Filtered by vendor Mozilla Subscriptions
Total 3264 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2024-7523 1 Mozilla 1 Firefox 2025-03-14 6.3 Medium
A select option could partially obscure security prompts. This could be used by a malicious site to trick a user into granting permissions. *This issue only affects Android versions of Firefox.* This vulnerability affects Firefox < 129.
CVE-2024-38313 1 Mozilla 1 Firefox 2025-03-14 4.3 Medium
In certain scenarios a malicious website could attempt to display a fake location URL bar which could mislead users as to the actual website address This vulnerability affects Firefox for iOS < 127.
CVE-2024-2615 1 Mozilla 1 Firefox 2025-03-14 9.8 Critical
Memory safety bugs present in Firefox 123. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 124.
CVE-2025-1009 2 Mozilla, Redhat 8 Firefox, Thunderbird, Enterprise Linux and 5 more 2025-03-14 9.8 Critical
An attacker could have caused a use-after-free via crafted XSLT data, leading to a potentially exploitable crash. This vulnerability affects Firefox < 135, Firefox ESR < 115.20, Firefox ESR < 128.7, Thunderbird < 128.7, and Thunderbird < 135.
CVE-2024-5698 1 Mozilla 1 Firefox 2025-03-14 5.4 Medium
By manipulating the fullscreen feature while opening a data-list, an attacker could have overlaid a text box over the address bar. This could have led to user confusion and possible spoofing attacks. This vulnerability affects Firefox < 127.
CVE-2024-10474 1 Mozilla 2 Firefox Focus, Focus For Ios 2025-03-13 9.1 Critical
Focus was incorrectly allowing internal links to utilize the app scheme used for deeplinking, which could result in links potentially circumventing some URL safety checks This vulnerability affects Focus for iOS < 132.
CVE-2024-4777 3 Debian, Mozilla, Redhat 9 Debian Linux, Firefox, Firefox Esr and 6 more 2025-03-13 7.5 High
Memory safety bugs present in Firefox 125, Firefox ESR 115.10, and Thunderbird 115.10. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 126, Firefox ESR < 115.11, and Thunderbird < 115.11.
CVE-2023-4863 10 Bandisoft, Bentley, Debian and 7 more 17 Honeyview, Seequent Leapfrog, Debian Linux and 14 more 2025-03-13 8.8 High
Heap buffer overflow in libwebp in Google Chrome prior to 116.0.5845.187 and libwebp 1.3.2 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: Critical)
CVE-2024-6609 1 Mozilla 2 Firefox, Thunderbird 2025-03-13 8.8 High
When almost out-of-memory an elliptic curve key which was never allocated could have been freed again. This vulnerability affects Firefox < 128 and Thunderbird < 128.
CVE-2024-5697 1 Mozilla 1 Firefox 2025-03-13 5.3 Medium
A website was able to detect when a user took a screenshot of a page using the built-in Screenshot functionality in Firefox. This vulnerability affects Firefox < 127.
CVE-2025-1015 2 Mozilla, Redhat 6 Thunderbird, Enterprise Linux, Rhel Aus and 3 more 2025-03-10 5.4 Medium
The Thunderbird Address Book URI fields contained unsanitized links. This could be used by an attacker to create and export an address book containing a malicious payload in a field. For example, in the “Other” field of the Instant Messaging section. If another user imported the address book, clicking on the link could result in opening a web page inside Thunderbird, and that page could execute (unprivileged) JavaScript. This vulnerability affects Thunderbird < 128.7 and Thunderbird < 135.
CVE-2025-1016 2 Mozilla, Redhat 8 Firefox, Thunderbird, Enterprise Linux and 5 more 2025-03-10 9.8 Critical
Memory safety bugs present in Firefox 134, Thunderbird 134, Firefox ESR 115.19, Firefox ESR 128.6, Thunderbird 115.19, and Thunderbird 128.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 135, Firefox ESR < 115.20, Firefox ESR < 128.7, Thunderbird < 128.7, and Thunderbird < 135.
CVE-2022-26485 2 Mozilla, Redhat 7 Firefox, Firefox Esr, Firefox Focus and 4 more 2025-03-06 8.8 High
Removing an XSLT parameter during processing could have lead to an exploitable use-after-free. We have had reports of attacks in the wild abusing this flaw. This vulnerability affects Firefox < 97.0.2, Firefox ESR < 91.6.1, Firefox for Android < 97.3.0, Thunderbird < 91.6.2, and Focus < 97.3.0.
CVE-2024-2613 1 Mozilla 1 Firefox 2025-02-25 7.5 High
Data was not properly sanitized when decoding a QUIC ACK frame; this could have led to unrestricted memory consumption and a crash. This vulnerability affects Firefox < 124.
CVE-2024-2614 3 Debian, Mozilla, Redhat 9 Debian Linux, Firefox, Firefox Esr and 6 more 2025-02-25 8.8 High
Memory safety bugs present in Firefox 123, Firefox ESR 115.8, and Thunderbird 115.8. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 124, Firefox ESR < 115.9, and Thunderbird < 115.9.
CVE-2024-2616 2 Mozilla, Redhat 7 Firefox, Thunderbird, Enterprise Linux and 4 more 2025-02-25 2.7 Low
To harden ICU against exploitation, the behavior for out-of-memory conditions was changed to crash instead of attempt to continue. This vulnerability affects Firefox ESR < 115.9 and Thunderbird < 115.9.
CVE-2024-2612 2 Mozilla, Redhat 8 Firefox, Firefox Esr, Thunderbird and 5 more 2025-02-13 8.1 High
If an attacker could find a way to trigger a particular code path in `SafeRefPtr`, it could have triggered a crash or potentially be leveraged to achieve code execution. This vulnerability affects Firefox < 124, Firefox ESR < 115.9, and Thunderbird < 115.9.
CVE-2024-0751 3 Debian, Mozilla, Redhat 9 Debian Linux, Firefox, Firefox Esr and 6 more 2025-02-13 8.8 High
A malicious devtools extension could have been used to escalate privileges. This vulnerability affects Firefox < 122, Firefox ESR < 115.7, and Thunderbird < 115.7.
CVE-2024-0750 3 Debian, Mozilla, Redhat 9 Debian Linux, Firefox, Firefox Esr and 6 more 2025-02-13 8.8 High
A bug in popup notifications delay calculation could have made it possible for an attacker to trick a user into granting permissions. This vulnerability affects Firefox < 122, Firefox ESR < 115.7, and Thunderbird < 115.7.
CVE-2024-0746 3 Debian, Mozilla, Redhat 9 Debian Linux, Firefox, Firefox Esr and 6 more 2025-02-13 6.5 Medium
A Linux user opening the print preview dialog could have caused the browser to crash. This vulnerability affects Firefox < 122, Firefox ESR < 115.7, and Thunderbird < 115.7.