Filtered by vendor Mozilla
Subscribe
Total
3610 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2026-6770 | 1 Mozilla | 2 Firefox, Thunderbird | 2026-04-22 | N/A | 6.5 MEDIUM |
| Other issue in the Storage: IndexedDB component. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10. | |||||
| CVE-2026-6769 | 1 Mozilla | 2 Firefox, Thunderbird | 2026-04-22 | N/A | 8.8 HIGH |
| Privilege escalation in the Debugger component. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10. | |||||
| CVE-2026-6768 | 1 Mozilla | 2 Firefox, Thunderbird | 2026-04-22 | N/A | 9.8 CRITICAL |
| Mitigation bypass in the Networking: Cookies component. This vulnerability was fixed in Firefox 150 and Thunderbird 150. | |||||
| CVE-2026-6766 | 1 Mozilla | 2 Firefox, Thunderbird | 2026-04-22 | N/A | 7.5 HIGH |
| Incorrect boundary conditions in the Libraries component in NSS. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10. | |||||
| CVE-2026-6761 | 1 Mozilla | 2 Firefox, Thunderbird | 2026-04-22 | N/A | 8.8 HIGH |
| Privilege escalation in the Networking component. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10. | |||||
| CVE-2026-6758 | 1 Mozilla | 2 Firefox, Thunderbird | 2026-04-22 | N/A | 7.5 HIGH |
| Use-after-free in the JavaScript: WebAssembly component. This vulnerability was fixed in Firefox 150 and Thunderbird 150. | |||||
| CVE-2026-6754 | 1 Mozilla | 2 Firefox, Thunderbird | 2026-04-22 | N/A | 7.5 HIGH |
| Use-after-free in the JavaScript Engine component. This vulnerability was fixed in Firefox 150, Firefox ESR 115.35, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10. | |||||
| CVE-2026-6749 | 1 Mozilla | 2 Firefox, Thunderbird | 2026-04-22 | N/A | 7.5 HIGH |
| Information disclosure due to uninitialized memory in the Graphics: Canvas2D component. This vulnerability was fixed in Firefox 150, Firefox ESR 115.35, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10. | |||||
| CVE-2026-6748 | 1 Mozilla | 2 Firefox, Thunderbird | 2026-04-22 | N/A | 9.8 CRITICAL |
| Uninitialized memory in the Audio/Video: Web Codecs component. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10. | |||||
| CVE-2026-6747 | 1 Mozilla | 2 Firefox, Thunderbird | 2026-04-22 | N/A | 7.5 HIGH |
| Use-after-free in the WebRTC component. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10. | |||||
| CVE-2026-6746 | 1 Mozilla | 2 Firefox, Thunderbird | 2026-04-22 | N/A | 7.5 HIGH |
| Use-after-free in the DOM: Core & HTML component. This vulnerability was fixed in Firefox 150, Firefox ESR 115.35, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10. | |||||
| CVE-2010-3765 | 1 Mozilla | 3 Firefox, Seamonkey, Thunderbird | 2026-04-22 | 9.3 HIGH | 9.8 CRITICAL |
| Mozilla Firefox 3.5.x through 3.5.14 and 3.6.x through 3.6.11, Thunderbird 3.1.6 before 3.1.6 and 3.0.x before 3.0.10, and SeaMonkey 2.x before 2.0.10, when JavaScript is enabled, allows remote attackers to execute arbitrary code via vectors related to nsCSSFrameConstructor::ContentAppended, the appendChild method, incorrect index tracking, and the creation of multiple frames, which triggers memory corruption, as exploited in the wild in October 2010 by the Belmoo malware. | |||||
| CVE-2015-4495 | 6 Canonical, Mozilla, Opensuse and 3 more | 15 Ubuntu Linux, Firefox, Firefox Os and 12 more | 2026-04-22 | 4.3 MEDIUM | 8.8 HIGH |
| The PDF reader in Mozilla Firefox before 39.0.3, Firefox ESR 38.x before 38.1.1, and Firefox OS before 2.2 allows remote attackers to bypass the Same Origin Policy, and read arbitrary files or gain privileges, via vectors involving crafted JavaScript code and a native setter, as exploited in the wild in August 2015. | |||||
| CVE-2026-2781 | 1 Mozilla | 2 Firefox, Thunderbird | 2026-04-21 | N/A | 9.8 CRITICAL |
| Integer overflow in the Libraries component in NSS. This vulnerability was fixed in Firefox 148, Firefox ESR 140.8, Thunderbird 148, Thunderbird 140.8, and Firefox ESR 115.35. | |||||
| CVE-2006-0749 | 1 Mozilla | 4 Firefox, Mozilla Suite, Seamonkey and 1 more | 2026-04-16 | 9.3 HIGH | N/A |
| nsHTMLContentSink.cpp in Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown vectors involving a "particular sequence of HTML tags" that leads to memory corruption. | |||||
| CVE-2026-5731 | 1 Mozilla | 2 Firefox, Thunderbird | 2026-04-16 | N/A | 9.8 CRITICAL |
| Memory safety bugs present in Firefox ESR 115.34.0, Firefox ESR 140.9.0, Thunderbird ESR 140.9.0, Firefox 149.0.1 and Thunderbird 149.0.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 149.0.2, Firefox ESR 115.34.1, Firefox ESR 140.9.1, Thunderbird 149.0.2, and Thunderbird 140.9.1. | |||||
| CVE-2005-0584 | 1 Mozilla | 2 Firefox, Mozilla | 2026-04-16 | 2.6 LOW | N/A |
| Firefox before 1.0.1 and Mozilla before 1.7.6, when displaying the HTTP Authentication dialog, do not change the focus to the tab that generated the prompt, which could facilitate spoofing and phishing attacks. | |||||
| CVE-2006-2057 | 1 Mozilla | 1 Firefox | 2026-04-16 | 5.0 MEDIUM | N/A |
| Argument injection vulnerability in Mozilla Firefox 1.0.6 allows user-assisted remote attackers to modify command line arguments to an invoked mail client via " (double quote) characters in a mailto: scheme handler, as demonstrated by launching Microsoft Outlook with an arbitrary filename as an attachment. NOTE: it is not clear whether this issue is implementation-specific or a problem in the Microsoft API. | |||||
| CVE-2005-2702 | 1 Mozilla | 2 Firefox, Mozilla Suite | 2026-04-16 | 7.5 HIGH | N/A |
| Firefox before 1.0.7 and Mozilla Suite before 1.7.12 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via Unicode sequences with "zero-width non-joiner" characters. | |||||
| CVE-2004-0760 | 1 Mozilla | 1 Mozilla | 2026-04-16 | 6.4 MEDIUM | N/A |
| Mozilla allows remote attackers to cause Mozilla to open a URI as a different MIME type than expected via a null character (%00) in an FTP URI. | |||||