Firefox-on-macOS-specific issue where large allocation checks in Angle for GLSL shaders could overflow a private shader memory allocation, leading to a buffer overflow. The vulnerability affects Firefox versions earlier than 117 (and Firefox ESR < 115.2, Thunderbird

8.8CVSS6.7AI score0.00756EPSS
CVE
CVE
added 2018/10/18 1:0 p.m.231 views

CVE-2018-12365

CVE-2018-12365 is a vulnerability where a compromised IPC child process can escape the content sandbox and list names of arbitrary files on the file system without user consent. It affects Thunderbird (versions below 60, including 52.9) and Firefox-based products (Firefox ESR < 60.1/52.9, Fire...

6.5CVSS7.4AI score0.03158EPSS
CVE
CVE
added 2018/10/18 1:0 p.m.231 views

CVE-2018-12376

CVE-2018-12376 involves memory safety bugs in Firefox 61/ESR 60.1 and Thunderbird

9.8CVSS7.2AI score0.03146EPSS
CVE
CVE
added 2021/06/24 1:18 p.m.230 views

CVE-2021-29951

CVE-2021-29951 involves the Mozilla Maintenance Service granting SERVICE_START access to BUILTIN|Users, enabling domain users to start/stop the browser update service. Affected: Windows systems older than Windows 10 build 1709; Firefox prior to 87 and Firefox ESR prior to 78.10.1, Thunderbird pri...

6.5CVSS6.2AI score0.01852EPSS
CVE
CVE
added 2021/11/03 12:3 a.m.230 views

CVE-2021-38497

CVE-2021-38497 describes a UI spoofing issue caused by using reportValidity() together with window.open(), which could overlay a plain-text validation message on another origin. Affected software versions are Firefox < 93, Thunderbird < 91.2, and Firefox ESR

6.5CVSS7.1AI score0.00531EPSS
CVE
CVE
added 2023/10/24 12:47 p.m.229 views

CVE-2023-5730

The CVE-2023-5730 entry concerns memory safety bugs in Mozilla Firefox (Firefox 118 and ESR 115.3) and Thunderbird 115.3 that could allow arbitrary code execution. Affected versions are Firefox < 119, Firefox ESR < 115.4, and Thunderbird

9.8CVSS9.8AI score0.0145EPSS
CVE
CVE
added 2019/07/23 1:24 p.m.228 views

CVE-2019-9815

CVE-2019-9815 describes a timing-attack similar to Spectre when hyperthreading is not disabled. Affected: macOS content threads (macOS 10.14.5 introduces a sysctl option to disable hyperthreading for untrusted code on the main or worker JavaScript threads), and affected Firefox/Thunderbird versio...

8.1CVSS6AI score0.01828EPSS
CVE
CVE
added 2023/06/02 12:0 a.m.228 views

CVE-2023-29539

Concrete details found: CVE-2023-29539 (Content-Disposition filename truncation on NULL) affects Firefox family and Thunderbird; root cause is NULL character in filename causing truncation and potential Reflected File Download. Connected documents (Astra Linux bulletin, Debian/CentOS advisories) ...

8.8CVSS7.9AI score0.00737EPSS
CVE
CVE
added 2022/12/22 12:0 a.m.227 views

CVE-2022-46882

CVE-2022-46882 is a use-after-free in WebGL extensions that could cause a crash in affected Mozilla products. Affected software include Firefox versions before 107 and Firefox ESR before 102.6, and Thunderbird before 102.6. The connected documents identify the underlying issue as a use-after-free...

9.8CVSS9AI score0.00921EPSS
CVE
CVE
added 2021/08/17 7:12 p.m.226 views

CVE-2021-29987

CVE-2021-29987 describes a UI permission trick where after requesting multiple permissions and closing the first panel, subsequent panels appear in a different position but still register a click in the default location, potentially causing a user to grant unwanted permissions. Technical details ...

6.5CVSS6.6AI score0.00945EPSS
CVE
CVE
added 2023/09/11 8:0 a.m.225 views

CVE-2023-4576

CVE-2023-4576 affects Mozilla Firefox on Windows, where an integer overflow in RecordedSourceSurfaceCreation can cause a heap buffer overflow potentially leaking data and enabling sandbox escape. Affected products/versions listed include Firefox on Windows and Firefox/Thunderbird releases older t...

8.6CVSS8.2AI score0.00688EPSS
CVE
CVE
added 2018/06/11 9:0 p.m.224 views

CVE-2017-5436

CVE-2017-5436 is an out-of-bounds write in the Graphite 2 library triggered by a malicious Graphite font, causing a potentially exploitable crash. The issue was fixed in Graphite 2 and in Mozilla products; affected Mozilla components include Thunderbird < 52.1, Firefox ESR < 45.9 and < 5...

8.8CVSS8.2AI score0.02414EPSS
CVE
CVE
added 2018/10/18 1:0 p.m.223 views

CVE-2018-12377

CVE-2018-12377 is a use-after-free vulnerability that can occur when refresh driver timers are refreshed during shutdown, potentially causing a crash when the timer is deleted while still in use. The issue affects Thunderbird versions prior to 60.2.1 (and related Firefox/ESR components). The docu...

9.8CVSS6.4AI score0.03357EPSS
CVE
CVE
added 2021/08/17 7:12 p.m.223 views

CVE-2021-29982

CVE-2021-29982 affects Firefox and Thunderbird prior to version 91. Root cause: incorrect JIT optimization causing type confusion, leading to potential leakage of a single memory bit. Connected advisories confirm the issue and describe remediation as upgrading to Firefox/Thunderbird version 91 or...

6.5CVSS6.3AI score0.01124EPSS
CVE
CVE
added 2022/12/22 12:0 a.m.223 views

CVE-2022-40962

CVE-2022-40962 is a memory safety issue in Firefox 104 and Firefox ESR 102.2 reported by Mozilla Fuzzing Team. The connected documents confirm memory corruption indicators and state that, with enough effort, some bugs could be exploited to run arbitrary code. The vulnerability affects Firefox ESR...

8.8CVSS8.5AI score0.01342EPSS
CVE
CVE
added 2018/10/18 1:0 p.m.222 views

CVE-2018-12359

CVE-2018-12359 is a buffer overflow in rendering canvas content when dynamically adjusting the height/width, potentially causing a crash. Affected: Thunderbird and Firefox variants (e.g., Thunderbird < 52.9, Firefox ESR < 60.1, Firefox

8.8CVSS7.8AI score0.04647EPSS
CVE
CVE
added 2018/10/18 1:0 p.m.222 views

CVE-2018-12362

CVE-2018-12362 is an integer overflow in the SSSE3 scaler used during graphics operations, affecting Thunderbird and Firefox variants prior to specific versions (e.g., Thunderbird < 52.9, Firefox ESR < 60.1, Firefox

8.8CVSS7.8AI score0.03767EPSS
CVE
CVE
added 2018/06/11 9:0 p.m.222 views

CVE-2018-5150

CVE-2018-5150 concerns memory safety bugs in Firefox 59/ESR 52.7 and Thunderbird 52.7, with potential memory corruption that could allow arbitrary code execution. Affected products include Thunderbird < 52.8, Thunderbird ESR < 52.8, Firefox < 60, and Firefox ESR

9.8CVSS7.9AI score0.0318EPSS
CVE
CVE
added 2018/06/11 9:0 p.m.221 views

CVE-2017-5375

CVE-2017-5375 affects Mozilla Thunderbird, Firefox ESR, and Firefox prior to certain version thresholds. The issue is a JIT code allocation vulnerability that can bypass ASLR and DEP, enabling memory corruption. Public exploit activity exists (ASM.JS JIT-Spray PoCs) for multiple Firefox versions ...

9.8CVSS9.2AI score0.33199EPSS
CVE
CVE
added 2022/12/22 12:0 a.m.221 views

CVE-2022-3266

CVE-2022-3266 is an out-of-bounds read in H.264 video decoding that can trigger a crash. Affected products in the provided documents include Firefox ESR < 102.3, Thunderbird < 102.3, and Firefox

5.5CVSS5.9AI score0.00293EPSS
CVE
CVE
added 2023/10/24 12:47 p.m.221 views

CVE-2023-5724

The connected Astra Linux bulletin confirms CVE-2023-5724: Drivers are not always robust to extremely large draw calls, potentially causing crashes in Firefox before 119, Firefox ESR before 115.4, and Thunderbird before 115.4.1. Affected versions are Firefox <119, Firefox ESR <115.4, Thunde...

7.5CVSS7.7AI score0.01585EPSS
Total number of security vulnerabilities1214