Vulnerabilities (CVE)

Filtered by vendor Mozilla Subscribe
Filtered by product Firefox Esr
Total 749 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2021-38492 2 Microsoft, Mozilla 4 Windows, Firefox, Firefox Esr and 1 more 2024-10-21 4.3 MEDIUM 6.5 MEDIUM
When delegating navigations to the operating system, Firefox would accept the `mk` scheme which might allow attackers to launch pages and execute scripts in Internet Explorer in unprivileged mode. *This bug only affects Firefox for Windows. Other operating systems are unaffected.*. This vulnerability affects Firefox < 92, Thunderbird < 91.1, Thunderbird < 78.14, Firefox ESR < 78.14, and Firefox ESR < 91.1.
CVE-2013-5595 1 Mozilla 5 Firefox, Firefox Esr, Seamonkey and 2 more 2024-10-21 4.3 MEDIUM N/A
The JavaScript engine in Mozilla Firefox before 25.0, Firefox ESR 17.x before 17.0.10 and 24.x before 24.1, Thunderbird before 24.1, Thunderbird ESR 17.x before 17.0.10, and SeaMonkey before 2.22 does not properly allocate memory for unspecified functions, which allows remote attackers to conduct buffer overflow attacks via a crafted web page.
CVE-2018-12366 4 Canonical, Debian, Mozilla and 1 more 11 Ubuntu Linux, Debian Linux, Firefox and 8 more 2024-10-21 4.3 MEDIUM 6.5 MEDIUM
An invalid grid size during QCMS (color profile) transformations can result in the out-of-bounds read interpreted as a float value. This could leak private data into the output. This vulnerability affects Thunderbird < 60, Thunderbird < 52.9, Firefox ESR < 60.1, Firefox ESR < 52.9, and Firefox < 61.
CVE-2013-5601 1 Mozilla 5 Firefox, Firefox Esr, Seamonkey and 2 more 2024-10-21 10.0 HIGH N/A
Use-after-free vulnerability in the nsEventListenerManager::SetEventHandler function in Mozilla Firefox before 25.0, Firefox ESR 17.x before 17.0.10 and 24.x before 24.1, Thunderbird before 24.1, Thunderbird ESR 17.x before 17.0.10, and SeaMonkey before 2.22 allows remote attackers to execute arbitrary code via vectors related to a memory allocation through the garbage collection (GC) API.
CVE-2023-4584 1 Mozilla 3 Firefox, Firefox Esr, Thunderbird 2024-10-21 N/A 8.8 HIGH
Memory safety bugs present in Firefox 116, Firefox ESR 102.14, Firefox ESR 115.1, Thunderbird 102.14, and Thunderbird 115.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 117, Firefox ESR < 102.15, Firefox ESR < 115.2, Thunderbird < 102.15, and Thunderbird < 115.2.
CVE-2017-5436 4 Debian, Mozilla, Redhat and 1 more 11 Debian Linux, Firefox, Firefox Esr and 8 more 2024-10-21 6.8 MEDIUM 8.8 HIGH
An out-of-bounds write in the Graphite 2 library triggered with a maliciously crafted Graphite font. This results in a potentially exploitable crash. This issue was fixed in the Graphite 2 library as well as Mozilla products. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53.
CVE-2017-5438 3 Debian, Mozilla, Redhat 10 Debian Linux, Firefox, Firefox Esr and 7 more 2024-10-21 7.5 HIGH 9.8 CRITICAL
A use-after-free vulnerability during XSLT processing due to the result handler being held by a freed handler during handling. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53.
CVE-2024-0755 2 Debian, Mozilla 4 Debian Linux, Firefox, Firefox Esr and 1 more 2024-10-18 N/A 8.8 HIGH
Memory safety bugs present in Firefox 121, Firefox ESR 115.6, and Thunderbird 115.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 122, Firefox ESR < 115.7, and Thunderbird < 115.7.
CVE-2024-9680 1 Mozilla 3 Firefox, Firefox Esr, Thunderbird 2024-10-16 N/A 9.8 CRITICAL
An attacker was able to achieve code execution in the content process by exploiting a use-after-free in Animation timelines. We have had reports of this vulnerability being exploited in the wild. This vulnerability affects Firefox < 131.0.2, Firefox ESR < 128.3.1, Firefox ESR < 115.16.1, Thunderbird < 131.0.1, Thunderbird < 128.3.1, and Thunderbird < 115.16.0.
CVE-2024-9397 1 Mozilla 3 Firefox, Firefox Esr, Thunderbird 2024-10-11 N/A 6.1 MEDIUM
A missing delay in directory upload UI could have made it possible for an attacker to trick a user into granting permission via clickjacking. This vulnerability affects Firefox < 131, Firefox ESR < 128.3, Thunderbird < 128.3, and Thunderbird < 131.
CVE-2023-4583 1 Mozilla 3 Firefox, Firefox Esr, Thunderbird 2024-09-19 N/A 7.5 HIGH
When checking if the Browsing Context had been discarded in `HttpBaseChannel`, if the load group was not available then it was assumed to have already been discarded which was not always the case for private channels after the private session had ended. This vulnerability affects Firefox < 117, Firefox ESR < 115.2, and Thunderbird < 115.2.
CVE-2023-4582 2 Apple, Mozilla 4 Macos, Firefox, Firefox Esr and 1 more 2024-09-19 N/A 8.8 HIGH
Due to large allocation checks in Angle for glsl shaders being too lenient a buffer overflow could have occured when allocating too much private shader memory on mac OS. *This bug only affects Firefox on macOS. Other operating systems are unaffected.* This vulnerability affects Firefox < 117, Firefox ESR < 115.2, and Thunderbird < 115.2.
CVE-2023-4585 1 Mozilla 3 Firefox, Firefox Esr, Thunderbird 2024-09-19 N/A 8.8 HIGH
Memory safety bugs present in Firefox 116, Firefox ESR 115.1, and Thunderbird 115.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 117, Firefox ESR < 115.2, and Thunderbird < 115.2.
CVE-2024-7526 1 Mozilla 3 Firefox, Firefox Esr, Thunderbird 2024-09-17 N/A 6.5 MEDIUM
ANGLE failed to initialize parameters which lead to reading from uninitialized memory. This could be leveraged to leak sensitive data from memory. This vulnerability affects Firefox < 129, Firefox ESR < 115.14, Firefox ESR < 128.1, Thunderbird < 128.1, and Thunderbird < 115.14.
CVE-2023-5728 2 Debian, Mozilla 4 Debian Linux, Firefox, Firefox Esr and 1 more 2024-09-11 N/A 7.5 HIGH
During garbage collection extra operations were performed on a object that should not be. This could have led to a potentially exploitable crash. This vulnerability affects Firefox < 119, Firefox ESR < 115.4, and Thunderbird < 115.4.1.
CVE-2023-5724 2 Debian, Mozilla 4 Debian Linux, Firefox, Firefox Esr and 1 more 2024-09-11 N/A 7.5 HIGH
Drivers are not always robust to extremely large draw calls and in some cases this scenario could have led to a crash. This vulnerability affects Firefox < 119, Firefox ESR < 115.4, and Thunderbird < 115.4.1.
CVE-2024-8387 1 Mozilla 3 Firefox, Firefox Esr, Thunderbird 2024-09-06 N/A 9.8 CRITICAL
Memory safety bugs present in Firefox 129, Firefox ESR 128.1, and Thunderbird 128.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 130, Firefox ESR < 128.2, and Thunderbird < 128.2.
CVE-2024-8385 1 Mozilla 2 Firefox, Firefox Esr 2024-09-06 N/A 9.8 CRITICAL
A difference in the handling of StructFields and ArrayTypes in WASM could be used to trigger an exploitable type confusion vulnerability. This vulnerability affects Firefox < 130, Firefox ESR < 128.2, and Thunderbird < 128.2.
CVE-2024-8384 1 Mozilla 2 Firefox, Firefox Esr 2024-09-06 N/A 9.8 CRITICAL
The JavaScript garbage collector could mis-color cross-compartment objects if OOM conditions were detected at the right point between two passes. This could have led to memory corruption. This vulnerability affects Firefox < 130, Firefox ESR < 128.2, Firefox ESR < 115.15, Thunderbird < 128.2, and Thunderbird < 115.15.
CVE-2024-8381 1 Mozilla 2 Firefox, Firefox Esr 2024-09-06 N/A 9.8 CRITICAL
A potentially exploitable type confusion could be triggered when looking up a property name on an object being used as the `with` environment. This vulnerability affects Firefox < 130, Firefox ESR < 128.2, Firefox ESR < 115.15, Thunderbird < 128.2, and Thunderbird < 115.15.