Total
2869 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-26485 | 1 Mozilla | 4 Firefox, Firefox Esr, Firefox Focus and 1 more | 2025-03-06 | N/A | 8.8 HIGH |
| Removing an XSLT parameter during processing could have lead to an exploitable use-after-free. We have had reports of attacks in the wild abusing this flaw. This vulnerability affects Firefox < 97.0.2, Firefox ESR < 91.6.1, Firefox for Android < 97.3.0, Thunderbird < 91.6.2, and Focus < 97.3.0. | |||||
| CVE-2024-2613 | 1 Mozilla | 1 Firefox | 2025-02-25 | N/A | 7.5 HIGH |
| Data was not properly sanitized when decoding a QUIC ACK frame; this could have led to unrestricted memory consumption and a crash. This vulnerability affects Firefox < 124. | |||||
| CVE-2024-2614 | 2 Debian, Mozilla | 3 Debian Linux, Firefox, Thunderbird | 2025-02-25 | N/A | 8.8 HIGH |
| Memory safety bugs present in Firefox 123, Firefox ESR 115.8, and Thunderbird 115.8. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 124, Firefox ESR < 115.9, and Thunderbird < 115.9. | |||||
| CVE-2024-2616 | 1 Mozilla | 2 Firefox, Thunderbird | 2025-02-25 | N/A | 2.7 LOW |
| To harden ICU against exploitation, the behavior for out-of-memory conditions was changed to crash instead of attempt to continue. This vulnerability affects Firefox ESR < 115.9 and Thunderbird < 115.9. | |||||
| CVE-2023-34416 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2025-02-13 | N/A | 9.8 CRITICAL |
| Memory safety bugs present in Firefox 113, Firefox ESR 102.11, and Thunderbird 102.12. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR < 102.12, Firefox < 114, and Thunderbird < 102.12. | |||||
| CVE-2024-10941 | 1 Mozilla | 1 Firefox | 2025-02-10 | N/A | 6.5 MEDIUM |
| A malicious website could have included an iframe with an malformed URI resulting in a non-exploitable browser crash. This vulnerability affects Firefox < 126. | |||||
| CVE-2025-1020 | 1 Mozilla | 2 Firefox, Thunderbird | 2025-02-06 | N/A | 9.8 CRITICAL |
| Memory safety bugs present in Firefox 134 and Thunderbird 134. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 135 and Thunderbird < 135. | |||||
| CVE-2025-1017 | 1 Mozilla | 2 Firefox, Thunderbird | 2025-02-06 | N/A | 9.8 CRITICAL |
| Memory safety bugs present in Firefox 134, Thunderbird 134, Firefox ESR 128.6, and Thunderbird 128.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 135, Firefox ESR < 128.7, Thunderbird < 128.7, and Thunderbird < 135. | |||||
| CVE-2025-1016 | 1 Mozilla | 2 Firefox, Thunderbird | 2025-02-06 | N/A | 9.8 CRITICAL |
| Memory safety bugs present in Firefox 134, Thunderbird 134, Firefox ESR 115.19, Firefox ESR 128.6, Thunderbird 115.19, and Thunderbird 128.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 135, Firefox ESR < 115.20, Firefox ESR < 128.7, Thunderbird < 128.7, and Thunderbird < 135. | |||||
| CVE-2025-1014 | 1 Mozilla | 2 Firefox, Thunderbird | 2025-02-06 | N/A | 8.8 HIGH |
| Certificate length was not properly checked when added to a certificate store. In practice only trusted data was processed. This vulnerability affects Firefox < 135, Firefox ESR < 128.7, Thunderbird < 128.7, and Thunderbird < 135. | |||||
| CVE-2025-1019 | 1 Mozilla | 2 Firefox, Thunderbird | 2025-02-06 | N/A | 4.3 MEDIUM |
| The z-order of the browser windows could be manipulated to hide the fullscreen notification. This could potentially be leveraged to perform a spoofing attack. This vulnerability affects Firefox < 135 and Thunderbird < 135. | |||||
| CVE-2025-1018 | 1 Mozilla | 2 Firefox, Thunderbird | 2025-02-06 | N/A | 5.3 MEDIUM |
| The fullscreen notification is prematurely hidden when fullscreen is re-requested quickly by the user. This could have been leveraged to perform a potential spoofing attack. This vulnerability affects Firefox < 135 and Thunderbird < 135. | |||||
| CVE-2025-1012 | 1 Mozilla | 2 Firefox, Thunderbird | 2025-02-06 | N/A | 7.5 HIGH |
| A race during concurrent delazification could have led to a use-after-free. This vulnerability affects Firefox < 135, Firefox ESR < 115.20, Firefox ESR < 128.7, Thunderbird < 128.7, and Thunderbird < 135. | |||||
| CVE-2025-1011 | 1 Mozilla | 2 Firefox, Thunderbird | 2025-02-06 | N/A | 8.8 HIGH |
| A bug in WebAssembly code generation could have lead to a crash. It may have been possible for an attacker to leverage this to achieve code execution. This vulnerability affects Firefox < 135, Firefox ESR < 128.7, Thunderbird < 128.7, and Thunderbird < 135. | |||||
| CVE-2025-1010 | 1 Mozilla | 2 Firefox, Thunderbird | 2025-02-06 | N/A | 8.8 HIGH |
| An attacker could have caused a use-after-free via the Custom Highlight API, leading to a potentially exploitable crash. This vulnerability affects Firefox < 135, Firefox ESR < 115.20, Firefox ESR < 128.7, Thunderbird < 128.7, and Thunderbird < 135. | |||||
| CVE-2025-1009 | 1 Mozilla | 2 Firefox, Thunderbird | 2025-02-06 | N/A | 9.8 CRITICAL |
| An attacker could have caused a use-after-free via crafted XSLT data, leading to a potentially exploitable crash. This vulnerability affects Firefox < 135, Firefox ESR < 115.20, Firefox ESR < 128.7, Thunderbird < 128.7, and Thunderbird < 135. | |||||
| CVE-2023-32207 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2025-01-31 | N/A | 8.8 HIGH |
| A missing delay in popup notifications could have made it possible for an attacker to trick a user into granting permissions. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11. | |||||
| CVE-2023-29550 | 1 Mozilla | 4 Firefox, Firefox Esr, Focus and 1 more | 2025-01-10 | N/A | 8.8 HIGH |
| Memory safety bugs present in Firefox 111 and Firefox ESR 102.9. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 112, Focus for Android < 112, Firefox ESR < 102.10, Firefox for Android < 112, and Thunderbird < 102.10. | |||||
| CVE-2023-29549 | 1 Mozilla | 2 Firefox, Focus | 2025-01-10 | N/A | 6.5 MEDIUM |
| Under certain circumstances, a call to the <code>bind</code> function may have resulted in the incorrect realm. This may have created a vulnerability relating to JavaScript-implemented sandboxes such as SES. This vulnerability affects Firefox for Android < 112, Firefox < 112, and Focus for Android < 112. | |||||
| CVE-2023-29548 | 1 Mozilla | 4 Firefox, Firefox Esr, Focus and 1 more | 2025-01-10 | N/A | 6.5 MEDIUM |
| A wrong lowering instruction in the ARM64 Ion compiler resulted in a wrong optimization result. This vulnerability affects Firefox < 112, Focus for Android < 112, Firefox ESR < 102.10, Firefox for Android < 112, and Thunderbird < 102.10. | |||||