Filtered by vendor Mozilla
Subscribe
Total
3234 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-11693 | 1 Mozilla | 2 Firefox, Thunderbird | 2025-04-03 | N/A | 9.8 CRITICAL |
| The executable file warning was not presented when downloading .library-ms files. *Note: This issue only affected Windows operating systems. Other operating systems are unaffected.* This vulnerability affects Firefox < 133, Firefox ESR < 128.5, Thunderbird < 133, and Thunderbird < 128.5. | |||||
| CVE-2025-27425 | 2 Apple, Mozilla | 2 Iphone Os, Firefox | 2025-04-03 | N/A | 4.3 MEDIUM |
| Scanning certain QR codes that included text with a website URL could allow the URL to be opened without presenting the user with a confirmation alert first This vulnerability affects Firefox for iOS < 136. | |||||
| CVE-2025-1943 | 1 Mozilla | 2 Firefox, Thunderbird | 2025-04-03 | N/A | 8.2 HIGH |
| Memory safety bugs present in Firefox 135 and Thunderbird 135. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 136 and Thunderbird < 136. | |||||
| CVE-2025-27426 | 2 Apple, Mozilla | 2 Iphone Os, Firefox | 2025-04-03 | N/A | 5.4 MEDIUM |
| Malicious websites utilizing a server-side redirect to an internal error page could result in a spoofed website URL This vulnerability affects Firefox for iOS < 136. | |||||
| CVE-2025-26695 | 1 Mozilla | 1 Thunderbird | 2025-04-03 | N/A | 5.3 MEDIUM |
| When requesting an OpenPGP key from a WKD server, an incorrect padding size was used and a network observer could have learned the length of the requested email address. This vulnerability affects Thunderbird < 136 and Thunderbird < 128.8. | |||||
| CVE-2025-26696 | 1 Mozilla | 1 Thunderbird | 2025-04-03 | N/A | 7.0 HIGH |
| Certain crafted MIME email messages that claimed to contain an encrypted OpenPGP message, which instead contained an OpenPGP signed message, were wrongly shown as being encrypted. This vulnerability affects Thunderbird < 136 and Thunderbird < 128.8. | |||||
| CVE-2025-1940 | 1 Mozilla | 1 Firefox | 2025-04-03 | N/A | 7.1 HIGH |
| A select option could partially obscure the confirmation prompt shown before launching external apps. This could be used to trick a user in to launching an external app unexpectedly. *This issue only affects Android versions of Firefox.* This vulnerability affects Firefox < 136. | |||||
| CVE-2025-1939 | 1 Mozilla | 1 Firefox | 2025-04-03 | N/A | 3.9 LOW |
| Android apps can load web pages using the Custom Tabs feature. This feature supports a transition animation that could have been used to trick a user into granting sensitive permissions by hiding what the user was actually clicking. This vulnerability affects Firefox < 136. | |||||
| CVE-2025-1938 | 1 Mozilla | 2 Firefox, Thunderbird | 2025-04-03 | N/A | 6.5 MEDIUM |
| Memory safety bugs present in Firefox 135, Thunderbird 135, Firefox ESR 128.7, and Thunderbird 128.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 136, Firefox ESR < 128.8, Thunderbird < 136, and Thunderbird < 128.8. | |||||
| CVE-2025-1937 | 1 Mozilla | 2 Firefox, Thunderbird | 2025-04-03 | N/A | 7.5 HIGH |
| Memory safety bugs present in Firefox 135, Thunderbird 135, Firefox ESR 115.20, Firefox ESR 128.7, and Thunderbird 128.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 136, Firefox ESR < 115.21, Firefox ESR < 128.8, Thunderbird < 136, and Thunderbird < 128.8. | |||||
| CVE-2025-1935 | 1 Mozilla | 2 Firefox, Thunderbird | 2025-04-03 | N/A | 4.3 MEDIUM |
| A web page could trick a user into setting that site as the default handler for a custom URL protocol. This vulnerability affects Firefox < 136, Firefox ESR < 128.8, Thunderbird < 136, and Thunderbird < 128.8. | |||||
| CVE-2025-1934 | 1 Mozilla | 2 Firefox, Thunderbird | 2025-04-03 | N/A | 6.5 MEDIUM |
| It was possible to interrupt the processing of a RegExp bailout and run additional JavaScript, potentially triggering garbage collection when the engine was not expecting it. This vulnerability affects Firefox < 136, Firefox ESR < 128.8, Thunderbird < 136, and Thunderbird < 128.8. | |||||
| CVE-2025-1933 | 1 Mozilla | 2 Firefox, Thunderbird | 2025-04-03 | N/A | 7.6 HIGH |
| On 64-bit CPUs, when the JIT compiles WASM i32 return values they can pick up bits from left over memory. This can potentially cause them to be treated as a different type. This vulnerability affects Firefox < 136, Firefox ESR < 115.21, Firefox ESR < 128.8, Thunderbird < 136, and Thunderbird < 128.8. | |||||
| CVE-2025-1931 | 1 Mozilla | 2 Firefox, Thunderbird | 2025-04-03 | N/A | 7.5 HIGH |
| It was possible to cause a use-after-free in the content process side of a WebTransport connection, leading to a potentially exploitable crash. This vulnerability affects Firefox < 136, Firefox ESR < 115.21, Firefox ESR < 128.8, Thunderbird < 136, and Thunderbird < 128.8. | |||||
| CVE-2005-0584 | 1 Mozilla | 2 Firefox, Mozilla | 2025-04-03 | 2.6 LOW | N/A |
| Firefox before 1.0.1 and Mozilla before 1.7.6, when displaying the HTTP Authentication dialog, do not change the focus to the tab that generated the prompt, which could facilitate spoofing and phishing attacks. | |||||
| CVE-2006-2057 | 1 Mozilla | 1 Firefox | 2025-04-03 | 5.0 MEDIUM | N/A |
| Argument injection vulnerability in Mozilla Firefox 1.0.6 allows user-assisted remote attackers to modify command line arguments to an invoked mail client via " (double quote) characters in a mailto: scheme handler, as demonstrated by launching Microsoft Outlook with an arbitrary filename as an attachment. NOTE: it is not clear whether this issue is implementation-specific or a problem in the Microsoft API. | |||||
| CVE-2005-2702 | 1 Mozilla | 2 Firefox, Mozilla Suite | 2025-04-03 | 7.5 HIGH | N/A |
| Firefox before 1.0.7 and Mozilla Suite before 1.7.12 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via Unicode sequences with "zero-width non-joiner" characters. | |||||
| CVE-2004-0760 | 1 Mozilla | 1 Mozilla | 2025-04-03 | 6.4 MEDIUM | N/A |
| Mozilla allows remote attackers to cause Mozilla to open a URI as a different MIME type than expected via a null character (%00) in an FTP URI. | |||||
| CVE-2005-2705 | 1 Mozilla | 2 Firefox, Mozilla Suite | 2025-04-03 | 7.5 HIGH | N/A |
| Integer overflow in the JavaScript engine in Firefox before 1.0.7 and Mozilla Suite before 1.7.12 might allow remote attackers to execute arbitrary code. | |||||
| CVE-2005-0589 | 1 Mozilla | 1 Firefox | 2025-04-03 | 5.0 MEDIUM | N/A |
| The Form Fill feature in Firefox before 1.0.1 allows remote attackers to steal potentially sensitive information via an input control that monitors the values that are generated by the autocomplete capability. | |||||