Home/Product/mozilla firefox
Product

mozilla firefox

500 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
CVE-2026-8401
< 150.0.3
Sandbox escape in the Profile Backup component. This vulnerability was fixed in Firefox 150.0.3, Firefox ESR 115.36, Firefox ESR 1
9.8CRITICAL
 CVE-2026-8391
< 150.0.3
Other issue in the JavaScript Engine component. This vulnerability was fixed in Firefox 150.0.3, Firefox ESR 115.36, Firefox ESR 1
5.3MEDIUM
 CVE-2026-8390
< 150.0.3
Use-after-free in the JavaScript: WebAssembly component. This vulnerability was fixed in Firefox 150.0.3.
7.3HIGH
 CVE-2026-8389
< 150.0.3
JIT miscompilation in the JavaScript Engine: JIT component. This vulnerability was fixed in Firefox 150.0.3.
7.3HIGH
 CVE-2026-8388
< 150.0.3
Incorrect boundary conditions in the JavaScript Engine: JIT component. This vulnerability was fixed in Firefox 150.0.3, Firefox ES
6.5MEDIUM
 CVE-2026-8094
< 140.10.2
Other issue in the WebRTC component. This vulnerability was fixed in Firefox ESR 140.10.2 and Thunderbird 140.10.2.
9.8CRITICAL
 CVE-2026-8093
< 150.0.2
Memory safety bugs present in Firefox 150.0.1. Some of these bugs showed evidence of memory corruption and we presume that with en
8.1HIGH
 CVE-2026-8092
>= 150.0 and < 150.0.2
Memory safety bugs present in Firefox ESR 115.35.1, Firefox ESR 140.10.1 and Firefox 150.0.1. Some of these bugs showed evidence o
8.1HIGH
 CVE-2026-8091
< 115.35.2
Incorrect boundary conditions in the Audio/Video: Playback component. This vulnerability was fixed in Firefox 150, Thunderbird 150
9.8CRITICAL
 CVE-2026-8090
< 150.0.2
Use-after-free in the DOM: Networking component. This vulnerability was fixed in Firefox 150.0.2, Firefox ESR 140.10.2, Firefox ES
7.3HIGH
 CVE-2026-7324
< 150.0.1
Memory safety bugs present in Thunderbird 150.0.0. Some of these bugs showed evidence of memory corruption and we presume that wit
7.3HIGH
 CVE-2026-7323
< 150.0.1
Memory safety bugs present in Thunderbird ESR 140.10.0 and Thunderbird 150.0.0. Some of these bugs showed evidence of memory corru
7.3HIGH
 CVE-2026-7322
< 150.0.1
Memory safety bugs present in Thunderbird ESR 140.10.0 and Thunderbird 150.0.0. Some of these bugs showed evidence of memory corru
7.3HIGH
 CVE-2026-7321
< 150.0
Sandbox escape due to incorrect boundary conditions in the WebRTC: Networking component. This vulnerability was fixed in Firefox 1
9.6CRITICAL
 CVE-2026-7320
< 150.0.1
Information disclosure due to incorrect boundary conditions in the Audio/Video component. This vulnerability was fixed in Firefox
7.5HIGH
 CVE-2026-6786
< 150.0
Memory safety bugs present in Firefox ESR 140.9, Thunderbird ESR 140.9, Firefox 149 and Thunderbird 149. Some of these bugs showed
7.5HIGH
 CVE-2026-6785
< 150.0
Memory safety bugs present in Firefox ESR 115.34, Firefox ESR 140.9, Thunderbird ESR 140.9, Firefox 149 and Thunderbird 149. Some
7.5HIGH
 CVE-2026-6784
< 150.0
Memory safety bugs present in Firefox 149 and Thunderbird 149. Some of these bugs showed evidence of memory corruption and we pres
7.5HIGH
 CVE-2026-6783
< 150.0
Incorrect boundary conditions, integer overflow in the Audio/Video: Playback component. This vulnerability was fixed in Firefox 15
5.3MEDIUM
 CVE-2026-6782
< 150.0
Information disclosure in the IP Protection component. This vulnerability was fixed in Firefox 150 and Thunderbird 150.
7.5HIGH
 CVE-2026-6781
< 150.0
Denial-of-service in the Audio/Video: Playback component. This vulnerability was fixed in Firefox 150 and Thunderbird 150.
7.5HIGH
 CVE-2026-6780
< 150.0
Denial-of-service in the Audio/Video: Playback component. This vulnerability was fixed in Firefox 150 and Thunderbird 150.
7.5HIGH
 CVE-2026-6779
< 150.0
Other issue in the JavaScript Engine component. This vulnerability was fixed in Firefox 150 and Thunderbird 150.
5.3MEDIUM
 CVE-2026-6778
< 150.0
Invalid pointer in the Audio/Video: Playback component. This vulnerability was fixed in Firefox 150 and Thunderbird 150.
5.3MEDIUM
 CVE-2026-6777
< 150.0
Other issue in the Networking: DNS component. This vulnerability was fixed in Firefox 150 and Thunderbird 150.
5.3MEDIUM
 CVE-2026-6776
< 150.0
Incorrect boundary conditions in the WebRTC: Networking component. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10
7.8HIGH
 CVE-2026-6775
< 150.0
Incorrect boundary conditions in the WebRTC component. This vulnerability was fixed in Firefox 150 and Thunderbird 150.
5.3MEDIUM
 CVE-2026-6774
< 150.0
Mitigation bypass in the DOM: Security component. This vulnerability was fixed in Firefox 150 and Thunderbird 150.
5.4MEDIUM
 CVE-2026-6773
< 150.0
Denial-of-service due to integer overflow in the Graphics: WebGPU component. This vulnerability was fixed in Firefox 150 and Thund
7.5HIGH
 CVE-2026-6772
< 150.0
Incorrect boundary conditions in the Libraries component in NSS. This vulnerability was fixed in Firefox 150, Firefox ESR 115.35,
7.5HIGH
 CVE-2026-6771
< 150.0
Mitigation bypass in the DOM: Security component. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150
9.8CRITICAL
 CVE-2026-6770
< 150.0
Other issue in the Storage: IndexedDB component. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150,
6.5MEDIUM
 CVE-2026-6769
< 150.0
Privilege escalation in the Debugger component. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150,
8.8HIGH
 CVE-2026-6768
< 150.0
Mitigation bypass in the Networking: Cookies component. This vulnerability was fixed in Firefox 150 and Thunderbird 150.
9.8CRITICAL
 CVE-2026-6767
< 150.0
Other issue in the Libraries component in NSS. This vulnerability was fixed in Firefox 150, Firefox ESR 115.35, Firefox ESR 140.10
5.3MEDIUM
 CVE-2026-6766
< 150.0
Incorrect boundary conditions in the Libraries component in NSS. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10,
7.5HIGH
 CVE-2026-6765
< 150.0
Information disclosure in the Form Autofill component. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbir
5.3MEDIUM
 CVE-2026-6764
< 150.0
Incorrect boundary conditions in the DOM: Device Interfaces component. This vulnerability was fixed in Firefox 150, Firefox ESR 14
6.5MEDIUM
 CVE-2026-6763
< 150.0
Mitigation bypass in the File Handling component. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150
6.5MEDIUM
 CVE-2026-6762
< 150.0
Spoofing issue in the DOM: Core & HTML component. This vulnerability was fixed in Firefox 150, Firefox ESR 115.35, Firefox ESR 140
6.3MEDIUM
 CVE-2026-6761
< 150.0
Privilege escalation in the Networking component. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150
8.8HIGH
 CVE-2026-6760
< 150.0
Mitigation bypass in the Networking: Cookies component. This vulnerability was fixed in Firefox 150 and Thunderbird 150.
9.8CRITICAL
 CVE-2026-6759
< 150.0
Use-after-free in the Widget: Cocoa component. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150, a
7.5HIGH
 CVE-2026-6758
< 150.0
Use-after-free in the JavaScript: WebAssembly component. This vulnerability was fixed in Firefox 150 and Thunderbird 150.
7.5HIGH
 CVE-2026-6757
< 150.0
Invalid pointer in the JavaScript: WebAssembly component. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunder
6.3MEDIUM
 CVE-2026-6756
< 150.0
Mitigation bypass in Firefox for Android. This vulnerability was fixed in Firefox 150.
7.5HIGH
 CVE-2026-6755
< 150.0
Mitigation bypass in the DOM: postMessage component. This vulnerability was fixed in Firefox 150 and Thunderbird 150.
6.5MEDIUM
 CVE-2026-6754
< 150.0
Use-after-free in the JavaScript Engine component. This vulnerability was fixed in Firefox 150, Firefox ESR 115.35, Firefox ESR 14
7.5HIGH
 CVE-2026-6753
< 150.0
Incorrect boundary conditions in the WebRTC component. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbir
7.3HIGH
 CVE-2026-6752
< 150.0
Incorrect boundary conditions in the WebRTC component. This vulnerability was fixed in Firefox 150, Firefox ESR 115.35, Firefox ES
7.3HIGH
 CVE-2026-6751
< 150.0
Uninitialized memory in the Audio/Video: Web Codecs component. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Th
7.3HIGH
 CVE-2026-6750
< 150.0
Privilege escalation in the Graphics: WebRender component. This vulnerability was fixed in Firefox 150, Firefox ESR 115.35, Firefo
8.8HIGH
 CVE-2026-6749
< 150.0
Information disclosure due to uninitialized memory in the Graphics: Canvas2D component. This vulnerability was fixed in Firefox 15
7.5HIGH
 CVE-2026-6748
< 150.0
Uninitialized memory in the Audio/Video: Web Codecs component. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Th
9.8CRITICAL
 CVE-2026-6747
< 150.0
Use-after-free in the WebRTC component. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150, and Thun
7.5HIGH
 CVE-2026-6746
< 150.0
Use-after-free in the DOM: Core & HTML component. This vulnerability was fixed in Firefox 150, Firefox ESR 115.35, Firefox ESR 140
7.5HIGH
 CVE-2026-5735
< 149.0.2
Memory safety bugs present in Firefox 149.0.1 and Thunderbird 149.0.1. Some of these bugs showed evidence of memory corruption and
9.8CRITICAL
 CVE-2026-5734
< 149.0.2
Memory safety bugs present in Firefox ESR 140.9.0, Thunderbird ESR 140.9.0, Firefox 149.0.1 and Thunderbird 149.0.1. Some of these
9.8CRITICAL
 CVE-2026-5733
< 149.0.2
Incorrect boundary conditions in the Graphics: WebGPU component. This vulnerability was fixed in Firefox 149.0.2 and Thunderbird 1
8.8HIGH
 CVE-2026-5732
< 149.0.2
Incorrect boundary conditions, integer overflow in the Graphics: Text component. This vulnerability was fixed in Firefox 149.0.2,
8.8HIGH
 CVE-2026-5731
all versions
Memory safety bugs present in Firefox ESR 115.34.0, Firefox ESR 140.9.0, Thunderbird ESR 140.9.0, Firefox 149.0.1 and Thunderbird
9.8CRITICAL
 CVE-2026-4371
< 149.0
A malicious mail server could send malformed strings with negative lengths, causing the parser to read memory outside the buffer.
7.4HIGH
 CVE-2026-3889
< 149.0
Spoofing issue in Thunderbird. This vulnerability was fixed in Thunderbird 149 and Thunderbird 140.9.
6.5MEDIUM
 CVE-2026-4729
< 149.0
Memory safety bugs present in Firefox 148 and Thunderbird 148. Some of these bugs showed evidence of memory corruption and we pres
9.8CRITICAL
 CVE-2026-4728
< 149.0
Spoofing issue in the Privacy: Anti-Tracking component. This vulnerability was fixed in Firefox 149 and Thunderbird 149.
6.5MEDIUM
 CVE-2026-4727
< 149.0
Denial-of-service in the Libraries component in NSS. This vulnerability was fixed in Firefox 149 and Thunderbird 149.
7.5HIGH
 CVE-2026-4726
< 149.0
Denial-of-service in the XML component. This vulnerability was fixed in Firefox 149 and Thunderbird 149.
7.5HIGH
 CVE-2026-4725
< 149.0
Sandbox escape due to use-after-free in the Graphics: Canvas2D component. This vulnerability was fixed in Firefox 149 and Thunderb
10.0CRITICAL
 CVE-2026-4724
< 149.0
Undefined behavior in the Audio/Video component. This vulnerability was fixed in Firefox 149 and Thunderbird 149.
9.1CRITICAL
 CVE-2026-4723
< 149.0
Use-after-free in the JavaScript Engine component. This vulnerability was fixed in Firefox 149 and Thunderbird 149.
9.8CRITICAL
 CVE-2026-4722
< 149.0
Privilege escalation in the IPC component. This vulnerability was fixed in Firefox 149 and Thunderbird 149.
8.8HIGH
 CVE-2026-4721
< 149.0
Memory safety bugs present in Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird ESR 140.8, Firefox 148 and Thunderbird 148. Some
9.8CRITICAL
 CVE-2026-4720
< 149.0
Memory safety bugs present in Firefox ESR 140.8, Thunderbird ESR 140.8, Firefox 148 and Thunderbird 148. Some of these bugs showed
9.8CRITICAL
 CVE-2026-4719
< 149.0
Incorrect boundary conditions in the Graphics: Text component. This vulnerability was fixed in Firefox 149, Firefox ESR 140.9, Thu
7.5HIGH
 CVE-2026-4718
< 149.0
Undefined behavior in the WebRTC: Signaling component. This vulnerability was fixed in Firefox 149, Firefox ESR 140.9, Thunderbird
8.1HIGH
 CVE-2026-4717
< 149.0
Privilege escalation in the Netmonitor component. This vulnerability was fixed in Firefox 149, Firefox ESR 140.9, Thunderbird 149,
9.8CRITICAL
 CVE-2026-4716
< 149.0
Incorrect boundary conditions, uninitialized memory in the JavaScript Engine component. This vulnerability was fixed in Firefox 14
9.1CRITICAL
 CVE-2026-4715
< 149.0
Uninitialized memory in the Graphics: Canvas2D component. This vulnerability was fixed in Firefox 149, Firefox ESR 140.9, Thunderb
9.1CRITICAL
 CVE-2026-4714
< 149.0
Incorrect boundary conditions in the Audio/Video component. This vulnerability was fixed in Firefox 149, Firefox ESR 140.9, Thunde
7.5HIGH
 CVE-2026-4713
< 149.0
Incorrect boundary conditions in the Graphics component. This vulnerability was fixed in Firefox 149, Firefox ESR 140.9, Thunderbi
7.5HIGH
 CVE-2026-4712
< 149.0
Information disclosure in the Widget: Cocoa component. This vulnerability was fixed in Firefox 149, Firefox ESR 140.9, Thunderbird
7.5HIGH
 CVE-2026-4711
< 149.0
Use-after-free in the Widget: Cocoa component. This vulnerability was fixed in Firefox 149, Firefox ESR 140.9, Thunderbird 149, an
9.8CRITICAL
 CVE-2026-4710
< 149.0
Incorrect boundary conditions in the Audio/Video component. This vulnerability was fixed in Firefox 149, Firefox ESR 140.9, Thunde
9.8CRITICAL
 CVE-2026-4709
< 149.0
Incorrect boundary conditions in the Audio/Video: GMP component. This vulnerability was fixed in Firefox 149, Firefox ESR 115.34,
7.5HIGH
 CVE-2026-4708
< 149.0
Incorrect boundary conditions in the Graphics component. This vulnerability was fixed in Firefox 149, Firefox ESR 140.9, Thunderbi
7.5HIGH
 CVE-2026-4707
< 149.0
Incorrect boundary conditions in the Graphics: Canvas2D component. This vulnerability was fixed in Firefox 149, Firefox ESR 115.34
7.5HIGH
 CVE-2026-4706
< 149.0
Incorrect boundary conditions in the Graphics: Canvas2D component. This vulnerability was fixed in Firefox 149, Firefox ESR 115.34
7.5HIGH
 CVE-2026-4705
< 149.0
Undefined behavior in the WebRTC: Signaling component. This vulnerability was fixed in Firefox 149, Firefox ESR 140.9, Thunderbird
9.8CRITICAL
 CVE-2026-4704
< 149.0
Denial-of-service in the WebRTC: Signaling component. This vulnerability was fixed in Firefox 149, Firefox ESR 140.9, Thunderbird
7.5HIGH
 CVE-2026-4702
< 149.0
JIT miscompilation in the JavaScript Engine component. This vulnerability was fixed in Firefox 149, Firefox ESR 140.9, Thunderbird
9.8CRITICAL
 CVE-2026-4701
< 149.0
Use-after-free in the JavaScript Engine component. This vulnerability was fixed in Firefox 149, Firefox ESR 140.9, Thunderbird 149
9.8CRITICAL
 CVE-2026-4700
< 149.0
Mitigation bypass in the Networking: HTTP component. This vulnerability was fixed in Firefox 149, Firefox ESR 140.9, Thunderbird 1
9.8CRITICAL
 CVE-2026-4699
< 149.0
Incorrect boundary conditions in the Layout: Text and Fonts component. This vulnerability was fixed in Firefox 149, Firefox ESR 11
7.5HIGH
 CVE-2026-4698
< 149.0
JIT miscompilation in the JavaScript Engine: JIT component. This vulnerability was fixed in Firefox 149, Firefox ESR 115.34, Firef
9.8CRITICAL
 CVE-2026-4697
< 149.0
Incorrect boundary conditions in the Audio/Video: Web Codecs component. This vulnerability was fixed in Firefox 149, Firefox ESR 1
7.5HIGH
 CVE-2026-4696
< 149.0
Use-after-free in the Layout: Text and Fonts component. This vulnerability was fixed in Firefox 149, Firefox ESR 115.34, Firefox E
9.8CRITICAL
 CVE-2026-4695
< 149.0
Incorrect boundary conditions in the Audio/Video: Web Codecs component. This vulnerability was fixed in Firefox 149, Firefox ESR 1
7.5HIGH
 CVE-2026-4694
< 149.0
Incorrect boundary conditions, integer overflow in the Graphics component. This vulnerability was fixed in Firefox 149, Firefox ES
7.5HIGH
 CVE-2026-4693
< 149.0
Incorrect boundary conditions in the Audio/Video: Playback component. This vulnerability was fixed in Firefox 149, Firefox ESR 115
7.5HIGH
 CVE-2026-4692
< 149.0
Sandbox escape in the Responsive Design Mode component. This vulnerability was fixed in Firefox 149, Firefox ESR 115.34, Firefox E
10.0CRITICAL
 CVE-2026-4691
< 149.0
Use-after-free in the CSS Parsing and Computation component. This vulnerability was fixed in Firefox 149, Firefox ESR 115.34, Fire
9.8CRITICAL
 CVE-2026-4690
< 149.0
Sandbox escape due to incorrect boundary conditions, integer overflow in the XPCOM component. This vulnerability was fixed in Fire
8.6HIGH
 CVE-2026-4689
< 149.0
Sandbox escape due to incorrect boundary conditions, integer overflow in the XPCOM component. This vulnerability was fixed in Fire
10.0CRITICAL
 CVE-2026-4688
< 149.0
Sandbox escape due to use-after-free in the Disability Access APIs component. This vulnerability was fixed in Firefox 149, Firefox
10.0CRITICAL
 CVE-2026-4687
< 149.0
Sandbox escape due to incorrect boundary conditions in the Telemetry component. This vulnerability was fixed in Firefox 149, Firef
8.6HIGH
 CVE-2026-4686
< 149.0
Incorrect boundary conditions in the Graphics: Canvas2D component. This vulnerability was fixed in Firefox 149, Firefox ESR 115.34
7.5HIGH
 CVE-2026-4685
< 149.0
Incorrect boundary conditions in the Graphics: Canvas2D component. This vulnerability was fixed in Firefox 149, Firefox ESR 115.34
7.5HIGH
 CVE-2026-4684
< 149.0
Race condition, use-after-free in the Graphics: WebRender component. This vulnerability was fixed in Firefox 149, Firefox ESR 115.
7.5HIGH
 CVE-2026-3847
< 148.0.2
Memory safety bugs present in Firefox 148.0.2. Some of these bugs showed evidence of memory corruption and we presume that with en
8.8HIGH
 CVE-2026-3846
< 148.0.2
Same-origin policy bypass in the CSS Parsing and Computation component. This vulnerability was fixed in Firefox 148.0.2.
6.5MEDIUM
 CVE-2026-3845
< 148.0.2
Heap buffer overflow in the Audio/Video: Playback component in Firefox for Android. This vulnerability was fixed in Firefox 148.0.
8.8HIGH
 CVE-2026-2807
< 148.0
Memory safety bugs present in Firefox 147 and Thunderbird 147. Some of these bugs showed evidence of memory corruption and we pres
9.8CRITICAL
 CVE-2026-2806
< 148.0
Uninitialized memory in the Graphics: Text component. This vulnerability was fixed in Firefox 148 and Thunderbird 148.
9.1CRITICAL
 CVE-2026-2805
< 148.0
Invalid pointer in the DOM: Core & HTML component. This vulnerability was fixed in Firefox 148 and Thunderbird 148.
9.8CRITICAL
 CVE-2026-2804
< 148.0
Use-after-free in the JavaScript: WebAssembly component. This vulnerability was fixed in Firefox 148 and Thunderbird 148.
5.4MEDIUM
 CVE-2026-2803
< 148.0
Information disclosure, mitigation bypass in the Settings UI component. This vulnerability was fixed in Firefox 148 and Thunderbir
7.5HIGH
 CVE-2026-2802
< 148.0
Race condition in the JavaScript: GC component. This vulnerability was fixed in Firefox 148 and Thunderbird 148.
4.2MEDIUM
 CVE-2026-2801
< 148.0
Incorrect boundary conditions in the JavaScript: WebAssembly component. This vulnerability was fixed in Firefox 148 and Thunderbir
7.5HIGH
 CVE-2026-2800
< 148.0
Spoofing issue in the WebAuthn component in Firefox for Android. This vulnerability was fixed in Firefox 148 and Thunderbird 148.
9.8CRITICAL
 CVE-2026-2799
< 148.0
Use-after-free in the DOM: Core & HTML component. This vulnerability was fixed in Firefox 148 and Thunderbird 148.
9.8CRITICAL
 CVE-2026-2798
< 148.0
Use-after-free in the DOM: Core & HTML component. This vulnerability was fixed in Firefox 148 and Thunderbird 148.
8.8HIGH
 CVE-2026-2797
< 148.0
Use-after-free in the JavaScript: GC component. This vulnerability was fixed in Firefox 148 and Thunderbird 148.
9.8CRITICAL
 CVE-2026-2796
< 148.0
JIT miscompilation in the JavaScript: WebAssembly component. This vulnerability was fixed in Firefox 148 and Thunderbird 148.
9.8CRITICAL
 CVE-2026-2795
< 148.0
Use-after-free in the JavaScript: GC component. This vulnerability was fixed in Firefox 148 and Thunderbird 148.
9.8CRITICAL
 CVE-2026-2794
< 148.0
Information disclosure due to uninitialized memory in Firefox and Firefox Focus for Android. This vulnerability was fixed in Firef
7.5HIGH
 CVE-2026-2793
< 148.0
Memory safety bugs present in Firefox ESR 115.32, Firefox ESR 140.7, Thunderbird ESR 140.7, Firefox 147 and Thunderbird 147. Some
9.8CRITICAL
 CVE-2026-2792
< 148.0
Memory safety bugs present in Firefox ESR 140.7, Thunderbird ESR 140.7, Firefox 147 and Thunderbird 147. Some of these bugs showed
9.8CRITICAL
 CVE-2026-2791
< 148.0
Mitigation bypass in the Networking: Cache component. This vulnerability was fixed in Firefox 148, Firefox ESR 140.8, Thunderbird
9.8CRITICAL
 CVE-2026-2790
< 148.0
Same-origin policy bypass in the Networking: JAR component. This vulnerability was fixed in Firefox 148, Firefox ESR 140.8, Thunde
9.8CRITICAL
 CVE-2026-2789
< 148.0
Use-after-free in the Graphics: ImageLib component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 1
9.8CRITICAL
 CVE-2026-2788
< 148.0
Incorrect boundary conditions in the Audio/Video: GMP component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33,
9.8CRITICAL
 CVE-2026-2787
< 148.0
Use-after-free in the DOM: Window and Location component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox
9.8CRITICAL
 CVE-2026-2786
< 148.0
Use-after-free in the JavaScript Engine component. This vulnerability was fixed in Firefox 148, Firefox ESR 140.8, Thunderbird 148
9.8CRITICAL
 CVE-2026-2785
< 148.0
Invalid pointer in the JavaScript Engine component. This vulnerability was fixed in Firefox 148, Firefox ESR 140.8, Thunderbird 14
9.8CRITICAL
 CVE-2026-2784
< 148.0
Mitigation bypass in the DOM: Security component. This vulnerability was fixed in Firefox 148, Firefox ESR 140.8, Thunderbird 148,
9.8CRITICAL
 CVE-2026-2783
< 148.0
Information disclosure due to JIT miscompilation in the JavaScript Engine: JIT component. This vulnerability was fixed in Firefox
7.5HIGH
 CVE-2026-2782
< 148.0
Privilege escalation in the Netmonitor component. This vulnerability was fixed in Firefox 148, Firefox ESR 140.8, Thunderbird 148,
9.8CRITICAL
 CVE-2026-2781
< 148.0
Integer overflow in the Libraries component in NSS. This vulnerability was fixed in Firefox 148, Firefox ESR 140.8, Thunderbird 14
9.8CRITICAL
 CVE-2026-2780
< 148.0
Privilege escalation in the Netmonitor component. This vulnerability was fixed in Firefox 148, Firefox ESR 140.8, Thunderbird 148,
9.8CRITICAL
 CVE-2026-2779
< 148.0
Incorrect boundary conditions in the Networking: JAR component. This vulnerability was fixed in Firefox 148, Firefox ESR 140.8, Th
9.8CRITICAL
 CVE-2026-2778
< 148.0
Sandbox escape due to incorrect boundary conditions in the DOM: Core & HTML component. This vulnerability was fixed in Firefox 148
10.0CRITICAL
 CVE-2026-2777
< 148.0
Privilege escalation in the Messaging System component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox E
9.8CRITICAL
 CVE-2026-2776
< 148.0
Sandbox escape due to incorrect boundary conditions in the Telemetry component in External Software. This vulnerability was fixed
10.0CRITICAL
 CVE-2026-2775
< 148.0
Mitigation bypass in the DOM: HTML Parser component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR
9.8CRITICAL
 CVE-2026-2774
< 148.0
Integer overflow in the Audio/Video component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8,
9.8CRITICAL
 CVE-2026-2773
< 148.0
Incorrect boundary conditions in the Web Audio component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox
9.8CRITICAL
 CVE-2026-2772
< 148.0
Use-after-free in the Audio/Video: Playback component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ES
9.8CRITICAL
 CVE-2026-2771
< 148.0
Undefined behavior in the DOM: Core & HTML component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR
9.8CRITICAL
 CVE-2026-2770
< 148.0
Use-after-free in the DOM: Bindings (WebIDL) component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox E
9.8CRITICAL
 CVE-2026-2769
< 148.0
Use-after-free in the Storage: IndexedDB component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 1
8.8HIGH
 CVE-2026-2768
< 148.0
Sandbox escape in the Storage: IndexedDB component. This vulnerability was fixed in Firefox 148, Firefox ESR 140.8, Thunderbird 14
10.0CRITICAL
 CVE-2026-2767
< 148.0
Use-after-free in the JavaScript: WebAssembly component. This vulnerability was fixed in Firefox 148, Firefox ESR 140.8, Thunderbi
9.8CRITICAL
 CVE-2026-2766
< 148.0
Use-after-free in the JavaScript Engine: JIT component. This vulnerability was fixed in Firefox 148, Firefox ESR 140.8, Thunderbir
9.8CRITICAL
 CVE-2026-2765
< 148.0
Use-after-free in the JavaScript Engine component. This vulnerability was fixed in Firefox 148, Firefox ESR 140.8, Thunderbird 148
9.8CRITICAL
 CVE-2026-2764
< 148.0
JIT miscompilation, use-after-free in the JavaScript Engine: JIT component. This vulnerability was fixed in Firefox 148, Firefox E
9.8CRITICAL
 CVE-2026-2763
< 148.0
Use-after-free in the JavaScript Engine component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 14
9.8CRITICAL
 CVE-2026-2762
< 148.0
Integer overflow in the JavaScript: Standard Library component. This vulnerability was fixed in Firefox 148, Firefox ESR 140.8, Th
9.8CRITICAL
 CVE-2026-2761
< 148.0
Sandbox escape in the Graphics: WebRender component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR
10.0CRITICAL
 CVE-2026-2760
< 148.0
Sandbox escape due to incorrect boundary conditions in the Graphics: WebRender component. This vulnerability was fixed in Firefox
10.0CRITICAL
 CVE-2026-2759
< 148.0
Incorrect boundary conditions in the Graphics: ImageLib component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33
9.8CRITICAL
 CVE-2026-2758
< 148.0
Use-after-free in the JavaScript: GC component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8
9.8CRITICAL
 CVE-2026-2757
< 148.0
Incorrect boundary conditions in the WebRTC: Audio/Video component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.3
9.8CRITICAL
 CVE-2026-2634
< 147.4
Malicious scripts could cause desynchronization between the address bar and web content before a response is received in Firefox i
9.8CRITICAL
 CVE-2026-2447
< 147.0.4
Heap buffer overflow in libvpx. This vulnerability was fixed in Firefox 147.0.4, Firefox ESR 140.7.1, Firefox ESR 115.32.1, Thunde
8.8HIGH
 CVE-2026-2032
< 147.2.1
Malicious scripts that interrupt new tab page loading could cause desynchronization between the address bar and page content, allo
4.3MEDIUM
 CVE-2026-0818
< 147.0.1
When a user explicitly requested Thunderbird to decrypt an inline OpenPGP message that was embedded in a text section of an email
4.3MEDIUM
 CVE-2026-24869
< 147.0.2
Use-after-free in the Layout: Scrolling and Overflow component. This vulnerability was fixed in Firefox 147.0.2.
8.8HIGH
 CVE-2026-24868
< 147.0.2
Mitigation bypass in the Privacy: Anti-Tracking component. This vulnerability was fixed in Firefox 147.0.2.
6.5MEDIUM
 CVE-2026-0892
< 147.0
Memory safety bugs present in Firefox 146 and Thunderbird 146. Some of these bugs showed evidence of memory corruption and we pres
9.8CRITICAL
 CVE-2026-0891
< 147.0
Memory safety bugs present in Firefox ESR 140.6, Thunderbird ESR 140.6, Firefox 146 and Thunderbird 146. Some of these bugs showed
8.1HIGH
 CVE-2026-0890
< 147.0
Spoofing issue in the DOM: Copy & Paste and Drag & Drop component. This vulnerability was fixed in Firefox 147, Firefox ESR 140.7,
5.4MEDIUM
 CVE-2026-0889
< 147.0
Denial-of-service in the DOM: Service Workers component. This vulnerability was fixed in Firefox 147 and Thunderbird 147.
7.5HIGH
 CVE-2026-0888
< 147.0
Information disclosure in the XML component. This vulnerability was fixed in Firefox 147 and Thunderbird 147.
5.3MEDIUM
 CVE-2026-0887
< 147.0
Clickjacking issue, information disclosure in the PDF Viewer component. This vulnerability was fixed in Firefox 147, Firefox ESR 1
4.3MEDIUM
 CVE-2026-0886
< 147.0
Incorrect boundary conditions in the Graphics component. This vulnerability was fixed in Firefox 147, Firefox ESR 115.32, Firefox
5.3MEDIUM
 CVE-2026-0885
< 147.0
Use-after-free in the JavaScript: GC component. This vulnerability was fixed in Firefox 147, Firefox ESR 140.7, Thunderbird 147, a
6.5MEDIUM
 CVE-2026-0884
< 147.0
Use-after-free in the JavaScript Engine component. This vulnerability was fixed in Firefox 147, Firefox ESR 140.7, Thunderbird 147
9.8CRITICAL
 CVE-2026-0883
< 147.0
Information disclosure in the Networking component. This vulnerability was fixed in Firefox 147, Firefox ESR 140.7, Thunderbird 14
5.3MEDIUM
 CVE-2026-0882
< 147.0
Use-after-free in the IPC component. This vulnerability was fixed in Firefox 147, Firefox ESR 115.32, Firefox ESR 140.7, Thunderbi
8.8HIGH
 CVE-2026-0881
< 147.0
Sandbox escape in the Messaging System component. This vulnerability was fixed in Firefox 147 and Thunderbird 147.
10.0CRITICAL
 CVE-2026-0880
< 147.0
Sandbox escape due to integer overflow in the Graphics component. This vulnerability was fixed in Firefox 147, Firefox ESR 115.32,
8.8HIGH
 CVE-2026-0879
< 147.0
Sandbox escape due to incorrect boundary conditions in the Graphics component. This vulnerability was fixed in Firefox 147, Firefo
9.8CRITICAL
 CVE-2026-0878
< 147.0
Sandbox escape due to incorrect boundary conditions in the Graphics: CanvasWebGL component. This vulnerability was fixed in Firefo
8.0HIGH
 CVE-2026-0877
< 147.0
Mitigation bypass in the DOM: Security component. This vulnerability was fixed in Firefox 147, Firefox ESR 115.32, Firefox ESR 140
8.1HIGH
 CVE-2025-14861
< 146.0.1
Memory safety bugs present in Firefox 146. Some of these bugs showed evidence of memory corruption and we presume that with enough
8.8HIGH
 CVE-2025-14860
< 146.0.1
Use-after-free in the Disability Access APIs component. This vulnerability was fixed in Firefox 146.0.1.
9.8CRITICAL
 CVE-2025-14744
< 144.0
Unicode RTLO characters could allow malicious websites to spoof filenames in the downloads UI for Firefox for iOS, potentially tri
6.5MEDIUM
 CVE-2025-14333
< 146.0
Memory safety bugs present in Firefox ESR 140.5, Thunderbird ESR 140.5, Firefox 145 and Thunderbird 145. Some of these bugs showed
8.1HIGH
 CVE-2025-14332
< 146.0
Memory safety bugs present in Firefox 145 and Thunderbird 145. Some of these bugs showed evidence of memory corruption and we pres
7.3HIGH
 CVE-2025-14331
< 146.0
Same-origin policy bypass in the Request Handling component. This vulnerability was fixed in Firefox 146, Firefox ESR 115.31, Fire
6.5MEDIUM
 CVE-2025-14330
< 146.0
JIT miscompilation in the JavaScript Engine: JIT component. This vulnerability was fixed in Firefox 146, Firefox ESR 140.6, Thunde
9.8CRITICAL
 CVE-2025-14329
< 146.0
Privilege escalation in the Netmonitor component. This vulnerability was fixed in Firefox 146, Firefox ESR 140.6, Thunderbird 146,
8.8HIGH
 CVE-2025-14328
< 146.0
Privilege escalation in the Netmonitor component. This vulnerability was fixed in Firefox 146, Firefox ESR 140.6, Thunderbird 146,
8.8HIGH
 CVE-2025-14327
< 146.0
Spoofing issue in the Downloads Panel component. This vulnerability was fixed in Firefox 146, Thunderbird 146, Firefox ESR 140.7,
7.5HIGH
 CVE-2025-14326
< 146.0
Use-after-free in the Audio/Video: GMP component. This vulnerability was fixed in Firefox 146 and Thunderbird 146.
9.8CRITICAL
 CVE-2025-14325
< 146.0
JIT miscompilation in the JavaScript Engine: JIT component. This vulnerability was fixed in Firefox 146, Firefox ESR 140.6, Thunde
7.3HIGH
 CVE-2025-14324
< 146.0
JIT miscompilation in the JavaScript Engine: JIT component. This vulnerability was fixed in Firefox 146, Firefox ESR 115.31, Firef
9.8CRITICAL
 CVE-2025-14323
< 146.0
Privilege escalation in the DOM: Notifications component. This vulnerability was fixed in Firefox 146, Firefox ESR 115.31, Firefox
8.8HIGH
 CVE-2025-14322
< 146.0
Sandbox escape due to incorrect boundary conditions in the Graphics: CanvasWebGL component. This vulnerability was fixed in Firefo
8.0HIGH
 CVE-2025-14321
< 146.0
Use-after-free in the WebRTC: Signaling component. This vulnerability was fixed in Firefox 146, Firefox ESR 140.6, Thunderbird 146
9.8CRITICAL
 CVE-2025-13027
< 145.0
Memory safety bugs present in Firefox 144 and Thunderbird 144. Some of these bugs showed evidence of memory corruption and we pres
8.1HIGH
 CVE-2025-13026
< 145.0
Sandbox escape due to incorrect boundary conditions in the Graphics: WebGPU component. This vulnerability was fixed in Firefox 145
9.8CRITICAL
 CVE-2025-13025
< 145.0
Incorrect boundary conditions in the Graphics: WebGPU component. This vulnerability was fixed in Firefox 145 and Thunderbird 145.
7.5HIGH
 CVE-2025-13024
< 145.0
JIT miscompilation in the JavaScript Engine: JIT component. This vulnerability was fixed in Firefox 145 and Thunderbird 145.
9.8CRITICAL
 CVE-2025-13023
< 145.0
Sandbox escape due to incorrect boundary conditions in the Graphics: WebGPU component. This vulnerability was fixed in Firefox 145
9.8CRITICAL
 CVE-2025-13022
< 145.0
Incorrect boundary conditions in the Graphics: WebGPU component. This vulnerability was fixed in Firefox 145 and Thunderbird 145.
9.8CRITICAL
 CVE-2025-13021
< 145.0
Incorrect boundary conditions in the Graphics: WebGPU component. This vulnerability was fixed in Firefox 145 and Thunderbird 145.
9.8CRITICAL
 CVE-2025-13020
< 145.0
Use-after-free in the WebRTC: Audio/Video component. This vulnerability was fixed in Firefox 145, Firefox ESR 140.5, Thunderbird 1
8.8HIGH
 CVE-2025-13019
< 145.0
Same-origin policy bypass in the DOM: Workers component. This vulnerability was fixed in Firefox 145, Firefox ESR 140.5, Thunderbi
8.1HIGH
 CVE-2025-13018
< 145.0
Mitigation bypass in the DOM: Security component. This vulnerability was fixed in Firefox 145, Firefox ESR 140.5, Thunderbird 145,
8.1HIGH
 CVE-2025-13017
< 145.0
Same-origin policy bypass in the DOM: Notifications component. This vulnerability was fixed in Firefox 145, Firefox ESR 140.5, Thu
8.1HIGH
 CVE-2025-13016
< 145.0
Incorrect boundary conditions in the JavaScript: WebAssembly component. This vulnerability was fixed in Firefox 145, Firefox ESR 1
7.5HIGH
 CVE-2025-13015
< 145.0
Spoofing issue in Firefox. This vulnerability was fixed in Firefox 145, Firefox ESR 140.5, and Firefox ESR 115.30.
3.4LOW
 CVE-2025-13014
< 145.0
Use-after-free in the Audio/Video component. This vulnerability was fixed in Firefox 145, Firefox ESR 140.5, Firefox ESR 115.30, T
8.8HIGH
 CVE-2025-13013
< 145.0
Mitigation bypass in the DOM: Core & HTML component. This vulnerability was fixed in Firefox 145, Firefox ESR 140.5, Firefox ESR 1
6.1MEDIUM
 CVE-2025-13012
< 145.0
Race condition in the Graphics component. This vulnerability was fixed in Firefox 145, Firefox ESR 140.5, Firefox ESR 115.30, Thun
7.5HIGH
 CVE-2025-12380
>= 142.0 and < 144.0.2
Starting with Firefox 142, it was possible for a compromised child process to trigger a use-after-free in the GPU or browser proce
9.8CRITICAL
 CVE-2025-11721
>= 143.0 and < 144.0
Memory safety bug present in Firefox 143 and Thunderbird 143. This bug showed evidence of memory corruption and we presume that wi
9.8CRITICAL
 CVE-2025-11720
< 144.0
The Firefox and Firefox Focus UI for the Android custom tab feature only showed the "site" that was loaded, not the full hostname.
8.1HIGH
 CVE-2025-11719
>= 143.0 and < 144.0
Starting in Thunderbird 143, the use of the native messaging API by web extensions on Windows could lead to crashes caused by use-
9.8CRITICAL
 CVE-2025-11718
< 144.0
When the address bar was hidden due to scrolling on Android, a malicious page could create a fake address bar to fool the user in
6.5MEDIUM
 CVE-2025-11717
< 144.0
When switching between Android apps using the card carousel Firefox shows a black screen as its card image when a password-related
9.1CRITICAL
 CVE-2025-11716
< 144.0
Links in a sandboxed iframe could open an external app on Android without the required "allow-" permission. This vulnerability was
6.5MEDIUM
 CVE-2025-11715
< 144.0
Memory safety bugs present in Firefox ESR 140.3, Thunderbird ESR 140.3, Firefox 143 and Thunderbird 143. Some of these bugs showed
8.8HIGH
 CVE-2025-11714
< 144.0
Memory safety bugs present in Firefox ESR 115.28, Firefox ESR 140.3, Thunderbird ESR 140.3, Firefox 143 and Thunderbird 143. Some
8.8HIGH
 CVE-2025-11713
< 144.0
Insufficient escaping in the “Copy as cURL” feature could have been used to trick a user into executing unexpected code on Win
8.1HIGH
 CVE-2025-11712
< 144.0
A malicious page could have used the type attribute of an OBJECT tag to override the default browser behavior when encountering a
6.1MEDIUM
 CVE-2025-11711
< 144.0
There was a way to change the value of JavaScript Object properties that were supposed to be non-writeable. This vulnerability was
6.5MEDIUM
 CVE-2025-11710
< 144.0
A compromised web process using malicious IPC messages could have caused the privileged browser process to reveal blocks of its me
9.8CRITICAL
 CVE-2025-11709
< 144.0
A compromised web process was able to trigger out of bounds reads and writes in a more privileged process using manipulated WebGL
9.8CRITICAL
 CVE-2025-11708
< 144.0
Use-after-free in MediaTrackGraphImpl::GetInstance(). This vulnerability was fixed in Firefox 144, Firefox ESR 140.4, Thunderbird
9.8CRITICAL
 CVE-2025-11153
< 143.0.3
JIT miscompilation in the JavaScript Engine: JIT component. This vulnerability was fixed in Firefox 143.0.3.
7.5HIGH
 CVE-2025-11152
< 143.0.3
Sandbox escape due to integer overflow in the Graphics: Canvas2D component. This vulnerability was fixed in Firefox 143.0.3.
8.6HIGH
 CVE-2025-10859
< 143.1.0
Cookie storage for non-HTML temporary documents was being shared incorrectly with normal browsing content, allowing information fr
4.0MEDIUM
 CVE-2025-10537
< 143.0
Memory safety bugs present in Firefox ESR 140.2, Thunderbird ESR 140.2, Firefox 142 and Thunderbird 142. Some of these bugs showed
8.8HIGH
 CVE-2025-10536
< 143.0
Information disclosure in the Networking: Cache component. This vulnerability was fixed in Firefox 143, Firefox ESR 140.3, Thunder
6.2MEDIUM
 CVE-2025-10535
< 143.0
Information disclosure, mitigation bypass in the Privacy component in Firefox for Android. This vulnerability was fixed in Firefox
7.5HIGH
 CVE-2025-10534
< 143.0
Spoofing issue in the Site Permissions component. This vulnerability was fixed in Firefox 143 and Thunderbird 143.
8.1HIGH
 CVE-2025-10533
< 143.0
Integer overflow in the SVG component. This vulnerability was fixed in Firefox 143, Firefox ESR 115.28, Firefox ESR 140.3, Thunder
8.8HIGH
 CVE-2025-10532
< 143.0
Incorrect boundary conditions in the JavaScript: GC component. This vulnerability was fixed in Firefox 143, Firefox ESR 140.3, Thu
6.5MEDIUM
 CVE-2025-10531
< 143.0
Mitigation bypass in the Web Compatibility: Tooling component. This vulnerability was fixed in Firefox 143 and Thunderbird 143.
5.4MEDIUM
 CVE-2025-10530
< 143.0
Spoofing issue in the WebAuthn component in Firefox for Android. This vulnerability was fixed in Firefox 143 and Thunderbird 143.
6.5MEDIUM
 CVE-2025-10529
< 143.0
Same-origin policy bypass in the Layout component. This vulnerability was fixed in Firefox 143, Firefox ESR 140.3, Thunderbird 143
6.5MEDIUM
 CVE-2025-10528
< 143.0
Sandbox escape due to undefined behavior, invalid pointer in the Graphics: Canvas2D component. This vulnerability was fixed in Fir
7.3HIGH
 CVE-2025-10527
<= 143.0
Sandbox escape due to use-after-free in the Graphics: Canvas2D component. This vulnerability was fixed in Firefox 143, Firefox ESR
7.1HIGH
 CVE-2025-9187
< 142.0
Memory safety bugs present in Firefox 141 and Thunderbird 141. Some of these bugs showed evidence of memory corruption and we pres
9.8CRITICAL
 CVE-2025-9186
< 142.0
Spoofing issue in the Address Bar component of Firefox Focus for Android. This vulnerability was fixed in Firefox 142.
6.5MEDIUM
 CVE-2025-9185
< 142.0
Memory safety bugs present in Firefox ESR 115.26, Firefox ESR 128.13, Thunderbird ESR 128.13, Firefox ESR 140.1, Thunderbird ESR 1
8.1HIGH
 CVE-2025-9184
< 142.0
Memory safety bugs present in Firefox ESR 140.1, Thunderbird ESR 140.1, Firefox 141 and Thunderbird 141. Some of these bugs showed
8.1HIGH
 CVE-2025-9183
< 142.0
Spoofing issue in the Address Bar component. This vulnerability was fixed in Firefox 142 and Firefox ESR 140.2.
6.5MEDIUM
 CVE-2025-9182
< 142.0
Denial-of-service due to out-of-memory in the Graphics: WebRender component. This vulnerability was fixed in Firefox 142, Firefox
7.5HIGH
 CVE-2025-9181
< 142.0
Uninitialized memory in the JavaScript Engine component. This vulnerability was fixed in Firefox 142, Firefox ESR 128.14, Firefox
6.5MEDIUM
 CVE-2025-9180
< 142.0
Same-origin policy bypass in the Graphics: Canvas2D component. This vulnerability was fixed in Firefox 142, Firefox ESR 115.27, Fi
8.1HIGH
 CVE-2025-9179
< 142.0
An attacker was able to perform memory corruption in the GMP process which processes encrypted media. This process is also heavily
9.8CRITICAL
 CVE-2025-8364
< 141.0
A crafted URL using a blob: URI could have hidden the true origin of the page, resulting in a potential spoofing attack. *Note: Th
4.3MEDIUM
 CVE-2025-8042
< 141.0
Firefox for Android allowed a sandboxed iframe without the allow-downloads attribute to start downloads. This vulnerability was
9.8CRITICAL
 CVE-2025-8041
< 141.0
In the address bar, Firefox for Android truncated the display of URLs from the end instead of prioritizing the origin. This vulner
5.3MEDIUM
 CVE-2025-55031
< 142.0
Malicious pages could use Firefox for iOS to pass FIDO: links to the OS and trigger the hybrid passkey transport. An attacker with
9.8CRITICAL
 CVE-2025-55030
< 142.0
Firefox for iOS would not respect a Content-Disposition header of type Attachment and would incorrectly display the content inline
6.1MEDIUM
 CVE-2025-55029
< 142.0
Malicious scripts could bypass the popup blocker to spam new tabs, potentially resulting in denial of service attacks. This vulner
7.5HIGH
 CVE-2025-55028
< 142.0
Malicious scripts utilizing repetitive JavaScript alerts could prevent client user interaction in some scenarios and allow for den
6.5MEDIUM
 CVE-2025-54145
< 141.0
The QR scanner could allow arbitrary websites to be opened if a user was tricked into scanning a malicious link that leveraged Fir
9.1CRITICAL
 CVE-2025-54144
< 141.0
The URL scheme used by Firefox to facilitate searching of text queries could incorrectly allow attackers to open arbitrary website
5.4MEDIUM
 CVE-2025-54143
< 141.0
Sandboxed iframes on webpages could potentially allow downloads to the device, bypassing the expected sandbox restrictions declare
9.8CRITICAL
 CVE-2025-8044
< 141.0
Memory safety bugs present in Firefox 140 and Thunderbird 140. Some of these bugs showed evidence of memory corruption and we pres
9.8CRITICAL
 CVE-2025-8043
< 141.0
Focus incorrectly truncated URLs towards the beginning instead of around the origin. This vulnerability was fixed in Firefox 141.
9.8CRITICAL
 CVE-2025-8040
< 141.0
Memory safety bugs present in Firefox ESR 140.0, Thunderbird ESR 140.0, Firefox 140 and Thunderbird 140. Some of these bugs showed
8.8HIGH
 CVE-2025-8039
< 141.0
In some cases search terms persisted in the URL bar even after navigating away from the search page. This vulnerability was fixed
8.1HIGH
 CVE-2025-8038
< 141.0
Thunderbird ignored paths when checking the validity of navigations in a frame. This vulnerability was fixed in Firefox 141, Firef
9.8CRITICAL
 CVE-2025-8037
< 141.0
Setting a nameless cookie with an equals sign in the value shadowed other cookies. Even if the nameless cookie was set over HTTP a
9.1CRITICAL
 CVE-2025-8036
< 141.0
Thunderbird cached CORS preflight responses across IP address changes. This allowed circumventing CORS with DNS rebinding. This vu
8.1HIGH
 CVE-2025-8035
< 141.0
Memory safety bugs present in Firefox ESR 128.12, Thunderbird ESR 128.12, Firefox ESR 140.0, Thunderbird ESR 140.0, Firefox 140 an
8.8HIGH
 CVE-2025-8034
< 141.0
Memory safety bugs present in Firefox ESR 115.25, Firefox ESR 128.12, Thunderbird ESR 128.12, Firefox ESR 140.0, Thunderbird ESR 1
8.8HIGH
 CVE-2025-8033
< 141.0
The JavaScript engine did not handle closed generators correctly and it was possible to resume them leading to a nullptr deref. Th
6.5MEDIUM
 CVE-2025-8032
< 141.0
XSLT document loading did not correctly propagate the source document which bypassed its CSP. This vulnerability was fixed in Fire
8.1HIGH
 CVE-2025-8031
< 141.0
The username:password part was not correctly stripped from URLs in CSP reports potentially leaking HTTP Basic Authentication cre
9.8CRITICAL
 CVE-2025-8030
< 141.0
Insufficient escaping in the “Copy as cURL” feature could potentially be used to trick a user into executing unexpected code.
8.1HIGH
 CVE-2025-8029
< 141.0
Thunderbird executed javascript: URLs when used in object and embed tags. This vulnerability was fixed in Firefox 141, Firef
8.1HIGH
 CVE-2025-8028
< 141.0
On arm64, a WASM br_table instruction with a lot of entries could lead to the label being too far from the instruction causing t
9.8CRITICAL
 CVE-2025-8027
< 141.0
On 64-bit platforms IonMonkey-JIT only wrote 32 bits of the 64-bit return value space on the stack. Baseline-JIT, however, read th
6.5MEDIUM
 CVE-2025-6436
< 140.0
Memory safety bugs present in Firefox 139 and Thunderbird 139. Some of these bugs showed evidence of memory corruption and we pres
8.1HIGH
 CVE-2025-6435
< 140.0
If a user saved a response from the Network tab in Devtools using the Save As context menu option, that file may not have been sav
8.1HIGH
 CVE-2025-6434
< 140.0
The exception page for the HTTPS-Only feature, displayed when a website is opened via HTTP, lacked an anti-clickjacking delay, pot
4.3MEDIUM
 CVE-2025-6433
< 140.0
If a user visited a webpage with an invalid TLS certificate, and granted an exception, the webpage was able to provide a WebAuthn
9.8CRITICAL
 CVE-2025-6432
< 140.0
When Multi-Account Containers was enabled, DNS requests could have bypassed a SOCKS proxy when the domain name was invalid or the
8.6HIGH
 CVE-2025-6431
< 140.0
When a link can be opened in an external application, Firefox for Android will, by default, prompt the user before doing so. An at
6.5MEDIUM
 CVE-2025-6430
< 140.0
When a file download is specified via the Content-Disposition header, that directive would be ignored if the file was included v
6.1MEDIUM
 CVE-2025-6429
< 140.0
Firefox could have incorrectly parsed a URL and rewritten it to the youtube.com domain when parsing the URL specified in an `embed
6.5MEDIUM
 CVE-2025-6428
< 140.0
When a URL was provided in a link querystring parameter, Firefox for Android would follow that URL instead of the correct URL, pot
4.3MEDIUM
 CVE-2025-6427
< 140.0
An attacker was able to bypass the connect-src directive of a Content Security Policy by manipulating subdocuments. This would h
9.1CRITICAL
 CVE-2025-6426
< 140.0
The executable file warning did not warn users before opening files with the terminal extension. *This bug only affects Firefox
8.8HIGH
 CVE-2025-6425
< 140.0
An attacker who enumerated resources from the WebCompat extension could have obtained a persistent UUID that identified the browse
4.3MEDIUM
 CVE-2025-6424
< 140.0
A use-after-free in FontFaceSet resulted in a potentially exploitable crash. This vulnerability was fixed in Firefox 140, Firefox
9.8CRITICAL
 CVE-2025-5986
< 128.11.1
A crafted HTML email using mailbox:/// links can trigger automatic, unsolicited downloads of .pdf files to the user's desktop or h
6.5MEDIUM
 CVE-2025-49710
< 139.0.4
An integer overflow was present in OrderedHashTable used by the JavaScript engine. This vulnerability was fixed in Firefox 139.0
9.8CRITICAL
 CVE-2025-49709
< 139.0.4
Certain canvas operations could have lead to memory corruption. This vulnerability was fixed in Firefox 139.0.4.
9.8CRITICAL
 CVE-2025-5272
< 139.0
Memory safety bugs present in Firefox 138 and Thunderbird 138. Some of these bugs showed evidence of memory corruption and we pres
7.3HIGH
 CVE-2025-5271
< 139.0
Previewing a response in Devtools ignored CSP headers, which could have allowed content injection attacks. This vulnerability was
6.5MEDIUM
 CVE-2025-5270
< 139.0
In certain cases, SNI could have been sent unencrypted even when encrypted DNS was enabled. This vulnerability was fixed in Firefo
7.5HIGH
 CVE-2025-5269
< 128.11.0
Memory safety bug present in Firefox ESR 128.10, and Thunderbird 128.10. This bug showed evidence of memory corruption and we pres
8.1HIGH
 CVE-2025-5268
< 139.0
Memory safety bugs present in Firefox 138, Thunderbird 138, Firefox ESR 128.10, and Thunderbird 128.10. Some of these bugs showed
8.1HIGH
 CVE-2025-5267
< 139.0
A clickjacking vulnerability could have been used to trick a user into leaking saved payment card details to a malicious page. Thi
5.4MEDIUM
 CVE-2025-5266
< 139.0
Script elements loading cross-origin resources generated load and error events which leaked information enabling XS-Leaks attacks.
4.3MEDIUM
 CVE-2025-5265
< 139.0
Due to insufficient escaping of the ampersand character in the “Copy as cURL” feature, an attacker could trick a user into usi
4.8MEDIUM
 CVE-2025-5264
< 139.0
Due to insufficient escaping of the newline character in the “Copy as cURL” feature, an attacker could trick a user into using
4.8MEDIUM
 CVE-2025-5263
< 139.0
Error handling for script execution was incorrectly isolated from web content, which could have allowed cross-origin leak attacks.
4.3MEDIUM
 CVE-2025-5262
< 139.0
A double-free could have occurred in vpx_codec_enc_init_multi after a failed allocation when initializing the encoder for WebRTC
7.5HIGH
 CVE-2025-5020
< 139.0
Opening maliciously-crafted URLs in Firefox from other apps such as Safari could have allowed attackers to spoof website addresses
4.3MEDIUM
 CVE-2025-4919
< 138.0.4
An attacker was able to perform an out-of-bounds read or write on a JavaScript object by confusing array index sizes. This vulnera
8.8HIGH
 CVE-2025-4918
< 138.0.4
An attacker was able to perform an out-of-bounds read or write on a JavaScript Promise object. This vulnerability was fixed in F
9.8CRITICAL
 CVE-2025-3932
< 128.10.1
It was possible to craft an email that showed a tracking link as an attachment. If the user attempted to open the attachment, Thun
6.5MEDIUM
 CVE-2025-3909
< 128.10.1
Thunderbird's handling of the X-Mozilla-External-Attachment-URL header can be exploited to execute JavaScript in the file:/// cont
8.1HIGH
 CVE-2025-3875
< 128.10.0
Thunderbird parses addresses in a way that can allow sender spoofing in case the server allows an invalid From address to be used.
7.5HIGH
 CVE-2025-4093
< 128.10
Memory safety bug present in Firefox ESR 128.9, and Thunderbird 128.9. This bug showed evidence of memory corruption and we presum
8.1HIGH
 CVE-2025-4092
< 138.0
Memory safety bugs present in Firefox 137 and Thunderbird 137. Some of these bugs showed evidence of memory corruption and we pres
6.5MEDIUM
 CVE-2025-4091
< 138.0
Memory safety bugs present in Firefox 137, Thunderbird 137, Firefox ESR 128.9, and Thunderbird 128.9. Some of these bugs showed ev
8.1HIGH
 CVE-2025-4090
< 138.0
A vulnerability existed in Thunderbird for Android where potentially sensitive library locations were logged via Logcat. This vuln
5.3MEDIUM
 CVE-2025-4089
< 138.0
Due to insufficient escaping of special characters in the "copy as cURL" feature, an attacker could trick a user into using this c
5.1MEDIUM
 CVE-2025-4088
< 138.0
A security vulnerability in Thunderbird allowed malicious sites to use redirects to send credentialed requests to arbitrary endpoi
6.5MEDIUM
 CVE-2025-4087
< 138.0
A vulnerability was identified in Thunderbird where XPath parsing could trigger undefined behavior due to missing null checks duri
4.8MEDIUM
 CVE-2025-4086
< 138.0
A specially crafted filename containing a large number of encoded newline characters could obscure the file's extension when displ
6.5MEDIUM
 CVE-2025-4085
< 138.0
An attacker with control over a content process could potentially leverage the privileged UITour actor to leak sensitive informati
7.1HIGH
 CVE-2025-4084
< 115.23
Due to insufficient escaping of the special characters in the "copy as cURL" feature, an attacker could trick a user into using th
5.7MEDIUM
 CVE-2025-4083
< 138.0
A process isolation vulnerability in Thunderbird stemmed from improper handling of javascript: URIs, which could allow content to
9.1CRITICAL
 CVE-2025-4082
< 138.0
Modification of specific WebGL shader attributes could trigger an out-of-bounds read, which, when chained with other vulnerabiliti
5.9MEDIUM
 CVE-2025-2817
< 138.0
Thunderbird's update mechanism allowed a medium-integrity user process to interfere with the SYSTEM-level updater by manipulating
8.8HIGH
 CVE-2025-3523
< 128.9.2
When an email contains multiple attachments with external links via the X-Mozilla-External-Attachment-URL header, only the last li
6.4MEDIUM
 CVE-2025-3522
< 128.9.2
Thunderbird processes the X-Mozilla-External-Attachment-URL header to handle attachments which can be hosted externally. When an e
6.3MEDIUM
 CVE-2025-2830
< 128.9.2
By crafting a malformed file name for an attachment in a multipart message, an attacker can trick Thunderbird into including a dir
6.3MEDIUM
 CVE-2025-3608
< 137.0.2
A race condition existed in nsHttpTransaction that could have been exploited to cause memory corruption, potentially leading to an
6.5MEDIUM
 CVE-2025-3035
< 137.0
By first using the AI chatbot in one tab and later activating it in another tab, the document title of the previous tab would leak
5.3MEDIUM
 CVE-2025-3034
< 137.0
Memory safety bugs present in Firefox 136 and Thunderbird 136. Some of these bugs showed evidence of memory corruption and we pres
8.1HIGH
 CVE-2025-3033
< 137.0
After selecting a malicious Windows .url shortcut from the local filesystem, an unexpected file could be uploaded. *This bug o
7.7HIGH
 CVE-2025-3032
< 137.0
Leaking of file descriptors from the fork server to web content processes could allow for privilege escalation attacks. This vulne
7.4HIGH
 CVE-2025-3031
< 137.0
An attacker could read 32 bits of values spilled onto the stack in a JIT compiled function. This vulnerability was fixed in Firefo
6.5MEDIUM
 CVE-2025-3030
< 136.0
Memory safety bugs present in Firefox 136, Thunderbird 136, Firefox ESR 128.8, and Thunderbird 128.8. Some of these bugs showed ev
8.1HIGH
 CVE-2025-3029
< 137.0
A crafted URL containing specific Unicode characters could have hidden the true origin of the page, resulting in a potential spoof
7.3HIGH
 CVE-2025-3028
< 137.0
JavaScript code running while transforming a document with the XSLTProcessor could lead to a use-after-free. This vulnerability wa
6.5MEDIUM
 CVE-2025-2857
< 136.0.4
Following the recent Chrome sandbox escape (CVE-2025-2783), various Firefox developers identified a similar pattern in our IPC cod
10.0CRITICAL
 CVE-2025-26696
< 128.8.0
Certain crafted MIME email messages that claimed to contain an encrypted OpenPGP message, which instead contained an OpenPGP signe
7.0HIGH
 CVE-2025-26695
< 128.8.0
When requesting an OpenPGP key from a WKD server, an incorrect padding size was used and a network observer could have learned the
5.3MEDIUM
 CVE-2025-27426
< 136.0
Malicious websites utilizing a server-side redirect to an internal error page could result in a spoofed website URL. This vulnerab
5.4MEDIUM
 CVE-2025-27425
< 136.0
Scanning certain QR codes that included text with a website URL could allow the URL to be opened without presenting the user with
4.3MEDIUM
 CVE-2025-27424
< 136.0
Websites redirecting to a non-HTTP scheme URL could allow a website address to be spoofed for a malicious page. This vulnerability
4.3MEDIUM
 CVE-2025-1943
< 136.0
Memory safety bugs present in Firefox 135 and Thunderbird 135. Some of these bugs showed evidence of memory corruption and we pres
8.2HIGH
 CVE-2025-1942
< 136.0
When String.toUpperCase() caused a string to get longer it was possible for uninitialized memory to be incorporated into the resul
9.8CRITICAL
 CVE-2025-1941
< 136.0
Under certain circumstances, a user opt-in setting that Focus should require authentication before use could have been be bypassed
9.1CRITICAL
 CVE-2025-1940
< 136.0
A select option could partially obscure the confirmation prompt shown before launching external apps. This could be used to trick
7.1HIGH
 CVE-2025-1939
< 136.0
Android apps can load web pages using the Custom Tabs feature. This feature supports a transition animation that could have been u
3.9LOW
 CVE-2025-1938
< 135.0
Memory safety bugs present in Firefox 135, Thunderbird 135, Firefox ESR 128.7, and Thunderbird 128.7. Some of these bugs showed ev
6.5MEDIUM
 CVE-2025-1937
< 135.0
Memory safety bugs present in Firefox 135, Thunderbird 135, Firefox ESR 115.20, Firefox ESR 128.7, and Thunderbird 128.7. Some of
7.5HIGH
 CVE-2025-1936
< 136.0
jar: URLs retrieve local file content packaged in a ZIP archive. The null and everything after it was ignored when retrieving the
7.3HIGH
 CVE-2025-1935
< 136.0
A web page could trick a user into setting that site as the default handler for a custom URL protocol. This vulnerability was fixe
4.3MEDIUM
 CVE-2025-1934
< 136.0
It was possible to interrupt the processing of a RegExp bailout and run additional JavaScript, potentially triggering garbage coll
6.5MEDIUM
 CVE-2025-1933
< 136.0
On 64-bit CPUs, when the JIT compiles WASM i32 return values they can pick up bits from left over memory. This can potentially cau
7.6HIGH
 CVE-2025-1932
< 136.0
An inconsistent comparator in xslt/txNodeSorter could have resulted in potentially exploitable out-of-bounds access. Only affected
8.1HIGH
 CVE-2025-1931
< 136.0
It was possible to cause a use-after-free in the content process side of a WebTransport connection, leading to a potentially explo
7.5HIGH
 CVE-2025-1930
< 136.0
On Windows, a compromised content process could use bad StreamData sent over AudioIPC to trigger a use-after-free in the Browser p
8.8HIGH
 CVE-2025-1414
< 135.0.1
Memory safety bugs present in Firefox 135. Some of these bugs showed evidence of memory corruption and we presume that with enough
6.5MEDIUM
 CVE-2025-1020
< 135.0
Memory safety bugs present in Firefox 134 and Thunderbird 134. Some of these bugs showed evidence of memory corruption and we pres
9.8CRITICAL
 CVE-2025-1019
< 135.0
The z-order of the browser windows could be manipulated to hide the fullscreen notification. This could potentially be leveraged t
4.3MEDIUM
 CVE-2025-1018
< 135.0
The fullscreen notification is prematurely hidden when fullscreen is re-requested quickly by the user. This could have been levera
5.3MEDIUM
 CVE-2025-1017
< 135.0
Memory safety bugs present in Firefox 134, Thunderbird 134, Firefox ESR 128.6, and Thunderbird 128.6. Some of these bugs showed ev
9.8CRITICAL
 CVE-2025-1016
< 135.0
Memory safety bugs present in Firefox 134, Thunderbird 134, Firefox ESR 115.19, Firefox ESR 128.6, Thunderbird 115.19, and Thunder
9.8CRITICAL
 CVE-2025-1015
>= 128.0.1 and < 128.7.0
The Thunderbird Address Book URI fields contained unsanitized links. This could be used by an attacker to create and export an add
5.4MEDIUM
 CVE-2025-1014
< 135.0
Certificate length was not properly checked when added to a certificate store. In practice only trusted data was processed. This v
8.8HIGH
 CVE-2025-1013
< 135.0
A race condition could have led to private browsing tabs being opened in normal browsing windows. This could have resulted in a po
6.5MEDIUM
 CVE-2025-1012
< 135.0
A race during concurrent delazification could have led to a use-after-free. This vulnerability was fixed in Firefox 135, Firefox E
7.5HIGH
 CVE-2025-1011
< 135.0
A bug in WebAssembly code generation could have lead to a crash. It may have been possible for an attacker to leverage this to ach
8.8HIGH
 CVE-2025-1010
< 135.0
An attacker could have caused a use-after-free via the Custom Highlight API, leading to a potentially exploitable crash. This vuln
8.8HIGH
 CVE-2025-1009
< 135.0
An attacker could have caused a use-after-free via crafted XSLT data, leading to a potentially exploitable crash. This vulnerabili
9.8CRITICAL
 CVE-2025-0510
>= 131.0 and < 135.0
Thunderbird displayed an incorrect sender address if the From field of an email used the invalid group name syntax that is describ
6.5MEDIUM
 CVE-2025-23109
< 134.0
Long hostnames in URLs could be leveraged to obscure the actual host of the website or spoof the website address. This vulnerabili
6.5MEDIUM
 CVE-2025-23108
< 134.0
Opening Javascript links in a new tab via long-press in the Firefox iOS client could result in a malicious script spoofing the URL
4.3MEDIUM
 CVE-2025-0247
< 134.0
Memory safety bugs present in Firefox 133 and Thunderbird 133. Some of these bugs showed evidence of memory corruption and we pres
9.8CRITICAL
 CVE-2025-0246
< 134.0
When using an invalid protocol scheme, an attacker could spoof the address bar. *Note: This issue only affected Android operating
6.5MEDIUM
 CVE-2025-0245
< 134.0
Under certain circumstances, a user opt-in setting that Focus should require authentication before use could have been be bypassed
3.3LOW
 CVE-2025-0244
< 134.0
When redirecting to an invalid protocol scheme, an attacker could spoof the address bar. *Note: This issue only affected Android
5.3MEDIUM
 CVE-2025-0243
< 133.0
Memory safety bugs present in Firefox 133, Thunderbird 133, Firefox ESR 128.5, and Thunderbird 128.5. Some of these bugs showed ev
5.1MEDIUM
 CVE-2025-0242
< 134.0
Memory safety bugs present in Firefox 133, Thunderbird 133, Firefox ESR 115.18, Firefox ESR 128.5, Thunderbird 115.18, and Thunder
6.5MEDIUM
 CVE-2025-0241
< 134.0
When segmenting specially crafted text, segmentation would corrupt memory leading to a potentially exploitable crash. This vulnera
7.7HIGH
 CVE-2025-0240
< 134.0
Parsing a JavaScript module as JSON could, under some circumstances, cause cross-compartment access, which may result in a use-aft
4.0MEDIUM
 CVE-2025-0239
< 134.0
When using Alt-Svc, ALPN did not properly validate certificates when the original server is redirecting to an insecure site. This
4.0MEDIUM
 CVE-2025-0238
< 134.0
Assuming a controlled failed memory allocation, an attacker could have caused a use-after-free, leading to a potentially exploitab
5.3MEDIUM
 CVE-2025-0237
< 134.0
The WebChannel API, which is used to transport various information across processes, did not check the sending principal but rathe
5.4MEDIUM
 CVE-2024-53976
< 133.0
Under certain circumstances, navigating to a webpage would result in the address missing from the location URL bar, making it uncl
5.4MEDIUM
 CVE-2024-53975
< 133.0
Accessing a non-secure HTTP site that uses a non-existent port may cause the SSL padlock icon in the location URL bar to, misleadi
5.4MEDIUM
 CVE-2024-11708
< 133.0
Missing thread synchronization primitives could have led to a data race on members of the PlaybackParams structure. This vulnerabi
6.5MEDIUM
 CVE-2024-11706
< 133.0
A null pointer dereference may have inadvertently occurred in pk12util, and specifically in the SEC_ASN1DecodeItem_Util functi
6.5MEDIUM
 CVE-2024-11705
< 133.0
NSC_DeriveKey inadvertently assumed that the phKey parameter is always non-NULL. When it was passed as NULL, a segmentation fa
9.1CRITICAL
 CVE-2024-11704
< 133.0
A double-free issue could have occurred in sec_pkcs7_decoder_start_decrypt() when handling an error path. Under specific conditi
9.8CRITICAL
 CVE-2024-11703
< 133.0
On Android, Firefox may have inadvertently allowed viewing saved passwords without the required device PIN authentication. This vu
5.7MEDIUM
 CVE-2024-11702
< 133.0
Copying sensitive information from Private Browsing tabs on Android, such as passwords, may have inadvertently stored data in the
7.5HIGH
 CVE-2024-11701
< 133.0
The incorrect domain may have been displayed in the address bar during an interrupted navigation attempt. This could have led to u
4.3MEDIUM
 CVE-2024-11700
< 133.0
Malicious websites may have been able to perform user intent confirmation through tapjacking. This could have led to users unknowi
8.1HIGH
 CVE-2024-11699
< 133.0
Memory safety bugs present in Firefox 132, Firefox ESR 128.4, and Thunderbird 128.4. Some of these bugs showed evidence of memory
8.8HIGH
 CVE-2024-11698
< 133.0
A flaw in handling fullscreen transitions may have inadvertently caused the application to become stuck in fullscreen mode when a
9.8CRITICAL
 CVE-2024-11697
< 133.0
When handling keypress events, an attacker may have been able to trick a user into bypassing the "Open Executable File?" confirmat
8.8HIGH
 CVE-2024-11696
< 133.0
The application failed to account for exceptions thrown by the loadManifestFromFile method during add-on signature verification.
5.4MEDIUM
 CVE-2024-11695
< 133.0
A crafted URL containing Arabic script and whitespace characters could have hidden the true origin of the page, resulting in a pot
5.4MEDIUM
 CVE-2024-11694
< 133.0
Enhanced Tracking Protection's Strict mode may have inadvertently allowed a CSP frame-src bypass and DOM-based XSS through the G
6.1MEDIUM
 CVE-2024-11693
< 133.0
The executable file warning was not presented when downloading .library-ms files. *Note: This issue only affected Windows operat
9.8CRITICAL
 CVE-2024-11692
< 133.0
An attacker could cause a select dropdown to be shown over another tab; this could have led to user confusion and possible spoofin
4.3MEDIUM
 CVE-2024-11691
>= 129.0 and < 133.0
Certain WebGL operations on Apple silicon M series devices could have lead to an out-of-bounds write and memory corruption due to
8.8HIGH
 CVE-2024-11159
< 128.4.3
Using remote content in OpenPGP encrypted messages can lead to the disclosure of plaintext. This vulnerability affects Thunderbird
4.3MEDIUM
 CVE-2024-10941
< 126.0
A malicious website could have included an iframe with an malformed URI resulting in a non-exploitable browser crash. This vulnera
6.5MEDIUM
 CVE-2024-10468
< 132.0
Potential race conditions in IndexedDB could have caused memory corruption, leading to a potentially exploitable crash. This vulne
5.3MEDIUM
 CVE-2024-10467
< 132.0
Memory safety bugs present in Firefox 131, Firefox ESR 128.3, and Thunderbird 128.3. Some of these bugs showed evidence of memory
8.8HIGH
 CVE-2024-10466
< 132.0
By sending a specially crafted push message, a remote server could have hung the parent process, causing the browser to become unr
7.5HIGH
 CVE-2024-10465
< 132.0
A clipboard "paste" button could persist across tabs which allowed a spoofing attack. This vulnerability affects Firefox < 132, Fi
6.5MEDIUM
 CVE-2024-10464
< 132.0
Repeated writes to history interface attributes could have been used to cause a Denial of Service condition in the browser. This w
6.5MEDIUM
 CVE-2024-10463
< 132.0
Video frames could have been leaked between origins in some situations. This vulnerability affects Firefox < 132, Firefox ESR < 12
6.5MEDIUM
 CVE-2024-10462
< 132.0
Truncation of a long URL could have allowed origin spoofing in a permission prompt. This vulnerability affects Firefox < 132, Fire
6.5MEDIUM
 CVE-2024-10461
< 132.0
In multipart/x-mixed-replace responses, Content-Disposition: attachment in the response header was not respected and did not for
6.1MEDIUM
 CVE-2024-10460
< 132.0
The origin of an external protocol handler prompt could have been obscured using a data: URL within an iframe. This vulnerabilit
5.3MEDIUM
 CVE-2024-10459
< 132.0
An attacker could have caused a use-after-free when accessibility was enabled, leading to a potentially exploitable crash. This vu
7.5HIGH
 CVE-2024-10458
< 132.0
A permission leak could have occurred from a trusted site to an untrusted site via embed or object elements. This vulnerabilit
7.5HIGH
 CVE-2024-10004
< 131.2.0
Opening an external link to an HTTP website when Firefox iOS was previously closed and had an HTTPS tab open could in some cases r
9.1CRITICAL
 CVE-2024-9936
< 131.0.3
When manipulating the selection node cache, an attacker may have been able to cause unexpected behavior, potentially leading to an
6.5MEDIUM
 CVE-2024-9680
< 131.0.2
An attacker was able to achieve code execution in the content process by exploiting a use-after-free in Animation timelines. We ha
9.8CRITICAL
 CVE-2024-9403
< 131.0
Memory safety bugs present in Firefox 130. Some of these bugs showed evidence of memory corruption and we presume that with enough
7.3HIGH
 CVE-2024-9402
< 131.0
Memory safety bugs present in Firefox 130, Firefox ESR 128.2, and Thunderbird 128.2. Some of these bugs showed evidence of memory
9.8CRITICAL
 CVE-2024-9401
< 131.0
Memory safety bugs present in Firefox 130, Firefox ESR 115.15, Firefox ESR 128.2, and Thunderbird 128.2. Some of these bugs showed
9.8CRITICAL
 CVE-2024-9400
< 131.0
A potential memory corruption vulnerability could be triggered if an attacker had the ability to trigger an OOM at a specific mome
8.8HIGH
 CVE-2024-9399
< 128.3.0
A website configured to initiate a specially crafted WebTransport session could crash the Firefox process leading to a denial of s
7.5HIGH
 CVE-2024-9398
< 131.0
By checking the result of calls to window.open with specifically set protocol handlers, an attacker could determine if the appli
5.3MEDIUM
 CVE-2024-9397
< 131.0
A missing delay in directory upload UI could have made it possible for an attacker to trick a user into granting permission via cl
6.1MEDIUM
 CVE-2024-9396
< 131.0
It is currently unknown if this issue is exploitable but a condition may arise where the structured clone of certain objects could
8.8HIGH
 CVE-2024-9395
< 131.0
A specially crafted filename containing a large number of spaces could obscure the file's extension when displayed in the download
5.3MEDIUM
 CVE-2024-9394
< 131.0
An attacker could, via a specially crafted multipart response, execute arbitrary JavaScript under the resource://devtools origin
7.5HIGH
 CVE-2024-9393
< 131.0
An attacker could, via a specially crafted multipart response, execute arbitrary JavaScript under the resource://pdf.js origin.
7.5HIGH
 CVE-2024-9392
< 131.0
A compromised content process could have allowed for the arbitrary loading of cross-origin pages. This vulnerability affects Firef
9.8CRITICAL
 CVE-2024-9391
< 131.0
A user who enables full-screen mode on a specially crafted web page could potentially be prevented from exiting full screen mode.
6.5MEDIUM
 CVE-2024-8900
< 129.0
An attacker could write data to the user's clipboard, bypassing the user prompt, during a certain sequence of navigational events.
7.5HIGH
 CVE-2024-8897
< 130.0.1
Under certain conditions, an attacker with the ability to redirect users to a malicious site via an open redirect on a trusted sit
6.1MEDIUM
 CVE-2024-7652
< 128.0
An error in the ECMA-262 specification relating to Async Generators could have resulted in a type confusion, potentially leading t
7.5HIGH
 CVE-2024-8394
< 128.2.0
When aborting the verification of an OTR chat session, an attacker could have caused a use-after-free bug leading to a potentially
6.5MEDIUM
 CVE-2024-8389
all versions
Memory safety bugs present in Firefox 129. Some of these bugs showed evidence of memory corruption and we presume that with enough
9.8CRITICAL
 CVE-2024-8388
< 130.0
Multiple prompts and panels from both Firefox and the Android OS could be used to obscure the notification announcing the transiti
5.3MEDIUM
 CVE-2024-8387
all versions
Memory safety bugs present in Firefox 129, Firefox ESR 128.1, and Thunderbird 128.1. Some of these bugs showed evidence of memory
9.8CRITICAL
 CVE-2024-8386
< 130.0
If a site had been granted the permission to open popup windows, it could cause Select elements to appear on top of another site t
6.1MEDIUM
 CVE-2024-8385
< 130.0
A difference in the handling of StructFields and ArrayTypes in WASM could be used to trigger an exploitable type confusion vulnera
9.8CRITICAL
 CVE-2024-8384
< 130.0
The JavaScript garbage collector could mis-color cross-compartment objects if OOM conditions were detected at the right point betw
9.8CRITICAL
 CVE-2024-8383
< 130.0
Firefox normally asks for confirmation before asking the operating system to find an application to handle a scheme that the brows
7.5HIGH
 CVE-2024-8382
< 130.0
Internal browser event interfaces were exposed to web content when privileged EventHandler listener callbacks ran for those events
8.8HIGH
 CVE-2024-8381
< 130.0
A potentially exploitable type confusion could be triggered when looking up a property name on an object being used as the with
9.8CRITICAL
 CVE-2024-43113
< 129
The contextual menu for links could provide an opportunity for cross-site scripting attacks This vulnerability affects Firefox for
6.1MEDIUM
 CVE-2024-43112
< 129
Long pressing on a download link could potentially provide a means for cross-site scripting This vulnerability affects Firefox for
6.1MEDIUM
 CVE-2024-43111
< 129
Long pressing on a download link could potentially allow Javascript commands to be executed within the browser This vulnerability
6.1MEDIUM
 CVE-2024-7531
< 129.0
Calling PK11_Encrypt() in NSS using CKM_CHACHA20 and the same buffer for input and output can result in plaintext on an Intel Sa
6.5MEDIUM
 CVE-2024-7530
< 129.0
Incorrect garbage collection interaction could have led to a use-after-free. This vulnerability affects Firefox < 129.
8.8HIGH
 CVE-2024-7529
< 129.0
The date picker could partially obscure security prompts. This could be used by a malicious site to trick a user into granting per
6.5MEDIUM
 CVE-2024-7528
< 129.0
Incorrect garbage collection interaction in IndexedDB could have led to a use-after-free. This vulnerability affects Firefox < 129
8.8HIGH
 CVE-2024-7527
< 129.0
Unexpected marking work at the start of sweeping could have led to a use-after-free. This vulnerability affects Firefox < 129, Fir
8.8HIGH
 CVE-2024-7526
< 129.0
ANGLE failed to initialize parameters which lead to reading from uninitialized memory. This could be leveraged to leak sensitive d
6.5MEDIUM
 CVE-2024-7525
< 129.0
It was possible for a web extension with minimal permissions to create a StreamFilter which could be used to read and modify the
8.1HIGH
 CVE-2024-7524
< 129.0
Firefox adds web-compatibility shims in place of some tracking scripts blocked by Enhanced Tracking Protection. On a site protect
6.1MEDIUM
 CVE-2024-7523
< 129
A select option could partially obscure security prompts. This could be used by a malicious site to trick a user into granting per
8.1HIGH
 CVE-2024-7522
< 129.0
Editor code failed to check an attribute value. This could have led to an out-of-bounds read. This vulnerability affects Firefox <
8.8HIGH
 CVE-2024-7521
< 129.0
Incomplete WebAssembly exception handing could have led to a use-after-free. This vulnerability affects Firefox < 129, Firefox ESR
8.8HIGH
 CVE-2024-7520
< 129.0
A type confusion bug in WebAssembly could be leveraged by an attacker to potentially achieve code execution. This vulnerability af
8.8HIGH
 CVE-2024-7519
< 129.0
Insufficient checks when processing graphics shared memory could have led to memory corruption. This could be leveraged by an atta
9.6CRITICAL
 CVE-2024-7518
< 129
Select options could obscure the fullscreen notification dialog. This could be used by a malicious site to perform a spoofing atta
6.5MEDIUM
 CVE-2024-6615
< 128.0
Memory safety bugs present in Firefox 127 and Thunderbird 127. Some of these bugs showed evidence of memory corruption and we pres
8.8HIGH
 CVE-2024-6614
< 128.0
The frame iterator could get stuck in a loop when encountering certain wasm frames leading to incorrect stack traces. This vulnera
4.3MEDIUM
 CVE-2024-6613
< 128.0
The frame iterator could get stuck in a loop when encountering certain wasm frames leading to incorrect stack traces. This vulnera
5.5MEDIUM
 CVE-2024-6612
< 128.0
CSP violations generated links in the console tab of the developer tools, pointing to the violating resource. This caused a DNS pr
5.3MEDIUM
 CVE-2024-6611
< 128.0
A nested iframe, triggering a cross-site navigation, could send SameSite=Strict or Lax cookies. This vulnerability affects Firefox
9.8CRITICAL
 CVE-2024-6610
< 128.0
Form validation popups could capture escape key presses. Therefore, spamming form validation messages could be used to prevent use
4.3MEDIUM
 CVE-2024-6609
< 128.0
When almost out-of-memory an elliptic curve key which was never allocated could have been freed again. This vulnerability affects
8.8HIGH
 CVE-2024-6608
< 128.0
It was possible to move the cursor using pointerlock from an iframe. This allowed moving the cursor outside of the viewport and th
4.3MEDIUM
 CVE-2024-6607
< 128.0
It was possible to prevent a user from exiting pointerlock when pressing escape and to overlay customValidity notifications from a
8.8HIGH
 CVE-2024-6606
< 128.0
Clipboard code failed to check the index on an array access. This could have led to an out-of-bounds read. This vulnerability affe
8.2HIGH
 CVE-2024-6605
< 128.0
Firefox Android allowed immediate interaction with permission prompts. This could be used for tapjacking. This vulnerability affec
8.8HIGH
 CVE-2024-6604
< 126.0
Memory safety bugs present in Firefox 127, Firefox ESR 115.12, and Thunderbird 115.12. Some of these bugs showed evidence of memor
7.5HIGH
 CVE-2024-6603
< 128.0
In an out-of-memory scenario an allocation could fail but free would have been called on the pointer afterwards leading to memory
7.4HIGH
 CVE-2024-6602
< 128.0
A mismatch between allocator and deallocator could have led to memory corruption. This vulnerability affects Firefox < 128, Firefo
9.8CRITICAL
 CVE-2024-6601
< 128.0
A race condition could lead to a cross-origin container obtaining permissions of the top-level origin. This vulnerability affects
4.7MEDIUM
 CVE-2024-6600
< 128.0
Due to large allocation checks in Angle for GLSL shaders being too lenient an out-of-bounds access could occur when allocating mor
6.3MEDIUM
 CVE-2024-38313
< 127.0
In certain scenarios a malicious website could attempt to display a fake location URL bar which could mislead users as to the actu
4.3MEDIUM
 CVE-2024-38312
< 127.0
When browsing private tabs, some data related to location history or webpage thumbnails could be persisted incorrectly within the
6.5MEDIUM
 CVE-2024-5702
< 125.0
Memory corruption in the networking stack could have led to a potentially exploitable crash. This vulnerability affects Firefox <
7.5HIGH
 CVE-2024-5701
< 127.0
Memory safety bugs present in Firefox 126. Some of these bugs showed evidence of memory corruption and we presume that with enough
9.8CRITICAL
 CVE-2024-5700
< 127.0
Memory safety bugs present in Firefox 126, Firefox ESR 115.11, and Thunderbird 115.11. Some of these bugs showed evidence of memor
7.0HIGH
 CVE-2024-5699
< 127.0
In violation of spec, cookie prefixes such as __Secure were being ignored if they were not correctly capitalized - by spec they
9.8CRITICAL
 CVE-2024-5698
< 127
By manipulating the fullscreen feature while opening a data-list, an attacker could have overlaid a text box over the address bar.
6.1MEDIUM
 CVE-2024-5697
< 127
A website was able to detect when a user took a screenshot of a page using the built-in Screenshot functionality in Firefox. This
4.3MEDIUM
 CVE-2024-5696
< 127.0
By manipulating the text in an &lt;input&gt; tag, an attacker could have caused corrupt memory leading to a potentially exploita
8.6HIGH
 CVE-2024-5695
< 127.0
If an out-of-memory condition occurs at a specific point using allocations in the probabilistic heap checker, an assertion could h
9.8CRITICAL
 CVE-2024-5694
< 127.0
An attacker could have caused a use-after-free in the JavaScript engine to read memory in the JavaScript string section of the hea
7.5HIGH
 CVE-2024-5693
< 127.0
Offscreen Canvas did not properly track cross-origin tainting, which could be used to access image data from another site in viola
6.1MEDIUM
 CVE-2024-5692
< 127.0
On Windows 10, when using the 'Save As' functionality, an attacker could have tricked the browser into saving the file with a disa
6.5MEDIUM
 CVE-2024-5691
< 127.0
By tricking the browser with a X-Frame-Options header, a sandboxed iframe could have presented a button that, if clicked by a us
4.7MEDIUM
 CVE-2024-5690
< 127.0
By monitoring the time certain operations take, an attacker could have guessed which external protocol handlers were functional on
4.3MEDIUM
 CVE-2024-5689
< 127.0
In addition to detecting when a user was taking a screenshot (XXX), a website was able to overlay the 'My Shots' button that appea
4.3MEDIUM
 CVE-2024-5688
< 127.0
If a garbage collection was triggered at the right time, a use-after-free could have occurred during object transplant. This vulne
8.1HIGH
 CVE-2024-5687
< 127.0
If a specific sequence of actions is performed when opening a new tab, the triggering principal associated with the new tab may ha
5.3MEDIUM
 CVE-2024-4778
< 126.0
Memory safety bugs present in Firefox 125. Some of these bugs showed evidence of memory corruption and we presume that with enough
9.8CRITICAL
 CVE-2024-4777
< 126.0
Memory safety bugs present in Firefox 125, Firefox ESR 115.10, and Thunderbird 115.10. Some of these bugs showed evidence of memor
8.8HIGH
 CVE-2024-4776
< 126.0
A file dialog shown while in full-screen mode could have resulted in the window remaining disabled. This vulnerability affects Fir
8.2HIGH
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh  ·  Open-source threat intelligence platform  ·  100+ authoritative sources  ·  Every fact traces to its origin