Firefox Mozilla Firefox Open source web browser

Don't miss out!

Thousands of developers use stack.watch to stay informed.
Get an email whenever new security vulnerabilities are reported in Mozilla Firefox.

Recent Mozilla Firefox Security Advisories

Advisory Title Published
mfsa2024-56 Security Vulnerabilities fixed in Firefox ESR 128.4 mfsa2024-56 October 29, 2024
mfsa2024-55 Security Vulnerabilities fixed in Firefox 132 mfsa2024-55 October 29, 2024
mfsa2024-57 Security Vulnerabilities fixed in Firefox ESR 115.17 mfsa2024-57 October 29, 2024
mfsa2024-54 Security Vulnerabilities fixed in Firefox for iOS 131.2 mfsa2024-54 October 15, 2024
mfsa2024-53 Security Vulnerability fixed in Firefox 131.0.3 mfsa2024-53 October 14, 2024
mfsa2024-51 Security Vulnerability fixed in Firefox 131.0.2, Firefox ESR 128.3.1, Firefox ESR 115.16.1 mfsa2024-51 October 9, 2024
mfsa2024-46 Security Vulnerabilities fixed in Firefox 131 mfsa2024-46 October 1, 2024
mfsa2024-48 Security Vulnerabilities fixed in Firefox ESR 115.16 mfsa2024-48 October 1, 2024
mfsa2024-47 Security Vulnerabilities fixed in Firefox ESR 128.3 mfsa2024-47 October 1, 2024
mfsa2024-45 Security Vulnerabilities fixed in Firefox for Android 130.0.1 mfsa2024-45 September 17, 2024

Known Exploited Mozilla Firefox Vulnerabilities

The following Mozilla Firefox vulnerabilities have been marked by CISA as Known to be Exploited by threat actors.

Title Description Added
Mozilla Firefox Use-After-Free Vulnerability Mozilla Firefox and Firefox ESR contain a use-after-free vulnerability in Animation timelines that allows for code execution in the content process. CVE-2024-9680 October 15, 2024
Mozilla Firefox Security Feature Bypass Vulnerability Moxilla Firefox allows remote attackers to bypass the Same Origin Policy to read arbitrary files or gain privileges. CVE-2015-4495 May 25, 2022
Mozilla Firefox Use-After-Free Vulnerability Mozilla Firefox contains a use-after-free vulnerability in WebGPU IPC Framework which can be exploited to perform arbitrary code execution. CVE-2022-26486 March 7, 2022
Mozilla Firefox Use-After-Free Vulnerability Mozilla Firefox contains a use-after-free vulnerability in XSLT parameter processing which can be exploited to perform arbitrary code execution. CVE-2022-26485 March 7, 2022
Mozilla Firefox Information Disclosure Vulnerability Mozilla Firefox does not properly initialize data structures for the nsDOMSVGZoomEvent::mPreviousScale and nsDOMSVGZoomEvent::mNewScale functions, which allows remote attackers to obtain sensitive information from process memory via a crafted web site. CVE-2013-1675 March 3, 2022

By the Year

In 2024 there have been 74 vulnerabilities in Mozilla Firefox with an average score of 7.0 out of ten. Last year Firefox had 167 security vulnerabilities published. Right now, Firefox is on track to have less security vulnerabilities in 2024 than it did last year. Last year, the average CVE base score was greater by 0.23

Year Vulnerabilities Average Score
2024 74 7.05
2023 167 7.28
2022 137 7.52
2021 123 7.10
2020 132 7.36
2019 108 7.62
2018 130 8.08

It may take a day or so for new Firefox vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Mozilla Firefox Security Vulnerabilities

Firefox URI Parsing Crash

CVE-2024-10941 - November 06, 2024

A malicious website could have included an iframe with an malformed URI resulting in a non-exploitable browser crash. This vulnerability affects Firefox < 126.

In multipart/x-mixed-replace responses, `Content-Disposition: attachment` in the response header was not respected and did not force a download, which could

CVE-2024-10461 6.1 - Medium - October 29, 2024

In multipart/x-mixed-replace responses, `Content-Disposition: attachment` in the response header was not respected and did not force a download, which could allow XSS attacks. This vulnerability affects Firefox < 132, Firefox ESR < 128.4, Thunderbird < 128.4, and Thunderbird < 132.

XSS

Truncation of a long URL could have allowed origin spoofing in a permission prompt

CVE-2024-10462 6.5 - Medium - October 29, 2024

Truncation of a long URL could have allowed origin spoofing in a permission prompt. This vulnerability affects Firefox < 132, Firefox ESR < 128.4, Thunderbird < 128.4, and Thunderbird < 132.

Authentication Bypass by Spoofing

Video frames could have been leaked between origins in some situations

CVE-2024-10463 6.5 - Medium - October 29, 2024

Video frames could have been leaked between origins in some situations. This vulnerability affects Firefox < 132, Firefox ESR < 128.4, Firefox ESR < 115.17, Thunderbird < 128.4, and Thunderbird < 132.

Side Channel Attack

Repeated writes to history interface attributes could have been used to cause a Denial of Service condition in the browser

CVE-2024-10464 6.5 - Medium - October 29, 2024

Repeated writes to history interface attributes could have been used to cause a Denial of Service condition in the browser. This was addressed by introducing rate-limiting to this API. This vulnerability affects Firefox < 132, Firefox ESR < 128.4, Thunderbird < 128.4, and Thunderbird < 132.

Out-of-bounds Read

A clipboard "paste" button could persist across tabs which allowed a spoofing attack

CVE-2024-10465 6.5 - Medium - October 29, 2024

A clipboard "paste" button could persist across tabs which allowed a spoofing attack. This vulnerability affects Firefox < 132, Firefox ESR < 128.4, Thunderbird < 128.4, and Thunderbird < 132.

Authentication Bypass by Spoofing

By sending a specially crafted push message, a remote server could have hung the parent process, causing the browser to become unresponsive

CVE-2024-10466 7.5 - High - October 29, 2024

By sending a specially crafted push message, a remote server could have hung the parent process, causing the browser to become unresponsive. This vulnerability affects Firefox < 132, Firefox ESR < 128.4, Thunderbird < 128.4, and Thunderbird < 132.

Memory safety bugs present in Firefox 131, Firefox ESR 128.3, and Thunderbird 128.3

CVE-2024-10467 8.8 - High - October 29, 2024

Memory safety bugs present in Firefox 131, Firefox ESR 128.3, and Thunderbird 128.3. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 132, Firefox ESR < 128.4, Thunderbird < 128.4, and Thunderbird < 132.

Memory Corruption

Potential race conditions in IndexedDB could have caused memory corruption, leading to a potentially exploitable crash

CVE-2024-10468 5.3 - Medium - October 29, 2024

Potential race conditions in IndexedDB could have caused memory corruption, leading to a potentially exploitable crash. This vulnerability affects Firefox < 132 and Thunderbird < 132.

Race Condition

A permission leak could have occurred from a trusted site to an untrusted site via `embed` or `object` elements

CVE-2024-10458 7.5 - High - October 29, 2024

A permission leak could have occurred from a trusted site to an untrusted site via `embed` or `object` elements. This vulnerability affects Firefox < 132, Firefox ESR < 128.4, Firefox ESR < 115.17, Thunderbird < 128.4, and Thunderbird < 132.

An attacker could have caused a use-after-free when accessibility was enabled, leading to a potentially exploitable crash

CVE-2024-10459 7.5 - High - October 29, 2024

An attacker could have caused a use-after-free when accessibility was enabled, leading to a potentially exploitable crash. This vulnerability affects Firefox < 132, Firefox ESR < 128.4, Firefox ESR < 115.17, Thunderbird < 128.4, and Thunderbird < 132.

Dangling pointer

The origin of an external protocol handler prompt could have been obscured using a data: URL within an `iframe`

CVE-2024-10460 5.3 - Medium - October 29, 2024

The origin of an external protocol handler prompt could have been obscured using a data: URL within an `iframe`. This vulnerability affects Firefox < 132, Firefox ESR < 128.4, Thunderbird < 128.4, and Thunderbird < 132.

An attacker was able to achieve code execution in the content process by exploiting a use-after-free in Animation timelines

CVE-2024-9680 9.8 - Critical - October 09, 2024

An attacker was able to achieve code execution in the content process by exploiting a use-after-free in Animation timelines. We have had reports of this vulnerability being exploited in the wild. This vulnerability affects Firefox < 131.0.2, Firefox ESR < 128.3.1, Firefox ESR < 115.16.1, Thunderbird < 131.0.1, Thunderbird < 128.3.1, and Thunderbird < 115.16.0.

Dangling pointer

A website configured to initiate a specially crafted WebTransport session could crash the Firefox process leading to a denial of service condition

CVE-2024-9399 7.5 - High - October 01, 2024

A website configured to initiate a specially crafted WebTransport session could crash the Firefox process leading to a denial of service condition. This vulnerability affects Firefox < 131, Firefox ESR < 128.3, Thunderbird < 128.3, and Thunderbird < 131.

An attacker could, via a specially crafted multipart response, execute arbitrary JavaScript under the `resource://pdf.js` origin

CVE-2024-9393 7.5 - High - October 01, 2024

An attacker could, via a specially crafted multipart response, execute arbitrary JavaScript under the `resource://pdf.js` origin. This could allow them to access cross-origin PDF content. This access is limited to "same site" documents by the Site Isolation feature on desktop clients, but full cross-origin access is possible on Android versions. This vulnerability affects Firefox < 131, Firefox ESR < 128.3, Firefox ESR < 115.16, Thunderbird < 128.3, and Thunderbird < 131.

An attacker could, via a specially crafted multipart response, execute arbitrary JavaScript under the `resource://devtools` origin

CVE-2024-9394 7.5 - High - October 01, 2024

An attacker could, via a specially crafted multipart response, execute arbitrary JavaScript under the `resource://devtools` origin. This could allow them to access cross-origin JSON content. This access is limited to "same site" documents by the Site Isolation feature on desktop clients, but full cross-origin access is possible on Android versions. This vulnerability affects Firefox < 131, Firefox ESR < 128.3, Firefox ESR < 115.16, Thunderbird < 128.3, and Thunderbird < 131.

A missing delay in directory upload UI could have made it possible for an attacker to trick a user into granting permission

CVE-2024-9397 6.1 - Medium - October 01, 2024

A missing delay in directory upload UI could have made it possible for an attacker to trick a user into granting permission via clickjacking. This vulnerability affects Firefox < 131, Firefox ESR < 128.3, Thunderbird < 128.3, and Thunderbird < 131.

Clickjacking

By checking the result of calls to `window.open` with specifically set protocol handlers, an attacker could determine if the application which implements

CVE-2024-9398 5.3 - Medium - October 01, 2024

By checking the result of calls to `window.open` with specifically set protocol handlers, an attacker could determine if the application which implements that protocol handler is installed. This vulnerability affects Firefox < 131, Firefox ESR < 128.3, Thunderbird < 128.3, and Thunderbird < 131.

An attacker could write data to the user's clipboard, bypassing the user prompt, during a certain sequence of navigational events

CVE-2024-8900 7.5 - High - September 17, 2024

An attacker could write data to the user's clipboard, bypassing the user prompt, during a certain sequence of navigational events. This vulnerability affects Firefox < 129, Firefox ESR < 128.3, and Thunderbird < 128.3.

Under certain conditions, an attacker with the ability to redirect users to a malicious site

CVE-2024-8897 6.1 - Medium - September 17, 2024

Under certain conditions, an attacker with the ability to redirect users to a malicious site via an open redirect on a trusted site, may be able to spoof the address bar contents. This can lead to a malicious site to appear to have the same URL as the trusted site. *This bug only affects Firefox for Android. Other versions of Firefox are unaffected.* This vulnerability affects Firefox for Android < 130.0.1.

Open Redirect

A potentially exploitable type confusion could be triggered when looking up a property name on an object being used as the `with` environment

CVE-2024-8381 9.8 - Critical - September 03, 2024

A potentially exploitable type confusion could be triggered when looking up a property name on an object being used as the `with` environment. This vulnerability affects Firefox < 130, Firefox ESR < 128.2, Firefox ESR < 115.15, Thunderbird < 128.2, and Thunderbird < 115.15.

Object Type Confusion

Internal browser event interfaces were exposed to web content when privileged EventHandler listener callbacks ran for those events

CVE-2024-8382 8.8 - High - September 03, 2024

Internal browser event interfaces were exposed to web content when privileged EventHandler listener callbacks ran for those events. Web content that tried to use those interfaces would not be able to use them with elevated privileges, but their presence would indicate certain browser features had been used, such as when a user opened the Dev Tools console. This vulnerability affects Firefox < 130, Firefox ESR < 128.2, Firefox ESR < 115.15, Thunderbird < 128.2, and Thunderbird < 115.15.

Firefox normally asks for confirmation before asking the operating system to find an application to handle a scheme

CVE-2024-8383 7.5 - High - September 03, 2024

Firefox normally asks for confirmation before asking the operating system to find an application to handle a scheme that the browser does not support. It did not ask before doing so for the Usenet-related schemes news: and snews:. Since most operating systems don't have a trusted newsreader installed by default, an unscrupulous program that the user downloaded could register itself as a handler. The website that served the application download could then launch that application at will. This vulnerability affects Firefox < 130, Firefox ESR < 128.2, and Firefox ESR < 115.15.

The JavaScript garbage collector could mis-color cross-compartment objects if OOM conditions were detected at the right point between two passes

CVE-2024-8384 9.8 - Critical - September 03, 2024

The JavaScript garbage collector could mis-color cross-compartment objects if OOM conditions were detected at the right point between two passes. This could have led to memory corruption. This vulnerability affects Firefox < 130, Firefox ESR < 128.2, Firefox ESR < 115.15, Thunderbird < 128.2, and Thunderbird < 115.15.

Memory Corruption

A difference in the handling of StructFields and ArrayTypes in WASM could be used to trigger an exploitable type confusion vulnerability

CVE-2024-8385 9.8 - Critical - September 03, 2024

A difference in the handling of StructFields and ArrayTypes in WASM could be used to trigger an exploitable type confusion vulnerability. This vulnerability affects Firefox < 130, Firefox ESR < 128.2, and Thunderbird < 128.2.

Object Type Confusion

If a site had been granted the permission to open popup windows

CVE-2024-8386 6.1 - Medium - September 03, 2024

If a site had been granted the permission to open popup windows, it could cause Select elements to appear on top of another site to perform a spoofing attack. This vulnerability affects Firefox < 130, Firefox ESR < 128.2, and Thunderbird < 128.2.

Open Redirect

Memory safety bugs present in Firefox 129, Firefox ESR 128.1, and Thunderbird 128.1

CVE-2024-8387 9.8 - Critical - September 03, 2024

Memory safety bugs present in Firefox 129, Firefox ESR 128.1, and Thunderbird 128.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 130, Firefox ESR < 128.2, and Thunderbird < 128.2.

Memory Corruption

Multiple prompts and panels

CVE-2024-8388 5.3 - Medium - September 03, 2024

Multiple prompts and panels from both Firefox and the Android OS could be used to obscure the notification announcing the transition to fullscreen mode after the fix for CVE-2023-6870 in Firefox 121. This could lead to spoofing the browser UI if the sudden appearance of the prompt distracted the user from noticing the visual transition happening behind the prompt. These notifications now use the Android Toast feature. *This bug only affects Firefox on Android. Other operating systems are unaffected.* This vulnerability affects Firefox < 130.

Memory safety bugs present in Firefox 129

CVE-2024-8389 9.8 - Critical - September 03, 2024

Memory safety bugs present in Firefox 129. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 130.

Memory Corruption

Long pressing on a download link could potentially

CVE-2024-43111 6.1 - Medium - August 06, 2024

Long pressing on a download link could potentially allow Javascript commands to be executed within the browser This vulnerability affects Firefox for iOS < 129.

XSS

Long pressing on a download link could potentially provide a means for cross-site scripting This vulnerability affects Firefox for iOS < 129.

CVE-2024-43112 6.1 - Medium - August 06, 2024

Long pressing on a download link could potentially provide a means for cross-site scripting This vulnerability affects Firefox for iOS < 129.

XSS

The contextual menu for links could provide an opportunity for cross-site scripting attacks This vulnerability affects Firefox for iOS < 129.

CVE-2024-43113 6.1 - Medium - August 06, 2024

The contextual menu for links could provide an opportunity for cross-site scripting attacks This vulnerability affects Firefox for iOS < 129.

XSS

A select option could partially obscure security prompts

CVE-2024-7523 8.1 - High - August 06, 2024

A select option could partially obscure security prompts. This could be used by a malicious site to trick a user into granting permissions. *This issue only affects Android versions of Firefox.* This vulnerability affects Firefox < 129.

Clickjacking

Firefox adds web-compatibility shims in place of some tracking scripts blocked by Enhanced Tracking Protection

CVE-2024-7524 6.1 - Medium - August 06, 2024

Firefox adds web-compatibility shims in place of some tracking scripts blocked by Enhanced Tracking Protection. On a site protected by Content Security Policy in "strict-dynamic" mode, an attacker able to inject an HTML element could have used a DOM Clobbering attack on some of the shims and achieved XSS, bypassing the CSP strict-dynamic protection. This vulnerability affects Firefox < 129, Firefox ESR < 115.14, and Firefox ESR < 128.1.

XSS

Select options could obscure the fullscreen notification dialog

CVE-2024-7518 6.5 - Medium - August 06, 2024

Select options could obscure the fullscreen notification dialog. This could be used by a malicious site to perform a spoofing attack. This vulnerability affects Firefox < 129, Firefox ESR < 128.1, and Thunderbird < 128.1.

Insufficient checks when processing graphics shared memory could have led to memory corruption

CVE-2024-7519 9.6 - Critical - August 06, 2024

Insufficient checks when processing graphics shared memory could have led to memory corruption. This could be leveraged by an attacker to perform a sandbox escape. This vulnerability affects Firefox < 129, Firefox ESR < 115.14, Firefox ESR < 128.1, Thunderbird < 128.1, and Thunderbird < 115.14.

Memory Corruption

A type confusion bug in WebAssembly could be leveraged by an attacker to potentially achieve code execution

CVE-2024-7520 8.8 - High - August 06, 2024

A type confusion bug in WebAssembly could be leveraged by an attacker to potentially achieve code execution. This vulnerability affects Firefox < 129, Firefox ESR < 128.1, and Thunderbird < 128.1.

Object Type Confusion

Incomplete WebAssembly exception handing could have led to a use-after-free

CVE-2024-7521 8.8 - High - August 06, 2024

Incomplete WebAssembly exception handing could have led to a use-after-free. This vulnerability affects Firefox < 129, Firefox ESR < 115.14, Firefox ESR < 128.1, Thunderbird < 128.1, and Thunderbird < 115.14.

Improper Handling of Exceptional Conditions

Editor code failed to check an attribute value

CVE-2024-7522 8.8 - High - August 06, 2024

Editor code failed to check an attribute value. This could have led to an out-of-bounds read. This vulnerability affects Firefox < 129, Firefox ESR < 115.14, Firefox ESR < 128.1, Thunderbird < 128.1, and Thunderbird < 115.14.

Out-of-bounds Read

It was possible for a web extension with minimal permissions to create a `StreamFilter`

CVE-2024-7525 8.1 - High - August 06, 2024

It was possible for a web extension with minimal permissions to create a `StreamFilter` which could be used to read and modify the response body of requests on any site. This vulnerability affects Firefox < 129, Firefox ESR < 115.14, Firefox ESR < 128.1, Thunderbird < 128.1, and Thunderbird < 115.14.

Incorrect Default Permissions

ANGLE failed to initialize parameters which lead to reading from uninitialized memory

CVE-2024-7526 6.5 - Medium - August 06, 2024

ANGLE failed to initialize parameters which lead to reading from uninitialized memory. This could be leveraged to leak sensitive data from memory. This vulnerability affects Firefox < 129, Firefox ESR < 115.14, Firefox ESR < 128.1, Thunderbird < 128.1, and Thunderbird < 115.14.

Use of Uninitialized Resource

Unexpected marking work at the start of sweeping could have led to a use-after-free

CVE-2024-7527 8.8 - High - August 06, 2024

Unexpected marking work at the start of sweeping could have led to a use-after-free. This vulnerability affects Firefox < 129, Firefox ESR < 115.14, Firefox ESR < 128.1, Thunderbird < 128.1, and Thunderbird < 115.14.

Dangling pointer

Incorrect garbage collection interaction in IndexedDB could have led to a use-after-free

CVE-2024-7528 8.8 - High - August 06, 2024

Incorrect garbage collection interaction in IndexedDB could have led to a use-after-free. This vulnerability affects Firefox < 129, Firefox ESR < 128.1, and Thunderbird < 128.1.

Dangling pointer

The date picker could partially obscure security prompts

CVE-2024-7529 6.5 - Medium - August 06, 2024

The date picker could partially obscure security prompts. This could be used by a malicious site to trick a user into granting permissions. This vulnerability affects Firefox < 129, Firefox ESR < 115.14, Firefox ESR < 128.1, Thunderbird < 128.1, and Thunderbird < 115.14.

Incorrect garbage collection interaction could have led to a use-after-free

CVE-2024-7530 8.8 - High - August 06, 2024

Incorrect garbage collection interaction could have led to a use-after-free. This vulnerability affects Firefox < 129.

Dangling pointer

Calling `PK11_Encrypt()` in NSS using CKM_CHACHA20 and the same buffer for input and output

CVE-2024-7531 6.5 - Medium - August 06, 2024

Calling `PK11_Encrypt()` in NSS using CKM_CHACHA20 and the same buffer for input and output can result in plaintext on an Intel Sandy Bridge processor. In Firefox this only affects the QUIC header protection feature when the connection is using the ChaCha20-Poly1305 cipher suite. The most likely outcome is connection failure, but if the connection persists despite the high packet loss it could be possible for a network observer to identify packets as coming from the same source despite a network path change. This vulnerability affects Firefox < 129, Firefox ESR < 115.14, and Firefox ESR < 128.1.

It was possible to move the cursor using pointerlock from an iframe

CVE-2024-6608 4.3 - Medium - July 09, 2024

It was possible to move the cursor using pointerlock from an iframe. This allowed moving the cursor outside of the viewport and the Firefox window. This vulnerability affects Firefox < 128 and Thunderbird < 128.

When almost out-of-memory an elliptic curve key which was never allocated could have been freed again

CVE-2024-6609 8.8 - High - July 09, 2024

When almost out-of-memory an elliptic curve key which was never allocated could have been freed again. This vulnerability affects Firefox < 128 and Thunderbird < 128.

Form validation popups could capture escape key presses

CVE-2024-6610 4.3 - Medium - July 09, 2024

Form validation popups could capture escape key presses. Therefore, spamming form validation messages could be used to prevent users from exiting full-screen mode. This vulnerability affects Firefox < 128 and Thunderbird < 128.

In certain scenarios a malicious website could attempt to display a fake location URL bar

CVE-2024-38313 4.3 - Medium - June 13, 2024

In certain scenarios a malicious website could attempt to display a fake location URL bar which could mislead users as to the actual website address This vulnerability affects Firefox for iOS < 127.

When browsing private tabs

CVE-2024-38312 6.5 - Medium - June 13, 2024

When browsing private tabs, some data related to location history or webpage thumbnails could be persisted incorrectly within the sandboxed app bundle after app termination This vulnerability affects Firefox for iOS < 127.

By monitoring the time certain operations take, an attacker could have guessed

CVE-2024-5690 4.3 - Medium - June 11, 2024

By monitoring the time certain operations take, an attacker could have guessed which external protocol handlers were functional on a user's system. This vulnerability affects Firefox < 127, Firefox ESR < 115.12, and Thunderbird < 115.12.

Side Channel Attack

In addition to detecting when a user was taking a screenshot (XXX), a website was able to overlay the 'My Shots' button

CVE-2024-5689 4.3 - Medium - June 11, 2024

In addition to detecting when a user was taking a screenshot (XXX), a website was able to overlay the 'My Shots' button that appeared, and direct the user to a replica Firefox Screenshots page that could be used for phishing. This vulnerability affects Firefox < 127.

If an out-of-memory condition occurs at a specific point using allocations in the probabilistic heap checker

CVE-2024-5695 9.8 - Critical - June 11, 2024

If an out-of-memory condition occurs at a specific point using allocations in the probabilistic heap checker, an assertion could have been triggered, and in rarer situations, memory corruption could have occurred. This vulnerability affects Firefox < 127.

Memory Corruption

An attacker could have caused a use-after-free in the JavaScript engine to read memory in the JavaScript string section of the heap

CVE-2024-5694 7.5 - High - June 11, 2024

An attacker could have caused a use-after-free in the JavaScript engine to read memory in the JavaScript string section of the heap. This vulnerability affects Firefox < 127.

Dangling pointer

By tricking the browser with a `X-Frame-Options` header, a sandboxed iframe could have presented a button

CVE-2024-5691 4.7 - Medium - June 11, 2024

By tricking the browser with a `X-Frame-Options` header, a sandboxed iframe could have presented a button that, if clicked by a user, would bypass restrictions to open a new window. This vulnerability affects Firefox < 127, Firefox ESR < 115.12, and Thunderbird < 115.12.

By manipulating the fullscreen feature while opening a data-list, an attacker could have overlaid a text box over the address bar

CVE-2024-5698 6.1 - Medium - June 11, 2024

By manipulating the fullscreen feature while opening a data-list, an attacker could have overlaid a text box over the address bar. This could have led to user confusion and possible spoofing attacks. This vulnerability affects Firefox < 127.

Clickjacking

A website was able to detect when a user took a screenshot of a page using the built-in Screenshot functionality in Firefox

CVE-2024-5697 4.3 - Medium - June 11, 2024

A website was able to detect when a user took a screenshot of a page using the built-in Screenshot functionality in Firefox. This vulnerability affects Firefox < 127.

When a user scans a QR Code with the QR Code Scanner feature

CVE-2024-0953 6.1 - Medium - February 05, 2024

When a user scans a QR Code with the QR Code Scanner feature, the user is not prompted before being navigated to the page specified in the code. This may surprise the user and potentially direct them to unwanted content. This vulnerability affects Firefox for iOS < 129.

Open Redirect

A use-after-free crash could have occurred on macOS if a Firefox update were being applied on a very busy system

CVE-2024-0752 6.5 - Medium - January 23, 2024

A use-after-free crash could have occurred on macOS if a Firefox update were being applied on a very busy system. This could have resulted in an exploitable crash. This vulnerability affects Firefox < 122.

Dangling pointer

In specific HSTS configurations an attacker could have bypassed HSTS on a subdomain

CVE-2024-0753 6.5 - Medium - January 23, 2024

In specific HSTS configurations an attacker could have bypassed HSTS on a subdomain. This vulnerability affects Firefox < 122, Firefox ESR < 115.7, and Thunderbird < 115.7.

Some WASM source files could have caused a crash when loaded in devtools

CVE-2024-0754 6.5 - Medium - January 23, 2024

Some WASM source files could have caused a crash when loaded in devtools. This vulnerability affects Firefox < 122.

An out of bounds write in ANGLE could have allowed an attacker to corrupt memory leading to a potentially exploitable crash

CVE-2024-0741 6.5 - Medium - January 23, 2024

An out of bounds write in ANGLE could have allowed an attacker to corrupt memory leading to a potentially exploitable crash. This vulnerability affects Firefox < 122, Firefox ESR < 115.7, and Thunderbird < 115.7.

Memory Corruption

An unchecked return value in TLS handshake code could have caused a potentially exploitable crash

CVE-2024-0743 7.5 - High - January 23, 2024

An unchecked return value in TLS handshake code could have caused a potentially exploitable crash. This vulnerability affects Firefox < 122, Firefox ESR < 115.9, and Thunderbird < 115.9.

Unchecked Return Value

In some circumstances, JIT compiled code could have dereferenced a wild pointer value

CVE-2024-0744 7.5 - High - January 23, 2024

In some circumstances, JIT compiled code could have dereferenced a wild pointer value. This could have led to an exploitable crash. This vulnerability affects Firefox < 122.

Buffer Overflow

Memory safety bugs present in Firefox 121, Firefox ESR 115.6, and Thunderbird 115.6

CVE-2024-0755 8.8 - High - January 23, 2024

Memory safety bugs present in Firefox 121, Firefox ESR 115.6, and Thunderbird 115.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 122, Firefox ESR < 115.7, and Thunderbird < 115.7.

It was possible for certain browser prompts and dialogs to be activated or dismissed unintentionally by the user due to an incorrect timestamp used to prevent input after page load

CVE-2024-0742 4.3 - Medium - January 23, 2024

It was possible for certain browser prompts and dialogs to be activated or dismissed unintentionally by the user due to an incorrect timestamp used to prevent input after page load. This vulnerability affects Firefox < 122, Firefox ESR < 115.7, and Thunderbird < 115.7.

A malicious devtools extension could have been used to escalate privileges

CVE-2024-0751 8.8 - High - January 23, 2024

A malicious devtools extension could have been used to escalate privileges. This vulnerability affects Firefox < 122, Firefox ESR < 115.7, and Thunderbird < 115.7.

Improper Privilege Management

The WebAudio `OscillatorNode` object was susceptible to a stack buffer overflow

CVE-2024-0745 8.8 - High - January 23, 2024

The WebAudio `OscillatorNode` object was susceptible to a stack buffer overflow. This could have led to a potentially exploitable crash. This vulnerability affects Firefox < 122.

Memory Corruption

A bug in popup notifications delay calculation could have made it possible for an attacker to trick a user into granting permissions

CVE-2024-0750 8.8 - High - January 23, 2024

A bug in popup notifications delay calculation could have made it possible for an attacker to trick a user into granting permissions. This vulnerability affects Firefox < 122, Firefox ESR < 115.7, and Thunderbird < 115.7.

A phishing site could have repurposed an `about:` dialog to show phishing content with an incorrect origin in the address bar

CVE-2024-0749 4.3 - Medium - January 23, 2024

A phishing site could have repurposed an `about:` dialog to show phishing content with an incorrect origin in the address bar. This vulnerability affects Firefox < 122 and Thunderbird < 115.7.

Origin Validation Error

A compromised content process could have updated the document URI

CVE-2024-0748 4.3 - Medium - January 23, 2024

A compromised content process could have updated the document URI. This could have allowed an attacker to set an arbitrary URI in the address bar or history. This vulnerability affects Firefox < 122.

When a parent page loaded a child in an iframe with `unsafe-inline`

CVE-2024-0747 6.5 - Medium - January 23, 2024

When a parent page loaded a child in an iframe with `unsafe-inline`, the parent Content Security Policy could have overridden the child Content Security Policy. This vulnerability affects Firefox < 122, Firefox ESR < 115.7, and Thunderbird < 115.7.

A Linux user opening the print preview dialog could have caused the browser to crash

CVE-2024-0746 6.5 - Medium - January 23, 2024

A Linux user opening the print preview dialog could have caused the browser to crash. This vulnerability affects Firefox < 122, Firefox ESR < 115.7, and Thunderbird < 115.7.

Multiple NSS NIST curves were susceptible to a side-channel attack known as "Minerva"

CVE-2023-6135 4.3 - Medium - December 19, 2023

Multiple NSS NIST curves were susceptible to a side-channel attack known as "Minerva". This attack could potentially allow an attacker to recover the private key. This vulnerability affects Firefox < 121.

Side Channel Attack

The WebGL `DrawElementsInstanced` method was susceptible to a heap buffer overflow when used on systems with the Mesa VM driver

CVE-2023-6856 8.8 - High - December 19, 2023

The WebGL `DrawElementsInstanced` method was susceptible to a heap buffer overflow when used on systems with the Mesa VM driver. This issue could allow an attacker to perform remote code execution and sandbox escape. This vulnerability affects Firefox ESR < 115.6, Thunderbird < 115.6, and Firefox < 121.

Memory Corruption

Firefox was susceptible to a heap buffer overflow in `nsTextFragment` due to insufficient OOM handling

CVE-2023-6858 8.8 - High - December 19, 2023

Firefox was susceptible to a heap buffer overflow in `nsTextFragment` due to insufficient OOM handling. This vulnerability affects Firefox ESR < 115.6, Thunderbird < 115.6, and Firefox < 121.

Memory Corruption

A use-after-free condition affected TLS socket creation when under memory pressure

CVE-2023-6859 8.8 - High - December 19, 2023

A use-after-free condition affected TLS socket creation when under memory pressure. This vulnerability affects Firefox ESR < 115.6, Thunderbird < 115.6, and Firefox < 121.

Dangling pointer

The `VideoBridge` allowed any content process to use textures produced by remote decoders

CVE-2023-6860 6.5 - Medium - December 19, 2023

The `VideoBridge` allowed any content process to use textures produced by remote decoders. This could be abused to escape the sandbox. This vulnerability affects Firefox ESR < 115.6, Thunderbird < 115.6, and Firefox < 121.

The `nsWindow::PickerOpen(void)` method was susceptible to a heap buffer overflow when running in headless mode

CVE-2023-6861 8.8 - High - December 19, 2023

The `nsWindow::PickerOpen(void)` method was susceptible to a heap buffer overflow when running in headless mode. This vulnerability affects Firefox ESR < 115.6, Thunderbird < 115.6, and Firefox < 121.

Memory Corruption

The `ShutdownObserver()` was susceptible to potentially undefined behavior due to its reliance on a dynamic type

CVE-2023-6863 8.8 - High - December 19, 2023

The `ShutdownObserver()` was susceptible to potentially undefined behavior due to its reliance on a dynamic type that lacked a virtual destructor. This vulnerability affects Firefox ESR < 115.6, Thunderbird < 115.6, and Firefox < 121.

Memory safety bugs present in Firefox 120, Firefox ESR 115.5, and Thunderbird 115.5

CVE-2023-6864 8.8 - High - December 19, 2023

Memory safety bugs present in Firefox 120, Firefox ESR 115.5, and Thunderbird 115.5. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR < 115.6, Thunderbird < 115.6, and Firefox < 121.

Memory Corruption

`EncryptingOutputStream` was susceptible to exposing uninitialized data

CVE-2023-6865 6.5 - Medium - December 19, 2023

`EncryptingOutputStream` was susceptible to exposing uninitialized data. This issue could only be abused in order to write data to a local disk which may have implications for private browsing mode. This vulnerability affects Firefox ESR < 115.6 and Firefox < 121.

TypedArrays can be fallible and lacked proper exception handling

CVE-2023-6866 8.8 - High - December 19, 2023

TypedArrays can be fallible and lacked proper exception handling. This could lead to abuse in other APIs which expect TypedArrays to always succeed. This vulnerability affects Firefox < 121.

Improper Handling of Exceptional Conditions

The timing of a button click causing a popup to disappear was approximately the same length as the anti-clickjacking delay on permission prompts

CVE-2023-6867 6.1 - Medium - December 19, 2023

The timing of a button click causing a popup to disappear was approximately the same length as the anti-clickjacking delay on permission prompts. It was possible to use this fact to surprise users by luring them to click where the permission grant button would be about to appear. This vulnerability affects Firefox ESR < 115.6 and Firefox < 121.

Clickjacking

A `&lt;dialog>` element could have been manipulated to paint content outside of a sandboxed iframe

CVE-2023-6869 6.5 - Medium - December 19, 2023

A `&lt;dialog>` element could have been manipulated to paint content outside of a sandboxed iframe. This could allow untrusted content to display under the guise of trusted content. This vulnerability affects Firefox < 121.

Under certain conditions, Firefox did not display a warning when a user attempted to navigate to a new protocol handler

CVE-2023-6871 4.3 - Medium - December 19, 2023

Under certain conditions, Firefox did not display a warning when a user attempted to navigate to a new protocol handler. This vulnerability affects Firefox < 121.

Browser tab titles were being leaked by GNOME to system logs

CVE-2023-6872 6.5 - Medium - December 19, 2023

Browser tab titles were being leaked by GNOME to system logs. This could potentially expose the browsing habits of users running in a private tab. This vulnerability affects Firefox < 121.

Memory safety bugs present in Firefox 120

CVE-2023-6873 8.8 - High - December 19, 2023

Memory safety bugs present in Firefox 120. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 121.

Memory Corruption

An attacker could have performed HTML template injection via Reader Mode and exfiltrated user information

CVE-2023-49061 6.1 - Medium - November 21, 2023

An attacker could have performed HTML template injection via Reader Mode and exfiltrated user information. This vulnerability affects Firefox for iOS < 120.

Open Redirect

Memory safety bugs present in Firefox 119

CVE-2023-6213 8.8 - High - November 21, 2023

Memory safety bugs present in Firefox 119. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 120.

Memory Corruption

Memory safety bugs present in Firefox 119, Firefox ESR 115.4, and Thunderbird 115.4

CVE-2023-6212 8.8 - High - November 21, 2023

Memory safety bugs present in Firefox 119, Firefox ESR 115.4, and Thunderbird 115.4. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 120, Firefox ESR < 115.5.0, and Thunderbird < 115.5.

Memory Corruption

When an https: web page created a pop-up from a "javascript:" URL

CVE-2023-6210 6.5 - Medium - November 21, 2023

When an https: web page created a pop-up from a "javascript:" URL, that pop-up was incorrectly allowed to load blockable content such as iframes from insecure http: URLs This vulnerability affects Firefox < 120.

If an attacker needed a user to load an insecure http: page and knew

CVE-2023-6211 6.5 - Medium - November 21, 2023

If an attacker needed a user to load an insecure http: page and knew that user had enabled HTTPS-only mode, the attacker could have tricked the user into clicking to grant an HTTPS-only exception if they could get the user to participate in a clicking game. This vulnerability affects Firefox < 120.

Clickjacking

The black fade animation when exiting fullscreen is roughly the length of the anti-clickjacking delay on permission prompts

CVE-2023-6206 5.4 - Medium - November 21, 2023

The black fade animation when exiting fullscreen is roughly the length of the anti-clickjacking delay on permission prompts. It was possible to use this fact to surprise users by luring them to click where the permission grant button would be about to appear. This vulnerability affects Firefox < 120, Firefox ESR < 115.5.0, and Thunderbird < 115.5.

Clickjacking

Ownership mismanagement led to a use-after-free in ReadableByteStreams This vulnerability affects Firefox < 120

CVE-2023-6207 8.8 - High - November 21, 2023

Ownership mismanagement led to a use-after-free in ReadableByteStreams This vulnerability affects Firefox < 120, Firefox ESR < 115.5.0, and Thunderbird < 115.5.

Dangling pointer

It was possible to cause the use of a MessagePort after it had already been freed, which could potentially have led to an exploitable crash

CVE-2023-6205 6.5 - Medium - November 21, 2023

It was possible to cause the use of a MessagePort after it had already been freed, which could potentially have led to an exploitable crash. This vulnerability affects Firefox < 120, Firefox ESR < 115.5.0, and Thunderbird < 115.5.

Dangling pointer

Relative URLs starting with three slashes were incorrectly parsed, and a path-traversal "/

CVE-2023-6209 6.5 - Medium - November 21, 2023

Relative URLs starting with three slashes were incorrectly parsed, and a path-traversal "/../" part in the path could be used to override the specified host. This could contribute to security problems in web sites. This vulnerability affects Firefox < 120, Firefox ESR < 115.5.0, and Thunderbird < 115.5.

Directory traversal

When using X11

CVE-2023-6208 8.8 - High - November 21, 2023

When using X11, text selected by the page using the Selection API was erroneously copied into the primary selection, a temporary storage not unlike the clipboard. *This bug only affects Firefox on X11. Other systems are unaffected.* This vulnerability affects Firefox < 120, Firefox ESR < 115.5.0, and Thunderbird < 115.5.

An attacker could have accessed internal pages or data by ex-filtrating a security key from ReaderMode via the `referrerpolicy` attribute

CVE-2023-49060 9.8 - Critical - November 21, 2023

An attacker could have accessed internal pages or data by ex-filtrating a security key from ReaderMode via the `referrerpolicy` attribute. This vulnerability affects Firefox for iOS < 120.

Stay on top of Security Vulnerabilities

Want an email whenever new vulnerabilities are published for Mozilla Firefox or by Mozilla? Click the Watch button to subscribe.

Mozilla
Vendor

Mozilla Firefox
Open source web browser

subscribe