Filtered by vendor Mozilla
Subscriptions
Total
3368 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-11703 | 1 Mozilla | 1 Firefox | 2025-04-05 | 5.7 Medium |
| On Android, Firefox may have inadvertently allowed viewing saved passwords without the required device PIN authentication. This vulnerability affects Firefox < 133. | ||||
| CVE-2024-11702 | 1 Mozilla | 2 Firefox, Thunderbird | 2025-04-05 | 7.5 High |
| Copying sensitive information from Private Browsing tabs on Android, such as passwords, may have inadvertently stored data in the cloud-based clipboard history if enabled. This vulnerability affects Firefox < 133 and Thunderbird < 133. | ||||
| CVE-2024-11701 | 1 Mozilla | 2 Firefox, Thunderbird | 2025-04-05 | 4.3 Medium |
| The incorrect domain may have been displayed in the address bar during an interrupted navigation attempt. This could have led to user confusion and possible spoofing attacks. This vulnerability affects Firefox < 133 and Thunderbird < 133. | ||||
| CVE-2024-5688 | 2 Mozilla, Redhat | 7 Firefox, Thunderbird, Enterprise Linux and 4 more | 2025-04-04 | 8.1 High |
| If a garbage collection was triggered at the right time, a use-after-free could have occurred during object transplant. This vulnerability affects Firefox < 127, Firefox ESR < 115.12, and Thunderbird < 115.12. | ||||
| CVE-2024-5699 | 1 Mozilla | 1 Firefox | 2025-04-04 | 9.8 Critical |
| In violation of spec, cookie prefixes such as `__Secure` were being ignored if they were not correctly capitalized - by spec they should be checked with a case-insensitive comparison. This could have resulted in the browser not correctly honoring the behaviors specified by the prefix. This vulnerability affects Firefox < 127. | ||||
| CVE-2024-11708 | 1 Mozilla | 2 Firefox, Thunderbird | 2025-04-04 | 6.5 Medium |
| Missing thread synchronization primitives could have led to a data race on members of the PlaybackParams structure. This vulnerability affects Firefox < 133 and Thunderbird < 133. | ||||
| CVE-2024-53976 | 1 Mozilla | 1 Firefox | 2025-04-04 | 5.4 Medium |
| Under certain circumstances, navigating to a webpage would result in the address missing from the location URL bar, making it unclear what the URL was for the loaded webpage. This vulnerability affects Firefox for iOS < 133. | ||||
| CVE-2025-1930 | 2 Mozilla, Redhat | 8 Firefox, Thunderbird, Enterprise Linux and 5 more | 2025-04-04 | 8.8 High |
| On Windows, a compromised content process could use bad StreamData sent over AudioIPC to trigger a use-after-free in the Browser process. This could have led to a sandbox escape. This vulnerability affects Firefox < 136, Firefox ESR < 115.21, Firefox ESR < 128.8, Thunderbird < 136, and Thunderbird < 128.8. | ||||
| CVE-2024-5702 | 2 Mozilla, Redhat | 7 Firefox, Thunderbird, Enterprise Linux and 4 more | 2025-04-04 | 7.5 High |
| Memory corruption in the networking stack could have led to a potentially exploitable crash. This vulnerability affects Firefox < 125, Firefox ESR < 115.12, and Thunderbird < 115.12. | ||||
| CVE-2024-5700 | 2 Mozilla, Redhat | 7 Firefox, Thunderbird, Enterprise Linux and 4 more | 2025-04-04 | 7.0 High |
| Memory safety bugs present in Firefox 126, Firefox ESR 115.11, and Thunderbird 115.11. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 127, Firefox ESR < 115.12, and Thunderbird < 115.12. | ||||
| CVE-2024-9391 | 1 Mozilla | 1 Firefox | 2025-04-04 | 6.5 Medium |
| A user who enables full-screen mode on a specially crafted web page could potentially be prevented from exiting full screen mode. This may allow spoofing of other sites as the address bar is no longer visible. *This bug only affects Firefox Focus for Android. Other versions of Firefox are unaffected.* This vulnerability affects Firefox < 131. | ||||
| CVE-2024-9395 | 1 Mozilla | 1 Firefox | 2025-04-04 | 5.3 Medium |
| A specially crafted filename containing a large number of spaces could obscure the file's extension when displayed in the download dialog. *This bug only affects Firefox for Android. Other versions of Firefox are unaffected.* This vulnerability affects Firefox < 131. | ||||
| CVE-2024-9396 | 2 Mozilla, Redhat | 9 Firefox, Firefox Esr, Thunderbird and 6 more | 2025-04-04 | 8.8 High |
| It is currently unknown if this issue is exploitable but a condition may arise where the structured clone of certain objects could lead to memory corruption. This vulnerability affects Firefox < 131, Firefox ESR < 128.3, Thunderbird < 128.3, and Thunderbird < 131. | ||||
| CVE-2024-9400 | 2 Mozilla, Redhat | 9 Firefox, Firefox Esr, Thunderbird and 6 more | 2025-04-04 | 8.8 High |
| A potential memory corruption vulnerability could be triggered if an attacker had the ability to trigger an OOM at a specific moment during JIT compilation. This vulnerability affects Firefox < 131, Firefox ESR < 128.3, Thunderbird < 128.3, and Thunderbird < 131. | ||||
| CVE-2024-9402 | 2 Mozilla, Redhat | 9 Firefox, Firefox Esr, Thunderbird and 6 more | 2025-04-04 | 9.8 Critical |
| Memory safety bugs present in Firefox 130, Firefox ESR 128.2, and Thunderbird 128.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 131, Firefox ESR < 128.3, Thunderbird < 128.3, and Thunderbird < 131. | ||||
| CVE-2024-10004 | 1 Mozilla | 1 Firefox | 2025-04-04 | 9.1 Critical |
| Opening an external link to an HTTP website when Firefox iOS was previously closed and had an HTTPS tab open could in some cases result in the padlock icon showing an HTTPS indicator incorrectly This vulnerability affects Firefox for iOS < 131.2. | ||||
| CVE-2024-4765 | 1 Mozilla | 1 Firefox | 2025-04-04 | 8.1 High |
| Web application manifests were stored by using an insecure MD5 hash which allowed for a hash collision to overwrite another application's manifest. This could have been exploited to run arbitrary code in another application's context. *This issue only affects Firefox for Android. Other versions of Firefox are unaffected.* This vulnerability affects Firefox < 126. | ||||
| CVE-2024-4766 | 2 Google, Mozilla | 2 Android, Firefox | 2025-04-04 | 4.3 Medium |
| Different techniques existed to obscure the fullscreen notification in Firefox for Android. These could have led to potential user confusion and spoofing attacks. *This bug only affects Firefox for Android. Other versions of Firefox are unaffected.* This vulnerability affects Firefox < 126. | ||||
| CVE-2024-4773 | 1 Mozilla | 1 Firefox | 2025-04-04 | 7.5 High |
| When a network error occurred during page load, the prior content could have remained in view with a blank URL bar. This could have been used to obfuscate a spoofed web site. This vulnerability affects Firefox < 126. | ||||
| CVE-2024-4778 | 1 Mozilla | 1 Firefox | 2025-04-04 | 9.8 Critical |
| Memory safety bugs present in Firefox 125. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 126. | ||||