Filtered by vendor Mozilla
Subscribe
Total
3350 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-5697 | 1 Mozilla | 1 Firefox | 2025-03-13 | N/A | 4.3 MEDIUM |
| A website was able to detect when a user took a screenshot of a page using the built-in Screenshot functionality in Firefox. This vulnerability affects Firefox < 127. | |||||
| CVE-2025-1015 | 1 Mozilla | 1 Thunderbird | 2025-03-10 | N/A | 5.4 MEDIUM |
| The Thunderbird Address Book URI fields contained unsanitized links. This could be used by an attacker to create and export an address book containing a malicious payload in a field. For example, in the “Other” field of the Instant Messaging section. If another user imported the address book, clicking on the link could result in opening a web page inside Thunderbird, and that page could execute (unprivileged) JavaScript. This vulnerability affects Thunderbird < 128.7 and Thunderbird < 135. | |||||
| CVE-2024-2613 | 1 Mozilla | 1 Firefox | 2025-02-25 | N/A | 7.5 HIGH |
| Data was not properly sanitized when decoding a QUIC ACK frame; this could have led to unrestricted memory consumption and a crash. This vulnerability affects Firefox < 124. | |||||
| CVE-2024-2614 | 2 Debian, Mozilla | 3 Debian Linux, Firefox, Thunderbird | 2025-02-25 | N/A | 8.8 HIGH |
| Memory safety bugs present in Firefox 123, Firefox ESR 115.8, and Thunderbird 115.8. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 124, Firefox ESR < 115.9, and Thunderbird < 115.9. | |||||
| CVE-2024-2616 | 1 Mozilla | 2 Firefox, Thunderbird | 2025-02-25 | N/A | 2.7 LOW |
| To harden ICU against exploitation, the behavior for out-of-memory conditions was changed to crash instead of attempt to continue. This vulnerability affects Firefox ESR < 115.9 and Thunderbird < 115.9. | |||||
| CVE-2023-34416 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2025-02-13 | N/A | 9.8 CRITICAL |
| Memory safety bugs present in Firefox 113, Firefox ESR 102.11, and Thunderbird 102.12. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR < 102.12, Firefox < 114, and Thunderbird < 102.12. | |||||
| CVE-2024-10941 | 1 Mozilla | 1 Firefox | 2025-02-10 | N/A | 6.5 MEDIUM |
| A malicious website could have included an iframe with an malformed URI resulting in a non-exploitable browser crash. This vulnerability affects Firefox < 126. | |||||
| CVE-2025-1020 | 1 Mozilla | 2 Firefox, Thunderbird | 2025-02-06 | N/A | 9.8 CRITICAL |
| Memory safety bugs present in Firefox 134 and Thunderbird 134. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 135 and Thunderbird < 135. | |||||
| CVE-2025-0510 | 1 Mozilla | 1 Thunderbird | 2025-02-06 | N/A | 6.5 MEDIUM |
| Thunderbird displayed an incorrect sender address if the From field of an email used the invalid group name syntax that is described in CVE-2024-49040. This vulnerability affects Thunderbird < 128.7 and Thunderbird < 135. | |||||
| CVE-2025-1019 | 1 Mozilla | 2 Firefox, Thunderbird | 2025-02-06 | N/A | 4.3 MEDIUM |
| The z-order of the browser windows could be manipulated to hide the fullscreen notification. This could potentially be leveraged to perform a spoofing attack. This vulnerability affects Firefox < 135 and Thunderbird < 135. | |||||
| CVE-2025-1018 | 1 Mozilla | 2 Firefox, Thunderbird | 2025-02-06 | N/A | 5.3 MEDIUM |
| The fullscreen notification is prematurely hidden when fullscreen is re-requested quickly by the user. This could have been leveraged to perform a potential spoofing attack. This vulnerability affects Firefox < 135 and Thunderbird < 135. | |||||
| CVE-2023-32207 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2025-01-31 | N/A | 8.8 HIGH |
| A missing delay in popup notifications could have made it possible for an attacker to trick a user into granting permissions. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11. | |||||
| CVE-2023-29550 | 1 Mozilla | 4 Firefox, Firefox Esr, Focus and 1 more | 2025-01-10 | N/A | 8.8 HIGH |
| Memory safety bugs present in Firefox 111 and Firefox ESR 102.9. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 112, Focus for Android < 112, Firefox ESR < 102.10, Firefox for Android < 112, and Thunderbird < 102.10. | |||||
| CVE-2023-29549 | 1 Mozilla | 2 Firefox, Focus | 2025-01-10 | N/A | 6.5 MEDIUM |
| Under certain circumstances, a call to the <code>bind</code> function may have resulted in the incorrect realm. This may have created a vulnerability relating to JavaScript-implemented sandboxes such as SES. This vulnerability affects Firefox for Android < 112, Firefox < 112, and Focus for Android < 112. | |||||
| CVE-2023-29548 | 1 Mozilla | 4 Firefox, Firefox Esr, Focus and 1 more | 2025-01-10 | N/A | 6.5 MEDIUM |
| A wrong lowering instruction in the ARM64 Ion compiler resulted in a wrong optimization result. This vulnerability affects Firefox < 112, Focus for Android < 112, Firefox ESR < 102.10, Firefox for Android < 112, and Thunderbird < 102.10. | |||||
| CVE-2023-29547 | 1 Mozilla | 3 Firefox, Firefox Esr, Focus | 2025-01-10 | N/A | 6.5 MEDIUM |
| When a secure cookie existed in the Firefox cookie jar an insecure cookie for the same domain could have been created, when it should have silently failed. This could have led to a desynchronization in expected results when reading from the secure cookie. This vulnerability affects Firefox for Android < 112, Firefox < 112, and Focus for Android < 112. | |||||
| CVE-2023-29544 | 1 Mozilla | 2 Firefox, Focus | 2025-01-10 | N/A | 6.5 MEDIUM |
| If multiple instances of resource exhaustion occurred at the incorrect time, the garbage collector could have caused memory corruption and a potentially exploitable crash. This vulnerability affects Firefox for Android < 112, Firefox < 112, and Focus for Android < 112. | |||||
| CVE-2023-29543 | 1 Mozilla | 2 Firefox, Focus | 2025-01-10 | N/A | 8.8 HIGH |
| An attacker could have caused memory corruption and a potentially exploitable use-after-free of a pointer in a global object's debugger vector. This vulnerability affects Firefox for Android < 112, Firefox < 112, and Focus for Android < 112. | |||||
| CVE-2023-29541 | 1 Mozilla | 4 Firefox, Firefox Esr, Focus and 1 more | 2025-01-10 | N/A | 8.8 HIGH |
| Firefox did not properly handle downloads of files ending in <code>.desktop</code>, which can be interpreted to run attacker-controlled commands. <br>*This bug only affects Firefox for Linux on certain Distributions. Other operating systems are unaffected, and Mozilla is unable to enumerate all affected Linux Distributions.*. This vulnerability affects Firefox < 112, Focus for Android < 112, Firefox ESR < 102.10, Firefox for Android < 112, and Thunderbird < 102.10. | |||||
| CVE-2023-23602 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2025-01-10 | N/A | 6.5 MEDIUM |
| A mishandled security check when creating a WebSocket in a WebWorker caused the Content Security Policy connect-src header to be ignored. This could lead to connections to restricted origins from inside WebWorkers. This vulnerability affects Firefox < 109, Thunderbird < 102.7, and Firefox ESR < 102.7. | |||||