Filtered by vendor Mozilla Subscriptions
Filtered by product Firefox Esr Subscriptions
Total 781 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2020-6820 2 Mozilla, Redhat 5 Firefox, Firefox Esr, Thunderbird and 2 more 2025-02-07 8.1 High
Under certain conditions, when handling a ReadableStream, a race condition can cause a use-after-free. We are aware of targeted attacks in the wild abusing this flaw. This vulnerability affects Thunderbird < 68.7.0, Firefox < 74.0.1, and Firefox ESR < 68.6.1.
CVE-2020-6819 2 Mozilla, Redhat 5 Firefox, Firefox Esr, Thunderbird and 2 more 2025-02-07 8.1 High
Under certain conditions, when running the nsDocShell destructor, a race condition can cause a use-after-free. We are aware of targeted attacks in the wild abusing this flaw. This vulnerability affects Thunderbird < 68.7.0, Firefox < 74.0.1, and Firefox ESR < 68.6.1.
CVE-2019-17026 3 Canonical, Mozilla, Redhat 6 Ubuntu Linux, Firefox, Firefox Esr and 3 more 2025-02-07 8.8 High
Incorrect alias information in IonMonkey JIT compiler for setting array elements could lead to a type confusion. We are aware of targeted attacks in the wild abusing this flaw. This vulnerability affects Firefox ESR < 68.4.1, Thunderbird < 68.4.1, and Firefox < 72.0.1.
CVE-2019-11708 2 Mozilla, Redhat 4 Firefox, Firefox Esr, Thunderbird and 1 more 2025-02-07 10 Critical
Insufficient vetting of parameters passed with the Prompt:Open IPC message between child and parent processes can result in the non-sandboxed parent process opening web content chosen by a compromised child process. When combined with additional vulnerabilities this could result in executing arbitrary code on the user's computer. This vulnerability affects Firefox ESR < 60.7.2, Firefox < 67.0.4, and Thunderbird < 60.7.2.
CVE-2019-11707 2 Mozilla, Redhat 4 Firefox, Firefox Esr, Thunderbird and 1 more 2025-02-07 8.8 High
A type confusion vulnerability can occur when manipulating JavaScript objects due to issues in Array.pop. This can allow for an exploitable crash. We are aware of targeted attacks in the wild abusing this flaw. This vulnerability affects Firefox ESR < 60.7.1, Firefox < 67.0.3, and Thunderbird < 60.7.2.
CVE-2016-9079 5 Debian, Microsoft, Mozilla and 2 more 12 Debian Linux, Windows, Firefox and 9 more 2025-02-07 7.5 High
A use-after-free vulnerability in SVG Animation has been discovered. An exploit built on this vulnerability has been discovered in the wild targeting Firefox and Tor Browser users on Windows. This vulnerability affects Firefox < 50.0.2, Firefox ESR < 45.5.1, and Thunderbird < 45.5.1.
CVE-2023-32207 2 Mozilla, Redhat 8 Firefox, Firefox Esr, Thunderbird and 5 more 2025-01-31 8.8 High
A missing delay in popup notifications could have made it possible for an attacker to trick a user into granting permissions. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11.
CVE-2022-26486 2 Mozilla, Redhat 7 Firefox, Firefox Esr, Firefox Focus and 4 more 2025-01-28 9.6 Critical
An unexpected message in the WebGPU IPC framework could lead to a use-after-free and exploitable sandbox escape. We have had reports of attacks in the wild abusing this flaw. This vulnerability affects Firefox < 97.0.2, Firefox ESR < 91.6.1, Firefox for Android < 97.3.0, Thunderbird < 91.6.2, and Focus < 97.3.0.
CVE-2022-26485 2 Mozilla, Redhat 7 Firefox, Firefox Esr, Firefox Focus and 4 more 2025-01-28 8.8 High
Removing an XSLT parameter during processing could have lead to an exploitable use-after-free. We have had reports of attacks in the wild abusing this flaw. This vulnerability affects Firefox < 97.0.2, Firefox ESR < 91.6.1, Firefox for Android < 97.3.0, Thunderbird < 91.6.2, and Focus < 97.3.0.
CVE-2023-29550 2 Mozilla, Redhat 9 Firefox, Firefox Esr, Focus and 6 more 2025-01-10 8.8 High
Memory safety bugs present in Firefox 111 and Firefox ESR 102.9. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 112, Focus for Android < 112, Firefox ESR < 102.10, Firefox for Android < 112, and Thunderbird < 102.10.
CVE-2023-29548 2 Mozilla, Redhat 9 Firefox, Firefox Esr, Focus and 6 more 2025-01-10 6.5 Medium
A wrong lowering instruction in the ARM64 Ion compiler resulted in a wrong optimization result. This vulnerability affects Firefox < 112, Focus for Android < 112, Firefox ESR < 102.10, Firefox for Android < 112, and Thunderbird < 102.10.
CVE-2023-29547 1 Mozilla 3 Firefox, Firefox Esr, Focus 2025-01-10 6.5 Medium
When a secure cookie existed in the Firefox cookie jar an insecure cookie for the same domain could have been created, when it should have silently failed. This could have led to a desynchronization in expected results when reading from the secure cookie. This vulnerability affects Firefox for Android < 112, Firefox < 112, and Focus for Android < 112.
CVE-2023-29541 2 Mozilla, Redhat 9 Firefox, Firefox Esr, Focus and 6 more 2025-01-10 8.8 High
Firefox did not properly handle downloads of files ending in <code>.desktop</code>, which can be interpreted to run attacker-controlled commands. <br>*This bug only affects Firefox for Linux on certain Distributions. Other operating systems are unaffected, and Mozilla is unable to enumerate all affected Linux Distributions.*. This vulnerability affects Firefox < 112, Focus for Android < 112, Firefox ESR < 102.10, Firefox for Android < 112, and Thunderbird < 102.10.
CVE-2023-23602 2 Mozilla, Redhat 8 Firefox, Firefox Esr, Thunderbird and 5 more 2025-01-10 6.5 Medium
A mishandled security check when creating a WebSocket in a WebWorker caused the Content Security Policy connect-src header to be ignored. This could lead to connections to restricted origins from inside WebWorkers. This vulnerability affects Firefox < 109, Thunderbird < 102.7, and Firefox ESR < 102.7.
CVE-2023-25730 2 Mozilla, Redhat 8 Firefox, Firefox Esr, Thunderbird and 5 more 2025-01-10 5.4 Medium
A background script invoking <code>requestFullscreen</code> and then blocking the main thread could force the browser into fullscreen mode indefinitely, resulting in potential user confusion or spoofing attacks. This vulnerability affects Firefox < 110, Thunderbird < 102.8, and Firefox ESR < 102.8.
CVE-2023-25729 2 Mozilla, Redhat 8 Firefox, Firefox Esr, Thunderbird and 5 more 2025-01-10 8.8 High
Permission prompts for opening external schemes were only shown for <code>ContentPrincipals</code> resulting in extensions being able to open them without user interaction via <code>ExpandedPrincipals</code>. This could lead to further malicious actions such as downloading files or interacting with software already installed on the system. This vulnerability affects Firefox < 110, Thunderbird < 102.8, and Firefox ESR < 102.8.
CVE-2023-25728 2 Mozilla, Redhat 8 Firefox, Firefox Esr, Thunderbird and 5 more 2025-01-10 6.5 Medium
The <code>Content-Security-Policy-Report-Only</code> header could allow an attacker to leak a child iframe's unredacted URI when interaction with that iframe triggers a redirect. This vulnerability affects Firefox < 110, Thunderbird < 102.8, and Firefox ESR < 102.8.
CVE-2023-23605 2 Mozilla, Redhat 8 Firefox, Firefox Esr, Thunderbird and 5 more 2025-01-10 8.8 High
Memory safety bugs present in Firefox 108 and Firefox ESR 102.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 109, Thunderbird < 102.7, and Firefox ESR < 102.7.
CVE-2023-23603 2 Mozilla, Redhat 8 Firefox, Firefox Esr, Thunderbird and 5 more 2025-01-10 6.5 Medium
Regular expressions used to filter out forbidden properties and values from style directives in calls to <code>console.log</code> weren't accounting for external URLs. Data could then be potentially exfiltrated from the browser. This vulnerability affects Firefox < 109, Thunderbird < 102.7, and Firefox ESR < 102.7.
CVE-2023-25735 2 Mozilla, Redhat 8 Firefox, Firefox Esr, Thunderbird and 5 more 2025-01-09 8.8 High
Cross-compartment wrappers wrapping a scripted proxy could have caused objects from other compartments to be stored in the main compartment resulting in a use-after-free after unwrapping the proxy. This vulnerability affects Firefox < 110, Thunderbird < 102.8, and Firefox ESR < 102.8.