ReportizFlow
Filtered by vendor Mozilla
Subscriptions
Filtered by product Firefox
Subscriptions
Total
2797 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-46882 | 2 Mozilla, Redhat | 8 Firefox, Firefox Esr, Thunderbird and 5 more | 2025-02-13 | 9.8 Critical |
| A use-after-free in WebGL extensions could have led to a potentially exploitable crash. This vulnerability affects Firefox < 107, Firefox ESR < 102.6, and Thunderbird < 102.6. | ||||
| CVE-2022-46880 | 2 Mozilla, Redhat | 8 Firefox, Firefox Esr, Thunderbird and 5 more | 2025-02-13 | 6.5 Medium |
| A missing check related to tex units could have led to a use-after-free and potentially exploitable crash.<br />*Note*: This advisory was added on December 13th, 2022 after we better understood the impact of the issue. The fix was included in the original release of Firefox 105. This vulnerability affects Firefox ESR < 102.6, Firefox < 105, and Thunderbird < 102.6. | ||||
| CVE-2022-46878 | 2 Mozilla, Redhat | 8 Firefox, Firefox Esr, Thunderbird and 5 more | 2025-02-13 | 8.8 High |
| Mozilla developers Randell Jesup, Valentin Gosu, Olli Pettay, and the Mozilla Fuzzing Team reported memory safety bugs present in Thunderbird 102.5. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 108, Firefox ESR < 102.6, and Thunderbird < 102.6. | ||||
| CVE-2022-46877 | 3 Debian, Mozilla, Redhat | 7 Debian Linux, Firefox, Enterprise Linux and 4 more | 2025-02-13 | 4.3 Medium |
| By confusing the browser, the fullscreen notification could have been delayed or suppressed, resulting in potential user confusion or spoofing attacks. This vulnerability affects Firefox < 108. | ||||
| CVE-2022-46875 | 2 Apple, Mozilla | 4 Macos, Firefox, Firefox Esr and 1 more | 2025-02-13 | 6.5 Medium |
| The executable file warning was not presented when downloading .atloc and .ftploc files, which can run commands on a user's computer. <br>*Note: This issue only affected Mac OS operating systems. Other operating systems are unaffected.*. This vulnerability affects Firefox < 108, Firefox ESR < 102.6, and Thunderbird < 102.6. | ||||
| CVE-2022-46874 | 2 Mozilla, Redhat | 8 Firefox, Firefox Esr, Thunderbird and 5 more | 2025-02-13 | 8.8 High |
| A file with a long filename could have had its filename truncated to remove the valid extension, leaving a malicious extension in its place. This could potentially led to user confusion and the execution of malicious code.<br/>*Note*: This issue was originally included in the advisories for Thunderbird 102.6, but a patch (specific to Thunderbird) was omitted, resulting in it actually being fixed in Thunderbird 102.6.1. This vulnerability affects Firefox < 108, Thunderbird < 102.6.1, Thunderbird < 102.6, and Firefox ESR < 102.6. | ||||
| CVE-2022-46872 | 3 Linux, Mozilla, Redhat | 9 Linux Kernel, Firefox, Firefox Esr and 6 more | 2025-02-13 | 8.6 High |
| An attacker who compromised a content process could have partially escaped the sandbox to read arbitrary files via clipboard-related IPC messages.<br>*This bug only affects Thunderbird for Linux. Other operating systems are unaffected.*. This vulnerability affects Firefox < 108, Firefox ESR < 102.6, and Thunderbird < 102.6. | ||||
| CVE-2022-46871 | 3 Debian, Mozilla, Redhat | 7 Debian Linux, Firefox, Enterprise Linux and 4 more | 2025-02-13 | 8.8 High |
| An out of date library (libusrsctp) contained vulnerabilities that could potentially be exploited. This vulnerability affects Firefox < 108. | ||||
| CVE-2024-10941 | 1 Mozilla | 1 Firefox | 2025-02-11 | 4.3 Medium |
| A malicious website could have included an iframe with an malformed URI resulting in a non-exploitable browser crash. This vulnerability affects Firefox < 126. | ||||
| CVE-2025-1020 | 1 Mozilla | 2 Firefox, Thunderbird | 2025-02-07 | 9.8 Critical |
| Memory safety bugs present in Firefox 134 and Thunderbird 134. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 135 and Thunderbird < 135. | ||||
| CVE-2025-1017 | 2 Mozilla, Redhat | 8 Firefox, Thunderbird, Enterprise Linux and 5 more | 2025-02-07 | 9.8 Critical |
| Memory safety bugs present in Firefox 134, Thunderbird 134, Firefox ESR 128.6, and Thunderbird 128.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 135, Firefox ESR < 128.7, Thunderbird < 128.7, and Thunderbird < 135. | ||||
| CVE-2025-1014 | 2 Mozilla, Redhat | 8 Firefox, Thunderbird, Enterprise Linux and 5 more | 2025-02-07 | 8.8 High |
| Certificate length was not properly checked when added to a certificate store. In practice only trusted data was processed. This vulnerability affects Firefox < 135, Firefox ESR < 128.7, Thunderbird < 128.7, and Thunderbird < 135. | ||||
| CVE-2025-1019 | 1 Mozilla | 2 Firefox, Thunderbird | 2025-02-06 | 4.3 Medium |
| The z-order of the browser windows could be manipulated to hide the fullscreen notification. This could potentially be leveraged to perform a spoofing attack. This vulnerability affects Firefox < 135 and Thunderbird < 135. | ||||
| CVE-2025-1018 | 1 Mozilla | 2 Firefox, Thunderbird | 2025-02-06 | 7.3 High |
| The fullscreen notification is prematurely hidden when fullscreen is re-requested quickly by the user. This could have been leveraged to perform a potential spoofing attack. This vulnerability affects Firefox < 135 and Thunderbird < 135. | ||||
| CVE-2025-1012 | 2 Mozilla, Redhat | 8 Firefox, Thunderbird, Enterprise Linux and 5 more | 2025-02-06 | 9.8 Critical |
| A race during concurrent delazification could have led to a use-after-free. This vulnerability affects Firefox < 135, Firefox ESR < 115.20, Firefox ESR < 128.7, Thunderbird < 128.7, and Thunderbird < 135. | ||||
| CVE-2025-1011 | 2 Mozilla, Redhat | 8 Firefox, Thunderbird, Enterprise Linux and 5 more | 2025-02-06 | 9.8 Critical |
| A bug in WebAssembly code generation could have lead to a crash. It may have been possible for an attacker to leverage this to achieve code execution. This vulnerability affects Firefox < 135, Firefox ESR < 128.7, Thunderbird < 128.7, and Thunderbird < 135. | ||||
| CVE-2025-1010 | 2 Mozilla, Redhat | 8 Firefox, Thunderbird, Enterprise Linux and 5 more | 2025-02-06 | 9.8 Critical |
| An attacker could have caused a use-after-free via the Custom Highlight API, leading to a potentially exploitable crash. This vulnerability affects Firefox < 135, Firefox ESR < 115.20, Firefox ESR < 128.7, Thunderbird < 128.7, and Thunderbird < 135. | ||||
| CVE-2024-11704 | 1 Mozilla | 2 Firefox, Thunderbird | 2025-02-04 | 9.8 Critical |
| A double-free issue could have occurred in `sec_pkcs7_decoder_start_decrypt()` when handling an error path. Under specific conditions, the same symmetric key could have been freed twice, potentially leading to memory corruption. This vulnerability affects Firefox < 133, Thunderbird < 133, Firefox ESR < 128.7, and Thunderbird < 128.7. | ||||
| CVE-2023-32207 | 2 Mozilla, Redhat | 8 Firefox, Firefox Esr, Thunderbird and 5 more | 2025-01-31 | 8.8 High |
| A missing delay in popup notifications could have made it possible for an attacker to trick a user into granting permissions. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11. | ||||
| CVE-2006-5160 | 1 Mozilla | 1 Firefox | 2025-01-17 | 8.1 High |
| Multiple unspecified vulnerabilities in Mozilla Firefox have unspecified vectors and impact, as claimed during ToorCon 2006. NOTE: the vendor and original researchers have released a follow-up comment disputing this issue, in which one researcher states that "I have no undisclosed Firefox vulnerabilities. The person who was speaking with me made this claim, and I honestly have no idea if he has them or not. | ||||