Home/Product/mozilla thunderbird
Product

mozilla thunderbird

500 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
CVE-2026-8094
< 140.10.2
Other issue in the WebRTC component. This vulnerability was fixed in Firefox ESR 140.10.2 and Thunderbird 140.10.2.
9.8CRITICAL
 CVE-2026-8093
< 150.0.2
Memory safety bugs present in Firefox 150.0.1. Some of these bugs showed evidence of memory corruption and we presume that with en
8.1HIGH
 CVE-2026-8092
>= 140.0 and < 140.10.2
Memory safety bugs present in Firefox ESR 115.35.1, Firefox ESR 140.10.1 and Firefox 150.0.1. Some of these bugs showed evidence o
8.1HIGH
 CVE-2026-8091
>= 140.0 and < 140.10.1
Incorrect boundary conditions in the Audio/Video: Playback component. This vulnerability was fixed in Firefox 150, Thunderbird 150
9.8CRITICAL
 CVE-2026-8090
< 150.0.2
Use-after-free in the DOM: Networking component. This vulnerability was fixed in Firefox 150.0.2, Firefox ESR 140.10.2, Firefox ES
7.3HIGH
 CVE-2026-7324
< 150.0.1
Memory safety bugs present in Thunderbird 150.0.0. Some of these bugs showed evidence of memory corruption and we presume that wit
7.3HIGH
 CVE-2026-7323
< 150.0.1
Memory safety bugs present in Thunderbird ESR 140.10.0 and Thunderbird 150.0.0. Some of these bugs showed evidence of memory corru
7.3HIGH
 CVE-2026-7322
< 150.0.1
Memory safety bugs present in Thunderbird ESR 140.10.0 and Thunderbird 150.0.0. Some of these bugs showed evidence of memory corru
7.3HIGH
 CVE-2026-7321
< 150.0
Sandbox escape due to incorrect boundary conditions in the WebRTC: Networking component. This vulnerability was fixed in Firefox 1
9.6CRITICAL
 CVE-2026-7320
< 150.0.1
Information disclosure due to incorrect boundary conditions in the Audio/Video component. This vulnerability was fixed in Firefox
7.5HIGH
 CVE-2026-6786
>= 140.0 and < 140.10.0
Memory safety bugs present in Firefox ESR 140.9, Thunderbird ESR 140.9, Firefox 149 and Thunderbird 149. Some of these bugs showed
7.5HIGH
 CVE-2026-6785
>= 140.0 and < 140.10.0
Memory safety bugs present in Firefox ESR 115.34, Firefox ESR 140.9, Thunderbird ESR 140.9, Firefox 149 and Thunderbird 149. Some
7.5HIGH
 CVE-2026-6784
< 150.0
Memory safety bugs present in Firefox 149 and Thunderbird 149. Some of these bugs showed evidence of memory corruption and we pres
7.5HIGH
 CVE-2026-6783
< 150.0
Incorrect boundary conditions, integer overflow in the Audio/Video: Playback component. This vulnerability was fixed in Firefox 15
5.3MEDIUM
 CVE-2026-6782
< 150.0
Information disclosure in the IP Protection component. This vulnerability was fixed in Firefox 150 and Thunderbird 150.
7.5HIGH
 CVE-2026-6781
< 150.0
Denial-of-service in the Audio/Video: Playback component. This vulnerability was fixed in Firefox 150 and Thunderbird 150.
7.5HIGH
 CVE-2026-6780
< 150.0
Denial-of-service in the Audio/Video: Playback component. This vulnerability was fixed in Firefox 150 and Thunderbird 150.
7.5HIGH
 CVE-2026-6779
< 150.0
Other issue in the JavaScript Engine component. This vulnerability was fixed in Firefox 150 and Thunderbird 150.
5.3MEDIUM
 CVE-2026-6778
< 150.0
Invalid pointer in the Audio/Video: Playback component. This vulnerability was fixed in Firefox 150 and Thunderbird 150.
5.3MEDIUM
 CVE-2026-6777
< 150.0
Other issue in the Networking: DNS component. This vulnerability was fixed in Firefox 150 and Thunderbird 150.
5.3MEDIUM
 CVE-2026-6776
< 140.10.0
Incorrect boundary conditions in the WebRTC: Networking component. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10
7.8HIGH
 CVE-2026-6775
< 150.0
Incorrect boundary conditions in the WebRTC component. This vulnerability was fixed in Firefox 150 and Thunderbird 150.
5.3MEDIUM
 CVE-2026-6774
< 150.0
Mitigation bypass in the DOM: Security component. This vulnerability was fixed in Firefox 150 and Thunderbird 150.
5.4MEDIUM
 CVE-2026-6773
< 150.0
Denial-of-service due to integer overflow in the Graphics: WebGPU component. This vulnerability was fixed in Firefox 150 and Thund
7.5HIGH
 CVE-2026-6772
< 140.10.0
Incorrect boundary conditions in the Libraries component in NSS. This vulnerability was fixed in Firefox 150, Firefox ESR 115.35,
7.5HIGH
 CVE-2026-6771
>= 140.0 and < 140.10.0
Mitigation bypass in the DOM: Security component. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150
9.8CRITICAL
 CVE-2026-6770
< 140.10.0
Other issue in the Storage: IndexedDB component. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150,
6.5MEDIUM
 CVE-2026-6769
< 140.10.0
Privilege escalation in the Debugger component. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150,
8.8HIGH
 CVE-2026-6768
< 150.0
Mitigation bypass in the Networking: Cookies component. This vulnerability was fixed in Firefox 150 and Thunderbird 150.
9.8CRITICAL
 CVE-2026-6767
>= 140.0 and < 140.10.0
Other issue in the Libraries component in NSS. This vulnerability was fixed in Firefox 150, Firefox ESR 115.35, Firefox ESR 140.10
5.3MEDIUM
 CVE-2026-6766
< 140.10.0
Incorrect boundary conditions in the Libraries component in NSS. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10,
7.5HIGH
 CVE-2026-6765
< 140.10.0
Information disclosure in the Form Autofill component. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbir
5.3MEDIUM
 CVE-2026-6764
>= 140.0 and < 140.10.0
Incorrect boundary conditions in the DOM: Device Interfaces component. This vulnerability was fixed in Firefox 150, Firefox ESR 14
6.5MEDIUM
 CVE-2026-6763
>= 140.0 and < 140.10.0
Mitigation bypass in the File Handling component. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150
6.5MEDIUM
 CVE-2026-6762
>= 140.0 and < 140.10.0
Spoofing issue in the DOM: Core & HTML component. This vulnerability was fixed in Firefox 150, Firefox ESR 115.35, Firefox ESR 140
6.3MEDIUM
 CVE-2026-6761
< 140.10.0
Privilege escalation in the Networking component. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150
8.8HIGH
 CVE-2026-6760
< 150.0
Mitigation bypass in the Networking: Cookies component. This vulnerability was fixed in Firefox 150 and Thunderbird 150.
9.8CRITICAL
 CVE-2026-6759
>= 140.0 and < 140.10.0
Use-after-free in the Widget: Cocoa component. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150, a
7.5HIGH
 CVE-2026-6758
< 150.0
Use-after-free in the JavaScript: WebAssembly component. This vulnerability was fixed in Firefox 150 and Thunderbird 150.
7.5HIGH
 CVE-2026-6757
>= 140.0 and < 140.10.0
Invalid pointer in the JavaScript: WebAssembly component. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunder
6.3MEDIUM
 CVE-2026-6755
< 150.0
Mitigation bypass in the DOM: postMessage component. This vulnerability was fixed in Firefox 150 and Thunderbird 150.
6.5MEDIUM
 CVE-2026-6754
< 140.10.0
Use-after-free in the JavaScript Engine component. This vulnerability was fixed in Firefox 150, Firefox ESR 115.35, Firefox ESR 14
7.5HIGH
 CVE-2026-6753
>= 140.0 and < 140.10.0
Incorrect boundary conditions in the WebRTC component. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbir
7.3HIGH
 CVE-2026-6752
>= 140.0 and < 140.10.0
Incorrect boundary conditions in the WebRTC component. This vulnerability was fixed in Firefox 150, Firefox ESR 115.35, Firefox ES
7.3HIGH
 CVE-2026-6751
>= 140.0 and < 140.10.0
Uninitialized memory in the Audio/Video: Web Codecs component. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Th
7.3HIGH
 CVE-2026-6750
< 140.10.0
Privilege escalation in the Graphics: WebRender component. This vulnerability was fixed in Firefox 150, Firefox ESR 115.35, Firefo
8.8HIGH
 CVE-2026-6749
< 140.10.0
Information disclosure due to uninitialized memory in the Graphics: Canvas2D component. This vulnerability was fixed in Firefox 15
7.5HIGH
 CVE-2026-6748
< 140.10.0
Uninitialized memory in the Audio/Video: Web Codecs component. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Th
9.8CRITICAL
 CVE-2026-6747
< 140.10.0
Use-after-free in the WebRTC component. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150, and Thun
7.5HIGH
 CVE-2026-6746
< 140.10.0
Use-after-free in the DOM: Core & HTML component. This vulnerability was fixed in Firefox 150, Firefox ESR 115.35, Firefox ESR 140
7.5HIGH
 CVE-2026-5735
< 149.0.2
Memory safety bugs present in Firefox 149.0.1 and Thunderbird 149.0.1. Some of these bugs showed evidence of memory corruption and
9.8CRITICAL
 CVE-2026-5734
< 149.0.2
Memory safety bugs present in Firefox ESR 140.9.0, Thunderbird ESR 140.9.0, Firefox 149.0.1 and Thunderbird 149.0.1. Some of these
9.8CRITICAL
 CVE-2026-5731
all versions
Memory safety bugs present in Firefox ESR 115.34.0, Firefox ESR 140.9.0, Thunderbird ESR 140.9.0, Firefox 149.0.1 and Thunderbird
9.8CRITICAL
 CVE-2026-4371
< 149.0
A malicious mail server could send malformed strings with negative lengths, causing the parser to read memory outside the buffer.
7.4HIGH
 CVE-2026-3889
< 149.0
Spoofing issue in Thunderbird. This vulnerability was fixed in Thunderbird 149 and Thunderbird 140.9.
6.5MEDIUM
 CVE-2026-4729
< 149.0
Memory safety bugs present in Firefox 148 and Thunderbird 148. Some of these bugs showed evidence of memory corruption and we pres
9.8CRITICAL
 CVE-2026-4728
< 149.0
Spoofing issue in the Privacy: Anti-Tracking component. This vulnerability was fixed in Firefox 149 and Thunderbird 149.
6.5MEDIUM
 CVE-2026-4727
< 149.0
Denial-of-service in the Libraries component in NSS. This vulnerability was fixed in Firefox 149 and Thunderbird 149.
7.5HIGH
 CVE-2026-4726
< 149.0
Denial-of-service in the XML component. This vulnerability was fixed in Firefox 149 and Thunderbird 149.
7.5HIGH
 CVE-2026-4724
< 149.0
Undefined behavior in the Audio/Video component. This vulnerability was fixed in Firefox 149 and Thunderbird 149.
9.1CRITICAL
 CVE-2026-4721
< 149.0
Memory safety bugs present in Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird ESR 140.8, Firefox 148 and Thunderbird 148. Some
9.8CRITICAL
 CVE-2026-4720
< 149.0
Memory safety bugs present in Firefox ESR 140.8, Thunderbird ESR 140.8, Firefox 148 and Thunderbird 148. Some of these bugs showed
9.8CRITICAL
 CVE-2026-4718
< 149.0
Undefined behavior in the WebRTC: Signaling component. This vulnerability was fixed in Firefox 149, Firefox ESR 140.9, Thunderbird
8.1HIGH
 CVE-2026-4710
< 149.0
Incorrect boundary conditions in the Audio/Video component. This vulnerability was fixed in Firefox 149, Firefox ESR 140.9, Thunde
9.8CRITICAL
 CVE-2026-4694
< 149.0
Incorrect boundary conditions, integer overflow in the Graphics component. This vulnerability was fixed in Firefox 149, Firefox ES
7.5HIGH
 CVE-2026-4692
< 149.0
Sandbox escape in the Responsive Design Mode component. This vulnerability was fixed in Firefox 149, Firefox ESR 115.34, Firefox E
10.0CRITICAL
 CVE-2026-4689
< 149.0
Sandbox escape due to incorrect boundary conditions, integer overflow in the XPCOM component. This vulnerability was fixed in Fire
10.0CRITICAL
 CVE-2026-2807
< 148.0
Memory safety bugs present in Firefox 147 and Thunderbird 147. Some of these bugs showed evidence of memory corruption and we pres
9.8CRITICAL
 CVE-2026-2806
< 148.0
Uninitialized memory in the Graphics: Text component. This vulnerability was fixed in Firefox 148 and Thunderbird 148.
9.1CRITICAL
 CVE-2026-2805
< 148.0
Invalid pointer in the DOM: Core & HTML component. This vulnerability was fixed in Firefox 148 and Thunderbird 148.
9.8CRITICAL
 CVE-2026-2804
< 148.0
Use-after-free in the JavaScript: WebAssembly component. This vulnerability was fixed in Firefox 148 and Thunderbird 148.
5.4MEDIUM
 CVE-2026-2803
< 148.0
Information disclosure, mitigation bypass in the Settings UI component. This vulnerability was fixed in Firefox 148 and Thunderbir
7.5HIGH
 CVE-2026-2802
< 148.0
Race condition in the JavaScript: GC component. This vulnerability was fixed in Firefox 148 and Thunderbird 148.
4.2MEDIUM
 CVE-2026-2801
< 148.0
Incorrect boundary conditions in the JavaScript: WebAssembly component. This vulnerability was fixed in Firefox 148 and Thunderbir
7.5HIGH
 CVE-2026-2800
< 148.0
Spoofing issue in the WebAuthn component in Firefox for Android. This vulnerability was fixed in Firefox 148 and Thunderbird 148.
9.8CRITICAL
 CVE-2026-2799
< 148.0
Use-after-free in the DOM: Core & HTML component. This vulnerability was fixed in Firefox 148 and Thunderbird 148.
9.8CRITICAL
 CVE-2026-2798
< 148.0
Use-after-free in the DOM: Core & HTML component. This vulnerability was fixed in Firefox 148 and Thunderbird 148.
8.8HIGH
 CVE-2026-2797
< 148.0
Use-after-free in the JavaScript: GC component. This vulnerability was fixed in Firefox 148 and Thunderbird 148.
9.8CRITICAL
 CVE-2026-2796
< 148.0
JIT miscompilation in the JavaScript: WebAssembly component. This vulnerability was fixed in Firefox 148 and Thunderbird 148.
9.8CRITICAL
 CVE-2026-2795
< 148.0
Use-after-free in the JavaScript: GC component. This vulnerability was fixed in Firefox 148 and Thunderbird 148.
9.8CRITICAL
 CVE-2026-2793
< 148.0
Memory safety bugs present in Firefox ESR 115.32, Firefox ESR 140.7, Thunderbird ESR 140.7, Firefox 147 and Thunderbird 147. Some
9.8CRITICAL
 CVE-2026-2792
< 148.0
Memory safety bugs present in Firefox ESR 140.7, Thunderbird ESR 140.7, Firefox 147 and Thunderbird 147. Some of these bugs showed
9.8CRITICAL
 CVE-2026-2791
< 148.0
Mitigation bypass in the Networking: Cache component. This vulnerability was fixed in Firefox 148, Firefox ESR 140.8, Thunderbird
9.8CRITICAL
 CVE-2026-2790
< 148.0
Same-origin policy bypass in the Networking: JAR component. This vulnerability was fixed in Firefox 148, Firefox ESR 140.8, Thunde
9.8CRITICAL
 CVE-2026-2789
< 148.0
Use-after-free in the Graphics: ImageLib component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 1
9.8CRITICAL
 CVE-2026-2788
< 148.0
Incorrect boundary conditions in the Audio/Video: GMP component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33,
9.8CRITICAL
 CVE-2026-2787
< 148.0
Use-after-free in the DOM: Window and Location component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox
9.8CRITICAL
 CVE-2026-2786
< 148.0
Use-after-free in the JavaScript Engine component. This vulnerability was fixed in Firefox 148, Firefox ESR 140.8, Thunderbird 148
9.8CRITICAL
 CVE-2026-2785
< 148.0
Invalid pointer in the JavaScript Engine component. This vulnerability was fixed in Firefox 148, Firefox ESR 140.8, Thunderbird 14
9.8CRITICAL
 CVE-2026-2784
< 148.0
Mitigation bypass in the DOM: Security component. This vulnerability was fixed in Firefox 148, Firefox ESR 140.8, Thunderbird 148,
9.8CRITICAL
 CVE-2026-2783
< 148.0
Information disclosure due to JIT miscompilation in the JavaScript Engine: JIT component. This vulnerability was fixed in Firefox
7.5HIGH
 CVE-2026-2782
< 148.0
Privilege escalation in the Netmonitor component. This vulnerability was fixed in Firefox 148, Firefox ESR 140.8, Thunderbird 148,
9.8CRITICAL
 CVE-2026-2781
< 148.0
Integer overflow in the Libraries component in NSS. This vulnerability was fixed in Firefox 148, Firefox ESR 140.8, Thunderbird 14
9.8CRITICAL
 CVE-2026-2780
< 148.0
Privilege escalation in the Netmonitor component. This vulnerability was fixed in Firefox 148, Firefox ESR 140.8, Thunderbird 148,
9.8CRITICAL
 CVE-2026-2779
< 148.0
Incorrect boundary conditions in the Networking: JAR component. This vulnerability was fixed in Firefox 148, Firefox ESR 140.8, Th
9.8CRITICAL
 CVE-2026-2778
< 148.0
Sandbox escape due to incorrect boundary conditions in the DOM: Core & HTML component. This vulnerability was fixed in Firefox 148
10.0CRITICAL
 CVE-2026-2777
< 148.0
Privilege escalation in the Messaging System component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox E
9.8CRITICAL
 CVE-2026-2776
< 148.0
Sandbox escape due to incorrect boundary conditions in the Telemetry component in External Software. This vulnerability was fixed
10.0CRITICAL
 CVE-2026-2775
< 148.0
Mitigation bypass in the DOM: HTML Parser component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR
9.8CRITICAL
 CVE-2026-2774
< 148.0
Integer overflow in the Audio/Video component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8,
9.8CRITICAL
 CVE-2026-2773
< 148.0
Incorrect boundary conditions in the Web Audio component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox
9.8CRITICAL
 CVE-2026-2772
< 148.0
Use-after-free in the Audio/Video: Playback component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ES
9.8CRITICAL
 CVE-2026-2771
< 148.0
Undefined behavior in the DOM: Core & HTML component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR
9.8CRITICAL
 CVE-2026-2770
< 148.0
Use-after-free in the DOM: Bindings (WebIDL) component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox E
9.8CRITICAL
 CVE-2026-2769
< 148.0
Use-after-free in the Storage: IndexedDB component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 1
8.8HIGH
 CVE-2026-2768
< 148.0
Sandbox escape in the Storage: IndexedDB component. This vulnerability was fixed in Firefox 148, Firefox ESR 140.8, Thunderbird 14
10.0CRITICAL
 CVE-2026-2767
< 148.0
Use-after-free in the JavaScript: WebAssembly component. This vulnerability was fixed in Firefox 148, Firefox ESR 140.8, Thunderbi
9.8CRITICAL
 CVE-2026-2766
< 148.0
Use-after-free in the JavaScript Engine: JIT component. This vulnerability was fixed in Firefox 148, Firefox ESR 140.8, Thunderbir
9.8CRITICAL
 CVE-2026-2765
< 148.0
Use-after-free in the JavaScript Engine component. This vulnerability was fixed in Firefox 148, Firefox ESR 140.8, Thunderbird 148
9.8CRITICAL
 CVE-2026-2764
< 148.0
JIT miscompilation, use-after-free in the JavaScript Engine: JIT component. This vulnerability was fixed in Firefox 148, Firefox E
9.8CRITICAL
 CVE-2026-2763
< 148.0
Use-after-free in the JavaScript Engine component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 14
9.8CRITICAL
 CVE-2026-2762
< 148.0
Integer overflow in the JavaScript: Standard Library component. This vulnerability was fixed in Firefox 148, Firefox ESR 140.8, Th
9.8CRITICAL
 CVE-2026-2761
< 148.0
Sandbox escape in the Graphics: WebRender component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR
10.0CRITICAL
 CVE-2026-2760
< 148.0
Sandbox escape due to incorrect boundary conditions in the Graphics: WebRender component. This vulnerability was fixed in Firefox
10.0CRITICAL
 CVE-2026-2759
< 148.0
Incorrect boundary conditions in the Graphics: ImageLib component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33
9.8CRITICAL
 CVE-2026-2758
< 148.0
Use-after-free in the JavaScript: GC component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8
9.8CRITICAL
 CVE-2026-2757
< 148.0
Incorrect boundary conditions in the WebRTC: Audio/Video component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.3
9.8CRITICAL
 CVE-2026-2447
< 140.7.2
Heap buffer overflow in libvpx. This vulnerability was fixed in Firefox 147.0.4, Firefox ESR 140.7.1, Firefox ESR 115.32.1, Thunde
8.8HIGH
 CVE-2026-0818
< 147.0.1
When a user explicitly requested Thunderbird to decrypt an inline OpenPGP message that was embedded in a text section of an email
4.3MEDIUM
 CVE-2026-0892
< 147.0
Memory safety bugs present in Firefox 146 and Thunderbird 146. Some of these bugs showed evidence of memory corruption and we pres
9.8CRITICAL
 CVE-2026-0891
< 147.0
Memory safety bugs present in Firefox ESR 140.6, Thunderbird ESR 140.6, Firefox 146 and Thunderbird 146. Some of these bugs showed
8.1HIGH
 CVE-2026-0890
< 147.0
Spoofing issue in the DOM: Copy & Paste and Drag & Drop component. This vulnerability was fixed in Firefox 147, Firefox ESR 140.7,
5.4MEDIUM
 CVE-2026-0889
< 147.0
Denial-of-service in the DOM: Service Workers component. This vulnerability was fixed in Firefox 147 and Thunderbird 147.
7.5HIGH
 CVE-2026-0888
< 147.0
Information disclosure in the XML component. This vulnerability was fixed in Firefox 147 and Thunderbird 147.
5.3MEDIUM
 CVE-2026-0887
< 147.0
Clickjacking issue, information disclosure in the PDF Viewer component. This vulnerability was fixed in Firefox 147, Firefox ESR 1
4.3MEDIUM
 CVE-2026-0886
< 147.0
Incorrect boundary conditions in the Graphics component. This vulnerability was fixed in Firefox 147, Firefox ESR 115.32, Firefox
5.3MEDIUM
 CVE-2026-0885
< 147.0
Use-after-free in the JavaScript: GC component. This vulnerability was fixed in Firefox 147, Firefox ESR 140.7, Thunderbird 147, a
6.5MEDIUM
 CVE-2026-0884
< 147.0
Use-after-free in the JavaScript Engine component. This vulnerability was fixed in Firefox 147, Firefox ESR 140.7, Thunderbird 147
9.8CRITICAL
 CVE-2026-0883
< 147.0
Information disclosure in the Networking component. This vulnerability was fixed in Firefox 147, Firefox ESR 140.7, Thunderbird 14
5.3MEDIUM
 CVE-2026-0882
< 147.0
Use-after-free in the IPC component. This vulnerability was fixed in Firefox 147, Firefox ESR 115.32, Firefox ESR 140.7, Thunderbi
8.8HIGH
 CVE-2026-0881
< 147.0
Sandbox escape in the Messaging System component. This vulnerability was fixed in Firefox 147 and Thunderbird 147.
10.0CRITICAL
 CVE-2026-0880
< 147.0
Sandbox escape due to integer overflow in the Graphics component. This vulnerability was fixed in Firefox 147, Firefox ESR 115.32,
8.8HIGH
 CVE-2026-0879
< 147.0
Sandbox escape due to incorrect boundary conditions in the Graphics component. This vulnerability was fixed in Firefox 147, Firefo
9.8CRITICAL
 CVE-2026-0878
< 147.0
Sandbox escape due to incorrect boundary conditions in the Graphics: CanvasWebGL component. This vulnerability was fixed in Firefo
8.0HIGH
 CVE-2026-0877
< 147.0
Mitigation bypass in the DOM: Security component. This vulnerability was fixed in Firefox 147, Firefox ESR 115.32, Firefox ESR 140
8.1HIGH
 CVE-2025-14333
< 146.0
Memory safety bugs present in Firefox ESR 140.5, Thunderbird ESR 140.5, Firefox 145 and Thunderbird 145. Some of these bugs showed
8.1HIGH
 CVE-2025-14332
< 146.0
Memory safety bugs present in Firefox 145 and Thunderbird 145. Some of these bugs showed evidence of memory corruption and we pres
7.3HIGH
 CVE-2025-14331
< 146.0
Same-origin policy bypass in the Request Handling component. This vulnerability was fixed in Firefox 146, Firefox ESR 115.31, Fire
6.5MEDIUM
 CVE-2025-14330
< 146.0
JIT miscompilation in the JavaScript Engine: JIT component. This vulnerability was fixed in Firefox 146, Firefox ESR 140.6, Thunde
9.8CRITICAL
 CVE-2025-14329
< 146.0
Privilege escalation in the Netmonitor component. This vulnerability was fixed in Firefox 146, Firefox ESR 140.6, Thunderbird 146,
8.8HIGH
 CVE-2025-14328
< 146.0
Privilege escalation in the Netmonitor component. This vulnerability was fixed in Firefox 146, Firefox ESR 140.6, Thunderbird 146,
8.8HIGH
 CVE-2025-14327
< 146.0
Spoofing issue in the Downloads Panel component. This vulnerability was fixed in Firefox 146, Thunderbird 146, Firefox ESR 140.7,
7.5HIGH
 CVE-2025-14326
< 146.0
Use-after-free in the Audio/Video: GMP component. This vulnerability was fixed in Firefox 146 and Thunderbird 146.
9.8CRITICAL
 CVE-2025-14325
< 146.0
JIT miscompilation in the JavaScript Engine: JIT component. This vulnerability was fixed in Firefox 146, Firefox ESR 140.6, Thunde
7.3HIGH
 CVE-2025-14324
< 146.0
JIT miscompilation in the JavaScript Engine: JIT component. This vulnerability was fixed in Firefox 146, Firefox ESR 115.31, Firef
9.8CRITICAL
 CVE-2025-14323
< 146.0
Privilege escalation in the DOM: Notifications component. This vulnerability was fixed in Firefox 146, Firefox ESR 115.31, Firefox
8.8HIGH
 CVE-2025-14322
< 146.0
Sandbox escape due to incorrect boundary conditions in the Graphics: CanvasWebGL component. This vulnerability was fixed in Firefo
8.0HIGH
 CVE-2025-14321
< 146.0
Use-after-free in the WebRTC: Signaling component. This vulnerability was fixed in Firefox 146, Firefox ESR 140.6, Thunderbird 146
9.8CRITICAL
 CVE-2025-11721
>= 143.0 and < 144.0
Memory safety bug present in Firefox 143 and Thunderbird 143. This bug showed evidence of memory corruption and we presume that wi
9.8CRITICAL
 CVE-2025-11719
>= 143.0 and < 144.0
Starting in Thunderbird 143, the use of the native messaging API by web extensions on Windows could lead to crashes caused by use-
9.8CRITICAL
 CVE-2025-11716
< 144.0
Links in a sandboxed iframe could open an external app on Android without the required "allow-" permission. This vulnerability was
6.5MEDIUM
 CVE-2025-11715
< 144.0
Memory safety bugs present in Firefox ESR 140.3, Thunderbird ESR 140.3, Firefox 143 and Thunderbird 143. Some of these bugs showed
8.8HIGH
 CVE-2025-11714
< 140.4.0
Memory safety bugs present in Firefox ESR 115.28, Firefox ESR 140.3, Thunderbird ESR 140.3, Firefox 143 and Thunderbird 143. Some
8.8HIGH
 CVE-2025-11713
< 140.4.0
Insufficient escaping in the “Copy as cURL” feature could have been used to trick a user into executing unexpected code on Win
8.1HIGH
 CVE-2025-11712
< 140.4.0
A malicious page could have used the type attribute of an OBJECT tag to override the default browser behavior when encountering a
6.1MEDIUM
 CVE-2025-11711
< 140.4.0
There was a way to change the value of JavaScript Object properties that were supposed to be non-writeable. This vulnerability was
6.5MEDIUM
 CVE-2025-11710
< 140.4.0
A compromised web process using malicious IPC messages could have caused the privileged browser process to reveal blocks of its me
9.8CRITICAL
 CVE-2025-11709
< 144.0
A compromised web process was able to trigger out of bounds reads and writes in a more privileged process using manipulated WebGL
9.8CRITICAL
 CVE-2025-11708
< 140.4.0
Use-after-free in MediaTrackGraphImpl::GetInstance(). This vulnerability was fixed in Firefox 144, Firefox ESR 140.4, Thunderbird
9.8CRITICAL
 CVE-2025-10537
< 143.0
Memory safety bugs present in Firefox ESR 140.2, Thunderbird ESR 140.2, Firefox 142 and Thunderbird 142. Some of these bugs showed
8.8HIGH
 CVE-2025-10536
< 140.3.0
Information disclosure in the Networking: Cache component. This vulnerability was fixed in Firefox 143, Firefox ESR 140.3, Thunder
6.2MEDIUM
 CVE-2025-10534
< 143.0
Spoofing issue in the Site Permissions component. This vulnerability was fixed in Firefox 143 and Thunderbird 143.
8.1HIGH
 CVE-2025-10533
< 140.3.0
Integer overflow in the SVG component. This vulnerability was fixed in Firefox 143, Firefox ESR 115.28, Firefox ESR 140.3, Thunder
8.8HIGH
 CVE-2025-10532
< 140.3.0
Incorrect boundary conditions in the JavaScript: GC component. This vulnerability was fixed in Firefox 143, Firefox ESR 140.3, Thu
6.5MEDIUM
 CVE-2025-10531
< 143.0
Mitigation bypass in the Web Compatibility: Tooling component. This vulnerability was fixed in Firefox 143 and Thunderbird 143.
5.4MEDIUM
 CVE-2025-10530
< 143.0
Spoofing issue in the WebAuthn component in Firefox for Android. This vulnerability was fixed in Firefox 143 and Thunderbird 143.
6.5MEDIUM
 CVE-2025-10529
< 143.0
Same-origin policy bypass in the Layout component. This vulnerability was fixed in Firefox 143, Firefox ESR 140.3, Thunderbird 143
6.5MEDIUM
 CVE-2025-10528
< 140.3.0
Sandbox escape due to undefined behavior, invalid pointer in the Graphics: Canvas2D component. This vulnerability was fixed in Fir
7.3HIGH
 CVE-2025-10527
< 140.3.0
Sandbox escape due to use-after-free in the Graphics: Canvas2D component. This vulnerability was fixed in Firefox 143, Firefox ESR
7.1HIGH
 CVE-2025-9187
< 142.0
Memory safety bugs present in Firefox 141 and Thunderbird 141. Some of these bugs showed evidence of memory corruption and we pres
9.8CRITICAL
 CVE-2025-9185
< 142.0
Memory safety bugs present in Firefox ESR 115.26, Firefox ESR 128.13, Thunderbird ESR 128.13, Firefox ESR 140.1, Thunderbird ESR 1
8.1HIGH
 CVE-2025-9184
< 142.0
Memory safety bugs present in Firefox ESR 140.1, Thunderbird ESR 140.1, Firefox 141 and Thunderbird 141. Some of these bugs showed
8.1HIGH
 CVE-2025-9182
< 142.0
Denial-of-service due to out-of-memory in the Graphics: WebRender component. This vulnerability was fixed in Firefox 142, Firefox
7.5HIGH
 CVE-2025-9181
< 142.0
Uninitialized memory in the JavaScript Engine component. This vulnerability was fixed in Firefox 142, Firefox ESR 128.14, Firefox
6.5MEDIUM
 CVE-2025-9180
< 142.0
Same-origin policy bypass in the Graphics: Canvas2D component. This vulnerability was fixed in Firefox 142, Firefox ESR 115.27, Fi
8.1HIGH
 CVE-2025-9179
< 142.0
An attacker was able to perform memory corruption in the GMP process which processes encrypted media. This process is also heavily
9.8CRITICAL
 CVE-2025-8044
< 141.0
Memory safety bugs present in Firefox 140 and Thunderbird 140. Some of these bugs showed evidence of memory corruption and we pres
9.8CRITICAL
 CVE-2025-8043
< 141.0
Focus incorrectly truncated URLs towards the beginning instead of around the origin. This vulnerability was fixed in Firefox 141.
9.8CRITICAL
 CVE-2025-8040
< 141.0
Memory safety bugs present in Firefox ESR 140.0, Thunderbird ESR 140.0, Firefox 140 and Thunderbird 140. Some of these bugs showed
8.8HIGH
 CVE-2025-8039
< 141.0
In some cases search terms persisted in the URL bar even after navigating away from the search page. This vulnerability was fixed
8.1HIGH
 CVE-2025-8038
< 141.0
Thunderbird ignored paths when checking the validity of navigations in a frame. This vulnerability was fixed in Firefox 141, Firef
9.8CRITICAL
 CVE-2025-8037
< 141.0
Setting a nameless cookie with an equals sign in the value shadowed other cookies. Even if the nameless cookie was set over HTTP a
9.1CRITICAL
 CVE-2025-8036
< 141.0
Thunderbird cached CORS preflight responses across IP address changes. This allowed circumventing CORS with DNS rebinding. This vu
8.1HIGH
 CVE-2025-8035
< 141.0
Memory safety bugs present in Firefox ESR 128.12, Thunderbird ESR 128.12, Firefox ESR 140.0, Thunderbird ESR 140.0, Firefox 140 an
8.8HIGH
 CVE-2025-8034
< 141.0
Memory safety bugs present in Firefox ESR 115.25, Firefox ESR 128.12, Thunderbird ESR 128.12, Firefox ESR 140.0, Thunderbird ESR 1
8.8HIGH
 CVE-2025-8033
< 141.0
The JavaScript engine did not handle closed generators correctly and it was possible to resume them leading to a nullptr deref. Th
6.5MEDIUM
 CVE-2025-8032
< 141.0
XSLT document loading did not correctly propagate the source document which bypassed its CSP. This vulnerability was fixed in Fire
8.1HIGH
 CVE-2025-8031
< 141.0
The username:password part was not correctly stripped from URLs in CSP reports potentially leaking HTTP Basic Authentication cre
9.8CRITICAL
 CVE-2025-8030
< 141.0
Insufficient escaping in the “Copy as cURL” feature could potentially be used to trick a user into executing unexpected code.
8.1HIGH
 CVE-2025-8029
< 141.0
Thunderbird executed javascript: URLs when used in object and embed tags. This vulnerability was fixed in Firefox 141, Firef
8.1HIGH
 CVE-2025-8028
< 141.0
On arm64, a WASM br_table instruction with a lot of entries could lead to the label being too far from the instruction causing t
9.8CRITICAL
 CVE-2025-8027
< 141.0
On 64-bit platforms IonMonkey-JIT only wrote 32 bits of the 64-bit return value space on the stack. Baseline-JIT, however, read th
6.5MEDIUM
 CVE-2025-6436
< 140.0
Memory safety bugs present in Firefox 139 and Thunderbird 139. Some of these bugs showed evidence of memory corruption and we pres
8.1HIGH
 CVE-2025-6435
< 140.0
If a user saved a response from the Network tab in Devtools using the Save As context menu option, that file may not have been sav
8.1HIGH
 CVE-2025-5986
< 128.11.1
A crafted HTML email using mailbox:/// links can trigger automatic, unsolicited downloads of .pdf files to the user's desktop or h
6.5MEDIUM
 CVE-2025-5272
< 139.0
Memory safety bugs present in Firefox 138 and Thunderbird 138. Some of these bugs showed evidence of memory corruption and we pres
7.3HIGH
 CVE-2025-5269
< 128.11.0
Memory safety bug present in Firefox ESR 128.10, and Thunderbird 128.10. This bug showed evidence of memory corruption and we pres
8.1HIGH
 CVE-2025-5268
< 128.11.0
Memory safety bugs present in Firefox 138, Thunderbird 138, Firefox ESR 128.10, and Thunderbird 128.10. Some of these bugs showed
8.1HIGH
 CVE-2025-5262
< 139.0
A double-free could have occurred in vpx_codec_enc_init_multi after a failed allocation when initializing the encoder for WebRTC
7.5HIGH
 CVE-2025-4919
< 128.10.2
An attacker was able to perform an out-of-bounds read or write on a JavaScript object by confusing array index sizes. This vulnera
8.8HIGH
 CVE-2025-4918
< 128.10.2
An attacker was able to perform an out-of-bounds read or write on a JavaScript Promise object. This vulnerability was fixed in F
9.8CRITICAL
 CVE-2025-3932
< 128.10.1
It was possible to craft an email that showed a tracking link as an attachment. If the user attempted to open the attachment, Thun
6.5MEDIUM
 CVE-2025-3909
< 128.10.1
Thunderbird's handling of the X-Mozilla-External-Attachment-URL header can be exploited to execute JavaScript in the file:/// cont
8.1HIGH
 CVE-2025-3875
< 128.10.0
Thunderbird parses addresses in a way that can allow sender spoofing in case the server allows an invalid From address to be used.
7.5HIGH
 CVE-2025-4093
< 128.10.0
Memory safety bug present in Firefox ESR 128.9, and Thunderbird 128.9. This bug showed evidence of memory corruption and we presum
8.1HIGH
 CVE-2025-4092
< 138.0
Memory safety bugs present in Firefox 137 and Thunderbird 137. Some of these bugs showed evidence of memory corruption and we pres
6.5MEDIUM
 CVE-2025-4091
< 138.0
Memory safety bugs present in Firefox 137, Thunderbird 137, Firefox ESR 128.9, and Thunderbird 128.9. Some of these bugs showed ev
8.1HIGH
 CVE-2025-4090
< 138.0
A vulnerability existed in Thunderbird for Android where potentially sensitive library locations were logged via Logcat. This vuln
5.3MEDIUM
 CVE-2025-4089
< 138.0
Due to insufficient escaping of special characters in the "copy as cURL" feature, an attacker could trick a user into using this c
5.1MEDIUM
 CVE-2025-4088
< 138.0
A security vulnerability in Thunderbird allowed malicious sites to use redirects to send credentialed requests to arbitrary endpoi
6.5MEDIUM
 CVE-2025-4087
< 138.0
A vulnerability was identified in Thunderbird where XPath parsing could trigger undefined behavior due to missing null checks duri
4.8MEDIUM
 CVE-2025-4086
< 138.0
A specially crafted filename containing a large number of encoded newline characters could obscure the file's extension when displ
6.5MEDIUM
 CVE-2025-4085
< 138.0
An attacker with control over a content process could potentially leverage the privileged UITour actor to leak sensitive informati
7.1HIGH
 CVE-2025-4084
< 128.10.0
Due to insufficient escaping of the special characters in the "copy as cURL" feature, an attacker could trick a user into using th
5.7MEDIUM
 CVE-2025-4083
< 138.0
A process isolation vulnerability in Thunderbird stemmed from improper handling of javascript: URIs, which could allow content to
9.1CRITICAL
 CVE-2025-4082
< 138.0
Modification of specific WebGL shader attributes could trigger an out-of-bounds read, which, when chained with other vulnerabiliti
5.9MEDIUM
 CVE-2025-2817
< 128.10.0
Thunderbird's update mechanism allowed a medium-integrity user process to interfere with the SYSTEM-level updater by manipulating
8.8HIGH
 CVE-2025-3523
< 128.9.2
When an email contains multiple attachments with external links via the X-Mozilla-External-Attachment-URL header, only the last li
6.4MEDIUM
 CVE-2025-3522
< 128.9.2
Thunderbird processes the X-Mozilla-External-Attachment-URL header to handle attachments which can be hosted externally. When an e
6.3MEDIUM
 CVE-2025-2830
< 128.9.2
By crafting a malformed file name for an attachment in a multipart message, an attacker can trick Thunderbird into including a dir
6.3MEDIUM
 CVE-2025-3034
< 137.0
Memory safety bugs present in Firefox 136 and Thunderbird 136. Some of these bugs showed evidence of memory corruption and we pres
8.1HIGH
 CVE-2025-3033
< 137.0
After selecting a malicious Windows .url shortcut from the local filesystem, an unexpected file could be uploaded. *This bug o
7.7HIGH
 CVE-2025-3032
< 137.0
Leaking of file descriptors from the fork server to web content processes could allow for privilege escalation attacks. This vulne
7.4HIGH
 CVE-2025-3031
< 137.0
An attacker could read 32 bits of values spilled onto the stack in a JIT compiled function. This vulnerability was fixed in Firefo
6.5MEDIUM
 CVE-2025-3030
< 128.8.0
Memory safety bugs present in Firefox 136, Thunderbird 136, Firefox ESR 128.8, and Thunderbird 128.8. Some of these bugs showed ev
8.1HIGH
 CVE-2025-3029
< 128.9.0
A crafted URL containing specific Unicode characters could have hidden the true origin of the page, resulting in a potential spoof
7.3HIGH
 CVE-2025-3028
< 128.9.0
JavaScript code running while transforming a document with the XSLTProcessor could lead to a use-after-free. This vulnerability wa
6.5MEDIUM
 CVE-2025-26696
< 128.8.0
Certain crafted MIME email messages that claimed to contain an encrypted OpenPGP message, which instead contained an OpenPGP signe
7.0HIGH
 CVE-2025-26695
< 128.8.0
When requesting an OpenPGP key from a WKD server, an incorrect padding size was used and a network observer could have learned the
5.3MEDIUM
 CVE-2025-1943
< 136.0
Memory safety bugs present in Firefox 135 and Thunderbird 135. Some of these bugs showed evidence of memory corruption and we pres
8.2HIGH
 CVE-2025-1942
< 136.0
When String.toUpperCase() caused a string to get longer it was possible for uninitialized memory to be incorporated into the resul
9.8CRITICAL
 CVE-2025-1938
< 128.7.0
Memory safety bugs present in Firefox 135, Thunderbird 135, Firefox ESR 128.7, and Thunderbird 128.7. Some of these bugs showed ev
6.5MEDIUM
 CVE-2025-1937
< 128.8.0
Memory safety bugs present in Firefox 135, Thunderbird 135, Firefox ESR 115.20, Firefox ESR 128.7, and Thunderbird 128.7. Some of
7.5HIGH
 CVE-2025-1936
< 128.8.0
jar: URLs retrieve local file content packaged in a ZIP archive. The null and everything after it was ignored when retrieving the
7.3HIGH
 CVE-2025-1935
< 128.8.0
A web page could trick a user into setting that site as the default handler for a custom URL protocol. This vulnerability was fixe
4.3MEDIUM
 CVE-2025-1934
< 128.8.0
It was possible to interrupt the processing of a RegExp bailout and run additional JavaScript, potentially triggering garbage coll
6.5MEDIUM
 CVE-2025-1933
< 128.8
On 64-bit CPUs, when the JIT compiles WASM i32 return values they can pick up bits from left over memory. This can potentially cau
7.6HIGH
 CVE-2025-1932
>= ] and < 128.8.0
An inconsistent comparator in xslt/txNodeSorter could have resulted in potentially exploitable out-of-bounds access. Only affected
8.1HIGH
 CVE-2025-1931
< 128.8.0
It was possible to cause a use-after-free in the content process side of a WebTransport connection, leading to a potentially explo
7.5HIGH
 CVE-2025-1930
< 128.8
On Windows, a compromised content process could use bad StreamData sent over AudioIPC to trigger a use-after-free in the Browser p
8.8HIGH
 CVE-2025-1020
>= 131.0 and < 135.0
Memory safety bugs present in Firefox 134 and Thunderbird 134. Some of these bugs showed evidence of memory corruption and we pres
9.8CRITICAL
 CVE-2025-1019
>= 131.0 and < 135.0
The z-order of the browser windows could be manipulated to hide the fullscreen notification. This could potentially be leveraged t
4.3MEDIUM
 CVE-2025-1018
>= 131.0 and < 135.0
The fullscreen notification is prematurely hidden when fullscreen is re-requested quickly by the user. This could have been levera
5.3MEDIUM
 CVE-2025-1017
>= 131.0 and < 135.0
Memory safety bugs present in Firefox 134, Thunderbird 134, Firefox ESR 128.6, and Thunderbird 128.6. Some of these bugs showed ev
9.8CRITICAL
 CVE-2025-1016
>= 131.0 and < 135.0
Memory safety bugs present in Firefox 134, Thunderbird 134, Firefox ESR 115.19, Firefox ESR 128.6, Thunderbird 115.19, and Thunder
9.8CRITICAL
 CVE-2025-1015
>= 128.0.1 and < 128.7.0
The Thunderbird Address Book URI fields contained unsanitized links. This could be used by an attacker to create and export an add
5.4MEDIUM
 CVE-2025-1014
>= 131.0 and < 135.0
Certificate length was not properly checked when added to a certificate store. In practice only trusted data was processed. This v
8.8HIGH
 CVE-2025-1013
< 128.7.0
A race condition could have led to private browsing tabs being opened in normal browsing windows. This could have resulted in a po
6.5MEDIUM
 CVE-2025-1012
< 135.0
A race during concurrent delazification could have led to a use-after-free. This vulnerability was fixed in Firefox 135, Firefox E
7.5HIGH
 CVE-2025-1011
< 135.0
A bug in WebAssembly code generation could have lead to a crash. It may have been possible for an attacker to leverage this to ach
8.8HIGH
 CVE-2025-1010
>= 131.0 and < 135.0
An attacker could have caused a use-after-free via the Custom Highlight API, leading to a potentially exploitable crash. This vuln
8.8HIGH
 CVE-2025-1009
>= 131.0 and < 135.0
An attacker could have caused a use-after-free via crafted XSLT data, leading to a potentially exploitable crash. This vulnerabili
9.8CRITICAL
 CVE-2025-0510
>= 131.0 and < 135.0
Thunderbird displayed an incorrect sender address if the From field of an email used the invalid group name syntax that is describ
6.5MEDIUM
 CVE-2025-0247
< 134.0
Memory safety bugs present in Firefox 133 and Thunderbird 133. Some of these bugs showed evidence of memory corruption and we pres
9.8CRITICAL
 CVE-2025-0243
< 128.6.0
Memory safety bugs present in Firefox 133, Thunderbird 133, Firefox ESR 128.5, and Thunderbird 128.5. Some of these bugs showed ev
5.1MEDIUM
 CVE-2025-0242
< 128.6.0
Memory safety bugs present in Firefox 133, Thunderbird 133, Firefox ESR 115.18, Firefox ESR 128.5, Thunderbird 115.18, and Thunder
6.5MEDIUM
 CVE-2025-0241
< 128.6.0
When segmenting specially crafted text, segmentation would corrupt memory leading to a potentially exploitable crash. This vulnera
7.7HIGH
 CVE-2025-0240
< 128.6.0
Parsing a JavaScript module as JSON could, under some circumstances, cause cross-compartment access, which may result in a use-aft
4.0MEDIUM
 CVE-2025-0239
< 128.6.0
When using Alt-Svc, ALPN did not properly validate certificates when the original server is redirecting to an insecure site. This
4.0MEDIUM
 CVE-2025-0238
< 128.6
Assuming a controlled failed memory allocation, an attacker could have caused a use-after-free, leading to a potentially exploitab
5.3MEDIUM
 CVE-2025-0237
< 128.6.0
The WebChannel API, which is used to transport various information across processes, did not check the sending principal but rathe
5.4MEDIUM
 CVE-2024-11708
< 133.0
Missing thread synchronization primitives could have led to a data race on members of the PlaybackParams structure. This vulnerabi
6.5MEDIUM
 CVE-2024-11706
< 133.0
A null pointer dereference may have inadvertently occurred in pk12util, and specifically in the SEC_ASN1DecodeItem_Util functi
6.5MEDIUM
 CVE-2024-11705
< 133.0
NSC_DeriveKey inadvertently assumed that the phKey parameter is always non-NULL. When it was passed as NULL, a segmentation fa
9.1CRITICAL
 CVE-2024-11704
< 128.7.0
A double-free issue could have occurred in sec_pkcs7_decoder_start_decrypt() when handling an error path. Under specific conditi
9.8CRITICAL
 CVE-2024-11702
< 133.0
Copying sensitive information from Private Browsing tabs on Android, such as passwords, may have inadvertently stored data in the
7.5HIGH
 CVE-2024-11701
< 133.0
The incorrect domain may have been displayed in the address bar during an interrupted navigation attempt. This could have led to u
4.3MEDIUM
 CVE-2024-11700
< 133.0
Malicious websites may have been able to perform user intent confirmation through tapjacking. This could have led to users unknowi
8.1HIGH
 CVE-2024-11699
< 128.5
Memory safety bugs present in Firefox 132, Firefox ESR 128.4, and Thunderbird 128.4. Some of these bugs showed evidence of memory
8.8HIGH
 CVE-2024-11698
< 128.5.0
A flaw in handling fullscreen transitions may have inadvertently caused the application to become stuck in fullscreen mode when a
9.8CRITICAL
 CVE-2024-11697
< 128.5.0
When handling keypress events, an attacker may have been able to trick a user into bypassing the "Open Executable File?" confirmat
8.8HIGH
 CVE-2024-11696
< 128.5.0
The application failed to account for exceptions thrown by the loadManifestFromFile method during add-on signature verification.
5.4MEDIUM
 CVE-2024-11695
< 128.5.0
A crafted URL containing Arabic script and whitespace characters could have hidden the true origin of the page, resulting in a pot
5.4MEDIUM
 CVE-2024-11694
< 115.18.0
Enhanced Tracking Protection's Strict mode may have inadvertently allowed a CSP frame-src bypass and DOM-based XSS through the G
6.1MEDIUM
 CVE-2024-11693
< 128.5.0
The executable file warning was not presented when downloading .library-ms files. *Note: This issue only affected Windows operat
9.8CRITICAL
 CVE-2024-11692
< 128.5
An attacker could cause a select dropdown to be shown over another tab; this could have led to user confusion and possible spoofin
4.3MEDIUM
 CVE-2024-11691
< 115.18.0
Certain WebGL operations on Apple silicon M series devices could have lead to an out-of-bounds write and memory corruption due to
8.8HIGH
 CVE-2024-11159
< 128.4.3
Using remote content in OpenPGP encrypted messages can lead to the disclosure of plaintext. This vulnerability affects Thunderbird
4.3MEDIUM
 CVE-2024-10468
< 132.0
Potential race conditions in IndexedDB could have caused memory corruption, leading to a potentially exploitable crash. This vulne
5.3MEDIUM
 CVE-2024-10467
< 128.4.0
Memory safety bugs present in Firefox 131, Firefox ESR 128.3, and Thunderbird 128.3. Some of these bugs showed evidence of memory
8.8HIGH
 CVE-2024-10466
< 128.4.0
By sending a specially crafted push message, a remote server could have hung the parent process, causing the browser to become unr
7.5HIGH
 CVE-2024-10465
< 128.4.0
A clipboard "paste" button could persist across tabs which allowed a spoofing attack. This vulnerability affects Firefox < 132, Fi
6.5MEDIUM
 CVE-2024-10464
< 128.4.0
Repeated writes to history interface attributes could have been used to cause a Denial of Service condition in the browser. This w
6.5MEDIUM
 CVE-2024-10463
< 128.4.0
Video frames could have been leaked between origins in some situations. This vulnerability affects Firefox < 132, Firefox ESR < 12
6.5MEDIUM
 CVE-2024-10462
< 128.4.0
Truncation of a long URL could have allowed origin spoofing in a permission prompt. This vulnerability affects Firefox < 132, Fire
6.5MEDIUM
 CVE-2024-10461
< 128.4.0
In multipart/x-mixed-replace responses, Content-Disposition: attachment in the response header was not respected and did not for
6.1MEDIUM
 CVE-2024-10460
< 128.4
The origin of an external protocol handler prompt could have been obscured using a data: URL within an iframe. This vulnerabilit
5.3MEDIUM
 CVE-2024-10459
< 128.4.0
An attacker could have caused a use-after-free when accessibility was enabled, leading to a potentially exploitable crash. This vu
7.5HIGH
 CVE-2024-10458
< 128.4.0
A permission leak could have occurred from a trusted site to an untrusted site via embed or object elements. This vulnerabilit
7.5HIGH
 CVE-2024-9680
< 115.16.0
An attacker was able to achieve code execution in the content process by exploiting a use-after-free in Animation timelines. We ha
9.8CRITICAL
 CVE-2024-9403
< 131.0
Memory safety bugs present in Firefox 130. Some of these bugs showed evidence of memory corruption and we presume that with enough
7.3HIGH
 CVE-2024-9402
< 128.3.0
Memory safety bugs present in Firefox 130, Firefox ESR 128.2, and Thunderbird 128.2. Some of these bugs showed evidence of memory
9.8CRITICAL
 CVE-2024-9401
< 128.3.0
Memory safety bugs present in Firefox 130, Firefox ESR 115.15, Firefox ESR 128.2, and Thunderbird 128.2. Some of these bugs showed
9.8CRITICAL
 CVE-2024-9400
< 128.3.0
A potential memory corruption vulnerability could be triggered if an attacker had the ability to trigger an OOM at a specific mome
8.8HIGH
 CVE-2024-9399
< 128.3.0
A website configured to initiate a specially crafted WebTransport session could crash the Firefox process leading to a denial of s
7.5HIGH
 CVE-2024-9398
< 128.3
By checking the result of calls to window.open with specifically set protocol handlers, an attacker could determine if the appli
5.3MEDIUM
 CVE-2024-9397
< 128.3
A missing delay in directory upload UI could have made it possible for an attacker to trick a user into granting permission via cl
6.1MEDIUM
 CVE-2024-9396
< 128.3.0
It is currently unknown if this issue is exploitable but a condition may arise where the structured clone of certain objects could
8.8HIGH
 CVE-2024-9394
< 128.3
An attacker could, via a specially crafted multipart response, execute arbitrary JavaScript under the resource://devtools origin
7.5HIGH
 CVE-2024-9393
< 128.3
An attacker could, via a specially crafted multipart response, execute arbitrary JavaScript under the resource://pdf.js origin.
7.5HIGH
 CVE-2024-9392
< 128.3.0
A compromised content process could have allowed for the arbitrary loading of cross-origin pages. This vulnerability affects Firef
9.8CRITICAL
 CVE-2024-7652
< 115.13.0
An error in the ECMA-262 specification relating to Async Generators could have resulted in a type confusion, potentially leading t
7.5HIGH
 CVE-2024-8394
< 128.2.0
When aborting the verification of an OTR chat session, an attacker could have caused a use-after-free bug leading to a potentially
6.5MEDIUM
 CVE-2024-8387
all versions
Memory safety bugs present in Firefox 129, Firefox ESR 128.1, and Thunderbird 128.1. Some of these bugs showed evidence of memory
9.8CRITICAL
 CVE-2024-7529
< 115.14.0
The date picker could partially obscure security prompts. This could be used by a malicious site to trick a user into granting per
6.5MEDIUM
 CVE-2024-7528
< 128.1.0
Incorrect garbage collection interaction in IndexedDB could have led to a use-after-free. This vulnerability affects Firefox < 129
8.8HIGH
 CVE-2024-7527
< 115.14.0
Unexpected marking work at the start of sweeping could have led to a use-after-free. This vulnerability affects Firefox < 129, Fir
8.8HIGH
 CVE-2024-7526
< 115.14.0
ANGLE failed to initialize parameters which lead to reading from uninitialized memory. This could be leveraged to leak sensitive d
6.5MEDIUM
 CVE-2024-7525
< 115.14.0
It was possible for a web extension with minimal permissions to create a StreamFilter which could be used to read and modify the
8.1HIGH
 CVE-2024-7522
< 115.14.0
Editor code failed to check an attribute value. This could have led to an out-of-bounds read. This vulnerability affects Firefox <
8.8HIGH
 CVE-2024-7521
< 115.14.0
Incomplete WebAssembly exception handing could have led to a use-after-free. This vulnerability affects Firefox < 129, Firefox ESR
8.8HIGH
 CVE-2024-7520
< 128.1.0
A type confusion bug in WebAssembly could be leveraged by an attacker to potentially achieve code execution. This vulnerability af
8.8HIGH
 CVE-2024-7519
< 115.14.0
Insufficient checks when processing graphics shared memory could have led to memory corruption. This could be leveraged by an atta
9.6CRITICAL
 CVE-2024-7518
< 128.1
Select options could obscure the fullscreen notification dialog. This could be used by a malicious site to perform a spoofing atta
6.5MEDIUM
 CVE-2024-6615
< 128.0
Memory safety bugs present in Firefox 127 and Thunderbird 127. Some of these bugs showed evidence of memory corruption and we pres
8.8HIGH
 CVE-2024-6614
< 128.0
The frame iterator could get stuck in a loop when encountering certain wasm frames leading to incorrect stack traces. This vulnera
4.3MEDIUM
 CVE-2024-6613
< 128.0
The frame iterator could get stuck in a loop when encountering certain wasm frames leading to incorrect stack traces. This vulnera
5.5MEDIUM
 CVE-2024-6612
< 128.0
CSP violations generated links in the console tab of the developer tools, pointing to the violating resource. This caused a DNS pr
5.3MEDIUM
 CVE-2024-6611
< 128.0
A nested iframe, triggering a cross-site navigation, could send SameSite=Strict or Lax cookies. This vulnerability affects Firefox
9.8CRITICAL
 CVE-2024-6610
< 128.0
Form validation popups could capture escape key presses. Therefore, spamming form validation messages could be used to prevent use
4.3MEDIUM
 CVE-2024-6609
< 128.0
When almost out-of-memory an elliptic curve key which was never allocated could have been freed again. This vulnerability affects
8.8HIGH
 CVE-2024-6608
< 128.0
It was possible to move the cursor using pointerlock from an iframe. This allowed moving the cursor outside of the viewport and th
4.3MEDIUM
 CVE-2024-6607
< 128.0
It was possible to prevent a user from exiting pointerlock when pressing escape and to overlay customValidity notifications from a
8.8HIGH
 CVE-2024-6606
< 128.0
Clipboard code failed to check the index on an array access. This could have led to an out-of-bounds read. This vulnerability affe
8.2HIGH
 CVE-2024-6604
< 115.13
Memory safety bugs present in Firefox 127, Firefox ESR 115.12, and Thunderbird 115.12. Some of these bugs showed evidence of memor
7.5HIGH
 CVE-2024-6603
< 115.13
In an out-of-memory scenario an allocation could fail but free would have been called on the pointer afterwards leading to memory
7.4HIGH
 CVE-2024-6602
< 115.13
A mismatch between allocator and deallocator could have led to memory corruption. This vulnerability affects Firefox < 128, Firefo
9.8CRITICAL
 CVE-2024-6601
< 128.0
A race condition could lead to a cross-origin container obtaining permissions of the top-level origin. This vulnerability affects
4.7MEDIUM
 CVE-2024-6600
< 115.13
Due to large allocation checks in Angle for GLSL shaders being too lenient an out-of-bounds access could occur when allocating mor
6.3MEDIUM
 CVE-2024-5702
< 115.12
Memory corruption in the networking stack could have led to a potentially exploitable crash. This vulnerability affects Firefox <
7.5HIGH
 CVE-2024-5700
< 115.12
Memory safety bugs present in Firefox 126, Firefox ESR 115.11, and Thunderbird 115.11. Some of these bugs showed evidence of memor
7.0HIGH
 CVE-2024-5696
< 115.12
By manipulating the text in an &lt;input&gt; tag, an attacker could have caused corrupt memory leading to a potentially exploita
8.6HIGH
 CVE-2024-5693
< 115.12
Offscreen Canvas did not properly track cross-origin tainting, which could be used to access image data from another site in viola
6.1MEDIUM
 CVE-2024-5692
< 115.12
On Windows 10, when using the 'Save As' functionality, an attacker could have tricked the browser into saving the file with a disa
6.5MEDIUM
 CVE-2024-5691
< 115.12
By tricking the browser with a X-Frame-Options header, a sandboxed iframe could have presented a button that, if clicked by a us
4.7MEDIUM
 CVE-2024-5690
< 115.12
By monitoring the time certain operations take, an attacker could have guessed which external protocol handlers were functional on
4.3MEDIUM
 CVE-2024-5688
< 115.12
If a garbage collection was triggered at the right time, a use-after-free could have occurred during object transplant. This vulne
8.1HIGH
 CVE-2024-4777
< 115.11.0
Memory safety bugs present in Firefox 125, Firefox ESR 115.10, and Thunderbird 115.10. Some of these bugs showed evidence of memor
8.8HIGH
 CVE-2024-4770
< 115.11.0
When saving a page to PDF, certain font styles could have led to a potential use-after-free crash. This vulnerability affects Fire
8.8HIGH
 CVE-2024-4769
< 115.11.0
When importing resources using Web Workers, error messages would distinguish the difference between application/javascript respo
5.9MEDIUM
 CVE-2024-4768
< 115.11.0
A bug in popup notifications' interaction with WebAuthn made it easier for an attacker to trick a user into granting permissions.
6.1MEDIUM
 CVE-2024-4767
< 115.11.0
If the browser.privatebrowsing.autostart preference is enabled, IndexedDB files were not properly deleted when the window was cl
4.3MEDIUM
 CVE-2024-4367
< 115.11.0
A type check was missing when handling fonts in PDF.js, which would allow arbitrary JavaScript execution in the PDF.js context. Th
8.8HIGH
 CVE-2024-3864
< 115.10.0
Memory safety bug present in Firefox 124, Firefox ESR 115.9, and Thunderbird 115.9. This bug showed evidence of memory corruption
8.1HIGH
 CVE-2024-3863
< 115.10
The executable file warning was not presented when downloading .xrm-ms files. *Note: This issue only affected Windows operating
9.8CRITICAL
 CVE-2024-3861
< 115.0
If an AlignedBuffer were assigned to itself, the subsequent self-move could result in an incorrect reference count and later use-a
4.0MEDIUM
 CVE-2024-3859
< 115.10
On 32-bit versions there were integer-overflows that led to an out-of-bounds-read that potentially could be triggered by a malform
5.9MEDIUM
 CVE-2024-3857
< 115.10
The JIT created incorrect code for arguments in certain cases. This led to potential use-after-free crashes during garbage collect
7.8HIGH
 CVE-2024-3854
< 115.10
In some code patterns the JIT incorrectly optimized switch statements and generated code with out-of-bounds-reads. This vulnerabil
8.8HIGH
 CVE-2024-3852
< 115.10
GetBoundName could return the wrong version of an object when JIT optimizations were applied. This vulnerability affects Firefox <
7.5HIGH
 CVE-2024-3302
<= 115.10
There was no limit to the number of HTTP/2 CONTINUATION frames that would be processed. A server could abuse this to create an Out
3.7LOW
 CVE-2024-2616
< 115.9.0
To harden ICU against exploitation, the behavior for out-of-memory conditions was changed to crash instead of attempt to continue.
2.7LOW
 CVE-2024-2614
< 115.8.0
Memory safety bugs present in Firefox 123, Firefox ESR 115.8, and Thunderbird 115.8. Some of these bugs showed evidence of memory
8.8HIGH
 CVE-2024-2612
< 115.9
If an attacker could find a way to trigger a particular code path in SafeRefPtr, it could have triggered a crash or potentially
8.1HIGH
 CVE-2024-2611
< 115.9.0
A missing delay on when pointer lock was used could have allowed a malicious page to trick a user into granting permissions. This
5.5MEDIUM
 CVE-2024-2610
< 115.9.0
Using a markup injection an attacker could have stolen nonce values. This could have been used to bypass strict content security p
6.1MEDIUM
 CVE-2024-2609
< 115.10.0
The permission prompt input delay could expire while the window is not in focus. This makes it vulnerable to clickjacking by malic
6.1MEDIUM
 CVE-2024-2608
< 115.9.0
AppendEncodedAttributeValue(), ExtraSpaceNeededForAttrEncoding() and AppendEncodedCharacters() could have experienced integer
8.4HIGH
 CVE-2024-2607
< 115.9.0
Return registers were overwritten which could have allowed an attacker to execute arbitrary code. Note: This issue only affected
8.1HIGH
 CVE-2024-2605
< 115.9.0
An attacker could have leveraged the Windows Error Reporter to run arbitrary code on the system escaping the sandbox. Note: This
5.9MEDIUM
 CVE-2023-5388
< 115.9.0
NSS was susceptible to a timing side-channel attack when performing RSA decryption. This attack could potentially allow an attacke
6.5MEDIUM
 CVE-2024-1936
< 115.8.1
The encrypted subject of an email message could be incorrectly and permanently assigned to an arbitrary other email message in Thu
7.5HIGH
 CVE-2024-1553
< 115.8.0
Memory safety bugs present in Firefox 122, Firefox ESR 115.7, and Thunderbird 115.7. Some of these bugs showed evidence of memory
8.1HIGH
 CVE-2024-1552
< 115.8.0
Incorrect code generation could have led to unexpected numeric conversions and potential undefined behavior.Note: This issue onl
7.5HIGH
 CVE-2024-1551
< 115.8.0
Set-Cookie response headers were being incorrectly honored in multipart HTTP responses. If an attacker could control the Content-T
6.1MEDIUM
 CVE-2024-1550
< 115.8.0
A malicious website could have used a combination of exiting fullscreen mode and requestPointerLock to cause the user's mouse to
6.1MEDIUM
 CVE-2024-1549
< 115.8.0
If a website set a large custom cursor, portions of the cursor could have overlapped with the permission dialog, potentially resul
6.1MEDIUM
 CVE-2024-1548
< 115.8.0
A website could have obscured the fullscreen notification by using a dropdown select input element. This could have led to user co
4.3MEDIUM
 CVE-2024-1547
< 115.8.0
Through a series of API calls and redirects, an attacker-controlled alert dialog could have been displayed on another website (wit
6.5MEDIUM
 CVE-2024-1546
< 115.8.0
When storing and re-accessing data on a networking channel, the length of buffers may have been confused, resulting in an out-of-b
7.5HIGH
 CVE-2024-0755
< 115.7
Memory safety bugs present in Firefox 121, Firefox ESR 115.6, and Thunderbird 115.6. Some of these bugs showed evidence of memory
8.8HIGH
 CVE-2024-0753
< 115.7
In specific HSTS configurations an attacker could have bypassed HSTS on a subdomain. This vulnerability affects Firefox < 122, Fir
6.5MEDIUM
 CVE-2024-0751
< 115.7
A malicious devtools extension could have been used to escalate privileges. This vulnerability affects Firefox < 122, Firefox ESR
8.8HIGH
 CVE-2024-0750
<= 115.7
A bug in popup notifications delay calculation could have made it possible for an attacker to trick a user into granting permissio
8.8HIGH
 CVE-2024-0749
< 115.7
A phishing site could have repurposed an about: dialog to show phishing content with an incorrect origin in the address bar. Thi
4.3MEDIUM
 CVE-2024-0747
< 115.7
When a parent page loaded a child in an iframe with unsafe-inline, the parent Content Security Policy could have overridden the
6.5MEDIUM
 CVE-2024-0746
< 115.7
A Linux user opening the print preview dialog could have caused the browser to crash. This vulnerability affects Firefox < 122, Fi
6.5MEDIUM
 CVE-2024-0742
< 115.7
It was possible for certain browser prompts and dialogs to be activated or dismissed unintentionally by the user due to an incorre
4.3MEDIUM
 CVE-2024-0741
< 115.7
An out of bounds write in ANGLE could have allowed an attacker to corrupt memory leading to a potentially exploitable crash. This
6.5MEDIUM
 CVE-2023-6864
< 115.6
Memory safety bugs present in Firefox 120, Firefox ESR 115.5, and Thunderbird 115.5. Some of these bugs showed evidence of memory
8.8HIGH
 CVE-2023-6863
< 115.6
The ShutdownObserver() was susceptible to potentially undefined behavior due to its reliance on a dynamic type that lacked a vir
8.8HIGH
 CVE-2023-6862
< 115.6
A use-after-free was identified in the nsDNSService::Init. This issue appears to manifest rarely during start-up. This vulnerab
8.8HIGH
 CVE-2023-6861
< 115.6
The nsWindow::PickerOpen(void) method was susceptible to a heap buffer overflow when running in headless mode. This vulnerabilit
8.8HIGH
 CVE-2023-6860
< 115.6
The VideoBridge allowed any content process to use textures produced by remote decoders. This could be abused to escape the san
6.5MEDIUM
 CVE-2023-6859
< 115.6
A use-after-free condition affected TLS socket creation when under memory pressure. This vulnerability affects Firefox ESR < 115.6
8.8HIGH
 CVE-2023-6858
< 115.6
Firefox was susceptible to a heap buffer overflow in nsTextFragment due to insufficient OOM handling. This vulnerability affects
8.8HIGH
 CVE-2023-6857
< 115.6
When resolving a symlink, a race may occur where the buffer passed to readlink may actually be smaller than necessary. *This bu
5.3MEDIUM
 CVE-2023-6856
< 115.6
The WebGL DrawElementsInstanced method was susceptible to a heap buffer overflow when used on systems with the Mesa VM driver.
8.8HIGH
 CVE-2023-50762
< 115.6
When processing a PGP/MIME payload that contains digitally signed text, the first paragraph of the text was never shown to the use
4.3MEDIUM
 CVE-2023-50761
< 115.6
The signature of a digitally signed S/MIME email message may optionally specify the signature creation date and time. If present,
4.3MEDIUM
 CVE-2023-6212
< 115.5
Memory safety bugs present in Firefox 119, Firefox ESR 115.4, and Thunderbird 115.4. Some of these bugs showed evidence of memory
8.8HIGH
 CVE-2023-6209
< 115.5
Relative URLs starting with three slashes were incorrectly parsed, and a path-traversal "/../" part in the path could be used to o
6.5MEDIUM
 CVE-2023-6208
< 115.5
When using X11, text selected by the page using the Selection API was erroneously copied into the primary selection, a temporary s
8.8HIGH
 CVE-2023-6207
< 115.5
Ownership mismanagement led to a use-after-free in ReadableByteStreams This vulnerability affects Firefox < 120, Firefox ESR < 115
8.8HIGH
 CVE-2023-6206
< 115.5
The black fade animation when exiting fullscreen is roughly the length of the anti-clickjacking delay on permission prompts. It wa
5.4MEDIUM
 CVE-2023-6205
< 115.5
It was possible to cause the use of a MessagePort after it had already been freed, which could potentially have led to an exploita
6.5MEDIUM
 CVE-2023-6204
< 115.5
On some systems-depending on the graphics settings and drivers-it was possible to force an out-of-bounds read and leak memory data
6.5MEDIUM
 CVE-2023-5732
< 115.4.1
An attacker could have created a malicious link using bidirectional characters to spoof the location in the address bar when visit
6.5MEDIUM
 CVE-2023-5730
< 115.4.1
Memory safety bugs present in Firefox 118, Firefox ESR 115.3, and Thunderbird 115.3. Some of these bugs showed evidence of memory
9.8CRITICAL
 CVE-2023-5728
< 115.4.1
During garbage collection extra operations were performed on a object that should not be. This could have led to a potentially exp
7.5HIGH
 CVE-2023-5727
< 115.4.1
The executable file warning was not presented when downloading .msix, .msixbundle, .appx, and .appxbundle files, which can run com
6.5MEDIUM
 CVE-2023-5726
< 115.4.1
A website could have obscured the full screen notification by using the file open dialog. This could have led to user confusion an
4.3MEDIUM
 CVE-2023-5725
< 115.4.1
A malicious installed WebExtension could open arbitrary URLs, which under the right circumstance could be leveraged to collect sen
4.3MEDIUM
 CVE-2023-5724
< 115.4.1
Drivers are not always robust to extremely large draw calls and in some cases this scenario could have led to a crash. This vulner
7.5HIGH
 CVE-2023-5721
< 115.4.1
It was possible for certain browser prompts and dialogs to be activated or dismissed unintentionally by the user due to an insuffi
4.3MEDIUM
 CVE-2023-5217
< 115.3.1
Heap buffer overflow in vp8 encoding in libvpx in Google Chrome prior to 117.0.5938.132 and libvpx 1.13.1 allowed a remote attacke
8.8HIGH
 CVE-2023-5176
< 115.3
Memory safety bugs present in Firefox 117, Firefox ESR 115.2, and Thunderbird 115.2. Some of these bugs showed evidence of memory
9.8CRITICAL
 CVE-2023-5174
< 115.3
If Windows failed to duplicate a handle during process creation, the sandbox code may have inadvertently freed a pointer twice, re
9.8CRITICAL
 CVE-2023-5171
< 115.3
During Ion compilation, a Garbage Collection could have resulted in a use-after-free condition, allowing an attacker to write two
6.5MEDIUM
 CVE-2023-5169
< 115.3
A compromised content process could have provided malicious data in a PathRecording resulting in an out-of-bounds write, leading
6.5MEDIUM
 CVE-2023-5168
< 115.3
A compromised content process could have provided malicious data to FilterNodeD2D1 resulting in an out-of-bounds write, leading
9.8CRITICAL
 CVE-2023-4863
< 102.15.1
Heap buffer overflow in libwebp in Google Chrome prior to 116.0.5845.187 and libwebp 1.3.2 allowed a remote attacker to perform an
8.8HIGH
 CVE-2023-4585
< 115.2
Memory safety bugs present in Firefox 116, Firefox ESR 115.1, and Thunderbird 115.1. Some of these bugs showed evidence of memory
8.8HIGH
 CVE-2023-4584
< 115.2
Memory safety bugs present in Firefox 116, Firefox ESR 102.14, Firefox ESR 115.1, Thunderbird 102.14, and Thunderbird 115.1. Some
8.8HIGH
 CVE-2023-4583
< 115.2
When checking if the Browsing Context had been discarded in HttpBaseChannel, if the load group was not available then it was ass
7.5HIGH
 CVE-2023-4582
< 115.2
Due to large allocation checks in Angle for glsl shaders being too lenient a buffer overflow could have occurred when allocating t
8.8HIGH
 CVE-2023-4581
< 115.2
Excel .xll add-in files did not have a blocklist entry in Firefox's executable blocklist which allowed them to be downloaded wit
4.3MEDIUM
 CVE-2023-4580
< 115.2
Push notifications stored on disk in private browsing mode were not being encrypted potentially allowing the leak of sensitive inf
6.5MEDIUM
 CVE-2023-4578
< 115.2
When calling JS::CheckRegExpSyntax a Syntax Error could have been set which would end in calling convertToRuntimeErrorAndClear
6.5MEDIUM
 CVE-2023-4577
< 115.2
When UpdateRegExpStatics attempted to access initialStringHeap it could already have been garbage collected prior to entering
6.5MEDIUM
 CVE-2023-4576
< 115.2
On Windows, an integer overflow could occur in RecordedSourceSurfaceCreation which resulted in a heap buffer overflow potentiall
8.6HIGH
 CVE-2023-4575
< 115.2
When creating a callback over IPC for showing the File Picker window, multiple of the same callbacks could have been created at a
6.5MEDIUM
 CVE-2023-4574
< 115.2
When creating a callback over IPC for showing the Color Picker window, multiple of the same callbacks could have been created at a
6.5MEDIUM
 CVE-2023-4573
< 115.2
When receiving rendering data over IPC mStream could have been destroyed when initialized, which could have led to a use-after-f
6.5MEDIUM
 CVE-2023-3417
< 102.13.1
Thunderbird allowed the Text Direction Override Unicode Character in filenames. An email attachment could be incorrectly shown as
7.5HIGH
 CVE-2023-3600
< 115.0.1
During the worker lifecycle, a use-after-free condition could have occurred, which could have led to a potentially exploitable cra
8.8HIGH
 CVE-2023-37211
< 102.13
Memory safety bugs present in Firefox 114, Firefox ESR 102.12, and Thunderbird 102.12. Some of these bugs showed evidence of memor
8.8HIGH
 CVE-2023-37208
< 102.13
When opening Diagcab files, Firefox did not warn the user that these files may contain malicious code. This vulnerability affects
7.8HIGH
 CVE-2023-37207
< 102.13
A website could have obscured the fullscreen notification by using a URL with a scheme handled by an external program, such as a m
6.5MEDIUM
 CVE-2023-37202
< 102.13
Cross-compartment wrappers wrapping a scripted proxy could have caused objects from other compartments to be stored in the main co
8.8HIGH
 CVE-2023-37201
< 102.13
An attacker could have triggered a use-after-free condition when creating a WebRTC connection over HTTPS. This vulnerability affec
8.8HIGH
 CVE-2023-34416
< 102.12
Memory safety bugs present in Firefox 113, Firefox ESR 102.11, and Thunderbird 102.12. Some of these bugs showed evidence of memor
9.8CRITICAL
 CVE-2023-34414
< 102.12
The error page for sites with invalid TLS certificates was missing the activation-delay Firefox uses to protect prompts and permis
3.1LOW
 CVE-2023-29545
< 102.10
Similar to CVE-2023-28163, this time when choosing 'Save Link As', suggested filenames containing environment variable names would
6.5MEDIUM
 CVE-2023-29542
< 102.10
A newline in a filename could have been used to bypass the file extension security mechanisms that replace malicious file extensio
9.8CRITICAL
 CVE-2023-32214
< 102.11
Protocol handlers ms-cxh and ms-cxh-full could have been leveraged to trigger a denial of service. *Note: This attack only aff
7.5HIGH
 CVE-2023-29532
< 102.10
A local attacker can trick the Mozilla Maintenance Service into applying an unsigned update file by pointing the service at an upd
5.5MEDIUM
 CVE-2023-29531
< 102.10
An attacker could have caused an out of bounds memory access using WebGL APIs, leading to memory corruption and a potentially expl
9.8CRITICAL
 CVE-2023-32215
< 102.11
Mozilla developers and community members Gabriele Svelto, Andrew Osmond, Emily McDonough, Sebastian Hengst, Andrew McCreight and t
8.8HIGH
 CVE-2023-32213
< 102.11
When reading a file, an uninitialized value could have been used as read limit. This vulnerability affects Firefox < 113, Firefox
8.8HIGH
 CVE-2023-32212
< 102.11
An attacker could have positioned a datalist element to obscure the address bar. This vulnerability affects Firefox < 113, Firef
4.3MEDIUM
 CVE-2023-32211
< 102.11
A type checking bug would have led to invalid code being compiled. This vulnerability affects Firefox < 113, Firefox ESR < 102.11,
6.5MEDIUM
 CVE-2023-32207
< 102.11
A missing delay in popup notifications could have made it possible for an attacker to trick a user into granting permissions. This
8.8HIGH
 CVE-2023-32206
< 102.11
An out-of-bound read could have led to a crash in the RLBox Expat driver. This vulnerability affects Firefox < 113, Firefox ESR <
6.5MEDIUM
 CVE-2023-32205
< 102.11
In multiple cases browser prompts could have been obscured by popups controlled by content. These could have led to potential user
4.3MEDIUM
 CVE-2023-29550
< 102.10
Memory safety bugs present in Firefox 111 and Firefox ESR 102.9. Some of these bugs showed evidence of memory corruption and we pr
8.8HIGH
 CVE-2023-29548
< 102.10
A wrong lowering instruction in the ARM64 Ion compiler resulted in a wrong optimization result. This vulnerability affects Firefox
6.5MEDIUM
 CVE-2023-29541
< 102.10
Firefox did not properly handle downloads of files ending in .desktop, which can be interpreted to run attacker-controlled command
8.8HIGH
 CVE-2023-29539
< 102.10
When handling the filename directive in the Content-Disposition header, the filename would be truncated if the filename contained
8.8HIGH
 CVE-2023-29536
< 102.10
An attacker could cause the memory manager to incorrectly free a pointer that addresses attacker-controlled memory, resulting in a
8.8HIGH
 CVE-2023-29535
< 102.10
Following a Garbage Collector compaction, weak maps may have been accessed before they were correctly traced. This resulted in mem
6.5MEDIUM
 CVE-2023-29533
< 102.10
A website could have obscured the fullscreen notification by using a combination of window.open, fullscreen requests, window.name
4.3MEDIUM
 CVE-2023-28176
< 102.9
Memory safety bugs present in Firefox 110 and Firefox ESR 102.8. Some of these bugs showed evidence of memory corruption and we pr
8.8HIGH
 CVE-2023-28164
< 102.9
Dragging a URL from a cross-origin iframe that was removed during the drag could have led to user confusion and website spoofing a
6.5MEDIUM
 CVE-2023-28163
< 102.9
When downloading files through the Save As dialog on Windows with suggested filenames containing environment variable names, Windo
6.5MEDIUM
 CVE-2023-28162
< 102.9
While implementing AudioWorklets, some code may have casted one type to another, invalid, dynamic type. This could have led to a p
8.8HIGH
 CVE-2023-25752
< 102.9
When accessing throttled streams, the count of available bytes needed to be checked in the calling function to be within bounds. T
6.5MEDIUM
 CVE-2023-25751
< 102.9
Sometimes, when invalidating JIT code while following an iterator, the newly generated code could be overwritten incorrectly. This
6.5MEDIUM
 CVE-2023-25746
< 102.8
Memory safety bugs present in Firefox ESR 102.7. Some of these bugs showed evidence of memory corruption and we presume that with
8.8HIGH
 CVE-2023-25742
< 102.8
When importing a SPKI RSA public key as ECDSA P-256, the key would be handled incorrectly causing the tab to crash. This vulnerabi
6.5MEDIUM
 CVE-2023-25739
< 102.8
Module load requests that failed were not being checked as to whether or not they were cancelled causing a use-after-free in Scrip
8.8HIGH
 CVE-2023-25738
< 102.8
Members of the DEVMODEW struct set by the printer device driver weren't being validated and could have resulted in invalid values
6.5MEDIUM
 CVE-2023-25737
< 102.8
An invalid downcast from nsTextNode to SVGElement could have lead to undefined behavior. This vulnerability affects Firefox < 110,
8.8HIGH
 CVE-2023-25735
< 102.8
Cross-compartment wrappers wrapping a scripted proxy could have caused objects from other compartments to be stored in the main co
8.8HIGH
 CVE-2023-25734
< 102.8
After downloading a Windows .url shortcut from the local filesystem, an attacker could supply a remote path that would lead to une
8.1HIGH
 CVE-2023-25732
< 102.8
When encoding data from an inputStream in xpcom the size of the input being encoded was not correctly calculated potentially leadi
8.8HIGH
 CVE-2023-25730
< 102.8
A background script invoking requestFullscreen and then blocking the main thread could force the browser into fullscreen mode inde
5.4MEDIUM
 CVE-2023-25729
< 102.8
Permission prompts for opening external schemes were only shown for ContentPrincipals resulting in extensions being able to open t
8.8HIGH
 CVE-2023-25728
< 102.8
The Content-Security-Policy-Report-Only header could allow an attacker to leak a child iframe's unredacted URI when interaction wi
6.5MEDIUM
 CVE-2023-23605
< 102.7
Mozilla developers and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 108 and Firefox ESR 102.6. Some of
8.8HIGH
 CVE-2023-23603
< 102.7
Regular expressions used to filter out forbidden properties and values from style directives in calls to console.log weren't acc
6.5MEDIUM
 CVE-2023-23602
< 102.7
A mishandled security check when creating a WebSocket in a WebWorker caused the Content Security Policy connect-src header to be i
6.5MEDIUM
 CVE-2023-23601
< 102.7
Navigations were being allowed when dragging a URL from a cross-origin iframe into the same tab which could lead to website spoofi
6.5MEDIUM
 CVE-2023-23599
< 102.7
When copying a network request from the developer tools panel as a curl command the output was not being properly sanitized and co
6.5MEDIUM
 CVE-2023-23598
< 102.7
Due to the Firefox GTK wrapper code's use of text/plain for drag data and GTK treating all text/plain MIMEs containing file URLs a
6.5MEDIUM
 CVE-2023-1945
< 102.10
Unexpected data returned from the Safe Browsing API could have led to memory corruption and a potentially exploitable crash. This
6.5MEDIUM
 CVE-2023-0767
< 102.8
An attacker could construct a PKCS 12 cert bundle in such a way that could allow for arbitrary memory writes via PKCS 12 Safe Bag
8.8HIGH
 CVE-2023-0616
< 102.8
If a MIME email combines OpenPGP and OpenPGP MIME data in a certain way Thunderbird repeatedly attempts to process and display the
6.5MEDIUM
 CVE-2023-0547
>= 68.0 and < 102.10
OCSP revocation status of recipient certificates was not checked when sending S/Mime encrypted email, and revoked certificates wou
6.5MEDIUM
 CVE-2023-0430
>= 68.0 and < 102.7.1
Certificate OCSP revocation status was not checked when verifying S/Mime signatures. Mail signed with a revoked certificate would
6.5MEDIUM
 CVE-2021-43529
< 91.3.0
Thunderbird versions prior to 91.3.0 are vulnerable to the heap overflow described in CVE-2021-43527 when processing S/MIME messag
9.8CRITICAL
 CVE-2022-46882
< 102.6
A use-after-free in WebGL extensions could have led to a potentially exploitable crash. This vulnerability affects Firefox < 107,
9.8CRITICAL
 CVE-2022-46881
< 102.6
An optimization in WebGL was incorrect in some cases, and could have led to memory corruption and a potentially exploitable crash.
8.8HIGH
 CVE-2022-46880
< 102.6
A missing check related to tex units could have led to a use-after-free and potentially exploitable crash.<br />Note: This advis
6.5MEDIUM
 CVE-2022-46878
< 102.6
Mozilla developers Randell Jesup, Valentin Gosu, Olli Pettay, and the Mozilla Fuzzing Team reported memory safety bugs present in
8.8HIGH
 CVE-2022-46875
< 102.6
The executable file warning was not presented when downloading .atloc and .ftploc files, which can run commands on a user's comput
6.5MEDIUM
 CVE-2022-46874
< 102.6
A file with a long filename could have had its filename truncated to remove the valid extension, leaving a malicious extension in
8.8HIGH
 CVE-2022-46872
< 102.6
An attacker who compromised a content process could have partially escaped the sandbox to read arbitrary files via clipboard-relat
8.6HIGH
 CVE-2022-45421
< 102.5
Mozilla developers Andrew McCreight and Gabriele Svelto reported memory safety bugs present in Thunderbird 102.4. Some of these bu
8.8HIGH
 CVE-2022-45420
< 102.5
Use tables inside of an iframe, an attacker could have caused iframe contents to be rendered outside the boundaries of the iframe,
6.5MEDIUM
 CVE-2022-45418
< 102.5
If a custom mouse cursor is specified in CSS, under certain circumstances the cursor could have been drawn over the browser UI, re
6.1MEDIUM
 CVE-2022-45416
< 102.5
Keyboard events reference strings like "KeyA" that were at fixed, known, and widely-spread addresses. Cache-based timing attacks s
6.5MEDIUM
 CVE-2022-45414
< 102.5.1
If a Thunderbird user quoted from an HTML email, for example by replying to the email, and the email contained either a VIDEO tag
8.1HIGH
 CVE-2022-45412
< 102.5
When resolving a symlink such as file:///proc/self/fd/1, an error message may be produced where the symlink was resolved to a stri
8.8HIGH
 CVE-2022-45411
< 102.5
Cross-Site Tracing occurs when a server will echo a request back via the Trace method, allowing an XSS attack to access to authori
6.1MEDIUM
 CVE-2022-45410
< 102.5
When a ServiceWorker intercepted a request with FetchEvent, the origin of the request was lost after the ServiceWorker took owners
6.5MEDIUM
 CVE-2022-45409
< 102.5
The garbage collector could have been aborted in several states and zones and GCRuntime::finishCollection may not have been called
8.8HIGH
 CVE-2022-45408
< 102.5
Through a series of popups that reuse windowName, an attacker can cause a window to go fullscreen without the user seeing the noti
6.5MEDIUM
 CVE-2022-45406
< 102.5
If an out-of-memory condition occurred when creating a JavaScript global, a JavaScript realm may be deleted while references to it
9.8CRITICAL
 CVE-2022-45405
< 102.5
Freeing arbitrary nsIInputStream's on a different thread than creation could have led to a use-after-free and potentially exploita
6.5MEDIUM
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh  ·  Open-source threat intelligence platform  ·  100+ authoritative sources  ·  Every fact traces to its origin