Home/Product/mozilla firefox
Product

mozilla firefox

500 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
CVE-2026-8401
< 150.0.3
Sandbox escape in the Profile Backup component. This vulnerability was fixed in Firefox 150.0.3, Firefox ESR 115.36, Firefox ESR 1
9.8CRITICAL
 CVE-2026-8391
< 150.0.3
Other issue in the JavaScript Engine component. This vulnerability was fixed in Firefox 150.0.3, Firefox ESR 115.36, Firefox ESR 1
5.3MEDIUM
 CVE-2026-8390
< 150.0.3
Use-after-free in the JavaScript: WebAssembly component. This vulnerability was fixed in Firefox 150.0.3.
7.3HIGH
 CVE-2026-8389
< 150.0.3
JIT miscompilation in the JavaScript Engine: JIT component. This vulnerability was fixed in Firefox 150.0.3.
7.3HIGH
 CVE-2026-8388
< 150.0.3
Incorrect boundary conditions in the JavaScript Engine: JIT component. This vulnerability was fixed in Firefox 150.0.3, Firefox ES
6.5MEDIUM
 CVE-2026-8094
< 140.10.2
Other issue in the WebRTC component. This vulnerability was fixed in Firefox ESR 140.10.2 and Thunderbird 140.10.2.
9.8CRITICAL
 CVE-2026-8093
< 150.0.2
Memory safety bugs present in Firefox 150.0.1. Some of these bugs showed evidence of memory corruption and we presume that with en
8.1HIGH
 CVE-2026-8092
>= 150.0 and < 150.0.2
Memory safety bugs present in Firefox ESR 115.35.1, Firefox ESR 140.10.1 and Firefox 150.0.1. Some of these bugs showed evidence o
8.1HIGH
 CVE-2026-8091
< 115.35.2
Incorrect boundary conditions in the Audio/Video: Playback component. This vulnerability was fixed in Firefox 150, Thunderbird 150
9.8CRITICAL
 CVE-2026-8090
< 150.0.2
Use-after-free in the DOM: Networking component. This vulnerability was fixed in Firefox 150.0.2, Firefox ESR 140.10.2, Firefox ES
7.3HIGH
 CVE-2026-7324
< 150.0.1
Memory safety bugs present in Thunderbird 150.0.0. Some of these bugs showed evidence of memory corruption and we presume that wit
7.3HIGH
 CVE-2026-7323
< 150.0.1
Memory safety bugs present in Thunderbird ESR 140.10.0 and Thunderbird 150.0.0. Some of these bugs showed evidence of memory corru
7.3HIGH
 CVE-2026-7322
< 150.0.1
Memory safety bugs present in Thunderbird ESR 140.10.0 and Thunderbird 150.0.0. Some of these bugs showed evidence of memory corru
7.3HIGH
 CVE-2026-7321
< 150.0
Sandbox escape due to incorrect boundary conditions in the WebRTC: Networking component. This vulnerability was fixed in Firefox 1
9.6CRITICAL
 CVE-2026-7320
< 150.0.1
Information disclosure due to incorrect boundary conditions in the Audio/Video component. This vulnerability was fixed in Firefox
7.5HIGH
 CVE-2026-6786
< 150.0
Memory safety bugs present in Firefox ESR 140.9, Thunderbird ESR 140.9, Firefox 149 and Thunderbird 149. Some of these bugs showed
7.5HIGH
 CVE-2026-6785
< 150.0
Memory safety bugs present in Firefox ESR 115.34, Firefox ESR 140.9, Thunderbird ESR 140.9, Firefox 149 and Thunderbird 149. Some
7.5HIGH
 CVE-2026-6784
< 150.0
Memory safety bugs present in Firefox 149 and Thunderbird 149. Some of these bugs showed evidence of memory corruption and we pres
7.5HIGH
 CVE-2026-6783
< 150.0
Incorrect boundary conditions, integer overflow in the Audio/Video: Playback component. This vulnerability was fixed in Firefox 15
5.3MEDIUM
 CVE-2026-6782
< 150.0
Information disclosure in the IP Protection component. This vulnerability was fixed in Firefox 150 and Thunderbird 150.
7.5HIGH
 CVE-2026-6781
< 150.0
Denial-of-service in the Audio/Video: Playback component. This vulnerability was fixed in Firefox 150 and Thunderbird 150.
7.5HIGH
 CVE-2026-6780
< 150.0
Denial-of-service in the Audio/Video: Playback component. This vulnerability was fixed in Firefox 150 and Thunderbird 150.
7.5HIGH
 CVE-2026-6779
< 150.0
Other issue in the JavaScript Engine component. This vulnerability was fixed in Firefox 150 and Thunderbird 150.
5.3MEDIUM
 CVE-2026-6778
< 150.0
Invalid pointer in the Audio/Video: Playback component. This vulnerability was fixed in Firefox 150 and Thunderbird 150.
5.3MEDIUM
 CVE-2026-6777
< 150.0
Other issue in the Networking: DNS component. This vulnerability was fixed in Firefox 150 and Thunderbird 150.
5.3MEDIUM
 CVE-2026-6776
< 150.0
Incorrect boundary conditions in the WebRTC: Networking component. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10
7.8HIGH
 CVE-2026-6775
< 150.0
Incorrect boundary conditions in the WebRTC component. This vulnerability was fixed in Firefox 150 and Thunderbird 150.
5.3MEDIUM
 CVE-2026-6774
< 150.0
Mitigation bypass in the DOM: Security component. This vulnerability was fixed in Firefox 150 and Thunderbird 150.
5.4MEDIUM
 CVE-2026-6773
< 150.0
Denial-of-service due to integer overflow in the Graphics: WebGPU component. This vulnerability was fixed in Firefox 150 and Thund
7.5HIGH
 CVE-2026-6772
< 150.0
Incorrect boundary conditions in the Libraries component in NSS. This vulnerability was fixed in Firefox 150, Firefox ESR 115.35,
7.5HIGH
 CVE-2026-6771
< 150.0
Mitigation bypass in the DOM: Security component. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150
9.8CRITICAL
 CVE-2026-6770
< 150.0
Other issue in the Storage: IndexedDB component. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150,
6.5MEDIUM
 CVE-2026-6769
< 150.0
Privilege escalation in the Debugger component. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150,
8.8HIGH
 CVE-2026-6768
< 150.0
Mitigation bypass in the Networking: Cookies component. This vulnerability was fixed in Firefox 150 and Thunderbird 150.
9.8CRITICAL
 CVE-2026-6767
< 150.0
Other issue in the Libraries component in NSS. This vulnerability was fixed in Firefox 150, Firefox ESR 115.35, Firefox ESR 140.10
5.3MEDIUM
 CVE-2026-6766
< 150.0
Incorrect boundary conditions in the Libraries component in NSS. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10,
7.5HIGH
 CVE-2026-6765
< 150.0
Information disclosure in the Form Autofill component. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbir
5.3MEDIUM
 CVE-2026-6764
< 150.0
Incorrect boundary conditions in the DOM: Device Interfaces component. This vulnerability was fixed in Firefox 150, Firefox ESR 14
6.5MEDIUM
 CVE-2026-6763
< 150.0
Mitigation bypass in the File Handling component. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150
6.5MEDIUM
 CVE-2026-6762
< 150.0
Spoofing issue in the DOM: Core & HTML component. This vulnerability was fixed in Firefox 150, Firefox ESR 115.35, Firefox ESR 140
6.3MEDIUM
 CVE-2026-6761
< 150.0
Privilege escalation in the Networking component. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150
8.8HIGH
 CVE-2026-6760
< 150.0
Mitigation bypass in the Networking: Cookies component. This vulnerability was fixed in Firefox 150 and Thunderbird 150.
9.8CRITICAL
 CVE-2026-6759
< 150.0
Use-after-free in the Widget: Cocoa component. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150, a
7.5HIGH
 CVE-2026-6758
< 150.0
Use-after-free in the JavaScript: WebAssembly component. This vulnerability was fixed in Firefox 150 and Thunderbird 150.
7.5HIGH
 CVE-2026-6757
< 150.0
Invalid pointer in the JavaScript: WebAssembly component. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunder
6.3MEDIUM
 CVE-2026-6756
< 150.0
Mitigation bypass in Firefox for Android. This vulnerability was fixed in Firefox 150.
7.5HIGH
 CVE-2026-6755
< 150.0
Mitigation bypass in the DOM: postMessage component. This vulnerability was fixed in Firefox 150 and Thunderbird 150.
6.5MEDIUM
 CVE-2026-6754
< 150.0
Use-after-free in the JavaScript Engine component. This vulnerability was fixed in Firefox 150, Firefox ESR 115.35, Firefox ESR 14
7.5HIGH
 CVE-2026-6753
< 150.0
Incorrect boundary conditions in the WebRTC component. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbir
7.3HIGH
 CVE-2026-6752
< 150.0
Incorrect boundary conditions in the WebRTC component. This vulnerability was fixed in Firefox 150, Firefox ESR 115.35, Firefox ES
7.3HIGH
 CVE-2026-6751
< 150.0
Uninitialized memory in the Audio/Video: Web Codecs component. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Th
7.3HIGH
 CVE-2026-6750
< 150.0
Privilege escalation in the Graphics: WebRender component. This vulnerability was fixed in Firefox 150, Firefox ESR 115.35, Firefo
8.8HIGH
 CVE-2026-6749
< 150.0
Information disclosure due to uninitialized memory in the Graphics: Canvas2D component. This vulnerability was fixed in Firefox 15
7.5HIGH
 CVE-2026-6748
< 150.0
Uninitialized memory in the Audio/Video: Web Codecs component. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Th
9.8CRITICAL
 CVE-2026-6747
< 150.0
Use-after-free in the WebRTC component. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150, and Thun
7.5HIGH
 CVE-2026-6746
< 150.0
Use-after-free in the DOM: Core & HTML component. This vulnerability was fixed in Firefox 150, Firefox ESR 115.35, Firefox ESR 140
7.5HIGH
 CVE-2026-5735
< 149.0.2
Memory safety bugs present in Firefox 149.0.1 and Thunderbird 149.0.1. Some of these bugs showed evidence of memory corruption and
9.8CRITICAL
 CVE-2026-5734
< 149.0.2
Memory safety bugs present in Firefox ESR 140.9.0, Thunderbird ESR 140.9.0, Firefox 149.0.1 and Thunderbird 149.0.1. Some of these
9.8CRITICAL
 CVE-2026-5733
< 149.0.2
Incorrect boundary conditions in the Graphics: WebGPU component. This vulnerability was fixed in Firefox 149.0.2 and Thunderbird 1
8.8HIGH
 CVE-2026-5732
< 149.0.2
Incorrect boundary conditions, integer overflow in the Graphics: Text component. This vulnerability was fixed in Firefox 149.0.2,
8.8HIGH
 CVE-2026-5731
all versions
Memory safety bugs present in Firefox ESR 115.34.0, Firefox ESR 140.9.0, Thunderbird ESR 140.9.0, Firefox 149.0.1 and Thunderbird
9.8CRITICAL
 CVE-2026-4729
< 149.0
Memory safety bugs present in Firefox 148 and Thunderbird 148. Some of these bugs showed evidence of memory corruption and we pres
9.8CRITICAL
 CVE-2026-4728
< 149.0
Spoofing issue in the Privacy: Anti-Tracking component. This vulnerability was fixed in Firefox 149 and Thunderbird 149.
6.5MEDIUM
 CVE-2026-4727
< 149.0
Denial-of-service in the Libraries component in NSS. This vulnerability was fixed in Firefox 149 and Thunderbird 149.
7.5HIGH
 CVE-2026-4726
< 149.0
Denial-of-service in the XML component. This vulnerability was fixed in Firefox 149 and Thunderbird 149.
7.5HIGH
 CVE-2026-4725
< 149.0
Sandbox escape due to use-after-free in the Graphics: Canvas2D component. This vulnerability was fixed in Firefox 149 and Thunderb
10.0CRITICAL
 CVE-2026-4724
< 149.0
Undefined behavior in the Audio/Video component. This vulnerability was fixed in Firefox 149 and Thunderbird 149.
9.1CRITICAL
 CVE-2026-4723
< 149.0
Use-after-free in the JavaScript Engine component. This vulnerability was fixed in Firefox 149 and Thunderbird 149.
9.8CRITICAL
 CVE-2026-4722
< 149.0
Privilege escalation in the IPC component. This vulnerability was fixed in Firefox 149 and Thunderbird 149.
8.8HIGH
 CVE-2026-4721
< 149.0
Memory safety bugs present in Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird ESR 140.8, Firefox 148 and Thunderbird 148. Some
9.8CRITICAL
 CVE-2026-4720
< 149.0
Memory safety bugs present in Firefox ESR 140.8, Thunderbird ESR 140.8, Firefox 148 and Thunderbird 148. Some of these bugs showed
9.8CRITICAL
 CVE-2026-4719
< 149.0
Incorrect boundary conditions in the Graphics: Text component. This vulnerability was fixed in Firefox 149, Firefox ESR 140.9, Thu
7.5HIGH
 CVE-2026-4718
< 149.0
Undefined behavior in the WebRTC: Signaling component. This vulnerability was fixed in Firefox 149, Firefox ESR 140.9, Thunderbird
8.1HIGH
 CVE-2026-4717
< 149.0
Privilege escalation in the Netmonitor component. This vulnerability was fixed in Firefox 149, Firefox ESR 140.9, Thunderbird 149,
9.8CRITICAL
 CVE-2026-4716
< 149.0
Incorrect boundary conditions, uninitialized memory in the JavaScript Engine component. This vulnerability was fixed in Firefox 14
9.1CRITICAL
 CVE-2026-4715
< 149.0
Uninitialized memory in the Graphics: Canvas2D component. This vulnerability was fixed in Firefox 149, Firefox ESR 140.9, Thunderb
9.1CRITICAL
 CVE-2026-4714
< 149.0
Incorrect boundary conditions in the Audio/Video component. This vulnerability was fixed in Firefox 149, Firefox ESR 140.9, Thunde
7.5HIGH
 CVE-2026-4713
< 149.0
Incorrect boundary conditions in the Graphics component. This vulnerability was fixed in Firefox 149, Firefox ESR 140.9, Thunderbi
7.5HIGH
 CVE-2026-4712
< 149.0
Information disclosure in the Widget: Cocoa component. This vulnerability was fixed in Firefox 149, Firefox ESR 140.9, Thunderbird
7.5HIGH
 CVE-2026-4711
< 149.0
Use-after-free in the Widget: Cocoa component. This vulnerability was fixed in Firefox 149, Firefox ESR 140.9, Thunderbird 149, an
9.8CRITICAL
 CVE-2026-4710
< 149.0
Incorrect boundary conditions in the Audio/Video component. This vulnerability was fixed in Firefox 149, Firefox ESR 140.9, Thunde
9.8CRITICAL
 CVE-2026-4709
< 149.0
Incorrect boundary conditions in the Audio/Video: GMP component. This vulnerability was fixed in Firefox 149, Firefox ESR 115.34,
7.5HIGH
 CVE-2026-4708
< 149.0
Incorrect boundary conditions in the Graphics component. This vulnerability was fixed in Firefox 149, Firefox ESR 140.9, Thunderbi
7.5HIGH
 CVE-2026-4707
< 149.0
Incorrect boundary conditions in the Graphics: Canvas2D component. This vulnerability was fixed in Firefox 149, Firefox ESR 115.34
7.5HIGH
 CVE-2026-4706
< 149.0
Incorrect boundary conditions in the Graphics: Canvas2D component. This vulnerability was fixed in Firefox 149, Firefox ESR 115.34
7.5HIGH
 CVE-2026-4705
< 149.0
Undefined behavior in the WebRTC: Signaling component. This vulnerability was fixed in Firefox 149, Firefox ESR 140.9, Thunderbird
9.8CRITICAL
 CVE-2026-4704
< 149.0
Denial-of-service in the WebRTC: Signaling component. This vulnerability was fixed in Firefox 149, Firefox ESR 140.9, Thunderbird
7.5HIGH
 CVE-2026-4702
< 149.0
JIT miscompilation in the JavaScript Engine component. This vulnerability was fixed in Firefox 149, Firefox ESR 140.9, Thunderbird
9.8CRITICAL
 CVE-2026-4701
< 149.0
Use-after-free in the JavaScript Engine component. This vulnerability was fixed in Firefox 149, Firefox ESR 140.9, Thunderbird 149
9.8CRITICAL
 CVE-2026-4700
< 149.0
Mitigation bypass in the Networking: HTTP component. This vulnerability was fixed in Firefox 149, Firefox ESR 140.9, Thunderbird 1
9.8CRITICAL
 CVE-2026-4699
< 149.0
Incorrect boundary conditions in the Layout: Text and Fonts component. This vulnerability was fixed in Firefox 149, Firefox ESR 11
7.5HIGH
 CVE-2026-4698
< 149.0
JIT miscompilation in the JavaScript Engine: JIT component. This vulnerability was fixed in Firefox 149, Firefox ESR 115.34, Firef
9.8CRITICAL
 CVE-2026-4697
< 149.0
Incorrect boundary conditions in the Audio/Video: Web Codecs component. This vulnerability was fixed in Firefox 149, Firefox ESR 1
7.5HIGH
 CVE-2026-4696
< 149.0
Use-after-free in the Layout: Text and Fonts component. This vulnerability was fixed in Firefox 149, Firefox ESR 115.34, Firefox E
9.8CRITICAL
 CVE-2026-4695
< 149.0
Incorrect boundary conditions in the Audio/Video: Web Codecs component. This vulnerability was fixed in Firefox 149, Firefox ESR 1
7.5HIGH
 CVE-2026-4694
< 149.0
Incorrect boundary conditions, integer overflow in the Graphics component. This vulnerability was fixed in Firefox 149, Firefox ES
7.5HIGH
 CVE-2026-4693
< 149.0
Incorrect boundary conditions in the Audio/Video: Playback component. This vulnerability was fixed in Firefox 149, Firefox ESR 115
7.5HIGH
 CVE-2026-4692
< 149.0
Sandbox escape in the Responsive Design Mode component. This vulnerability was fixed in Firefox 149, Firefox ESR 115.34, Firefox E
10.0CRITICAL
 CVE-2026-4691
< 149.0
Use-after-free in the CSS Parsing and Computation component. This vulnerability was fixed in Firefox 149, Firefox ESR 115.34, Fire
9.8CRITICAL
 CVE-2026-4690
< 149.0
Sandbox escape due to incorrect boundary conditions, integer overflow in the XPCOM component. This vulnerability was fixed in Fire
8.6HIGH
 CVE-2026-4689
< 149.0
Sandbox escape due to incorrect boundary conditions, integer overflow in the XPCOM component. This vulnerability was fixed in Fire
10.0CRITICAL
 CVE-2026-4688
< 149.0
Sandbox escape due to use-after-free in the Disability Access APIs component. This vulnerability was fixed in Firefox 149, Firefox
10.0CRITICAL
 CVE-2026-4687
< 149.0
Sandbox escape due to incorrect boundary conditions in the Telemetry component. This vulnerability was fixed in Firefox 149, Firef
8.6HIGH
 CVE-2026-4686
< 149.0
Incorrect boundary conditions in the Graphics: Canvas2D component. This vulnerability was fixed in Firefox 149, Firefox ESR 115.34
7.5HIGH
 CVE-2026-4685
< 149.0
Incorrect boundary conditions in the Graphics: Canvas2D component. This vulnerability was fixed in Firefox 149, Firefox ESR 115.34
7.5HIGH
 CVE-2026-4684
< 149.0
Race condition, use-after-free in the Graphics: WebRender component. This vulnerability was fixed in Firefox 149, Firefox ESR 115.
7.5HIGH
 CVE-2026-3847
< 148.0.2
Memory safety bugs present in Firefox 148.0.2. Some of these bugs showed evidence of memory corruption and we presume that with en
8.8HIGH
 CVE-2026-3846
< 148.0.2
Same-origin policy bypass in the CSS Parsing and Computation component. This vulnerability was fixed in Firefox 148.0.2.
6.5MEDIUM
 CVE-2026-3845
< 148.0.2
Heap buffer overflow in the Audio/Video: Playback component in Firefox for Android. This vulnerability was fixed in Firefox 148.0.
8.8HIGH
 CVE-2026-2807
< 148.0
Memory safety bugs present in Firefox 147 and Thunderbird 147. Some of these bugs showed evidence of memory corruption and we pres
9.8CRITICAL
 CVE-2026-2806
< 148.0
Uninitialized memory in the Graphics: Text component. This vulnerability was fixed in Firefox 148 and Thunderbird 148.
9.1CRITICAL
 CVE-2026-2805
< 148.0
Invalid pointer in the DOM: Core & HTML component. This vulnerability was fixed in Firefox 148 and Thunderbird 148.
9.8CRITICAL
 CVE-2026-2804
< 148.0
Use-after-free in the JavaScript: WebAssembly component. This vulnerability was fixed in Firefox 148 and Thunderbird 148.
5.4MEDIUM
 CVE-2026-2803
< 148.0
Information disclosure, mitigation bypass in the Settings UI component. This vulnerability was fixed in Firefox 148 and Thunderbir
7.5HIGH
 CVE-2026-2802
< 148.0
Race condition in the JavaScript: GC component. This vulnerability was fixed in Firefox 148 and Thunderbird 148.
4.2MEDIUM
 CVE-2026-2801
< 148.0
Incorrect boundary conditions in the JavaScript: WebAssembly component. This vulnerability was fixed in Firefox 148 and Thunderbir
7.5HIGH
 CVE-2026-2800
< 148.0
Spoofing issue in the WebAuthn component in Firefox for Android. This vulnerability was fixed in Firefox 148 and Thunderbird 148.
9.8CRITICAL
 CVE-2026-2799
< 148.0
Use-after-free in the DOM: Core & HTML component. This vulnerability was fixed in Firefox 148 and Thunderbird 148.
9.8CRITICAL
 CVE-2026-2798
< 148.0
Use-after-free in the DOM: Core & HTML component. This vulnerability was fixed in Firefox 148 and Thunderbird 148.
8.8HIGH
 CVE-2026-2797
< 148.0
Use-after-free in the JavaScript: GC component. This vulnerability was fixed in Firefox 148 and Thunderbird 148.
9.8CRITICAL
 CVE-2026-2796
< 148.0
JIT miscompilation in the JavaScript: WebAssembly component. This vulnerability was fixed in Firefox 148 and Thunderbird 148.
9.8CRITICAL
 CVE-2026-2795
< 148.0
Use-after-free in the JavaScript: GC component. This vulnerability was fixed in Firefox 148 and Thunderbird 148.
9.8CRITICAL
 CVE-2026-2794
< 148.0
Information disclosure due to uninitialized memory in Firefox and Firefox Focus for Android. This vulnerability was fixed in Firef
7.5HIGH
 CVE-2026-2793
< 148.0
Memory safety bugs present in Firefox ESR 115.32, Firefox ESR 140.7, Thunderbird ESR 140.7, Firefox 147 and Thunderbird 147. Some
9.8CRITICAL
 CVE-2026-2792
< 148.0
Memory safety bugs present in Firefox ESR 140.7, Thunderbird ESR 140.7, Firefox 147 and Thunderbird 147. Some of these bugs showed
9.8CRITICAL
 CVE-2026-2791
< 148.0
Mitigation bypass in the Networking: Cache component. This vulnerability was fixed in Firefox 148, Firefox ESR 140.8, Thunderbird
9.8CRITICAL
 CVE-2026-2790
< 148.0
Same-origin policy bypass in the Networking: JAR component. This vulnerability was fixed in Firefox 148, Firefox ESR 140.8, Thunde
9.8CRITICAL
 CVE-2026-2789
< 148.0
Use-after-free in the Graphics: ImageLib component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 1
9.8CRITICAL
 CVE-2026-2788
< 148.0
Incorrect boundary conditions in the Audio/Video: GMP component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33,
9.8CRITICAL
 CVE-2026-2787
< 148.0
Use-after-free in the DOM: Window and Location component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox
9.8CRITICAL
 CVE-2026-2786
< 148.0
Use-after-free in the JavaScript Engine component. This vulnerability was fixed in Firefox 148, Firefox ESR 140.8, Thunderbird 148
9.8CRITICAL
 CVE-2026-2785
< 148.0
Invalid pointer in the JavaScript Engine component. This vulnerability was fixed in Firefox 148, Firefox ESR 140.8, Thunderbird 14
9.8CRITICAL
 CVE-2026-2784
< 148.0
Mitigation bypass in the DOM: Security component. This vulnerability was fixed in Firefox 148, Firefox ESR 140.8, Thunderbird 148,
9.8CRITICAL
 CVE-2026-2783
< 148.0
Information disclosure due to JIT miscompilation in the JavaScript Engine: JIT component. This vulnerability was fixed in Firefox
7.5HIGH
 CVE-2026-2782
< 148.0
Privilege escalation in the Netmonitor component. This vulnerability was fixed in Firefox 148, Firefox ESR 140.8, Thunderbird 148,
9.8CRITICAL
 CVE-2026-2781
< 148.0
Integer overflow in the Libraries component in NSS. This vulnerability was fixed in Firefox 148, Firefox ESR 140.8, Thunderbird 14
9.8CRITICAL
 CVE-2026-2780
< 148.0
Privilege escalation in the Netmonitor component. This vulnerability was fixed in Firefox 148, Firefox ESR 140.8, Thunderbird 148,
9.8CRITICAL
 CVE-2026-2779
< 148.0
Incorrect boundary conditions in the Networking: JAR component. This vulnerability was fixed in Firefox 148, Firefox ESR 140.8, Th
9.8CRITICAL
 CVE-2026-2778
< 148.0
Sandbox escape due to incorrect boundary conditions in the DOM: Core & HTML component. This vulnerability was fixed in Firefox 148
10.0CRITICAL
 CVE-2026-2777
< 148.0
Privilege escalation in the Messaging System component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox E
9.8CRITICAL
 CVE-2026-2776
< 148.0
Sandbox escape due to incorrect boundary conditions in the Telemetry component in External Software. This vulnerability was fixed
10.0CRITICAL
 CVE-2026-2775
< 148.0
Mitigation bypass in the DOM: HTML Parser component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR
9.8CRITICAL
 CVE-2026-2774
< 148.0
Integer overflow in the Audio/Video component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8,
9.8CRITICAL
 CVE-2026-2773
< 148.0
Incorrect boundary conditions in the Web Audio component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox
9.8CRITICAL
 CVE-2026-2772
< 148.0
Use-after-free in the Audio/Video: Playback component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ES
9.8CRITICAL
 CVE-2026-2771
< 148.0
Undefined behavior in the DOM: Core & HTML component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR
9.8CRITICAL
 CVE-2026-2770
< 148.0
Use-after-free in the DOM: Bindings (WebIDL) component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox E
9.8CRITICAL
 CVE-2026-2769
< 148.0
Use-after-free in the Storage: IndexedDB component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 1
8.8HIGH
 CVE-2026-2768
< 148.0
Sandbox escape in the Storage: IndexedDB component. This vulnerability was fixed in Firefox 148, Firefox ESR 140.8, Thunderbird 14
10.0CRITICAL
 CVE-2026-2767
< 148.0
Use-after-free in the JavaScript: WebAssembly component. This vulnerability was fixed in Firefox 148, Firefox ESR 140.8, Thunderbi
9.8CRITICAL
 CVE-2026-2766
< 148.0
Use-after-free in the JavaScript Engine: JIT component. This vulnerability was fixed in Firefox 148, Firefox ESR 140.8, Thunderbir
9.8CRITICAL
 CVE-2026-2765
< 148.0
Use-after-free in the JavaScript Engine component. This vulnerability was fixed in Firefox 148, Firefox ESR 140.8, Thunderbird 148
9.8CRITICAL
 CVE-2026-2764
< 148.0
JIT miscompilation, use-after-free in the JavaScript Engine: JIT component. This vulnerability was fixed in Firefox 148, Firefox E
9.8CRITICAL
 CVE-2026-2763
< 148.0
Use-after-free in the JavaScript Engine component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 14
9.8CRITICAL
 CVE-2026-2762
< 148.0
Integer overflow in the JavaScript: Standard Library component. This vulnerability was fixed in Firefox 148, Firefox ESR 140.8, Th
9.8CRITICAL
 CVE-2026-2761
< 148.0
Sandbox escape in the Graphics: WebRender component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR
10.0CRITICAL
 CVE-2026-2760
< 148.0
Sandbox escape due to incorrect boundary conditions in the Graphics: WebRender component. This vulnerability was fixed in Firefox
10.0CRITICAL
 CVE-2026-2759
< 148.0
Incorrect boundary conditions in the Graphics: ImageLib component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33
9.8CRITICAL
 CVE-2026-2758
< 148.0
Use-after-free in the JavaScript: GC component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8
9.8CRITICAL
 CVE-2026-2757
< 148.0
Incorrect boundary conditions in the WebRTC: Audio/Video component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.3
9.8CRITICAL
 CVE-2026-2634
< 147.4
Malicious scripts could cause desynchronization between the address bar and web content before a response is received in Firefox i
9.8CRITICAL
 CVE-2026-2447
< 147.0.4
Heap buffer overflow in libvpx. This vulnerability was fixed in Firefox 147.0.4, Firefox ESR 140.7.1, Firefox ESR 115.32.1, Thunde
8.8HIGH
 CVE-2026-2032
< 147.2.1
Malicious scripts that interrupt new tab page loading could cause desynchronization between the address bar and page content, allo
4.3MEDIUM
 CVE-2026-24869
< 147.0.2
Use-after-free in the Layout: Scrolling and Overflow component. This vulnerability was fixed in Firefox 147.0.2.
8.8HIGH
 CVE-2026-24868
< 147.0.2
Mitigation bypass in the Privacy: Anti-Tracking component. This vulnerability was fixed in Firefox 147.0.2.
6.5MEDIUM
 CVE-2026-0892
< 147.0
Memory safety bugs present in Firefox 146 and Thunderbird 146. Some of these bugs showed evidence of memory corruption and we pres
9.8CRITICAL
 CVE-2026-0891
< 147.0
Memory safety bugs present in Firefox ESR 140.6, Thunderbird ESR 140.6, Firefox 146 and Thunderbird 146. Some of these bugs showed
8.1HIGH
 CVE-2026-0890
< 147.0
Spoofing issue in the DOM: Copy & Paste and Drag & Drop component. This vulnerability was fixed in Firefox 147, Firefox ESR 140.7,
5.4MEDIUM
 CVE-2026-0889
< 147.0
Denial-of-service in the DOM: Service Workers component. This vulnerability was fixed in Firefox 147 and Thunderbird 147.
7.5HIGH
 CVE-2026-0888
< 147.0
Information disclosure in the XML component. This vulnerability was fixed in Firefox 147 and Thunderbird 147.
5.3MEDIUM
 CVE-2026-0887
< 147.0
Clickjacking issue, information disclosure in the PDF Viewer component. This vulnerability was fixed in Firefox 147, Firefox ESR 1
4.3MEDIUM
 CVE-2026-0886
< 147.0
Incorrect boundary conditions in the Graphics component. This vulnerability was fixed in Firefox 147, Firefox ESR 115.32, Firefox
5.3MEDIUM
 CVE-2026-0885
< 147.0
Use-after-free in the JavaScript: GC component. This vulnerability was fixed in Firefox 147, Firefox ESR 140.7, Thunderbird 147, a
6.5MEDIUM
 CVE-2026-0884
< 147.0
Use-after-free in the JavaScript Engine component. This vulnerability was fixed in Firefox 147, Firefox ESR 140.7, Thunderbird 147
9.8CRITICAL
 CVE-2026-0883
< 147.0
Information disclosure in the Networking component. This vulnerability was fixed in Firefox 147, Firefox ESR 140.7, Thunderbird 14
5.3MEDIUM
 CVE-2026-0882
< 147.0
Use-after-free in the IPC component. This vulnerability was fixed in Firefox 147, Firefox ESR 115.32, Firefox ESR 140.7, Thunderbi
8.8HIGH
 CVE-2026-0881
< 147.0
Sandbox escape in the Messaging System component. This vulnerability was fixed in Firefox 147 and Thunderbird 147.
10.0CRITICAL
 CVE-2026-0880
< 147.0
Sandbox escape due to integer overflow in the Graphics component. This vulnerability was fixed in Firefox 147, Firefox ESR 115.32,
8.8HIGH
 CVE-2026-0879
< 147.0
Sandbox escape due to incorrect boundary conditions in the Graphics component. This vulnerability was fixed in Firefox 147, Firefo
9.8CRITICAL
 CVE-2026-0878
< 147.0
Sandbox escape due to incorrect boundary conditions in the Graphics: CanvasWebGL component. This vulnerability was fixed in Firefo
8.0HIGH
 CVE-2026-0877
< 147.0
Mitigation bypass in the DOM: Security component. This vulnerability was fixed in Firefox 147, Firefox ESR 115.32, Firefox ESR 140
8.1HIGH
 CVE-2025-14861
< 146.0.1
Memory safety bugs present in Firefox 146. Some of these bugs showed evidence of memory corruption and we presume that with enough
8.8HIGH
 CVE-2025-14860
< 146.0.1
Use-after-free in the Disability Access APIs component. This vulnerability was fixed in Firefox 146.0.1.
9.8CRITICAL
 CVE-2025-14744
< 144.0
Unicode RTLO characters could allow malicious websites to spoof filenames in the downloads UI for Firefox for iOS, potentially tri
6.5MEDIUM
 CVE-2025-14333
< 146.0
Memory safety bugs present in Firefox ESR 140.5, Thunderbird ESR 140.5, Firefox 145 and Thunderbird 145. Some of these bugs showed
8.1HIGH
 CVE-2025-14332
< 146.0
Memory safety bugs present in Firefox 145 and Thunderbird 145. Some of these bugs showed evidence of memory corruption and we pres
7.3HIGH
 CVE-2025-14331
< 146.0
Same-origin policy bypass in the Request Handling component. This vulnerability was fixed in Firefox 146, Firefox ESR 115.31, Fire
6.5MEDIUM
 CVE-2025-14330
< 146.0
JIT miscompilation in the JavaScript Engine: JIT component. This vulnerability was fixed in Firefox 146, Firefox ESR 140.6, Thunde
9.8CRITICAL
 CVE-2025-14329
< 146.0
Privilege escalation in the Netmonitor component. This vulnerability was fixed in Firefox 146, Firefox ESR 140.6, Thunderbird 146,
8.8HIGH
 CVE-2025-14328
< 146.0
Privilege escalation in the Netmonitor component. This vulnerability was fixed in Firefox 146, Firefox ESR 140.6, Thunderbird 146,
8.8HIGH
 CVE-2025-14327
< 146.0
Spoofing issue in the Downloads Panel component. This vulnerability was fixed in Firefox 146, Thunderbird 146, Firefox ESR 140.7,
7.5HIGH
 CVE-2025-14326
< 146.0
Use-after-free in the Audio/Video: GMP component. This vulnerability was fixed in Firefox 146 and Thunderbird 146.
9.8CRITICAL
 CVE-2025-14325
< 146.0
JIT miscompilation in the JavaScript Engine: JIT component. This vulnerability was fixed in Firefox 146, Firefox ESR 140.6, Thunde
7.3HIGH
 CVE-2025-14324
< 146.0
JIT miscompilation in the JavaScript Engine: JIT component. This vulnerability was fixed in Firefox 146, Firefox ESR 115.31, Firef
9.8CRITICAL
 CVE-2025-14323
< 146.0
Privilege escalation in the DOM: Notifications component. This vulnerability was fixed in Firefox 146, Firefox ESR 115.31, Firefox
8.8HIGH
 CVE-2025-14322
< 146.0
Sandbox escape due to incorrect boundary conditions in the Graphics: CanvasWebGL component. This vulnerability was fixed in Firefo
8.0HIGH
 CVE-2025-14321
< 146.0
Use-after-free in the WebRTC: Signaling component. This vulnerability was fixed in Firefox 146, Firefox ESR 140.6, Thunderbird 146
9.8CRITICAL
 CVE-2025-13027
< 145.0
Memory safety bugs present in Firefox 144 and Thunderbird 144. Some of these bugs showed evidence of memory corruption and we pres
8.1HIGH
 CVE-2025-13026
< 145.0
Sandbox escape due to incorrect boundary conditions in the Graphics: WebGPU component. This vulnerability was fixed in Firefox 145
9.8CRITICAL
 CVE-2025-13025
< 145.0
Incorrect boundary conditions in the Graphics: WebGPU component. This vulnerability was fixed in Firefox 145 and Thunderbird 145.
7.5HIGH
 CVE-2025-13024
< 145.0
JIT miscompilation in the JavaScript Engine: JIT component. This vulnerability was fixed in Firefox 145 and Thunderbird 145.
9.8CRITICAL
 CVE-2025-13023
< 145.0
Sandbox escape due to incorrect boundary conditions in the Graphics: WebGPU component. This vulnerability was fixed in Firefox 145
9.8CRITICAL
 CVE-2025-13022
< 145.0
Incorrect boundary conditions in the Graphics: WebGPU component. This vulnerability was fixed in Firefox 145 and Thunderbird 145.
9.8CRITICAL
 CVE-2025-13021
< 145.0
Incorrect boundary conditions in the Graphics: WebGPU component. This vulnerability was fixed in Firefox 145 and Thunderbird 145.
9.8CRITICAL
 CVE-2025-13020
< 145.0
Use-after-free in the WebRTC: Audio/Video component. This vulnerability was fixed in Firefox 145, Firefox ESR 140.5, Thunderbird 1
8.8HIGH
 CVE-2025-13019
< 145.0
Same-origin policy bypass in the DOM: Workers component. This vulnerability was fixed in Firefox 145, Firefox ESR 140.5, Thunderbi
8.1HIGH
 CVE-2025-13018
< 145.0
Mitigation bypass in the DOM: Security component. This vulnerability was fixed in Firefox 145, Firefox ESR 140.5, Thunderbird 145,
8.1HIGH
 CVE-2025-13017
< 145.0
Same-origin policy bypass in the DOM: Notifications component. This vulnerability was fixed in Firefox 145, Firefox ESR 140.5, Thu
8.1HIGH
 CVE-2025-13016
< 145.0
Incorrect boundary conditions in the JavaScript: WebAssembly component. This vulnerability was fixed in Firefox 145, Firefox ESR 1
7.5HIGH
 CVE-2025-13015
< 145.0
Spoofing issue in Firefox. This vulnerability was fixed in Firefox 145, Firefox ESR 140.5, and Firefox ESR 115.30.
3.4LOW
 CVE-2025-13014
< 145.0
Use-after-free in the Audio/Video component. This vulnerability was fixed in Firefox 145, Firefox ESR 140.5, Firefox ESR 115.30, T
8.8HIGH
 CVE-2025-13013
< 145.0
Mitigation bypass in the DOM: Core & HTML component. This vulnerability was fixed in Firefox 145, Firefox ESR 140.5, Firefox ESR 1
6.1MEDIUM
 CVE-2025-13012
< 145.0
Race condition in the Graphics component. This vulnerability was fixed in Firefox 145, Firefox ESR 140.5, Firefox ESR 115.30, Thun
7.5HIGH
 CVE-2025-12380
>= 142.0 and < 144.0.2
Starting with Firefox 142, it was possible for a compromised child process to trigger a use-after-free in the GPU or browser proce
9.8CRITICAL
 CVE-2025-11721
>= 143.0 and < 144.0
Memory safety bug present in Firefox 143 and Thunderbird 143. This bug showed evidence of memory corruption and we presume that wi
9.8CRITICAL
 CVE-2025-11720
< 144.0
The Firefox and Firefox Focus UI for the Android custom tab feature only showed the "site" that was loaded, not the full hostname.
8.1HIGH
 CVE-2025-11719
>= 143.0 and < 144.0
Starting in Thunderbird 143, the use of the native messaging API by web extensions on Windows could lead to crashes caused by use-
9.8CRITICAL
 CVE-2025-11718
< 144.0
When the address bar was hidden due to scrolling on Android, a malicious page could create a fake address bar to fool the user in
6.5MEDIUM
 CVE-2025-11717
< 144.0
When switching between Android apps using the card carousel Firefox shows a black screen as its card image when a password-related
9.1CRITICAL
 CVE-2025-11716
< 144.0
Links in a sandboxed iframe could open an external app on Android without the required "allow-" permission. This vulnerability was
6.5MEDIUM
 CVE-2025-11715
< 144.0
Memory safety bugs present in Firefox ESR 140.3, Thunderbird ESR 140.3, Firefox 143 and Thunderbird 143. Some of these bugs showed
8.8HIGH
 CVE-2025-11714
< 144.0
Memory safety bugs present in Firefox ESR 115.28, Firefox ESR 140.3, Thunderbird ESR 140.3, Firefox 143 and Thunderbird 143. Some
8.8HIGH
 CVE-2025-11713
< 144.0
Insufficient escaping in the “Copy as cURL” feature could have been used to trick a user into executing unexpected code on Win
8.1HIGH
 CVE-2025-11712
< 144.0
A malicious page could have used the type attribute of an OBJECT tag to override the default browser behavior when encountering a
6.1MEDIUM
 CVE-2025-11711
< 144.0
There was a way to change the value of JavaScript Object properties that were supposed to be non-writeable. This vulnerability was
6.5MEDIUM
 CVE-2025-11710
< 144.0
A compromised web process using malicious IPC messages could have caused the privileged browser process to reveal blocks of its me
9.8CRITICAL
 CVE-2025-11709
< 144.0
A compromised web process was able to trigger out of bounds reads and writes in a more privileged process using manipulated WebGL
9.8CRITICAL
 CVE-2025-11708
< 144.0
Use-after-free in MediaTrackGraphImpl::GetInstance(). This vulnerability was fixed in Firefox 144, Firefox ESR 140.4, Thunderbird
9.8CRITICAL
 CVE-2025-11153
< 143.0.3
JIT miscompilation in the JavaScript Engine: JIT component. This vulnerability was fixed in Firefox 143.0.3.
7.5HIGH
 CVE-2025-11152
< 143.0.3
Sandbox escape due to integer overflow in the Graphics: Canvas2D component. This vulnerability was fixed in Firefox 143.0.3.
8.6HIGH
 CVE-2025-10859
< 143.1.0
Cookie storage for non-HTML temporary documents was being shared incorrectly with normal browsing content, allowing information fr
4.0MEDIUM
 CVE-2025-10537
< 143.0
Memory safety bugs present in Firefox ESR 140.2, Thunderbird ESR 140.2, Firefox 142 and Thunderbird 142. Some of these bugs showed
8.8HIGH
 CVE-2025-10536
< 143.0
Information disclosure in the Networking: Cache component. This vulnerability was fixed in Firefox 143, Firefox ESR 140.3, Thunder
6.2MEDIUM
 CVE-2025-10535
< 143.0
Information disclosure, mitigation bypass in the Privacy component in Firefox for Android. This vulnerability was fixed in Firefox
7.5HIGH
 CVE-2025-10534
< 143.0
Spoofing issue in the Site Permissions component. This vulnerability was fixed in Firefox 143 and Thunderbird 143.
8.1HIGH
 CVE-2025-10533
< 143.0
Integer overflow in the SVG component. This vulnerability was fixed in Firefox 143, Firefox ESR 115.28, Firefox ESR 140.3, Thunder
8.8HIGH
 CVE-2025-10532
< 143.0
Incorrect boundary conditions in the JavaScript: GC component. This vulnerability was fixed in Firefox 143, Firefox ESR 140.3, Thu
6.5MEDIUM
 CVE-2025-10531
< 143.0
Mitigation bypass in the Web Compatibility: Tooling component. This vulnerability was fixed in Firefox 143 and Thunderbird 143.
5.4MEDIUM
 CVE-2025-10530
< 143.0
Spoofing issue in the WebAuthn component in Firefox for Android. This vulnerability was fixed in Firefox 143 and Thunderbird 143.
6.5MEDIUM
 CVE-2025-10529
< 143.0
Same-origin policy bypass in the Layout component. This vulnerability was fixed in Firefox 143, Firefox ESR 140.3, Thunderbird 143
6.5MEDIUM
 CVE-2025-10528
< 143.0
Sandbox escape due to undefined behavior, invalid pointer in the Graphics: Canvas2D component. This vulnerability was fixed in Fir
7.3HIGH
 CVE-2025-10527
<= 143.0
Sandbox escape due to use-after-free in the Graphics: Canvas2D component. This vulnerability was fixed in Firefox 143, Firefox ESR
7.1HIGH
 CVE-2025-9187
< 142.0
Memory safety bugs present in Firefox 141 and Thunderbird 141. Some of these bugs showed evidence of memory corruption and we pres
9.8CRITICAL
 CVE-2025-9186
< 142.0
Spoofing issue in the Address Bar component of Firefox Focus for Android. This vulnerability was fixed in Firefox 142.
6.5MEDIUM
 CVE-2025-9185
< 142.0
Memory safety bugs present in Firefox ESR 115.26, Firefox ESR 128.13, Thunderbird ESR 128.13, Firefox ESR 140.1, Thunderbird ESR 1
8.1HIGH
 CVE-2025-9184
< 142.0
Memory safety bugs present in Firefox ESR 140.1, Thunderbird ESR 140.1, Firefox 141 and Thunderbird 141. Some of these bugs showed
8.1HIGH
 CVE-2025-9183
< 142.0
Spoofing issue in the Address Bar component. This vulnerability was fixed in Firefox 142 and Firefox ESR 140.2.
6.5MEDIUM
 CVE-2025-9182
< 142.0
Denial-of-service due to out-of-memory in the Graphics: WebRender component. This vulnerability was fixed in Firefox 142, Firefox
7.5HIGH
 CVE-2025-9181
< 142.0
Uninitialized memory in the JavaScript Engine component. This vulnerability was fixed in Firefox 142, Firefox ESR 128.14, Firefox
6.5MEDIUM
 CVE-2025-9180
< 142.0
Same-origin policy bypass in the Graphics: Canvas2D component. This vulnerability was fixed in Firefox 142, Firefox ESR 115.27, Fi
8.1HIGH
 CVE-2025-9179
< 142.0
An attacker was able to perform memory corruption in the GMP process which processes encrypted media. This process is also heavily
9.8CRITICAL
 CVE-2025-8364
< 141.0
A crafted URL using a blob: URI could have hidden the true origin of the page, resulting in a potential spoofing attack. *Note: Th
4.3MEDIUM
 CVE-2025-8042
< 141.0
Firefox for Android allowed a sandboxed iframe without the allow-downloads attribute to start downloads. This vulnerability was
9.8CRITICAL
 CVE-2025-8041
< 141.0
In the address bar, Firefox for Android truncated the display of URLs from the end instead of prioritizing the origin. This vulner
5.3MEDIUM
 CVE-2025-55031
< 142.0
Malicious pages could use Firefox for iOS to pass FIDO: links to the OS and trigger the hybrid passkey transport. An attacker with
9.8CRITICAL
 CVE-2025-55030
< 142.0
Firefox for iOS would not respect a Content-Disposition header of type Attachment and would incorrectly display the content inline
6.1MEDIUM
 CVE-2025-55029
< 142.0
Malicious scripts could bypass the popup blocker to spam new tabs, potentially resulting in denial of service attacks. This vulner
7.5HIGH
 CVE-2025-55028
< 142.0
Malicious scripts utilizing repetitive JavaScript alerts could prevent client user interaction in some scenarios and allow for den
6.5MEDIUM
 CVE-2025-54145
< 141.0
The QR scanner could allow arbitrary websites to be opened if a user was tricked into scanning a malicious link that leveraged Fir
9.1CRITICAL
 CVE-2025-54144
< 141.0
The URL scheme used by Firefox to facilitate searching of text queries could incorrectly allow attackers to open arbitrary website
5.4MEDIUM
 CVE-2025-54143
< 141.0
Sandboxed iframes on webpages could potentially allow downloads to the device, bypassing the expected sandbox restrictions declare
9.8CRITICAL
 CVE-2025-8044
< 141.0
Memory safety bugs present in Firefox 140 and Thunderbird 140. Some of these bugs showed evidence of memory corruption and we pres
9.8CRITICAL
 CVE-2025-8043
< 141.0
Focus incorrectly truncated URLs towards the beginning instead of around the origin. This vulnerability was fixed in Firefox 141.
9.8CRITICAL
 CVE-2025-8040
< 141.0
Memory safety bugs present in Firefox ESR 140.0, Thunderbird ESR 140.0, Firefox 140 and Thunderbird 140. Some of these bugs showed
8.8HIGH
 CVE-2025-8039
< 141.0
In some cases search terms persisted in the URL bar even after navigating away from the search page. This vulnerability was fixed
8.1HIGH
 CVE-2025-8038
< 141.0
Thunderbird ignored paths when checking the validity of navigations in a frame. This vulnerability was fixed in Firefox 141, Firef
9.8CRITICAL
 CVE-2025-8037
< 141.0
Setting a nameless cookie with an equals sign in the value shadowed other cookies. Even if the nameless cookie was set over HTTP a
9.1CRITICAL
 CVE-2025-8036
< 141.0
Thunderbird cached CORS preflight responses across IP address changes. This allowed circumventing CORS with DNS rebinding. This vu
8.1HIGH
 CVE-2025-8035
< 141.0
Memory safety bugs present in Firefox ESR 128.12, Thunderbird ESR 128.12, Firefox ESR 140.0, Thunderbird ESR 140.0, Firefox 140 an
8.8HIGH
 CVE-2025-8034
< 141.0
Memory safety bugs present in Firefox ESR 115.25, Firefox ESR 128.12, Thunderbird ESR 128.12, Firefox ESR 140.0, Thunderbird ESR 1
8.8HIGH
 CVE-2025-8033
< 141.0
The JavaScript engine did not handle closed generators correctly and it was possible to resume them leading to a nullptr deref. Th
6.5MEDIUM
 CVE-2025-8032
< 141.0
XSLT document loading did not correctly propagate the source document which bypassed its CSP. This vulnerability was fixed in Fire
8.1HIGH
 CVE-2025-8031
< 141.0
The username:password part was not correctly stripped from URLs in CSP reports potentially leaking HTTP Basic Authentication cre
9.8CRITICAL
 CVE-2025-8030
< 141.0
Insufficient escaping in the “Copy as cURL” feature could potentially be used to trick a user into executing unexpected code.
8.1HIGH
 CVE-2025-8029
< 141.0
Thunderbird executed javascript: URLs when used in object and embed tags. This vulnerability was fixed in Firefox 141, Firef
8.1HIGH
 CVE-2025-8028
< 141.0
On arm64, a WASM br_table instruction with a lot of entries could lead to the label being too far from the instruction causing t
9.8CRITICAL
 CVE-2025-8027
< 141.0
On 64-bit platforms IonMonkey-JIT only wrote 32 bits of the 64-bit return value space on the stack. Baseline-JIT, however, read th
6.5MEDIUM
 CVE-2025-6436
< 140.0
Memory safety bugs present in Firefox 139 and Thunderbird 139. Some of these bugs showed evidence of memory corruption and we pres
8.1HIGH
 CVE-2025-6435
< 140.0
If a user saved a response from the Network tab in Devtools using the Save As context menu option, that file may not have been sav
8.1HIGH
 CVE-2025-6434
< 140.0
The exception page for the HTTPS-Only feature, displayed when a website is opened via HTTP, lacked an anti-clickjacking delay, pot
4.3MEDIUM
 CVE-2025-6433
< 140.0
If a user visited a webpage with an invalid TLS certificate, and granted an exception, the webpage was able to provide a WebAuthn
9.8CRITICAL
 CVE-2025-6432
< 140.0
When Multi-Account Containers was enabled, DNS requests could have bypassed a SOCKS proxy when the domain name was invalid or the
8.6HIGH
 CVE-2025-6431
< 140.0
When a link can be opened in an external application, Firefox for Android will, by default, prompt the user before doing so. An at
6.5MEDIUM
 CVE-2025-6430
< 140.0
When a file download is specified via the Content-Disposition header, that directive would be ignored if the file was included v
6.1MEDIUM
 CVE-2025-6429
< 140.0
Firefox could have incorrectly parsed a URL and rewritten it to the youtube.com domain when parsing the URL specified in an `embed
6.5MEDIUM
 CVE-2025-6428
< 140.0
When a URL was provided in a link querystring parameter, Firefox for Android would follow that URL instead of the correct URL, pot
4.3MEDIUM
 CVE-2025-6427
< 140.0
An attacker was able to bypass the connect-src directive of a Content Security Policy by manipulating subdocuments. This would h
9.1CRITICAL
 CVE-2025-6426
< 140.0
The executable file warning did not warn users before opening files with the terminal extension. *This bug only affects Firefox
8.8HIGH
 CVE-2025-6425
< 140.0
An attacker who enumerated resources from the WebCompat extension could have obtained a persistent UUID that identified the browse
4.3MEDIUM
 CVE-2025-6424
< 140.0
A use-after-free in FontFaceSet resulted in a potentially exploitable crash. This vulnerability was fixed in Firefox 140, Firefox
9.8CRITICAL
 CVE-2025-49710
< 139.0.4
An integer overflow was present in OrderedHashTable used by the JavaScript engine. This vulnerability was fixed in Firefox 139.0
9.8CRITICAL
 CVE-2025-49709
< 139.0.4
Certain canvas operations could have lead to memory corruption. This vulnerability was fixed in Firefox 139.0.4.
9.8CRITICAL
 CVE-2025-5272
< 139.0
Memory safety bugs present in Firefox 138 and Thunderbird 138. Some of these bugs showed evidence of memory corruption and we pres
7.3HIGH
 CVE-2025-5271
< 139.0
Previewing a response in Devtools ignored CSP headers, which could have allowed content injection attacks. This vulnerability was
6.5MEDIUM
 CVE-2025-5270
< 139.0
In certain cases, SNI could have been sent unencrypted even when encrypted DNS was enabled. This vulnerability was fixed in Firefo
7.5HIGH
 CVE-2025-5269
< 128.11.0
Memory safety bug present in Firefox ESR 128.10, and Thunderbird 128.10. This bug showed evidence of memory corruption and we pres
8.1HIGH
 CVE-2025-5268
< 139.0
Memory safety bugs present in Firefox 138, Thunderbird 138, Firefox ESR 128.10, and Thunderbird 128.10. Some of these bugs showed
8.1HIGH
 CVE-2025-5267
< 139.0
A clickjacking vulnerability could have been used to trick a user into leaking saved payment card details to a malicious page. Thi
5.4MEDIUM
 CVE-2025-5266
< 139.0
Script elements loading cross-origin resources generated load and error events which leaked information enabling XS-Leaks attacks.
4.3MEDIUM
 CVE-2025-5265
< 139.0
Due to insufficient escaping of the ampersand character in the “Copy as cURL” feature, an attacker could trick a user into usi
4.8MEDIUM
 CVE-2025-5264
< 139.0
Due to insufficient escaping of the newline character in the “Copy as cURL” feature, an attacker could trick a user into using
4.8MEDIUM
 CVE-2025-5263
< 139.0
Error handling for script execution was incorrectly isolated from web content, which could have allowed cross-origin leak attacks.
4.3MEDIUM
 CVE-2025-5020
< 139.0
Opening maliciously-crafted URLs in Firefox from other apps such as Safari could have allowed attackers to spoof website addresses
4.3MEDIUM
 CVE-2025-4919
< 138.0.4
An attacker was able to perform an out-of-bounds read or write on a JavaScript object by confusing array index sizes. This vulnera
8.8HIGH
 CVE-2025-4918
< 138.0.4
An attacker was able to perform an out-of-bounds read or write on a JavaScript Promise object. This vulnerability was fixed in F
9.8CRITICAL
 CVE-2025-4093
< 128.10
Memory safety bug present in Firefox ESR 128.9, and Thunderbird 128.9. This bug showed evidence of memory corruption and we presum
8.1HIGH
 CVE-2025-4092
< 138.0
Memory safety bugs present in Firefox 137 and Thunderbird 137. Some of these bugs showed evidence of memory corruption and we pres
6.5MEDIUM
 CVE-2025-4091
< 138.0
Memory safety bugs present in Firefox 137, Thunderbird 137, Firefox ESR 128.9, and Thunderbird 128.9. Some of these bugs showed ev
8.1HIGH
 CVE-2025-4090
< 138.0
A vulnerability existed in Thunderbird for Android where potentially sensitive library locations were logged via Logcat. This vuln
5.3MEDIUM
 CVE-2025-4089
< 138.0
Due to insufficient escaping of special characters in the "copy as cURL" feature, an attacker could trick a user into using this c
5.1MEDIUM
 CVE-2025-4088
< 138.0
A security vulnerability in Thunderbird allowed malicious sites to use redirects to send credentialed requests to arbitrary endpoi
6.5MEDIUM
 CVE-2025-4087
< 138.0
A vulnerability was identified in Thunderbird where XPath parsing could trigger undefined behavior due to missing null checks duri
4.8MEDIUM
 CVE-2025-4086
< 138.0
A specially crafted filename containing a large number of encoded newline characters could obscure the file's extension when displ
6.5MEDIUM
 CVE-2025-4085
< 138.0
An attacker with control over a content process could potentially leverage the privileged UITour actor to leak sensitive informati
7.1HIGH
 CVE-2025-4084
< 115.23
Due to insufficient escaping of the special characters in the "copy as cURL" feature, an attacker could trick a user into using th
5.7MEDIUM
 CVE-2025-4083
< 138.0
A process isolation vulnerability in Thunderbird stemmed from improper handling of javascript: URIs, which could allow content to
9.1CRITICAL
 CVE-2025-4082
< 138.0
Modification of specific WebGL shader attributes could trigger an out-of-bounds read, which, when chained with other vulnerabiliti
5.9MEDIUM
 CVE-2025-2817
< 138.0
Thunderbird's update mechanism allowed a medium-integrity user process to interfere with the SYSTEM-level updater by manipulating
8.8HIGH
 CVE-2025-3608
< 137.0.2
A race condition existed in nsHttpTransaction that could have been exploited to cause memory corruption, potentially leading to an
6.5MEDIUM
 CVE-2025-3035
< 137.0
By first using the AI chatbot in one tab and later activating it in another tab, the document title of the previous tab would leak
5.3MEDIUM
 CVE-2025-3034
< 137.0
Memory safety bugs present in Firefox 136 and Thunderbird 136. Some of these bugs showed evidence of memory corruption and we pres
8.1HIGH
 CVE-2025-3033
< 137.0
After selecting a malicious Windows .url shortcut from the local filesystem, an unexpected file could be uploaded. *This bug o
7.7HIGH
 CVE-2025-3032
< 137.0
Leaking of file descriptors from the fork server to web content processes could allow for privilege escalation attacks. This vulne
7.4HIGH
 CVE-2025-3031
< 137.0
An attacker could read 32 bits of values spilled onto the stack in a JIT compiled function. This vulnerability was fixed in Firefo
6.5MEDIUM
 CVE-2025-3030
< 136.0
Memory safety bugs present in Firefox 136, Thunderbird 136, Firefox ESR 128.8, and Thunderbird 128.8. Some of these bugs showed ev
8.1HIGH
 CVE-2025-3029
< 137.0
A crafted URL containing specific Unicode characters could have hidden the true origin of the page, resulting in a potential spoof
7.3HIGH
 CVE-2025-3028
< 137.0
JavaScript code running while transforming a document with the XSLTProcessor could lead to a use-after-free. This vulnerability wa
6.5MEDIUM
 CVE-2025-2857
< 136.0.4
Following the recent Chrome sandbox escape (CVE-2025-2783), various Firefox developers identified a similar pattern in our IPC cod
10.0CRITICAL
 CVE-2025-27426
< 136.0
Malicious websites utilizing a server-side redirect to an internal error page could result in a spoofed website URL. This vulnerab
5.4MEDIUM
 CVE-2025-27425
< 136.0
Scanning certain QR codes that included text with a website URL could allow the URL to be opened without presenting the user with
4.3MEDIUM
 CVE-2025-27424
< 136.0
Websites redirecting to a non-HTTP scheme URL could allow a website address to be spoofed for a malicious page. This vulnerability
4.3MEDIUM
 CVE-2025-1943
< 136.0
Memory safety bugs present in Firefox 135 and Thunderbird 135. Some of these bugs showed evidence of memory corruption and we pres
8.2HIGH
 CVE-2025-1942
< 136.0
When String.toUpperCase() caused a string to get longer it was possible for uninitialized memory to be incorporated into the resul
9.8CRITICAL
 CVE-2025-1941
< 136.0
Under certain circumstances, a user opt-in setting that Focus should require authentication before use could have been be bypassed
9.1CRITICAL
 CVE-2025-1940
< 136.0
A select option could partially obscure the confirmation prompt shown before launching external apps. This could be used to trick
7.1HIGH
 CVE-2025-1939
< 136.0
Android apps can load web pages using the Custom Tabs feature. This feature supports a transition animation that could have been u
3.9LOW
 CVE-2025-1938
< 135.0
Memory safety bugs present in Firefox 135, Thunderbird 135, Firefox ESR 128.7, and Thunderbird 128.7. Some of these bugs showed ev
6.5MEDIUM
 CVE-2025-1937
< 135.0
Memory safety bugs present in Firefox 135, Thunderbird 135, Firefox ESR 115.20, Firefox ESR 128.7, and Thunderbird 128.7. Some of
7.5HIGH
 CVE-2025-1936
< 136.0
jar: URLs retrieve local file content packaged in a ZIP archive. The null and everything after it was ignored when retrieving the
7.3HIGH
 CVE-2025-1935
< 136.0
A web page could trick a user into setting that site as the default handler for a custom URL protocol. This vulnerability was fixe
4.3MEDIUM
 CVE-2025-1934
< 136.0
It was possible to interrupt the processing of a RegExp bailout and run additional JavaScript, potentially triggering garbage coll
6.5MEDIUM
 CVE-2025-1933
< 136.0
On 64-bit CPUs, when the JIT compiles WASM i32 return values they can pick up bits from left over memory. This can potentially cau
7.6HIGH
 CVE-2025-1932
< 136.0
An inconsistent comparator in xslt/txNodeSorter could have resulted in potentially exploitable out-of-bounds access. Only affected
8.1HIGH
 CVE-2025-1931
< 136.0
It was possible to cause a use-after-free in the content process side of a WebTransport connection, leading to a potentially explo
7.5HIGH
 CVE-2025-1930
< 136.0
On Windows, a compromised content process could use bad StreamData sent over AudioIPC to trigger a use-after-free in the Browser p
8.8HIGH
 CVE-2025-1414
< 135.0.1
Memory safety bugs present in Firefox 135. Some of these bugs showed evidence of memory corruption and we presume that with enough
6.5MEDIUM
 CVE-2025-1020
< 135.0
Memory safety bugs present in Firefox 134 and Thunderbird 134. Some of these bugs showed evidence of memory corruption and we pres
9.8CRITICAL
 CVE-2025-1019
< 135.0
The z-order of the browser windows could be manipulated to hide the fullscreen notification. This could potentially be leveraged t
4.3MEDIUM
 CVE-2025-1018
< 135.0
The fullscreen notification is prematurely hidden when fullscreen is re-requested quickly by the user. This could have been levera
5.3MEDIUM
 CVE-2025-1017
< 135.0
Memory safety bugs present in Firefox 134, Thunderbird 134, Firefox ESR 128.6, and Thunderbird 128.6. Some of these bugs showed ev
9.8CRITICAL
 CVE-2025-1016
< 135.0
Memory safety bugs present in Firefox 134, Thunderbird 134, Firefox ESR 115.19, Firefox ESR 128.6, Thunderbird 115.19, and Thunder
9.8CRITICAL
 CVE-2025-1014
< 135.0
Certificate length was not properly checked when added to a certificate store. In practice only trusted data was processed. This v
8.8HIGH
 CVE-2025-1013
< 135.0
A race condition could have led to private browsing tabs being opened in normal browsing windows. This could have resulted in a po
6.5MEDIUM
 CVE-2025-1012
< 135.0
A race during concurrent delazification could have led to a use-after-free. This vulnerability was fixed in Firefox 135, Firefox E
7.5HIGH
 CVE-2025-1011
< 135.0
A bug in WebAssembly code generation could have lead to a crash. It may have been possible for an attacker to leverage this to ach
8.8HIGH
 CVE-2025-1010
< 135.0
An attacker could have caused a use-after-free via the Custom Highlight API, leading to a potentially exploitable crash. This vuln
8.8HIGH
 CVE-2025-1009
< 135.0
An attacker could have caused a use-after-free via crafted XSLT data, leading to a potentially exploitable crash. This vulnerabili
9.8CRITICAL
 CVE-2025-23109
< 134.0
Long hostnames in URLs could be leveraged to obscure the actual host of the website or spoof the website address. This vulnerabili
6.5MEDIUM
 CVE-2025-23108
< 134.0
Opening Javascript links in a new tab via long-press in the Firefox iOS client could result in a malicious script spoofing the URL
4.3MEDIUM
 CVE-2025-0247
< 134.0
Memory safety bugs present in Firefox 133 and Thunderbird 133. Some of these bugs showed evidence of memory corruption and we pres
9.8CRITICAL
 CVE-2025-0246
< 134.0
When using an invalid protocol scheme, an attacker could spoof the address bar. *Note: This issue only affected Android operating
6.5MEDIUM
 CVE-2025-0245
< 134.0
Under certain circumstances, a user opt-in setting that Focus should require authentication before use could have been be bypassed
3.3LOW
 CVE-2025-0244
< 134.0
When redirecting to an invalid protocol scheme, an attacker could spoof the address bar. *Note: This issue only affected Android
5.3MEDIUM
 CVE-2025-0243
< 133.0
Memory safety bugs present in Firefox 133, Thunderbird 133, Firefox ESR 128.5, and Thunderbird 128.5. Some of these bugs showed ev
5.1MEDIUM
 CVE-2025-0242
< 134.0
Memory safety bugs present in Firefox 133, Thunderbird 133, Firefox ESR 115.18, Firefox ESR 128.5, Thunderbird 115.18, and Thunder
6.5MEDIUM
 CVE-2025-0241
< 134.0
When segmenting specially crafted text, segmentation would corrupt memory leading to a potentially exploitable crash. This vulnera
7.7HIGH
 CVE-2025-0240
< 134.0
Parsing a JavaScript module as JSON could, under some circumstances, cause cross-compartment access, which may result in a use-aft
4.0MEDIUM
 CVE-2025-0239
< 134.0
When using Alt-Svc, ALPN did not properly validate certificates when the original server is redirecting to an insecure site. This
4.0MEDIUM
 CVE-2025-0238
< 134.0
Assuming a controlled failed memory allocation, an attacker could have caused a use-after-free, leading to a potentially exploitab
5.3MEDIUM
 CVE-2025-0237
< 134.0
The WebChannel API, which is used to transport various information across processes, did not check the sending principal but rathe
5.4MEDIUM
 CVE-2024-53976
< 133.0
Under certain circumstances, navigating to a webpage would result in the address missing from the location URL bar, making it uncl
5.4MEDIUM
 CVE-2024-53975
< 133.0
Accessing a non-secure HTTP site that uses a non-existent port may cause the SSL padlock icon in the location URL bar to, misleadi
5.4MEDIUM
 CVE-2024-11708
< 133.0
Missing thread synchronization primitives could have led to a data race on members of the PlaybackParams structure. This vulnerabi
6.5MEDIUM
 CVE-2024-11706
< 133.0
A null pointer dereference may have inadvertently occurred in pk12util, and specifically in the SEC_ASN1DecodeItem_Util functi
6.5MEDIUM
 CVE-2024-11705
< 133.0
NSC_DeriveKey inadvertently assumed that the phKey parameter is always non-NULL. When it was passed as NULL, a segmentation fa
9.1CRITICAL
 CVE-2024-11704
< 133.0
A double-free issue could have occurred in sec_pkcs7_decoder_start_decrypt() when handling an error path. Under specific conditi
9.8CRITICAL
 CVE-2024-11703
< 133.0
On Android, Firefox may have inadvertently allowed viewing saved passwords without the required device PIN authentication. This vu
5.7MEDIUM
 CVE-2024-11702
< 133.0
Copying sensitive information from Private Browsing tabs on Android, such as passwords, may have inadvertently stored data in the
7.5HIGH
 CVE-2024-11701
< 133.0
The incorrect domain may have been displayed in the address bar during an interrupted navigation attempt. This could have led to u
4.3MEDIUM
 CVE-2024-11700
< 133.0
Malicious websites may have been able to perform user intent confirmation through tapjacking. This could have led to users unknowi
8.1HIGH
 CVE-2024-11699
< 133.0
Memory safety bugs present in Firefox 132, Firefox ESR 128.4, and Thunderbird 128.4. Some of these bugs showed evidence of memory
8.8HIGH
 CVE-2024-11698
< 133.0
A flaw in handling fullscreen transitions may have inadvertently caused the application to become stuck in fullscreen mode when a
9.8CRITICAL
 CVE-2024-11697
< 133.0
When handling keypress events, an attacker may have been able to trick a user into bypassing the "Open Executable File?" confirmat
8.8HIGH
 CVE-2024-11696
< 133.0
The application failed to account for exceptions thrown by the loadManifestFromFile method during add-on signature verification.
5.4MEDIUM
 CVE-2024-11695
< 133.0
A crafted URL containing Arabic script and whitespace characters could have hidden the true origin of the page, resulting in a pot
5.4MEDIUM
 CVE-2024-11694
< 133.0
Enhanced Tracking Protection's Strict mode may have inadvertently allowed a CSP frame-src bypass and DOM-based XSS through the G
6.1MEDIUM
 CVE-2024-11693
< 133.0
The executable file warning was not presented when downloading .library-ms files. *Note: This issue only affected Windows operat
9.8CRITICAL
 CVE-2024-11692
< 133.0
An attacker could cause a select dropdown to be shown over another tab; this could have led to user confusion and possible spoofin
4.3MEDIUM
 CVE-2024-11691
>= 129.0 and < 133.0
Certain WebGL operations on Apple silicon M series devices could have lead to an out-of-bounds write and memory corruption due to
8.8HIGH
 CVE-2024-10941
< 126.0
A malicious website could have included an iframe with an malformed URI resulting in a non-exploitable browser crash. This vulnera
6.5MEDIUM
 CVE-2024-10468
< 132.0
Potential race conditions in IndexedDB could have caused memory corruption, leading to a potentially exploitable crash. This vulne
5.3MEDIUM
 CVE-2024-10467
< 132.0
Memory safety bugs present in Firefox 131, Firefox ESR 128.3, and Thunderbird 128.3. Some of these bugs showed evidence of memory
8.8HIGH
 CVE-2024-10466
< 132.0
By sending a specially crafted push message, a remote server could have hung the parent process, causing the browser to become unr
7.5HIGH
 CVE-2024-10465
< 132.0
A clipboard "paste" button could persist across tabs which allowed a spoofing attack. This vulnerability affects Firefox < 132, Fi
6.5MEDIUM
 CVE-2024-10464
< 132.0
Repeated writes to history interface attributes could have been used to cause a Denial of Service condition in the browser. This w
6.5MEDIUM
 CVE-2024-10463
< 132.0
Video frames could have been leaked between origins in some situations. This vulnerability affects Firefox < 132, Firefox ESR < 12
6.5MEDIUM
 CVE-2024-10462
< 132.0
Truncation of a long URL could have allowed origin spoofing in a permission prompt. This vulnerability affects Firefox < 132, Fire
6.5MEDIUM
 CVE-2024-10461
< 132.0
In multipart/x-mixed-replace responses, Content-Disposition: attachment in the response header was not respected and did not for
6.1MEDIUM
 CVE-2024-10460
< 132.0
The origin of an external protocol handler prompt could have been obscured using a data: URL within an iframe. This vulnerabilit
5.3MEDIUM
 CVE-2024-10459
< 132.0
An attacker could have caused a use-after-free when accessibility was enabled, leading to a potentially exploitable crash. This vu
7.5HIGH
 CVE-2024-10458
< 132.0
A permission leak could have occurred from a trusted site to an untrusted site via embed or object elements. This vulnerabilit
7.5HIGH
 CVE-2024-10004
< 131.2.0
Opening an external link to an HTTP website when Firefox iOS was previously closed and had an HTTPS tab open could in some cases r
9.1CRITICAL
 CVE-2024-9936
< 131.0.3
When manipulating the selection node cache, an attacker may have been able to cause unexpected behavior, potentially leading to an
6.5MEDIUM
 CVE-2024-9680
< 131.0.2
An attacker was able to achieve code execution in the content process by exploiting a use-after-free in Animation timelines. We ha
9.8CRITICAL
 CVE-2024-9403
< 131.0
Memory safety bugs present in Firefox 130. Some of these bugs showed evidence of memory corruption and we presume that with enough
7.3HIGH
 CVE-2024-9402
< 131.0
Memory safety bugs present in Firefox 130, Firefox ESR 128.2, and Thunderbird 128.2. Some of these bugs showed evidence of memory
9.8CRITICAL
 CVE-2024-9401
< 131.0
Memory safety bugs present in Firefox 130, Firefox ESR 115.15, Firefox ESR 128.2, and Thunderbird 128.2. Some of these bugs showed
9.8CRITICAL
 CVE-2024-9400
< 131.0
A potential memory corruption vulnerability could be triggered if an attacker had the ability to trigger an OOM at a specific mome
8.8HIGH
 CVE-2024-9399
< 128.3.0
A website configured to initiate a specially crafted WebTransport session could crash the Firefox process leading to a denial of s
7.5HIGH
 CVE-2024-9398
< 131.0
By checking the result of calls to window.open with specifically set protocol handlers, an attacker could determine if the appli
5.3MEDIUM
 CVE-2024-9397
< 131.0
A missing delay in directory upload UI could have made it possible for an attacker to trick a user into granting permission via cl
6.1MEDIUM
 CVE-2024-9396
< 131.0
It is currently unknown if this issue is exploitable but a condition may arise where the structured clone of certain objects could
8.8HIGH
 CVE-2024-9395
< 131.0
A specially crafted filename containing a large number of spaces could obscure the file's extension when displayed in the download
5.3MEDIUM
 CVE-2024-9394
< 131.0
An attacker could, via a specially crafted multipart response, execute arbitrary JavaScript under the resource://devtools origin
7.5HIGH
 CVE-2024-9393
< 131.0
An attacker could, via a specially crafted multipart response, execute arbitrary JavaScript under the resource://pdf.js origin.
7.5HIGH
 CVE-2024-9392
< 131.0
A compromised content process could have allowed for the arbitrary loading of cross-origin pages. This vulnerability affects Firef
9.8CRITICAL
 CVE-2024-9391
< 131.0
A user who enables full-screen mode on a specially crafted web page could potentially be prevented from exiting full screen mode.
6.5MEDIUM
 CVE-2024-8900
< 129.0
An attacker could write data to the user's clipboard, bypassing the user prompt, during a certain sequence of navigational events.
7.5HIGH
 CVE-2024-8897
< 130.0.1
Under certain conditions, an attacker with the ability to redirect users to a malicious site via an open redirect on a trusted sit
6.1MEDIUM
 CVE-2024-7652
< 128.0
An error in the ECMA-262 specification relating to Async Generators could have resulted in a type confusion, potentially leading t
7.5HIGH
 CVE-2024-8389
all versions
Memory safety bugs present in Firefox 129. Some of these bugs showed evidence of memory corruption and we presume that with enough
9.8CRITICAL
 CVE-2024-8388
< 130.0
Multiple prompts and panels from both Firefox and the Android OS could be used to obscure the notification announcing the transiti
5.3MEDIUM
 CVE-2024-8387
all versions
Memory safety bugs present in Firefox 129, Firefox ESR 128.1, and Thunderbird 128.1. Some of these bugs showed evidence of memory
9.8CRITICAL
 CVE-2024-8386
< 130.0
If a site had been granted the permission to open popup windows, it could cause Select elements to appear on top of another site t
6.1MEDIUM
 CVE-2024-8385
< 130.0
A difference in the handling of StructFields and ArrayTypes in WASM could be used to trigger an exploitable type confusion vulnera
9.8CRITICAL
 CVE-2024-8384
< 130.0
The JavaScript garbage collector could mis-color cross-compartment objects if OOM conditions were detected at the right point betw
9.8CRITICAL
 CVE-2024-8383
< 130.0
Firefox normally asks for confirmation before asking the operating system to find an application to handle a scheme that the brows
7.5HIGH
 CVE-2024-8382
< 130.0
Internal browser event interfaces were exposed to web content when privileged EventHandler listener callbacks ran for those events
8.8HIGH
 CVE-2024-8381
< 130.0
A potentially exploitable type confusion could be triggered when looking up a property name on an object being used as the with
9.8CRITICAL
 CVE-2024-43113
< 129
The contextual menu for links could provide an opportunity for cross-site scripting attacks This vulnerability affects Firefox for
6.1MEDIUM
 CVE-2024-43112
< 129
Long pressing on a download link could potentially provide a means for cross-site scripting This vulnerability affects Firefox for
6.1MEDIUM
 CVE-2024-43111
< 129
Long pressing on a download link could potentially allow Javascript commands to be executed within the browser This vulnerability
6.1MEDIUM
 CVE-2024-7531
< 129.0
Calling PK11_Encrypt() in NSS using CKM_CHACHA20 and the same buffer for input and output can result in plaintext on an Intel Sa
6.5MEDIUM
 CVE-2024-7530
< 129.0
Incorrect garbage collection interaction could have led to a use-after-free. This vulnerability affects Firefox < 129.
8.8HIGH
 CVE-2024-7529
< 129.0
The date picker could partially obscure security prompts. This could be used by a malicious site to trick a user into granting per
6.5MEDIUM
 CVE-2024-7528
< 129.0
Incorrect garbage collection interaction in IndexedDB could have led to a use-after-free. This vulnerability affects Firefox < 129
8.8HIGH
 CVE-2024-7527
< 129.0
Unexpected marking work at the start of sweeping could have led to a use-after-free. This vulnerability affects Firefox < 129, Fir
8.8HIGH
 CVE-2024-7526
< 129.0
ANGLE failed to initialize parameters which lead to reading from uninitialized memory. This could be leveraged to leak sensitive d
6.5MEDIUM
 CVE-2024-7525
< 129.0
It was possible for a web extension with minimal permissions to create a StreamFilter which could be used to read and modify the
8.1HIGH
 CVE-2024-7524
< 129.0
Firefox adds web-compatibility shims in place of some tracking scripts blocked by Enhanced Tracking Protection. On a site protect
6.1MEDIUM
 CVE-2024-7523
< 129
A select option could partially obscure security prompts. This could be used by a malicious site to trick a user into granting per
8.1HIGH
 CVE-2024-7522
< 129.0
Editor code failed to check an attribute value. This could have led to an out-of-bounds read. This vulnerability affects Firefox <
8.8HIGH
 CVE-2024-7521
< 129.0
Incomplete WebAssembly exception handing could have led to a use-after-free. This vulnerability affects Firefox < 129, Firefox ESR
8.8HIGH
 CVE-2024-7520
< 129.0
A type confusion bug in WebAssembly could be leveraged by an attacker to potentially achieve code execution. This vulnerability af
8.8HIGH
 CVE-2024-7519
< 129.0
Insufficient checks when processing graphics shared memory could have led to memory corruption. This could be leveraged by an atta
9.6CRITICAL
 CVE-2024-7518
< 129
Select options could obscure the fullscreen notification dialog. This could be used by a malicious site to perform a spoofing atta
6.5MEDIUM
 CVE-2024-6615
< 128.0
Memory safety bugs present in Firefox 127 and Thunderbird 127. Some of these bugs showed evidence of memory corruption and we pres
8.8HIGH
 CVE-2024-6614
< 128.0
The frame iterator could get stuck in a loop when encountering certain wasm frames leading to incorrect stack traces. This vulnera
4.3MEDIUM
 CVE-2024-6613
< 128.0
The frame iterator could get stuck in a loop when encountering certain wasm frames leading to incorrect stack traces. This vulnera
5.5MEDIUM
 CVE-2024-6612
< 128.0
CSP violations generated links in the console tab of the developer tools, pointing to the violating resource. This caused a DNS pr
5.3MEDIUM
 CVE-2024-6611
< 128.0
A nested iframe, triggering a cross-site navigation, could send SameSite=Strict or Lax cookies. This vulnerability affects Firefox
9.8CRITICAL
 CVE-2024-6610
< 128.0
Form validation popups could capture escape key presses. Therefore, spamming form validation messages could be used to prevent use
4.3MEDIUM
 CVE-2024-6609
< 128.0
When almost out-of-memory an elliptic curve key which was never allocated could have been freed again. This vulnerability affects
8.8HIGH
 CVE-2024-6608
< 128.0
It was possible to move the cursor using pointerlock from an iframe. This allowed moving the cursor outside of the viewport and th
4.3MEDIUM
 CVE-2024-6607
< 128.0
It was possible to prevent a user from exiting pointerlock when pressing escape and to overlay customValidity notifications from a
8.8HIGH
 CVE-2024-6606
< 128.0
Clipboard code failed to check the index on an array access. This could have led to an out-of-bounds read. This vulnerability affe
8.2HIGH
 CVE-2024-6605
< 128.0
Firefox Android allowed immediate interaction with permission prompts. This could be used for tapjacking. This vulnerability affec
8.8HIGH
 CVE-2024-6604
< 126.0
Memory safety bugs present in Firefox 127, Firefox ESR 115.12, and Thunderbird 115.12. Some of these bugs showed evidence of memor
7.5HIGH
 CVE-2024-6603
< 128.0
In an out-of-memory scenario an allocation could fail but free would have been called on the pointer afterwards leading to memory
7.4HIGH
 CVE-2024-6602
< 128.0
A mismatch between allocator and deallocator could have led to memory corruption. This vulnerability affects Firefox < 128, Firefo
9.8CRITICAL
 CVE-2024-6601
< 128.0
A race condition could lead to a cross-origin container obtaining permissions of the top-level origin. This vulnerability affects
4.7MEDIUM
 CVE-2024-6600
< 128.0
Due to large allocation checks in Angle for GLSL shaders being too lenient an out-of-bounds access could occur when allocating mor
6.3MEDIUM
 CVE-2024-38313
< 127.0
In certain scenarios a malicious website could attempt to display a fake location URL bar which could mislead users as to the actu
4.3MEDIUM
 CVE-2024-38312
< 127.0
When browsing private tabs, some data related to location history or webpage thumbnails could be persisted incorrectly within the
6.5MEDIUM
 CVE-2024-5702
< 125.0
Memory corruption in the networking stack could have led to a potentially exploitable crash. This vulnerability affects Firefox <
7.5HIGH
 CVE-2024-5701
< 127.0
Memory safety bugs present in Firefox 126. Some of these bugs showed evidence of memory corruption and we presume that with enough
9.8CRITICAL
 CVE-2024-5700
< 127.0
Memory safety bugs present in Firefox 126, Firefox ESR 115.11, and Thunderbird 115.11. Some of these bugs showed evidence of memor
7.0HIGH
 CVE-2024-5699
< 127.0
In violation of spec, cookie prefixes such as __Secure were being ignored if they were not correctly capitalized - by spec they
9.8CRITICAL
 CVE-2024-5698
< 127
By manipulating the fullscreen feature while opening a data-list, an attacker could have overlaid a text box over the address bar.
6.1MEDIUM
 CVE-2024-5697
< 127
A website was able to detect when a user took a screenshot of a page using the built-in Screenshot functionality in Firefox. This
4.3MEDIUM
 CVE-2024-5696
< 127.0
By manipulating the text in an &lt;input&gt; tag, an attacker could have caused corrupt memory leading to a potentially exploita
8.6HIGH
 CVE-2024-5695
< 127.0
If an out-of-memory condition occurs at a specific point using allocations in the probabilistic heap checker, an assertion could h
9.8CRITICAL
 CVE-2024-5694
< 127.0
An attacker could have caused a use-after-free in the JavaScript engine to read memory in the JavaScript string section of the hea
7.5HIGH
 CVE-2024-5693
< 127.0
Offscreen Canvas did not properly track cross-origin tainting, which could be used to access image data from another site in viola
6.1MEDIUM
 CVE-2024-5692
< 127.0
On Windows 10, when using the 'Save As' functionality, an attacker could have tricked the browser into saving the file with a disa
6.5MEDIUM
 CVE-2024-5691
< 127.0
By tricking the browser with a X-Frame-Options header, a sandboxed iframe could have presented a button that, if clicked by a us
4.7MEDIUM
 CVE-2024-5690
< 127.0
By monitoring the time certain operations take, an attacker could have guessed which external protocol handlers were functional on
4.3MEDIUM
 CVE-2024-5689
< 127.0
In addition to detecting when a user was taking a screenshot (XXX), a website was able to overlay the 'My Shots' button that appea
4.3MEDIUM
 CVE-2024-5688
< 127.0
If a garbage collection was triggered at the right time, a use-after-free could have occurred during object transplant. This vulne
8.1HIGH
 CVE-2024-5687
< 127.0
If a specific sequence of actions is performed when opening a new tab, the triggering principal associated with the new tab may ha
5.3MEDIUM
 CVE-2024-4778
< 126.0
Memory safety bugs present in Firefox 125. Some of these bugs showed evidence of memory corruption and we presume that with enough
9.8CRITICAL
 CVE-2024-4777
< 126.0
Memory safety bugs present in Firefox 125, Firefox ESR 115.10, and Thunderbird 115.10. Some of these bugs showed evidence of memor
8.8HIGH
 CVE-2024-4776
< 126.0
A file dialog shown while in full-screen mode could have resulted in the window remaining disabled. This vulnerability affects Fir
8.2HIGH
 CVE-2024-4775
< 126.0
An iterator stop condition was missing when handling WASM code in the built-in profiler, potentially leading to invalid memory acc
5.9MEDIUM
 CVE-2024-4774
< 126.0
The ShmemCharMapHashEntry() code was susceptible to potentially undefined behavior by bypassing the move semantics for one of it
6.5MEDIUM
 CVE-2024-4773
< 126.0
When a network error occurred during page load, the prior content could have remained in view with a blank URL bar. This could hav
7.5HIGH
 CVE-2024-4772
< 126.0
An HTTP digest authentication nonce value was generated using rand() which could lead to predictable values. This vulnerability
5.9MEDIUM
 CVE-2024-4771
< 126.0
A memory allocation check was missing which would lead to a use-after-free if the allocation failed. This could have triggered a c
8.6HIGH
 CVE-2024-4770
< 126.0
When saving a page to PDF, certain font styles could have led to a potential use-after-free crash. This vulnerability affects Fire
8.8HIGH
 CVE-2024-4769
< 126.0
When importing resources using Web Workers, error messages would distinguish the difference between application/javascript respo
5.9MEDIUM
 CVE-2024-4768
< 126.0
A bug in popup notifications' interaction with WebAuthn made it easier for an attacker to trick a user into granting permissions.
6.1MEDIUM
 CVE-2024-4767
< 126.0
If the browser.privatebrowsing.autostart preference is enabled, IndexedDB files were not properly deleted when the window was cl
4.3MEDIUM
 CVE-2024-4766
< 126.0
Different techniques existed to obscure the fullscreen notification in Firefox for Android. These could have led to potential use
4.3MEDIUM
 CVE-2024-4765
< 126.0
Web application manifests were stored by using an insecure MD5 hash which allowed for a hash collision to overwrite another applic
8.1HIGH
 CVE-2024-4764
< 126.0
Multiple WebRTC threads could have claimed a newly connected audio input leading to use-after-free. This vulnerability affects Fir
9.8CRITICAL
 CVE-2024-4367
< 126.0
A type check was missing when handling fonts in PDF.js, which would allow arbitrary JavaScript execution in the PDF.js context. Th
8.8HIGH
 CVE-2024-3865
< 125.0
Memory safety bugs present in Firefox 124. Some of these bugs showed evidence of memory corruption and we presume that with enough
8.1HIGH
 CVE-2024-3864
< 125.0
Memory safety bug present in Firefox 124, Firefox ESR 115.9, and Thunderbird 115.9. This bug showed evidence of memory corruption
8.1HIGH
 CVE-2024-3863
< 125.0
The executable file warning was not presented when downloading .xrm-ms files. *Note: This issue only affected Windows operating
9.8CRITICAL
 CVE-2024-3862
< 125.0
The MarkStack assignment operator, part of the JavaScript engine, could access uninitialized memory if it were used in a self-assi
5.3MEDIUM
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh  ·  Open-source threat intelligence platform  ·  100+ authoritative sources  ·  Every fact traces to its origin