Mozilla Mozilla

  1. Vendors
  2. Mozilla

Don't miss out!

Thousands of developers use stack.watch to stay informed.
Get an email whenever new security vulnerabilities are reported in any Mozilla product.

Products by Mozilla Sorted by Most Security Vulnerabilities since 2018

Mozilla Firefox1458 vulnerabilities
Open source web browser

Mozilla Thunderbird879 vulnerabilities
Email client

Mozilla FireFox Extended Support Release (ESR)785 vulnerabilities

Mozilla SeaMonkey286 vulnerabilities
Browser, email and newsgroup client

Mozilla Thunderbird Esr217 vulnerabilities

Mozilla Network Security Services27 vulnerabilities

Mozilla Firefox Mobile20 vulnerabilities

Mozilla Focus15 vulnerabilities

Mozilla Firefox Focus12 vulnerabilities

Mozilla7 vulnerabilities

Mozilla Firefox Os5 vulnerabilities

Mozilla Bleach5 vulnerabilities

Mozilla Nss4 vulnerabilities

Mozilla Vpn3 vulnerabilities

Mozilla Pollbot2 vulnerabilities

Mozilla Zamboni1 vulnerability

Mozilla Netscape Portable Runtime1 vulnerability

Mozilla Common Voice1 vulnerability

Recent Mozilla Security Advisories

Advisory Title Published
mfsa2025-17 Security Vulnerabilities fixed in Thunderbird 136 mfsa2025-17 March 4, 2025
mfsa2025-15 Security Vulnerabilities fixed in Firefox ESR 115.21 mfsa2025-15 March 4, 2025
mfsa2025-14 Security Vulnerabilities fixed in Firefox 136 mfsa2025-14 March 4, 2025
mfsa2025-16 Security Vulnerabilities fixed in Firefox ESR 128.8 mfsa2025-16 March 4, 2025
mfsa2025-18 Security Vulnerabilities fixed in Thunderbird ESR 128.8 mfsa2025-18 March 4, 2025
mfsa2025-13 Security Vulnerabilities fixed in Firefox for iOS 136 mfsa2025-13 February 24, 2025
mfsa2025-12 Security Vulnerabilities fixed in Firefox 135.0.1 mfsa2025-12 February 18, 2025
mfsa2025-11 Security Vulnerabilities fixed in Thunderbird 135 mfsa2025-11 February 4, 2025
mfsa2025-08 Security Vulnerabilities fixed in Firefox ESR 115.20 mfsa2025-08 February 4, 2025
mfsa2025-07 Security Vulnerabilities fixed in Firefox 135 mfsa2025-07 February 4, 2025

Known Exploited Mozilla Vulnerabilities

The following Mozilla vulnerabilities have been marked by CISA as Known to be Exploited by threat actors.

Title Description Added
Mozilla Firefox Use-After-Free Vulnerability Mozilla Firefox and Firefox ESR contain a use-after-free vulnerability in Animation timelines that allows for code execution in the content process.
CVE-2024-9680 Exploit Probability: 34.5% 		October 15, 2024
Mozilla Firefox, Firefox ESR, and Thunderbird Use-After-Free Vulnerability Mozilla Firefox, Firefox ESR, and Thunderbird contain a use-after-free vulnerability in SVG Animation, targeting Firefox and Tor browser users on Windows.
CVE-2016-9079 Exploit Probability: 85.1% 		June 22, 2023
Mozilla Firefox Security Feature Bypass Vulnerability Moxilla Firefox allows remote attackers to bypass the Same Origin Policy to read arbitrary files or gain privileges.
CVE-2015-4495 Exploit Probability: 89.7% 		May 25, 2022
Mozilla Firefox and Thunderbird Type Confusion Vulnerability Mozilla Firefox and Thunderbird contain a type confusion vulnerability that can occur when manipulating JavaScript objects due to issues in Array.pop, allowing for an exploitable crash.
CVE-2019-11707 Exploit Probability: 83.2% 		May 23, 2022
Mozilla Firefox and Thunderbird Sandbox Escape Vulnerability Mozilla Firefox and Thunderbird contain a sandbox escape vulnerability that could result in remote code execution.
CVE-2019-11708 Exploit Probability: 65.7% 		May 23, 2022
Mozilla Firefox and Thunderbird Denial-of-Service Vulnerability Mozilla Firefox and Thunderbird do not properly handle onreadystatechange events in conjunction with page reloading, which allows remote attackers to cause a denial-of-service or possibly execute arbitrary code via a crafted web site.
CVE-2013-1690 Exploit Probability: 64.0% 		March 28, 2022
Mozilla Firefox Use-After-Free Vulnerability Mozilla Firefox contains a use-after-free vulnerability in WebGPU IPC Framework which can be exploited to perform arbitrary code execution.
CVE-2022-26486 Exploit Probability: 2.7% 		March 7, 2022
Mozilla Firefox Use-After-Free Vulnerability Mozilla Firefox contains a use-after-free vulnerability in XSLT parameter processing which can be exploited to perform arbitrary code execution.
CVE-2022-26485 Exploit Probability: 7.3% 		March 7, 2022
Mozilla Firefox Information Disclosure Vulnerability Mozilla Firefox does not properly initialize data structures for the nsDOMSVGZoomEvent::mPreviousScale and nsDOMSVGZoomEvent::mNewScale functions, which allows remote attackers to obtain sensitive information from process memory via a crafted web site.
CVE-2013-1675 Exploit Probability: 2.1% 		March 3, 2022
Mozilla Firefox 74 and Firefox ESR 68.6 nsDocShell vulnerability A race condition can cause a use-after-free when running the nsDocShell destructor. This vulnerability affects Thunderbird < 68.7.0, Firefox < 74.0.1, and Firefox ESR < 68.6.1.
CVE-2020-6819 Exploit Probability: 0.4% 		November 3, 2021
Mozilla Firefox 74 and Firefox ESR 68.6 ReadableStream vulnerability A race condition can cause a use-after-free when handling a ReadableStream. This vulnerability affects Thunderbird < 68.7.0, Firefox < 74.0.1, and Firefox ESR < 68.6.1.
CVE-2020-6820 Exploit Probability: 3.7% 		November 3, 2021
Mozilla Firefox IonMonkey JIT compiler Type Confusion Vulnerability Incorrect alias information in IonMonkey JIT compiler for setting array elements could lead to a type confusion. This vulnerability affects Firefox ESR < 68.4.1, Thunderbird < 68.4.1, and Firefox < 72.0.1
CVE-2019-17026 Exploit Probability: 48.8% 		November 3, 2021

Of the known exploited vulnerabilities above, 3 are in the top 1%, or the 99th percentile of the EPSS exploit probability rankings. 4 known exploited Mozilla vulnerabilities are in the top 5% (95th percentile or greater) of the EPSS exploit probability rankings.

By the Year

In 2025 there have been 45 vulnerabilities in Mozilla with an average score of 7.9 out of ten. Last year, in 2024 Mozilla had 202 security vulnerabilities published. Right now, Mozilla is on track to have less security vulnerabilities in 2025 than it did last year. However, the average CVE base score of the vulnerabilities in 2025 is greater by 0.84.




Year Vulnerabilities Average Score
2025 45 7.88
2024 202 7.04
2023 200 7.20
2022 186 7.44
2021 158 7.11
2020 180 7.27
2019 144 7.67
2018 156 7.89

It may take a day or so for new Mozilla vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Mozilla Security Vulnerabilities

Scanning certain QR codes

CVE-2025-27425 - March 04, 2025

Scanning certain QR codes that included text with a website URL could allow the URL to be opened without presenting the user with a confirmation alert first This vulnerability affects Firefox for iOS < 136.

Websites redirecting to a non-HTTP scheme URL could

CVE-2025-27424 - March 04, 2025

Websites redirecting to a non-HTTP scheme URL could allow a website address to be spoofed for a malicious page This vulnerability affects Firefox for iOS < 136.

Malicious websites utilizing a server-side redirect to an internal error page could result in a spoofed website URL This vulnerability affects Firefox for iOS < 136.

CVE-2025-27426 - March 04, 2025

Malicious websites utilizing a server-side redirect to an internal error page could result in a spoofed website URL This vulnerability affects Firefox for iOS < 136.

Memory safety bugs present in Firefox 135 and Thunderbird 135

CVE-2025-1943 - March 04, 2025

Memory safety bugs present in Firefox 135 and Thunderbird 135. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 136 and Thunderbird < 136.

When String.toUpperCase() caused a string to get longer it was possible for uninitialized memory to be incorporated into the result string This vulnerability affects Firefox < 136 and Thunderbird < 136.

CVE-2025-1942 - March 04, 2025

When String.toUpperCase() caused a string to get longer it was possible for uninitialized memory to be incorporated into the result string This vulnerability affects Firefox < 136 and Thunderbird < 136.

Under certain circumstances, a user opt-in setting

CVE-2025-1941 - March 04, 2025

Under certain circumstances, a user opt-in setting that Focus should require authentication before use could have been be bypassed (distinct from CVE-2025-0245). This vulnerability affects Firefox < 136.

A select option could partially obscure the confirmation prompt shown before launching external apps

CVE-2025-1940 - March 04, 2025

A select option could partially obscure the confirmation prompt shown before launching external apps. This could be used to trick a user in to launching an external app unexpectedly. *This issue only affects Android versions of Firefox.* This vulnerability affects Firefox < 136.

Android apps can load web pages using the Custom Tabs feature

CVE-2025-1939 - March 04, 2025

Android apps can load web pages using the Custom Tabs feature. This feature supports a transition animation that could have been used to trick a user into granting sensitive permissions by hiding what the user was actually clicking. This vulnerability affects Firefox < 136.

Memory safety bugs present in Firefox 135, Thunderbird 135, Firefox ESR 128.7, and Thunderbird 128.7

CVE-2025-1938 - March 04, 2025

Memory safety bugs present in Firefox 135, Thunderbird 135, Firefox ESR 128.7, and Thunderbird 128.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 136, Firefox ESR < 128.8, Thunderbird < 136, and Thunderbird < 128.8.

Memory safety bugs present in Firefox 135, Thunderbird 135, Firefox ESR 115.20, Firefox ESR 128.7, and Thunderbird 128.7

CVE-2025-1937 - March 04, 2025

Memory safety bugs present in Firefox 135, Thunderbird 135, Firefox ESR 115.20, Firefox ESR 128.7, and Thunderbird 128.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 136, Firefox ESR < 115.21, Firefox ESR < 128.8, Thunderbird < 136, and Thunderbird < 128.8.

jar: URLs retrieve local file content packaged in a ZIP archive

CVE-2025-1936 - March 04, 2025

jar: URLs retrieve local file content packaged in a ZIP archive. The null and everything after it was ignored when retrieving the content from the archive, but the fake extension after the null was used to determine the type of content. This could have been used to hide code in a web extension disguised as something else like an image. This vulnerability affects Firefox < 136, Firefox ESR < 128.8, Thunderbird < 136, and Thunderbird < 128.8.

A web page could trick a user into setting that site as the default handler for a custom URL protocol

CVE-2025-1935 - March 04, 2025

A web page could trick a user into setting that site as the default handler for a custom URL protocol. This vulnerability affects Firefox < 136, Firefox ESR < 128.8, Thunderbird < 136, and Thunderbird < 128.8.

It was possible to interrupt the processing of a RegExp bailout and run additional JavaScript

CVE-2025-1934 - March 04, 2025

It was possible to interrupt the processing of a RegExp bailout and run additional JavaScript, potentially triggering garbage collection when the engine was not expecting it. This vulnerability affects Firefox < 136, Firefox ESR < 128.8, Thunderbird < 136, and Thunderbird < 128.8.

On 64-bit CPUs, when the JIT compiles WASM i32 return values they can pick up bits from left over memory

CVE-2025-1933 - March 04, 2025

On 64-bit CPUs, when the JIT compiles WASM i32 return values they can pick up bits from left over memory. This can potentially cause them to be treated as a different type. This vulnerability affects Firefox < 136, Firefox ESR < 115.21, Firefox ESR < 128.8, Thunderbird < 136, and Thunderbird < 128.8.

An inconsistent comparator in xslt/txNodeSorter could have resulted in potentially exploitable out-of-bounds access

CVE-2025-1932 - March 04, 2025

An inconsistent comparator in xslt/txNodeSorter could have resulted in potentially exploitable out-of-bounds access. Only affected version 122 and later. This vulnerability affects Firefox < 136, Firefox ESR < 128.8, Thunderbird < 136, and Thunderbird < 128.8.

It was possible to cause a use-after-free in the content process side of a WebTransport connection

CVE-2025-1931 - March 04, 2025

It was possible to cause a use-after-free in the content process side of a WebTransport connection, leading to a potentially exploitable crash. This vulnerability affects Firefox < 136, Firefox ESR < 115.21, Firefox ESR < 128.8, Thunderbird < 136, and Thunderbird < 128.8.

On Windows, a compromised content process could use bad StreamData sent over AudioIPC to trigger a use-after-free in the Browser process

CVE-2025-1930 - March 04, 2025

On Windows, a compromised content process could use bad StreamData sent over AudioIPC to trigger a use-after-free in the Browser process. This could have led to a sandbox escape. This vulnerability affects Firefox < 136, Firefox ESR < 115.21, Firefox ESR < 128.8, Thunderbird < 136, and Thunderbird < 128.8.

Memory safety bugs present in Firefox 135

CVE-2025-1414 - February 18, 2025

Memory safety bugs present in Firefox 135. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 135.0.1.

The Thunderbird Address Book URI fields contained unsanitized links

CVE-2025-1015 5.4 - Medium - February 04, 2025

The Thunderbird Address Book URI fields contained unsanitized links. This could be used by an attacker to create and export an address book containing a malicious payload in a field. For example, in the Other field of the Instant Messaging section. If another user imported the address book, clicking on the link could result in opening a web page inside Thunderbird, and that page could execute (unprivileged) JavaScript. This vulnerability affects Thunderbird < 128.7 and Thunderbird < 135.

Memory safety bugs present in Firefox 134 and Thunderbird 134

CVE-2025-1020 9.8 - Critical - February 04, 2025

Memory safety bugs present in Firefox 134 and Thunderbird 134. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 135 and Thunderbird < 135.

Memory Corruption

Memory safety bugs present in Firefox 134, Thunderbird 134, Firefox ESR 128.6, and Thunderbird 128.6

CVE-2025-1017 9.8 - Critical - February 04, 2025

Memory safety bugs present in Firefox 134, Thunderbird 134, Firefox ESR 128.6, and Thunderbird 128.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 135, Firefox ESR < 128.7, Thunderbird < 128.7, and Thunderbird < 135.

Memory Corruption

Memory safety bugs present in Firefox 134

CVE-2025-1016 9.8 - Critical - February 04, 2025

Memory safety bugs present in Firefox 134, Thunderbird 134, Firefox ESR 115.19, Firefox ESR 128.6, Thunderbird 115.19, and Thunderbird 128.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 135, Firefox ESR < 115.20, Firefox ESR < 128.7, Thunderbird < 128.7, and Thunderbird < 135.

Memory Corruption

Thunderbird displayed an incorrect sender address if the From field of an email used the invalid group name syntax

CVE-2025-0510 6.5 - Medium - February 04, 2025

Thunderbird displayed an incorrect sender address if the From field of an email used the invalid group name syntax that is described in CVE-2024-49040. This vulnerability affects Thunderbird < 128.7 and Thunderbird < 135.

Certificate length was not properly checked when added to a certificate store

CVE-2025-1014 8.8 - High - February 04, 2025

Certificate length was not properly checked when added to a certificate store. In practice only trusted data was processed. This vulnerability affects Firefox < 135, Firefox ESR < 128.7, Thunderbird < 128.7, and Thunderbird < 135.

Improper Certificate Validation

A race condition could have led to private browsing tabs being opened in normal browsing windows

CVE-2025-1013 - February 04, 2025

A race condition could have led to private browsing tabs being opened in normal browsing windows. This could have resulted in a potential privacy leak. This vulnerability affects Firefox < 135, Firefox ESR < 128.7, Thunderbird < 128.7, and Thunderbird < 135.

The z-order of the browser windows could be manipulated to hide the fullscreen notification

CVE-2025-1019 4.3 - Medium - February 04, 2025

The z-order of the browser windows could be manipulated to hide the fullscreen notification. This could potentially be leveraged to perform a spoofing attack. This vulnerability affects Firefox < 135 and Thunderbird < 135.

Clickjacking

A race during concurrent delazification could have led to a use-after-free

CVE-2025-1012 7.5 - High - February 04, 2025

A race during concurrent delazification could have led to a use-after-free. This vulnerability affects Firefox < 135, Firefox ESR < 115.20, Firefox ESR < 128.7, Thunderbird < 128.7, and Thunderbird < 135.

Dangling pointer

A bug in WebAssembly code generation could have lead to a crash

CVE-2025-1011 8.8 - High - February 04, 2025

A bug in WebAssembly code generation could have lead to a crash. It may have been possible for an attacker to leverage this to achieve code execution. This vulnerability affects Firefox < 135, Firefox ESR < 128.7, Thunderbird < 128.7, and Thunderbird < 135.

The fullscreen notification is prematurely hidden when fullscreen is re-requested quickly by the user

CVE-2025-1018 5.3 - Medium - February 04, 2025

The fullscreen notification is prematurely hidden when fullscreen is re-requested quickly by the user. This could have been leveraged to perform a potential spoofing attack. This vulnerability affects Firefox < 135 and Thunderbird < 135.

Clickjacking

An attacker could have caused a use-after-free via the Custom Highlight API, leading to a potentially exploitable crash

CVE-2025-1010 8.8 - High - February 04, 2025

An attacker could have caused a use-after-free via the Custom Highlight API, leading to a potentially exploitable crash. This vulnerability affects Firefox < 135, Firefox ESR < 115.20, Firefox ESR < 128.7, Thunderbird < 128.7, and Thunderbird < 135.

Dangling pointer

An attacker could have caused a use-after-free via crafted XSLT data, leading to a potentially exploitable crash

CVE-2025-1009 9.8 - Critical - February 04, 2025

An attacker could have caused a use-after-free via crafted XSLT data, leading to a potentially exploitable crash. This vulnerability affects Firefox < 135, Firefox ESR < 115.20, Firefox ESR < 128.7, Thunderbird < 128.7, and Thunderbird < 135.

Dangling pointer

Long hostnames in URLs could be leveraged to obscure the actual host of the website or spoof the website address This vulnerability affects Firefox for iOS < 134.

CVE-2025-23109 - January 11, 2025

Long hostnames in URLs could be leveraged to obscure the actual host of the website or spoof the website address This vulnerability affects Firefox for iOS < 134.

Opening Javascript links in a new tab

CVE-2025-23108 - January 11, 2025

Opening Javascript links in a new tab via long-press in the Firefox iOS client could result in a malicious script spoofing the URL of the new tab. This vulnerability affects Firefox for iOS < 134.

Memory safety bugs present in Firefox 133 and Thunderbird 133

CVE-2025-0247 - January 07, 2025

Memory safety bugs present in Firefox 133 and Thunderbird 133. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 134 and Thunderbird < 134.

When using an invalid protocol scheme, an attacker could spoof the address bar

CVE-2025-0246 - January 07, 2025

When using an invalid protocol scheme, an attacker could spoof the address bar. *Note: This issue only affected Android operating systems. Other operating systems are unaffected.* *Note: This issue is a different issue from CVE-2025-0244. This vulnerability affects Firefox < 134.

Under certain circumstances, a user opt-in setting that Focus should require authentication before use could have been be bypassed

CVE-2025-0245 - January 07, 2025

Under certain circumstances, a user opt-in setting that Focus should require authentication before use could have been be bypassed. This vulnerability affects Firefox < 134.

When redirecting to an invalid protocol scheme, an attacker could spoof the address bar

CVE-2025-0244 - January 07, 2025

When redirecting to an invalid protocol scheme, an attacker could spoof the address bar. *Note: This issue only affected Android operating systems. Other operating systems are unaffected.* This vulnerability affects Firefox < 134.

Memory safety bugs present in Firefox 133, Thunderbird 133, Firefox ESR 128.5, and Thunderbird 128.5

CVE-2025-0243 - January 07, 2025

Memory safety bugs present in Firefox 133, Thunderbird 133, Firefox ESR 128.5, and Thunderbird 128.5. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 134, Firefox ESR < 128.6, Thunderbird < 134, and Thunderbird < 128.6.

When segmenting specially crafted text, segmentation would corrupt memory leading to a potentially exploitable crash

CVE-2025-0241 - January 07, 2025

When segmenting specially crafted text, segmentation would corrupt memory leading to a potentially exploitable crash. This vulnerability affects Firefox < 134, Firefox ESR < 128.6, Thunderbird < 134, and Thunderbird < 128.6.

Parsing a JavaScript module as JSON could, under some circumstances, cause cross-compartment access, which may result in a use-after-free

CVE-2025-0240 - January 07, 2025

Parsing a JavaScript module as JSON could, under some circumstances, cause cross-compartment access, which may result in a use-after-free. This vulnerability affects Firefox < 134, Firefox ESR < 128.6, Thunderbird < 134, and Thunderbird < 128.6.

When using Alt-Svc, ALPN did not properly validate certificates when the original server is redirecting to an insecure site

CVE-2025-0239 - January 07, 2025

When using Alt-Svc, ALPN did not properly validate certificates when the original server is redirecting to an insecure site. This vulnerability affects Firefox < 134, Firefox ESR < 128.6, Thunderbird < 134, and Thunderbird < 128.6.

The WebChannel API

CVE-2025-0237 - January 07, 2025

The WebChannel API, which is used to transport various information across processes, did not check the sending principal but rather accepted the principal being sent. This could have led to privilege escalation attacks. This vulnerability affects Firefox < 134, Firefox ESR < 128.6, Thunderbird < 134, and Thunderbird < 128.6.

Memory safety bugs present in Firefox 133

CVE-2025-0242 - January 07, 2025

Memory safety bugs present in Firefox 133, Thunderbird 133, Firefox ESR 115.18, Firefox ESR 128.5, Thunderbird 115.18, and Thunderbird 128.5. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 134, Firefox ESR < 128.6, Firefox ESR < 115.19, Thunderbird < 134, and Thunderbird < 128.6.

Assuming a controlled failed memory allocation, an attacker could have caused a use-after-free, leading to a potentially exploitable crash

CVE-2025-0238 - January 07, 2025

Assuming a controlled failed memory allocation, an attacker could have caused a use-after-free, leading to a potentially exploitable crash. This vulnerability affects Firefox < 134, Firefox ESR < 128.6, Firefox ESR < 115.19, Thunderbird < 134, and Thunderbird < 128.6.

In resizeToAtLeast of SkRegion.cpp, there is a possible out of bounds write due to an integer overflow

CVE-2024-43097 - January 03, 2025

In resizeToAtLeast of SkRegion.cpp, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

A vulnerability has been found in Talentera up to 20241128 and classified as problematic

CVE-2024-12346 - December 09, 2024

A vulnerability has been found in Talentera up to 20241128 and classified as problematic. This vulnerability affects unknown code of the file /app/control/byt_cv_manager. The manipulation of the argument redirect_url leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The provided PoC only works in Mozilla Firefox. The vendor was contacted early about this disclosure but did not respond in any way.

XSS

Android Firefox Saved Password Exposure Vulnerability

CVE-2024-11703 - November 26, 2024

On Android, Firefox may have inadvertently allowed viewing saved passwords without the required device PIN authentication. This vulnerability affects Firefox < 133.

Firefox for iOS URL Bar Spoofing Vulnerability

CVE-2024-53976 - November 26, 2024

Under certain circumstances, navigating to a webpage would result in the address missing from the location URL bar, making it unclear what the URL was for the loaded webpage. This vulnerability affects Firefox for iOS < 133.

Firefox for iOS SSL Padlock Misrepresentation Vulnerability

CVE-2024-53975 - November 26, 2024

Accessing a non-secure HTTP site that uses a non-existent port may cause the SSL padlock icon in the location URL bar to, misleadingly, appear secure. This vulnerability affects Firefox for iOS < 133.

Firefox and Thunderbird: Data Race Vulnerability in PlaybackParams Structure

CVE-2024-11708 - November 26, 2024

Missing thread synchronization primitives could have led to a data race on members of the PlaybackParams structure. This vulnerability affects Firefox < 133 and Thunderbird < 133.

Null Pointer Dereference in Mozilla Firefox and Thunderbird's pk12util SEC_ASN1DecodeItem_Util Funct

CVE-2024-11706 - November 26, 2024

A null pointer dereference may have inadvertently occurred in `pk12util`, and specifically in the `SEC_ASN1DecodeItem_Util` function, when handling malformed or improperly formatted input files. This vulnerability affects Firefox < 133 and Thunderbird < 133.

Mozilla Firefox and Thunderbird PKCS#11 Key Derivation Null Pointer Dereference Vulnerability

CVE-2024-11705 - November 26, 2024

`NSC_DeriveKey` inadvertently assumed that the `phKey` parameter is always non-NULL. When it was passed as NULL, a segmentation fault (SEGV) occurred, leading to crashes. This behavior conflicted with the PKCS#11 v3.0 specification, which allows `phKey` to be NULL for certain mechanisms. This vulnerability affects Firefox < 133 and Thunderbird < 133.

Mozilla Firefox and Thunderbird Double-Free Vulnerability in PKCS7 Decoder

CVE-2024-11704 - November 26, 2024

A double-free issue could have occurred in `sec_pkcs7_decoder_start_decrypt()` when handling an error path. Under specific conditions, the same symmetric key could have been freed twice, potentially leading to memory corruption. This vulnerability affects Firefox < 133, Thunderbird < 133, Firefox ESR < 128.7, and Thunderbird < 128.7.

Firefox and Thunderbird Android Private Browsing Clipboard Leak Vulnerability

CVE-2024-11702 - November 26, 2024

Copying sensitive information from Private Browsing tabs on Android, such as passwords, may have inadvertently stored data in the cloud-based clipboard history if enabled. This vulnerability affects Firefox < 133 and Thunderbird < 133.

Firefox and Thunderbird: Address Bar Domain Spoofing Vulnerability

CVE-2024-11701 - November 26, 2024

The incorrect domain may have been displayed in the address bar during an interrupted navigation attempt. This could have led to user confusion and possible spoofing attacks. This vulnerability affects Firefox < 133 and Thunderbird < 133.

Firefox and Thunderbird Tapjacking Vulnerability

CVE-2024-11700 - November 26, 2024

Malicious websites may have been able to perform user intent confirmation through tapjacking. This could have led to users unknowingly approving the launch of external applications, potentially exposing them to underlying vulnerabilities. This vulnerability affects Firefox < 133 and Thunderbird < 133.

Multiple Memory Safety Vulnerabilities in Mozilla Firefox and Thunderbird

CVE-2024-11699 - November 26, 2024

Memory safety bugs present in Firefox 132, Firefox ESR 128.4, and Thunderbird 128.4. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 133, Firefox ESR < 128.5, Thunderbird < 133, and Thunderbird < 128.5.

Firefox and Thunderbird Fullscreen Transition Vulnerability on macOS

CVE-2024-11698 - November 26, 2024

A flaw in handling fullscreen transitions may have inadvertently caused the application to become stuck in fullscreen mode when a modal dialog was opened during the transition. This issue left users unable to exit fullscreen mode using standard actions like pressing "Esc" or accessing right-click menus, resulting in a disrupted browsing experience until the browser is restarted. *This bug only affects the application when running on macOS. Other operating systems are unaffected.* This vulnerability affects Firefox < 133, Firefox ESR < 128.5, Thunderbird < 133, and Thunderbird < 128.5.

Firefox and Thunderbird Keypress Event Handling Bypass Vulnerability

CVE-2024-11697 - November 26, 2024

When handling keypress events, an attacker may have been able to trick a user into bypassing the "Open Executable File?" confirmation dialog. This could have led to malicious code execution. This vulnerability affects Firefox < 133, Firefox ESR < 128.5, Thunderbird < 133, and Thunderbird < 128.5.

Mozilla Firefox and Thunderbird Add-on Signature Validation Bypass Vulnerability

CVE-2024-11696 - November 26, 2024

The application failed to account for exceptions thrown by the `loadManifestFromFile` method during add-on signature verification. This flaw, triggered by an invalid or unsupported extension manifest, could have caused runtime errors that disrupted the signature validation process. As a result, the enforcement of signature validation for unrelated add-ons may have been bypassed. Signature validation in this context is used to ensure that third-party applications on the user's computer have not tampered with the user's extensions, limiting the impact of this issue. This vulnerability affects Firefox < 133, Firefox ESR < 128.5, Thunderbird < 133, and Thunderbird < 128.5.

Mozilla Firefox and Thunderbird URL Spoofing Vulnerability via Arabic Script and Whitespace

CVE-2024-11695 - November 26, 2024

A crafted URL containing Arabic script and whitespace characters could have hidden the true origin of the page, resulting in a potential spoofing attack. This vulnerability affects Firefox < 133, Firefox ESR < 128.5, Thunderbird < 133, and Thunderbird < 128.5.

Mozilla Firefox and Thunderbird CSP Bypass and DOM-based XSS Vulnerability in Google SafeFrame Shim

CVE-2024-11694 - November 26, 2024

Enhanced Tracking Protection's Strict mode may have inadvertently allowed a CSP `frame-src` bypass and DOM-based XSS through the Google SafeFrame shim in the Web Compatibility extension. This issue could have exposed users to malicious frames masquerading as legitimate content. This vulnerability affects Firefox < 133, Firefox ESR < 128.5, Firefox ESR < 115.18, Thunderbird < 133, Thunderbird < 128.5, and Thunderbird < 115.18.

Windows: Missing Executable File Warning for .library-ms Files in Firefox and Thunderbird

CVE-2024-11693 - November 26, 2024

The executable file warning was not presented when downloading .library-ms files. *Note: This issue only affected Windows operating systems. Other operating systems are unaffected.* This vulnerability affects Firefox < 133, Firefox ESR < 128.5, Thunderbird < 133, and Thunderbird < 128.5.

Firefox and Thunderbird UI Spoofing Vulnerability in Tab Interface

CVE-2024-11692 - November 26, 2024

An attacker could cause a select dropdown to be shown over another tab; this could have led to user confusion and possible spoofing attacks. This vulnerability affects Firefox < 133, Firefox ESR < 128.5, Thunderbird < 133, and Thunderbird < 128.5.

Memory Corruption Vulnerability in Apple GPU Driver

CVE-2024-11691 - November 26, 2024

Certain WebGL operations on Apple silicon M series devices could have lead to an out-of-bounds write and memory corruption due to a flaw in Apple's GPU driver. *This bug only affected the application on Apple M series hardware. Other platforms were unaffected.* This vulnerability affects Firefox < 133, Firefox ESR < 128.5, Firefox ESR < 115.18, Thunderbird < 133, Thunderbird < 128.5, and Thunderbird < 115.18.

Thunderbird OpenPGP Remote Content Plaintext Disclosure Vulnerability

CVE-2024-11159 4.3 - Medium - November 13, 2024

Using remote content in OpenPGP encrypted messages can lead to the disclosure of plaintext. This vulnerability affects Thunderbird < 128.4.3 and Thunderbird < 132.0.1.

Microsoft Exchange Server Spoofing Vulnerability

CVE-2024-49040 7.5 - High - November 12, 2024

Microsoft Exchange Server Spoofing Vulnerability

User Interface (UI) Misrepresentation of Critical Information

matrix-js-sdk is a Matrix messaging protocol Client-Server SDK for JavaScript

CVE-2024-50336 - November 12, 2024

matrix-js-sdk is a Matrix messaging protocol Client-Server SDK for JavaScript. matrix-js-sdk before 34.11.0 is vulnerable to client-side path traversal via crafted MXC URIs. A malicious room member can trigger clients based on the matrix-js-sdk to issue arbitrary authenticated GET requests to the client's homeserver. Fixed in matrix-js-sdk 34.11.1.

Firefox URI Parsing Crash

CVE-2024-10941 6.5 - Medium - November 06, 2024

A malicious website could have included an iframe with an malformed URI resulting in a non-exploitable browser crash. This vulnerability affects Firefox < 126.

Truncation of a long URL could have allowed origin spoofing in a permission prompt

CVE-2024-10462 6.5 - Medium - October 29, 2024

Truncation of a long URL could have allowed origin spoofing in a permission prompt. This vulnerability affects Firefox < 132, Firefox ESR < 128.4, Thunderbird < 128.4, and Thunderbird < 132.

Authentication Bypass by Spoofing

A permission leak could have occurred from a trusted site to an untrusted site via `embed` or `object` elements

CVE-2024-10458 7.5 - High - October 29, 2024

A permission leak could have occurred from a trusted site to an untrusted site via `embed` or `object` elements. This vulnerability affects Firefox < 132, Firefox ESR < 128.4, Firefox ESR < 115.17, Thunderbird < 128.4, and Thunderbird < 132.

An attacker could have caused a use-after-free when accessibility was enabled, leading to a potentially exploitable crash

CVE-2024-10459 7.5 - High - October 29, 2024

An attacker could have caused a use-after-free when accessibility was enabled, leading to a potentially exploitable crash. This vulnerability affects Firefox < 132, Firefox ESR < 128.4, Firefox ESR < 115.17, Thunderbird < 128.4, and Thunderbird < 132.

Dangling pointer

The origin of an external protocol handler prompt could have been obscured using a data: URL within an `iframe`

CVE-2024-10460 5.3 - Medium - October 29, 2024

The origin of an external protocol handler prompt could have been obscured using a data: URL within an `iframe`. This vulnerability affects Firefox < 132, Firefox ESR < 128.4, Thunderbird < 128.4, and Thunderbird < 132.

In multipart/x-mixed-replace responses, `Content-Disposition: attachment` in the response header was not respected and did not force a download, which could

CVE-2024-10461 6.1 - Medium - October 29, 2024

In multipart/x-mixed-replace responses, `Content-Disposition: attachment` in the response header was not respected and did not force a download, which could allow XSS attacks. This vulnerability affects Firefox < 132, Firefox ESR < 128.4, Thunderbird < 128.4, and Thunderbird < 132.

XSS

Truncation of a long URL could have allowed origin spoofing in a permission prompt

CVE-2024-10462 6.5 - Medium - October 29, 2024

Truncation of a long URL could have allowed origin spoofing in a permission prompt. This vulnerability affects Firefox < 132, Firefox ESR < 128.4, Thunderbird < 128.4, and Thunderbird < 132.

Authentication Bypass by Spoofing

Video frames could have been leaked between origins in some situations

CVE-2024-10463 6.5 - Medium - October 29, 2024

Video frames could have been leaked between origins in some situations. This vulnerability affects Firefox < 132, Firefox ESR < 128.4, Firefox ESR < 115.17, Thunderbird < 128.4, and Thunderbird < 132.

Side Channel Attack

Potential race conditions in IndexedDB could have caused memory corruption, leading to a potentially exploitable crash

CVE-2024-10468 5.3 - Medium - October 29, 2024

Potential race conditions in IndexedDB could have caused memory corruption, leading to a potentially exploitable crash. This vulnerability affects Firefox < 132 and Thunderbird < 132.

Race Condition

Repeated writes to history interface attributes could have been used to cause a Denial of Service condition in the browser

CVE-2024-10464 6.5 - Medium - October 29, 2024

Repeated writes to history interface attributes could have been used to cause a Denial of Service condition in the browser. This was addressed by introducing rate-limiting to this API. This vulnerability affects Firefox < 132, Firefox ESR < 128.4, Thunderbird < 128.4, and Thunderbird < 132.

Out-of-bounds Read

A clipboard "paste" button could persist across tabs which allowed a spoofing attack

CVE-2024-10465 6.5 - Medium - October 29, 2024

A clipboard "paste" button could persist across tabs which allowed a spoofing attack. This vulnerability affects Firefox < 132, Firefox ESR < 128.4, Thunderbird < 128.4, and Thunderbird < 132.

Authentication Bypass by Spoofing

By sending a specially crafted push message, a remote server could have hung the parent process, causing the browser to become unresponsive

CVE-2024-10466 7.5 - High - October 29, 2024

By sending a specially crafted push message, a remote server could have hung the parent process, causing the browser to become unresponsive. This vulnerability affects Firefox < 132, Firefox ESR < 128.4, Thunderbird < 128.4, and Thunderbird < 132.

Memory safety bugs present in Firefox 131, Firefox ESR 128.3, and Thunderbird 128.3

CVE-2024-10467 8.8 - High - October 29, 2024

Memory safety bugs present in Firefox 131, Firefox ESR 128.3, and Thunderbird 128.3. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 132, Firefox ESR < 128.4, Thunderbird < 128.4, and Thunderbird < 132.

Memory Corruption

A permission leak could have occurred from a trusted site to an untrusted site via `embed` or `object` elements

CVE-2024-10458 7.5 - High - October 29, 2024

A permission leak could have occurred from a trusted site to an untrusted site via `embed` or `object` elements. This vulnerability affects Firefox < 132, Firefox ESR < 128.4, Firefox ESR < 115.17, Thunderbird < 128.4, and Thunderbird < 132.

An attacker could have caused a use-after-free when accessibility was enabled, leading to a potentially exploitable crash

CVE-2024-10459 7.5 - High - October 29, 2024

An attacker could have caused a use-after-free when accessibility was enabled, leading to a potentially exploitable crash. This vulnerability affects Firefox < 132, Firefox ESR < 128.4, Firefox ESR < 115.17, Thunderbird < 128.4, and Thunderbird < 132.

Dangling pointer

The origin of an external protocol handler prompt could have been obscured using a data: URL within an `iframe`

CVE-2024-10460 5.3 - Medium - October 29, 2024

The origin of an external protocol handler prompt could have been obscured using a data: URL within an `iframe`. This vulnerability affects Firefox < 132, Firefox ESR < 128.4, Thunderbird < 128.4, and Thunderbird < 132.

In multipart/x-mixed-replace responses, `Content-Disposition: attachment` in the response header was not respected and did not force a download, which could

CVE-2024-10461 6.1 - Medium - October 29, 2024

In multipart/x-mixed-replace responses, `Content-Disposition: attachment` in the response header was not respected and did not force a download, which could allow XSS attacks. This vulnerability affects Firefox < 132, Firefox ESR < 128.4, Thunderbird < 128.4, and Thunderbird < 132.

XSS

Video frames could have been leaked between origins in some situations

CVE-2024-10463 6.5 - Medium - October 29, 2024

Video frames could have been leaked between origins in some situations. This vulnerability affects Firefox < 132, Firefox ESR < 128.4, Firefox ESR < 115.17, Thunderbird < 128.4, and Thunderbird < 132.

Side Channel Attack

Repeated writes to history interface attributes could have been used to cause a Denial of Service condition in the browser

CVE-2024-10464 6.5 - Medium - October 29, 2024

Repeated writes to history interface attributes could have been used to cause a Denial of Service condition in the browser. This was addressed by introducing rate-limiting to this API. This vulnerability affects Firefox < 132, Firefox ESR < 128.4, Thunderbird < 128.4, and Thunderbird < 132.

Out-of-bounds Read

A clipboard "paste" button could persist across tabs which allowed a spoofing attack

CVE-2024-10465 6.5 - Medium - October 29, 2024

A clipboard "paste" button could persist across tabs which allowed a spoofing attack. This vulnerability affects Firefox < 132, Firefox ESR < 128.4, Thunderbird < 128.4, and Thunderbird < 132.

Authentication Bypass by Spoofing

By sending a specially crafted push message, a remote server could have hung the parent process, causing the browser to become unresponsive

CVE-2024-10466 7.5 - High - October 29, 2024

By sending a specially crafted push message, a remote server could have hung the parent process, causing the browser to become unresponsive. This vulnerability affects Firefox < 132, Firefox ESR < 128.4, Thunderbird < 128.4, and Thunderbird < 132.

Memory safety bugs present in Firefox 131, Firefox ESR 128.3, and Thunderbird 128.3

CVE-2024-10467 8.8 - High - October 29, 2024

Memory safety bugs present in Firefox 131, Firefox ESR 128.3, and Thunderbird 128.3. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 132, Firefox ESR < 128.4, Thunderbird < 128.4, and Thunderbird < 132.

Memory Corruption

A permission leak could have occurred from a trusted site to an untrusted site via `embed` or `object` elements

CVE-2024-10458 7.5 - High - October 29, 2024

A permission leak could have occurred from a trusted site to an untrusted site via `embed` or `object` elements. This vulnerability affects Firefox < 132, Firefox ESR < 128.4, Firefox ESR < 115.17, Thunderbird < 128.4, and Thunderbird < 132.

An attacker could have caused a use-after-free when accessibility was enabled, leading to a potentially exploitable crash

CVE-2024-10459 7.5 - High - October 29, 2024

An attacker could have caused a use-after-free when accessibility was enabled, leading to a potentially exploitable crash. This vulnerability affects Firefox < 132, Firefox ESR < 128.4, Firefox ESR < 115.17, Thunderbird < 128.4, and Thunderbird < 132.

Dangling pointer

Video frames could have been leaked between origins in some situations

CVE-2024-10463 6.5 - Medium - October 29, 2024

Video frames could have been leaked between origins in some situations. This vulnerability affects Firefox < 132, Firefox ESR < 128.4, Firefox ESR < 115.17, Thunderbird < 128.4, and Thunderbird < 132.

Side Channel Attack

Potential race conditions in IndexedDB could have caused memory corruption, leading to a potentially exploitable crash

CVE-2024-10468 5.3 - Medium - October 29, 2024

Potential race conditions in IndexedDB could have caused memory corruption, leading to a potentially exploitable crash. This vulnerability affects Firefox < 132 and Thunderbird < 132.

Race Condition

An attacker could have caused a use-after-free when accessibility was enabled, leading to a potentially exploitable crash

CVE-2024-10459 7.5 - High - October 29, 2024

An attacker could have caused a use-after-free when accessibility was enabled, leading to a potentially exploitable crash. This vulnerability affects Firefox < 132, Firefox ESR < 128.4, Firefox ESR < 115.17, Thunderbird < 128.4, and Thunderbird < 132.

Dangling pointer

The origin of an external protocol handler prompt could have been obscured using a data: URL within an `iframe`

CVE-2024-10460 5.3 - Medium - October 29, 2024

The origin of an external protocol handler prompt could have been obscured using a data: URL within an `iframe`. This vulnerability affects Firefox < 132, Firefox ESR < 128.4, Thunderbird < 128.4, and Thunderbird < 132.

In multipart/x-mixed-replace responses, `Content-Disposition: attachment` in the response header was not respected and did not force a download, which could

CVE-2024-10461 6.1 - Medium - October 29, 2024

In multipart/x-mixed-replace responses, `Content-Disposition: attachment` in the response header was not respected and did not force a download, which could allow XSS attacks. This vulnerability affects Firefox < 132, Firefox ESR < 128.4, Thunderbird < 128.4, and Thunderbird < 132.

XSS

Truncation of a long URL could have allowed origin spoofing in a permission prompt

CVE-2024-10462 6.5 - Medium - October 29, 2024

Truncation of a long URL could have allowed origin spoofing in a permission prompt. This vulnerability affects Firefox < 132, Firefox ESR < 128.4, Thunderbird < 128.4, and Thunderbird < 132.

Authentication Bypass by Spoofing

Video frames could have been leaked between origins in some situations

CVE-2024-10463 6.5 - Medium - October 29, 2024

Video frames could have been leaked between origins in some situations. This vulnerability affects Firefox < 132, Firefox ESR < 128.4, Firefox ESR < 115.17, Thunderbird < 128.4, and Thunderbird < 132.

Side Channel Attack

By sending a specially crafted push message, a remote server could have hung the parent process, causing the browser to become unresponsive

CVE-2024-10466 7.5 - High - October 29, 2024

By sending a specially crafted push message, a remote server could have hung the parent process, causing the browser to become unresponsive. This vulnerability affects Firefox < 132, Firefox ESR < 128.4, Thunderbird < 128.4, and Thunderbird < 132.

Built by Foundeo Inc., with data from the National Vulnerability Database (NVD). Privacy Policy. Use of this site is governed by the Legal Terms
Disclaimer
CONTENT ON THIS WEBSITE IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. Always check with your vendor for the most up to date, and accurate information.