Filtered by vendor Mozilla
Subscribe
Total
3382 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-0746 | 2 Debian, Mozilla | 4 Debian Linux, Firefox, Firefox Esr and 1 more | 2025-06-20 | N/A | 6.5 MEDIUM |
| A Linux user opening the print preview dialog could have caused the browser to crash. This vulnerability affects Firefox < 122, Firefox ESR < 115.7, and Thunderbird < 115.7. | |||||
| CVE-2024-0606 | 1 Mozilla | 1 Firefox Focus | 2025-06-20 | N/A | 6.1 MEDIUM |
| An attacker could execute unauthorized script on a legitimate site through UXSS using window.open() by opening a javascript URI leading to unauthorized actions within the user's loaded webpage. This vulnerability affects Focus for iOS < 122. | |||||
| CVE-2024-0605 | 1 Mozilla | 1 Firefox Focus | 2025-06-20 | N/A | 7.5 HIGH |
| Using a javascript: URI with a setTimeout race condition, an attacker can execute unauthorized scripts on top origin sites in urlbar. This bypasses security measures, potentially leading to arbitrary code execution or unauthorized actions within the user's loaded webpage. This vulnerability affects Focus for iOS < 122. | |||||
| CVE-2025-2830 | 1 Mozilla | 1 Thunderbird | 2025-06-18 | N/A | 6.3 MEDIUM |
| By crafting a malformed file name for an attachment in a multipart message, an attacker can trick Thunderbird into including a directory listing of /tmp when the message is forwarded or edited as a new message. This vulnerability could allow attackers to disclose sensitive information from the victim's system. This vulnerability is not limited to Linux; similar behavior has been observed on Windows as well. This vulnerability affects Thunderbird < 137.0.2 and Thunderbird < 128.9.2. | |||||
| CVE-2025-3522 | 1 Mozilla | 1 Thunderbird | 2025-06-18 | N/A | 6.3 MEDIUM |
| Thunderbird processes the X-Mozilla-External-Attachment-URL header to handle attachments which can be hosted externally. When an email is opened, Thunderbird accesses the specified URL to determine file size, and navigates to it when the user clicks the attachment. Because the URL is not validated or sanitized, it can reference internal resources like chrome:// or SMB share file:// links, potentially leading to hashed Windows credential leakage and opening the door to more serious security issues. This vulnerability affects Thunderbird < 137.0.2 and Thunderbird < 128.9.2. | |||||
| CVE-2025-49709 | 1 Mozilla | 1 Firefox | 2025-06-16 | N/A | 9.8 CRITICAL |
| Certain canvas operations could have lead to memory corruption. This vulnerability affects Firefox < 139.0.4. | |||||
| CVE-2025-49710 | 1 Mozilla | 1 Firefox | 2025-06-16 | N/A | 9.8 CRITICAL |
| An integer overflow was present in `OrderedHashTable` used by the JavaScript engine This vulnerability affects Firefox < 139.0.4. | |||||
| CVE-2025-5020 | 1 Mozilla | 1 Firefox | 2025-06-13 | N/A | 4.3 MEDIUM |
| Opening maliciously-crafted URLs in Firefox from other apps such as Safari could have allowed attackers to spoof website addresses if the URLs utilized non-HTTP schemes used internally by the Firefox iOS client This vulnerability affects Firefox for iOS < 139. | |||||
| CVE-2025-3523 | 1 Mozilla | 1 Thunderbird | 2025-06-13 | N/A | 6.4 MEDIUM |
| When an email contains multiple attachments with external links via the X-Mozilla-External-Attachment-URL header, only the last link is shown when hovering over any attachment. Although the correct link is used on click, the misleading hover text could trick users into downloading content from untrusted sources. This vulnerability affects Thunderbird < 137.0.2 and Thunderbird < 128.9.2. | |||||
| CVE-2023-5758 | 1 Mozilla | 1 Firefox | 2025-06-12 | N/A | 6.1 MEDIUM |
| When opening a page in reader mode, the redirect URL could have caused attacker-controlled script to execute in a reflected Cross-Site Scripting (XSS) attack. This vulnerability affects Firefox for iOS < 119. | |||||
| CVE-2024-0748 | 1 Mozilla | 1 Firefox | 2025-06-11 | N/A | 4.3 MEDIUM |
| A compromised content process could have updated the document URI. This could have allowed an attacker to set an arbitrary URI in the address bar or history. This vulnerability affects Firefox < 122. | |||||
| CVE-2025-5272 | 1 Mozilla | 2 Firefox, Thunderbird | 2025-06-11 | N/A | 7.3 HIGH |
| Memory safety bugs present in Firefox 138 and Thunderbird 138. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 139 and Thunderbird < 139. | |||||
| CVE-2025-5271 | 1 Mozilla | 1 Firefox | 2025-06-11 | N/A | 6.5 MEDIUM |
| Previewing a response in Devtools ignored CSP headers, which could have allowed content injection attacks. This vulnerability affects Firefox < 139 and Thunderbird < 139. | |||||
| CVE-2025-5270 | 1 Mozilla | 1 Firefox | 2025-06-11 | N/A | 7.5 HIGH |
| In certain cases, SNI could have been sent unencrypted even when encrypted DNS was enabled. This vulnerability affects Firefox < 139 and Thunderbird < 139. | |||||
| CVE-2025-5265 | 1 Mozilla | 1 Firefox | 2025-06-11 | N/A | 4.8 MEDIUM |
| Due to insufficient escaping of the ampersand character in the “Copy as cURL” feature, an attacker could trick a user into using this command, potentially leading to local code execution on the user's system. *This bug only affects Firefox for Windows. Other versions of Firefox are unaffected.* This vulnerability affects Firefox < 139, Firefox ESR < 115.24, Firefox ESR < 128.11, Thunderbird < 139, and Thunderbird < 128.11. | |||||
| CVE-2024-0753 | 2 Debian, Mozilla | 4 Debian Linux, Firefox, Firefox Esr and 1 more | 2025-06-07 | N/A | 6.5 MEDIUM |
| In specific HSTS configurations an attacker could have bypassed HSTS on a subdomain. This vulnerability affects Firefox < 122, Firefox ESR < 115.7, and Thunderbird < 115.7. | |||||
| CVE-2024-0742 | 2 Debian, Mozilla | 4 Debian Linux, Firefox, Firefox Esr and 1 more | 2025-05-30 | N/A | 4.3 MEDIUM |
| It was possible for certain browser prompts and dialogs to be activated or dismissed unintentionally by the user due to an incorrect timestamp used to prevent input after page load. This vulnerability affects Firefox < 122, Firefox ESR < 115.7, and Thunderbird < 115.7. | |||||
| CVE-2024-0741 | 2 Debian, Mozilla | 4 Debian Linux, Firefox, Firefox Esr and 1 more | 2025-05-30 | N/A | 6.5 MEDIUM |
| An out of bounds write in ANGLE could have allowed an attacker to corrupt memory leading to a potentially exploitable crash. This vulnerability affects Firefox < 122, Firefox ESR < 115.7, and Thunderbird < 115.7. | |||||
| CVE-2023-32216 | 1 Mozilla | 1 Firefox | 2025-05-27 | N/A | 9.8 CRITICAL |
| Mozilla developers and community members Ronald Crane, Andrew McCreight, Randell Jesup and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 112. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 113. | |||||
| CVE-2023-32215 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2025-05-27 | N/A | 8.8 HIGH |
| Mozilla developers and community members Gabriele Svelto, Andrew Osmond, Emily McDonough, Sebastian Hengst, Andrew McCreight and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 112 and Firefox ESR 102.10. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11. | |||||