Total
3219 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2026-2763 | 1 Mozilla | 2 Firefox, Thunderbird | 2026-06-17 | N/A | 9.8 CRITICAL |
| Use-after-free in the JavaScript Engine component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8. | |||||
| CVE-2026-2762 | 1 Mozilla | 2 Firefox, Thunderbird | 2026-06-17 | N/A | 9.8 CRITICAL |
| Integer overflow in the JavaScript: Standard Library component. This vulnerability was fixed in Firefox 148, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8. | |||||
| CVE-2026-2761 | 1 Mozilla | 2 Firefox, Thunderbird | 2026-06-17 | N/A | 10.0 CRITICAL |
| Sandbox escape in the Graphics: WebRender component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8. | |||||
| CVE-2026-2760 | 1 Mozilla | 2 Firefox, Thunderbird | 2026-06-17 | N/A | 10.0 CRITICAL |
| Sandbox escape due to incorrect boundary conditions in the Graphics: WebRender component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8. | |||||
| CVE-2026-2759 | 1 Mozilla | 2 Firefox, Thunderbird | 2026-06-17 | N/A | 9.8 CRITICAL |
| Incorrect boundary conditions in the Graphics: ImageLib component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8. | |||||
| CVE-2026-2758 | 1 Mozilla | 2 Firefox, Thunderbird | 2026-06-17 | N/A | 9.8 CRITICAL |
| Use-after-free in the JavaScript: GC component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8. | |||||
| CVE-2026-2757 | 1 Mozilla | 2 Firefox, Thunderbird | 2026-06-17 | N/A | 9.8 CRITICAL |
| Incorrect boundary conditions in the WebRTC: Audio/Video component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8. | |||||
| CVE-2026-2634 | 1 Mozilla | 1 Firefox | 2026-06-17 | N/A | 9.8 CRITICAL |
| Malicious scripts could cause desynchronization between the address bar and web content before a response is received in Firefox iOS, allowing attacker-controlled pages to be presented under spoofed domains. This vulnerability was fixed in Firefox for iOS 147.4. | |||||
| CVE-2026-2447 | 1 Mozilla | 2 Firefox, Thunderbird | 2026-06-17 | N/A | 8.8 HIGH |
| Heap buffer overflow in libvpx. This vulnerability was fixed in Firefox 147.0.4, Firefox ESR 140.7.1, Firefox ESR 115.32.1, Thunderbird 140.7.2, and Thunderbird 147.0.2. | |||||
| CVE-2026-2032 | 1 Mozilla | 1 Firefox | 2026-06-17 | N/A | 4.3 MEDIUM |
| Malicious scripts that interrupt new tab page loading could cause desynchronization between the address bar and page content, allowing the attacker to spoof arbitrary HTML under a trusted domain. This vulnerability was fixed in Firefox for iOS 147.2.1. | |||||
| CVE-2026-24869 | 1 Mozilla | 1 Firefox | 2026-06-17 | N/A | 8.8 HIGH |
| Use-after-free in the Layout: Scrolling and Overflow component. This vulnerability was fixed in Firefox 147.0.2. | |||||
| CVE-2026-24868 | 1 Mozilla | 1 Firefox | 2026-06-17 | N/A | 6.5 MEDIUM |
| Mitigation bypass in the Privacy: Anti-Tracking component. This vulnerability was fixed in Firefox 147.0.2. | |||||
| CVE-2026-12330 | 1 Mozilla | 2 Firefox, Thunderbird | 2026-06-17 | N/A | 5.4 MEDIUM |
| Incorrect boundary conditions in the Internationalization component. This vulnerability was fixed in Firefox ESR 140.12, Firefox ESR 115.37, and Thunderbird 140.12. | |||||
| CVE-2026-12329 | 1 Mozilla | 2 Firefox, Thunderbird | 2026-06-17 | N/A | 5.3 MEDIUM |
| Memory safety bug fixed in Thunderbird ESR 140.12. This vulnerability was fixed in Firefox ESR 140.12 and Thunderbird 140.12. | |||||
| CVE-2026-12323 | 1 Mozilla | 2 Firefox, Thunderbird | 2026-06-17 | N/A | 5.4 MEDIUM |
| Spoofing issue in the DOM: Core & HTML component. This vulnerability was fixed in Firefox 152 and Thunderbird 152. | |||||
| CVE-2026-12322 | 1 Mozilla | 2 Firefox, Thunderbird | 2026-06-17 | N/A | 5.4 MEDIUM |
| Clickjacking issue in the Widget: Gtk component. This vulnerability was fixed in Firefox 152 and Thunderbird 152. | |||||
| CVE-2026-12321 | 1 Mozilla | 2 Firefox, Thunderbird | 2026-06-17 | N/A | 5.4 MEDIUM |
| JIT miscompilation in the JavaScript: WebAssembly component. This vulnerability was fixed in Firefox 152 and Thunderbird 152. | |||||
| CVE-2026-12320 | 1 Mozilla | 2 Firefox, Thunderbird | 2026-06-17 | N/A | 4.3 MEDIUM |
| Information disclosure in the Password Manager component. This vulnerability was fixed in Firefox 152 and Thunderbird 152. | |||||
| CVE-2026-12319 | 1 Mozilla | 2 Firefox, Thunderbird | 2026-06-17 | N/A | 6.5 MEDIUM |
| Denial-of-service in the Audio/Video: Playback component. This vulnerability was fixed in Firefox 152 and Thunderbird 152. | |||||
| CVE-2026-12313 | 1 Mozilla | 2 Firefox, Thunderbird | 2026-06-17 | N/A | 4.7 MEDIUM |
| Information disclosure, sandbox escape in the Security: Process Sandboxing component. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Thunderbird 152, and Thunderbird 140.12. | |||||