Filtered by vendor Mozilla
Subscribe
Total
3234 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2008-4059 | 1 Mozilla | 1 Firefox | 2025-04-09 | 7.5 HIGH | N/A |
| The XPConnect component in Mozilla Firefox before 2.0.0.17 allows remote attackers to "pollute XPCNativeWrappers" and execute arbitrary code with chrome privileges via vectors related to a SCRIPT element. | |||||
| CVE-2007-2292 | 2 Microsoft, Mozilla | 3 Internet Explorer, Firefox, Seamonkey | 2025-04-09 | 4.3 MEDIUM | N/A |
| CRLF injection vulnerability in the Digest Authentication support for Mozilla Firefox before 2.0.0.8 and SeaMonkey before 1.1.5 allows remote attackers to conduct HTTP request splitting attacks via LF (%0a) bytes in the username attribute. | |||||
| CVE-2007-0792 | 1 Mozilla | 1 Bugzilla | 2025-04-09 | 7.5 HIGH | N/A |
| The mod_perl initialization script in Bugzilla 2.23.3 does not set the Bugzilla Apache configuration to allow .htaccess permissions to override file permissions, which allows remote attackers to obtain the database username and password via a direct request for the localconfig file. | |||||
| CVE-2008-0415 | 1 Mozilla | 3 Firefox, Seamonkey, Thunderbird | 2025-04-09 | 4.3 MEDIUM | N/A |
| Mozilla Firefox before 2.0.0.12, Thunderbird before 2.0.0.12, and SeaMonkey before 1.1.8 allows remote attackers to execute script outside of the sandbox and conduct cross-site scripting (XSS) attacks via multiple vectors including the XMLDocument.load function, aka "JavaScript privilege escalation bugs." | |||||
| CVE-2007-4357 | 1 Mozilla | 1 Firefox | 2025-04-09 | 5.0 MEDIUM | N/A |
| Mozilla Firefox 2.0.0.6 and earlier allows remote attackers to spoof the contents of the status bar via a link to a data: URI containing an encoded URL. NOTE: the severity of this issue has been disputed by a reliable third party, since the intended functionality of the status bar allows it to be modified. | |||||
| CVE-2007-3734 | 1 Mozilla | 2 Firefox, Thunderbird | 2025-04-09 | 9.3 HIGH | N/A |
| Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 2.0.0.5 and Thunderbird before 2.0.0.5 allow remote attackers to cause a denial of service (crash) via unspecified vectors that trigger memory corruption. | |||||
| CVE-2008-3835 | 1 Mozilla | 3 Firefox, Seamonkey, Thunderbird | 2025-04-09 | 7.5 HIGH | N/A |
| The nsXMLDocument::OnChannelRedirect function in Mozilla Firefox before 2.0.0.17, Thunderbird before 2.0.0.17, and SeaMonkey before 1.1.12 allows remote attackers to bypass the Same Origin Policy and execute arbitrary JavaScript code via unknown vectors. | |||||
| CVE-2009-3125 | 1 Mozilla | 1 Bugzilla | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Bug.search WebService function in Bugzilla 3.3.2 through 3.4.1, and 3.5, allows remote attackers to execute arbitrary SQL commands via unspecified parameters. | |||||
| CVE-2009-2468 | 1 Mozilla | 1 Firefox | 2025-04-09 | 10.0 HIGH | N/A |
| Integer overflow in Apple CoreGraphics, as used in Safari before 4.0.3, Mozilla Firefox before 3.0.12, and Mac OS X 10.4.11 and 10.5.8, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long text run that triggers a heap-based buffer overflow during font glyph rendering, a related issue to CVE-2009-1194. | |||||
| CVE-2008-5508 | 3 Canonical, Debian, Mozilla | 5 Ubuntu Linux, Debian Linux, Firefox and 2 more | 2025-04-09 | 4.3 MEDIUM | N/A |
| Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 does not properly parse URLs with leading whitespace or control characters, which might allow remote attackers to misrepresent URLs and simplify phishing attacks. | |||||
| CVE-2007-0779 | 1 Mozilla | 2 Firefox, Seamonkey | 2025-04-09 | 6.4 MEDIUM | N/A |
| GUI overlay vulnerability in Mozilla Firefox 1.5.x before 1.5.0.10 and 2.x before 2.0.0.2, and SeaMonkey before 1.0.8 allows remote attackers to spoof certain user interface elements, such as the host name or security indicators, via the CSS3 hotspot property with a large, transparent, custom cursor. | |||||
| CVE-2009-1306 | 1 Mozilla | 3 Firefox, Seamonkey, Thunderbird | 2025-04-09 | 4.3 MEDIUM | N/A |
| The jar: URI implementation in Mozilla Firefox before 3.0.9, Thunderbird, and SeaMonkey does not follow the Content-Disposition header of the inner URI, which allows remote attackers to conduct cross-site scripting (XSS) attacks and possibly other attacks via an uploaded .jar file with a "Content-Disposition: attachment" designation. | |||||
| CVE-2009-1310 | 1 Mozilla | 1 Firefox | 2025-04-09 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the MozSearch plugin implementation in Mozilla Firefox before 3.0.9 allows user-assisted remote attackers to inject arbitrary web script or HTML via a javascript: URI in the SearchForm element. | |||||
| CVE-2025-1013 | 1 Mozilla | 2 Firefox, Thunderbird | 2025-04-08 | N/A | 6.5 MEDIUM |
| A race condition could have led to private browsing tabs being opened in normal browsing windows. This could have resulted in a potential privacy leak. This vulnerability affects Firefox < 135, Firefox ESR < 128.7, Thunderbird < 128.7, and Thunderbird < 135. | |||||
| CVE-2024-11704 | 1 Mozilla | 2 Firefox, Thunderbird | 2025-04-07 | N/A | 9.8 CRITICAL |
| A double-free issue could have occurred in `sec_pkcs7_decoder_start_decrypt()` when handling an error path. Under specific conditions, the same symmetric key could have been freed twice, potentially leading to memory corruption. This vulnerability affects Firefox < 133, Thunderbird < 133, Firefox ESR < 128.7, and Thunderbird < 128.7. | |||||
| CVE-2024-11706 | 1 Mozilla | 2 Firefox, Thunderbird | 2025-04-07 | N/A | 6.5 MEDIUM |
| A null pointer dereference may have inadvertently occurred in `pk12util`, and specifically in the `SEC_ASN1DecodeItem_Util` function, when handling malformed or improperly formatted input files. This vulnerability affects Firefox < 133 and Thunderbird < 133. | |||||
| CVE-2025-3028 | 1 Mozilla | 2 Firefox, Thunderbird | 2025-04-07 | N/A | 6.5 MEDIUM |
| JavaScript code running while transforming a document with the XSLTProcessor could lead to a use-after-free. This vulnerability affects Firefox < 137, Firefox ESR < 115.22, Firefox ESR < 128.9, Thunderbird < 137, and Thunderbird < 128.9. | |||||
| CVE-2025-3029 | 1 Mozilla | 2 Firefox, Thunderbird | 2025-04-07 | N/A | 7.3 HIGH |
| A crafted URL containing specific Unicode characters could have hidden the true origin of the page, resulting in a potential spoofing attack. This vulnerability affects Firefox < 137, Firefox ESR < 128.9, Thunderbird < 137, and Thunderbird < 128.9. | |||||
| CVE-2025-3030 | 1 Mozilla | 2 Firefox, Thunderbird | 2025-04-07 | N/A | 8.1 HIGH |
| Memory safety bugs present in Firefox 136, Thunderbird 136, Firefox ESR 128.8, and Thunderbird 128.8. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 137, Firefox ESR < 128.9, Thunderbird < 137, and Thunderbird < 128.9. | |||||
| CVE-2025-3031 | 1 Mozilla | 2 Firefox, Thunderbird | 2025-04-07 | N/A | 6.5 MEDIUM |
| An attacker could read 32 bits of values spilled onto the stack in a JIT compiled function. This vulnerability affects Firefox < 137 and Thunderbird < 137. | |||||