Mozilla
Monthly
Remote code execution in Mozilla Firefox versions prior to 149.0.2 stems from multiple memory safety bugs allowing unauthenticated network attackers to execute arbitrary code without user interaction. Mozilla confirmed memory corruption evidence across affected versions (Firefox 149.0.1 and Thunderbird 149.0.1), though Thunderbird patch status remains unconfirmed. CVSS 9.8 reflects maximum severity due to network-accessible attack vector with no complexity barriers. No public exploit identified at time of analysis, though the CWE-787 out-of-bounds write class has high weaponization potential once technical details emerge from linked Bugzilla entries.
Multiple memory corruption vulnerabilities in Mozilla Firefox (< 149.0.2) and Firefox ESR (< 140.9.1) enable unauthenticated remote code execution with critical CVSS 9.8 severity. These memory safety bugs-including CWE-787 out-of-bounds write issues-affect both standard and Extended Support Release channels, with Mozilla confirming evidence of memory corruption exploitable for arbitrary code execution. No active exploitation confirmed (not in CISA KEV) and no public exploit identified at time of analysis, though CVSS vector indicates network-accessible attack requiring no user interaction.
Buffer overflow in Firefox WebGPU implementation allows remote code execution when users interact with malicious web content. Affects all Firefox versions prior to 149.0.2. Network-based attack requires user interaction (visiting crafted webpage) but no authentication. CVSS 8.8 reflects high confidentiality, integrity, and availability impact. No public exploit identified at time of analysis, though Mozilla's rapid patch release suggests significant risk potential.
Integer overflow in Firefox and Firefox ESR text rendering engine allows remote attackers to achieve arbitrary code execution via specially crafted web content. Affects Firefox versions prior to 149.0.2 and Firefox ESR prior to 140.9.1. Attack requires user interaction (visiting malicious webpage) but no authentication. CVSS 8.8 (High severity). No public exploit identified at time of analysis, though the vulnerability class (integer overflow leading to buffer overflow) is well-understood and exploitable.
Remote code execution in Mozilla Firefox and Thunderbird via memory corruption vulnerabilities allows unauthenticated remote attackers to execute arbitrary code without user interaction. Affects Firefox <149.0.2, Firefox ESR <115.34.1, and Firefox ESR <140.9.1 across desktop platforms. With CVSS 9.8 (critical severity, network-accessible, no privileges required) and CWE-119 buffer overflow classification, this represents multiple memory safety bugs that Mozilla assessed could be exploited for arbitrary code execution. No public exploit identified at time of analysis; EPSS data not provided but critical browser vulnerabilities historically attract rapid exploitation interest.
XML injection in xmldom's CDATA serialization allows remote attackers to inject arbitrary markup into generated XML documents without authentication. The vulnerability affects both the legacy xmldom package and @xmldom/xmldom when applications embed untrusted input into CDATA sections. Attackers can break out of CDATA context by including the sequence ]]> in user-controlled strings, causing downstream XML consumers to parse injected elements as legitimate markup. Vendor-released patches are available in versions 0.8.12 and 0.9.9. EPSS data not provided; no confirmed active exploitation (CISA KEV status: not listed). Public proof-of-concept code exists in the GitHub security advisory.
Stored XSS in File Browser's EPUB preview function (versions ≤v2.62.1) allows authenticated attackers to steal JWT tokens and escalate privileges by uploading malicious EPUB files. The vulnerability arises from passing allowScriptedContent:true to the epub.js library combined with an ineffective iframe sandbox (allow-scripts + allow-same-origin), enabling JavaScript in crafted EPUBs to access parent frame localStorage. CVSS 7.6 (AV:N/AC:L/PR:L/UI:R/S:C). No public exploit identified at time of analysis beyond the detailed PoC in the advisory. EPSS data not available. Vendor-released patch available per GitHub advisory. Low-privilege users with file upload permissions can weaponize this to compromise administrator sessions.
Prototype pollution in convict npm package version 6.2.4 allows attackers to bypass previous security fixes and pollute Object.prototype through crafted input that manipulates String.prototype.startsWith. The vulnerability affects applications processing untrusted input via convict.set() and can lead to authentication bypass, denial of service, or remote code execution if polluted properties reach dangerous sinks like eval or child_process. A working proof-of-concept exploit demonstrating the bypass technique exists in the advisory.
Prototype pollution in Mozilla's node-convict configuration library allows attackers to inject properties into Object.prototype via two unguarded code paths: config.load()/loadFile() methods that fail to filter forbidden keys during recursive merge operations, and schema initialization accepting constructor.prototype.* keys during default-value propagation. Applications using node-convict (pkg:npm/convict) that process untrusted configuration data face impacts ranging from authentication bypass to remote code execution depending on how polluted properties propagate through the application. This represents an incomplete fix for prior prototype pollution issues (GHSA-44fc-8fm5-q62h), with no public exploit identified at time of analysis.
Thunderbird's mail parser fails to validate string length parameters, allowing a compromised mail server to trigger out-of-bounds memory reads through malformed email content. Affected users running versions prior to 149 and 140.9 could experience application crashes or disclosure of sensitive data from process memory. The vulnerability requires network access but no user interaction, though no patch is currently available.
A spoofing vulnerability exists in Mozilla Thunderbird that affects versions below 149 and below 140.9, allowing attackers to spoof email sources or identities. This vulnerability is classified as an information disclosure issue that could compromise email authentication and user trust. While specific CVSS and EPSS metrics are unavailable, the vulnerability warrants prompt patching as Mozilla has issued security advisories indicating active remediation efforts.
Multiple memory safety bugs affecting Firefox, Firefox ESR, and Thunderbird browsers present a critical remote code execution risk through memory corruption vulnerabilities. The affected versions include Firefox below 149, Firefox ESR below 115.34 and 140.9, Thunderbird ESR 140.8, Firefox 148, and Thunderbird 148. These memory safety issues demonstrate evidence of exploitable memory corruption that could allow attackers to execute arbitrary code on affected systems, though no public exploit or active KEV confirmation is currently documented.
Multiple memory safety bugs in Firefox 148 and Thunderbird 148 allow attackers to trigger memory corruption with potential for arbitrary code execution. Firefox versions prior to 149 are vulnerable, as confirmed by Mozilla security advisories. The vulnerability requires no user interaction beyond normal browsing and represents a critical elevation risk due to the presume-exploitable nature of the underlying memory corruption issues.
Multiple memory safety bugs affecting Firefox, Firefox ESR, Thunderbird, and Thunderbird ESR allow remote attackers to achieve arbitrary code execution through memory corruption vulnerabilities. Firefox versions prior to 149 and Firefox ESR versions prior to 140.9 are confirmed affected, with evidence suggesting these memory corruption issues could be exploited under sufficient effort. The vulnerability class encompasses buffer overflow and memory safety defects that demonstrate exploitation potential, though no active public exploitation has been documented at this time.
A boundary condition vulnerability exists in Firefox's Graphics Text component that allows information disclosure through incorrect memory handling during text rendering operations. This affects Firefox versions below 149 and Firefox ESR versions below 140.9, potentially enabling attackers to read sensitive data from adjacent memory regions. No active exploitation in the wild has been confirmed, but the vulnerability warrants prompt patching given its information disclosure impact.
An undefined behavior vulnerability exists in the WebRTC Signaling component of Mozilla Firefox and Firefox ESR, potentially leading to information disclosure. This affects Firefox versions below 149 and Firefox ESR versions below 140.9. An attacker can exploit this through WebRTC signaling interactions to disclose sensitive information, though specific exploitation details remain limited in public disclosures.
A spoofing vulnerability exists in Firefox's Privacy: Anti-Tracking component that allows attackers to deceive users or bypass security mechanisms through fraudulent representation. Firefox versions prior to 149 are affected. While specific exploit details are limited in available intelligence, the spoofing nature suggests attackers could impersonate legitimate content or services, potentially leading to credential theft, phishing success, or privacy compromise. No CVSS score, EPSS data, or confirmed KEV status is currently available, limiting real-time risk quantification.
Mozilla NSS Libraries contain a denial-of-service vulnerability affecting Firefox versions below 149 that allows unauthenticated remote attackers to crash affected systems without requiring user interaction. The flaw stems from improper resource handling and currently lacks an available patch. Given the high CVSS score of 7.5 and network-based attack vector, this poses significant availability risk to Mozilla Firefox users.
Firefox versions below 149 are vulnerable to a resource exhaustion attack through malformed XML processing that an unauthenticated attacker can trigger remotely without user interaction. This denial-of-service vulnerability allows attackers to crash affected Firefox instances or degrade performance. No patch is currently available for this vulnerability.
Firefox's Netmonitor component contains a privilege escalation vulnerability that affects versions prior to 149 (ESR < 140.9), allowing unauthenticated attackers to gain elevated privileges through network-accessible attack vectors with no user interaction required. This critical flaw (CVSS 9.8) enables complete system compromise including confidentiality, integrity, and availability violations, with no patch currently available.
Mozilla Firefox versions below 149 and Firefox ESR below 140.9 contain memory safety flaws in the JavaScript Engine that enable remote code execution and denial of service attacks without user interaction or special privileges. An unauthenticated attacker can exploit improper boundary condition handling and uninitialized memory to achieve high-impact confidentiality violations and system availability disruption. No patch is currently available.
An uninitialized memory vulnerability exists in Firefox and Firefox ESR's Graphics Canvas2D component that can lead to information disclosure. Firefox versions prior to 149 and Firefox ESR versions prior to 140.9 are affected. An attacker can exploit this by crafting malicious Canvas2D operations to read uninitialized memory contents from the graphics rendering pipeline, potentially exposing sensitive data from the browser process.
An incorrect boundary condition vulnerability exists in the Audio/Video component of Mozilla Firefox and Firefox ESR, allowing potential information disclosure through improper memory handling. Firefox versions below 149 and Firefox ESR versions below 140.9 are affected. An attacker may exploit this vulnerability to leak sensitive information from the browser process memory by triggering specific audio or video processing operations, though active exploitation status is not confirmed at this time.
An incorrect boundary condition vulnerability exists in the Graphics component of Mozilla Firefox and Firefox ESR, allowing information disclosure through improper memory access. Firefox versions below 149 and Firefox ESR versions below 140.9 are affected. An attacker can exploit this vulnerability to read sensitive information from memory by triggering the boundary condition in graphics processing operations.
An information disclosure vulnerability exists in the Widget: Cocoa component of Mozilla Firefox and Firefox ESR, allowing attackers to access sensitive information through the affected rendering engine. Firefox versions prior to 149 and Firefox ESR versions prior to 140.9 are vulnerable. The vulnerability permits unauthorized information leakage, though the specific attack mechanism and data exposure scope require analysis of the referenced Mozilla security advisories.
Unauthenticated remote attackers can escape the Firefox sandbox through a use-after-free vulnerability in the Canvas2D graphics component, allowing arbitrary code execution on affected systems running Firefox versions prior to 149. The vulnerability requires no user interaction and impacts the entire system due to its critical severity and CVSS score of 10.0. No patch is currently available for this actively exploitable flaw.
A use-after-free vulnerability in Firefox's Cocoa widget component allows remote code execution without user interaction or special privileges, affecting Firefox versions below 149 and ESR below 140.9. An attacker can exploit this memory corruption flaw over the network to achieve complete system compromise with high confidentiality, integrity, and availability impact. No patch is currently available.
An incorrect boundary conditions vulnerability exists in Firefox and Firefox ESR's Audio/Video component that enables information disclosure attacks. Firefox versions below 149 and Firefox ESR versions below 140.9 are affected. Attackers can exploit improper boundary validation in audio/video processing to leak sensitive information from the browser process.
A boundary condition vulnerability exists in Firefox's Audio/Video GMP (Gecko Media Plugin) component that enables information disclosure to attackers. This flaw affects Firefox versions below 149, Firefox ESR below 115.34, and Firefox ESR below 140.9. An attacker can exploit incorrect boundary condition handling in media processing to disclose sensitive information from the affected browser process.
A boundary condition error in Firefox's Graphics component allows information disclosure through improper memory access validation. This vulnerability affects Firefox versions below 149 and Firefox ESR versions below 140.9, enabling attackers to read sensitive memory contents from the graphics processing context. While no CVSS score or EPSS data is currently available, the vulnerability is documented across multiple Mozilla security advisories indicating active awareness by the vendor.
A boundary condition vulnerability exists in Mozilla Firefox's Graphics Canvas2D component that enables information disclosure attacks. The vulnerability affects Firefox versions below 149, Firefox ESR below 115.34, and Firefox ESR below 140.9. An attacker can exploit incorrect boundary condition handling in Canvas2D operations to read sensitive data from memory, potentially disclosing user information or browser-internal data through a web-based attack vector.
This vulnerability involves incorrect boundary conditions in the Firefox Graphics Canvas2D component that can lead to information disclosure. The vulnerability affects Firefox versions prior to 149, Firefox ESR versions prior to 115.34, and Firefox ESR versions prior to 140.9. An attacker can exploit this flaw to access sensitive memory information through specially crafted Canvas2D operations, potentially exposing user data or system information.
An undefined behavior vulnerability exists in the WebRTC Signaling component of Mozilla Firefox and Firefox ESR, potentially enabling information disclosure attacks. Firefox versions prior to 149 and Firefox ESR versions prior to 140.9 are affected. While specific exploitation mechanics are not fully detailed in available public sources, the vulnerability is classified as an information disclosure issue that could allow attackers to extract sensitive data through malformed WebRTC signaling messages.
Mozilla Firefox versions prior to 149 and Firefox ESR prior to 140.9 are vulnerable to denial-of-service attacks through the WebRTC signaling component, which an unauthenticated remote attacker can exploit without user interaction to crash affected browsers. The vulnerability stems from improper resource handling and currently has no available patch, leaving users of affected versions at risk of service disruption.
An undefined behavior vulnerability exists in the Firefox Audio/Video component that could lead to information disclosure. This affects all Firefox versions prior to 149. While specific exploitation details are limited due to missing CVSS and CWE data, the vulnerability's classification as information disclosure suggests an attacker could potentially access sensitive audio or video processing data or bypass security boundaries within the multimedia subsystem.
Firefox versions prior to 149 contain a use-after-free vulnerability in the JavaScript engine that allows unauthenticated remote attackers to achieve arbitrary code execution with no user interaction required. The vulnerability affects all Firefox users and can be exploited over the network to gain complete control over an affected system. No patch is currently available.
A JIT (Just-In-Time) compilation miscompilation vulnerability exists in Firefox's JavaScript Engine that can lead to information disclosure. This affects Firefox versions below 149 and Firefox ESR versions below 140.9. An attacker can exploit this vulnerability through malicious JavaScript code to potentially disclose sensitive information from the browser's memory or process space.
Firefox versions prior to 149 contain a privilege escalation vulnerability in the IPC component that allows remote attackers to escalate privileges through user interaction on affected systems. An attacker can exploit this flaw to gain elevated system access and potentially execute arbitrary code with higher privileges. No patch is currently available for this high-severity vulnerability affecting Mozilla and Debian users.
Mozilla Firefox versions below 149 (and ESR versions below 140.9) contain a use-after-free vulnerability in the JavaScript Engine that enables unauthenticated remote attackers to achieve arbitrary code execution without user interaction. The memory corruption flaw allows complete compromise of affected systems through network-based attacks. No patch is currently available for this critical vulnerability.
This vulnerability is a mitigation bypass in Firefox's HTTP networking component that allows attackers to circumvent existing security controls. Firefox versions below 149 and Firefox ESR versions below 140.9 are affected, enabling attackers to bypass authentication or other HTTP-level protections. While specific CVSS and EPSS scores are not provided, the mitigation bypass classification and Mozilla's issuance of security advisories indicate this requires prompt patching.
A boundary condition vulnerability exists in Firefox's Layout: Text and Fonts component that can lead to information disclosure. This affects Firefox versions below 149, Firefox ESR versions below 115.34, and Firefox ESR versions below 140.9. An attacker could exploit incorrect boundary handling in text and font rendering to potentially disclose sensitive information from memory, though specific exploitation details and active exploitation status are not publicly documented in the available intelligence.
A JIT miscompilation vulnerability exists in Firefox's JavaScript engine that can lead to information disclosure. This affects Firefox versions below 149, Firefox ESR below 115.34, and Firefox ESR below 140.9. An attacker can exploit this flaw through malicious JavaScript to extract sensitive information from the browser's memory, potentially compromising user data and system security.
A boundary condition vulnerability exists in Firefox and Firefox ESR's Audio/Video Web Codecs component that allows information disclosure. The vulnerability affects Firefox versions prior to 149 and Firefox ESR versions prior to 140.9. An attacker can exploit this flaw to disclose sensitive information, potentially leveraging web-based attack vectors without requiring elevated privileges.
Unauthenticated remote attackers can achieve arbitrary code execution through a use-after-free memory corruption vulnerability in Firefox's text and font rendering engine, affecting Firefox versions below 149, ESR below 115.34, and ESR below 140.9. The vulnerability requires no user interaction or special privileges and allows complete compromise of confidentiality, integrity, and availability. No patch is currently available.
A boundary condition vulnerability exists in Firefox's Audio/Video Web Codecs component that allows information disclosure to attackers. Firefox versions prior to 149 and Firefox ESR versions prior to 140.9 are affected. An attacker can exploit incorrect boundary condition handling in codec processing to read sensitive memory contents or application state.
A boundary condition vulnerability combined with an integer overflow flaw exists in the Graphics component of Mozilla Firefox, affecting Firefox versions prior to 149, Firefox ESR versions prior to 115.34, and Firefox ESR versions prior to 140.9. This vulnerability could allow an attacker to trigger a buffer overflow through specially crafted graphics data, potentially leading to memory corruption and arbitrary code execution. While no CVSS score or EPSS data is currently available, the Mozilla security advisories confirm the vulnerability affects multiple product lines across different release channels.
An incorrect boundary condition vulnerability exists in the Audio/Video playback component of Mozilla Firefox, affecting Firefox versions below 149, Firefox ESR below 115.34, and Firefox ESR below 140.9. This flaw enables information disclosure through improper memory boundary handling during media playback operations. While specific exploit details and CVSS metrics are not publicly disclosed, the vulnerability is categorized as an information disclosure issue affecting all three Firefox release channels.
A sandbox escape vulnerability exists in Firefox's Responsive Design Mode component that allows attackers to break out of the browser's security sandbox and access sensitive information. This affects Firefox versions prior to 149, Firefox ESR prior to 115.34, and Firefox ESR prior to 140.9. An attacker can exploit this vulnerability to disclose information by circumventing the sandbox restrictions that normally isolate web content from the browser's privileged context.
Critical use-after-free in Mozilla Firefox's CSS parsing engine enables unauthenticated remote code execution with no user interaction required, affecting Firefox versions below 149, ESR 115.34, and ESR 140.9. An attacker can exploit this memory corruption vulnerability by crafting a malicious web page that triggers the vulnerability when rendered, achieving full system compromise. No patch is currently available.
A sandbox escape vulnerability exists in Mozilla Firefox due to incorrect boundary conditions and integer overflow within the XPCOM component, allowing attackers to break out of the browser's security sandbox and potentially execute arbitrary code with elevated privileges. Firefox versions below 149, Firefox ESR below 115.34, and Firefox ESR below 140.9 are affected. An attacker capable of triggering the integer overflow in XPCOM can exploit the boundary condition flaw to escape the sandbox, potentially leading to full system compromise depending on browser privilege level and operating system context.
A sandbox escape vulnerability exists in Firefox's XPCOM component due to incorrect boundary conditions and integer overflow, allowing attackers to bypass security sandboxing mechanisms. This affects Firefox versions below 149, Firefox ESR below 115.34, and Firefox ESR below 140.9. An attacker can exploit this flaw to escape the browser sandbox and potentially execute arbitrary code with elevated privileges on the affected system.
Sandbox escape in Mozilla Firefox's Disability Access APIs component due to a use-after-free memory vulnerability allows unauthenticated remote attackers to execute arbitrary code with full system compromise. Firefox versions below 149 and Firefox ESR below 140.9 are affected, with no patch currently available. The vulnerability is exploitable over the network without user interaction, presenting critical risk to all affected users.
A sandbox escape vulnerability exists in Firefox's Telemetry component due to incorrect boundary condition handling, allowing attackers to potentially break out of the browser sandbox and access system resources or sensitive data. This affects Firefox versions below 149, Firefox ESR below 115.34, and Firefox ESR below 140.9. The vulnerability enables information disclosure and potentially arbitrary code execution by circumventing the sandbox isolation mechanism that normally restricts browser processes.
An incorrect boundary condition vulnerability exists in Firefox's Graphics Canvas2D component that can lead to information disclosure. This affects Firefox versions prior to 149, Firefox ESR versions prior to 115.34, and Firefox ESR versions prior to 140.9. An attacker can exploit this boundary condition issue to disclose sensitive information through crafted Canvas2D operations, though no active exploitation or public proof-of-concept has been reported at this time.
This vulnerability involves incorrect boundary conditions in Firefox's Graphics Canvas2D component that enables information disclosure. Firefox versions prior to 149, Firefox ESR prior to 115.34, and Firefox ESR prior to 140.9 are affected. An attacker can leverage improper boundary validation in Canvas2D operations to read sensitive information from memory that should not be accessible through normal web content restrictions.
Mozilla Firefox's WebRender graphics component contains a race condition and use-after-free vulnerability that enables remote code execution when a user visits a malicious webpage. The flaw affects Firefox versions prior to 149, Firefox ESR versions before 115.34 and 140.9, and requires user interaction to trigger. No patch is currently available for this high-severity issue.
Mozilla's Embed extension contains a domain allowlist bypass in the DomainFilteringAdapter due to insufficient hostname boundary validation in its regex pattern, allowing attacker-controlled domains like youtube.com.evil to pass validation checks for youtube.com. This vulnerability enables Server-Side Request Forgery attacks via the OscaroteroEmbedAdapter to probe internal services, and Cross-Site Scripting attacks through unsanitized oEmbed HTML responses returned by compromised domains. No patch is currently available for this medium-severity flaw.
A Server-Side Request Forgery (SSRF) vulnerability in AVideo's LiveLinks proxy endpoint allows unauthenticated attackers to access internal services and cloud metadata by exploiting missing validation on HTTP redirect targets. The vulnerability enables attackers to bypass initial URL validation through a malicious redirect, potentially exposing AWS/GCP/Azure instance metadata including IAM credentials. A detailed proof-of-concept is available and a patch has been released by the vendor.
AnythingLLM versions 1.11.1 and earlier contain an authentication bypass vulnerability on default installations where the application's HTTP endpoints and WebSocket connections lack proper authentication and accept requests from any origin. While rated CVSS 7.1, exploitation is limited to attackers on the same local network due to browser Private Network Access (PNA) protections, making this a medium-priority issue for most deployments.
Firefox's CSS parsing engine fails to properly enforce same-origin policy restrictions, allowing attackers to perform unauthorized modifications to web content across different origins through user interaction. Versions prior to 148.0.2 are affected, and the vulnerability requires user engagement to exploit. No patch is currently available, leaving vulnerable installations at risk of data integrity attacks.
Uninitialized memory read in Firefox Graphics Text component before 148. Text rendering may expose uninitialized memory contents.
Invalid pointer in Firefox DOM Core & HTML before 148. Incorrect pointer computation leads to memory access errors.
Improper boundary condition handling in the JavaScript/WebAssembly engine of Firefox and Thunderbird before version 148 enables remote denial of service attacks without requiring user interaction or privileges. An attacker can crash affected applications or cause service unavailability by sending specially crafted content. No patch is currently available.
JIT miscompilation in Firefox WebAssembly before 148. The JIT compiler generates incorrect Wasm code, enabling type confusion. PoC available.
Cache-based mitigation bypass in Firefox Networking before 148. Caching mechanism can be exploited to bypass security mitigations.
Same-origin policy bypass in Firefox Networking JAR component before 148. Allows cross-origin data access through JAR protocol handling.
Invalid pointer in Firefox JavaScript Engine before 148. Incorrect pointer computation leads to memory corruption.
DOM Security mitigation bypass in Firefox before 148. Security mechanisms protecting DOM operations can be circumvented.
Integer overflow in Firefox NSS (Network Security Services) Libraries component before 148. Overflow in the cryptographic library could affect TLS and certificate operations.
Boundary error in Firefox Networking JAR component before 148. Processing JAR (Java Archive) content triggers memory corruption.
Sandbox escape via DOM Core & HTML component in Firefox before 148. CVSS 10.0 — fifth sandbox escape in this release.
HTML parser mitigation bypass in Firefox DOM before 148. Bypasses content sanitization protections via alternate authentication path in the HTML parser.
Boundary error in Firefox Web Audio component before 148. Crafted audio processing triggers memory corruption.
Undefined behavior in Firefox DOM Core & HTML component before 148. Can lead to memory corruption and potential code execution.
Boundary violation in Firefox ImageLib graphics component before 148 enables memory corruption through crafted images.
Boundary violation in Firefox WebRTC Audio/Video component before 148 allows remote code execution through crafted WebRTC media streams.
Thunderbird's inline OpenPGP message decryption can leak secret email contents through CSS style injection when remote content loading is enabled, allowing attackers to extract decrypted plaintext via crafted email formatting. This affects Thunderbird versions before 147.0.1 and 140.7.1, requiring user interaction to trigger the vulnerability. No patch is currently available.
Firefox's Anti-Tracking privacy protection can be bypassed by unauthenticated remote attackers through user interaction, potentially allowing tracking mechanisms to function despite enabled privacy protections. The vulnerability affects Firefox versions below 147.0.2 and currently has no available patch. An attacker could exploit this to circumvent Firefox's tracking prevention features and monitor user activity.
DOM spoofing in Mozilla Firefox and Thunderbird's copy, paste, and drag-and-drop functionality allows unauthenticated attackers to deceive users into performing unintended actions through crafted content. The vulnerability affects Firefox versions below 147 and ESR versions below 140.7, as well as Thunderbird versions below 147 and 140.7, requiring user interaction to exploit. No patch is currently available.
Service Workers in Mozilla Firefox and Thunderbird versions below 147 are vulnerable to remote denial-of-service attacks that require no user interaction or authentication. An unauthenticated attacker can crash affected applications over the network, and public exploit code exists for this vulnerability. Currently no patch is available for remediation.
Incorrect boundary condition validation in Firefox and Thunderbird's WebGL graphics component allows attackers to escape the sandbox and potentially execute arbitrary code through a crafted web page or malicious content. The vulnerability affects Firefox versions below 147, Firefox ESR below 140.7, Thunderbird below 147, and Thunderbird ESR below 140.7, and requires user interaction to exploit. No patch is currently available.
DOM security bypass in Firefox and Thunderbird allows remote attackers to circumvent protective mitigations through user interaction, affecting multiple versions across both products. An attacker can exploit this to achieve high-impact compromise of confidentiality and integrity without requiring authentication. Currently no patch is available for affected users.
Ray is an AI compute engine. Rated critical severity (CVSS 9.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Memory safety bugs present in Firefox 144 and Thunderbird 144. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.
Sandbox escape due to incorrect boundary conditions in the Graphics: WebGPU component. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Incorrect boundary conditions in the Graphics: WebGPU component. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
JIT miscompilation in the JavaScript Engine: JIT component. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Sandbox escape due to incorrect boundary conditions in the Graphics: WebGPU component. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Incorrect boundary conditions in the Graphics: WebGPU component. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Incorrect boundary conditions in the Graphics: WebGPU component. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Remote code execution in Mozilla Firefox versions prior to 149.0.2 stems from multiple memory safety bugs allowing unauthenticated network attackers to execute arbitrary code without user interaction. Mozilla confirmed memory corruption evidence across affected versions (Firefox 149.0.1 and Thunderbird 149.0.1), though Thunderbird patch status remains unconfirmed. CVSS 9.8 reflects maximum severity due to network-accessible attack vector with no complexity barriers. No public exploit identified at time of analysis, though the CWE-787 out-of-bounds write class has high weaponization potential once technical details emerge from linked Bugzilla entries.
Multiple memory corruption vulnerabilities in Mozilla Firefox (< 149.0.2) and Firefox ESR (< 140.9.1) enable unauthenticated remote code execution with critical CVSS 9.8 severity. These memory safety bugs-including CWE-787 out-of-bounds write issues-affect both standard and Extended Support Release channels, with Mozilla confirming evidence of memory corruption exploitable for arbitrary code execution. No active exploitation confirmed (not in CISA KEV) and no public exploit identified at time of analysis, though CVSS vector indicates network-accessible attack requiring no user interaction.
Buffer overflow in Firefox WebGPU implementation allows remote code execution when users interact with malicious web content. Affects all Firefox versions prior to 149.0.2. Network-based attack requires user interaction (visiting crafted webpage) but no authentication. CVSS 8.8 reflects high confidentiality, integrity, and availability impact. No public exploit identified at time of analysis, though Mozilla's rapid patch release suggests significant risk potential.
Integer overflow in Firefox and Firefox ESR text rendering engine allows remote attackers to achieve arbitrary code execution via specially crafted web content. Affects Firefox versions prior to 149.0.2 and Firefox ESR prior to 140.9.1. Attack requires user interaction (visiting malicious webpage) but no authentication. CVSS 8.8 (High severity). No public exploit identified at time of analysis, though the vulnerability class (integer overflow leading to buffer overflow) is well-understood and exploitable.
Remote code execution in Mozilla Firefox and Thunderbird via memory corruption vulnerabilities allows unauthenticated remote attackers to execute arbitrary code without user interaction. Affects Firefox <149.0.2, Firefox ESR <115.34.1, and Firefox ESR <140.9.1 across desktop platforms. With CVSS 9.8 (critical severity, network-accessible, no privileges required) and CWE-119 buffer overflow classification, this represents multiple memory safety bugs that Mozilla assessed could be exploited for arbitrary code execution. No public exploit identified at time of analysis; EPSS data not provided but critical browser vulnerabilities historically attract rapid exploitation interest.
XML injection in xmldom's CDATA serialization allows remote attackers to inject arbitrary markup into generated XML documents without authentication. The vulnerability affects both the legacy xmldom package and @xmldom/xmldom when applications embed untrusted input into CDATA sections. Attackers can break out of CDATA context by including the sequence ]]> in user-controlled strings, causing downstream XML consumers to parse injected elements as legitimate markup. Vendor-released patches are available in versions 0.8.12 and 0.9.9. EPSS data not provided; no confirmed active exploitation (CISA KEV status: not listed). Public proof-of-concept code exists in the GitHub security advisory.
Stored XSS in File Browser's EPUB preview function (versions ≤v2.62.1) allows authenticated attackers to steal JWT tokens and escalate privileges by uploading malicious EPUB files. The vulnerability arises from passing allowScriptedContent:true to the epub.js library combined with an ineffective iframe sandbox (allow-scripts + allow-same-origin), enabling JavaScript in crafted EPUBs to access parent frame localStorage. CVSS 7.6 (AV:N/AC:L/PR:L/UI:R/S:C). No public exploit identified at time of analysis beyond the detailed PoC in the advisory. EPSS data not available. Vendor-released patch available per GitHub advisory. Low-privilege users with file upload permissions can weaponize this to compromise administrator sessions.
Prototype pollution in convict npm package version 6.2.4 allows attackers to bypass previous security fixes and pollute Object.prototype through crafted input that manipulates String.prototype.startsWith. The vulnerability affects applications processing untrusted input via convict.set() and can lead to authentication bypass, denial of service, or remote code execution if polluted properties reach dangerous sinks like eval or child_process. A working proof-of-concept exploit demonstrating the bypass technique exists in the advisory.
Prototype pollution in Mozilla's node-convict configuration library allows attackers to inject properties into Object.prototype via two unguarded code paths: config.load()/loadFile() methods that fail to filter forbidden keys during recursive merge operations, and schema initialization accepting constructor.prototype.* keys during default-value propagation. Applications using node-convict (pkg:npm/convict) that process untrusted configuration data face impacts ranging from authentication bypass to remote code execution depending on how polluted properties propagate through the application. This represents an incomplete fix for prior prototype pollution issues (GHSA-44fc-8fm5-q62h), with no public exploit identified at time of analysis.
Thunderbird's mail parser fails to validate string length parameters, allowing a compromised mail server to trigger out-of-bounds memory reads through malformed email content. Affected users running versions prior to 149 and 140.9 could experience application crashes or disclosure of sensitive data from process memory. The vulnerability requires network access but no user interaction, though no patch is currently available.
A spoofing vulnerability exists in Mozilla Thunderbird that affects versions below 149 and below 140.9, allowing attackers to spoof email sources or identities. This vulnerability is classified as an information disclosure issue that could compromise email authentication and user trust. While specific CVSS and EPSS metrics are unavailable, the vulnerability warrants prompt patching as Mozilla has issued security advisories indicating active remediation efforts.
Multiple memory safety bugs affecting Firefox, Firefox ESR, and Thunderbird browsers present a critical remote code execution risk through memory corruption vulnerabilities. The affected versions include Firefox below 149, Firefox ESR below 115.34 and 140.9, Thunderbird ESR 140.8, Firefox 148, and Thunderbird 148. These memory safety issues demonstrate evidence of exploitable memory corruption that could allow attackers to execute arbitrary code on affected systems, though no public exploit or active KEV confirmation is currently documented.
Multiple memory safety bugs in Firefox 148 and Thunderbird 148 allow attackers to trigger memory corruption with potential for arbitrary code execution. Firefox versions prior to 149 are vulnerable, as confirmed by Mozilla security advisories. The vulnerability requires no user interaction beyond normal browsing and represents a critical elevation risk due to the presume-exploitable nature of the underlying memory corruption issues.
Multiple memory safety bugs affecting Firefox, Firefox ESR, Thunderbird, and Thunderbird ESR allow remote attackers to achieve arbitrary code execution through memory corruption vulnerabilities. Firefox versions prior to 149 and Firefox ESR versions prior to 140.9 are confirmed affected, with evidence suggesting these memory corruption issues could be exploited under sufficient effort. The vulnerability class encompasses buffer overflow and memory safety defects that demonstrate exploitation potential, though no active public exploitation has been documented at this time.
A boundary condition vulnerability exists in Firefox's Graphics Text component that allows information disclosure through incorrect memory handling during text rendering operations. This affects Firefox versions below 149 and Firefox ESR versions below 140.9, potentially enabling attackers to read sensitive data from adjacent memory regions. No active exploitation in the wild has been confirmed, but the vulnerability warrants prompt patching given its information disclosure impact.
An undefined behavior vulnerability exists in the WebRTC Signaling component of Mozilla Firefox and Firefox ESR, potentially leading to information disclosure. This affects Firefox versions below 149 and Firefox ESR versions below 140.9. An attacker can exploit this through WebRTC signaling interactions to disclose sensitive information, though specific exploitation details remain limited in public disclosures.
A spoofing vulnerability exists in Firefox's Privacy: Anti-Tracking component that allows attackers to deceive users or bypass security mechanisms through fraudulent representation. Firefox versions prior to 149 are affected. While specific exploit details are limited in available intelligence, the spoofing nature suggests attackers could impersonate legitimate content or services, potentially leading to credential theft, phishing success, or privacy compromise. No CVSS score, EPSS data, or confirmed KEV status is currently available, limiting real-time risk quantification.
Mozilla NSS Libraries contain a denial-of-service vulnerability affecting Firefox versions below 149 that allows unauthenticated remote attackers to crash affected systems without requiring user interaction. The flaw stems from improper resource handling and currently lacks an available patch. Given the high CVSS score of 7.5 and network-based attack vector, this poses significant availability risk to Mozilla Firefox users.
Firefox versions below 149 are vulnerable to a resource exhaustion attack through malformed XML processing that an unauthenticated attacker can trigger remotely without user interaction. This denial-of-service vulnerability allows attackers to crash affected Firefox instances or degrade performance. No patch is currently available for this vulnerability.
Firefox's Netmonitor component contains a privilege escalation vulnerability that affects versions prior to 149 (ESR < 140.9), allowing unauthenticated attackers to gain elevated privileges through network-accessible attack vectors with no user interaction required. This critical flaw (CVSS 9.8) enables complete system compromise including confidentiality, integrity, and availability violations, with no patch currently available.
Mozilla Firefox versions below 149 and Firefox ESR below 140.9 contain memory safety flaws in the JavaScript Engine that enable remote code execution and denial of service attacks without user interaction or special privileges. An unauthenticated attacker can exploit improper boundary condition handling and uninitialized memory to achieve high-impact confidentiality violations and system availability disruption. No patch is currently available.
An uninitialized memory vulnerability exists in Firefox and Firefox ESR's Graphics Canvas2D component that can lead to information disclosure. Firefox versions prior to 149 and Firefox ESR versions prior to 140.9 are affected. An attacker can exploit this by crafting malicious Canvas2D operations to read uninitialized memory contents from the graphics rendering pipeline, potentially exposing sensitive data from the browser process.
An incorrect boundary condition vulnerability exists in the Audio/Video component of Mozilla Firefox and Firefox ESR, allowing potential information disclosure through improper memory handling. Firefox versions below 149 and Firefox ESR versions below 140.9 are affected. An attacker may exploit this vulnerability to leak sensitive information from the browser process memory by triggering specific audio or video processing operations, though active exploitation status is not confirmed at this time.
An incorrect boundary condition vulnerability exists in the Graphics component of Mozilla Firefox and Firefox ESR, allowing information disclosure through improper memory access. Firefox versions below 149 and Firefox ESR versions below 140.9 are affected. An attacker can exploit this vulnerability to read sensitive information from memory by triggering the boundary condition in graphics processing operations.
An information disclosure vulnerability exists in the Widget: Cocoa component of Mozilla Firefox and Firefox ESR, allowing attackers to access sensitive information through the affected rendering engine. Firefox versions prior to 149 and Firefox ESR versions prior to 140.9 are vulnerable. The vulnerability permits unauthorized information leakage, though the specific attack mechanism and data exposure scope require analysis of the referenced Mozilla security advisories.
Unauthenticated remote attackers can escape the Firefox sandbox through a use-after-free vulnerability in the Canvas2D graphics component, allowing arbitrary code execution on affected systems running Firefox versions prior to 149. The vulnerability requires no user interaction and impacts the entire system due to its critical severity and CVSS score of 10.0. No patch is currently available for this actively exploitable flaw.
A use-after-free vulnerability in Firefox's Cocoa widget component allows remote code execution without user interaction or special privileges, affecting Firefox versions below 149 and ESR below 140.9. An attacker can exploit this memory corruption flaw over the network to achieve complete system compromise with high confidentiality, integrity, and availability impact. No patch is currently available.
An incorrect boundary conditions vulnerability exists in Firefox and Firefox ESR's Audio/Video component that enables information disclosure attacks. Firefox versions below 149 and Firefox ESR versions below 140.9 are affected. Attackers can exploit improper boundary validation in audio/video processing to leak sensitive information from the browser process.
A boundary condition vulnerability exists in Firefox's Audio/Video GMP (Gecko Media Plugin) component that enables information disclosure to attackers. This flaw affects Firefox versions below 149, Firefox ESR below 115.34, and Firefox ESR below 140.9. An attacker can exploit incorrect boundary condition handling in media processing to disclose sensitive information from the affected browser process.
A boundary condition error in Firefox's Graphics component allows information disclosure through improper memory access validation. This vulnerability affects Firefox versions below 149 and Firefox ESR versions below 140.9, enabling attackers to read sensitive memory contents from the graphics processing context. While no CVSS score or EPSS data is currently available, the vulnerability is documented across multiple Mozilla security advisories indicating active awareness by the vendor.
A boundary condition vulnerability exists in Mozilla Firefox's Graphics Canvas2D component that enables information disclosure attacks. The vulnerability affects Firefox versions below 149, Firefox ESR below 115.34, and Firefox ESR below 140.9. An attacker can exploit incorrect boundary condition handling in Canvas2D operations to read sensitive data from memory, potentially disclosing user information or browser-internal data through a web-based attack vector.
This vulnerability involves incorrect boundary conditions in the Firefox Graphics Canvas2D component that can lead to information disclosure. The vulnerability affects Firefox versions prior to 149, Firefox ESR versions prior to 115.34, and Firefox ESR versions prior to 140.9. An attacker can exploit this flaw to access sensitive memory information through specially crafted Canvas2D operations, potentially exposing user data or system information.
An undefined behavior vulnerability exists in the WebRTC Signaling component of Mozilla Firefox and Firefox ESR, potentially enabling information disclosure attacks. Firefox versions prior to 149 and Firefox ESR versions prior to 140.9 are affected. While specific exploitation mechanics are not fully detailed in available public sources, the vulnerability is classified as an information disclosure issue that could allow attackers to extract sensitive data through malformed WebRTC signaling messages.
Mozilla Firefox versions prior to 149 and Firefox ESR prior to 140.9 are vulnerable to denial-of-service attacks through the WebRTC signaling component, which an unauthenticated remote attacker can exploit without user interaction to crash affected browsers. The vulnerability stems from improper resource handling and currently has no available patch, leaving users of affected versions at risk of service disruption.
An undefined behavior vulnerability exists in the Firefox Audio/Video component that could lead to information disclosure. This affects all Firefox versions prior to 149. While specific exploitation details are limited due to missing CVSS and CWE data, the vulnerability's classification as information disclosure suggests an attacker could potentially access sensitive audio or video processing data or bypass security boundaries within the multimedia subsystem.
Firefox versions prior to 149 contain a use-after-free vulnerability in the JavaScript engine that allows unauthenticated remote attackers to achieve arbitrary code execution with no user interaction required. The vulnerability affects all Firefox users and can be exploited over the network to gain complete control over an affected system. No patch is currently available.
A JIT (Just-In-Time) compilation miscompilation vulnerability exists in Firefox's JavaScript Engine that can lead to information disclosure. This affects Firefox versions below 149 and Firefox ESR versions below 140.9. An attacker can exploit this vulnerability through malicious JavaScript code to potentially disclose sensitive information from the browser's memory or process space.
Firefox versions prior to 149 contain a privilege escalation vulnerability in the IPC component that allows remote attackers to escalate privileges through user interaction on affected systems. An attacker can exploit this flaw to gain elevated system access and potentially execute arbitrary code with higher privileges. No patch is currently available for this high-severity vulnerability affecting Mozilla and Debian users.
Mozilla Firefox versions below 149 (and ESR versions below 140.9) contain a use-after-free vulnerability in the JavaScript Engine that enables unauthenticated remote attackers to achieve arbitrary code execution without user interaction. The memory corruption flaw allows complete compromise of affected systems through network-based attacks. No patch is currently available for this critical vulnerability.
This vulnerability is a mitigation bypass in Firefox's HTTP networking component that allows attackers to circumvent existing security controls. Firefox versions below 149 and Firefox ESR versions below 140.9 are affected, enabling attackers to bypass authentication or other HTTP-level protections. While specific CVSS and EPSS scores are not provided, the mitigation bypass classification and Mozilla's issuance of security advisories indicate this requires prompt patching.
A boundary condition vulnerability exists in Firefox's Layout: Text and Fonts component that can lead to information disclosure. This affects Firefox versions below 149, Firefox ESR versions below 115.34, and Firefox ESR versions below 140.9. An attacker could exploit incorrect boundary handling in text and font rendering to potentially disclose sensitive information from memory, though specific exploitation details and active exploitation status are not publicly documented in the available intelligence.
A JIT miscompilation vulnerability exists in Firefox's JavaScript engine that can lead to information disclosure. This affects Firefox versions below 149, Firefox ESR below 115.34, and Firefox ESR below 140.9. An attacker can exploit this flaw through malicious JavaScript to extract sensitive information from the browser's memory, potentially compromising user data and system security.
A boundary condition vulnerability exists in Firefox and Firefox ESR's Audio/Video Web Codecs component that allows information disclosure. The vulnerability affects Firefox versions prior to 149 and Firefox ESR versions prior to 140.9. An attacker can exploit this flaw to disclose sensitive information, potentially leveraging web-based attack vectors without requiring elevated privileges.
Unauthenticated remote attackers can achieve arbitrary code execution through a use-after-free memory corruption vulnerability in Firefox's text and font rendering engine, affecting Firefox versions below 149, ESR below 115.34, and ESR below 140.9. The vulnerability requires no user interaction or special privileges and allows complete compromise of confidentiality, integrity, and availability. No patch is currently available.
A boundary condition vulnerability exists in Firefox's Audio/Video Web Codecs component that allows information disclosure to attackers. Firefox versions prior to 149 and Firefox ESR versions prior to 140.9 are affected. An attacker can exploit incorrect boundary condition handling in codec processing to read sensitive memory contents or application state.
A boundary condition vulnerability combined with an integer overflow flaw exists in the Graphics component of Mozilla Firefox, affecting Firefox versions prior to 149, Firefox ESR versions prior to 115.34, and Firefox ESR versions prior to 140.9. This vulnerability could allow an attacker to trigger a buffer overflow through specially crafted graphics data, potentially leading to memory corruption and arbitrary code execution. While no CVSS score or EPSS data is currently available, the Mozilla security advisories confirm the vulnerability affects multiple product lines across different release channels.
An incorrect boundary condition vulnerability exists in the Audio/Video playback component of Mozilla Firefox, affecting Firefox versions below 149, Firefox ESR below 115.34, and Firefox ESR below 140.9. This flaw enables information disclosure through improper memory boundary handling during media playback operations. While specific exploit details and CVSS metrics are not publicly disclosed, the vulnerability is categorized as an information disclosure issue affecting all three Firefox release channels.
A sandbox escape vulnerability exists in Firefox's Responsive Design Mode component that allows attackers to break out of the browser's security sandbox and access sensitive information. This affects Firefox versions prior to 149, Firefox ESR prior to 115.34, and Firefox ESR prior to 140.9. An attacker can exploit this vulnerability to disclose information by circumventing the sandbox restrictions that normally isolate web content from the browser's privileged context.
Critical use-after-free in Mozilla Firefox's CSS parsing engine enables unauthenticated remote code execution with no user interaction required, affecting Firefox versions below 149, ESR 115.34, and ESR 140.9. An attacker can exploit this memory corruption vulnerability by crafting a malicious web page that triggers the vulnerability when rendered, achieving full system compromise. No patch is currently available.
A sandbox escape vulnerability exists in Mozilla Firefox due to incorrect boundary conditions and integer overflow within the XPCOM component, allowing attackers to break out of the browser's security sandbox and potentially execute arbitrary code with elevated privileges. Firefox versions below 149, Firefox ESR below 115.34, and Firefox ESR below 140.9 are affected. An attacker capable of triggering the integer overflow in XPCOM can exploit the boundary condition flaw to escape the sandbox, potentially leading to full system compromise depending on browser privilege level and operating system context.
A sandbox escape vulnerability exists in Firefox's XPCOM component due to incorrect boundary conditions and integer overflow, allowing attackers to bypass security sandboxing mechanisms. This affects Firefox versions below 149, Firefox ESR below 115.34, and Firefox ESR below 140.9. An attacker can exploit this flaw to escape the browser sandbox and potentially execute arbitrary code with elevated privileges on the affected system.
Sandbox escape in Mozilla Firefox's Disability Access APIs component due to a use-after-free memory vulnerability allows unauthenticated remote attackers to execute arbitrary code with full system compromise. Firefox versions below 149 and Firefox ESR below 140.9 are affected, with no patch currently available. The vulnerability is exploitable over the network without user interaction, presenting critical risk to all affected users.
A sandbox escape vulnerability exists in Firefox's Telemetry component due to incorrect boundary condition handling, allowing attackers to potentially break out of the browser sandbox and access system resources or sensitive data. This affects Firefox versions below 149, Firefox ESR below 115.34, and Firefox ESR below 140.9. The vulnerability enables information disclosure and potentially arbitrary code execution by circumventing the sandbox isolation mechanism that normally restricts browser processes.
An incorrect boundary condition vulnerability exists in Firefox's Graphics Canvas2D component that can lead to information disclosure. This affects Firefox versions prior to 149, Firefox ESR versions prior to 115.34, and Firefox ESR versions prior to 140.9. An attacker can exploit this boundary condition issue to disclose sensitive information through crafted Canvas2D operations, though no active exploitation or public proof-of-concept has been reported at this time.
This vulnerability involves incorrect boundary conditions in Firefox's Graphics Canvas2D component that enables information disclosure. Firefox versions prior to 149, Firefox ESR prior to 115.34, and Firefox ESR prior to 140.9 are affected. An attacker can leverage improper boundary validation in Canvas2D operations to read sensitive information from memory that should not be accessible through normal web content restrictions.
Mozilla Firefox's WebRender graphics component contains a race condition and use-after-free vulnerability that enables remote code execution when a user visits a malicious webpage. The flaw affects Firefox versions prior to 149, Firefox ESR versions before 115.34 and 140.9, and requires user interaction to trigger. No patch is currently available for this high-severity issue.
Mozilla's Embed extension contains a domain allowlist bypass in the DomainFilteringAdapter due to insufficient hostname boundary validation in its regex pattern, allowing attacker-controlled domains like youtube.com.evil to pass validation checks for youtube.com. This vulnerability enables Server-Side Request Forgery attacks via the OscaroteroEmbedAdapter to probe internal services, and Cross-Site Scripting attacks through unsanitized oEmbed HTML responses returned by compromised domains. No patch is currently available for this medium-severity flaw.
A Server-Side Request Forgery (SSRF) vulnerability in AVideo's LiveLinks proxy endpoint allows unauthenticated attackers to access internal services and cloud metadata by exploiting missing validation on HTTP redirect targets. The vulnerability enables attackers to bypass initial URL validation through a malicious redirect, potentially exposing AWS/GCP/Azure instance metadata including IAM credentials. A detailed proof-of-concept is available and a patch has been released by the vendor.
AnythingLLM versions 1.11.1 and earlier contain an authentication bypass vulnerability on default installations where the application's HTTP endpoints and WebSocket connections lack proper authentication and accept requests from any origin. While rated CVSS 7.1, exploitation is limited to attackers on the same local network due to browser Private Network Access (PNA) protections, making this a medium-priority issue for most deployments.
Firefox's CSS parsing engine fails to properly enforce same-origin policy restrictions, allowing attackers to perform unauthorized modifications to web content across different origins through user interaction. Versions prior to 148.0.2 are affected, and the vulnerability requires user engagement to exploit. No patch is currently available, leaving vulnerable installations at risk of data integrity attacks.
Uninitialized memory read in Firefox Graphics Text component before 148. Text rendering may expose uninitialized memory contents.
Invalid pointer in Firefox DOM Core & HTML before 148. Incorrect pointer computation leads to memory access errors.
Improper boundary condition handling in the JavaScript/WebAssembly engine of Firefox and Thunderbird before version 148 enables remote denial of service attacks without requiring user interaction or privileges. An attacker can crash affected applications or cause service unavailability by sending specially crafted content. No patch is currently available.
JIT miscompilation in Firefox WebAssembly before 148. The JIT compiler generates incorrect Wasm code, enabling type confusion. PoC available.
Cache-based mitigation bypass in Firefox Networking before 148. Caching mechanism can be exploited to bypass security mitigations.
Same-origin policy bypass in Firefox Networking JAR component before 148. Allows cross-origin data access through JAR protocol handling.
Invalid pointer in Firefox JavaScript Engine before 148. Incorrect pointer computation leads to memory corruption.
DOM Security mitigation bypass in Firefox before 148. Security mechanisms protecting DOM operations can be circumvented.
Integer overflow in Firefox NSS (Network Security Services) Libraries component before 148. Overflow in the cryptographic library could affect TLS and certificate operations.
Boundary error in Firefox Networking JAR component before 148. Processing JAR (Java Archive) content triggers memory corruption.
Sandbox escape via DOM Core & HTML component in Firefox before 148. CVSS 10.0 — fifth sandbox escape in this release.
HTML parser mitigation bypass in Firefox DOM before 148. Bypasses content sanitization protections via alternate authentication path in the HTML parser.
Boundary error in Firefox Web Audio component before 148. Crafted audio processing triggers memory corruption.
Undefined behavior in Firefox DOM Core & HTML component before 148. Can lead to memory corruption and potential code execution.
Boundary violation in Firefox ImageLib graphics component before 148 enables memory corruption through crafted images.
Boundary violation in Firefox WebRTC Audio/Video component before 148 allows remote code execution through crafted WebRTC media streams.
Thunderbird's inline OpenPGP message decryption can leak secret email contents through CSS style injection when remote content loading is enabled, allowing attackers to extract decrypted plaintext via crafted email formatting. This affects Thunderbird versions before 147.0.1 and 140.7.1, requiring user interaction to trigger the vulnerability. No patch is currently available.
Firefox's Anti-Tracking privacy protection can be bypassed by unauthenticated remote attackers through user interaction, potentially allowing tracking mechanisms to function despite enabled privacy protections. The vulnerability affects Firefox versions below 147.0.2 and currently has no available patch. An attacker could exploit this to circumvent Firefox's tracking prevention features and monitor user activity.
DOM spoofing in Mozilla Firefox and Thunderbird's copy, paste, and drag-and-drop functionality allows unauthenticated attackers to deceive users into performing unintended actions through crafted content. The vulnerability affects Firefox versions below 147 and ESR versions below 140.7, as well as Thunderbird versions below 147 and 140.7, requiring user interaction to exploit. No patch is currently available.
Service Workers in Mozilla Firefox and Thunderbird versions below 147 are vulnerable to remote denial-of-service attacks that require no user interaction or authentication. An unauthenticated attacker can crash affected applications over the network, and public exploit code exists for this vulnerability. Currently no patch is available for remediation.
Incorrect boundary condition validation in Firefox and Thunderbird's WebGL graphics component allows attackers to escape the sandbox and potentially execute arbitrary code through a crafted web page or malicious content. The vulnerability affects Firefox versions below 147, Firefox ESR below 140.7, Thunderbird below 147, and Thunderbird ESR below 140.7, and requires user interaction to exploit. No patch is currently available.
DOM security bypass in Firefox and Thunderbird allows remote attackers to circumvent protective mitigations through user interaction, affecting multiple versions across both products. An attacker can exploit this to achieve high-impact compromise of confidentiality and integrity without requiring authentication. Currently no patch is available for affected users.
Ray is an AI compute engine. Rated critical severity (CVSS 9.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Memory safety bugs present in Firefox 144 and Thunderbird 144. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.
Sandbox escape due to incorrect boundary conditions in the Graphics: WebGPU component. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Incorrect boundary conditions in the Graphics: WebGPU component. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
JIT miscompilation in the JavaScript Engine: JIT component. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Sandbox escape due to incorrect boundary conditions in the Graphics: WebGPU component. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Incorrect boundary conditions in the Graphics: WebGPU component. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Incorrect boundary conditions in the Graphics: WebGPU component. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.