Skip to main content

Firefox Esr

461 CVEs product

Monthly

CVE-2020-6812 MEDIUM This Month

The first time AirPods are connected to an iPhone, they become named after the user's name by default (e.g. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Information Disclosure Firefox Firefox Esr Thunderbird +1
NVD
CVSS 3.1
5.3
EPSS
1.6%
CVE-2020-6811 HIGH POC This Week

The 'Copy as cURL' feature of Devtools' network tab did not properly escape the HTTP method of a request, which can be controlled by the website. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Mozilla Command Injection Firefox Firefox Esr Thunderbird +1
NVD
CVSS 3.1
8.8
EPSS
3.2%
CVE-2020-6807 HIGH This Week

When a device was changed while a stream was about to be destroyed, the <code>stream-reinit</code> task may have been executed after the stream was destroyed, causing a use-after-free and a. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Use After Free Mozilla Memory Corruption Firefox +3
NVD
CVSS 3.1
8.8
EPSS
1.2%
CVE-2020-6806 HIGH This Week

By carefully crafting promise resolutions, it was possible to cause an out-of-bounds read off the end of an array resized during script execution. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Mozilla Information Disclosure Firefox Firefox Esr +2
NVD
CVSS 3.1
8.8
EPSS
2.5%
CVE-2020-6805 HIGH This Week

When removing data about an origin whose tab was recently closed, a use-after-free could occur in the Quota manager, resulting in a potentially exploitable crash. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Use After Free Mozilla Memory Corruption Firefox +3
NVD
CVSS 3.1
8.8
EPSS
1.2%
CVE-2020-6800 HIGH This Week

Mozilla developers and community members reported memory safety bugs present in Firefox 72 and Firefox ESR 68.4. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Mozilla Memory Corruption Firefox +3
NVD
CVSS 3.1
8.8
EPSS
2.3%
CVE-2020-6799 HIGH PATCH This Week

Command line arguments could have been injected during Firefox invocation as a shell handler for certain unsupported file types. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Mozilla Microsoft Code Injection Firefox Firefox Esr
NVD
CVSS 3.1
8.8
EPSS
1.5%
CVE-2020-6798 MEDIUM This Month

If a template tag was used in a select tag, the parser could be confused and allow JavaScript parsing and execution when it should not be allowed. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Mozilla Firefox Firefox Esr Thunderbird
NVD
CVSS 3.1
6.1
EPSS
2.1%
CVE-2020-6797 MEDIUM This Month

By downloading a file with the .fileloc extension, a semi-privileged extension could launch an arbitrary application on the user's computer. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Information Disclosure Firefox Firefox Esr Thunderbird
NVD
CVSS 3.1
4.3
EPSS
1.4%
CVE-2020-6796 HIGH This Week

A content process could have modified shared memory relating to crash reporting information, crash itself, and cause an out-of-bound write. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Mozilla Memory Corruption Firefox Firefox Esr
NVD
CVSS 3.1
8.8
EPSS
1.6%
CVE-2019-11753 HIGH This Week

The Firefox installer allows Firefox to be installed to a custom user writable location, leaving it unprotected from manipulation by unprivileged users or malware. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Microsoft Mozilla Firefox Firefox Esr
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2019-11752 HIGH This Week

It is possible to delete an IndexedDB key value and subsequently try to extract it during conversion. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Use After Free Mozilla Memory Corruption Firefox +2
NVD
CVSS 3.1
8.8
EPSS
2.2%
CVE-2019-11751 HIGH This Week

Logging-related command line parameters are not properly sanitized when Firefox is launched by another program, such as when a user clicks on malicious links in a chat application. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Mozilla Information Disclosure Firefox Firefox Esr
NVD
CVSS 3.1
8.8
EPSS
1.1%
CVE-2019-11750 MEDIUM This Month

A type confusion vulnerability exists in Spidermonkey, which results in a non-exploitable crash. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Mozilla Memory Corruption Firefox Firefox Esr
NVD
CVSS 3.1
6.5
EPSS
1.3%
CVE-2019-11749 MEDIUM This Month

A vulnerability exists in WebRTC where malicious web content can use probing techniques on the getUserMedia API using constraints to reveal device properties of cameras on the system without. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Information Disclosure Firefox Firefox Esr
NVD
CVSS 3.1
4.3
EPSS
0.9%
CVE-2019-11748 MEDIUM This Month

WebRTC in Firefox will honor persisted permissions given to sites for access to microphone and camera resources even when in a third-party context. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Information Disclosure Firefox Firefox Esr
NVD
CVSS 3.1
6.5
EPSS
1.0%
CVE-2019-11747 MEDIUM This Month

The "Forget about this site" feature in the History pane is intended to remove all saved user data that indicates a user has visited a site. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Information Disclosure Firefox Firefox Esr
NVD
CVSS 3.1
6.5
EPSS
1.2%
CVE-2019-11746 HIGH This Week

A use-after-free vulnerability can occur while manipulating video elements if the body is freed while still in use. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Use After Free Mozilla Memory Corruption Firefox +2
NVD
CVSS 3.1
8.8
EPSS
1.7%
CVE-2019-11743 LOW POC Monitor

Navigation events were not fully adhering to the W3C's "Navigation-Timing Level 2" draft specification in some instances for the unload event, which restricts access to detailed timing attributes to. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Mozilla Information Disclosure Firefox Firefox Esr Thunderbird
NVD
CVSS 3.1
3.7
EPSS
1.8%
CVE-2019-11742 MEDIUM This Month

A same-origin policy violation occurs allowing the theft of cross-origin images through a combination of SVG filters and a &lt;canvas&gt; element due to an error in how same-origin policy is applied. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Information Disclosure Firefox Firefox Esr Thunderbird
NVD
CVSS 3.1
6.5
EPSS
1.7%
CVE-2019-11740 HIGH This Week

Mozilla developers and community members reported memory safety bugs present in Firefox 68, Firefox ESR 68, and Firefox 60.8. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Mozilla RCE Memory Corruption Firefox +4
NVD
CVSS 3.1
8.8
EPSS
1.6%
CVE-2019-11738 MEDIUM POC This Month

If a Content Security Policy (CSP) directive is defined that uses a hash-based source that takes the empty string as input, execution of any javascript: URIs will be allowed. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Mozilla Firefox Firefox Esr Leap
NVD
CVSS 3.1
6.3
EPSS
1.4%
CVE-2019-11736 HIGH This Week

The Mozilla Maintenance Service does not guard against files being hardlinked to another file in the updates directory, allowing for the replacement of local files, including the Maintenance Service. Rated high severity (CVSS 7.0). No vendor patch available.

Race Condition Microsoft Mozilla Privilege Escalation Firefox +1
NVD
CVSS 3.1
7.0
EPSS
0.2%
CVE-2019-11735 HIGH This Week

Mozilla developers and community members reported memory safety bugs present in Firefox 68 and Firefox ESR 68. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Mozilla RCE Memory Corruption Firefox +2
NVD
CVSS 3.1
8.8
EPSS
1.2%
CVE-2019-9820 CRITICAL Act Now

A use-after-free vulnerability can occur in the chrome event handler when it is freed while still in use. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Memory Corruption Google Use After Free Mozilla +3
NVD
CVSS 3.0
9.8
EPSS
1.6%
CVE-2019-9819 CRITICAL Act Now

A vulnerability where a JavaScript compartment mismatch can occur while working with the fetch API, resulting in a potentially exploitable crash. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Mozilla Memory Corruption Firefox Firefox Esr +1
NVD
CVSS 3.0
9.8
EPSS
1.7%
CVE-2019-9818 HIGH This Week

A race condition is present in the crash generation server used to generate data for the crash reporter. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Race Condition Denial Of Service Microsoft Mozilla Firefox +2
NVD
CVSS 3.1
8.3
EPSS
1.0%
CVE-2019-9817 MEDIUM This Month

Images from a different domain can be read using a canvas object in some circumstances. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Information Disclosure Firefox Firefox Esr Thunderbird
NVD
CVSS 3.0
5.3
EPSS
0.8%
CVE-2019-9816 MEDIUM POC This Month

A possible vulnerability exists where type confusion can occur when manipulating JavaScript objects in object groups, allowing for the bypassing of security checks within these groups. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Authentication Bypass Mozilla Memory Corruption Firefox Firefox Esr +1
NVD Exploit-DB
CVSS 3.0
5.9
EPSS
6.2%
CVE-2019-9815 HIGH This Week

If hyperthreading is not disabled, a timing attack vulnerability exists, similar to previous Spectre attacks. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Mozilla Apple Information Disclosure Firefox Firefox Esr +1
NVD
CVSS 3.0
8.1
EPSS
1.8%
CVE-2019-9811 HIGH POC This Week

As part of a winning Pwn2Own entry, a researcher demonstrated a sandbox escape by installing a malicious language pack and then opening a browser feature that used the compromised translation. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Mozilla Information Disclosure Firefox Firefox Esr Thunderbird +3
NVD
CVSS 3.1
8.3
EPSS
2.6%
CVE-2019-9800 CRITICAL Act Now

Mozilla developers and community members reported memory safety bugs present in Firefox 66, Firefox ESR 60.6, and Thunderbird 60.6. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Mozilla RCE Memory Corruption Firefox +2
NVD
CVSS 3.0
9.8
EPSS
1.8%
CVE-2019-11730 MEDIUM This Month

A vulnerability exists where if a user opens a locally saved HTML file, this file can use file: URIs to access other files in the same directory or sub-directories if the names are known or guessed. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Mozilla Information Disclosure Firefox Firefox Esr +4
NVD
CVSS 3.1
6.5
EPSS
20.3%
CVE-2019-11691 CRITICAL Act Now

A use-after-free vulnerability can occur when working with XMLHttpRequest (XHR) in an event loop, causing the XHR main thread to be called after it has been freed. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Use After Free Mozilla Memory Corruption Firefox +2
NVD
CVSS 3.0
9.8
EPSS
1.6%
CVE-2019-9801 MEDIUM This Month

Firefox will accept any registered Program ID as an external protocol handler and offer to launch this local application when given a matching URL on Windows operating systems. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Mozilla Information Disclosure Firefox Firefox Esr +1
NVD
CVSS 3.0
5.3
EPSS
1.3%
CVE-2019-9795 CRITICAL Act Now

A vulnerability where type-confusion in the IonMonkey just-in-time (JIT) compiler could potentially be used by malicious JavaScript to trigger a potentially exploitable crash. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Mozilla Firefox Firefox Esr Thunderbird
NVD
CVSS 3.0
9.8
EPSS
1.7%
CVE-2019-9793 MEDIUM This Month

A mechanism was discovered that removes some bounds checking for string, array, or typed array accesses if Spectre mitigations have been disabled. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Buffer Overflow Mozilla Firefox Firefox Esr Thunderbird
NVD
CVSS 3.0
5.9
EPSS
1.6%
CVE-2018-5188 CRITICAL Act Now

Memory safety bugs present in Firefox 60, Firefox ESR 60, and Firefox ESR 52.8. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla RCE Buffer Overflow Debian Linux Ubuntu Linux +9
NVD
CVSS 3.0
9.8
EPSS
3.9%
CVE-2018-12385 HIGH This Week

A potentially exploitable crash in TransportSecurityInfo used for SSL can be triggered by data stored in the local cache in the user profile directory. Rated high severity (CVSS 7.0). No vendor patch available.

Mozilla Denial Of Service Enterprise Linux Desktop Enterprise Linux Server Enterprise Linux Server Aus +8
NVD
CVSS 3.0
7.0
EPSS
0.4%
CVE-2018-12383 MEDIUM POC This Month

If a user saved passwords before Firefox 58 and then later set a master password, an unencrypted copy of these passwords is still accessible. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Mozilla Information Disclosure Enterprise Linux Desktop Enterprise Linux Server Enterprise Linux Server Aus +8
NVD
CVSS 3.0
5.5
EPSS
0.5%
CVE-2018-12368 HIGH POC This Week

Windows 10 does not warn users before opening executable files with the SettingContent-ms extension even when they have been downloaded from the internet and have the "Mark of the Web." Without the. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Mozilla Microsoft RCE Firefox Firefox Esr +1
NVD
CVSS 3.0
8.1
EPSS
4.8%
CVE-2018-12366 MEDIUM This Month

An invalid grid size during QCMS (color profile) transformations can result in the out-of-bounds read interpreted as a float value. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Information Disclosure Buffer Overflow Enterprise Linux Desktop Enterprise Linux Server +9
NVD
CVSS 3.0
6.5
EPSS
3.2%
CVE-2018-12365 MEDIUM This Month

A compromised IPC child process can escape the content sandbox and list the names of arbitrary files on the file system without user consent or interaction. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Information Disclosure Enterprise Linux Desktop Enterprise Linux Server Enterprise Linux Server Aus +8
NVD
CVSS 3.0
6.5
EPSS
3.2%
CVE-2018-12364 HIGH This Week

NPAPI plugins, such as Adobe Flash, can send non-simple cross-origin requests, bypassing CORS by making a same-origin POST that does a 307 redirect to the target site. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla CSRF Adobe Enterprise Linux Desktop Enterprise Linux Server +9
NVD
CVSS 3.0
8.8
EPSS
1.8%
CVE-2018-12363 HIGH This Week

A use-after-free vulnerability can occur when script uses mutation events to move DOM nodes between documents, resulting in the old document that held the node being freed but the node still having a. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Memory Corruption Denial Of Service Use After Free Enterprise Linux Desktop +10
NVD
CVSS 3.0
8.8
EPSS
3.1%
CVE-2018-12362 HIGH This Week

An integer overflow can occur during graphics operations done by the Supplemental Streaming SIMD Extensions 3 (SSSE3) scaler, resulting in a potentially exploitable crash. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Integer Overflow Mozilla Denial Of Service Enterprise Linux Desktop Enterprise Linux Server +9
NVD
CVSS 3.0
8.8
EPSS
3.8%
CVE-2018-12361 HIGH This Week

An integer overflow can occur in the SwizzleData code while calculating buffer sizes. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Integer Overflow Mozilla Denial Of Service Firefox Firefox Esr +3
NVD
CVSS 3.0
8.8
EPSS
2.8%
CVE-2018-12360 HIGH This Week

A use-after-free vulnerability can occur when deleting an input element during a mutation event handler triggered by focusing that element. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Memory Corruption Denial Of Service Use After Free Enterprise Linux Desktop +10
NVD
CVSS 3.0
8.8
EPSS
3.1%
CVE-2018-12359 HIGH This Week

A buffer overflow can occur when rendering canvas content while adjusting the height and width of the canvas element dynamically, causing data to be written outside of the currently computed. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Buffer Overflow Enterprise Linux Desktop Enterprise Linux Server Enterprise Linux Server Aus +8
NVD
CVSS 3.0
8.8
EPSS
4.6%
CVE-2015-2743 HIGH This Week

PDF.js in Mozilla Firefox before 39.0 and Firefox ESR 31.x before 31.8 and 38.x before 38.1 enables excessive privileges for internal Workers, which might allow remote attackers to execute arbitrary. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Mozilla RCE Firefox Firefox Esr Solaris +3
NVD
CVSS 2.0
7.5
EPSS
1.1%
CVE-2015-2741 MEDIUM This Month

Mozilla Firefox before 39.0, Firefox ESR 38.x before 38.1, and Thunderbird before 38.1 do not enforce key pinning upon encountering an X.509 certificate problem that generates a user dialog, which. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Mozilla Authentication Bypass Firefox Solaris Firefox Esr
NVD
CVSS 2.0
4.3
EPSS
0.4%
CVE-2015-2740 CRITICAL Act Now

Buffer overflow in the nsXMLHttpRequest::AppendToResponseText function in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and Thunderbird before 38.1 might allow. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Mozilla Buffer Overflow Thunderbird Firefox +7
NVD
CVSS 2.0
10.0
EPSS
3.5%
CVE-2015-2739 CRITICAL Act Now

The ArrayBufferBuilder::append function in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and Thunderbird before 38.1 accesses unintended memory locations, which has. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Mozilla Buffer Overflow Firefox Suse Linux Enterprise Software Development Kit Ubuntu Linux +6
NVD
CVSS 2.0
10.0
EPSS
1.1%
CVE-2015-2738 CRITICAL Act Now

The YCbCrImageDataDeserializer::ToDataSourceSurface function in the YCbCr implementation in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and Thunderbird before 38.1. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Mozilla Information Disclosure Ubuntu Linux Linux Enterprise Desktop Linux Enterprise Server +7
NVD
CVSS 2.0
10.0
EPSS
1.3%
CVE-2015-2737 CRITICAL Act Now

The rx::d3d11::SetBufferData function in the Direct3D 11 implementation in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and Thunderbird before 38.1 reads data from. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Mozilla Information Disclosure Firefox Firefox Esr Ubuntu Linux +7
NVD
CVSS 2.0
10.0
EPSS
1.3%
CVE-2015-2736 CRITICAL Act Now

The nsZipArchive::BuildFileList function in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and Thunderbird before 38.1 accesses unintended memory locations, which. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. No vendor patch available.

Mozilla Information Disclosure Firefox Thunderbird Firefox Esr +6
NVD
CVSS 2.0
9.3
EPSS
1.2%
CVE-2015-2735 CRITICAL Act Now

nsZipArchive.cpp in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and Thunderbird before 38.1 accesses unintended memory locations, which allows remote attackers to. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. No vendor patch available.

Mozilla Information Disclosure Firefox Firefox Esr Thunderbird +6
NVD
CVSS 2.0
9.3
EPSS
1.2%
CVE-2015-2734 CRITICAL Act Now

The CairoTextureClientD3D9::BorrowDrawTarget function in the Direct3D 9 implementation in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and Thunderbird before 38.1. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Mozilla Information Disclosure Linux Enterprise Desktop Linux Enterprise Server Linux Enterprise Software Development Kit +7
NVD
CVSS 2.0
10.0
EPSS
1.3%
CVE-2015-2733 CRITICAL Act Now

Use-after-free vulnerability in the CanonicalizeXPCOMParticipant function in Mozilla Firefox before 39.0 and Firefox ESR 31.x before 31.8 and 38.x before 38.1 allows remote attackers to execute. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Mozilla RCE Firefox Solaris Firefox Esr +2
NVD
CVSS 2.0
10.0
EPSS
2.7%
CVE-2015-2731 CRITICAL Act Now

Use-after-free vulnerability in the CSPService::ShouldLoad function in the microtask implementation in Mozilla Firefox before 39.0, Firefox ESR 38.x before 38.1, and Thunderbird before 38.1 allows. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Mozilla RCE Firefox Thunderbird Solaris +1
NVD
CVSS 2.0
10.0
EPSS
0.9%
CVE-2015-2729 MEDIUM This Month

The AudioParamTimeline::AudioNodeInputValue function in the Web Audio implementation in Mozilla Firefox before 39.0 and Firefox ESR 38.x before 38.1 does not properly calculate an oscillator. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Mozilla Buffer Overflow Firefox Firefox Esr +2
NVD
CVSS 2.0
5.0
EPSS
0.4%
CVE-2015-2728 HIGH This Week

The IndexedDatabaseManager class in the IndexedDB implementation in Mozilla Firefox before 39.0 and Firefox ESR 31.x before 31.8 and 38.x before 38.1 misinterprets an unspecified IDBDatabase field as. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Mozilla RCE Buffer Overflow Suse Linux Enterprise Desktop +4
NVD
CVSS 2.0
7.5
EPSS
1.1%
CVE-2015-2725 CRITICAL Act Now

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 39.0, Firefox ESR 38.x before 38.1, and Thunderbird before 38.1 allow remote attackers to cause a denial of. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Mozilla Buffer Overflow RCE Suse Linux Enterprise Software Development Kit +6
NVD
CVSS 2.0
10.0
EPSS
1.6%
CVE-2015-2724 CRITICAL Act Now

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and Thunderbird before 38.1 allow remote attackers to. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Mozilla Buffer Overflow RCE Solaris +8
NVD
CVSS 2.0
10.0
EPSS
0.9%
CVE-2015-2722 CRITICAL Act Now

Use-after-free vulnerability in the CanonicalizeXPCOMParticipant function in Mozilla Firefox before 39.0 and Firefox ESR 31.x before 31.8 and 38.x before 38.1 allows remote attackers to execute. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Mozilla RCE Solaris Firefox Firefox Esr +3
NVD
CVSS 2.0
10.0
EPSS
2.3%
CVE-2015-2716 HIGH This Week

Buffer overflow in the XML parser in Mozilla Firefox before 38.0, Firefox ESR 31.x before 31.7, and Thunderbird before 31.7 allows remote attackers to execute arbitrary code by providing a large. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Mozilla Buffer Overflow RCE Firefox Suse Linux Enterprise Software Development Kit +6
NVD
CVSS 2.0
7.5
EPSS
5.6%
CVE-2015-2713 MEDIUM This Month

Use-after-free vulnerability in the SetBreaks function in Mozilla Firefox before 38.0, Firefox ESR 31.x before 31.7, and Thunderbird before 31.7 allows remote attackers to execute arbitrary code or. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Mozilla RCE Buffer Overflow Suse Linux Enterprise Software Development Kit +6
NVD
CVSS 2.0
6.8
EPSS
1.8%
CVE-2015-2710 MEDIUM This Month

Heap-based buffer overflow in the SVGTextFrame class in Mozilla Firefox before 38.0, Firefox ESR 31.x before 31.7, and Thunderbird before 31.7 allows remote attackers to execute arbitrary code via. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Mozilla Buffer Overflow RCE Thunderbird Firefox +5
NVD
CVSS 2.0
6.8
EPSS
2.4%
CVE-2015-2708 HIGH This Week

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 38.0, Firefox ESR 31.x before 31.7, and Thunderbird before 31.7 allow remote attackers to cause a denial of. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Mozilla RCE Buffer Overflow Suse Linux Enterprise Software Development Kit +6
NVD
CVSS 2.0
7.5
EPSS
1.3%
CVE-2015-0807 MEDIUM This Month

The navigator.sendBeacon implementation in Mozilla Firefox before 37.0, Firefox ESR 31.x before 31.6, and Thunderbird before 31.6 processes HTTP 30x status codes for redirects after a preflight. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

CSRF Mozilla Firefox Firefox Esr Thunderbird
NVD
CVSS 2.0
6.8
EPSS
0.1%
CVE-2015-0801 HIGH This Week

Mozilla Firefox before 37.0, Firefox ESR 31.x before 31.6, and Thunderbird before 31.6 allow remote attackers to bypass the Same Origin Policy and execute arbitrary JavaScript code with chrome. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Mozilla Privilege Escalation Google Firefox Firefox Esr +2
NVD
CVSS 2.0
7.5
EPSS
1.2%
CVE-2015-0818 HIGH This Week

Mozilla Firefox before 36.0.4, Firefox ESR 31.x before 31.5.3, and SeaMonkey before 2.33.1 allow remote attackers to bypass the Same Origin Policy and execute arbitrary JavaScript code with chrome. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Mozilla Privilege Escalation Google Firefox Firefox Esr +2
NVD
CVSS 2.0
7.5
EPSS
2.1%
CVE-2015-0817 MEDIUM This Month

The asm.js implementation in Mozilla Firefox before 36.0.3, Firefox ESR 31.x before 31.5.2, and SeaMonkey before 2.33.1 does not properly determine the cases in which bounds checking may be safely. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Mozilla RCE Firefox Firefox Esr Seamonkey
NVD
CVSS 2.0
6.8
EPSS
1.3%
CVE-2015-0836 HIGH This Week

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 36.0, Firefox ESR 31.x before 31.5, and Thunderbird before 31.5 allow remote attackers to cause a denial of. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Mozilla RCE Buffer Overflow Firefox +2
NVD
CVSS 2.0
7.5
EPSS
1.5%
CVE-2015-0833 MEDIUM This Month

Multiple untrusted search path vulnerabilities in updater.exe in Mozilla Firefox before 36.0, Firefox ESR 31.x before 31.5, and Thunderbird before 31.5 on Windows, when the Maintenance Service is not. Rated medium severity (CVSS 6.9). No vendor patch available.

Mozilla Information Disclosure Microsoft Evergreen Opensuse +3
NVD
CVSS 2.0
6.9
EPSS
0.1%
CVE-2015-0831 MEDIUM This Month

Use-after-free vulnerability in the mozilla::dom::IndexedDB::IDBObjectStore::CreateIndex function in Mozilla Firefox before 36.0, Firefox ESR 31.x before 31.5, and Thunderbird before 31.5 allows. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Mozilla RCE Buffer Overflow Thunderbird +4
NVD
CVSS 2.0
6.8
EPSS
2.0%
CVE-2015-0827 MEDIUM This Month

Heap-based buffer overflow in the mozilla::gfx::CopyRect function in Mozilla Firefox before 36.0, Firefox ESR 31.x before 31.5, and Thunderbird before 31.5 allows remote attackers to obtain sensitive. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Mozilla Buffer Overflow Firefox Firefox Esr Thunderbird
NVD
CVSS 2.0
4.3
EPSS
1.0%
CVE-2015-0822 MEDIUM This Month

The Form Autocompletion feature in Mozilla Firefox before 36.0, Firefox ESR 31.x before 31.5, and Thunderbird before 31.5 allows remote attackers to read arbitrary files via crafted JavaScript code. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Mozilla Information Disclosure Firefox Thunderbird Firefox Esr
NVD
CVSS 2.0
4.3
EPSS
0.6%
CVE-2014-8641 HIGH This Week

Use-after-free vulnerability in the WebRTC implementation in Mozilla Firefox before 35.0, Firefox ESR 31.x before 31.4, and SeaMonkey before 2.32 allows remote attackers to execute arbitrary code via. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Mozilla RCE Seamonkey Firefox Firefox Esr
NVD
CVSS 2.0
7.5
EPSS
1.5%
CVE-2014-8639 MEDIUM This Month

Mozilla Firefox before 35.0, Firefox ESR 31.x before 31.4, Thunderbird before 31.4, and SeaMonkey before 2.32 do not properly interpret Set-Cookie headers within responses that have a 407 (aka Proxy. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Mozilla Information Disclosure Seamonkey Firefox Firefox Esr +1
NVD
CVSS 2.0
6.8
EPSS
1.8%
CVE-2014-8638 MEDIUM This Month

The navigator.sendBeacon implementation in Mozilla Firefox before 35.0, Firefox ESR 31.x before 31.4, Thunderbird before 31.4, and SeaMonkey before 2.32 omits the CORS Origin header, which allows. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

CSRF Mozilla Firefox Firefox Esr Thunderbird +1
NVD
CVSS 2.0
6.8
EPSS
0.5%
CVE-2014-8634 HIGH This Week

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 35.0, Firefox ESR 31.x before 31.4, Thunderbird before 31.4, and SeaMonkey before 2.32 allow remote attackers to. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Mozilla RCE Buffer Overflow Firefox +3
NVD
CVSS 2.0
7.5
EPSS
1.7%
CVE-2014-1595 LOW Monitor

Mozilla Firefox before 34.0, Firefox ESR 31.x before 31.3, and Thunderbird before 31.3 on Apple OS X 10.10 omit a CoreGraphics disable-logging action that is needed by jemalloc-based applications,. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. No vendor patch available.

Apple Mozilla Information Disclosure Firefox Firefox Esr +1
NVD
CVSS 2.0
2.1
EPSS
0.1%
CVE-2014-1568 HIGH Act Now

Mozilla Network Security Services (NSS) before 3.16.2.1, 3.16.x before 3.16.5, and 3.17.x before 3.17.1, as used in Mozilla Firefox before 32.0.3, Mozilla Firefox ESR 24.x before 24.8.1 and 31.x. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 30.9% and no vendor patch available.

Mozilla Google Information Disclosure Microsoft Chrome +5
NVD
CVSS 2.0
7.5
EPSS
30.9%
CVE-2014-1567 CRITICAL Act Now

Use-after-free vulnerability in DirectionalityUtils.cpp in Mozilla Firefox before 32.0, Firefox ESR 24.x before 24.8 and 31.x before 31.1, and Thunderbird 24.x before 24.8 and 31.x before 31.1 allows. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. No vendor patch available.

Mozilla RCE Firefox Firefox Esr Thunderbird
NVD
CVSS 2.0
9.3
EPSS
2.6%
CVE-2014-1562 CRITICAL Act Now

Unspecified vulnerability in the browser engine in Mozilla Firefox before 32.0, Firefox ESR 24.x before 24.8 and 31.x before 31.1, and Thunderbird 24.x before 24.8 and 31.x before 31.1 allows remote. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Mozilla Buffer Overflow RCE Firefox +2
NVD
CVSS 2.0
10.0
EPSS
1.3%
CVE-2014-1557 CRITICAL Act Now

The ConvolveHorizontally function in Skia, as used in Mozilla Firefox before 31.0, Firefox ESR 24.x before 24.7, and Thunderbird before 24.7, does not properly handle the discarding of image data. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. No vendor patch available.

RCE Mozilla Code Injection Solaris Firefox +3
NVD
CVSS 2.0
9.3
EPSS
2.4%
CVE-2014-1556 CRITICAL Act Now

Mozilla Firefox before 31.0, Firefox ESR 24.x before 24.7, and Thunderbird before 24.7 allow remote attackers to execute arbitrary code via crafted WebGL content constructed with the Cesium. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. No vendor patch available.

RCE Mozilla Code Injection Firefox Firefox Esr +1
NVD
CVSS 2.0
9.3
EPSS
0.9%
CVE-2014-1555 CRITICAL Act Now

Use-after-free vulnerability in the nsDocLoader::OnProgress function in Mozilla Firefox before 31.0, Firefox ESR 24.x before 24.7, and Thunderbird before 24.7 allows remote attackers to execute. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. No vendor patch available.

Mozilla RCE Firefox Firefox Esr Thunderbird
NVD
CVSS 2.0
9.3
EPSS
3.4%
CVE-2014-1551 CRITICAL Act Now

Use-after-free vulnerability in the FontTableRec destructor in Mozilla Firefox before 31.0, Firefox ESR 24.x before 24.7, and Thunderbird before 24.7 on Windows allows remote attackers to execute. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Mozilla RCE Microsoft Firefox Firefox Esr +1
NVD
CVSS 2.0
10.0
EPSS
5.4%
EPSS 2% CVSS 5.3
MEDIUM This Month

The first time AirPods are connected to an iPhone, they become named after the user's name by default (e.g. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Information Disclosure Firefox +3
NVD
EPSS 3% CVSS 8.8
HIGH POC This Week

The 'Copy as cURL' feature of Devtools' network tab did not properly escape the HTTP method of a request, which can be controlled by the website. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Mozilla Command Injection Firefox +3
NVD
EPSS 1% CVSS 8.8
HIGH This Week

When a device was changed while a stream was about to be destroyed, the <code>stream-reinit</code> task may have been executed after the stream was destroyed, causing a use-after-free and a. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Use After Free Mozilla +5
NVD
EPSS 3% CVSS 8.8
HIGH This Week

By carefully crafting promise resolutions, it was possible to cause an out-of-bounds read off the end of an array resized during script execution. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Mozilla Information Disclosure +4
NVD
EPSS 1% CVSS 8.8
HIGH This Week

When removing data about an origin whose tab was recently closed, a use-after-free could occur in the Quota manager, resulting in a potentially exploitable crash. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Use After Free Mozilla +5
NVD
EPSS 2% CVSS 8.8
HIGH This Week

Mozilla developers and community members reported memory safety bugs present in Firefox 72 and Firefox ESR 68.4. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Mozilla +5
NVD
EPSS 1% CVSS 8.8
HIGH PATCH This Week

Command line arguments could have been injected during Firefox invocation as a shell handler for certain unsupported file types. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Mozilla Microsoft Code Injection +2
NVD
EPSS 2% CVSS 6.1
MEDIUM This Month

If a template tag was used in a select tag, the parser could be confused and allow JavaScript parsing and execution when it should not be allowed. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Mozilla Firefox +2
NVD
EPSS 1% CVSS 4.3
MEDIUM This Month

By downloading a file with the .fileloc extension, a semi-privileged extension could launch an arbitrary application on the user's computer. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Information Disclosure Firefox +2
NVD
EPSS 2% CVSS 8.8
HIGH This Week

A content process could have modified shared memory relating to crash reporting information, crash itself, and cause an out-of-bound write. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Mozilla Memory Corruption +2
NVD
EPSS 0% CVSS 7.8
HIGH This Week

The Firefox installer allows Firefox to be installed to a custom user writable location, leaving it unprotected from manipulation by unprivileged users or malware. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Microsoft Mozilla +2
NVD
EPSS 2% CVSS 8.8
HIGH This Week

It is possible to delete an IndexedDB key value and subsequently try to extract it during conversion. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Use After Free Mozilla +4
NVD
EPSS 1% CVSS 8.8
HIGH This Week

Logging-related command line parameters are not properly sanitized when Firefox is launched by another program, such as when a user clicks on malicious links in a chat application. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Mozilla Information Disclosure +2
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

A type confusion vulnerability exists in Spidermonkey, which results in a non-exploitable crash. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Mozilla Memory Corruption +2
NVD
EPSS 1% CVSS 4.3
MEDIUM This Month

A vulnerability exists in WebRTC where malicious web content can use probing techniques on the getUserMedia API using constraints to reveal device properties of cameras on the system without. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Information Disclosure Firefox +1
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

WebRTC in Firefox will honor persisted permissions given to sites for access to microphone and camera resources even when in a third-party context. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Information Disclosure Firefox +1
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

The "Forget about this site" feature in the History pane is intended to remove all saved user data that indicates a user has visited a site. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Information Disclosure Firefox +1
NVD
EPSS 2% CVSS 8.8
HIGH This Week

A use-after-free vulnerability can occur while manipulating video elements if the body is freed while still in use. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Use After Free Mozilla +4
NVD
EPSS 2% CVSS 3.7
LOW POC Monitor

Navigation events were not fully adhering to the W3C's "Navigation-Timing Level 2" draft specification in some instances for the unload event, which restricts access to detailed timing attributes to. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Mozilla Information Disclosure Firefox +2
NVD
EPSS 2% CVSS 6.5
MEDIUM This Month

A same-origin policy violation occurs allowing the theft of cross-origin images through a combination of SVG filters and a &lt;canvas&gt; element due to an error in how same-origin policy is applied. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Information Disclosure Firefox +2
NVD
EPSS 2% CVSS 8.8
HIGH This Week

Mozilla developers and community members reported memory safety bugs present in Firefox 68, Firefox ESR 68, and Firefox 60.8. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Mozilla RCE +6
NVD
EPSS 1% CVSS 6.3
MEDIUM POC This Month

If a Content Security Policy (CSP) directive is defined that uses a hash-based source that takes the empty string as input, execution of any javascript: URIs will be allowed. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Mozilla Firefox +2
NVD
EPSS 0% CVSS 7.0
HIGH This Week

The Mozilla Maintenance Service does not guard against files being hardlinked to another file in the updates directory, allowing for the replacement of local files, including the Maintenance Service. Rated high severity (CVSS 7.0). No vendor patch available.

Race Condition Microsoft Mozilla +3
NVD
EPSS 1% CVSS 8.8
HIGH This Week

Mozilla developers and community members reported memory safety bugs present in Firefox 68 and Firefox ESR 68. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Mozilla RCE +4
NVD
EPSS 2% CVSS 9.8
CRITICAL Act Now

A use-after-free vulnerability can occur in the chrome event handler when it is freed while still in use. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Memory Corruption Google +5
NVD
EPSS 2% CVSS 9.8
CRITICAL Act Now

A vulnerability where a JavaScript compartment mismatch can occur while working with the fetch API, resulting in a potentially exploitable crash. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Mozilla Memory Corruption +3
NVD
EPSS 1% CVSS 8.3
HIGH This Week

A race condition is present in the crash generation server used to generate data for the crash reporter. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Race Condition Denial Of Service Microsoft +4
NVD
EPSS 1% CVSS 5.3
MEDIUM This Month

Images from a different domain can be read using a canvas object in some circumstances. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Information Disclosure Firefox +2
NVD
EPSS 6% CVSS 5.9
MEDIUM POC This Month

A possible vulnerability exists where type confusion can occur when manipulating JavaScript objects in object groups, allowing for the bypassing of security checks within these groups. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Authentication Bypass Mozilla Memory Corruption +3
NVD Exploit-DB
EPSS 2% CVSS 8.1
HIGH This Week

If hyperthreading is not disabled, a timing attack vulnerability exists, similar to previous Spectre attacks. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Mozilla Apple Information Disclosure +3
NVD
EPSS 3% CVSS 8.3
HIGH POC This Week

As part of a winning Pwn2Own entry, a researcher demonstrated a sandbox escape by installing a malicious language pack and then opening a browser feature that used the compromised translation. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Mozilla Information Disclosure Firefox +5
NVD
EPSS 2% CVSS 9.8
CRITICAL Act Now

Mozilla developers and community members reported memory safety bugs present in Firefox 66, Firefox ESR 60.6, and Thunderbird 60.6. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Mozilla RCE +4
NVD
EPSS 20% CVSS 6.5
MEDIUM This Month

A vulnerability exists where if a user opens a locally saved HTML file, this file can use file: URIs to access other files in the same directory or sub-directories if the names are known or guessed. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Mozilla Information Disclosure +6
NVD
EPSS 2% CVSS 9.8
CRITICAL Act Now

A use-after-free vulnerability can occur when working with XMLHttpRequest (XHR) in an event loop, causing the XHR main thread to be called after it has been freed. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Use After Free Mozilla +4
NVD
EPSS 1% CVSS 5.3
MEDIUM This Month

Firefox will accept any registered Program ID as an external protocol handler and offer to launch this local application when given a matching URL on Windows operating systems. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Mozilla Information Disclosure +3
NVD
EPSS 2% CVSS 9.8
CRITICAL Act Now

A vulnerability where type-confusion in the IonMonkey just-in-time (JIT) compiler could potentially be used by malicious JavaScript to trigger a potentially exploitable crash. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Mozilla Firefox +2
NVD
EPSS 2% CVSS 5.9
MEDIUM This Month

A mechanism was discovered that removes some bounds checking for string, array, or typed array accesses if Spectre mitigations have been disabled. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Buffer Overflow Mozilla Firefox +2
NVD
EPSS 4% CVSS 9.8
CRITICAL Act Now

Memory safety bugs present in Firefox 60, Firefox ESR 60, and Firefox ESR 52.8. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla RCE Buffer Overflow +11
NVD
EPSS 0% CVSS 7.0
HIGH This Week

A potentially exploitable crash in TransportSecurityInfo used for SSL can be triggered by data stored in the local cache in the user profile directory. Rated high severity (CVSS 7.0). No vendor patch available.

Mozilla Denial Of Service Enterprise Linux Desktop +10
NVD
EPSS 0% CVSS 5.5
MEDIUM POC This Month

If a user saved passwords before Firefox 58 and then later set a master password, an unencrypted copy of these passwords is still accessible. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Mozilla Information Disclosure Enterprise Linux Desktop +10
NVD
EPSS 5% CVSS 8.1
HIGH POC This Week

Windows 10 does not warn users before opening executable files with the SettingContent-ms extension even when they have been downloaded from the internet and have the "Mark of the Web." Without the. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Mozilla Microsoft RCE +3
NVD
EPSS 3% CVSS 6.5
MEDIUM This Month

An invalid grid size during QCMS (color profile) transformations can result in the out-of-bounds read interpreted as a float value. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Information Disclosure Buffer Overflow +11
NVD
EPSS 3% CVSS 6.5
MEDIUM This Month

A compromised IPC child process can escape the content sandbox and list the names of arbitrary files on the file system without user consent or interaction. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Information Disclosure Enterprise Linux Desktop +10
NVD
EPSS 2% CVSS 8.8
HIGH This Week

NPAPI plugins, such as Adobe Flash, can send non-simple cross-origin requests, bypassing CORS by making a same-origin POST that does a 307 redirect to the target site. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla CSRF Adobe +11
NVD
EPSS 3% CVSS 8.8
HIGH This Week

A use-after-free vulnerability can occur when script uses mutation events to move DOM nodes between documents, resulting in the old document that held the node being freed but the node still having a. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Memory Corruption Denial Of Service +12
NVD
EPSS 4% CVSS 8.8
HIGH This Week

An integer overflow can occur during graphics operations done by the Supplemental Streaming SIMD Extensions 3 (SSSE3) scaler, resulting in a potentially exploitable crash. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Integer Overflow Mozilla Denial Of Service +11
NVD
EPSS 3% CVSS 8.8
HIGH This Week

An integer overflow can occur in the SwizzleData code while calculating buffer sizes. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Integer Overflow Mozilla Denial Of Service +5
NVD
EPSS 3% CVSS 8.8
HIGH This Week

A use-after-free vulnerability can occur when deleting an input element during a mutation event handler triggered by focusing that element. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Memory Corruption Denial Of Service +12
NVD
EPSS 5% CVSS 8.8
HIGH This Week

A buffer overflow can occur when rendering canvas content while adjusting the height and width of the canvas element dynamically, causing data to be written outside of the currently computed. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Buffer Overflow Enterprise Linux Desktop +10
NVD
EPSS 1% CVSS 7.5
HIGH This Week

PDF.js in Mozilla Firefox before 39.0 and Firefox ESR 31.x before 31.8 and 38.x before 38.1 enables excessive privileges for internal Workers, which might allow remote attackers to execute arbitrary. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Mozilla RCE Firefox +5
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

Mozilla Firefox before 39.0, Firefox ESR 38.x before 38.1, and Thunderbird before 38.1 do not enforce key pinning upon encountering an X.509 certificate problem that generates a user dialog, which. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Mozilla Authentication Bypass Firefox +2
NVD
EPSS 3% CVSS 10.0
CRITICAL Act Now

Buffer overflow in the nsXMLHttpRequest::AppendToResponseText function in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and Thunderbird before 38.1 might allow. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Mozilla Buffer Overflow +9
NVD
EPSS 1% CVSS 10.0
CRITICAL Act Now

The ArrayBufferBuilder::append function in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and Thunderbird before 38.1 accesses unintended memory locations, which has. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Mozilla Buffer Overflow Firefox +8
NVD
EPSS 1% CVSS 10.0
CRITICAL Act Now

The YCbCrImageDataDeserializer::ToDataSourceSurface function in the YCbCr implementation in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and Thunderbird before 38.1. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Mozilla Information Disclosure Ubuntu Linux +9
NVD
EPSS 1% CVSS 10.0
CRITICAL Act Now

The rx::d3d11::SetBufferData function in the Direct3D 11 implementation in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and Thunderbird before 38.1 reads data from. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Mozilla Information Disclosure Firefox +9
NVD
EPSS 1% CVSS 9.3
CRITICAL Act Now

The nsZipArchive::BuildFileList function in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and Thunderbird before 38.1 accesses unintended memory locations, which. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. No vendor patch available.

Mozilla Information Disclosure Firefox +8
NVD
EPSS 1% CVSS 9.3
CRITICAL Act Now

nsZipArchive.cpp in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and Thunderbird before 38.1 accesses unintended memory locations, which allows remote attackers to. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. No vendor patch available.

Mozilla Information Disclosure Firefox +8
NVD
EPSS 1% CVSS 10.0
CRITICAL Act Now

The CairoTextureClientD3D9::BorrowDrawTarget function in the Direct3D 9 implementation in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and Thunderbird before 38.1. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Mozilla Information Disclosure Linux Enterprise Desktop +9
NVD
EPSS 3% CVSS 10.0
CRITICAL Act Now

Use-after-free vulnerability in the CanonicalizeXPCOMParticipant function in Mozilla Firefox before 39.0 and Firefox ESR 31.x before 31.8 and 38.x before 38.1 allows remote attackers to execute. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Mozilla RCE Firefox +4
NVD
EPSS 1% CVSS 10.0
CRITICAL Act Now

Use-after-free vulnerability in the CSPService::ShouldLoad function in the microtask implementation in Mozilla Firefox before 39.0, Firefox ESR 38.x before 38.1, and Thunderbird before 38.1 allows. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Mozilla RCE Firefox +3
NVD
EPSS 0% CVSS 5.0
MEDIUM This Month

The AudioParamTimeline::AudioNodeInputValue function in the Web Audio implementation in Mozilla Firefox before 39.0 and Firefox ESR 38.x before 38.1 does not properly calculate an oscillator. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Mozilla Buffer Overflow +4
NVD
EPSS 1% CVSS 7.5
HIGH This Week

The IndexedDatabaseManager class in the IndexedDB implementation in Mozilla Firefox before 39.0 and Firefox ESR 31.x before 31.8 and 38.x before 38.1 misinterprets an unspecified IDBDatabase field as. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Mozilla RCE +6
NVD
EPSS 2% CVSS 10.0
CRITICAL Act Now

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 39.0, Firefox ESR 38.x before 38.1, and Thunderbird before 38.1 allow remote attackers to cause a denial of. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Mozilla Buffer Overflow +8
NVD
EPSS 1% CVSS 10.0
CRITICAL Act Now

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and Thunderbird before 38.1 allow remote attackers to. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Mozilla Buffer Overflow +10
NVD
EPSS 2% CVSS 10.0
CRITICAL Act Now

Use-after-free vulnerability in the CanonicalizeXPCOMParticipant function in Mozilla Firefox before 39.0 and Firefox ESR 31.x before 31.8 and 38.x before 38.1 allows remote attackers to execute. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Mozilla RCE Solaris +5
NVD
EPSS 6% CVSS 7.5
HIGH This Week

Buffer overflow in the XML parser in Mozilla Firefox before 38.0, Firefox ESR 31.x before 31.7, and Thunderbird before 31.7 allows remote attackers to execute arbitrary code by providing a large. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Mozilla Buffer Overflow RCE +8
NVD
EPSS 2% CVSS 6.8
MEDIUM This Month

Use-after-free vulnerability in the SetBreaks function in Mozilla Firefox before 38.0, Firefox ESR 31.x before 31.7, and Thunderbird before 31.7 allows remote attackers to execute arbitrary code or. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Mozilla RCE +8
NVD
EPSS 2% CVSS 6.8
MEDIUM This Month

Heap-based buffer overflow in the SVGTextFrame class in Mozilla Firefox before 38.0, Firefox ESR 31.x before 31.7, and Thunderbird before 31.7 allows remote attackers to execute arbitrary code via. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Mozilla Buffer Overflow RCE +7
NVD
EPSS 1% CVSS 7.5
HIGH This Week

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 38.0, Firefox ESR 31.x before 31.7, and Thunderbird before 31.7 allow remote attackers to cause a denial of. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Mozilla RCE +8
NVD
EPSS 0% CVSS 6.8
MEDIUM This Month

The navigator.sendBeacon implementation in Mozilla Firefox before 37.0, Firefox ESR 31.x before 31.6, and Thunderbird before 31.6 processes HTTP 30x status codes for redirects after a preflight. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

CSRF Mozilla Firefox +2
NVD
EPSS 1% CVSS 7.5
HIGH This Week

Mozilla Firefox before 37.0, Firefox ESR 31.x before 31.6, and Thunderbird before 31.6 allow remote attackers to bypass the Same Origin Policy and execute arbitrary JavaScript code with chrome. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Mozilla Privilege Escalation Google +4
NVD
EPSS 2% CVSS 7.5
HIGH This Week

Mozilla Firefox before 36.0.4, Firefox ESR 31.x before 31.5.3, and SeaMonkey before 2.33.1 allow remote attackers to bypass the Same Origin Policy and execute arbitrary JavaScript code with chrome. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Mozilla Privilege Escalation Google +4
NVD
EPSS 1% CVSS 6.8
MEDIUM This Month

The asm.js implementation in Mozilla Firefox before 36.0.3, Firefox ESR 31.x before 31.5.2, and SeaMonkey before 2.33.1 does not properly determine the cases in which bounds checking may be safely. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Mozilla RCE Firefox +2
NVD
EPSS 1% CVSS 7.5
HIGH This Week

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 36.0, Firefox ESR 31.x before 31.5, and Thunderbird before 31.5 allow remote attackers to cause a denial of. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Mozilla RCE +4
NVD
EPSS 0% CVSS 6.9
MEDIUM This Month

Multiple untrusted search path vulnerabilities in updater.exe in Mozilla Firefox before 36.0, Firefox ESR 31.x before 31.5, and Thunderbird before 31.5 on Windows, when the Maintenance Service is not. Rated medium severity (CVSS 6.9). No vendor patch available.

Mozilla Information Disclosure Microsoft +5
NVD
EPSS 2% CVSS 6.8
MEDIUM This Month

Use-after-free vulnerability in the mozilla::dom::IndexedDB::IDBObjectStore::CreateIndex function in Mozilla Firefox before 36.0, Firefox ESR 31.x before 31.5, and Thunderbird before 31.5 allows. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Mozilla RCE +6
NVD
EPSS 1% CVSS 4.3
MEDIUM This Month

Heap-based buffer overflow in the mozilla::gfx::CopyRect function in Mozilla Firefox before 36.0, Firefox ESR 31.x before 31.5, and Thunderbird before 31.5 allows remote attackers to obtain sensitive. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Mozilla Buffer Overflow Firefox +2
NVD
EPSS 1% CVSS 4.3
MEDIUM This Month

The Form Autocompletion feature in Mozilla Firefox before 36.0, Firefox ESR 31.x before 31.5, and Thunderbird before 31.5 allows remote attackers to read arbitrary files via crafted JavaScript code. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Mozilla Information Disclosure Firefox +2
NVD
EPSS 2% CVSS 7.5
HIGH This Week

Use-after-free vulnerability in the WebRTC implementation in Mozilla Firefox before 35.0, Firefox ESR 31.x before 31.4, and SeaMonkey before 2.32 allows remote attackers to execute arbitrary code via. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Mozilla RCE Seamonkey +2
NVD
EPSS 2% CVSS 6.8
MEDIUM This Month

Mozilla Firefox before 35.0, Firefox ESR 31.x before 31.4, Thunderbird before 31.4, and SeaMonkey before 2.32 do not properly interpret Set-Cookie headers within responses that have a 407 (aka Proxy. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Mozilla Information Disclosure Seamonkey +3
NVD
EPSS 0% CVSS 6.8
MEDIUM This Month

The navigator.sendBeacon implementation in Mozilla Firefox before 35.0, Firefox ESR 31.x before 31.4, Thunderbird before 31.4, and SeaMonkey before 2.32 omits the CORS Origin header, which allows. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

CSRF Mozilla Firefox +3
NVD
EPSS 2% CVSS 7.5
HIGH This Week

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 35.0, Firefox ESR 31.x before 31.4, Thunderbird before 31.4, and SeaMonkey before 2.32 allow remote attackers to. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Mozilla RCE +5
NVD
EPSS 0% CVSS 2.1
LOW Monitor

Mozilla Firefox before 34.0, Firefox ESR 31.x before 31.3, and Thunderbird before 31.3 on Apple OS X 10.10 omit a CoreGraphics disable-logging action that is needed by jemalloc-based applications,. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. No vendor patch available.

Apple Mozilla Information Disclosure +3
NVD
EPSS 31% CVSS 7.5
HIGH Act Now

Mozilla Network Security Services (NSS) before 3.16.2.1, 3.16.x before 3.16.5, and 3.17.x before 3.17.1, as used in Mozilla Firefox before 32.0.3, Mozilla Firefox ESR 24.x before 24.8.1 and 31.x. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 30.9% and no vendor patch available.

Mozilla Google Information Disclosure +7
NVD
EPSS 3% CVSS 9.3
CRITICAL Act Now

Use-after-free vulnerability in DirectionalityUtils.cpp in Mozilla Firefox before 32.0, Firefox ESR 24.x before 24.8 and 31.x before 31.1, and Thunderbird 24.x before 24.8 and 31.x before 31.1 allows. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. No vendor patch available.

Mozilla RCE Firefox +2
NVD
EPSS 1% CVSS 10.0
CRITICAL Act Now

Unspecified vulnerability in the browser engine in Mozilla Firefox before 32.0, Firefox ESR 24.x before 24.8 and 31.x before 31.1, and Thunderbird 24.x before 24.8 and 31.x before 31.1 allows remote. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Mozilla Buffer Overflow +4
NVD
EPSS 2% CVSS 9.3
CRITICAL Act Now

The ConvolveHorizontally function in Skia, as used in Mozilla Firefox before 31.0, Firefox ESR 24.x before 24.7, and Thunderbird before 24.7, does not properly handle the discarding of image data. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. No vendor patch available.

RCE Mozilla Code Injection +5
NVD
EPSS 1% CVSS 9.3
CRITICAL Act Now

Mozilla Firefox before 31.0, Firefox ESR 24.x before 24.7, and Thunderbird before 24.7 allow remote attackers to execute arbitrary code via crafted WebGL content constructed with the Cesium. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. No vendor patch available.

RCE Mozilla Code Injection +3
NVD
EPSS 3% CVSS 9.3
CRITICAL Act Now

Use-after-free vulnerability in the nsDocLoader::OnProgress function in Mozilla Firefox before 31.0, Firefox ESR 24.x before 24.7, and Thunderbird before 24.7 allows remote attackers to execute. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. No vendor patch available.

Mozilla RCE Firefox +2
NVD
EPSS 5% CVSS 10.0
CRITICAL Act Now

Use-after-free vulnerability in the FontTableRec destructor in Mozilla Firefox before 31.0, Firefox ESR 24.x before 24.7, and Thunderbird before 24.7 on Windows allows remote attackers to execute. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Mozilla RCE Microsoft +3
NVD
Prev Page 5 of 6 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy