Mozilla
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in any Mozilla product.
Products by Mozilla Sorted by Most Security Vulnerabilities since 2018
Recent Mozilla Security Advisories
Advisory | Title | Published |
---|---|---|
mfsa2024-66 | Security Vulnerabilities fixed in Firefox for iOS 133 mfsa2024-66 | November 26, 2024 |
mfsa2024-63 | Security Vulnerabilities fixed in Firefox 133 mfsa2024-63 | November 26, 2024 |
mfsa2024-68 | Security Vulnerabilities fixed in Thunderbird 128.5 mfsa2024-68 | November 26, 2024 |
mfsa2024-65 | Security Vulnerabilities fixed in Firefox ESR 115.18 mfsa2024-65 | November 26, 2024 |
mfsa2024-67 | Security Vulnerabilities fixed in Thunderbird 133 mfsa2024-67 | November 26, 2024 |
mfsa2024-64 | Security Vulnerabilities fixed in Firefox ESR 128.5 mfsa2024-64 | November 26, 2024 |
mfsa2024-62 | Security Vulnerabilities fixed in Thunderbird 132.0.1 mfsa2024-62 | November 12, 2024 |
mfsa2024-61 | Security Vulnerabilities fixed in Thunderbird 128.4.3 mfsa2024-61 | November 12, 2024 |
mfsa2024-58 | Security Vulnerabilities fixed in Thunderbird 128.4 mfsa2024-58 | October 29, 2024 |
mfsa2024-55 | Security Vulnerabilities fixed in Firefox 132 mfsa2024-55 | October 29, 2024 |
Known Exploited Mozilla Vulnerabilities
The following Mozilla vulnerabilities have been marked by CISA as Known to be Exploited by threat actors.
Title | Description | Added |
---|---|---|
Mozilla Firefox Use-After-Free Vulnerability | Mozilla Firefox and Firefox ESR contain a use-after-free vulnerability in Animation timelines that allows for code execution in the content process. CVE-2024-9680 | October 15, 2024 |
Mozilla Firefox, Firefox ESR, and Thunderbird Use-After-Free Vulnerability | Mozilla Firefox, Firefox ESR, and Thunderbird contain a use-after-free vulnerability in SVG Animation, targeting Firefox and Tor browser users on Windows. CVE-2016-9079 | June 22, 2023 |
Mozilla Firefox Security Feature Bypass Vulnerability | Moxilla Firefox allows remote attackers to bypass the Same Origin Policy to read arbitrary files or gain privileges. CVE-2015-4495 | May 25, 2022 |
Mozilla Firefox and Thunderbird Type Confusion Vulnerability | Mozilla Firefox and Thunderbird contain a type confusion vulnerability that can occur when manipulating JavaScript objects due to issues in Array.pop, allowing for an exploitable crash. CVE-2019-11707 | May 23, 2022 |
Mozilla Firefox and Thunderbird Sandbox Escape Vulnerability | Mozilla Firefox and Thunderbird contain a sandbox escape vulnerability that could result in remote code execution. CVE-2019-11708 | May 23, 2022 |
Mozilla Firefox and Thunderbird Denial-of-Service Vulnerability | Mozilla Firefox and Thunderbird do not properly handle onreadystatechange events in conjunction with page reloading, which allows remote attackers to cause a denial-of-service or possibly execute arbitrary code via a crafted web site. CVE-2013-1690 | March 28, 2022 |
Mozilla Firefox Use-After-Free Vulnerability | Mozilla Firefox contains a use-after-free vulnerability in WebGPU IPC Framework which can be exploited to perform arbitrary code execution. CVE-2022-26486 | March 7, 2022 |
Mozilla Firefox Use-After-Free Vulnerability | Mozilla Firefox contains a use-after-free vulnerability in XSLT parameter processing which can be exploited to perform arbitrary code execution. CVE-2022-26485 | March 7, 2022 |
Mozilla Firefox Information Disclosure Vulnerability | Mozilla Firefox does not properly initialize data structures for the nsDOMSVGZoomEvent::mPreviousScale and nsDOMSVGZoomEvent::mNewScale functions, which allows remote attackers to obtain sensitive information from process memory via a crafted web site. CVE-2013-1675 | March 3, 2022 |
Mozilla Firefox 74 and Firefox ESR 68.6 nsDocShell vulnerability | A race condition can cause a use-after-free when running the nsDocShell destructor. This vulnerability affects Thunderbird < 68.7.0, Firefox < 74.0.1, and Firefox ESR < 68.6.1. CVE-2020-6819 | November 3, 2021 |
Mozilla Firefox 74 and Firefox ESR 68.6 ReadableStream vulnerability | A race condition can cause a use-after-free when handling a ReadableStream. This vulnerability affects Thunderbird < 68.7.0, Firefox < 74.0.1, and Firefox ESR < 68.6.1. CVE-2020-6820 | November 3, 2021 |
Mozilla Firefox IonMonkey JIT compiler Type Confusion Vulnerability | Incorrect alias information in IonMonkey JIT compiler for setting array elements could lead to a type confusion. This vulnerability affects Firefox ESR < 68.4.1, Thunderbird < 68.4.1, and Firefox < 72.0.1 CVE-2019-17026 | November 3, 2021 |
By the Year
In 2024 there have been 199 vulnerabilities in Mozilla with an average score of 7.0 out of ten. Last year Mozilla had 200 security vulnerabilities published. If vulnerabilities keep coming in at the current rate, it appears that number of security vulnerabilities in Mozilla in 2024 could surpass last years number. Last year, the average CVE base score was greater by 0.24
Year | Vulnerabilities | Average Score |
---|---|---|
2024 | 199 | 6.96 |
2023 | 200 | 7.20 |
2022 | 186 | 7.44 |
2021 | 158 | 7.11 |
2020 | 180 | 7.26 |
2019 | 144 | 7.67 |
2018 | 155 | 7.90 |
It may take a day or so for new Mozilla vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Mozilla Security Vulnerabilities
A vulnerability has been found in Talentera up to 20241128 and classified as problematic
CVE-2024-12346
- December 09, 2024
A vulnerability has been found in Talentera up to 20241128 and classified as problematic. This vulnerability affects unknown code of the file /app/control/byt_cv_manager. The manipulation of the argument redirect_url leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The provided PoC only works in Mozilla Firefox. The vendor was contacted early about this disclosure but did not respond in any way.
XSS
Android Firefox Saved Password Exposure Vulnerability
CVE-2024-11703
- November 26, 2024
On Android, Firefox may have inadvertently allowed viewing saved passwords without the required device PIN authentication. This vulnerability affects Firefox < 133.
Firefox for iOS URL Bar Spoofing Vulnerability
CVE-2024-53976
- November 26, 2024
Under certain circumstances, navigating to a webpage would result in the address missing from the location URL bar, making it unclear what the URL was for the loaded webpage. This vulnerability affects Firefox for iOS < 133.
Firefox for iOS SSL Padlock Misrepresentation Vulnerability
CVE-2024-53975
- November 26, 2024
Accessing a non-secure HTTP site that uses a non-existent port may cause the SSL padlock icon in the location URL bar to, misleadingly, appear secure. This vulnerability affects Firefox for iOS < 133.
Firefox and Thunderbird: Data Race Vulnerability in PlaybackParams Structure
CVE-2024-11708
- November 26, 2024
Missing thread synchronization primitives could have led to a data race on members of the PlaybackParams structure. This vulnerability affects Firefox < 133 and Thunderbird < 133.
Null Pointer Dereference in Mozilla Firefox and Thunderbird's pk12util SEC_ASN1DecodeItem_Util Funct
CVE-2024-11706
- November 26, 2024
A null pointer dereference may have inadvertently occurred in `pk12util`, and specifically in the `SEC_ASN1DecodeItem_Util` function, when handling malformed or improperly formatted input files. This vulnerability affects Firefox < 133 and Thunderbird < 133.
Mozilla Firefox and Thunderbird PKCS#11 Key Derivation Null Pointer Dereference Vulnerability
CVE-2024-11705
- November 26, 2024
`NSC_DeriveKey` inadvertently assumed that the `phKey` parameter is always non-NULL. When it was passed as NULL, a segmentation fault (SEGV) occurred, leading to crashes. This behavior conflicted with the PKCS#11 v3.0 specification, which allows `phKey` to be NULL for certain mechanisms. This vulnerability affects Firefox < 133 and Thunderbird < 133.
Mozilla Firefox and Thunderbird Double-Free Vulnerability in PKCS7 Decoder
CVE-2024-11704
- November 26, 2024
A double-free issue could have occurred in `sec_pkcs7_decoder_start_decrypt()` when handling an error path. Under specific conditions, the same symmetric key could have been freed twice, potentially leading to memory corruption. This vulnerability affects Firefox < 133 and Thunderbird < 133.
Firefox and Thunderbird Android Private Browsing Clipboard Leak Vulnerability
CVE-2024-11702
- November 26, 2024
Copying sensitive information from Private Browsing tabs on Android, such as passwords, may have inadvertently stored data in the cloud-based clipboard history if enabled. This vulnerability affects Firefox < 133 and Thunderbird < 133.
Firefox and Thunderbird: Address Bar Domain Spoofing Vulnerability
CVE-2024-11701
- November 26, 2024
The incorrect domain may have been displayed in the address bar during an interrupted navigation attempt. This could have led to user confusion and possible spoofing attacks. This vulnerability affects Firefox < 133 and Thunderbird < 133.
Firefox and Thunderbird Tapjacking Vulnerability
CVE-2024-11700
- November 26, 2024
Malicious websites may have been able to perform user intent confirmation through tapjacking. This could have led to users unknowingly approving the launch of external applications, potentially exposing them to underlying vulnerabilities. This vulnerability affects Firefox < 133 and Thunderbird < 133.
Multiple Memory Safety Vulnerabilities in Mozilla Firefox and Thunderbird
CVE-2024-11699
- November 26, 2024
Memory safety bugs present in Firefox 132, Firefox ESR 128.4, and Thunderbird 128.4. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 133, Firefox ESR < 128.5, Thunderbird < 133, and Thunderbird < 128.5.
Firefox and Thunderbird Fullscreen Transition Vulnerability on macOS
CVE-2024-11698
- November 26, 2024
A flaw in handling fullscreen transitions may have inadvertently caused the application to become stuck in fullscreen mode when a modal dialog was opened during the transition. This issue left users unable to exit fullscreen mode using standard actions like pressing "Esc" or accessing right-click menus, resulting in a disrupted browsing experience until the browser is restarted. *This bug only affects the application when running on macOS. Other operating systems are unaffected.* This vulnerability affects Firefox < 133, Firefox ESR < 128.5, Thunderbird < 133, and Thunderbird < 128.5.
Firefox and Thunderbird Keypress Event Handling Bypass Vulnerability
CVE-2024-11697
- November 26, 2024
When handling keypress events, an attacker may have been able to trick a user into bypassing the "Open Executable File?" confirmation dialog. This could have led to malicious code execution. This vulnerability affects Firefox < 133, Firefox ESR < 128.5, Thunderbird < 133, and Thunderbird < 128.5.
Mozilla Firefox and Thunderbird Add-on Signature Validation Bypass Vulnerability
CVE-2024-11696
- November 26, 2024
The application failed to account for exceptions thrown by the `loadManifestFromFile` method during add-on signature verification. This flaw, triggered by an invalid or unsupported extension manifest, could have caused runtime errors that disrupted the signature validation process. As a result, the enforcement of signature validation for unrelated add-ons may have been bypassed. Signature validation in this context is used to ensure that third-party applications on the user's computer have not tampered with the user's extensions, limiting the impact of this issue. This vulnerability affects Firefox < 133, Firefox ESR < 128.5, Thunderbird < 133, and Thunderbird < 128.5.
Mozilla Firefox and Thunderbird URL Spoofing Vulnerability via Arabic Script and Whitespace
CVE-2024-11695
- November 26, 2024
A crafted URL containing Arabic script and whitespace characters could have hidden the true origin of the page, resulting in a potential spoofing attack. This vulnerability affects Firefox < 133, Firefox ESR < 128.5, Thunderbird < 133, and Thunderbird < 128.5.
Mozilla Firefox and Thunderbird CSP Bypass and DOM-based XSS Vulnerability in Google SafeFrame Shim
CVE-2024-11694
- November 26, 2024
Enhanced Tracking Protection's Strict mode may have inadvertently allowed a CSP `frame-src` bypass and DOM-based XSS through the Google SafeFrame shim in the Web Compatibility extension. This issue could have exposed users to malicious frames masquerading as legitimate content. This vulnerability affects Firefox < 133, Firefox ESR < 128.5, Firefox ESR < 115.18, Thunderbird < 133, and Thunderbird < 128.5.
Windows: Missing Executable File Warning for .library-ms Files in Firefox and Thunderbird
CVE-2024-11693
- November 26, 2024
The executable file warning was not presented when downloading .library-ms files. *Note: This issue only affected Windows operating systems. Other operating systems are unaffected.* This vulnerability affects Firefox < 133, Firefox ESR < 128.5, Thunderbird < 133, and Thunderbird < 128.5.
Firefox and Thunderbird UI Spoofing Vulnerability in Tab Interface
CVE-2024-11692
- November 26, 2024
An attacker could cause a select dropdown to be shown over another tab; this could have led to user confusion and possible spoofing attacks. This vulnerability affects Firefox < 133, Firefox ESR < 128.5, Thunderbird < 133, and Thunderbird < 128.5.
Memory Corruption Vulnerability in Apple GPU Driver
CVE-2024-11691
- November 26, 2024
Certain WebGL operations on Apple silicon M series devices could have lead to an out-of-bounds write and memory corruption due to a flaw in Apple's GPU driver. *This bug only affected the application on Apple M series hardware. Other platforms were unaffected.* This vulnerability affects Firefox < 133, Firefox ESR < 128.5, Firefox ESR < 115.18, Thunderbird < 133, and Thunderbird < 128.5.
Thunderbird OpenPGP Remote Content Plaintext Disclosure Vulnerability
CVE-2024-11159
4.3 - Medium
- November 13, 2024
Using remote content in OpenPGP encrypted messages can lead to the disclosure of plaintext. This vulnerability affects Thunderbird < 128.4.3 and Thunderbird < 132.0.1.
Firefox URI Parsing Crash
CVE-2024-10941
- November 06, 2024
A malicious website could have included an iframe with an malformed URI resulting in a non-exploitable browser crash. This vulnerability affects Firefox < 126.
Focus was incorrectly
CVE-2024-10474
6.5 - Medium
- October 29, 2024
Focus was incorrectly allowing internal links to utilize the app scheme used for deeplinking, which could result in links potentially circumventing some URL safety checks This vulnerability affects Focus for iOS < 132.
Memory safety bugs present in Firefox 131, Firefox ESR 128.3, and Thunderbird 128.3
CVE-2024-10467
8.8 - High
- October 29, 2024
Memory safety bugs present in Firefox 131, Firefox ESR 128.3, and Thunderbird 128.3. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 132, Firefox ESR < 128.4, Thunderbird < 128.4, and Thunderbird < 132.
Memory Corruption
By sending a specially crafted push message, a remote server could have hung the parent process, causing the browser to become unresponsive
CVE-2024-10466
7.5 - High
- October 29, 2024
By sending a specially crafted push message, a remote server could have hung the parent process, causing the browser to become unresponsive. This vulnerability affects Firefox < 132, Firefox ESR < 128.4, Thunderbird < 128.4, and Thunderbird < 132.
A clipboard "paste" button could persist across tabs which allowed a spoofing attack
CVE-2024-10465
6.5 - Medium
- October 29, 2024
A clipboard "paste" button could persist across tabs which allowed a spoofing attack. This vulnerability affects Firefox < 132, Firefox ESR < 128.4, Thunderbird < 128.4, and Thunderbird < 132.
Authentication Bypass by Spoofing
Repeated writes to history interface attributes could have been used to cause a Denial of Service condition in the browser
CVE-2024-10464
6.5 - Medium
- October 29, 2024
Repeated writes to history interface attributes could have been used to cause a Denial of Service condition in the browser. This was addressed by introducing rate-limiting to this API. This vulnerability affects Firefox < 132, Firefox ESR < 128.4, Thunderbird < 128.4, and Thunderbird < 132.
Out-of-bounds Read
Potential race conditions in IndexedDB could have caused memory corruption, leading to a potentially exploitable crash
CVE-2024-10468
5.3 - Medium
- October 29, 2024
Potential race conditions in IndexedDB could have caused memory corruption, leading to a potentially exploitable crash. This vulnerability affects Firefox < 132 and Thunderbird < 132.
Race Condition
Video frames could have been leaked between origins in some situations
CVE-2024-10463
6.5 - Medium
- October 29, 2024
Video frames could have been leaked between origins in some situations. This vulnerability affects Firefox < 132, Firefox ESR < 128.4, Firefox ESR < 115.17, Thunderbird < 128.4, and Thunderbird < 132.
Side Channel Attack
Truncation of a long URL could have allowed origin spoofing in a permission prompt
CVE-2024-10462
6.5 - Medium
- October 29, 2024
Truncation of a long URL could have allowed origin spoofing in a permission prompt. This vulnerability affects Firefox < 132, Firefox ESR < 128.4, Thunderbird < 128.4, and Thunderbird < 132.
Authentication Bypass by Spoofing
In multipart/x-mixed-replace responses, `Content-Disposition: attachment` in the response header was not respected and did not force a download, which could
CVE-2024-10461
6.1 - Medium
- October 29, 2024
In multipart/x-mixed-replace responses, `Content-Disposition: attachment` in the response header was not respected and did not force a download, which could allow XSS attacks. This vulnerability affects Firefox < 132, Firefox ESR < 128.4, Thunderbird < 128.4, and Thunderbird < 132.
XSS
The origin of an external protocol handler prompt could have been obscured using a data: URL within an `iframe`
CVE-2024-10460
5.3 - Medium
- October 29, 2024
The origin of an external protocol handler prompt could have been obscured using a data: URL within an `iframe`. This vulnerability affects Firefox < 132, Firefox ESR < 128.4, Thunderbird < 128.4, and Thunderbird < 132.
An attacker could have caused a use-after-free when accessibility was enabled, leading to a potentially exploitable crash
CVE-2024-10459
7.5 - High
- October 29, 2024
An attacker could have caused a use-after-free when accessibility was enabled, leading to a potentially exploitable crash. This vulnerability affects Firefox < 132, Firefox ESR < 128.4, Firefox ESR < 115.17, Thunderbird < 128.4, and Thunderbird < 132.
Dangling pointer
A permission leak could have occurred from a trusted site to an untrusted site via `embed` or `object` elements
CVE-2024-10458
7.5 - High
- October 29, 2024
A permission leak could have occurred from a trusted site to an untrusted site via `embed` or `object` elements. This vulnerability affects Firefox < 132, Firefox ESR < 128.4, Firefox ESR < 115.17, Thunderbird < 128.4, and Thunderbird < 132.
Memory safety bugs present in Firefox 131, Firefox ESR 128.3, and Thunderbird 128.3
CVE-2024-10467
8.8 - High
- October 29, 2024
Memory safety bugs present in Firefox 131, Firefox ESR 128.3, and Thunderbird 128.3. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 132, Firefox ESR < 128.4, Thunderbird < 128.4, and Thunderbird < 132.
Memory Corruption
By sending a specially crafted push message, a remote server could have hung the parent process, causing the browser to become unresponsive
CVE-2024-10466
7.5 - High
- October 29, 2024
By sending a specially crafted push message, a remote server could have hung the parent process, causing the browser to become unresponsive. This vulnerability affects Firefox < 132, Firefox ESR < 128.4, Thunderbird < 128.4, and Thunderbird < 132.
A clipboard "paste" button could persist across tabs which allowed a spoofing attack
CVE-2024-10465
6.5 - Medium
- October 29, 2024
A clipboard "paste" button could persist across tabs which allowed a spoofing attack. This vulnerability affects Firefox < 132, Firefox ESR < 128.4, Thunderbird < 128.4, and Thunderbird < 132.
Authentication Bypass by Spoofing
Repeated writes to history interface attributes could have been used to cause a Denial of Service condition in the browser
CVE-2024-10464
6.5 - Medium
- October 29, 2024
Repeated writes to history interface attributes could have been used to cause a Denial of Service condition in the browser. This was addressed by introducing rate-limiting to this API. This vulnerability affects Firefox < 132, Firefox ESR < 128.4, Thunderbird < 128.4, and Thunderbird < 132.
Out-of-bounds Read
Video frames could have been leaked between origins in some situations
CVE-2024-10463
6.5 - Medium
- October 29, 2024
Video frames could have been leaked between origins in some situations. This vulnerability affects Firefox < 132, Firefox ESR < 128.4, Firefox ESR < 115.17, Thunderbird < 128.4, and Thunderbird < 132.
Side Channel Attack
Truncation of a long URL could have allowed origin spoofing in a permission prompt
CVE-2024-10462
6.5 - Medium
- October 29, 2024
Truncation of a long URL could have allowed origin spoofing in a permission prompt. This vulnerability affects Firefox < 132, Firefox ESR < 128.4, Thunderbird < 128.4, and Thunderbird < 132.
Authentication Bypass by Spoofing
In multipart/x-mixed-replace responses, `Content-Disposition: attachment` in the response header was not respected and did not force a download, which could
CVE-2024-10461
6.1 - Medium
- October 29, 2024
In multipart/x-mixed-replace responses, `Content-Disposition: attachment` in the response header was not respected and did not force a download, which could allow XSS attacks. This vulnerability affects Firefox < 132, Firefox ESR < 128.4, Thunderbird < 128.4, and Thunderbird < 132.
XSS
The origin of an external protocol handler prompt could have been obscured using a data: URL within an `iframe`
CVE-2024-10460
5.3 - Medium
- October 29, 2024
The origin of an external protocol handler prompt could have been obscured using a data: URL within an `iframe`. This vulnerability affects Firefox < 132, Firefox ESR < 128.4, Thunderbird < 128.4, and Thunderbird < 132.
An attacker could have caused a use-after-free when accessibility was enabled, leading to a potentially exploitable crash
CVE-2024-10459
7.5 - High
- October 29, 2024
An attacker could have caused a use-after-free when accessibility was enabled, leading to a potentially exploitable crash. This vulnerability affects Firefox < 132, Firefox ESR < 128.4, Firefox ESR < 115.17, Thunderbird < 128.4, and Thunderbird < 132.
Dangling pointer
A permission leak could have occurred from a trusted site to an untrusted site via `embed` or `object` elements
CVE-2024-10458
7.5 - High
- October 29, 2024
A permission leak could have occurred from a trusted site to an untrusted site via `embed` or `object` elements. This vulnerability affects Firefox < 132, Firefox ESR < 128.4, Firefox ESR < 115.17, Thunderbird < 128.4, and Thunderbird < 132.
Video frames could have been leaked between origins in some situations
CVE-2024-10463
6.5 - Medium
- October 29, 2024
Video frames could have been leaked between origins in some situations. This vulnerability affects Firefox < 132, Firefox ESR < 128.4, Firefox ESR < 115.17, Thunderbird < 128.4, and Thunderbird < 132.
Side Channel Attack
An attacker could have caused a use-after-free when accessibility was enabled, leading to a potentially exploitable crash
CVE-2024-10459
7.5 - High
- October 29, 2024
An attacker could have caused a use-after-free when accessibility was enabled, leading to a potentially exploitable crash. This vulnerability affects Firefox < 132, Firefox ESR < 128.4, Firefox ESR < 115.17, Thunderbird < 128.4, and Thunderbird < 132.
Dangling pointer
A permission leak could have occurred from a trusted site to an untrusted site via `embed` or `object` elements
CVE-2024-10458
7.5 - High
- October 29, 2024
A permission leak could have occurred from a trusted site to an untrusted site via `embed` or `object` elements. This vulnerability affects Firefox < 132, Firefox ESR < 128.4, Firefox ESR < 115.17, Thunderbird < 128.4, and Thunderbird < 132.
Memory safety bugs present in Firefox 131, Firefox ESR 128.3, and Thunderbird 128.3
CVE-2024-10467
8.8 - High
- October 29, 2024
Memory safety bugs present in Firefox 131, Firefox ESR 128.3, and Thunderbird 128.3. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 132, Firefox ESR < 128.4, Thunderbird < 128.4, and Thunderbird < 132.
Memory Corruption
By sending a specially crafted push message, a remote server could have hung the parent process, causing the browser to become unresponsive
CVE-2024-10466
7.5 - High
- October 29, 2024
By sending a specially crafted push message, a remote server could have hung the parent process, causing the browser to become unresponsive. This vulnerability affects Firefox < 132, Firefox ESR < 128.4, Thunderbird < 128.4, and Thunderbird < 132.
A clipboard "paste" button could persist across tabs which allowed a spoofing attack
CVE-2024-10465
6.5 - Medium
- October 29, 2024
A clipboard "paste" button could persist across tabs which allowed a spoofing attack. This vulnerability affects Firefox < 132, Firefox ESR < 128.4, Thunderbird < 128.4, and Thunderbird < 132.
Authentication Bypass by Spoofing
Repeated writes to history interface attributes could have been used to cause a Denial of Service condition in the browser
CVE-2024-10464
6.5 - Medium
- October 29, 2024
Repeated writes to history interface attributes could have been used to cause a Denial of Service condition in the browser. This was addressed by introducing rate-limiting to this API. This vulnerability affects Firefox < 132, Firefox ESR < 128.4, Thunderbird < 128.4, and Thunderbird < 132.
Out-of-bounds Read
Video frames could have been leaked between origins in some situations
CVE-2024-10463
6.5 - Medium
- October 29, 2024
Video frames could have been leaked between origins in some situations. This vulnerability affects Firefox < 132, Firefox ESR < 128.4, Firefox ESR < 115.17, Thunderbird < 128.4, and Thunderbird < 132.
Side Channel Attack
Truncation of a long URL could have allowed origin spoofing in a permission prompt
CVE-2024-10462
6.5 - Medium
- October 29, 2024
Truncation of a long URL could have allowed origin spoofing in a permission prompt. This vulnerability affects Firefox < 132, Firefox ESR < 128.4, Thunderbird < 128.4, and Thunderbird < 132.
Authentication Bypass by Spoofing
In multipart/x-mixed-replace responses, `Content-Disposition: attachment` in the response header was not respected and did not force a download, which could
CVE-2024-10461
6.1 - Medium
- October 29, 2024
In multipart/x-mixed-replace responses, `Content-Disposition: attachment` in the response header was not respected and did not force a download, which could allow XSS attacks. This vulnerability affects Firefox < 132, Firefox ESR < 128.4, Thunderbird < 128.4, and Thunderbird < 132.
XSS
The origin of an external protocol handler prompt could have been obscured using a data: URL within an `iframe`
CVE-2024-10460
5.3 - Medium
- October 29, 2024
The origin of an external protocol handler prompt could have been obscured using a data: URL within an `iframe`. This vulnerability affects Firefox < 132, Firefox ESR < 128.4, Thunderbird < 128.4, and Thunderbird < 132.
An attacker could have caused a use-after-free when accessibility was enabled, leading to a potentially exploitable crash
CVE-2024-10459
7.5 - High
- October 29, 2024
An attacker could have caused a use-after-free when accessibility was enabled, leading to a potentially exploitable crash. This vulnerability affects Firefox < 132, Firefox ESR < 128.4, Firefox ESR < 115.17, Thunderbird < 128.4, and Thunderbird < 132.
Dangling pointer
A permission leak could have occurred from a trusted site to an untrusted site via `embed` or `object` elements
CVE-2024-10458
7.5 - High
- October 29, 2024
A permission leak could have occurred from a trusted site to an untrusted site via `embed` or `object` elements. This vulnerability affects Firefox < 132, Firefox ESR < 128.4, Firefox ESR < 115.17, Thunderbird < 128.4, and Thunderbird < 132.
Memory safety bugs present in Firefox 131, Firefox ESR 128.3, and Thunderbird 128.3
CVE-2024-10467
8.8 - High
- October 29, 2024
Memory safety bugs present in Firefox 131, Firefox ESR 128.3, and Thunderbird 128.3. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 132, Firefox ESR < 128.4, Thunderbird < 128.4, and Thunderbird < 132.
Memory Corruption
By sending a specially crafted push message, a remote server could have hung the parent process, causing the browser to become unresponsive
CVE-2024-10466
7.5 - High
- October 29, 2024
By sending a specially crafted push message, a remote server could have hung the parent process, causing the browser to become unresponsive. This vulnerability affects Firefox < 132, Firefox ESR < 128.4, Thunderbird < 128.4, and Thunderbird < 132.
A clipboard "paste" button could persist across tabs which allowed a spoofing attack
CVE-2024-10465
6.5 - Medium
- October 29, 2024
A clipboard "paste" button could persist across tabs which allowed a spoofing attack. This vulnerability affects Firefox < 132, Firefox ESR < 128.4, Thunderbird < 128.4, and Thunderbird < 132.
Authentication Bypass by Spoofing
Repeated writes to history interface attributes could have been used to cause a Denial of Service condition in the browser
CVE-2024-10464
6.5 - Medium
- October 29, 2024
Repeated writes to history interface attributes could have been used to cause a Denial of Service condition in the browser. This was addressed by introducing rate-limiting to this API. This vulnerability affects Firefox < 132, Firefox ESR < 128.4, Thunderbird < 128.4, and Thunderbird < 132.
Out-of-bounds Read
Potential race conditions in IndexedDB could have caused memory corruption, leading to a potentially exploitable crash
CVE-2024-10468
5.3 - Medium
- October 29, 2024
Potential race conditions in IndexedDB could have caused memory corruption, leading to a potentially exploitable crash. This vulnerability affects Firefox < 132 and Thunderbird < 132.
Race Condition
Video frames could have been leaked between origins in some situations
CVE-2024-10463
6.5 - Medium
- October 29, 2024
Video frames could have been leaked between origins in some situations. This vulnerability affects Firefox < 132, Firefox ESR < 128.4, Firefox ESR < 115.17, Thunderbird < 128.4, and Thunderbird < 132.
Side Channel Attack
Truncation of a long URL could have allowed origin spoofing in a permission prompt
CVE-2024-10462
6.5 - Medium
- October 29, 2024
Truncation of a long URL could have allowed origin spoofing in a permission prompt. This vulnerability affects Firefox < 132, Firefox ESR < 128.4, Thunderbird < 128.4, and Thunderbird < 132.
Authentication Bypass by Spoofing
In multipart/x-mixed-replace responses, `Content-Disposition: attachment` in the response header was not respected and did not force a download, which could
CVE-2024-10461
6.1 - Medium
- October 29, 2024
In multipart/x-mixed-replace responses, `Content-Disposition: attachment` in the response header was not respected and did not force a download, which could allow XSS attacks. This vulnerability affects Firefox < 132, Firefox ESR < 128.4, Thunderbird < 128.4, and Thunderbird < 132.
XSS
The origin of an external protocol handler prompt could have been obscured using a data: URL within an `iframe`
CVE-2024-10460
5.3 - Medium
- October 29, 2024
The origin of an external protocol handler prompt could have been obscured using a data: URL within an `iframe`. This vulnerability affects Firefox < 132, Firefox ESR < 128.4, Thunderbird < 128.4, and Thunderbird < 132.
An attacker could have caused a use-after-free when accessibility was enabled, leading to a potentially exploitable crash
CVE-2024-10459
7.5 - High
- October 29, 2024
An attacker could have caused a use-after-free when accessibility was enabled, leading to a potentially exploitable crash. This vulnerability affects Firefox < 132, Firefox ESR < 128.4, Firefox ESR < 115.17, Thunderbird < 128.4, and Thunderbird < 132.
Dangling pointer
A permission leak could have occurred from a trusted site to an untrusted site via `embed` or `object` elements
CVE-2024-10458
7.5 - High
- October 29, 2024
A permission leak could have occurred from a trusted site to an untrusted site via `embed` or `object` elements. This vulnerability affects Firefox < 132, Firefox ESR < 128.4, Firefox ESR < 115.17, Thunderbird < 128.4, and Thunderbird < 132.
Opening an external link to an HTTP website when Firefox iOS was previously closed and had an HTTPS tab open could in some cases result in the padlock icon showing an HTTPS indicator incorrectly This vulnerability affects Firefox for iOS < 131.2.
CVE-2024-10004
- October 15, 2024
Opening an external link to an HTTP website when Firefox iOS was previously closed and had an HTTPS tab open could in some cases result in the padlock icon showing an HTTPS indicator incorrectly This vulnerability affects Firefox for iOS < 131.2.
When manipulating the selection node cache
CVE-2024-9936
- October 14, 2024
When manipulating the selection node cache, an attacker may have been able to cause unexpected behavior, potentially leading to an exploitable crash. This vulnerability affects Firefox < 131.0.3.
An attacker was able to achieve code execution in the content process by exploiting a use-after-free in Animation timelines
CVE-2024-9680
9.8 - Critical
- October 09, 2024
An attacker was able to achieve code execution in the content process by exploiting a use-after-free in Animation timelines. We have had reports of this vulnerability being exploited in the wild. This vulnerability affects Firefox < 131.0.2, Firefox ESR < 128.3.1, Firefox ESR < 115.16.1, Thunderbird < 131.0.1, Thunderbird < 128.3.1, and Thunderbird < 115.16.0.
Dangling pointer
An attacker was able to achieve code execution in the content process by exploiting a use-after-free in Animation timelines
CVE-2024-9680
9.8 - Critical
- October 09, 2024
An attacker was able to achieve code execution in the content process by exploiting a use-after-free in Animation timelines. We have had reports of this vulnerability being exploited in the wild. This vulnerability affects Firefox < 131.0.2, Firefox ESR < 128.3.1, Firefox ESR < 115.16.1, Thunderbird < 131.0.1, Thunderbird < 128.3.1, and Thunderbird < 115.16.0.
Dangling pointer
A missing delay in directory upload UI could have made it possible for an attacker to trick a user into granting permission
CVE-2024-9397
6.1 - Medium
- October 01, 2024
A missing delay in directory upload UI could have made it possible for an attacker to trick a user into granting permission via clickjacking. This vulnerability affects Firefox < 131, Firefox ESR < 128.3, Thunderbird < 128.3, and Thunderbird < 131.
Clickjacking
A compromised content process could have allowed for the arbitrary loading of cross-origin pages
CVE-2024-9392
- October 01, 2024
A compromised content process could have allowed for the arbitrary loading of cross-origin pages. This vulnerability affects Firefox < 131, Firefox ESR < 128.3, Firefox ESR < 115.16, Thunderbird < 128.3, and Thunderbird < 131.
An attacker could, via a specially crafted multipart response, execute arbitrary JavaScript under the `resource://pdf.js` origin
CVE-2024-9393
7.5 - High
- October 01, 2024
An attacker could, via a specially crafted multipart response, execute arbitrary JavaScript under the `resource://pdf.js` origin. This could allow them to access cross-origin PDF content. This access is limited to "same site" documents by the Site Isolation feature on desktop clients, but full cross-origin access is possible on Android versions. This vulnerability affects Firefox < 131, Firefox ESR < 128.3, Firefox ESR < 115.16, Thunderbird < 128.3, and Thunderbird < 131.
An attacker could, via a specially crafted multipart response, execute arbitrary JavaScript under the `resource://devtools` origin
CVE-2024-9394
7.5 - High
- October 01, 2024
An attacker could, via a specially crafted multipart response, execute arbitrary JavaScript under the `resource://devtools` origin. This could allow them to access cross-origin JSON content. This access is limited to "same site" documents by the Site Isolation feature on desktop clients, but full cross-origin access is possible on Android versions. This vulnerability affects Firefox < 131, Firefox ESR < 128.3, Firefox ESR < 115.16, Thunderbird < 128.3, and Thunderbird < 131.
It is currently unknown if this issue is exploitable but a condition may arise where the structured clone of certain objects could lead to memory corruption
CVE-2024-9396
- October 01, 2024
It is currently unknown if this issue is exploitable but a condition may arise where the structured clone of certain objects could lead to memory corruption. This vulnerability affects Firefox < 131, Firefox ESR < 128.3, Thunderbird < 128.3, and Thunderbird < 131.
A missing delay in directory upload UI could have made it possible for an attacker to trick a user into granting permission
CVE-2024-9397
6.1 - Medium
- October 01, 2024
A missing delay in directory upload UI could have made it possible for an attacker to trick a user into granting permission via clickjacking. This vulnerability affects Firefox < 131, Firefox ESR < 128.3, Thunderbird < 128.3, and Thunderbird < 131.
Clickjacking
By checking the result of calls to `window.open` with specifically set protocol handlers, an attacker could determine if the application which implements
CVE-2024-9398
5.3 - Medium
- October 01, 2024
By checking the result of calls to `window.open` with specifically set protocol handlers, an attacker could determine if the application which implements that protocol handler is installed. This vulnerability affects Firefox < 131, Firefox ESR < 128.3, Thunderbird < 128.3, and Thunderbird < 131.
A website configured to initiate a specially crafted WebTransport session could crash the Firefox process leading to a denial of service condition
CVE-2024-9399
7.5 - High
- October 01, 2024
A website configured to initiate a specially crafted WebTransport session could crash the Firefox process leading to a denial of service condition. This vulnerability affects Firefox < 131, Firefox ESR < 128.3, Thunderbird < 128.3, and Thunderbird < 131.
A potential memory corruption vulnerability could be triggered if an attacker had the ability to trigger an OOM at a specific moment during JIT compilation
CVE-2024-9400
- October 01, 2024
A potential memory corruption vulnerability could be triggered if an attacker had the ability to trigger an OOM at a specific moment during JIT compilation. This vulnerability affects Firefox < 131, Firefox ESR < 128.3, Thunderbird < 128.3, and Thunderbird < 131.
Memory safety bugs present in Firefox 130, Firefox ESR 115.15, Firefox ESR 128.2, and Thunderbird 128.2
CVE-2024-9401
- October 01, 2024
Memory safety bugs present in Firefox 130, Firefox ESR 115.15, Firefox ESR 128.2, and Thunderbird 128.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 131, Firefox ESR < 128.3, Firefox ESR < 115.16, Thunderbird < 128.3, and Thunderbird < 131.
Memory safety bugs present in Firefox 130, Firefox ESR 128.2, and Thunderbird 128.2
CVE-2024-9402
- October 01, 2024
Memory safety bugs present in Firefox 130, Firefox ESR 128.2, and Thunderbird 128.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 131, Firefox ESR < 128.3, Thunderbird < 128.3, and Thunderbird < 131.
Memory safety bugs present in Firefox 130
CVE-2024-9403
- October 01, 2024
Memory safety bugs present in Firefox 130. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 131 and Thunderbird < 131.
A compromised content process could have allowed for the arbitrary loading of cross-origin pages
CVE-2024-9392
- October 01, 2024
A compromised content process could have allowed for the arbitrary loading of cross-origin pages. This vulnerability affects Firefox < 131, Firefox ESR < 128.3, Firefox ESR < 115.16, Thunderbird < 128.3, and Thunderbird < 131.
An attacker could, via a specially crafted multipart response, execute arbitrary JavaScript under the `resource://pdf.js` origin
CVE-2024-9393
7.5 - High
- October 01, 2024
An attacker could, via a specially crafted multipart response, execute arbitrary JavaScript under the `resource://pdf.js` origin. This could allow them to access cross-origin PDF content. This access is limited to "same site" documents by the Site Isolation feature on desktop clients, but full cross-origin access is possible on Android versions. This vulnerability affects Firefox < 131, Firefox ESR < 128.3, Firefox ESR < 115.16, Thunderbird < 128.3, and Thunderbird < 131.
An attacker could, via a specially crafted multipart response, execute arbitrary JavaScript under the `resource://devtools` origin
CVE-2024-9394
7.5 - High
- October 01, 2024
An attacker could, via a specially crafted multipart response, execute arbitrary JavaScript under the `resource://devtools` origin. This could allow them to access cross-origin JSON content. This access is limited to "same site" documents by the Site Isolation feature on desktop clients, but full cross-origin access is possible on Android versions. This vulnerability affects Firefox < 131, Firefox ESR < 128.3, Firefox ESR < 115.16, Thunderbird < 128.3, and Thunderbird < 131.
It is currently unknown if this issue is exploitable but a condition may arise where the structured clone of certain objects could lead to memory corruption
CVE-2024-9396
- October 01, 2024
It is currently unknown if this issue is exploitable but a condition may arise where the structured clone of certain objects could lead to memory corruption. This vulnerability affects Firefox < 131, Firefox ESR < 128.3, Thunderbird < 128.3, and Thunderbird < 131.
A missing delay in directory upload UI could have made it possible for an attacker to trick a user into granting permission
CVE-2024-9397
6.1 - Medium
- October 01, 2024
A missing delay in directory upload UI could have made it possible for an attacker to trick a user into granting permission via clickjacking. This vulnerability affects Firefox < 131, Firefox ESR < 128.3, Thunderbird < 128.3, and Thunderbird < 131.
Clickjacking
By checking the result of calls to `window.open` with specifically set protocol handlers, an attacker could determine if the application which implements
CVE-2024-9398
5.3 - Medium
- October 01, 2024
By checking the result of calls to `window.open` with specifically set protocol handlers, an attacker could determine if the application which implements that protocol handler is installed. This vulnerability affects Firefox < 131, Firefox ESR < 128.3, Thunderbird < 128.3, and Thunderbird < 131.
A website configured to initiate a specially crafted WebTransport session could crash the Firefox process leading to a denial of service condition
CVE-2024-9399
7.5 - High
- October 01, 2024
A website configured to initiate a specially crafted WebTransport session could crash the Firefox process leading to a denial of service condition. This vulnerability affects Firefox < 131, Firefox ESR < 128.3, Thunderbird < 128.3, and Thunderbird < 131.
A potential memory corruption vulnerability could be triggered if an attacker had the ability to trigger an OOM at a specific moment during JIT compilation
CVE-2024-9400
- October 01, 2024
A potential memory corruption vulnerability could be triggered if an attacker had the ability to trigger an OOM at a specific moment during JIT compilation. This vulnerability affects Firefox < 131, Firefox ESR < 128.3, Thunderbird < 128.3, and Thunderbird < 131.
Memory safety bugs present in Firefox 130, Firefox ESR 115.15, Firefox ESR 128.2, and Thunderbird 128.2
CVE-2024-9401
- October 01, 2024
Memory safety bugs present in Firefox 130, Firefox ESR 115.15, Firefox ESR 128.2, and Thunderbird 128.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 131, Firefox ESR < 128.3, Firefox ESR < 115.16, Thunderbird < 128.3, and Thunderbird < 131.
Memory safety bugs present in Firefox 130, Firefox ESR 128.2, and Thunderbird 128.2
CVE-2024-9402
- October 01, 2024
Memory safety bugs present in Firefox 130, Firefox ESR 128.2, and Thunderbird 128.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 131, Firefox ESR < 128.3, Thunderbird < 128.3, and Thunderbird < 131.
A compromised content process could have allowed for the arbitrary loading of cross-origin pages
CVE-2024-9392
- October 01, 2024
A compromised content process could have allowed for the arbitrary loading of cross-origin pages. This vulnerability affects Firefox < 131, Firefox ESR < 128.3, Firefox ESR < 115.16, Thunderbird < 128.3, and Thunderbird < 131.
An attacker could, via a specially crafted multipart response, execute arbitrary JavaScript under the `resource://pdf.js` origin
CVE-2024-9393
7.5 - High
- October 01, 2024
An attacker could, via a specially crafted multipart response, execute arbitrary JavaScript under the `resource://pdf.js` origin. This could allow them to access cross-origin PDF content. This access is limited to "same site" documents by the Site Isolation feature on desktop clients, but full cross-origin access is possible on Android versions. This vulnerability affects Firefox < 131, Firefox ESR < 128.3, Firefox ESR < 115.16, Thunderbird < 128.3, and Thunderbird < 131.
An attacker could, via a specially crafted multipart response, execute arbitrary JavaScript under the `resource://devtools` origin
CVE-2024-9394
7.5 - High
- October 01, 2024
An attacker could, via a specially crafted multipart response, execute arbitrary JavaScript under the `resource://devtools` origin. This could allow them to access cross-origin JSON content. This access is limited to "same site" documents by the Site Isolation feature on desktop clients, but full cross-origin access is possible on Android versions. This vulnerability affects Firefox < 131, Firefox ESR < 128.3, Firefox ESR < 115.16, Thunderbird < 128.3, and Thunderbird < 131.
It is currently unknown if this issue is exploitable but a condition may arise where the structured clone of certain objects could lead to memory corruption
CVE-2024-9396
- October 01, 2024
It is currently unknown if this issue is exploitable but a condition may arise where the structured clone of certain objects could lead to memory corruption. This vulnerability affects Firefox < 131, Firefox ESR < 128.3, Thunderbird < 128.3, and Thunderbird < 131.
A specially crafted filename containing a large number of spaces could obscure the file's extension when displayed in the download dialog
CVE-2024-9395
- October 01, 2024
A specially crafted filename containing a large number of spaces could obscure the file's extension when displayed in the download dialog. *This bug only affects Firefox for Android. Other versions of Firefox are unaffected.* This vulnerability affects Firefox < 131.
An attacker could, via a specially crafted multipart response, execute arbitrary JavaScript under the `resource://devtools` origin
CVE-2024-9394
7.5 - High
- October 01, 2024
An attacker could, via a specially crafted multipart response, execute arbitrary JavaScript under the `resource://devtools` origin. This could allow them to access cross-origin JSON content. This access is limited to "same site" documents by the Site Isolation feature on desktop clients, but full cross-origin access is possible on Android versions. This vulnerability affects Firefox < 131, Firefox ESR < 128.3, Firefox ESR < 115.16, Thunderbird < 128.3, and Thunderbird < 131.