Total
738 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-9064 | 1 Mozilla | 2 Firefox, Firefox Esr | 2024-11-21 | 4.3 MEDIUM | 5.9 MEDIUM |
| Add-on updates failed to verify that the add-on ID inside the signed package matched the ID of the add-on being updated. An attacker who could perform a man-in-the-middle attack on the user's connection to the update server and defeat the certificate pinning protection could provide a malicious signed add-on instead of a valid update. This vulnerability affects Firefox ESR < 45.5 and Firefox < 50. | |||||
| CVE-2016-5297 | 2 Debian, Mozilla | 4 Debian Linux, Firefox, Firefox Esr and 1 more | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An error in argument length checking in JavaScript, leading to potential integer overflows or other bounds checking issues. This vulnerability affects Thunderbird < 45.5, Firefox ESR < 45.5, and Firefox < 50. | |||||
| CVE-2016-5296 | 2 Debian, Mozilla | 4 Debian Linux, Firefox, Firefox Esr and 1 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| A heap-buffer-overflow in Cairo when processing SVG content caused by compiler optimization, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird < 45.5, Firefox ESR < 45.5, and Firefox < 50. | |||||
| CVE-2016-5294 | 2 Microsoft, Mozilla | 4 Windows, Firefox, Firefox Esr and 1 more | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| The Mozilla Updater can be made to choose an arbitrary target working directory for output files resulting from the update process. This vulnerability requires local system access. Note: this issue only affects Windows operating systems. This vulnerability affects Thunderbird < 45.5, Firefox ESR < 45.5, and Firefox < 50. | |||||
| CVE-2016-5293 | 3 Debian, Microsoft, Mozilla | 4 Debian Linux, Windows, Firefox and 1 more | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| When the Mozilla Updater is run, if the Updater's log file in the working directory points to a hardlink, data can be appended to an arbitrary local file. This vulnerability requires local system access. Note: this issue only affects Windows operating systems. This vulnerability affects Firefox ESR < 45.5 and Firefox < 50. | |||||
| CVE-2016-5291 | 2 Debian, Mozilla | 4 Debian Linux, Firefox, Firefox Esr and 1 more | 2024-11-21 | 4.9 MEDIUM | 5.5 MEDIUM |
| A same-origin policy bypass with local shortcut files to load arbitrary local content from disk. This vulnerability affects Thunderbird < 45.5, Firefox ESR < 45.5, and Firefox < 50. | |||||
| CVE-2016-5290 | 2 Debian, Mozilla | 4 Debian Linux, Firefox, Firefox Esr and 1 more | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Memory safety bugs were reported in Firefox 49 and Firefox ESR 45.4. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 45.5, Firefox ESR < 45.5, and Firefox < 50. | |||||
| CVE-2024-8386 | 1 Mozilla | 2 Firefox, Firefox Esr | 2024-10-30 | N/A | 6.1 MEDIUM |
| If a site had been granted the permission to open popup windows, it could cause Select elements to appear on top of another site to perform a spoofing attack. This vulnerability affects Firefox < 130, Firefox ESR < 128.2, and Thunderbird < 128.2. | |||||
| CVE-2024-7518 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2024-10-29 | N/A | 6.5 MEDIUM |
| Select options could obscure the fullscreen notification dialog. This could be used by a malicious site to perform a spoofing attack. This vulnerability affects Firefox < 129, Firefox ESR < 128.1, and Thunderbird < 128.1. | |||||
| CVE-2024-7526 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2024-09-17 | N/A | 6.5 MEDIUM |
| ANGLE failed to initialize parameters which lead to reading from uninitialized memory. This could be leveraged to leak sensitive data from memory. This vulnerability affects Firefox < 129, Firefox ESR < 115.14, Firefox ESR < 128.1, Thunderbird < 128.1, and Thunderbird < 115.14. | |||||
| CVE-2024-8387 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2024-09-06 | N/A | 9.8 CRITICAL |
| Memory safety bugs present in Firefox 129, Firefox ESR 128.1, and Thunderbird 128.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 130, Firefox ESR < 128.2, and Thunderbird < 128.2. | |||||
| CVE-2024-8385 | 1 Mozilla | 2 Firefox, Firefox Esr | 2024-09-06 | N/A | 9.8 CRITICAL |
| A difference in the handling of StructFields and ArrayTypes in WASM could be used to trigger an exploitable type confusion vulnerability. This vulnerability affects Firefox < 130, Firefox ESR < 128.2, and Thunderbird < 128.2. | |||||
| CVE-2024-7528 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2024-08-12 | N/A | 8.8 HIGH |
| Incorrect garbage collection interaction in IndexedDB could have led to a use-after-free. This vulnerability affects Firefox < 129, Firefox ESR < 128.1, and Thunderbird < 128.1. | |||||
| CVE-2024-7529 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2024-08-12 | N/A | 6.5 MEDIUM |
| The date picker could partially obscure security prompts. This could be used by a malicious site to trick a user into granting permissions. This vulnerability affects Firefox < 129, Firefox ESR < 115.14, Firefox ESR < 128.1, Thunderbird < 128.1, and Thunderbird < 115.14. | |||||
| CVE-2024-7525 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2024-08-12 | N/A | 8.1 HIGH |
| It was possible for a web extension with minimal permissions to create a `StreamFilter` which could be used to read and modify the response body of requests on any site. This vulnerability affects Firefox < 129, Firefox ESR < 115.14, Firefox ESR < 128.1, Thunderbird < 128.1, and Thunderbird < 115.14. | |||||
| CVE-2024-7522 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2024-08-12 | N/A | 8.8 HIGH |
| Editor code failed to check an attribute value. This could have led to an out-of-bounds read. This vulnerability affects Firefox < 129, Firefox ESR < 115.14, Firefox ESR < 128.1, Thunderbird < 128.1, and Thunderbird < 115.14. | |||||
| CVE-2024-7521 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2024-08-12 | N/A | 8.8 HIGH |
| Incomplete WebAssembly exception handing could have led to a use-after-free. This vulnerability affects Firefox < 129, Firefox ESR < 115.14, Firefox ESR < 128.1, Thunderbird < 128.1, and Thunderbird < 115.14. | |||||
| CVE-2024-7519 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2024-08-12 | N/A | 9.6 CRITICAL |
| Insufficient checks when processing graphics shared memory could have led to memory corruption. This could be leveraged by an attacker to perform a sandbox escape. This vulnerability affects Firefox < 129, Firefox ESR < 115.14, Firefox ESR < 128.1, Thunderbird < 128.1, and Thunderbird < 115.14. | |||||