Mozilla Firefox Open source web browser
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in Mozilla Firefox.
Recent Mozilla Firefox Security Advisories
Advisory | Title | Published |
---|---|---|
mfsa2025-07 | Security Vulnerabilities fixed in Firefox 135 mfsa2025-07 | February 4, 2025 |
mfsa2025-08 | Security Vulnerabilities fixed in Firefox ESR 115.20 mfsa2025-08 | February 4, 2025 |
mfsa2025-09 | Security Vulnerabilities fixed in Firefox ESR 128.7 mfsa2025-09 | February 4, 2025 |
mfsa2025-06 | Security Vulnerabilities fixed in Firefox for iOS 134 mfsa2025-06 | January 10, 2025 |
mfsa2025-02 | Security Vulnerabilities fixed in Firefox ESR 128.6 mfsa2025-02 | January 7, 2025 |
mfsa2025-01 | Security Vulnerabilities fixed in Firefox 134 mfsa2025-01 | January 7, 2025 |
mfsa2025-03 | Security Vulnerabilities fixed in Firefox ESR 115.19 mfsa2025-03 | January 7, 2025 |
mfsa2024-63 | Security Vulnerabilities fixed in Firefox 133 mfsa2024-63 | November 26, 2024 |
mfsa2024-64 | Security Vulnerabilities fixed in Firefox ESR 128.5 mfsa2024-64 | November 26, 2024 |
mfsa2024-65 | Security Vulnerabilities fixed in Firefox ESR 115.18 mfsa2024-65 | November 26, 2024 |
Known Exploited Mozilla Firefox Vulnerabilities
The following Mozilla Firefox vulnerabilities have been marked by CISA as Known to be Exploited by threat actors.
Title | Description | Added |
---|---|---|
Mozilla Firefox Use-After-Free Vulnerability |
Mozilla Firefox and Firefox ESR contain a use-after-free vulnerability in Animation timelines that allows for code execution in the content process. CVE-2024-9680 Exploit Probability: 0.4% |
October 15, 2024 |
Mozilla Firefox Security Feature Bypass Vulnerability |
Moxilla Firefox allows remote attackers to bypass the Same Origin Policy to read arbitrary files or gain privileges. CVE-2015-4495 Exploit Probability: 90.5% |
May 25, 2022 |
Mozilla Firefox Use-After-Free Vulnerability |
Mozilla Firefox contains a use-after-free vulnerability in WebGPU IPC Framework which can be exploited to perform arbitrary code execution. CVE-2022-26486 Exploit Probability: 1.5% |
March 7, 2022 |
Mozilla Firefox Use-After-Free Vulnerability |
Mozilla Firefox contains a use-after-free vulnerability in XSLT parameter processing which can be exploited to perform arbitrary code execution. CVE-2022-26485 Exploit Probability: 2.3% |
March 7, 2022 |
Mozilla Firefox Information Disclosure Vulnerability |
Mozilla Firefox does not properly initialize data structures for the nsDOMSVGZoomEvent::mPreviousScale and nsDOMSVGZoomEvent::mNewScale functions, which allows remote attackers to obtain sensitive information from process memory via a crafted web site. CVE-2013-1675 Exploit Probability: 10.5% |
March 3, 2022 |
The vulnerability CVE-2015-4495: Mozilla Firefox Security Feature Bypass Vulnerability is in the top 1% of the currently known exploitable vulnerabilities. The vulnerability CVE-2013-1675: Mozilla Firefox Information Disclosure Vulnerability is in the top 5% of the currently known exploitable vulnerabilities.
By the Year
In 2025 there have been 10 vulnerabilities in Mozilla Firefox with an average score of 8.3 out of ten. Last year, in 2024 Firefox had 98 security vulnerabilities published. Right now, Firefox is on track to have less security vulnerabilities in 2025 than it did last year. However, the average CVE base score of the vulnerabilities in 2025 is greater by 1.18.
Year | Vulnerabilities | Average Score |
---|---|---|
2025 | 10 | 8.27 |
2024 | 98 | 7.09 |
2023 | 172 | 7.30 |
2022 | 137 | 7.52 |
2021 | 123 | 7.10 |
2020 | 132 | 7.36 |
2019 | 108 | 7.62 |
2018 | 130 | 8.08 |
It may take a day or so for new Firefox vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Mozilla Firefox Security Vulnerabilities
An attacker could have caused a use-after-free via crafted XSLT data, leading to a potentially exploitable crash
CVE-2025-1009
9.8 - Critical
- February 04, 2025
An attacker could have caused a use-after-free via crafted XSLT data, leading to a potentially exploitable crash. This vulnerability affects Firefox < 135, Firefox ESR < 115.20, Firefox ESR < 128.7, Thunderbird < 128.7, and Thunderbird < 135.
Dangling pointer
An attacker could have caused a use-after-free via the Custom Highlight API, leading to a potentially exploitable crash
CVE-2025-1010
8.8 - High
- February 04, 2025
An attacker could have caused a use-after-free via the Custom Highlight API, leading to a potentially exploitable crash. This vulnerability affects Firefox < 135, Firefox ESR < 115.20, Firefox ESR < 128.7, Thunderbird < 128.7, and Thunderbird < 135.
Dangling pointer
A bug in WebAssembly code generation could have lead to a crash
CVE-2025-1011
8.8 - High
- February 04, 2025
A bug in WebAssembly code generation could have lead to a crash. It may have been possible for an attacker to leverage this to achieve code execution. This vulnerability affects Firefox < 135, Firefox ESR < 128.7, Thunderbird < 128.7, and Thunderbird < 135.
A race during concurrent delazification could have led to a use-after-free
CVE-2025-1012
7.5 - High
- February 04, 2025
A race during concurrent delazification could have led to a use-after-free. This vulnerability affects Firefox < 135, Firefox ESR < 115.20, Firefox ESR < 128.7, Thunderbird < 128.7, and Thunderbird < 135.
Dangling pointer
Certificate length was not properly checked when added to a certificate store
CVE-2025-1014
8.8 - High
- February 04, 2025
Certificate length was not properly checked when added to a certificate store. In practice only trusted data was processed. This vulnerability affects Firefox < 135, Firefox ESR < 128.7, Thunderbird < 128.7, and Thunderbird < 135.
Improper Certificate Validation
Memory safety bugs present in Firefox 134
CVE-2025-1016
9.8 - Critical
- February 04, 2025
Memory safety bugs present in Firefox 134, Thunderbird 134, Firefox ESR 115.19, Firefox ESR 128.6, Thunderbird 115.19, and Thunderbird 128.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 135, Firefox ESR < 115.20, Firefox ESR < 128.7, Thunderbird < 128.7, and Thunderbird < 135.
Memory Corruption
Memory safety bugs present in Firefox 134, Thunderbird 134, Firefox ESR 128.6, and Thunderbird 128.6
CVE-2025-1017
9.8 - Critical
- February 04, 2025
Memory safety bugs present in Firefox 134, Thunderbird 134, Firefox ESR 128.6, and Thunderbird 128.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 135, Firefox ESR < 128.7, Thunderbird < 128.7, and Thunderbird < 135.
Memory Corruption
The fullscreen notification is prematurely hidden when fullscreen is re-requested quickly by the user
CVE-2025-1018
5.3 - Medium
- February 04, 2025
The fullscreen notification is prematurely hidden when fullscreen is re-requested quickly by the user. This could have been leveraged to perform a potential spoofing attack. This vulnerability affects Firefox < 135 and Thunderbird < 135.
Clickjacking
The z-order of the browser windows could be manipulated to hide the fullscreen notification
CVE-2025-1019
4.3 - Medium
- February 04, 2025
The z-order of the browser windows could be manipulated to hide the fullscreen notification. This could potentially be leveraged to perform a spoofing attack. This vulnerability affects Firefox < 135 and Thunderbird < 135.
Clickjacking
Memory safety bugs present in Firefox 134 and Thunderbird 134
CVE-2025-1020
9.8 - Critical
- February 04, 2025
Memory safety bugs present in Firefox 134 and Thunderbird 134. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 135 and Thunderbird < 135.
Memory Corruption
A vulnerability has been found in Talentera up to 20241128 and classified as problematic
CVE-2024-12346
- December 09, 2024
A vulnerability has been found in Talentera up to 20241128 and classified as problematic. This vulnerability affects unknown code of the file /app/control/byt_cv_manager. The manipulation of the argument redirect_url leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The provided PoC only works in Mozilla Firefox. The vendor was contacted early about this disclosure but did not respond in any way.
XSS
Firefox and Thunderbird Keypress Event Handling Bypass Vulnerability
CVE-2024-11697
- November 26, 2024
When handling keypress events, an attacker may have been able to trick a user into bypassing the "Open Executable File?" confirmation dialog. This could have led to malicious code execution. This vulnerability affects Firefox < 133, Firefox ESR < 128.5, Thunderbird < 133, and Thunderbird < 128.5.
Firefox and Thunderbird Fullscreen Transition Vulnerability on macOS
CVE-2024-11698
- November 26, 2024
A flaw in handling fullscreen transitions may have inadvertently caused the application to become stuck in fullscreen mode when a modal dialog was opened during the transition. This issue left users unable to exit fullscreen mode using standard actions like pressing "Esc" or accessing right-click menus, resulting in a disrupted browsing experience until the browser is restarted. *This bug only affects the application when running on macOS. Other operating systems are unaffected.* This vulnerability affects Firefox < 133, Firefox ESR < 128.5, Thunderbird < 133, and Thunderbird < 128.5.
Mozilla Firefox and Thunderbird Add-on Signature Validation Bypass Vulnerability
CVE-2024-11696
- November 26, 2024
The application failed to account for exceptions thrown by the `loadManifestFromFile` method during add-on signature verification. This flaw, triggered by an invalid or unsupported extension manifest, could have caused runtime errors that disrupted the signature validation process. As a result, the enforcement of signature validation for unrelated add-ons may have been bypassed. Signature validation in this context is used to ensure that third-party applications on the user's computer have not tampered with the user's extensions, limiting the impact of this issue. This vulnerability affects Firefox < 133, Firefox ESR < 128.5, Thunderbird < 133, and Thunderbird < 128.5.
Mozilla Firefox and Thunderbird URL Spoofing Vulnerability via Arabic Script and Whitespace
CVE-2024-11695
- November 26, 2024
A crafted URL containing Arabic script and whitespace characters could have hidden the true origin of the page, resulting in a potential spoofing attack. This vulnerability affects Firefox < 133, Firefox ESR < 128.5, Thunderbird < 133, and Thunderbird < 128.5.
Mozilla Firefox and Thunderbird CSP Bypass and DOM-based XSS Vulnerability in Google SafeFrame Shim
CVE-2024-11694
- November 26, 2024
Enhanced Tracking Protection's Strict mode may have inadvertently allowed a CSP `frame-src` bypass and DOM-based XSS through the Google SafeFrame shim in the Web Compatibility extension. This issue could have exposed users to malicious frames masquerading as legitimate content. This vulnerability affects Firefox < 133, Firefox ESR < 128.5, Firefox ESR < 115.18, Thunderbird < 133, Thunderbird < 128.5, and Thunderbird < 115.18.
Firefox and Thunderbird UI Spoofing Vulnerability in Tab Interface
CVE-2024-11692
- November 26, 2024
An attacker could cause a select dropdown to be shown over another tab; this could have led to user confusion and possible spoofing attacks. This vulnerability affects Firefox < 133, Firefox ESR < 128.5, Thunderbird < 133, and Thunderbird < 128.5.
Windows: Missing Executable File Warning for .library-ms Files in Firefox and Thunderbird
CVE-2024-11693
- November 26, 2024
The executable file warning was not presented when downloading .library-ms files. *Note: This issue only affected Windows operating systems. Other operating systems are unaffected.* This vulnerability affects Firefox < 133, Firefox ESR < 128.5, Thunderbird < 133, and Thunderbird < 128.5.
Multiple Memory Safety Vulnerabilities in Mozilla Firefox and Thunderbird
CVE-2024-11699
- November 26, 2024
Memory safety bugs present in Firefox 132, Firefox ESR 128.4, and Thunderbird 128.4. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 133, Firefox ESR < 128.5, Thunderbird < 133, and Thunderbird < 128.5.
Firefox and Thunderbird Tapjacking Vulnerability
CVE-2024-11700
- November 26, 2024
Malicious websites may have been able to perform user intent confirmation through tapjacking. This could have led to users unknowingly approving the launch of external applications, potentially exposing them to underlying vulnerabilities. This vulnerability affects Firefox < 133 and Thunderbird < 133.
Firefox and Thunderbird: Address Bar Domain Spoofing Vulnerability
CVE-2024-11701
- November 26, 2024
The incorrect domain may have been displayed in the address bar during an interrupted navigation attempt. This could have led to user confusion and possible spoofing attacks. This vulnerability affects Firefox < 133 and Thunderbird < 133.
Firefox and Thunderbird Android Private Browsing Clipboard Leak Vulnerability
CVE-2024-11702
- November 26, 2024
Copying sensitive information from Private Browsing tabs on Android, such as passwords, may have inadvertently stored data in the cloud-based clipboard history if enabled. This vulnerability affects Firefox < 133 and Thunderbird < 133.
Android Firefox Saved Password Exposure Vulnerability
CVE-2024-11703
- November 26, 2024
On Android, Firefox may have inadvertently allowed viewing saved passwords without the required device PIN authentication. This vulnerability affects Firefox < 133.
Mozilla Firefox and Thunderbird Double-Free Vulnerability in PKCS7 Decoder
CVE-2024-11704
- November 26, 2024
A double-free issue could have occurred in `sec_pkcs7_decoder_start_decrypt()` when handling an error path. Under specific conditions, the same symmetric key could have been freed twice, potentially leading to memory corruption. This vulnerability affects Firefox < 133, Thunderbird < 133, Firefox ESR < 128.7, and Thunderbird < 128.7.
Mozilla Firefox and Thunderbird PKCS#11 Key Derivation Null Pointer Dereference Vulnerability
CVE-2024-11705
- November 26, 2024
`NSC_DeriveKey` inadvertently assumed that the `phKey` parameter is always non-NULL. When it was passed as NULL, a segmentation fault (SEGV) occurred, leading to crashes. This behavior conflicted with the PKCS#11 v3.0 specification, which allows `phKey` to be NULL for certain mechanisms. This vulnerability affects Firefox < 133 and Thunderbird < 133.
Null Pointer Dereference in Mozilla Firefox and Thunderbird's pk12util SEC_ASN1DecodeItem_Util Funct
CVE-2024-11706
- November 26, 2024
A null pointer dereference may have inadvertently occurred in `pk12util`, and specifically in the `SEC_ASN1DecodeItem_Util` function, when handling malformed or improperly formatted input files. This vulnerability affects Firefox < 133 and Thunderbird < 133.
Firefox and Thunderbird: Data Race Vulnerability in PlaybackParams Structure
CVE-2024-11708
- November 26, 2024
Missing thread synchronization primitives could have led to a data race on members of the PlaybackParams structure. This vulnerability affects Firefox < 133 and Thunderbird < 133.
Firefox for iOS URL Bar Spoofing Vulnerability
CVE-2024-53976
- November 26, 2024
Under certain circumstances, navigating to a webpage would result in the address missing from the location URL bar, making it unclear what the URL was for the loaded webpage. This vulnerability affects Firefox for iOS < 133.
Firefox URI Parsing Crash
CVE-2024-10941
6.5 - Medium
- November 06, 2024
A malicious website could have included an iframe with an malformed URI resulting in a non-exploitable browser crash. This vulnerability affects Firefox < 126.
In multipart/x-mixed-replace responses, `Content-Disposition: attachment` in the response header was not respected and did not force a download, which could
CVE-2024-10461
6.1 - Medium
- October 29, 2024
In multipart/x-mixed-replace responses, `Content-Disposition: attachment` in the response header was not respected and did not force a download, which could allow XSS attacks. This vulnerability affects Firefox < 132, Firefox ESR < 128.4, Thunderbird < 128.4, and Thunderbird < 132.
XSS
Truncation of a long URL could have allowed origin spoofing in a permission prompt
CVE-2024-10462
6.5 - Medium
- October 29, 2024
Truncation of a long URL could have allowed origin spoofing in a permission prompt. This vulnerability affects Firefox < 132, Firefox ESR < 128.4, Thunderbird < 128.4, and Thunderbird < 132.
Authentication Bypass by Spoofing
Video frames could have been leaked between origins in some situations
CVE-2024-10463
6.5 - Medium
- October 29, 2024
Video frames could have been leaked between origins in some situations. This vulnerability affects Firefox < 132, Firefox ESR < 128.4, Firefox ESR < 115.17, Thunderbird < 128.4, and Thunderbird < 132.
Side Channel Attack
Repeated writes to history interface attributes could have been used to cause a Denial of Service condition in the browser
CVE-2024-10464
6.5 - Medium
- October 29, 2024
Repeated writes to history interface attributes could have been used to cause a Denial of Service condition in the browser. This was addressed by introducing rate-limiting to this API. This vulnerability affects Firefox < 132, Firefox ESR < 128.4, Thunderbird < 128.4, and Thunderbird < 132.
Out-of-bounds Read
A clipboard "paste" button could persist across tabs which allowed a spoofing attack
CVE-2024-10465
6.5 - Medium
- October 29, 2024
A clipboard "paste" button could persist across tabs which allowed a spoofing attack. This vulnerability affects Firefox < 132, Firefox ESR < 128.4, Thunderbird < 128.4, and Thunderbird < 132.
Authentication Bypass by Spoofing
By sending a specially crafted push message, a remote server could have hung the parent process, causing the browser to become unresponsive
CVE-2024-10466
7.5 - High
- October 29, 2024
By sending a specially crafted push message, a remote server could have hung the parent process, causing the browser to become unresponsive. This vulnerability affects Firefox < 132, Firefox ESR < 128.4, Thunderbird < 128.4, and Thunderbird < 132.
Memory safety bugs present in Firefox 131, Firefox ESR 128.3, and Thunderbird 128.3
CVE-2024-10467
8.8 - High
- October 29, 2024
Memory safety bugs present in Firefox 131, Firefox ESR 128.3, and Thunderbird 128.3. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 132, Firefox ESR < 128.4, Thunderbird < 128.4, and Thunderbird < 132.
Memory Corruption
Potential race conditions in IndexedDB could have caused memory corruption, leading to a potentially exploitable crash
CVE-2024-10468
5.3 - Medium
- October 29, 2024
Potential race conditions in IndexedDB could have caused memory corruption, leading to a potentially exploitable crash. This vulnerability affects Firefox < 132 and Thunderbird < 132.
Race Condition
A permission leak could have occurred from a trusted site to an untrusted site via `embed` or `object` elements
CVE-2024-10458
7.5 - High
- October 29, 2024
A permission leak could have occurred from a trusted site to an untrusted site via `embed` or `object` elements. This vulnerability affects Firefox < 132, Firefox ESR < 128.4, Firefox ESR < 115.17, Thunderbird < 128.4, and Thunderbird < 132.
An attacker could have caused a use-after-free when accessibility was enabled, leading to a potentially exploitable crash
CVE-2024-10459
7.5 - High
- October 29, 2024
An attacker could have caused a use-after-free when accessibility was enabled, leading to a potentially exploitable crash. This vulnerability affects Firefox < 132, Firefox ESR < 128.4, Firefox ESR < 115.17, Thunderbird < 128.4, and Thunderbird < 132.
Dangling pointer
The origin of an external protocol handler prompt could have been obscured using a data: URL within an `iframe`
CVE-2024-10460
5.3 - Medium
- October 29, 2024
The origin of an external protocol handler prompt could have been obscured using a data: URL within an `iframe`. This vulnerability affects Firefox < 132, Firefox ESR < 128.4, Thunderbird < 128.4, and Thunderbird < 132.
An attacker was able to achieve code execution in the content process by exploiting a use-after-free in Animation timelines
CVE-2024-9680
9.8 - Critical
- October 09, 2024
An attacker was able to achieve code execution in the content process by exploiting a use-after-free in Animation timelines. We have had reports of this vulnerability being exploited in the wild. This vulnerability affects Firefox < 131.0.2, Firefox ESR < 128.3.1, Firefox ESR < 115.16.1, Thunderbird < 131.0.1, Thunderbird < 128.3.1, and Thunderbird < 115.16.0.
Dangling pointer
A website configured to initiate a specially crafted WebTransport session could crash the Firefox process leading to a denial of service condition
CVE-2024-9399
7.5 - High
- October 01, 2024
A website configured to initiate a specially crafted WebTransport session could crash the Firefox process leading to a denial of service condition. This vulnerability affects Firefox < 131, Firefox ESR < 128.3, Thunderbird < 128.3, and Thunderbird < 131.
An attacker could, via a specially crafted multipart response, execute arbitrary JavaScript under the `resource://pdf.js` origin
CVE-2024-9393
7.5 - High
- October 01, 2024
An attacker could, via a specially crafted multipart response, execute arbitrary JavaScript under the `resource://pdf.js` origin. This could allow them to access cross-origin PDF content. This access is limited to "same site" documents by the Site Isolation feature on desktop clients, but full cross-origin access is possible on Android versions. This vulnerability affects Firefox < 131, Firefox ESR < 128.3, Firefox ESR < 115.16, Thunderbird < 128.3, and Thunderbird < 131.
An attacker could, via a specially crafted multipart response, execute arbitrary JavaScript under the `resource://devtools` origin
CVE-2024-9394
7.5 - High
- October 01, 2024
An attacker could, via a specially crafted multipart response, execute arbitrary JavaScript under the `resource://devtools` origin. This could allow them to access cross-origin JSON content. This access is limited to "same site" documents by the Site Isolation feature on desktop clients, but full cross-origin access is possible on Android versions. This vulnerability affects Firefox < 131, Firefox ESR < 128.3, Firefox ESR < 115.16, Thunderbird < 128.3, and Thunderbird < 131.
A missing delay in directory upload UI could have made it possible for an attacker to trick a user into granting permission
CVE-2024-9397
6.1 - Medium
- October 01, 2024
A missing delay in directory upload UI could have made it possible for an attacker to trick a user into granting permission via clickjacking. This vulnerability affects Firefox < 131, Firefox ESR < 128.3, Thunderbird < 128.3, and Thunderbird < 131.
Clickjacking
By checking the result of calls to `window.open` with specifically set protocol handlers, an attacker could determine if the application which implements
CVE-2024-9398
5.3 - Medium
- October 01, 2024
By checking the result of calls to `window.open` with specifically set protocol handlers, an attacker could determine if the application which implements that protocol handler is installed. This vulnerability affects Firefox < 131, Firefox ESR < 128.3, Thunderbird < 128.3, and Thunderbird < 131.
An attacker could write data to the user's clipboard, bypassing the user prompt, during a certain sequence of navigational events
CVE-2024-8900
7.5 - High
- September 17, 2024
An attacker could write data to the user's clipboard, bypassing the user prompt, during a certain sequence of navigational events. This vulnerability affects Firefox < 129, Firefox ESR < 128.3, and Thunderbird < 128.3.
Under certain conditions, an attacker with the ability to redirect users to a malicious site
CVE-2024-8897
6.1 - Medium
- September 17, 2024
Under certain conditions, an attacker with the ability to redirect users to a malicious site via an open redirect on a trusted site, may be able to spoof the address bar contents. This can lead to a malicious site to appear to have the same URL as the trusted site. *This bug only affects Firefox for Android. Other versions of Firefox are unaffected.* This vulnerability affects Firefox for Android < 130.0.1.
Open Redirect
A potentially exploitable type confusion could be triggered when looking up a property name on an object being used as the `with` environment
CVE-2024-8381
9.8 - Critical
- September 03, 2024
A potentially exploitable type confusion could be triggered when looking up a property name on an object being used as the `with` environment. This vulnerability affects Firefox < 130, Firefox ESR < 128.2, Firefox ESR < 115.15, Thunderbird < 128.2, and Thunderbird < 115.15.
Object Type Confusion
Internal browser event interfaces were exposed to web content when privileged EventHandler listener callbacks ran for those events
CVE-2024-8382
8.8 - High
- September 03, 2024
Internal browser event interfaces were exposed to web content when privileged EventHandler listener callbacks ran for those events. Web content that tried to use those interfaces would not be able to use them with elevated privileges, but their presence would indicate certain browser features had been used, such as when a user opened the Dev Tools console. This vulnerability affects Firefox < 130, Firefox ESR < 128.2, Firefox ESR < 115.15, Thunderbird < 128.2, and Thunderbird < 115.15.
Firefox normally asks for confirmation before asking the operating system to find an application to handle a scheme
CVE-2024-8383
7.5 - High
- September 03, 2024
Firefox normally asks for confirmation before asking the operating system to find an application to handle a scheme that the browser does not support. It did not ask before doing so for the Usenet-related schemes news: and snews:. Since most operating systems don't have a trusted newsreader installed by default, an unscrupulous program that the user downloaded could register itself as a handler. The website that served the application download could then launch that application at will. This vulnerability affects Firefox < 130, Firefox ESR < 128.2, and Firefox ESR < 115.15.
The JavaScript garbage collector could mis-color cross-compartment objects if OOM conditions were detected at the right point between two passes
CVE-2024-8384
9.8 - Critical
- September 03, 2024
The JavaScript garbage collector could mis-color cross-compartment objects if OOM conditions were detected at the right point between two passes. This could have led to memory corruption. This vulnerability affects Firefox < 130, Firefox ESR < 128.2, Firefox ESR < 115.15, Thunderbird < 128.2, and Thunderbird < 115.15.
Memory Corruption
A difference in the handling of StructFields and ArrayTypes in WASM could be used to trigger an exploitable type confusion vulnerability
CVE-2024-8385
9.8 - Critical
- September 03, 2024
A difference in the handling of StructFields and ArrayTypes in WASM could be used to trigger an exploitable type confusion vulnerability. This vulnerability affects Firefox < 130, Firefox ESR < 128.2, and Thunderbird < 128.2.
Object Type Confusion
If a site had been granted the permission to open popup windows
CVE-2024-8386
6.1 - Medium
- September 03, 2024
If a site had been granted the permission to open popup windows, it could cause Select elements to appear on top of another site to perform a spoofing attack. This vulnerability affects Firefox < 130, Firefox ESR < 128.2, and Thunderbird < 128.2.
Open Redirect
Memory safety bugs present in Firefox 129, Firefox ESR 128.1, and Thunderbird 128.1
CVE-2024-8387
9.8 - Critical
- September 03, 2024
Memory safety bugs present in Firefox 129, Firefox ESR 128.1, and Thunderbird 128.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 130, Firefox ESR < 128.2, and Thunderbird < 128.2.
Memory Corruption
Multiple prompts and panels
CVE-2024-8388
5.3 - Medium
- September 03, 2024
Multiple prompts and panels from both Firefox and the Android OS could be used to obscure the notification announcing the transition to fullscreen mode after the fix for CVE-2023-6870 in Firefox 121. This could lead to spoofing the browser UI if the sudden appearance of the prompt distracted the user from noticing the visual transition happening behind the prompt. These notifications now use the Android Toast feature. *This bug only affects Firefox on Android. Other operating systems are unaffected.* This vulnerability affects Firefox < 130.
Memory safety bugs present in Firefox 129
CVE-2024-8389
9.8 - Critical
- September 03, 2024
Memory safety bugs present in Firefox 129. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 130.
Memory Corruption
Long pressing on a download link could potentially
CVE-2024-43111
6.1 - Medium
- August 06, 2024
Long pressing on a download link could potentially allow Javascript commands to be executed within the browser This vulnerability affects Firefox for iOS < 129.
XSS
Long pressing on a download link could potentially provide a means for cross-site scripting This vulnerability affects Firefox for iOS < 129.
CVE-2024-43112
6.1 - Medium
- August 06, 2024
Long pressing on a download link could potentially provide a means for cross-site scripting This vulnerability affects Firefox for iOS < 129.
XSS
The contextual menu for links could provide an opportunity for cross-site scripting attacks This vulnerability affects Firefox for iOS < 129.
CVE-2024-43113
6.1 - Medium
- August 06, 2024
The contextual menu for links could provide an opportunity for cross-site scripting attacks This vulnerability affects Firefox for iOS < 129.
XSS
Calling `PK11_Encrypt()` in NSS using CKM_CHACHA20 and the same buffer for input and output
CVE-2024-7531
6.5 - Medium
- August 06, 2024
Calling `PK11_Encrypt()` in NSS using CKM_CHACHA20 and the same buffer for input and output can result in plaintext on an Intel Sandy Bridge processor. In Firefox this only affects the QUIC header protection feature when the connection is using the ChaCha20-Poly1305 cipher suite. The most likely outcome is connection failure, but if the connection persists despite the high packet loss it could be possible for a network observer to identify packets as coming from the same source despite a network path change. This vulnerability affects Firefox < 129, Firefox ESR < 115.14, and Firefox ESR < 128.1.
Incorrect garbage collection interaction could have led to a use-after-free
CVE-2024-7530
8.8 - High
- August 06, 2024
Incorrect garbage collection interaction could have led to a use-after-free. This vulnerability affects Firefox < 129.
Dangling pointer
The date picker could partially obscure security prompts
CVE-2024-7529
6.5 - Medium
- August 06, 2024
The date picker could partially obscure security prompts. This could be used by a malicious site to trick a user into granting permissions. This vulnerability affects Firefox < 129, Firefox ESR < 115.14, Firefox ESR < 128.1, Thunderbird < 128.1, and Thunderbird < 115.14.
Incorrect garbage collection interaction in IndexedDB could have led to a use-after-free
CVE-2024-7528
8.8 - High
- August 06, 2024
Incorrect garbage collection interaction in IndexedDB could have led to a use-after-free. This vulnerability affects Firefox < 129, Firefox ESR < 128.1, and Thunderbird < 128.1.
Dangling pointer
Unexpected marking work at the start of sweeping could have led to a use-after-free
CVE-2024-7527
8.8 - High
- August 06, 2024
Unexpected marking work at the start of sweeping could have led to a use-after-free. This vulnerability affects Firefox < 129, Firefox ESR < 115.14, Firefox ESR < 128.1, Thunderbird < 128.1, and Thunderbird < 115.14.
Dangling pointer
ANGLE failed to initialize parameters which lead to reading from uninitialized memory
CVE-2024-7526
6.5 - Medium
- August 06, 2024
ANGLE failed to initialize parameters which lead to reading from uninitialized memory. This could be leveraged to leak sensitive data from memory. This vulnerability affects Firefox < 129, Firefox ESR < 115.14, Firefox ESR < 128.1, Thunderbird < 128.1, and Thunderbird < 115.14.
Use of Uninitialized Resource
It was possible for a web extension with minimal permissions to create a `StreamFilter`
CVE-2024-7525
8.1 - High
- August 06, 2024
It was possible for a web extension with minimal permissions to create a `StreamFilter` which could be used to read and modify the response body of requests on any site. This vulnerability affects Firefox < 129, Firefox ESR < 115.14, Firefox ESR < 128.1, Thunderbird < 128.1, and Thunderbird < 115.14.
Incorrect Default Permissions
Editor code failed to check an attribute value
CVE-2024-7522
8.8 - High
- August 06, 2024
Editor code failed to check an attribute value. This could have led to an out-of-bounds read. This vulnerability affects Firefox < 129, Firefox ESR < 115.14, Firefox ESR < 128.1, Thunderbird < 128.1, and Thunderbird < 115.14.
Out-of-bounds Read
Incomplete WebAssembly exception handing could have led to a use-after-free
CVE-2024-7521
8.8 - High
- August 06, 2024
Incomplete WebAssembly exception handing could have led to a use-after-free. This vulnerability affects Firefox < 129, Firefox ESR < 115.14, Firefox ESR < 128.1, Thunderbird < 128.1, and Thunderbird < 115.14.
Improper Handling of Exceptional Conditions
A type confusion bug in WebAssembly could be leveraged by an attacker to potentially achieve code execution
CVE-2024-7520
8.8 - High
- August 06, 2024
A type confusion bug in WebAssembly could be leveraged by an attacker to potentially achieve code execution. This vulnerability affects Firefox < 129, Firefox ESR < 128.1, and Thunderbird < 128.1.
Object Type Confusion
Insufficient checks when processing graphics shared memory could have led to memory corruption
CVE-2024-7519
9.6 - Critical
- August 06, 2024
Insufficient checks when processing graphics shared memory could have led to memory corruption. This could be leveraged by an attacker to perform a sandbox escape. This vulnerability affects Firefox < 129, Firefox ESR < 115.14, Firefox ESR < 128.1, Thunderbird < 128.1, and Thunderbird < 115.14.
Memory Corruption
Select options could obscure the fullscreen notification dialog
CVE-2024-7518
6.5 - Medium
- August 06, 2024
Select options could obscure the fullscreen notification dialog. This could be used by a malicious site to perform a spoofing attack. This vulnerability affects Firefox < 129, Firefox ESR < 128.1, and Thunderbird < 128.1.
A select option could partially obscure security prompts
CVE-2024-7523
8.1 - High
- August 06, 2024
A select option could partially obscure security prompts. This could be used by a malicious site to trick a user into granting permissions. *This issue only affects Android versions of Firefox.* This vulnerability affects Firefox < 129.
Clickjacking
Firefox adds web-compatibility shims in place of some tracking scripts blocked by Enhanced Tracking Protection
CVE-2024-7524
6.1 - Medium
- August 06, 2024
Firefox adds web-compatibility shims in place of some tracking scripts blocked by Enhanced Tracking Protection. On a site protected by Content Security Policy in "strict-dynamic" mode, an attacker able to inject an HTML element could have used a DOM Clobbering attack on some of the shims and achieved XSS, bypassing the CSP strict-dynamic protection. This vulnerability affects Firefox < 129, Firefox ESR < 115.14, and Firefox ESR < 128.1.
XSS
It was possible to move the cursor using pointerlock from an iframe
CVE-2024-6608
4.3 - Medium
- July 09, 2024
It was possible to move the cursor using pointerlock from an iframe. This allowed moving the cursor outside of the viewport and the Firefox window. This vulnerability affects Firefox < 128 and Thunderbird < 128.
When almost out-of-memory an elliptic curve key which was never allocated could have been freed again
CVE-2024-6609
8.8 - High
- July 09, 2024
When almost out-of-memory an elliptic curve key which was never allocated could have been freed again. This vulnerability affects Firefox < 128 and Thunderbird < 128.
Form validation popups could capture escape key presses
CVE-2024-6610
4.3 - Medium
- July 09, 2024
Form validation popups could capture escape key presses. Therefore, spamming form validation messages could be used to prevent users from exiting full-screen mode. This vulnerability affects Firefox < 128 and Thunderbird < 128.
When browsing private tabs
CVE-2024-38312
6.5 - Medium
- June 13, 2024
When browsing private tabs, some data related to location history or webpage thumbnails could be persisted incorrectly within the sandboxed app bundle after app termination This vulnerability affects Firefox for iOS < 127.
In certain scenarios a malicious website could attempt to display a fake location URL bar
CVE-2024-38313
4.3 - Medium
- June 13, 2024
In certain scenarios a malicious website could attempt to display a fake location URL bar which could mislead users as to the actual website address This vulnerability affects Firefox for iOS < 127.
By monitoring the time certain operations take, an attacker could have guessed
CVE-2024-5690
4.3 - Medium
- June 11, 2024
By monitoring the time certain operations take, an attacker could have guessed which external protocol handlers were functional on a user's system. This vulnerability affects Firefox < 127, Firefox ESR < 115.12, and Thunderbird < 115.12.
Side Channel Attack
By tricking the browser with a `X-Frame-Options` header, a sandboxed iframe could have presented a button
CVE-2024-5691
4.7 - Medium
- June 11, 2024
By tricking the browser with a `X-Frame-Options` header, a sandboxed iframe could have presented a button that, if clicked by a user, would bypass restrictions to open a new window. This vulnerability affects Firefox < 127, Firefox ESR < 115.12, and Thunderbird < 115.12.
By manipulating the fullscreen feature while opening a data-list, an attacker could have overlaid a text box over the address bar
CVE-2024-5698
6.1 - Medium
- June 11, 2024
By manipulating the fullscreen feature while opening a data-list, an attacker could have overlaid a text box over the address bar. This could have led to user confusion and possible spoofing attacks. This vulnerability affects Firefox < 127.
Clickjacking
In addition to detecting when a user was taking a screenshot (XXX), a website was able to overlay the 'My Shots' button
CVE-2024-5689
4.3 - Medium
- June 11, 2024
In addition to detecting when a user was taking a screenshot (XXX), a website was able to overlay the 'My Shots' button that appeared, and direct the user to a replica Firefox Screenshots page that could be used for phishing. This vulnerability affects Firefox < 127.
If an out-of-memory condition occurs at a specific point using allocations in the probabilistic heap checker
CVE-2024-5695
9.8 - Critical
- June 11, 2024
If an out-of-memory condition occurs at a specific point using allocations in the probabilistic heap checker, an assertion could have been triggered, and in rarer situations, memory corruption could have occurred. This vulnerability affects Firefox < 127.
Memory Corruption
An attacker could have caused a use-after-free in the JavaScript engine to read memory in the JavaScript string section of the heap
CVE-2024-5694
7.5 - High
- June 11, 2024
An attacker could have caused a use-after-free in the JavaScript engine to read memory in the JavaScript string section of the heap. This vulnerability affects Firefox < 127.
Dangling pointer
A website was able to detect when a user took a screenshot of a page using the built-in Screenshot functionality in Firefox
CVE-2024-5697
4.3 - Medium
- June 11, 2024
A website was able to detect when a user took a screenshot of a page using the built-in Screenshot functionality in Firefox. This vulnerability affects Firefox < 127.
Memory safety bugs present in Firefox 125, Firefox ESR 115.10, and Thunderbird 115.10
CVE-2024-4777
8.8 - High
- May 14, 2024
Memory safety bugs present in Firefox 125, Firefox ESR 115.10, and Thunderbird 115.10. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 126, Firefox ESR < 115.11, and Thunderbird < 115.11.
Memory Corruption
The `ShmemCharMapHashEntry()` code was susceptible to potentially undefined behavior by bypassing the move semantics for one of its data members
CVE-2024-4774
6.5 - Medium
- May 14, 2024
The `ShmemCharMapHashEntry()` code was susceptible to potentially undefined behavior by bypassing the move semantics for one of its data members. This vulnerability affects Firefox < 126.
A type check was missing when handling fonts in PDF.js, which would allow arbitrary JavaScript execution in the PDF.js context
CVE-2024-4367
8.8 - High
- May 14, 2024
A type check was missing when handling fonts in PDF.js, which would allow arbitrary JavaScript execution in the PDF.js context. This vulnerability affects Firefox < 126, Firefox ESR < 115.11, and Thunderbird < 115.11.
The executable file warning was not presented when downloading .xrm-ms files
CVE-2024-3863
9.8 - Critical
- April 16, 2024
The executable file warning was not presented when downloading .xrm-ms files. *Note: This issue only affected Windows operating systems. Other operating systems are unaffected.* This vulnerability affects Firefox < 125, Firefox ESR < 115.10, and Thunderbird < 115.10.
Through a series of API calls and redirects
CVE-2024-1547
6.5 - Medium
- February 20, 2024
Through a series of API calls and redirects, an attacker-controlled alert dialog could have been displayed on another website (with the victim website's URL shown). This vulnerability affects Firefox < 123, Firefox ESR < 115.8, and Thunderbird < 115.8.
A malicious website could have used a combination of exiting fullscreen mode and `requestPointerLock` to cause the user's mouse to be re-positioned unexpectedly
CVE-2024-1550
6.1 - Medium
- February 20, 2024
A malicious website could have used a combination of exiting fullscreen mode and `requestPointerLock` to cause the user's mouse to be re-positioned unexpectedly, which could have led to user confusion and inadvertently granting permissions they did not intend to grant. This vulnerability affects Firefox < 123, Firefox ESR < 115.8, and Thunderbird < 115.8.
Clickjacking
When a user scans a QR Code with the QR Code Scanner feature
CVE-2024-0953
6.1 - Medium
- February 05, 2024
When a user scans a QR Code with the QR Code Scanner feature, the user is not prompted before being navigated to the page specified in the code. This may surprise the user and potentially direct them to unwanted content. This vulnerability affects Firefox for iOS < 129.
Open Redirect
It was possible for certain browser prompts and dialogs to be activated or dismissed unintentionally by the user due to an incorrect timestamp used to prevent input after page load
CVE-2024-0742
4.3 - Medium
- January 23, 2024
It was possible for certain browser prompts and dialogs to be activated or dismissed unintentionally by the user due to an incorrect timestamp used to prevent input after page load. This vulnerability affects Firefox < 122, Firefox ESR < 115.7, and Thunderbird < 115.7.
Memory safety bugs present in Firefox 121, Firefox ESR 115.6, and Thunderbird 115.6
CVE-2024-0755
8.8 - High
- January 23, 2024
Memory safety bugs present in Firefox 121, Firefox ESR 115.6, and Thunderbird 115.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 122, Firefox ESR < 115.7, and Thunderbird < 115.7.
In some circumstances, JIT compiled code could have dereferenced a wild pointer value
CVE-2024-0744
7.5 - High
- January 23, 2024
In some circumstances, JIT compiled code could have dereferenced a wild pointer value. This could have led to an exploitable crash. This vulnerability affects Firefox < 122.
Buffer Overflow
An unchecked return value in TLS handshake code could have caused a potentially exploitable crash
CVE-2024-0743
7.5 - High
- January 23, 2024
An unchecked return value in TLS handshake code could have caused a potentially exploitable crash. This vulnerability affects Firefox < 122, Firefox ESR < 115.9, and Thunderbird < 115.9.
Unchecked Return Value
An out of bounds write in ANGLE could have allowed an attacker to corrupt memory leading to a potentially exploitable crash
CVE-2024-0741
6.5 - Medium
- January 23, 2024
An out of bounds write in ANGLE could have allowed an attacker to corrupt memory leading to a potentially exploitable crash. This vulnerability affects Firefox < 122, Firefox ESR < 115.7, and Thunderbird < 115.7.
Memory Corruption
Some WASM source files could have caused a crash when loaded in devtools
CVE-2024-0754
6.5 - Medium
- January 23, 2024
Some WASM source files could have caused a crash when loaded in devtools. This vulnerability affects Firefox < 122.
In specific HSTS configurations an attacker could have bypassed HSTS on a subdomain
CVE-2024-0753
6.5 - Medium
- January 23, 2024
In specific HSTS configurations an attacker could have bypassed HSTS on a subdomain. This vulnerability affects Firefox < 122, Firefox ESR < 115.7, and Thunderbird < 115.7.
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Debian Linux or by Mozilla? Click the Watch button to subscribe.
