Total
1947 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-7819 | 3 Debian, Mozilla, Redhat | 8 Debian Linux, Firefox, Thunderbird and 5 more | 2025-11-25 | 7.5 HIGH | 9.8 CRITICAL |
| A use-after-free vulnerability can occur in design mode when image objects are resized if objects referenced during the resizing have been freed from memory. This results in a potentially exploitable crash. This vulnerability affects Firefox < 56, Firefox ESR < 52.4, and Thunderbird < 52.4. | |||||
| CVE-2018-12387 | 4 Canonical, Debian, Mozilla and 1 more | 9 Ubuntu Linux, Debian Linux, Firefox and 6 more | 2025-11-25 | 6.4 MEDIUM | 9.1 CRITICAL |
| A vulnerability where the JavaScript JIT compiler inlines Array.prototype.push with multiple arguments that results in the stack pointer being off by 8 bytes after a bailout. This leaks a memory address to the calling function which can be used as part of an exploit inside the sandboxed content process. This vulnerability affects Firefox ESR < 60.2.2 and Firefox < 62.0.3. | |||||
| CVE-2017-5383 | 3 Debian, Mozilla, Redhat | 9 Debian Linux, Firefox, Thunderbird and 6 more | 2025-11-25 | 5.0 MEDIUM | 5.3 MEDIUM |
| URLs containing certain unicode glyphs for alternative hyphens and quotes do not properly trigger punycode display, allowing for domain name spoofing attacks in the location bar. This vulnerability affects Thunderbird < 45.7, Firefox ESR < 45.7, and Firefox < 51. | |||||
| CVE-2017-7779 | 3 Debian, Mozilla, Redhat | 8 Debian Linux, Firefox, Thunderbird and 5 more | 2025-11-25 | 10.0 HIGH | 9.8 CRITICAL |
| Memory safety bugs were reported in Firefox 54, Firefox ESR 52.2, and Thunderbird 52.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55. | |||||
| CVE-2018-12378 | 4 Canonical, Debian, Mozilla and 1 more | 10 Ubuntu Linux, Debian Linux, Firefox and 7 more | 2025-11-25 | 7.5 HIGH | 9.8 CRITICAL |
| A use-after-free vulnerability can occur when an IndexedDB index is deleted while still in use by JavaScript code that is providing payload values to be stored. This results in a potentially exploitable crash. This vulnerability affects Firefox < 62, Firefox ESR < 60.2, and Thunderbird < 60.2.1. | |||||
| CVE-2014-1477 | 7 Canonical, Debian, Fedoraproject and 4 more | 17 Ubuntu Linux, Debian Linux, Fedora and 14 more | 2025-11-25 | 6.8 MEDIUM | 9.8 CRITICAL |
| Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, and SeaMonkey before 2.24 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | |||||
| CVE-2017-5402 | 3 Debian, Mozilla, Redhat | 9 Debian Linux, Firefox, Thunderbird and 6 more | 2025-11-25 | 7.5 HIGH | 9.8 CRITICAL |
| A use-after-free can occur when events are fired for a "FontFace" object after the object has been already been destroyed while working with fonts. This results in a potentially exploitable crash. This vulnerability affects Firefox < 52, Firefox ESR < 45.8, Thunderbird < 52, and Thunderbird < 45.8. | |||||
| CVE-2017-5404 | 3 Debian, Mozilla, Redhat | 9 Debian Linux, Firefox, Thunderbird and 6 more | 2025-11-25 | 7.5 HIGH | 9.8 CRITICAL |
| A use-after-free error can occur when manipulating ranges in selections with one node inside a native anonymous tree and one node outside of it. This results in a potentially exploitable crash. This vulnerability affects Firefox < 52, Firefox ESR < 45.8, Thunderbird < 52, and Thunderbird < 45.8. | |||||
| CVE-2018-5144 | 4 Canonical, Debian, Mozilla and 1 more | 9 Ubuntu Linux, Debian Linux, Firefox and 6 more | 2025-11-25 | 7.5 HIGH | 7.3 HIGH |
| An integer overflow can occur during conversion of text to some Unicode character sets due to an unchecked length parameter. This vulnerability affects Firefox ESR < 52.7 and Thunderbird < 52.7. | |||||
| CVE-2014-1486 | 7 Canonical, Debian, Fedoraproject and 4 more | 16 Ubuntu Linux, Debian Linux, Fedora and 13 more | 2025-11-25 | 10.0 HIGH | 9.8 CRITICAL |
| Use-after-free vulnerability in the imgRequestProxy function in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, and SeaMonkey before 2.24 allows remote attackers to execute arbitrary code via vectors involving unspecified Content-Type values for image data. | |||||
| CVE-2014-1508 | 6 Canonical, Debian, Mozilla and 3 more | 16 Ubuntu Linux, Debian Linux, Firefox and 13 more | 2025-11-25 | 6.4 MEDIUM | 9.1 CRITICAL |
| The libxul.so!gfxContext::Polygon function in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allows remote attackers to obtain sensitive information from process memory, cause a denial of service (out-of-bounds read and application crash), or possibly bypass the Same Origin Policy via vectors involving MathML polygon rendering. | |||||
| CVE-2013-5618 | 6 Canonical, Fedoraproject, Mozilla and 3 more | 16 Ubuntu Linux, Fedora, Firefox and 13 more | 2025-11-25 | 10.0 HIGH | 9.8 CRITICAL |
| Use-after-free vulnerability in the nsNodeUtils::LastRelease function in the table-editing user interface in the editor component in Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before 2.23 allows remote attackers to execute arbitrary code by triggering improper garbage collection. | |||||
| CVE-2017-5470 | 3 Debian, Mozilla, Redhat | 9 Debian Linux, Firefox, Thunderbird and 6 more | 2025-11-25 | 7.5 HIGH | 9.8 CRITICAL |
| Memory safety bugs were reported in Firefox 53 and Firefox ESR 52.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and Thunderbird < 52.2. | |||||
| CVE-2017-5459 | 3 Debian, Mozilla, Redhat | 8 Debian Linux, Firefox, Thunderbird and 5 more | 2025-11-25 | 7.5 HIGH | 9.8 CRITICAL |
| A buffer overflow in WebGL triggerable by web content, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53. | |||||
| CVE-2017-7749 | 3 Debian, Mozilla, Redhat | 9 Debian Linux, Firefox, Thunderbird and 6 more | 2025-11-25 | 7.5 HIGH | 9.8 CRITICAL |
| A use-after-free vulnerability when using an incorrect URL during the reloading of a docshell. This results in a potentially exploitable crash. This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and Thunderbird < 52.2. | |||||
| CVE-2017-5434 | 3 Debian, Mozilla, Redhat | 6 Debian Linux, Firefox, Thunderbird and 3 more | 2025-11-25 | 7.5 HIGH | 9.8 CRITICAL |
| A use-after-free vulnerability occurs when redirecting focus handling which results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53. | |||||
| CVE-2018-5130 | 4 Canonical, Debian, Mozilla and 1 more | 8 Ubuntu Linux, Debian Linux, Firefox and 5 more | 2025-11-25 | 6.8 MEDIUM | 8.8 HIGH |
| When packets with a mismatched RTP payload type are sent in WebRTC connections, in some circumstances a potentially exploitable crash is triggered. This vulnerability affects Firefox ESR < 52.7 and Firefox < 59. | |||||
| CVE-2017-7824 | 3 Debian, Mozilla, Redhat | 8 Debian Linux, Firefox, Thunderbird and 5 more | 2025-11-25 | 7.5 HIGH | 9.8 CRITICAL |
| A buffer overflow occurs when drawing and validating elements with the ANGLE graphics library, used for WebGL content. This is due to an incorrect value being passed within the library during checks and results in a potentially exploitable crash. This vulnerability affects Firefox < 56, Firefox ESR < 52.4, and Thunderbird < 52.4. | |||||
| CVE-2018-12405 | 4 Canonical, Debian, Mozilla and 1 more | 10 Ubuntu Linux, Debian Linux, Firefox and 7 more | 2025-11-25 | 7.5 HIGH | 9.8 CRITICAL |
| Mozilla developers and community members reported memory safety bugs present in Firefox 63 and Firefox ESR 60.3. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 60.4, Firefox ESR < 60.4, and Firefox < 64. | |||||
| CVE-2018-5096 | 3 Debian, Mozilla, Redhat | 9 Debian Linux, Firefox, Thunderbird and 6 more | 2025-11-25 | 7.5 HIGH | 9.8 CRITICAL |
| A use-after-free vulnerability can occur while editing events in form elements on a page, resulting in a potentially exploitable crash. This vulnerability affects Firefox ESR < 52.6 and Thunderbird < 52.6. | |||||