Mozilla Mozilla

  1. Vendors
  2. Mozilla

Don't miss out!

Thousands of developers use stack.watch to stay informed.
Get an email whenever new security vulnerabilities are reported in any Mozilla product.

RSS Feeds for Mozilla security vulnerabilities

Create a CVE RSS feed including security vulnerabilities found in Mozilla products with stack.watch. Just hit watch, then grab your custom RSS feed url.

Products by Mozilla Sorted by Most Security Vulnerabilities since 2018

Mozilla Firefox2135 vulnerabilities
Open source web browser

Mozilla Thunderbird1372 vulnerabilities
Email client

Mozilla FireFox Extended Support Release (ESR)1124 vulnerabilities

Mozilla SeaMonkey286 vulnerabilities
Browser, email and newsgroup client

Mozilla Thunderbird Esr217 vulnerabilities

Mozilla Network Security Services28 vulnerabilities

Mozilla Focus23 vulnerabilities

Mozilla Firefox Mobile21 vulnerabilities

Mozilla Firefox Focus17 vulnerabilities

Mozilla9 vulnerabilities

Mozilla Nss8 vulnerabilities

Mozilla Firefox Os5 vulnerabilities

Mozilla Vpn4 vulnerabilities

Mozilla Nunjucks1 vulnerability

Mozilla Zamboni1 vulnerability

Mozilla Netscape Portable Runtime1 vulnerability

Recent Mozilla Security Advisories

Advisory Title Published
mfsa2026-34 Security Vulnerabilities fixed in Thunderbird 140.10 mfsa2026-34 April 21, 2026
mfsa2026-33 Security Vulnerabilities fixed in Thunderbird 150 mfsa2026-33 April 21, 2026
mfsa2026-30 Security Vulnerabilities fixed in Firefox 150 mfsa2026-30 April 21, 2026
mfsa2026-32 Security Vulnerabilities fixed in Firefox ESR 140.10 mfsa2026-32 April 21, 2026
mfsa2026-31 Security Vulnerabilities fixed in Firefox ESR 115.35 mfsa2026-31 April 21, 2026
mfsa2026-27 Security Vulnerabilities fixed in Firefox ESR 140.9.1 mfsa2026-27 April 7, 2026
mfsa2026-28 Security Vulnerabilities fixed in Thunderbird 149.0.2 mfsa2026-28 April 7, 2026
mfsa2026-25 Security Vulnerabilities fixed in Firefox 149.0.2 mfsa2026-25 April 7, 2026
mfsa2026-29 Security Vulnerabilities fixed in Thunderbird 140.9.1 mfsa2026-29 April 7, 2026
mfsa2026-26 Security Vulnerabilities fixed in Firefox ESR 115.34.1 mfsa2026-26 April 7, 2026

Known Exploited Mozilla Vulnerabilities

The following Mozilla vulnerabilities have been marked by CISA as Known to be Exploited by threat actors.

Title Description Added
Mozilla Multiple Products Remote Code Execution Vulnerability Mozilla Firefox, SeaMonkey, and Thunderbird contain an unspecified vulnerability when JavaScript is enabled. This allows remote attackers to execute arbitrary code via vectors related to nsCSSFrameConstructor::ContentAppended, the appendChild method, incorrect index tracking, and the creation of multiple frames, which triggers memory corruption.
CVE-2010-3765 Exploit Probability: 86.6% 		October 6, 2025
Mozilla Firefox Use-After-Free Vulnerability Mozilla Firefox and Firefox ESR contain a use-after-free vulnerability in Animation timelines that allows for code execution in the content process.
CVE-2024-9680 Exploit Probability: 30.8% 		October 15, 2024
Mozilla Firefox, Firefox ESR, and Thunderbird Use-After-Free Vulnerability Mozilla Firefox, Firefox ESR, and Thunderbird contain a use-after-free vulnerability in SVG Animation, targeting Firefox and Tor browser users on Windows.
CVE-2016-9079 Exploit Probability: 84.8% 		June 22, 2023
Mozilla Firefox Security Feature Bypass Vulnerability Moxilla Firefox allows remote attackers to bypass the Same Origin Policy to read arbitrary files or gain privileges.
CVE-2015-4495 Exploit Probability: 71.6% 		May 25, 2022
Mozilla Firefox and Thunderbird Type Confusion Vulnerability Mozilla Firefox and Thunderbird contain a type confusion vulnerability that can occur when manipulating JavaScript objects due to issues in Array.pop, allowing for an exploitable crash.
CVE-2019-11707 Exploit Probability: 84.4% 		May 23, 2022
Mozilla Firefox and Thunderbird Sandbox Escape Vulnerability Mozilla Firefox and Thunderbird contain a sandbox escape vulnerability that could result in remote code execution.
CVE-2019-11708 Exploit Probability: 68.4% 		May 23, 2022
Mozilla Firefox and Thunderbird Denial-of-Service Vulnerability Mozilla Firefox and Thunderbird do not properly handle onreadystatechange events in conjunction with page reloading, which allows remote attackers to cause a denial-of-service or possibly execute arbitrary code via a crafted web site.
CVE-2013-1690 Exploit Probability: 47.1% 		March 28, 2022
Mozilla Firefox Use-After-Free Vulnerability Mozilla Firefox contains a use-after-free vulnerability in WebGPU IPC Framework which can be exploited to perform arbitrary code execution.
CVE-2022-26486 Exploit Probability: 5.5% 		March 7, 2022
Mozilla Firefox Use-After-Free Vulnerability Mozilla Firefox contains a use-after-free vulnerability in XSLT parameter processing which can be exploited to perform arbitrary code execution.
CVE-2022-26485 Exploit Probability: 7.2% 		March 7, 2022
Mozilla Firefox Information Disclosure Vulnerability Mozilla Firefox does not properly initialize data structures for the nsDOMSVGZoomEvent::mPreviousScale and nsDOMSVGZoomEvent::mNewScale functions, which allows remote attackers to obtain sensitive information from process memory via a crafted web site.
CVE-2013-1675 Exploit Probability: 7.9% 		March 3, 2022
Mozilla Firefox 74 and Firefox ESR 68.6 nsDocShell vulnerability A race condition can cause a use-after-free when running the nsDocShell destructor. This vulnerability affects Thunderbird < 68.7.0, Firefox < 74.0.1, and Firefox ESR < 68.6.1.
CVE-2020-6819 Exploit Probability: 0.4% 		November 3, 2021
Mozilla Firefox 74 and Firefox ESR 68.6 ReadableStream vulnerability A race condition can cause a use-after-free when handling a ReadableStream. This vulnerability affects Thunderbird < 68.7.0, Firefox < 74.0.1, and Firefox ESR < 68.6.1.
CVE-2020-6820 Exploit Probability: 3.1% 		November 3, 2021
Mozilla Firefox IonMonkey JIT compiler Type Confusion Vulnerability Incorrect alias information in IonMonkey JIT compiler for setting array elements could lead to a type confusion. This vulnerability affects Firefox ESR < 68.4.1, Thunderbird < 68.4.1, and Firefox < 72.0.1
CVE-2019-17026 Exploit Probability: 59.6% 		November 3, 2021

Of the known exploited vulnerabilities above, 3 are in the top 1%, or the 99th percentile of the EPSS exploit probability rankings. 5 known exploited Mozilla vulnerabilities are in the top 5% (95th percentile or greater) of the EPSS exploit probability rankings.

By the Year

In 2026 there have been 171 vulnerabilities in Mozilla with an average score of 8.2 out of ten. Last year, in 2025 Mozilla had 209 security vulnerabilities published. If vulnerabilities keep coming in at the current rate, it appears that number of security vulnerabilities in Mozilla in 2026 could surpass last years number. However, the average CVE base score of the vulnerabilities in 2026 is greater by 0.74.




Year Vulnerabilities Average Score
2026 171 8.20
2025 209 7.46
2024 204 7.12
2023 202 7.24
2022 188 7.42
2021 158 7.12
2020 184 7.25
2019 152 7.53
2018 345 7.65

It may take a day or so for new Mozilla vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Mozilla Security Vulnerabilities

CVE Date Vulnerability Products
CVE-2026-6786 Apr 21, 2026
Firefox 149 / ESR 140.9 Memory Safety Bugs (Arbitrary Code Exec) Memory safety bugs present in Firefox ESR 140.9, Thunderbird ESR 140.9, Firefox 149 and Thunderbird 149. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10.
Firefox
Thunderbird
CVE-2026-6785 Apr 21, 2026
Mozilla Firefox Memory Safety Bug (ESR 115.34, 115.35, ESR 140.9/140.10, 149) Memory safety bugs present in Firefox ESR 115.34, Firefox ESR 140.9, Thunderbird ESR 140.9, Firefox 149 and Thunderbird 149. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 150, Firefox ESR 115.35, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10.
Firefox
Thunderbird
CVE-2026-6784 Apr 21, 2026
Memory Safety Bugs in Firefox 149 & Thunderbird 149 Memory safety bugs present in Firefox 149 and Thunderbird 149. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 150 and Thunderbird 150.
Firefox
Thunderbird
CVE-2026-6783 Apr 21, 2026
Firefox 150 AV Playback CVE20266783 Integer Overflow Incorrect boundary conditions, integer overflow in the Audio/Video: Playback component. This vulnerability was fixed in Firefox 150 and Thunderbird 150.
Firefox
Thunderbird
CVE-2026-6782 Apr 21, 2026
Info Disclosure via Firefox IP Protection Component Information disclosure in the IP Protection component. This vulnerability was fixed in Firefox 150 and Thunderbird 150.
Firefox
Thunderbird
CVE-2026-6781 Apr 21, 2026
DoS in Firefox AV Playback Component (CVE-2026-6781) Denial-of-service in the Audio/Video: Playback component. This vulnerability was fixed in Firefox 150 and Thunderbird 150.
Firefox
Thunderbird
CVE-2026-6780 Apr 21, 2026
Firefox A/V Playback DoS Vulnerability Denial-of-service in the Audio/Video: Playback component. This vulnerability was fixed in Firefox 150 and Thunderbird 150.
Firefox
Thunderbird
CVE-2026-6779 Apr 21, 2026
Mozilla Firefox JS Engine CVE-2026-6779 (Other issue) Other issue in the JavaScript Engine component. This vulnerability was fixed in Firefox 150 and Thunderbird 150.
Firefox
Thunderbird
CVE-2026-6778 Apr 21, 2026
Firefox 150 - Invalid Pointer in Audio/Video Playback Invalid pointer in the Audio/Video: Playback component. This vulnerability was fixed in Firefox 150 and Thunderbird 150.
Firefox
Thunderbird
CVE-2026-6777 Apr 21, 2026
CVE-2026-6777: Firefox DNS Component Vulnerability Other issue in the Networking: DNS component. This vulnerability was fixed in Firefox 150 and Thunderbird 150.
Firefox
Thunderbird
CVE-2026-6776 Apr 21, 2026
Firefox <150 WebRTC Networking boundary condition flaw (CVE-2026-6776) Incorrect boundary conditions in the WebRTC: Networking component. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10.
Firefox
Thunderbird
CVE-2026-6775 Apr 21, 2026
Firefox WebRTC Improper Boundary Check (CVE-2026-6775) Incorrect boundary conditions in the WebRTC component. This vulnerability was fixed in Firefox 150 and Thunderbird 150.
Firefox
Thunderbird
CVE-2026-6774 Apr 21, 2026
DOM Mitigation Bypass in Firefox Security Component Mitigation bypass in the DOM: Security component. This vulnerability was fixed in Firefox 150 and Thunderbird 150.
Firefox
Thunderbird
CVE-2026-6773 Apr 21, 2026
Firefox WebGPU Integer Overflow DoS Denial-of-service due to integer overflow in the Graphics: WebGPU component. This vulnerability was fixed in Firefox 150 and Thunderbird 150.
Firefox
Thunderbird
CVE-2026-6772 Apr 21, 2026
Firefox NSS Libraries Boundary Cond. before 150 Incorrect boundary conditions in the Libraries component in NSS. This vulnerability was fixed in Firefox 150, Firefox ESR 115.35, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10.
Firefox
Thunderbird
CVE-2026-6771 Apr 21, 2026
Firefox 150 DOM Mitigation Bypass in Security Component Mitigation bypass in the DOM: Security component. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10.
Firefox
Thunderbird
CVE-2026-6770 Apr 21, 2026
IndexedDB flaw in Firefox <=150 (ESR 140.10) Other issue in the Storage: IndexedDB component. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10.
Firefox
Thunderbird
CVE-2026-6769 Apr 21, 2026
Priv Escalation in Firefox Debugger (before 150) Privilege escalation in the Debugger component. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10.
Firefox
Thunderbird
CVE-2026-6768 Apr 21, 2026
CVE-2026-6768: Mitigation Bypass in Firefox Cookies Handling Mitigation bypass in the Networking: Cookies component. This vulnerability was fixed in Firefox 150 and Thunderbird 150.
Firefox
Thunderbird
CVE-2026-6767 Apr 21, 2026
NSS Lib Other Issue (Fixed in Firefox 150/ESR 115.35) Other issue in the Libraries component in NSS. This vulnerability was fixed in Firefox 150, Firefox ESR 115.35, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10.
Firefox
Thunderbird
CVE-2026-6766 Apr 21, 2026
Firefox NSS boundary overflow (before 150/140.10) Incorrect boundary conditions in the Libraries component in NSS. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10.
Firefox
Thunderbird
CVE-2026-6765 Apr 21, 2026
Firefox Autofill Info Disclosure before 150 Information disclosure in the Form Autofill component. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10.
Firefox
Thunderbird
CVE-2026-6764 Apr 21, 2026
Firefox DOM Boundary Condition Flaw in Device Interfaces (fixed in v150) Incorrect boundary conditions in the DOM: Device Interfaces component. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10.
Firefox
Thunderbird
CVE-2026-6763 Apr 21, 2026
Firefox File Handling Mitigation Bypass (Before 150/ESR 140.10) Mitigation bypass in the File Handling component. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10.
Firefox
Thunderbird
CVE-2026-6762 Apr 21, 2026
Firefox DOM Spoofing Vulnerability (pre-150) Core & HTML Spoofing issue in the DOM: Core & HTML component. This vulnerability was fixed in Firefox 150, Firefox ESR 115.35, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10.
Firefox
Thunderbird
CVE-2026-6761 Apr 21, 2026
Firefox 150 PrivEsc via Networking Component Privilege escalation in the Networking component. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10.
Firefox
Thunderbird
CVE-2026-6760 Apr 21, 2026
Firefox Networking Cookies Mitigation Bypass CVE-2026-6760 Mitigation bypass in the Networking: Cookies component. This vulnerability was fixed in Firefox 150 and Thunderbird 150.
Firefox
Thunderbird
CVE-2026-6758 Apr 21, 2026
Use-after-free: WebAssembly Component in Firefox Use-after-free in the JavaScript: WebAssembly component. This vulnerability was fixed in Firefox 150 and Thunderbird 150.
Firefox
Thunderbird
CVE-2026-6759 Apr 21, 2026
Use-after-free in Firefox Widget Cocoa (150) Use-after-free in the Widget: Cocoa component. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10.
Firefox
Thunderbird
CVE-2026-6757 Apr 21, 2026
Firefox WebAsm Null Pointer Bug Before v150 (CVE-2026-6757) Invalid pointer in the JavaScript: WebAssembly component. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10.
Firefox
Thunderbird
CVE-2026-6756 Apr 21, 2026
Firefox for Android Mitigation Bypass Mitigation bypass in Firefox for Android. This vulnerability was fixed in Firefox 150.
Firefox
CVE-2026-6755 Apr 21, 2026
Mozilla Firefox postMessage DOM Mitigation Bypass (CVE20266755) Mitigation bypass in the DOM: postMessage component. This vulnerability was fixed in Firefox 150 and Thunderbird 150.
Firefox
Thunderbird
CVE-2026-6754 Apr 21, 2026
UAF in JavaScript Engine, fixed in Firefox 150/ESR 115.35/140.10 Use-after-free in the JavaScript Engine component. This vulnerability was fixed in Firefox 150, Firefox ESR 115.35, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10.
Firefox
Thunderbird
CVE-2026-6753 Apr 21, 2026
Firefox WebRTC Boundary Condition Vulnerability (fixed in 150/ESR 140.10) Incorrect boundary conditions in the WebRTC component. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10.
Firefox
Thunderbird
CVE-2026-6752 Apr 21, 2026
Firefox WebRTC Boundary Condition Flaw (before v150 / ESR 115.35) Incorrect boundary conditions in the WebRTC component. This vulnerability was fixed in Firefox 150, Firefox ESR 115.35, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10.
Firefox
Thunderbird
CVE-2026-6751 Apr 21, 2026
Pre-150 Firefox Web Codecs Uninitialized Memory Vulnerability Uninitialized memory in the Audio/Video: Web Codecs component. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10.
Firefox
Thunderbird
CVE-2026-6750 Apr 21, 2026
Firefox PrivEsc via Graphics:WebRender before 150 Privilege escalation in the Graphics: WebRender component. This vulnerability was fixed in Firefox 150, Firefox ESR 115.35, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10.
Firefox
Thunderbird
CVE-2026-6749 Apr 21, 2026
Firefox Canvas2D Info Disclosure via Uninit Mem, Fixed 150/ESR115.35 Information disclosure due to uninitialized memory in the Graphics: Canvas2D component. This vulnerability was fixed in Firefox 150, Firefox ESR 115.35, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10.
Firefox
Thunderbird
CVE-2026-6748 Apr 21, 2026
Web Codecs Uninitialized Mem in Firefox <150 (Fixed 150) Uninitialized memory in the Audio/Video: Web Codecs component. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10.
Firefox
Thunderbird
CVE-2026-6747 Apr 21, 2026
Firefox <150 WebRTC Use-after-free Vulnerability Use-after-free in the WebRTC component. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10.
Firefox
Thunderbird
CVE-2026-6746 Apr 21, 2026
Use-after-free in Firefox Core&HTML before v150 Use-after-free in the DOM: Core & HTML component. This vulnerability was fixed in Firefox 150, Firefox ESR 115.35, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10.
Firefox
Thunderbird
CVE-2026-6654 Apr 20, 2026
ThinVec Drop/ Clear DoubleFree & UAF Vulnerability in Mozilla ThinVec Crate Double-Free / Use-After-Free (UAF) in the `IntoIter::drop` and `ThinVec::clear` functions in the thin_vec crate. A panic in `ptr::drop_in_place` skips setting the length to zero.
CVE-2026-5735 Apr 07, 2026
Memory safety bug in Firefox <149.0.2 & Thunderbird 149.0.1 Memory safety bugs present in Firefox 149.0.1 and Thunderbird 149.0.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 149.0.2 and Thunderbird 149.0.2.
Firefox
Thunderbird
CVE-2026-5734 Apr 07, 2026
Memory corruption in Firefox <149.0.2 & ESR <140.9.1 Memory safety bugs present in Firefox ESR 140.9.0, Thunderbird ESR 140.9.0, Firefox 149.0.1 and Thunderbird 149.0.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 149.0.2, Firefox ESR 140.9.1, Thunderbird 149.0.2, and Thunderbird 140.9.1.
Firefox
FireFox Extended Support Release (ESR)
Thunderbird
And others...
CVE-2026-5733 Apr 07, 2026
Firefox <149.0.2 WebGPU Boundary Conditions CVE-2026-5733 Incorrect boundary conditions in the Graphics: WebGPU component. This vulnerability was fixed in Firefox 149.0.2 and Thunderbird 149.0.2.
Firefox
Thunderbird
CVE-2026-5732 Apr 07, 2026
Integer Overflow in Firefox Graphics: Text Component (149.0.2 / ESR 140.9.1) Incorrect boundary conditions, integer overflow in the Graphics: Text component. This vulnerability was fixed in Firefox 149.0.2, Firefox ESR 140.9.1, Thunderbird 149.0.2, and Thunderbird 140.9.1.
Firefox
FireFox Extended Support Release (ESR)
Thunderbird
And others...
CVE-2026-5731 Apr 07, 2026
Mem safety bug in Firefox <149.0.2 (ESR 115/140) Memory safety bugs present in Firefox ESR 115.34.0, Firefox ESR 140.9.0, Thunderbird ESR 140.9.0, Firefox 149.0.1 and Thunderbird 149.0.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 149.0.2, Firefox ESR 115.34.1, Firefox ESR 140.9.1, Thunderbird 149.0.2, and Thunderbird 140.9.1.
Firefox
FireFox Extended Support Release (ESR)
Thunderbird
And others...
CVE-2026-4371 Mar 24, 2026
Thunderbird <149 Vulnerable Parser Reads OOB via Malformed Mail (CVE-2026-4371) A malicious mail server could send malformed strings with negative lengths, causing the parser to read memory outside the buffer. If a mail server or connection to a mail server were compromised, an attacker could cause the parser to malfunction, potentially crashing Thunderbird or leaking sensitive data. This vulnerability was fixed in Thunderbird 149 and Thunderbird 140.9.
Thunderbird
CVE-2026-3889 Mar 24, 2026
Thunderbird Email Client Spoofing Issue <149, <140.9 Spoofing issue in Thunderbird. This vulnerability was fixed in Thunderbird 149 and Thunderbird 140.9.
Thunderbird
CVE-2026-4721 Mar 24, 2026
Memory Safety Bug in Firefox (ESR 115.33/140.8 & 148) prior to v149 Memory safety bugs present in Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird ESR 140.8, Firefox 148 and Thunderbird 148. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 149, Firefox ESR 115.34, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9.
Firefox
FireFox Extended Support Release (ESR)
Thunderbird
And others...
Built by Foundeo Inc., with data from the National Vulnerability Database (NVD). Privacy Policy. Use of this site is governed by the Legal Terms
Disclaimer
CONTENT ON THIS WEBSITE IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. Always check with your vendor for the most up to date, and accurate information.