CVE-2024-9398

< 128.3.0

By checking the result of calls to window.open with specifically set protocol handlers, an attacker could determine if the appli

5.3MEDIUM

CVE-2024-9397

< 128.3.0

A missing delay in directory upload UI could have made it possible for an attacker to trick a user into granting permission via cl

6.1MEDIUM

CVE-2024-9394

< 115.16.0

An attacker could, via a specially crafted multipart response, execute arbitrary JavaScript under the resource://devtools origin

7.5HIGH

CVE-2024-9393

< 115.16.0

An attacker could, via a specially crafted multipart response, execute arbitrary JavaScript under the resource://pdf.js origin.

7.5HIGH

CVE-2024-8387

all versions

Memory safety bugs present in Firefox 129, Firefox ESR 128.1, and Thunderbird 128.1. Some of these bugs showed evidence of memory

9.8CRITICAL

CVE-2024-8386

< 128.2

If a site had been granted the permission to open popup windows, it could cause Select elements to appear on top of another site t

6.1MEDIUM

CVE-2024-8385

< 128.2

A difference in the handling of StructFields and ArrayTypes in WASM could be used to trigger an exploitable type confusion vulnera

9.8CRITICAL

CVE-2024-8384

< 115.15

The JavaScript garbage collector could mis-color cross-compartment objects if OOM conditions were detected at the right point betw

9.8CRITICAL

CVE-2024-8383

< 115.15

Firefox normally asks for confirmation before asking the operating system to find an application to handle a scheme that the brows

7.5HIGH

CVE-2024-8382

< 115.15

Internal browser event interfaces were exposed to web content when privileged EventHandler listener callbacks ran for those events

8.8HIGH

CVE-2024-8381

< 115.15

A potentially exploitable type confusion could be triggered when looking up a property name on an object being used as the with

9.8CRITICAL

CVE-2024-7531

< 115.14.0

Calling PK11_Encrypt() in NSS using CKM_CHACHA20 and the same buffer for input and output can result in plaintext on an Intel Sa

6.5MEDIUM

CVE-2024-7529

< 115.14.0

The date picker could partially obscure security prompts. This could be used by a malicious site to trick a user into granting per

6.5MEDIUM

CVE-2024-7528

< 128.1.0

Incorrect garbage collection interaction in IndexedDB could have led to a use-after-free. This vulnerability affects Firefox < 129

8.8HIGH

CVE-2024-7527

< 115.14.0

Unexpected marking work at the start of sweeping could have led to a use-after-free. This vulnerability affects Firefox < 129, Fir

8.8HIGH

CVE-2024-7526

< 115.14.0

ANGLE failed to initialize parameters which lead to reading from uninitialized memory. This could be leveraged to leak sensitive d

6.5MEDIUM

CVE-2024-7525

< 115.14.0

It was possible for a web extension with minimal permissions to create a StreamFilter which could be used to read and modify the

8.1HIGH

CVE-2024-7524

< 115.14

Firefox adds web-compatibility shims in place of some tracking scripts blocked by Enhanced Tracking Protection. On a site protect

6.1MEDIUM

CVE-2024-7522

< 115.14.0

Editor code failed to check an attribute value. This could have led to an out-of-bounds read. This vulnerability affects Firefox <

8.8HIGH

CVE-2024-7521

< 115.14.0

Incomplete WebAssembly exception handing could have led to a use-after-free. This vulnerability affects Firefox < 129, Firefox ESR

8.8HIGH

CVE-2024-7520

< 128.1.0

A type confusion bug in WebAssembly could be leveraged by an attacker to potentially achieve code execution. This vulnerability af

8.8HIGH

CVE-2024-7519

< 115.14.0

Insufficient checks when processing graphics shared memory could have led to memory corruption. This could be leveraged by an atta

9.6CRITICAL

CVE-2024-7518

< 128.1

Select options could obscure the fullscreen notification dialog. This could be used by a malicious site to perform a spoofing atta

6.5MEDIUM

CVE-2024-5691

< 115.12

By tricking the browser with a X-Frame-Options header, a sandboxed iframe could have presented a button that, if clicked by a us

4.7MEDIUM

CVE-2024-5690

< 115.12

By monitoring the time certain operations take, an attacker could have guessed which external protocol handlers were functional on

4.3MEDIUM

CVE-2024-0755

< 115.7

Memory safety bugs present in Firefox 121, Firefox ESR 115.6, and Thunderbird 115.6. Some of these bugs showed evidence of memory

8.8HIGH

CVE-2024-0753

< 115.7

In specific HSTS configurations an attacker could have bypassed HSTS on a subdomain. This vulnerability affects Firefox < 122, Fir

6.5MEDIUM

CVE-2024-0751

< 115.7

A malicious devtools extension could have been used to escalate privileges. This vulnerability affects Firefox < 122, Firefox ESR

8.8HIGH

CVE-2024-0750

< 115.7

A bug in popup notifications delay calculation could have made it possible for an attacker to trick a user into granting permissio

8.8HIGH

CVE-2024-0749

< 115.7

A phishing site could have repurposed an about: dialog to show phishing content with an incorrect origin in the address bar. Thi

4.3MEDIUM

CVE-2024-0747

< 115.7

When a parent page loaded a child in an iframe with unsafe-inline, the parent Content Security Policy could have overridden the

6.5MEDIUM

CVE-2024-0746

< 115.7

A Linux user opening the print preview dialog could have caused the browser to crash. This vulnerability affects Firefox < 122, Fi

6.5MEDIUM

CVE-2024-0742

< 115.7

It was possible for certain browser prompts and dialogs to be activated or dismissed unintentionally by the user due to an incorre

4.3MEDIUM

CVE-2024-0741

< 115.7

An out of bounds write in ANGLE could have allowed an attacker to corrupt memory leading to a potentially exploitable crash. This

6.5MEDIUM

CVE-2023-6867

< 115.6

The timing of a button click causing a popup to disappear was approximately the same length as the anti-clickjacking delay on perm

6.1MEDIUM

CVE-2023-6865

< 115.6

EncryptingOutputStream was susceptible to exposing uninitialized data. This issue could only be abused in order to write data t

6.5MEDIUM

CVE-2023-6864

< 115.6

Memory safety bugs present in Firefox 120, Firefox ESR 115.5, and Thunderbird 115.5. Some of these bugs showed evidence of memory

8.8HIGH

CVE-2023-6863

< 115.6

The ShutdownObserver() was susceptible to potentially undefined behavior due to its reliance on a dynamic type that lacked a vir

8.8HIGH

CVE-2023-6862

< 115.6

A use-after-free was identified in the nsDNSService::Init. This issue appears to manifest rarely during start-up. This vulnerab

8.8HIGH

CVE-2023-6861

< 115.6

The nsWindow::PickerOpen(void) method was susceptible to a heap buffer overflow when running in headless mode. This vulnerabilit

8.8HIGH

CVE-2023-6860

< 115.6

The VideoBridge allowed any content process to use textures produced by remote decoders. This could be abused to escape the san

6.5MEDIUM

CVE-2023-6859

< 115.6

A use-after-free condition affected TLS socket creation when under memory pressure. This vulnerability affects Firefox ESR < 115.6

8.8HIGH

CVE-2023-6858

< 115.6

Firefox was susceptible to a heap buffer overflow in nsTextFragment due to insufficient OOM handling. This vulnerability affects

8.8HIGH

CVE-2023-6857

< 115.6

When resolving a symlink, a race may occur where the buffer passed to readlink may actually be smaller than necessary. *This bu

5.3MEDIUM

CVE-2023-6856

< 115.6

The WebGL DrawElementsInstanced method was susceptible to a heap buffer overflow when used on systems with the Mesa VM driver.

8.8HIGH

CVE-2023-6212

< 115.5.0

Memory safety bugs present in Firefox 119, Firefox ESR 115.4, and Thunderbird 115.4. Some of these bugs showed evidence of memory

8.8HIGH

CVE-2023-6209

< 115.5.0

Relative URLs starting with three slashes were incorrectly parsed, and a path-traversal "/../" part in the path could be used to o

6.5MEDIUM

CVE-2023-6208

< 115.5.0

When using X11, text selected by the page using the Selection API was erroneously copied into the primary selection, a temporary s

8.8HIGH

CVE-2023-6207

< 115.5.0

Ownership mismanagement led to a use-after-free in ReadableByteStreams This vulnerability affects Firefox < 120, Firefox ESR < 115

8.8HIGH

CVE-2023-6206

< 115.5.0

The black fade animation when exiting fullscreen is roughly the length of the anti-clickjacking delay on permission prompts. It wa

5.4MEDIUM

CVE-2023-6205

< 115.5.0

It was possible to cause the use of a MessagePort after it had already been freed, which could potentially have led to an exploita

6.5MEDIUM

CVE-2023-6204

< 115.5.0

On some systems-depending on the graphics settings and drivers-it was possible to force an out-of-bounds read and leak memory data

6.5MEDIUM

CVE-2023-5732

< 115.4.1

An attacker could have created a malicious link using bidirectional characters to spoof the location in the address bar when visit

6.5MEDIUM

CVE-2023-5730

< 115.4

Memory safety bugs present in Firefox 118, Firefox ESR 115.3, and Thunderbird 115.3. Some of these bugs showed evidence of memory

9.8CRITICAL

CVE-2023-5728

< 115.4

During garbage collection extra operations were performed on a object that should not be. This could have led to a potentially exp

7.5HIGH

CVE-2023-5727

< 115.4

The executable file warning was not presented when downloading .msix, .msixbundle, .appx, and .appxbundle files, which can run com

6.5MEDIUM

CVE-2023-5726

< 115.4

A website could have obscured the full screen notification by using the file open dialog. This could have led to user confusion an

4.3MEDIUM

CVE-2023-5725

< 115.4

A malicious installed WebExtension could open arbitrary URLs, which under the right circumstance could be leveraged to collect sen

4.3MEDIUM

CVE-2023-5724

< 115.4

Drivers are not always robust to extremely large draw calls and in some cases this scenario could have led to a crash. This vulner

7.5HIGH

CVE-2023-5721

< 115.4

It was possible for certain browser prompts and dialogs to be activated or dismissed unintentionally by the user due to an insuffi

4.3MEDIUM

CVE-2023-5176

< 115.3

Memory safety bugs present in Firefox 117, Firefox ESR 115.2, and Thunderbird 115.2. Some of these bugs showed evidence of memory

9.8CRITICAL

CVE-2023-5174

< 115.3

If Windows failed to duplicate a handle during process creation, the sandbox code may have inadvertently freed a pointer twice, re

9.8CRITICAL

CVE-2023-5171

< 115.3

During Ion compilation, a Garbage Collection could have resulted in a use-after-free condition, allowing an attacker to write two

6.5MEDIUM

CVE-2023-5169

< 115.3

A compromised content process could have provided malicious data in a PathRecording resulting in an out-of-bounds write, leading

6.5MEDIUM

CVE-2023-5168

< 115.3

A compromised content process could have provided malicious data to FilterNodeD2D1 resulting in an out-of-bounds write, leading

9.8CRITICAL

CVE-2023-4585

< 115.2

Memory safety bugs present in Firefox 116, Firefox ESR 115.1, and Thunderbird 115.1. Some of these bugs showed evidence of memory

8.8HIGH

CVE-2023-4584

< 102.15

Memory safety bugs present in Firefox 116, Firefox ESR 102.14, Firefox ESR 115.1, Thunderbird 102.14, and Thunderbird 115.1. Some

8.8HIGH

CVE-2023-4583

< 115.2

When checking if the Browsing Context had been discarded in HttpBaseChannel, if the load group was not available then it was ass

7.5HIGH

CVE-2023-4582

< 115.2

Due to large allocation checks in Angle for glsl shaders being too lenient a buffer overflow could have occurred when allocating t

8.8HIGH

CVE-2023-4581

< 102.15

Excel .xll add-in files did not have a blocklist entry in Firefox's executable blocklist which allowed them to be downloaded wit

4.3MEDIUM

CVE-2023-4580

< 115.2

Push notifications stored on disk in private browsing mode were not being encrypted potentially allowing the leak of sensitive inf

6.5MEDIUM

CVE-2023-4578

< 115.2

When calling JS::CheckRegExpSyntax a Syntax Error could have been set which would end in calling convertToRuntimeErrorAndClear

6.5MEDIUM

CVE-2023-4577

< 115.2

When UpdateRegExpStatics attempted to access initialStringHeap it could already have been garbage collected prior to entering

6.5MEDIUM

CVE-2023-4576

< 102.15

On Windows, an integer overflow could occur in RecordedSourceSurfaceCreation which resulted in a heap buffer overflow potentiall

8.6HIGH

CVE-2023-4575

< 102.15

When creating a callback over IPC for showing the File Picker window, multiple of the same callbacks could have been created at a

6.5MEDIUM

CVE-2023-4574

< 102.15

When creating a callback over IPC for showing the Color Picker window, multiple of the same callbacks could have been created at a

6.5MEDIUM

CVE-2023-4573

< 102.15

When receiving rendering data over IPC mStream could have been destroyed when initialized, which could have led to a use-after-f

6.5MEDIUM

CVE-2023-4057

< 115.1

Memory safety bugs present in Firefox 115, Firefox ESR 115.0, and Thunderbird 115.0. Some of these bugs showed evidence of memory

9.8CRITICAL

CVE-2023-4052

< 115.1

The Firefox updater created a directory writable by non-privileged users. When uninstalling Firefox, any files in that directory w

6.5MEDIUM

CVE-2023-3600

< 115.0.2

During the worker lifecycle, a use-after-free condition could have occurred, which could have led to a potentially exploitable cra

8.8HIGH

CVE-2023-37211

< 102.13

Memory safety bugs present in Firefox 114, Firefox ESR 102.12, and Thunderbird 102.12. Some of these bugs showed evidence of memor

8.8HIGH

CVE-2023-37208

< 102.13

When opening Diagcab files, Firefox did not warn the user that these files may contain malicious code. This vulnerability affects

7.8HIGH

CVE-2023-37207

< 102.13

A website could have obscured the fullscreen notification by using a URL with a scheme handled by an external program, such as a m

6.5MEDIUM

CVE-2023-37202

< 102.13

Cross-compartment wrappers wrapping a scripted proxy could have caused objects from other compartments to be stored in the main co

8.8HIGH

CVE-2023-37201

< 102.13

An attacker could have triggered a use-after-free condition when creating a WebRTC connection over HTTPS. This vulnerability affec

8.8HIGH

CVE-2023-34416

< 102.12

Memory safety bugs present in Firefox 113, Firefox ESR 102.11, and Thunderbird 102.12. Some of these bugs showed evidence of memor

9.8CRITICAL

CVE-2023-34414

< 102.12

The error page for sites with invalid TLS certificates was missing the activation-delay Firefox uses to protect prompts and permis

3.1LOW

CVE-2023-29545

< 102.10

Similar to CVE-2023-28163, this time when choosing 'Save Link As', suggested filenames containing environment variable names would

6.5MEDIUM

CVE-2023-29542

< 102.10

A newline in a filename could have been used to bypass the file extension security mechanisms that replace malicious file extensio

9.8CRITICAL

CVE-2023-32214

< 102.11

Protocol handlers ms-cxh and ms-cxh-full could have been leveraged to trigger a denial of service. *Note: This attack only aff

7.5HIGH

CVE-2023-29532

< 102.10

A local attacker can trick the Mozilla Maintenance Service into applying an unsigned update file by pointing the service at an upd

5.5MEDIUM

CVE-2023-29531

< 102.10

An attacker could have caused an out of bounds memory access using WebGL APIs, leading to memory corruption and a potentially expl

9.8CRITICAL

CVE-2023-32215

< 102.11

Mozilla developers and community members Gabriele Svelto, Andrew Osmond, Emily McDonough, Sebastian Hengst, Andrew McCreight and t

8.8HIGH

CVE-2023-32213

< 102.11

When reading a file, an uninitialized value could have been used as read limit. This vulnerability affects Firefox < 113, Firefox

8.8HIGH

CVE-2023-32212

< 102.11

An attacker could have positioned a datalist element to obscure the address bar. This vulnerability affects Firefox < 113, Firef

4.3MEDIUM

CVE-2023-32211

< 102.11

A type checking bug would have led to invalid code being compiled. This vulnerability affects Firefox < 113, Firefox ESR < 102.11,

6.5MEDIUM

CVE-2023-32207

< 102.11

A missing delay in popup notifications could have made it possible for an attacker to trick a user into granting permissions. This

8.8HIGH

CVE-2023-32206

< 102.11

An out-of-bound read could have led to a crash in the RLBox Expat driver. This vulnerability affects Firefox < 113, Firefox ESR <

6.5MEDIUM

CVE-2023-32205

< 102.11

In multiple cases browser prompts could have been obscured by popups controlled by content. These could have led to potential user

4.3MEDIUM

CVE-2023-29550

< 102.10

Memory safety bugs present in Firefox 111 and Firefox ESR 102.9. Some of these bugs showed evidence of memory corruption and we pr

8.8HIGH

CVE-2023-29548

< 102.10

A wrong lowering instruction in the ARM64 Ion compiler resulted in a wrong optimization result. This vulnerability affects Firefox

6.5MEDIUM

CVE-2023-29547

< 102.10

When a secure cookie existed in the Firefox cookie jar an insecure cookie for the same domain could have been created, when it sho

6.5MEDIUM

CVE-2023-29541

< 102.10

Firefox did not properly handle downloads of files ending in .desktop, which can be interpreted to run attacker-controlled command

8.8HIGH

CVE-2023-29539

< 102.10

When handling the filename directive in the Content-Disposition header, the filename would be truncated if the filename contained

8.8HIGH

CVE-2023-29536

< 102.10

An attacker could cause the memory manager to incorrectly free a pointer that addresses attacker-controlled memory, resulting in a

8.8HIGH

CVE-2023-29535

< 102.10

Following a Garbage Collector compaction, weak maps may have been accessed before they were correctly traced. This resulted in mem

6.5MEDIUM

CVE-2023-29533

< 102.10

A website could have obscured the fullscreen notification by using a combination of window.open, fullscreen requests, window.name

4.3MEDIUM

CVE-2023-28176

< 102.9

Memory safety bugs present in Firefox 110 and Firefox ESR 102.8. Some of these bugs showed evidence of memory corruption and we pr

8.8HIGH

CVE-2023-28164

< 102.9

Dragging a URL from a cross-origin iframe that was removed during the drag could have led to user confusion and website spoofing a

6.5MEDIUM

CVE-2023-28163

< 102.9

When downloading files through the Save As dialog on Windows with suggested filenames containing environment variable names, Windo

6.5MEDIUM

CVE-2023-28162

< 102.9

While implementing AudioWorklets, some code may have casted one type to another, invalid, dynamic type. This could have led to a p

8.8HIGH

CVE-2023-25752

< 102.9

When accessing throttled streams, the count of available bytes needed to be checked in the calling function to be within bounds. T

6.5MEDIUM

CVE-2023-25751

< 102.9

Sometimes, when invalidating JIT code while following an iterator, the newly generated code could be overwritten incorrectly. This

6.5MEDIUM

CVE-2023-25746

< 102.8

Memory safety bugs present in Firefox ESR 102.7. Some of these bugs showed evidence of memory corruption and we presume that with

8.8HIGH

CVE-2023-25744

< 102.8

Mmemory safety bugs present in Firefox 109 and Firefox ESR 102.7. Some of these bugs showed evidence of memory corruption and we p

8.8HIGH

CVE-2023-25742

< 102.8

When importing a SPKI RSA public key as ECDSA P-256, the key would be handled incorrectly causing the tab to crash. This vulnerabi

6.5MEDIUM

CVE-2023-25739

< 102.8

Module load requests that failed were not being checked as to whether or not they were cancelled causing a use-after-free in Scrip

8.8HIGH

CVE-2023-25738

< 102.8

Members of the DEVMODEW struct set by the printer device driver weren't being validated and could have resulted in invalid values

6.5MEDIUM

CVE-2023-25737

< 102.8

An invalid downcast from nsTextNode to SVGElement could have lead to undefined behavior. This vulnerability affects Firefox < 110,

8.8HIGH

CVE-2023-25735

< 102.8

Cross-compartment wrappers wrapping a scripted proxy could have caused objects from other compartments to be stored in the main co

8.8HIGH

CVE-2023-25734

< 102.8

After downloading a Windows .url shortcut from the local filesystem, an attacker could supply a remote path that would lead to une

8.1HIGH

CVE-2023-25732

< 102.8

When encoding data from an inputStream in xpcom the size of the input being encoded was not correctly calculated potentially leadi

8.8HIGH

CVE-2023-25730

< 102.8

A background script invoking requestFullscreen and then blocking the main thread could force the browser into fullscreen mode inde

5.4MEDIUM

CVE-2023-25729

< 102.8

Permission prompts for opening external schemes were only shown for ContentPrincipals resulting in extensions being able to open t

8.8HIGH

CVE-2023-25728

< 102.8

The Content-Security-Policy-Report-Only header could allow an attacker to leak a child iframe's unredacted URI when interaction wi

6.5MEDIUM

CVE-2023-23605

< 102.7

Mozilla developers and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 108 and Firefox ESR 102.6. Some of

8.8HIGH

CVE-2023-23603

< 102.7

Regular expressions used to filter out forbidden properties and values from style directives in calls to console.log weren't acc

6.5MEDIUM

CVE-2023-23602

< 102.7

A mishandled security check when creating a WebSocket in a WebWorker caused the Content Security Policy connect-src header to be i

6.5MEDIUM

CVE-2023-23601

< 102.7

Navigations were being allowed when dragging a URL from a cross-origin iframe into the same tab which could lead to website spoofi

6.5MEDIUM

CVE-2023-23599

< 102.7

When copying a network request from the developer tools panel as a curl command the output was not being properly sanitized and co

6.5MEDIUM

CVE-2023-23598

< 102.7

Due to the Firefox GTK wrapper code's use of text/plain for drag data and GTK treating all text/plain MIMEs containing file URLs a

6.5MEDIUM

CVE-2023-1945

< 102.10

Unexpected data returned from the Safe Browsing API could have led to memory corruption and a potentially exploitable crash. This

6.5MEDIUM

CVE-2023-0767

< 102.8

An attacker could construct a PKCS 12 cert bundle in such a way that could allow for arbitrary memory writes via PKCS 12 Safe Bag

8.8HIGH

CVE-2020-12413

< 68.10.0

The Raccoon attack is a timing attack on DHE ciphersuites inherit in the TLS specification. To mitigate this vulnerability, Firefo

5.9MEDIUM

CVE-2022-46882

< 102.6

A use-after-free in WebGL extensions could have led to a potentially exploitable crash. This vulnerability affects Firefox < 107,

9.8CRITICAL

CVE-2022-46881

< 102.6

An optimization in WebGL was incorrect in some cases, and could have led to memory corruption and a potentially exploitable crash.

8.8HIGH

CVE-2022-46880

< 102.6

A missing check related to tex units could have led to a use-after-free and potentially exploitable crash.<br />Note: This advis

6.5MEDIUM

CVE-2022-46878

< 102.6

Mozilla developers Randell Jesup, Valentin Gosu, Olli Pettay, and the Mozilla Fuzzing Team reported memory safety bugs present in

8.8HIGH

CVE-2022-46875

< 102.6

The executable file warning was not presented when downloading .atloc and .ftploc files, which can run commands on a user's comput

6.5MEDIUM

CVE-2022-46874

< 102.6

A file with a long filename could have had its filename truncated to remove the valid extension, leaving a malicious extension in

8.8HIGH

CVE-2022-46872

< 102.6

An attacker who compromised a content process could have partially escaped the sandbox to read arbitrary files via clipboard-relat

8.6HIGH

CVE-2022-45421

< 102.5

Mozilla developers Andrew McCreight and Gabriele Svelto reported memory safety bugs present in Thunderbird 102.4. Some of these bu

8.8HIGH

CVE-2022-45420

< 102.5

Use tables inside of an iframe, an attacker could have caused iframe contents to be rendered outside the boundaries of the iframe,

6.5MEDIUM

CVE-2022-45418

< 102.5

If a custom mouse cursor is specified in CSS, under certain circumstances the cursor could have been drawn over the browser UI, re

6.1MEDIUM

CVE-2022-45416

< 102.5

Keyboard events reference strings like "KeyA" that were at fixed, known, and widely-spread addresses. Cache-based timing attacks s

6.5MEDIUM

CVE-2022-45412

< 102.5

When resolving a symlink such as file:///proc/self/fd/1, an error message may be produced where the symlink was resolved to a stri

8.8HIGH

CVE-2022-45411

< 102.5

Cross-Site Tracing occurs when a server will echo a request back via the Trace method, allowing an XSS attack to access to authori

6.1MEDIUM

CVE-2022-45410

< 102.5

When a ServiceWorker intercepted a request with FetchEvent, the origin of the request was lost after the ServiceWorker took owners

6.5MEDIUM

CVE-2022-45409

< 102.5

The garbage collector could have been aborted in several states and zones and GCRuntime::finishCollection may not have been called

8.8HIGH

CVE-2022-45408

< 102.5

Through a series of popups that reuse windowName, an attacker can cause a window to go fullscreen without the user seeing the noti

6.5MEDIUM

CVE-2022-45406

< 102.5

If an out-of-memory condition occurred when creating a JavaScript global, a JavaScript realm may be deleted while references to it

9.8CRITICAL

CVE-2022-45405

< 102.5

Freeing arbitrary nsIInputStream's on a different thread than creation could have led to a use-after-free and potentially exploita

6.5MEDIUM

CVE-2022-45404

< 102.5

Through a series of popup and window.print() calls, an attacker can cause a window to go fullscreen without the user seeing the no

6.5MEDIUM

CVE-2022-45403

< 102.5

Service Workers should not be able to infer information about opaque cross-origin responses; but timing information for cross-orig

6.5MEDIUM

CVE-2022-42932

< 102.4

Mozilla developers Ashley Hale and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 105 and Firefox ESR 102

8.8HIGH

CVE-2022-42929

< 102.4

If a website called window.print() in a particular way, it could cause a denial of service of the browser, which may persist bey

6.5MEDIUM

CVE-2022-42928

< 102.4

Certain types of allocations were missing annotations that, if the Garbage Collector was in a specific state, could have lead to m

8.8HIGH

CVE-2022-42927

< 102.4

A same-origin policy violation could have allowed the theft of cross-origin URL entries, leaking the result of a redirect, via `pe

8.1HIGH

CVE-2022-40962

< 102.3

Mozilla developers Nika Layzell, Timothy Nikkel, Sebastian Hengst, Andreas Pehrson, and the Mozilla Fuzzing Team reported memory s

8.8HIGH

CVE-2022-40960

< 102.3

Concurrent use of the URL parser with non-UTF-8 data was not thread-safe. This could lead to a use-after-free causing a potentiall

6.5MEDIUM

CVE-2022-40959

< 102.3

During iframe navigation, certain pages did not have their FeaturePolicy fully initialized leading to a bypass that leaked device

6.5MEDIUM

CVE-2022-40958

< 102.3

By injecting a cookie with certain special characters, an attacker on a shared subdomain which is not a secure context could set a

6.5MEDIUM

CVE-2022-40957

< 102.3

Inconsistent data in instruction and data cache when creating wasm code could lead to a potentially exploitable crash.<br>*This bu

6.5MEDIUM

CVE-2022-40956

< 102.3

When injecting an HTML base element, some requests would ignore the CSP's base-uri settings and accept the injected element's base

6.1MEDIUM

CVE-2022-3266

< 102.3

An out-of-bounds read can occur when decoding H264 video. This results in a potentially exploitable crash. This vulnerability affe

5.5MEDIUM

CVE-2022-38478

< 91.13

Members the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 103, Firefox ESR 102.1, and Firefox ESR 91.12. Som

8.8HIGH

CVE-2022-38477

< 102.2

Mozilla developer Nika Layzell and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 103 and Firefox ESR 102

8.8HIGH

CVE-2022-38476

< 102.2

A data race could occur in the PK11_ChangePW function, potentially leading to a use-after-free vulnerability. In Firefox, this loc

7.5HIGH

CVE-2022-38473

< 91.13

A cross-origin iframe referencing an XSLT document would inherit the parent domain's permissions (such as microphone or camera acc

8.8HIGH

CVE-2022-36319

< 102.1

When combining CSS properties for overflow and transform, the mouse cursor could interact with different coordinates than displaye

7.5HIGH

CVE-2022-36318

< 102.1

When visiting directory listings for chrome:// URLs as source text, some parameters were reflected. This vulnerability affects F

5.3MEDIUM

CVE-2022-36314

< 102.1

When opening a Windows shortcut from the local filesystem, an attacker could supply a remote path that would lead to unexpected ne

5.5MEDIUM

CVE-2022-34484

< 91.11

The Mozilla Fuzzing Team reported potential vulnerabilities present in Thunderbird 91.10. Some of these bugs showed evidence of me

8.8HIGH

CVE-2022-34481

< 91.11

In the nsTArray_Impl::ReplaceElementsAt() function, an integer overflow could have occurred when the number of elements to replace

8.8HIGH

CVE-2022-34479

< 91.11

A malicious website that could create a popup could have resized the popup to overlay the address bar with its own content, result

6.5MEDIUM

CVE-2022-34478

< 91.11

The ms-msdt, search, and search-ms protocols deliver content to Microsoft applications, bypassing the browser, when a user accepts

6.5MEDIUM

CVE-2022-34472

< 91.11

If there was a PAC URL set and the server that hosts the PAC was not reachable, OCSP requests would have been blocked, resulting i

4.3MEDIUM

CVE-2022-34470

< 91.11

Session history navigations may have led to a use-after-free and potentially exploitable crash. This vulnerability affects Firefox

9.8CRITICAL

CVE-2022-34468

< 91.11

An iframe that was not permitted to run scripts could do so if the user clicked on a javascript: link. This vulnerability affects

8.8HIGH

CVE-2022-31747

< 91.10

Mozilla developers Andrew McCreight, Nicolas B. Pierron, and the Mozilla Fuzzing Team reported memory safety bugs present in Firef

9.8CRITICAL

CVE-2022-31744

< 91.11

An attacker could have injected CSS into stylesheets accessible via internal URIs, such as resource:, and in doing so bypass a pag

6.5MEDIUM

CVE-2022-31742

< 91.10

An attacker could have exploited a timing attack by sending a large number of allowCredential entries and detecting the difference

6.5MEDIUM

CVE-2022-31741

< 91.10

A crafted CMS message could have been processed incorrectly, leading to an invalid memory read, and potentially further memory cor

8.8HIGH

CVE-2022-31740

< 91.10

On arm64, WASM code could have resulted in incorrect assembly generation leading to a register allocation problem, and a potential

8.8HIGH

CVE-2022-31739

< 91.10

When downloading files on Windows, the % character was not escaped, which could have lead to a download incorrectly being saved to

8.8HIGH

CVE-2022-31738

< 91.10

When exiting fullscreen mode, an iframe could have confused the browser about the current state of fullscreen, resulting in potent

6.5MEDIUM

CVE-2022-31737

< 91.10

A malicious webpage could have caused an out-of-bounds write in WebGL, leading to memory corruption and a potentially exploitable

9.8CRITICAL

CVE-2022-31736

< 91.10

A malicious website could have learned the size of a cross-origin resource that supported Range requests. This vulnerability affec

9.8CRITICAL

CVE-2022-2505

< 102.1

Mozilla developers and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 102. Some of these bugs showed evid

8.8HIGH

CVE-2022-2200

< 91.11

If an object prototype was corrupted by an attacker, they would have been able to set undesired attributes on a JavaScript object,

8.8HIGH

CVE-2022-29917

< 91.9

Mozilla developers Andrew McCreight, Gabriele Svelto, Tom Ritter and the Mozilla Fuzzing Team reported memory safety bugs present

9.8CRITICAL

CVE-2022-29916

< 91.9

Firefox behaved slightly differently for already known resources when loading CSS resources involving CSS variables. This could ha

6.5MEDIUM

CVE-2022-29914

< 91.9

When reusing existing popups Firefox would have allowed them to cover the fullscreen notification UI, which could have enabled bro

6.5MEDIUM

CVE-2022-29912

< 91.9

Requests initiated through reader mode did not properly omit cookies with a SameSite attribute. This vulnerability affects Thunder

6.1MEDIUM

CVE-2022-29911

< 91.9

An improper implementation of the new iframe sandbox keyword allow-top-navigation-by-user-activation could lead to script executio

6.1MEDIUM

CVE-2022-29909

< 91.9

Documents in deeply-nested cross-origin browsing contexts could have obtained permissions granted to the top-level origin, bypassi

8.8HIGH

CVE-2022-28289

< 91.8

Mozilla developers and community members Nika Layzell, Andrew McCreight, Gabriele Svelto, and the Mozilla Fuzzing Team reported me

8.8HIGH

CVE-2022-28286

< 91.8

Due to a layout change, iframe contents could have been rendered outside of its border. This could have led to user confusion or s

5.4MEDIUM

CVE-2022-28285

< 91.8

When generating the assembly code for MLoadTypedArrayElementHole, an incorrect AliasSet was used. In conjunction with another vuln

6.5MEDIUM

CVE-2022-28282

< 91.8

By using a link with rel="localization" a use-after-free could have been triggered by destroying an object during JavaScript execu

6.5MEDIUM

CVE-2022-28281

< 91.8

If a compromised content process sent an unexpected number of WebAuthN Extensions in a Register command to the parent process, an

8.8HIGH

CVE-2022-26387

< 91.7

When installing an add-on, Firefox verified the signature before prompting the user; but while the user was confirming the prompt,

7.5HIGH

CVE-2022-26386

< 91.7

Previously Firefox for macOS and Linux would download temporary files to a user-specific directory in /tmp, but this behavior was

6.5MEDIUM

CVE-2022-26384

< 91.7

If an attacker could control the contents of an iframe sandboxed with allow-popups but not allow-scripts, they were able to craft

9.6CRITICAL

CVE-2022-26383

< 91.7

When resizing a popup after requesting fullscreen access, the popup would not display the fullscreen notification. This vulnerabil

4.3MEDIUM

CVE-2022-26381

< 91.7

An attacker could have caused a use-after-free by forcing a text reflow in an SVG object leading to a potentially exploitable cras

8.8HIGH

CVE-2022-22764

< 91.6

Mozilla developers Paul Adenot and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 96 and Firefox ESR 91.5

8.8HIGH

CVE-2022-22763

< 91.6

When a worker is shutdown, it was possible to cause script to run late in the lifecycle, at a point after where it should not be p

8.8HIGH

CVE-2022-22761

< 91.6

Web-accessible extension pages (pages with a moz-extension:// scheme) were not correctly enforcing the frame-ancestors directive w

8.8HIGH

CVE-2022-22760

< 91.6

When importing resources using Web Workers, error messages would distinguish the difference between application/javascript respons

6.5MEDIUM

CVE-2022-22759

< 91.6

If a document created a sandboxed iframe without allow-scripts, and subsequently appended an element to the iframe's document that

9.6CRITICAL

CVE-2022-22756

< 91.6

If a user was convinced to drag and drop an image to their desktop or other folder, the resulting object could have been changed i

8.8HIGH

CVE-2022-22754

< 91.6

If a user installed an extension of a particular type, the extension could have auto-updated itself and while doing so, bypass the

6.5MEDIUM

CVE-2022-22753

< 91.6

A Time-of-Check Time-of-Use bug existed in the Maintenance (Updater) Service that could be abused to grant Users write access to a

7.1HIGH

CVE-2022-22751

< 91.5

Mozilla developers Calixte Denizet, Kershaw Chang, Christian Holler, Jason Kratzer, Gabriele Svelto, Tyson Smith, Simon Giesecke,

8.8HIGH

CVE-2022-22748

< 91.5

Malicious websites could have confused Firefox into showing the wrong origin when asking to launch a program and handling an exter

6.5MEDIUM

CVE-2022-22747

< 91.5

After accepting an untrusted certificate, handling an empty pkcs7 sequence as part of the certificate data could have lead to a cr

6.5MEDIUM

CVE-2022-22746

< 91.5

A race condition could have allowed bypassing the fullscreen notification which could have lead to a fullscreen window spoof being

5.9MEDIUM

CVE-2022-22745

< 91.5

Securitypolicyviolation events could have leaked cross-origin information for frame-ancestors violations. This vulnerability affec

6.5MEDIUM

CVE-2022-22744

< 91.5

The constructed curl command from the "Copy as curl" feature in DevTools was not properly escaped for PowerShell. This could have

8.8HIGH

CVE-2022-22743

< 91.5

When navigating from inside an iframe while requesting fullscreen access, an attacker-controlled tab could have made the browser u

4.3MEDIUM

CVE-2022-22742

< 91.5

When inserting text while in edit mode, some characters might have lead to out-of-bounds memory access causing a potentially explo

6.5MEDIUM

CVE-2022-22741

< 91.5

When resizing a popup while requesting fullscreen access, the popup would have become unable to leave fullscreen mode. This vulner

7.5HIGH

CVE-2022-22740

< 91.5

Certain network request objects were freed too early when releasing a network request handle. This could have lead to a use-after-

8.8HIGH

CVE-2022-22739

< 91.5

Malicious websites could have tricked users into accepting launching a program to handle an external URL protocol. This vulnerabil

6.5MEDIUM

CVE-2022-22738

< 91.5

Applying a CSS filter effect could have accessed out of bounds memory. This could have lead to a heap-buffer-overflow causing a po

8.8HIGH

CVE-2022-22737

< 91.5

Constructing audio sinks could have lead to a race condition when playing audio files and closing windows. This could have lead to

7.5HIGH

CVE-2022-1802

< 91.9.1

If an attacker was able to corrupt the methods of an Array object in JavaScript via prototype pollution, they could have achieved

8.8HIGH

CVE-2022-1529

< 91.9.1

An attacker could have sent a message to the parent process where the contents were used to double-index into a JavaScript object,

8.8HIGH

CVE-2022-1196

< 91.8

After a VR Process is destroyed, a reference to it may have been retained and used, leading to a use-after-free and potentially ex

6.5MEDIUM

CVE-2022-1097

< 91.8

NSSToken objects were referenced via direct points, and could have been accessed in an unsafe way on different threads, leading to

6.5MEDIUM

CVE-2021-4140

< 91.5

It was possible to construct specific XSLT markup that would be able to bypass an iframe sandbox. This vulnerability affects Firef

10.0CRITICAL

CVE-2021-4129

< 91.4.0

Mozilla developers and community members Julian Hector, Randell Jesup, Gabriele Svelto, Tyson Smith, Christian Holler, and Masayuk

9.8CRITICAL

CVE-2021-4127

< 78.9.0

An out of date graphics library (Angle) likely contained vulnerabilities that could potentially be exploited. This vulnerability a

9.8CRITICAL

CVE-2021-43546

< 91.4.0

It was possible to recreate previous cursor spoofing attacks against users with a zoomed native cursor. This vulnerability affects

4.3MEDIUM

CVE-2021-43545

< 91.4.0

Using the Location API in a loop could have caused severe application hangs and crashes. This vulnerability affects Thunderbird <

6.5MEDIUM

CVE-2021-43543

< 91.4.0

Documents loaded with the CSP sandbox directive could have escaped the sandbox's script restriction by embedding additional conten

6.1MEDIUM

CVE-2021-43542

< 91.4.0

Using XMLHttpRequest, an attacker could have identified installed applications by probing error messages for loading external prot

6.5MEDIUM

CVE-2021-43541

< 91.4.0

When invoking protocol handlers for external protocols, a supplied parameter URL containing spaces was not properly escaped. This

6.5MEDIUM

CVE-2021-43539

< 91.4.0

Failure to correctly record the location of live pointers across wasm instance calls resulted in a GC occurring within the call no

8.8HIGH

CVE-2021-43538

< 91.4.0

By misusing a race in our notification code, an attacker could have forcefully hidden the notification for pages that had received

4.3MEDIUM

CVE-2021-43537

< 91.4.0

An incorrect type conversion of sizes from 64bit to 32bit integers allowed an attacker to corrupt memory leading to a potentially

8.8HIGH

CVE-2021-43536

< 91.4.0

Under certain circumstances, asynchronous functions could have caused a navigation to fail but expose the target URL. This vulnera

6.5MEDIUM

CVE-2021-43535

< 91.3.0

A use-after-free could have occured when an HTTP2 session object was released on a different thread, leading to memory corruption

8.8HIGH

CVE-2021-43534

< 91.3.0

Mozilla developers and community members reported memory safety bugs present in Firefox 93 and Firefox ESR 91.2. Some of these bug

8.8HIGH

CVE-2021-38510

< 91.3.0

The executable file warning was not presented when downloading .inetloc files, which, due to a flaw in Mac OS, can run commands on

8.8HIGH

CVE-2021-38509

< 91.3.0

Due to an unusual sequence of attacker-controlled events, a Javascript alert() dialog with arbitrary (although unstyled) contents

4.3MEDIUM

CVE-2021-38508

< 91.3.0

By displaying a form validity message in the correct location at the same time as a permission prompt (such as for geolocation), t

4.3MEDIUM

CVE-2021-38507

< 91.3.0

The Opportunistic Encryption feature of HTTP2 (RFC 8164) allows a connection to be transparently upgraded to TLS while retaining t

6.5MEDIUM

CVE-2021-38506

< 91.3.0

Through a series of navigations, Firefox could have entered fullscreen mode without notification or warning to the user. This coul

4.3MEDIUM

CVE-2021-38505

< 91.3.0

Microsoft introduced a new feature in Windows 10 known as Cloud Clipboard which, if enabled, will record data copied to the clipbo

6.5MEDIUM

CVE-2021-38504

< 91.3.0

When interacting with an HTML input element's file picker dialog with webkitdirectory set, a use-after-free could have resulted, l

8.8HIGH

CVE-2021-38503

< 91.3

The iframe sandbox rules were not correctly applied to XSLT stylesheets, allowing an iframe to bypass restrictions such as executi

10.0CRITICAL

CVE-2021-38501

< 91.2

Mozilla developers reported memory safety bugs present in Firefox 92 and Firefox ESR 91.1. Some of these bugs showed evidence of m

8.8HIGH

CVE-2021-38500

< 78.15

Mozilla developers reported memory safety bugs present in Firefox 92 and Firefox ESR 91.1. Some of these bugs showed evidence of m

8.8HIGH

CVE-2021-38498

< 91.2

During process shutdown, a document could have caused a use-after-free of a languages service object, leading to memory corruption

7.5HIGH

CVE-2021-38497

< 91.2

Through use of reportValidity() and window.open(), a plain-text validation message could have been overlaid on another origin, lea

6.5MEDIUM

CVE-2021-38496

< 78.15

During operations on MessageTasks, a task may have been removed while it was still scheduled, resulting in memory corruption and a

8.8HIGH

CVE-2021-38495

< 91.1

Mozilla developers reported memory safety bugs present in Thunderbird 78.13.0. Some of these bugs showed evidence of memory corrup

8.8HIGH

CVE-2021-38493

< 78.14

Mozilla developers reported memory safety bugs present in Firefox 91 and Firefox ESR 78.13. Some of these bugs showed evidence of

8.8HIGH

CVE-2021-38492

< 78.14

When delegating navigations to the operating system, Firefox would accept the mk scheme which might allow attackers to launch pa

6.5MEDIUM

CVE-2021-29989

< 78.13.0

Mozilla developers reported memory safety bugs present in Firefox 90 and Firefox ESR 78.12. Some of these bugs showed evidence of

8.8HIGH

CVE-2021-29988

< 78.13.0

Firefox incorrectly treated an inline list-item element as a block element, resulting in an out of bounds read or memory corruptio

8.8HIGH

CVE-2021-29986

< 78.13.0

A suspected race condition when calling getaddrinfo led to memory corruption and a potentially exploitable crash. *Note: This issu

8.1HIGH

CVE-2021-29985

< 78.13.0

A use-after-free vulnerability in media channels could have led to memory corruption and a potentially exploitable crash. This vul

8.8HIGH

CVE-2021-29984

< 78.13.0

Instruction reordering resulted in a sequence of instructions that would cause an object to be incorrectly considered during garba

8.8HIGH

CVE-2021-29980

< 78.13.0

Uninitialized memory in a canvas object could have caused an incorrect free() leading to memory corruption and a potentially explo

8.8HIGH

CVE-2021-29976

< 78.12

Mozilla developers reported memory safety bugs present in code shared between Firefox and Thunderbird. Some of these bugs showed e

8.8HIGH

CVE-2021-29970

< 78.12

A malicious webpage could have triggered a use-after-free, memory corruption, and a potentially exploitable crash. *This bug could

8.8HIGH

CVE-2021-29967

< 78.11

Mozilla developers reported memory safety bugs present in Firefox 88 and Firefox ESR 78.11. Some of these bugs showed evidence of

8.8HIGH

CVE-2021-29964

< 78.11

A locally-installed hostile program could send WM_COPYDATA messages that Firefox would process incorrectly, leading to an out-of

7.1HIGH

CVE-2021-29955

< 78.9

A transient execution vulnerability, named Floating Point Value Injection (FPVI) allowed an attacker to leak arbitrary memory addr

5.3MEDIUM

CVE-2021-29951

< 78.10.1

The Mozilla Maintenance Service granted SERVICE_START access to BUILTIN|Users which, in a domain network, grants normal remote use

6.5MEDIUM

CVE-2021-29946

< 78.10

Ports that were written as an integer overflow above the bounds of a 16-bit integer could have bypassed port blocking restrictions

8.8HIGH

CVE-2021-29945

< 78.10

The WebAssembly JIT could miscalculate the size of a return type, which could lead to a null read and result in a crash. *Note: Th

6.5MEDIUM

CVE-2021-24002

< 78.10

When a user clicked on an FTP URL containing encoded newline characters (%0A and %0D), the newlines would have been interpreted as

8.8HIGH

CVE-2021-23999

< 78.10

If a Blob URL was loaded through some unusual user interaction, it could have been loaded by the System Principal and granted addi

8.8HIGH

CVE-2021-23998

< 78.10

Through complicated navigations with new windows, an HTTP page could have inherited a secure lock icon from an HTTPS page. This vu

6.5MEDIUM

CVE-2021-23995

< 78.10

When Responsive Design Mode was enabled, it used references to objects that were previously freed. We presume that with enough eff

8.8HIGH

CVE-2021-23994

< 78.10

A WebGL framebuffer was not initialized early enough, resulting in memory corruption and an out of bound write. This vulnerability

8.8HIGH

CVE-2021-23987

< 78.9

Mozilla developers and community members reported memory safety bugs present in Firefox 86 and Firefox ESR 78.8. Some of these bug

8.8HIGH

CVE-2021-23984

< 78.9

A malicious extension could have opened a popup window lacking an address bar. The title of the popup lacking an address bar shoul

6.5MEDIUM

CVE-2021-23982

< 78.9

Using techniques that built on the slipstream research, a malicious webpage could have scanned both an internal network's hosts as

6.5MEDIUM

CVE-2021-23981

< 78.9

A texture upload of a Pixel Buffer Object could have confused the WebGL code to skip binding the buffer used to unpack it, resulti

8.1HIGH

CVE-2021-23978

< 78.8

Mozilla developers reported memory safety bugs present in Firefox 85 and Firefox ESR 78.7. Some of these bugs showed evidence of m

8.8HIGH

CVE-2021-23964

< 78.7

Mozilla developers reported memory safety bugs present in Firefox 84 and Firefox ESR 78.6. Some of these bugs showed evidence of m

8.8HIGH

CVE-2021-23960

< 78.7

Performing garbage collection on re-declared JavaScript variables resulted in a user-after-poison, and a potentially exploitable c

8.8HIGH

CVE-2021-23954

< 78.7

Using the new logical assignment operators in a JavaScript switch statement could have caused a type confusion, leading to a memor

8.8HIGH

CVE-2021-23953

< 78.7

If a user clicked into a specifically crafted PDF, the PDF reader could be confused into leaking cross-origin information, when sa

4.3MEDIUM

CVE-2021-23973

< 78.8

When trying to load a cross-origin resource in an audio/video context a decoding error may have resulted, and the content of that

6.5MEDIUM

CVE-2021-23969

< 78.8

As specified in the W3C Content Security Policy draft, when creating a violation report, "User agents need to ensure that the sour

4.3MEDIUM

CVE-2021-23968

< 78.8

If Content Security Policy blocked frame navigation, the full destination of a redirect served in the frame was reported in the vi

4.3MEDIUM

CVE-2020-35113

< 78.6.0

Mozilla developers reported memory safety bugs present in Firefox 83 and Firefox ESR 78.5. Some of these bugs showed evidence of m

8.8HIGH

CVE-2020-35112

< 78.6.0

If a user downloaded a file lacking an extension on Windows, and then "Open"-ed it from the downloads panel, if there was an execu

8.8HIGH

CVE-2020-35111

< 78.6.0

When an extension with the proxy permission registered to receive <all_urls>, the proxy.onRequest callback was not triggered for v

4.3MEDIUM

CVE-2020-26978

< 78.6.0

Using techniques that built on the slipstream research, a malicious webpage could have exposed both an internal network's hosts as

6.1MEDIUM

CVE-2020-26974

< 78.6.0

When flex-basis was used on a table wrapper, a StyleGenericFlexBasis object could have been incorrectly cast to the wrong type. Th

8.8HIGH

CVE-2020-26973

< 78.6.0

Certain input to the CSS Sanitizer confused it, resulting in incorrect components being removed. This could have been used as a sa

8.8HIGH

CVE-2020-26971

< 78.6.0

Certain blit values provided by the user were not properly constrained leading to a heap buffer overflow on some video drivers. Th

8.8HIGH

CVE-2020-26968

< 78.5

Mozilla developers reported memory safety bugs present in Firefox 82 and Firefox ESR 78.4. Some of these bugs showed evidence of m

8.8HIGH

CVE-2020-26966

< 78.5

Searching for a single word from the address bar caused an mDNS request to be sent on the local network searching for a hostname c

6.5MEDIUM

CVE-2020-26965

< 78.5

Some websites have a feature "Show Password" where clicking a button will change a password field into a textbook field, revealing

6.5MEDIUM

CVE-2020-26961

< 78.5

When DNS over HTTPS is in use, it intentionally filters RFC1918 and related IP ranges from the responses as these do not make sens

6.5MEDIUM

CVE-2020-26960

< 78.5

If the Compact() method was called on an nsTArray, the array could have been reallocated without updating other pointers, leading

8.8HIGH

CVE-2020-26959

< 78.5

During browser shutdown, reference decrementing could have occured on a previously freed object, resulting in a use-after-free, me

8.8HIGH

CVE-2020-26958

< 78.5

Firefox did not block execution of scripts with incorrect MIME types when the response was intercepted and cached through a Servic

6.1MEDIUM

CVE-2020-26956

< 78.5

In some cases, removing HTML elements during sanitization would keep existing SVG event handlers and therefore lead to XSS. This v

6.1MEDIUM

CVE-2020-26953

< 78.5

It was possible to cause the browser to enter fullscreen mode without displaying the security UI; thus making it possible to attem

4.3MEDIUM

CVE-2020-26951

< 78.5

A parsing and event loading mismatch in Firefox's SVG code could have allowed load events to fire, even after sanitization. An att

6.1MEDIUM

CVE-2020-26950

< 78.4.1

In certain circumstances, the MCallGetProperty opcode can be emitted with unmet assumptions resulting in an exploitable use-after-

8.8HIGH

CVE-2020-15683

< 78.4

Mozilla developers and community members reported memory safety bugs present in Firefox 81 and Firefox ESR 78.3. Some of these bug

9.8CRITICAL

CVE-2020-15678

< 78.3

When recursing through graphical layers while scrolling, an iterator may have become invalid, resulting in a potential use-after-f

8.8HIGH

CVE-2020-15677

< 78.3

By exploiting an Open Redirect vulnerability on a website, an attacker could have spoofed the site displayed in the download file

6.1MEDIUM

CVE-2020-15676

< 78.3

Firefox sometimes ran the onload handler for SVG elements that the DOM sanitizer decided to remove, resulting in JavaScript being

6.1MEDIUM

CVE-2020-15673

< 78.3

Mozilla developers reported memory safety bugs present in Firefox 80 and Firefox ESR 78.2. Some of these bugs showed evidence of m

8.8HIGH

CVE-2020-15670

< 78.2

Mozilla developers reported memory safety bugs present in Firefox for Android 79. Some of these bugs showed evidence of memory cor

8.8HIGH

CVE-2020-15669

< 68.12

When aborting an operation, such as a fetch, an abort signal may be deleted while alerting the objects to be notified. This result

8.8HIGH

CVE-2020-15664

< 68.12

By holding a reference to the eval() function from an about:blank window, a malicious webpage could have gained access to the Inst

6.5MEDIUM

CVE-2020-15663

>= 68.0 and < 68.12

If Firefox is installed to a user-writable directory, the Mozilla Maintenance Service would execute updater.exe from the install l

8.8HIGH

CVE-2020-15659

< 68.11

Mozilla developers and community members reported memory safety bugs present in Firefox 78 and Firefox ESR 78.0. Some of these bug

8.8HIGH

CVE-2020-15658

< 78.1

The code for downloading files did not properly take care of special characters, which led to an attacker being able to cut off th

6.5MEDIUM

CVE-2020-15657

< 78.1

Firefox could be made to load attacker-supplied DLL files from the installation directory. This required an attacker that is alrea

7.8HIGH

CVE-2020-15656

< 78.1

JIT optimizations involving the Javascript arguments object could confuse later optimizations. This risk was already mitigated by

8.8HIGH

CVE-2020-15655

< 78.1

A redirected HTTP request which is observed or modified through a web extension could bypass existing CORS checks, leading to pote

6.5MEDIUM

CVE-2020-15654

< 78.1

When in an endless loop, a website specifying a custom cursor using CSS could make it look like the user is interacting with the u

6.5MEDIUM

CVE-2020-15653

< 78.1

An iframe sandbox element with the allow-popups flag could be bypassed when using noopener links. This could have led to security

6.5MEDIUM

CVE-2020-15652

< 68.11

By observing the stack trace for JavaScript errors in web workers, it was possible to leak the result of a cross-origin redirect.

6.5MEDIUM

CVE-2020-15650

< 68.11

Given an installed malicious file picker application, an attacker was able to overwrite local files and thus overwrite Firefox set

5.5MEDIUM

CVE-2020-15649

< 68.11

Given an installed malicious file picker application, an attacker was able to steal and upload local files of their choosing, rega

5.5MEDIUM

CVE-2020-12421

< 68.10.0

When performing add-on updates, certificate chains terminating in non-built-in-roots were rejected (even if they were legitimately

6.5MEDIUM

CVE-2020-12420

< 68.10.0

When trying to connect to a STUN server, a race condition could have caused a use-after-free of a pointer, leading to memory corru

8.8HIGH

CVE-2020-12419

< 68.10

When processing callbacks that occurred during window flushing in the parent process, the associated window may die; causing a use

8.8HIGH

CVE-2020-12418

< 68.10

Manipulating individual parts of a URL object could have caused an out-of-bounds read, leaking process memory to malicious JavaScr

6.5MEDIUM

CVE-2020-12417

< 68.10.0

Due to confusion about ValueTags on JavaScript Objects, an object may pass through the type barrier, resulting in memory corruptio

8.8HIGH

CVE-2020-12410

< 68.8.0

Mozilla developers reported memory safety bugs present in Firefox 76 and Firefox ESR 68.8. Some of these bugs showed evidence of m

8.8HIGH

CVE-2020-12406

< 68.9.0

Mozilla Developer Iain Ireland discovered a missing type check during unboxed objects removal, resulting in a crash. We presume th

8.8HIGH

CVE-2020-12405

< 68.9.0

When browsing a malicious page, a race condition in our SharedWorkerService could occur and lead to a potentially exploitable cras

5.3MEDIUM

CVE-2020-12399

< 68.9.0

NSS has shown timing differences when performing DSA signatures, which was exploitable and could eventually leak private keys. Thi

4.4MEDIUM

CVE-2020-6831

< 68.8.0

A buffer overflow could occur when parsing and validating SCTP chunks in WebRTC. This could have led to memory corruption and a po

9.8CRITICAL

CVE-2020-12392

< 68.8.0

The 'Copy as cURL' feature of Devtools' network tab did not properly escape the HTTP POST data of a request, which can be controll

5.5MEDIUM

CVE-2020-12389

< 68.8.0

The Firefox content processes did not sufficiently lockdown access control which could result in a sandbox escape. *Note: this iss

10.0CRITICAL

CVE-2020-12388

< 68.8.0

The Firefox content processes did not sufficiently lockdown access control which could result in a sandbox escape. *Note: this iss

10.0CRITICAL

CVE-2020-12387

< 68.8.0

A race condition when running shutdown code for Web Worker led to a use-after-free vulnerability. This resulted in a potentially e

8.1HIGH

CVE-2020-12395

< 68.8.0

Mozilla developers and community members reported memory safety bugs present in Firefox 75 and Firefox ESR 68.7. Some of these bug

9.8CRITICAL

CVE-2020-12393

< 68.8.0

The 'Copy as cURL' feature of Devtools' network tab did not properly escape the HTTP method of a request, which can be controlled

7.8HIGH

CVE-2020-6828

< 68.7.0

A malicious Android application could craft an Intent that would have been processed by Firefox for Android and potentially result

7.5HIGH

CVE-2020-6827

< 68.7.0

When following a link that opened an intent://-schemed URL, causing a custom tab to be opened, Firefox for Android could be tricke

4.7MEDIUM

CVE-2020-6825

< 68.7.0

Mozilla developers and community members Tyson Smith and Christian Holler reported memory safety bugs present in Firefox 74 and Fi

9.8CRITICAL

CVE-2020-6822

< 68.7.0

On 32-bit builds, an out of bounds write could have occurred when processing an image larger than 4 GB in GMPDecodeData. It is pos

8.8HIGH

CVE-2020-6821

< 68.7.0

When reading from areas partially or fully outside the source resource with WebGL's copyTexSubImage method, the specification requ

7.5HIGH

CVE-2020-6814

< 68.6.0

Mozilla developers reported memory safety bugs present in Firefox and Thunderbird 68.5. Some of these bugs showed evidence of memo

9.8CRITICAL

CVE-2020-6812

< 68.6.0

The first time AirPods are connected to an iPhone, they become named after the user's name by default (e.g. Jane Doe's AirPods.) W

5.3MEDIUM

CVE-2020-6811

< 68.6.0

The 'Copy as cURL' feature of Devtools' network tab did not properly escape the HTTP method of a request, which can be controlled

8.8HIGH

CVE-2020-6807

< 68.6.0

When a device was changed while a stream was about to be destroyed, the stream-reinit task may have been executed after the stream

8.8HIGH

CVE-2020-6806

< 68.6.0

By carefully crafting promise resolutions, it was possible to cause an out-of-bounds read off the end of an array resized during s

8.8HIGH

CVE-2020-6805

< 68.6.0

When removing data about an origin whose tab was recently closed, a use-after-free could occur in the Quota manager, resulting in

8.8HIGH

CVE-2020-6800

< 68.5.0

Mozilla developers and community members reported memory safety bugs present in Firefox 72 and Firefox ESR 68.4. Some of these bug

8.8HIGH

CVE-2020-6799

< 68.5.0

Command line arguments could have been injected during Firefox invocation as a shell handler for certain unsupported file types. T

8.8HIGH

CVE-2020-6798

< 68.5.0

If a template tag was used in a select tag, the parser could be confused and allow JavaScript parsing and execution when it should

6.1MEDIUM

CVE-2020-6797

< 68.5.0

By downloading a file with the .fileloc extension, a semi-privileged extension could launch an arbitrary application on the user's

4.3MEDIUM

CVE-2020-6796

< 68.5.0

A content process could have modified shared memory relating to crash reporting information, crash itself, and cause an out-of-bou

8.8HIGH

CVE-2019-17024

< 68.4

Mozilla developers reported memory safety bugs present in Firefox 71 and Firefox ESR 68.3. Some of these bugs showed evidence of m

8.8HIGH

CVE-2019-17022

< 68.4

When pasting a &lt;style&gt; tag from the clipboard into a rich text editor, the CSS sanitizer does not escape &lt; and &gt; chara

6.1MEDIUM

CVE-2019-17021

< 68.4

During the initialization of a new content process, a race condition occurs that can allow a content process to disclose heap addr

5.3MEDIUM

CVE-2019-17017

< 68.4

Due to a missing case handling object types, a type confusion vulnerability could occur, resulting in a crash. We presume that wit

8.8HIGH

CVE-2019-17016

< 68.4

When pasting a &lt;style&gt; tag from the clipboard into a rich text editor, the CSS sanitizer incorrectly rewrites a @namespace r

6.1MEDIUM

CVE-2019-17015

< 68.4

During the initialization of a new content process, a pointer offset can be manipulated leading to memory corruption and a potenti

8.8HIGH

CVE-2019-17012

< 68.3

Mozilla developers reported memory safety bugs present in Firefox 70 and Firefox ESR 68.2. Some of these bugs showed evidence of m

8.8HIGH

CVE-2019-17011

< 68.3

Under certain conditions, when retrieving a document from a DocShell in the antitracking code, a race condition could cause a use-

7.5HIGH

CVE-2019-17010

< 68.3

Under certain conditions, when checking the Resist Fingerprinting preference during device orientation checks, a race condition co

7.5HIGH

CVE-2019-17009

< 68.3

When running, the updater service wrote status and log files to an unrestricted location; potentially allowing an unprivileged pro

7.8HIGH

CVE-2019-17008

< 68.3

When using nested workers, a use-after-free could occur during worker destruction. This resulted in a potentially exploitable cras

8.8HIGH

CVE-2019-17005

< 68.3

The plain text serializer used a fixed-size array for the number of <ol> elements it could process; however it was possible to ove

8.8HIGH

CVE-2019-11764

< 68.2

Mozilla developers and community members reported memory safety bugs present in Firefox 69 and Firefox ESR 68.1. Some of these bug

8.8HIGH

CVE-2019-11763

< 68.2

Failure to correctly handle null bytes when processing HTML entities resulted in Firefox incorrectly parsing these entities. This

6.1MEDIUM

CVE-2019-11762

< 68.2

If two same-origin documents set document.domain differently to become cross-origin, it was possible for them to call arbitrary DO

6.1MEDIUM

CVE-2019-11761

< 68.2

By using a form with a data URI it was possible to gain access to the privileged JSONView object that had been cloned into content

5.4MEDIUM

CVE-2019-11760

< 68.2

A fixed-size stack buffer could overflow in nrappkit when doing WebRTC signaling. This resulted in a potentially exploitable crash

8.8HIGH

CVE-2019-11759

< 68.2

An attacker could have caused 4 bytes of HMAC output to be written past the end of a buffer stored on the stack. This could be use

8.8HIGH

CVE-2019-11758

< 68.2

Mozilla community member Philipp reported a memory safety bug present in Firefox 68 when 360 Total Security was installed. This bu

8.8HIGH

CVE-2019-11757

< 68.2

When following the value's prototype chain, it was possible to retain a reference to a locale, delete it, and subsequently referen

8.8HIGH

CVE-2019-11745

< 68.3

When encrypting with a block cipher, if a call to NSC_EncryptUpdate was made with data smaller than the block size, a small out of

8.8HIGH

CVE-2019-11753

>= 68.0 and < 68.1.0

The Firefox installer allows Firefox to be installed to a custom user writable location, leaving it unprotected from manipulation

7.8HIGH

CVE-2019-11752

>= 68.0 and < 68.1.0

It is possible to delete an IndexedDB key value and subsequently try to extract it during conversion. This results in a use-after-

8.8HIGH

CVE-2019-11751

< 68.1.0

Logging-related command line parameters are not properly sanitized when Firefox is launched by another program, such as when a use

8.8HIGH

CVE-2019-11750

< 68.1.0

A type confusion vulnerability exists in Spidermonkey, which results in a non-exploitable crash. This vulnerability affects Firefo

6.5MEDIUM

CVE-2019-11749

< 68.1.0

A vulnerability exists in WebRTC where malicious web content can use probing techniques on the getUserMedia API using constraints

4.3MEDIUM

CVE-2019-11748

< 68.1.0

WebRTC in Firefox will honor persisted permissions given to sites for access to microphone and camera resources even when in a thi

6.5MEDIUM

CVE-2019-11747

< 68.1.0

The "Forget about this site" feature in the History pane is intended to remove all saved user data that indicates a user has visit

6.5MEDIUM

CVE-2019-11746

>= 68.0 and < 68.1.0

A use-after-free vulnerability can occur while manipulating video elements if the body is freed while still in use. This results i

8.8HIGH

CVE-2019-11743

>= 68.0 and < 68.1.0

Navigation events were not fully adhering to the W3C's "Navigation-Timing Level 2" draft specification in some instances for the u

3.7LOW

CVE-2019-11742

>= 68.0 and < 68.1.0

A same-origin policy violation occurs allowing the theft of cross-origin images through a combination of SVG filters and a &lt;can

6.5MEDIUM

CVE-2019-11740

>= 68.0 and < 68.1.0

Mozilla developers and community members reported memory safety bugs present in Firefox 68, Firefox ESR 68, and Firefox 60.8. Some

8.8HIGH

CVE-2019-11738

< 68.1.0

If a Content Security Policy (CSP) directive is defined that uses a hash-based source that takes the empty string as input, execut

6.3MEDIUM

CVE-2019-11736

< 68.1.0

The Mozilla Maintenance Service does not guard against files being hardlinked to another file in the updates directory, allowing f

7.0HIGH

CVE-2019-11735

< 68.1.0

Mozilla developers and community members reported memory safety bugs present in Firefox 68 and Firefox ESR 68. Some of these bugs

8.8HIGH

CVE-2019-9820

< 60.7

A use-after-free vulnerability can occur in the chrome event handler when it is freed while still in use. This results in a potent

9.8CRITICAL

CVE-2019-9819

< 60.7

A vulnerability where a JavaScript compartment mismatch can occur while working with the fetch API, resulting in a potentially exp

9.8CRITICAL

CVE-2019-9818

< 60.7

A race condition is present in the crash generation server used to generate data for the crash reporter. This issue can lead to a

8.3HIGH

CVE-2019-9817

< 60.7

Images from a different domain can be read using a canvas object in some circumstances. This could be used to steal image data fro

5.3MEDIUM

CVE-2019-9816

< 60.7

A possible vulnerability exists where type confusion can occur when manipulating JavaScript objects in object groups, allowing for

5.9MEDIUM

CVE-2019-9815

< 60.7

If hyperthreading is not disabled, a timing attack vulnerability exists, similar to previous Spectre attacks. Apple has shipped ma

8.1HIGH

CVE-2019-9811

< 60.8

As part of a winning Pwn2Own entry, a researcher demonstrated a sandbox escape by installing a malicious language pack and then op

8.3HIGH

CVE-2019-9800

< 60.7

Mozilla developers and community members reported memory safety bugs present in Firefox 66, Firefox ESR 60.6, and Thunderbird 60.6

9.8CRITICAL

CVE-2019-11730

< 60.8

A vulnerability exists where if a user opens a locally saved HTML file, this file can use file: URIs to access other files in the

6.5MEDIUM

CVE-2019-11691

< 60.7

A use-after-free vulnerability can occur when working with XMLHttpRequest (XHR) in an event loop, causing the XHR main thread to b

9.8CRITICAL

CVE-2019-9801

< 60.6

Firefox will accept any registered Program ID as an external protocol handler and offer to launch this local application when give

5.3MEDIUM

CVE-2019-9795

< 60.6

A vulnerability where type-confusion in the IonMonkey just-in-time (JIT) compiler could potentially be used by malicious JavaScrip

9.8CRITICAL

CVE-2019-9793

< 60.6

A mechanism was discovered that removes some bounds checking for string, array, or typed array accesses if Spectre mitigations hav

5.9MEDIUM

CVE-2018-18499

< 60.2

A same-origin policy violation allowing the theft of cross-origin URL entries when using a meta http-equiv="refresh" on a page to

6.5MEDIUM

CVE-2018-18498

< 60.4

A potential vulnerability leading to an integer overflow can occur during buffer size calculations for images when a raw value is

9.8CRITICAL

CVE-2018-12396

< 60.3

A vulnerability where a WebExtension can run content scripts in disallowed contexts following navigation or other events. This all

6.5MEDIUM

CVE-2018-12395

< 60.3

By rewriting the Host: request headers using the webRequest API, a WebExtension can bypass domain restrictions through domain fron

7.5HIGH

CVE-2018-12393

< 60.3

A potential vulnerability was found in 32-bit builds where an integer overflow during the conversion of scripts to an internal UTF

7.5HIGH

CVE-2018-12391

< 60.3

During HTTP Live Stream playback on Firefox for Android, audio data can be accessed across origins in violation of security polici

8.8HIGH

CVE-2018-18501

< 60.5

Mozilla developers and community members reported memory safety bugs present in Firefox 64 and Firefox ESR 60.4. Some of these bug

9.8CRITICAL

CVE-2018-18500

< 60.5

A use-after-free vulnerability can occur while parsing an HTML5 stream in concert with custom HTML elements. This results in the s

9.8CRITICAL

CVE-2018-5188

< 52.9

Memory safety bugs present in Firefox 60, Firefox ESR 60, and Firefox ESR 52.8. Some of these bugs showed evidence of memory corru

9.8CRITICAL

CVE-2018-12385

< 60.2.1

A potentially exploitable crash in TransportSecurityInfo used for SSL can be triggered by data stored in the local cache in the us

7.0HIGH

CVE-2018-12383

< 60.2.1

If a user saved passwords before Firefox 58 and then later set a master password, an unencrypted copy of these passwords is still

5.5MEDIUM

CVE-2018-12368

< 52.9

Windows 10 does not warn users before opening executable files with the SettingContent-ms extension even when they have been downl

8.1HIGH

CVE-2018-12366

< 52.9

An invalid grid size during QCMS (color profile) transformations can result in the out-of-bounds read interpreted as a float value

6.5MEDIUM

CVE-2018-12365

< 52.9

A compromised IPC child process can escape the content sandbox and list the names of arbitrary files on the file system without us

6.5MEDIUM

CVE-2018-12364

< 52.9

NPAPI plugins, such as Adobe Flash, can send non-simple cross-origin requests, bypassing CORS by making a same-origin POST that do

8.8HIGH

CVE-2018-12363

< 52.9

A use-after-free vulnerability can occur when script uses mutation events to move DOM nodes between documents, resulting in the ol

8.8HIGH

CVE-2018-12362

< 52.9

An integer overflow can occur during graphics operations done by the Supplemental Streaming SIMD Extensions 3 (SSSE3) scaler, resu

8.8HIGH

CVE-2018-12361

< 60.1

An integer overflow can occur in the SwizzleData code while calculating buffer sizes. The overflowed value is used for subsequent

8.8HIGH

CVE-2018-12360

< 52.9

A use-after-free vulnerability can occur when deleting an input element during a mutation event handler triggered by focusing that

8.8HIGH

CVE-2018-12359

< 52.9

A buffer overflow can occur when rendering canvas content while adjusting the height and width of the canvas element dynamically,

8.8HIGH

CVE-2017-7787

< 52.3

Same-origin policy protections can be bypassed on pages with embedded iframes during page reloads, allowing the iframes to access

7.5HIGH

CVE-2017-7786

< 52.3

A buffer overflow can occur when the image renderer attempts to paint non-displayable SVG elements. This results in a potentially

9.8CRITICAL

CVE-2017-7784

< 52.3

A use-after-free vulnerability can occur when reading an image observer during frame reconstruction after the observer has been fr

9.8CRITICAL

CVE-2017-5467

< 52.1

A potential memory corruption and crash when using Skia content when drawing content outside of the bounds of a clipping region. T

7.5HIGH

CVE-2017-5428

< 52.0.1

An integer overflow in "createImageBitmap()" was reported through the Pwn2Own contest. The fix for this vulnerability disables the

9.8CRITICAL

CVE-2016-9897

< 45.6

Memory corruption resulting in a potentially exploitable crash during WebGL functions using a vector constructor with a varying ar

7.5HIGH

CVE-2015-2743

all versions

PDF.js in Mozilla Firefox before 39.0 and Firefox ESR 31.x before 31.8 and 38.x before 38.1 enables excessive privileges for inter

CVE-2015-2741

all versions

Mozilla Firefox before 39.0, Firefox ESR 38.x before 38.1, and Thunderbird before 38.1 do not enforce key pinning upon encounterin

CVE-2015-2740

all versions

Buffer overflow in the nsXMLHttpRequest::AppendToResponseText function in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.

CVE-2015-2739

all versions

The ArrayBufferBuilder::append function in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and Thu

CVE-2015-2738

all versions

The YCbCrImageDataDeserializer::ToDataSourceSurface function in the YCbCr implementation in Mozilla Firefox before 39.0, Firefox E

CVE-2015-2737

all versions

The rx::d3d11::SetBufferData function in the Direct3D 11 implementation in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31

CVE-2015-2736

all versions

The nsZipArchive::BuildFileList function in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and Th

CVE-2015-2735

all versions

nsZipArchive.cpp in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and Thunderbird before 38.1 ac

CVE-2015-2734

all versions

The CairoTextureClientD3D9::BorrowDrawTarget function in the Direct3D 9 implementation in Mozilla Firefox before 39.0, Firefox ESR

CVE-2015-2733

all versions

Use-after-free vulnerability in the CanonicalizeXPCOMParticipant function in Mozilla Firefox before 39.0 and Firefox ESR 31.x befo

CVE-2015-2731

all versions

Use-after-free vulnerability in the CSPService::ShouldLoad function in the microtask implementation in Mozilla Firefox before 39.0

CVE-2015-2729

all versions

The AudioParamTimeline::AudioNodeInputValue function in the Web Audio implementation in Mozilla Firefox before 39.0 and Firefox ES

CVE-2015-2728

all versions

The IndexedDatabaseManager class in the IndexedDB implementation in Mozilla Firefox before 39.0 and Firefox ESR 31.x before 31.8 a

CVE-2015-2725

all versions

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 39.0, Firefox ESR 38.x before 38.1, and Thund

CVE-2015-2724

all versions

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x b

CVE-2015-2722

all versions

Use-after-free vulnerability in the CanonicalizeXPCOMParticipant function in Mozilla Firefox before 39.0 and Firefox ESR 31.x befo

CVE-2015-4000

all versions

The TLS protocol 1.2 and earlier, when a DHE_EXPORT ciphersuite is enabled on a server but not on a client, does not properly conv

3.7LOW

CVE-2015-2716

all versions

Buffer overflow in the XML parser in Mozilla Firefox before 38.0, Firefox ESR 31.x before 31.7, and Thunderbird before 31.7 allows

CVE-2015-2713

all versions

Use-after-free vulnerability in the SetBreaks function in Mozilla Firefox before 38.0, Firefox ESR 31.x before 31.7, and Thunderbi

CVE-2015-2710

all versions

Heap-based buffer overflow in the SVGTextFrame class in Mozilla Firefox before 38.0, Firefox ESR 31.x before 31.7, and Thunderbird

CVE-2015-2708

all versions

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 38.0, Firefox ESR 31.x before 31.7, and Thund

CVE-2015-0807

all versions

The navigator.sendBeacon implementation in Mozilla Firefox before 37.0, Firefox ESR 31.x before 31.6, and Thunderbird before 31.6

CVE-2015-0801

all versions

Mozilla Firefox before 37.0, Firefox ESR 31.x before 31.6, and Thunderbird before 31.6 allow remote attackers to bypass the Same O

CVE-2015-0818

all versions

Mozilla Firefox before 36.0.4, Firefox ESR 31.x before 31.5.3, and SeaMonkey before 2.33.1 allow remote attackers to bypass the Sa

CVE-2015-0817

all versions

The asm.js implementation in Mozilla Firefox before 36.0.3, Firefox ESR 31.x before 31.5.2, and SeaMonkey before 2.33.1 does not p

CVE-2015-0836

all versions

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 36.0, Firefox ESR 31.x before 31.5, and Thund

CVE-2015-0833

all versions

Multiple untrusted search path vulnerabilities in updater.exe in Mozilla Firefox before 36.0, Firefox ESR 31.x before 31.5, and Th

CVE-2015-0831

all versions

Use-after-free vulnerability in the mozilla::dom::IndexedDB::IDBObjectStore::CreateIndex function in Mozilla Firefox before 36.0,

CVE-2015-0827

all versions

Heap-based buffer overflow in the mozilla::gfx::CopyRect function in Mozilla Firefox before 36.0, Firefox ESR 31.x before 31.5, an

CVE-2015-0822

all versions

The Form Autocompletion feature in Mozilla Firefox before 36.0, Firefox ESR 31.x before 31.5, and Thunderbird before 31.5 allows r

CVE-2014-8641

all versions

Use-after-free vulnerability in the WebRTC implementation in Mozilla Firefox before 35.0, Firefox ESR 31.x before 31.4, and SeaMon

CVE-2014-8639

all versions

Mozilla Firefox before 35.0, Firefox ESR 31.x before 31.4, Thunderbird before 31.4, and SeaMonkey before 2.32 do not properly inte

CVE-2014-8638

all versions

The navigator.sendBeacon implementation in Mozilla Firefox before 35.0, Firefox ESR 31.x before 31.4, Thunderbird before 31.4, and

CVE-2014-8634

all versions

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 35.0, Firefox ESR 31.x before 31.4, Thunderbi

CVE-2014-1595

all versions

Mozilla Firefox before 34.0, Firefox ESR 31.x before 31.3, and Thunderbird before 31.3 on Apple OS X 10.10 omit a CoreGraphics dis

CVE-2014-1568

all versions

Mozilla Network Security Services (NSS) before 3.16.2.1, 3.16.x before 3.16.5, and 3.17.x before 3.17.1, as used in Mozilla Firefo

CVE-2014-1567

all versions

Use-after-free vulnerability in DirectionalityUtils.cpp in Mozilla Firefox before 32.0, Firefox ESR 24.x before 24.8 and 31.x befo

CVE-2014-1562

all versions

Unspecified vulnerability in the browser engine in Mozilla Firefox before 32.0, Firefox ESR 24.x before 24.8 and 31.x before 31.1,

CVE-2014-1557

all versions

The ConvolveHorizontally function in Skia, as used in Mozilla Firefox before 31.0, Firefox ESR 24.x before 24.7, and Thunderbird b

CVE-2014-1556

all versions

Mozilla Firefox before 31.0, Firefox ESR 24.x before 24.7, and Thunderbird before 24.7 allow remote attackers to execute arbitrary

CVE-2014-1555

all versions

Use-after-free vulnerability in the nsDocLoader::OnProgress function in Mozilla Firefox before 31.0, Firefox ESR 24.x before 24.7,

CVE-2014-1551

all versions

Use-after-free vulnerability in the FontTableRec destructor in Mozilla Firefox before 31.0, Firefox ESR 24.x before 24.7, and Thun

CVE-2014-1547

all versions

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 31.0, Firefox ESR 24.x before 24.7, and Thund

CVE-2014-1544

all versions

Use-after-free vulnerability in the CERT_DestroyCertificate function in libnss3.so in Mozilla Network Security Services (NSS) 3.x,

CVE-2014-1541

all versions

Use-after-free vulnerability in the RefreshDriverTimer::TickDriver function in the SMIL Animation Controller in Mozilla Firefox be

CVE-2014-1538

all versions

Use-after-free vulnerability in the nsTextEditRules::CreateMozBR function in Mozilla Firefox before 30.0, Firefox ESR 24.x before

CVE-2014-1533

all versions

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 30.0, Firefox ESR 24.x before 24.6, and Thund

CVE-2012-0462

all versions

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Th

CVE-2012-0460

all versions

Mozilla Firefox 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3

CVE-2012-0459

all versions

The Cascading Style Sheets (CSS) implementation in Mozilla Firefox 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird 5

CVE-2012-0455

all versions

Mozilla Firefox before 3.6.28 and 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird before 3.1.20 and 5.0 through 10.0

CVE-2012-0454

all versions

Use-after-free vulnerability in Mozilla Firefox 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird 5.0 through 10.0, Th

CVE-2012-0451

all versions

CRLF injection vulnerability in Mozilla Firefox 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird 5.0 through 10.0, Th