ReportizFlow
Filtered by vendor Mozilla
Subscriptions
Filtered by product Firefox
Subscriptions
Total
2912 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-11714 | 1 Mozilla | 2 Firefox, Thunderbird | 2025-10-16 | 8.8 High |
| Memory safety bugs present in Firefox ESR 115.28, Firefox ESR 140.3, Thunderbird ESR 140.3, Firefox 143 and Thunderbird 143. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 144, Firefox ESR < 115.29, Firefox ESR < 140.4, Thunderbird < 144, and Thunderbird < 140.4. | ||||
| CVE-2025-11715 | 1 Mozilla | 2 Firefox, Thunderbird | 2025-10-16 | 8.8 High |
| Memory safety bugs present in Firefox ESR 140.3, Thunderbird ESR 140.3, Firefox 143 and Thunderbird 143. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 144, Firefox ESR < 140.4, Thunderbird < 144, and Thunderbird < 140.4. | ||||
| CVE-2025-11716 | 2 Google, Mozilla | 3 Android, Firefox, Thunderbird | 2025-10-16 | 6.5 Medium |
| Links in a sandboxed iframe could open an external app on Android without the required "allow-" permission. This vulnerability affects Firefox < 144 and Thunderbird < 144. | ||||
| CVE-2025-11719 | 2 Microsoft, Mozilla | 3 Windows, Firefox, Thunderbird | 2025-10-15 | 9.8 Critical |
| Starting in Firefox 143, the use of the native messaging API by web extensions on Windows could lead to crashes caused by use-after-free memory corruption. This vulnerability affects Firefox < 144 and Thunderbird < 144. | ||||
| CVE-2025-11717 | 2 Google, Mozilla | 2 Android, Firefox | 2025-10-15 | 9.1 Critical |
| When switching between Android apps using the card carousel Firefox shows a black screen as its card image when a password-related screen was the last one being used. Prior to Firefox 144 the password edit screen was visible. This vulnerability affects Firefox < 144. | ||||
| CVE-2025-11718 | 2 Google, Mozilla | 2 Android, Firefox | 2025-10-15 | 6.5 Medium |
| When the address bar was hidden due to scrolling on Android, a malicious page could create a fake address bar to fool the user in response to a visibilitychange event This vulnerability affects Firefox < 144. | ||||
| CVE-2025-11720 | 2 Google, Mozilla | 2 Android, Firefox | 2025-10-15 | 8.1 High |
| The Firefox and Firefox Focus UI for the Android custom tab feature only showed the "site" that was loaded, not the full hostname. User supplied content hosted on a subdomain of a site could have been used to fool a user into thinking it was content from a different subdomain of that site. This vulnerability affects Firefox < 144. | ||||
| CVE-2025-11721 | 1 Mozilla | 2 Firefox, Thunderbird | 2025-10-15 | 9.8 Critical |
| Memory safety bug present in Firefox 143 and Thunderbird 143. This bug showed evidence of memory corruption and we presume that with enough effort this could have been exploited to run arbitrary code. This vulnerability affects Firefox < 144 and Thunderbird < 144. | ||||
| CVE-2025-11153 | 1 Mozilla | 1 Firefox | 2025-10-15 | 7.5 High |
| JIT miscompilation in the JavaScript Engine: JIT component. This vulnerability affects Firefox < 143.0.3. | ||||
| CVE-2025-11152 | 1 Mozilla | 1 Firefox | 2025-10-13 | 8.6 High |
| This vulnerability affects Firefox < 143.0.3. | ||||
| CVE-2010-3765 | 2 Mozilla, Redhat | 4 Firefox, Seamonkey, Thunderbird and 1 more | 2025-10-07 | 9.8 Critical |
| Mozilla Firefox 3.5.x through 3.5.14 and 3.6.x through 3.6.11, Thunderbird 3.1.6 before 3.1.6 and 3.0.x before 3.0.10, and SeaMonkey 2.x before 2.0.10, when JavaScript is enabled, allows remote attackers to execute arbitrary code via vectors related to nsCSSFrameConstructor::ContentAppended, the appendChild method, incorrect index tracking, and the creation of multiple frames, which triggers memory corruption, as exploited in the wild in October 2010 by the Belmoo malware. | ||||
| CVE-2025-6436 | 1 Mozilla | 2 Firefox, Thunderbird | 2025-10-04 | 8.1 High |
| Memory safety bugs present in Firefox 139 and Thunderbird 139. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 140 and Thunderbird < 140. | ||||
| CVE-2025-10859 | 2 Apple, Mozilla | 3 Ios, Firefox, Firefox For Ios | 2025-10-03 | 4 Medium |
| Cookie storage for non-HTML temporary documents was being shared incorrectly with normal browsing content, allowing information from private tabs to escape Incognito mode even after the user closed all tabs This vulnerability affects Firefox for iOS < 143.1. | ||||
| CVE-2025-8038 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2025-09-30 | 9.8 Critical |
| Thunderbird ignored paths when checking the validity of navigations in a frame. This vulnerability affects Firefox < 141, Firefox ESR < 140.1, Thunderbird < 141, and Thunderbird < 140.1. | ||||
| CVE-2025-8036 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2025-09-30 | 8.1 High |
| Thunderbird cached CORS preflight responses across IP address changes. This allowed circumventing CORS with DNS rebinding. This vulnerability affects Firefox < 141, Firefox ESR < 140.1, Thunderbird < 141, and Thunderbird < 140.1. | ||||
| CVE-2025-8029 | 2 Mozilla, Redhat | 4 Firefox, Firefox Esr, Thunderbird and 1 more | 2025-09-30 | 8.1 High |
| Thunderbird executed `javascript:` URLs when used in `object` and `embed` tags. This vulnerability affects Firefox < 141, Firefox ESR < 128.13, Firefox ESR < 140.1, Thunderbird < 141, Thunderbird < 128.13, and Thunderbird < 140.1. | ||||
| CVE-2025-1939 | 1 Mozilla | 1 Firefox | 2025-09-30 | 3.9 Low |
| Android apps can load web pages using the Custom Tabs feature. This feature supports a transition animation that could have been used to trick a user into granting sensitive permissions by hiding what the user was actually clicking. This vulnerability affects Firefox < 136. | ||||
| CVE-2024-6600 | 1 Mozilla | 2 Firefox, Thunderbird | 2025-09-26 | 6.3 Medium |
| Due to large allocation checks in Angle for GLSL shaders being too lenient an out-of-bounds access could occur when allocating more than 8192 ints in private shader memory on macOS. This vulnerability affects Firefox < 128, Firefox ESR < 115.13, Thunderbird < 115.13, and Thunderbird < 128. | ||||
| CVE-2025-5269 | 2 Mozilla, Redhat | 8 Firefox, Thunderbird, Enterprise Linux and 5 more | 2025-09-23 | 8.1 High |
| Memory safety bug present in Firefox ESR 128.10, and Thunderbird 128.10. This bug showed evidence of memory corruption and we presume that with enough effort this could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR < 128.11 and Thunderbird < 128.11. | ||||
| CVE-2025-5268 | 2 Mozilla, Redhat | 8 Firefox, Thunderbird, Enterprise Linux and 5 more | 2025-09-23 | 8.1 High |
| Memory safety bugs present in Firefox 138, Thunderbird 138, Firefox ESR 128.10, and Thunderbird 128.10. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 139, Firefox ESR < 128.11, Thunderbird < 139, and Thunderbird < 128.11. | ||||