Total
1473 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-11704 | 1 Mozilla | 2 Firefox, Thunderbird | 2025-04-07 | N/A | 9.8 CRITICAL |
| A double-free issue could have occurred in `sec_pkcs7_decoder_start_decrypt()` when handling an error path. Under specific conditions, the same symmetric key could have been freed twice, potentially leading to memory corruption. This vulnerability affects Firefox < 133, Thunderbird < 133, Firefox ESR < 128.7, and Thunderbird < 128.7. | |||||
| CVE-2024-11706 | 1 Mozilla | 2 Firefox, Thunderbird | 2025-04-07 | N/A | 6.5 MEDIUM |
| A null pointer dereference may have inadvertently occurred in `pk12util`, and specifically in the `SEC_ASN1DecodeItem_Util` function, when handling malformed or improperly formatted input files. This vulnerability affects Firefox < 133 and Thunderbird < 133. | |||||
| CVE-2025-3028 | 1 Mozilla | 2 Firefox, Thunderbird | 2025-04-07 | N/A | 6.5 MEDIUM |
| JavaScript code running while transforming a document with the XSLTProcessor could lead to a use-after-free. This vulnerability affects Firefox < 137, Firefox ESR < 115.22, Firefox ESR < 128.9, Thunderbird < 137, and Thunderbird < 128.9. | |||||
| CVE-2025-3029 | 1 Mozilla | 2 Firefox, Thunderbird | 2025-04-07 | N/A | 7.3 HIGH |
| A crafted URL containing specific Unicode characters could have hidden the true origin of the page, resulting in a potential spoofing attack. This vulnerability affects Firefox < 137, Firefox ESR < 128.9, Thunderbird < 137, and Thunderbird < 128.9. | |||||
| CVE-2025-3030 | 1 Mozilla | 2 Firefox, Thunderbird | 2025-04-07 | N/A | 8.1 HIGH |
| Memory safety bugs present in Firefox 136, Thunderbird 136, Firefox ESR 128.8, and Thunderbird 128.8. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 137, Firefox ESR < 128.9, Thunderbird < 137, and Thunderbird < 128.9. | |||||
| CVE-2025-3031 | 1 Mozilla | 2 Firefox, Thunderbird | 2025-04-07 | N/A | 6.5 MEDIUM |
| An attacker could read 32 bits of values spilled onto the stack in a JIT compiled function. This vulnerability affects Firefox < 137 and Thunderbird < 137. | |||||
| CVE-2025-3032 | 1 Mozilla | 2 Firefox, Thunderbird | 2025-04-07 | N/A | 7.4 HIGH |
| Leaking of file descriptors from the fork server to web content processes could allow for privilege escalation attacks. This vulnerability affects Firefox < 137 and Thunderbird < 137. | |||||
| CVE-2025-3033 | 1 Mozilla | 2 Firefox, Thunderbird | 2025-04-07 | N/A | 7.7 HIGH |
| After selecting a malicious Windows `.url` shortcut from the local filesystem, an unexpected file could be uploaded. *This bug only affects Firefox on Windows. Other operating systems are unaffected.* This vulnerability affects Firefox < 137 and Thunderbird < 137. | |||||
| CVE-2025-3034 | 1 Mozilla | 2 Firefox, Thunderbird | 2025-04-07 | N/A | 8.1 HIGH |
| Memory safety bugs present in Firefox 136 and Thunderbird 136. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 137 and Thunderbird < 137. | |||||
| CVE-2024-11702 | 1 Mozilla | 2 Firefox, Thunderbird | 2025-04-05 | N/A | 7.5 HIGH |
| Copying sensitive information from Private Browsing tabs on Android, such as passwords, may have inadvertently stored data in the cloud-based clipboard history if enabled. This vulnerability affects Firefox < 133 and Thunderbird < 133. | |||||
| CVE-2024-11701 | 1 Mozilla | 2 Firefox, Thunderbird | 2025-04-05 | N/A | 4.3 MEDIUM |
| The incorrect domain may have been displayed in the address bar during an interrupted navigation attempt. This could have led to user confusion and possible spoofing attacks. This vulnerability affects Firefox < 133 and Thunderbird < 133. | |||||
| CVE-2024-5688 | 1 Mozilla | 2 Firefox, Thunderbird | 2025-04-04 | N/A | 8.1 HIGH |
| If a garbage collection was triggered at the right time, a use-after-free could have occurred during object transplant. This vulnerability affects Firefox < 127, Firefox ESR < 115.12, and Thunderbird < 115.12. | |||||
| CVE-2024-11708 | 1 Mozilla | 2 Firefox, Thunderbird | 2025-04-04 | N/A | 6.5 MEDIUM |
| Missing thread synchronization primitives could have led to a data race on members of the PlaybackParams structure. This vulnerability affects Firefox < 133 and Thunderbird < 133. | |||||
| CVE-2025-1930 | 1 Mozilla | 2 Firefox, Thunderbird | 2025-04-04 | N/A | 8.8 HIGH |
| On Windows, a compromised content process could use bad StreamData sent over AudioIPC to trigger a use-after-free in the Browser process. This could have led to a sandbox escape. This vulnerability affects Firefox < 136, Firefox ESR < 115.21, Firefox ESR < 128.8, Thunderbird < 136, and Thunderbird < 128.8. | |||||
| CVE-2024-6600 | 1 Mozilla | 2 Firefox, Thunderbird | 2025-04-04 | N/A | 6.3 MEDIUM |
| Due to large allocation checks in Angle for GLSL shaders being too lenient an out-of-bounds access could occur when allocating more than 8192 ints in private shader memory on mac OS. This vulnerability affects Firefox < 128, Firefox ESR < 115.13, Thunderbird < 115.13, and Thunderbird < 128. | |||||
| CVE-2024-6601 | 1 Mozilla | 2 Firefox, Thunderbird | 2025-04-04 | N/A | 4.7 MEDIUM |
| A race condition could lead to a cross-origin container obtaining permissions of the top-level origin. This vulnerability affects Firefox < 128, Firefox ESR < 115.13, Thunderbird < 115.13, and Thunderbird < 128. | |||||
| CVE-2024-6602 | 1 Mozilla | 2 Firefox, Thunderbird | 2025-04-04 | N/A | 9.8 CRITICAL |
| A mismatch between allocator and deallocator could have led to memory corruption. This vulnerability affects Firefox < 128, Firefox ESR < 115.13, Thunderbird < 115.13, and Thunderbird < 128. | |||||
| CVE-2024-6603 | 1 Mozilla | 2 Firefox, Thunderbird | 2025-04-04 | N/A | 7.4 HIGH |
| In an out-of-memory scenario an allocation could fail but free would have been called on the pointer afterwards leading to memory corruption. This vulnerability affects Firefox < 128, Firefox ESR < 115.13, Thunderbird < 115.13, and Thunderbird < 128. | |||||
| CVE-2024-6604 | 1 Mozilla | 2 Firefox, Thunderbird | 2025-04-04 | N/A | 7.5 HIGH |
| Memory safety bugs present in Firefox 127, Firefox ESR 115.12, and Thunderbird 115.12. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 128, Firefox ESR < 115.13, Thunderbird < 115.13, and Thunderbird < 128. | |||||
| CVE-2024-6606 | 1 Mozilla | 2 Firefox, Thunderbird | 2025-04-04 | N/A | 8.2 HIGH |
| Clipboard code failed to check the index on an array access. This could have led to an out-of-bounds read. This vulnerability affects Firefox < 128 and Thunderbird < 128. | |||||