Filtered by vendor Mozilla
Subscriptions
Filtered by product Firefox
Subscriptions
Total
3033 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2017-5390 | 3 Debian, Mozilla, Redhat | 9 Debian Linux, Firefox, Thunderbird and 6 more | 2025-11-25 | N/A |
| The JSON viewer in the Developer Tools uses insecure methods to create a communication channel for copying and viewing JSON or HTTP headers data, allowing for potential privilege escalation. This vulnerability affects Thunderbird < 45.7, Firefox ESR < 45.7, and Firefox < 51. | ||||
| CVE-2018-12405 | 4 Canonical, Debian, Mozilla and 1 more | 11 Ubuntu Linux, Debian Linux, Firefox and 8 more | 2025-11-25 | N/A |
| Mozilla developers and community members reported memory safety bugs present in Firefox 63 and Firefox ESR 60.3. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 60.4, Firefox ESR < 60.4, and Firefox < 64. | ||||
| CVE-2017-7754 | 3 Debian, Mozilla, Redhat | 9 Debian Linux, Firefox, Thunderbird and 6 more | 2025-11-25 | N/A |
| An out-of-bounds read in WebGL with a maliciously crafted "ImageInfo" object during WebGL operations. This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and Thunderbird < 52.2. | ||||
| CVE-2014-1557 | 4 Debian, Mozilla, Oracle and 1 more | 6 Debian Linux, Firefox, Firefox Esr and 3 more | 2025-11-25 | N/A |
| The ConvolveHorizontally function in Skia, as used in Mozilla Firefox before 31.0, Firefox ESR 24.x before 24.7, and Thunderbird before 24.7, does not properly handle the discarding of image data during function execution, which allows remote attackers to execute arbitrary code by triggering prolonged image scaling, as demonstrated by scaling of a high-quality image. | ||||
| CVE-2025-13015 | 1 Mozilla | 2 Firefox, Firefox Esr | 2025-11-25 | 3.4 Low |
| Spoofing issue in Firefox. This vulnerability affects Firefox < 145, Firefox ESR < 140.5, Firefox ESR < 115.30, Thunderbird < 145, and Thunderbird < 140.5. | ||||
| CVE-2025-13021 | 1 Mozilla | 1 Firefox | 2025-11-25 | 9.8 Critical |
| Incorrect boundary conditions in the Graphics: WebGPU component. This vulnerability affects Firefox < 145 and Thunderbird < 145. | ||||
| CVE-2025-13022 | 1 Mozilla | 1 Firefox | 2025-11-25 | 9.8 Critical |
| Incorrect boundary conditions in the Graphics: WebGPU component. This vulnerability affects Firefox < 145 and Thunderbird < 145. | ||||
| CVE-2025-13023 | 1 Mozilla | 1 Firefox | 2025-11-25 | 9.8 Critical |
| Sandbox escape due to incorrect boundary conditions in the Graphics: WebGPU component. This vulnerability affects Firefox < 145 and Thunderbird < 145. | ||||
| CVE-2025-13024 | 1 Mozilla | 1 Firefox | 2025-11-25 | 9.8 Critical |
| JIT miscompilation in the JavaScript Engine: JIT component. This vulnerability affects Firefox < 145 and Thunderbird < 145. | ||||
| CVE-2025-13025 | 1 Mozilla | 1 Firefox | 2025-11-25 | 7.5 High |
| Incorrect boundary conditions in the Graphics: WebGPU component. This vulnerability affects Firefox < 145 and Thunderbird < 145. | ||||
| CVE-2025-13026 | 1 Mozilla | 1 Firefox | 2025-11-25 | 9.8 Critical |
| Sandbox escape due to incorrect boundary conditions in the Graphics: WebGPU component. This vulnerability affects Firefox < 145 and Thunderbird < 145. | ||||
| CVE-2025-13017 | 1 Mozilla | 2 Firefox, Firefox Esr | 2025-11-25 | 8.1 High |
| Same-origin policy bypass in the DOM: Notifications component. This vulnerability affects Firefox < 145, Firefox ESR < 140.5, Thunderbird < 145, and Thunderbird < 140.5. | ||||
| CVE-2025-13018 | 1 Mozilla | 2 Firefox, Firefox Esr | 2025-11-25 | 8.1 High |
| Mitigation bypass in the DOM: Security component. This vulnerability affects Firefox < 145, Firefox ESR < 140.5, Thunderbird < 145, and Thunderbird < 140.5. | ||||
| CVE-2025-13019 | 1 Mozilla | 2 Firefox, Firefox Esr | 2025-11-25 | 8.1 High |
| Same-origin policy bypass in the DOM: Workers component. This vulnerability affects Firefox < 145, Firefox ESR < 140.5, Thunderbird < 145, and Thunderbird < 140.5. | ||||
| CVE-2025-13020 | 1 Mozilla | 2 Firefox, Firefox Esr | 2025-11-25 | 8.8 High |
| Use-after-free in the WebRTC: Audio/Video component. This vulnerability affects Firefox < 145, Firefox ESR < 140.5, Thunderbird < 145, and Thunderbird < 140.5. | ||||
| CVE-2025-11719 | 2 Microsoft, Mozilla | 3 Windows, Firefox, Thunderbird | 2025-11-14 | 9.8 Critical |
| Starting in Thunderbird 143, the use of the native messaging API by web extensions on Windows could lead to crashes caused by use-after-free memory corruption. This vulnerability affects Firefox < 144 and Thunderbird < 144. | ||||
| CVE-2025-6435 | 1 Mozilla | 2 Firefox, Thunderbird | 2025-11-13 | 8.1 High |
| If a user saved a response from the Network tab in Devtools using the Save As context menu option, that file may not have been saved with the `.download` file extension. This could have led to the user inadvertently running a malicious executable. This vulnerability affects Firefox < 140 and Thunderbird < 140. | ||||
| CVE-2024-5696 | 3 Debian, Mozilla, Redhat | 8 Debian Linux, Firefox, Thunderbird and 5 more | 2025-11-06 | 8.6 High |
| By manipulating the text in an `<input>` tag, an attacker could have caused corrupt memory leading to a potentially exploitable crash. This vulnerability affects Firefox < 127, Firefox ESR < 115.12, and Thunderbird < 115.12. | ||||
| CVE-2023-5388 | 3 Debian, Mozilla, Redhat | 8 Debian Linux, Firefox, Thunderbird and 5 more | 2025-11-04 | 6.5 Medium |
| NSS was susceptible to a timing side-channel attack when performing RSA decryption. This attack could potentially allow an attacker to recover the private data. This vulnerability affects Firefox < 124, Firefox ESR < 115.9, and Thunderbird < 115.9. | ||||
| CVE-2024-8384 | 2 Mozilla, Redhat | 8 Firefox, Firefox Esr, Enterprise Linux and 5 more | 2025-11-04 | 9.8 Critical |
| The JavaScript garbage collector could mis-color cross-compartment objects if OOM conditions were detected at the right point between two passes. This could have led to memory corruption. This vulnerability affects Firefox < 130, Firefox ESR < 128.2, Firefox ESR < 115.15, Thunderbird < 128.2, and Thunderbird < 115.15. | ||||