Total
1552 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-6601 | 1 Mozilla | 2 Firefox, Thunderbird | 2025-04-04 | N/A | 4.7 MEDIUM |
| A race condition could lead to a cross-origin container obtaining permissions of the top-level origin. This vulnerability affects Firefox < 128, Firefox ESR < 115.13, Thunderbird < 115.13, and Thunderbird < 128. | |||||
| CVE-2024-6603 | 1 Mozilla | 2 Firefox, Thunderbird | 2025-04-04 | N/A | 7.4 HIGH |
| In an out-of-memory scenario an allocation could fail but free would have been called on the pointer afterwards leading to memory corruption. This vulnerability affects Firefox < 128, Firefox ESR < 115.13, Thunderbird < 115.13, and Thunderbird < 128. | |||||
| CVE-2024-6604 | 1 Mozilla | 2 Firefox, Thunderbird | 2025-04-04 | N/A | 7.5 HIGH |
| Memory safety bugs present in Firefox 127, Firefox ESR 115.12, and Thunderbird 115.12. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 128, Firefox ESR < 115.13, Thunderbird < 115.13, and Thunderbird < 128. | |||||
| CVE-2024-6606 | 1 Mozilla | 2 Firefox, Thunderbird | 2025-04-04 | N/A | 8.2 HIGH |
| Clipboard code failed to check the index on an array access. This could have led to an out-of-bounds read. This vulnerability affects Firefox < 128 and Thunderbird < 128. | |||||
| CVE-2024-6611 | 1 Mozilla | 2 Firefox, Thunderbird | 2025-04-04 | N/A | 9.8 CRITICAL |
| A nested iframe, triggering a cross-site navigation, could send SameSite=Strict or Lax cookies. This vulnerability affects Firefox < 128 and Thunderbird < 128. | |||||
| CVE-2024-6612 | 1 Mozilla | 2 Firefox, Thunderbird | 2025-04-04 | N/A | 5.3 MEDIUM |
| CSP violations generated links in the console tab of the developer tools, pointing to the violating resource. This caused a DNS prefetch which leaked that a CSP violation happened. This vulnerability affects Firefox < 128 and Thunderbird < 128. | |||||
| CVE-2024-6613 | 1 Mozilla | 2 Firefox, Thunderbird | 2025-04-04 | N/A | 5.5 MEDIUM |
| The frame iterator could get stuck in a loop when encountering certain wasm frames leading to incorrect stack traces. This vulnerability affects Firefox < 128 and Thunderbird < 128. | |||||
| CVE-2024-6614 | 1 Mozilla | 2 Firefox, Thunderbird | 2025-04-04 | N/A | 4.3 MEDIUM |
| The frame iterator could get stuck in a loop when encountering certain wasm frames leading to incorrect stack traces. This vulnerability affects Firefox < 128 and Thunderbird < 128. | |||||
| CVE-2024-6615 | 1 Mozilla | 2 Firefox, Thunderbird | 2025-04-04 | N/A | 8.8 HIGH |
| Memory safety bugs present in Firefox 127 and Thunderbird 127. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 128 and Thunderbird < 128. | |||||
| CVE-2024-5702 | 1 Mozilla | 2 Firefox, Thunderbird | 2025-04-04 | N/A | 7.5 HIGH |
| Memory corruption in the networking stack could have led to a potentially exploitable crash. This vulnerability affects Firefox < 125, Firefox ESR < 115.12, and Thunderbird < 115.12. | |||||
| CVE-2024-5700 | 1 Mozilla | 2 Firefox, Thunderbird | 2025-04-04 | N/A | 7.0 HIGH |
| Memory safety bugs present in Firefox 126, Firefox ESR 115.11, and Thunderbird 115.11. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 127, Firefox ESR < 115.12, and Thunderbird < 115.12. | |||||
| CVE-2024-9396 | 1 Mozilla | 2 Firefox, Thunderbird | 2025-04-04 | N/A | 8.8 HIGH |
| It is currently unknown if this issue is exploitable but a condition may arise where the structured clone of certain objects could lead to memory corruption. This vulnerability affects Firefox < 131, Firefox ESR < 128.3, Thunderbird < 128.3, and Thunderbird < 131. | |||||
| CVE-2024-9400 | 1 Mozilla | 2 Firefox, Thunderbird | 2025-04-04 | N/A | 8.8 HIGH |
| A potential memory corruption vulnerability could be triggered if an attacker had the ability to trigger an OOM at a specific moment during JIT compilation. This vulnerability affects Firefox < 131, Firefox ESR < 128.3, Thunderbird < 128.3, and Thunderbird < 131. | |||||
| CVE-2024-9402 | 1 Mozilla | 2 Firefox, Thunderbird | 2025-04-04 | N/A | 9.8 CRITICAL |
| Memory safety bugs present in Firefox 130, Firefox ESR 128.2, and Thunderbird 128.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 131, Firefox ESR < 128.3, Thunderbird < 128.3, and Thunderbird < 131. | |||||
| CVE-2024-7652 | 1 Mozilla | 2 Firefox, Thunderbird | 2025-04-04 | N/A | 7.5 HIGH |
| An error in the ECMA-262 specification relating to Async Generators could have resulted in a type confusion, potentially leading to memory corruption and an exploitable crash. This vulnerability affects Firefox < 128, Firefox ESR < 115.13, Thunderbird < 115.13, and Thunderbird < 128. | |||||
| CVE-2025-0247 | 1 Mozilla | 2 Firefox, Thunderbird | 2025-04-03 | N/A | 9.8 CRITICAL |
| Memory safety bugs present in Firefox 133 and Thunderbird 133. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 134 and Thunderbird < 134. | |||||
| CVE-2024-11700 | 1 Mozilla | 2 Firefox, Thunderbird | 2025-04-03 | N/A | 8.1 HIGH |
| Malicious websites may have been able to perform user intent confirmation through tapjacking. This could have led to users unknowingly approving the launch of external applications, potentially exposing them to underlying vulnerabilities. This vulnerability affects Firefox < 133 and Thunderbird < 133. | |||||
| CVE-2024-11693 | 1 Mozilla | 2 Firefox, Thunderbird | 2025-04-03 | N/A | 9.8 CRITICAL |
| The executable file warning was not presented when downloading .library-ms files. *Note: This issue only affected Windows operating systems. Other operating systems are unaffected.* This vulnerability affects Firefox < 133, Firefox ESR < 128.5, Thunderbird < 133, and Thunderbird < 128.5. | |||||
| CVE-2025-1943 | 1 Mozilla | 2 Firefox, Thunderbird | 2025-04-03 | N/A | 8.2 HIGH |
| Memory safety bugs present in Firefox 135 and Thunderbird 135. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 136 and Thunderbird < 136. | |||||
| CVE-2025-26695 | 1 Mozilla | 1 Thunderbird | 2025-04-03 | N/A | 5.3 MEDIUM |
| When requesting an OpenPGP key from a WKD server, an incorrect padding size was used and a network observer could have learned the length of the requested email address. This vulnerability affects Thunderbird < 136 and Thunderbird < 128.8. | |||||