Skip to main content

Thunderbird

995 CVEs product

Monthly

CVE-2026-57963 MEDIUM This Month

An attacker who can send HTML chat messages (via Matrix or XMPP) can inject arbitrary styled content, phishing links, and CSS that manipulates the chat UI. This vulnerability was fixed in Thunderbird 152.0.1 and Thunderbird 140.12.1.

Mozilla Thunderbird XSS
NVD VulDB
CVSS 3.1
6.5
EPSS
0.1%
CVE-2026-57962 MEDIUM This Month

A malicious LDAP server, which a Thunderbird user is configured to query for address-book autocomplete, can stash arbitrarily large amounts of attacker-supplied data into the Thunderbird LDAP client until it crashes due to memory exhaustion. This vulnerability was fixed in Thunderbird 152.0.1 and Thunderbird 140.12.1.

Mozilla Thunderbird Denial Of Service
NVD VulDB
CVSS 3.1
5.3
EPSS
0.1%
CVE-2026-4371 HIGH PATCH This Week

Thunderbird's mail parser fails to validate string length parameters, allowing a compromised mail server to trigger out-of-bounds memory reads through malformed email content. Affected users running versions prior to 149 and 140.9 could experience application crashes or disclosure of sensitive data from process memory. The vulnerability requires network access but no user interaction, though no patch is currently available.

Mozilla Buffer Overflow Information Disclosure Thunderbird
NVD VulDB
CVSS 3.1
7.4
EPSS
0.0%
CVE-2026-2807 CRITICAL PATCH Act Now

Memory safety bugs in Firefox 147 and Thunderbird 147 with evidence of memory corruption. Mainline-only bugs not present in ESR branches.

Memory Corruption Mozilla Buffer Overflow RCE Thunderbird
NVD VulDB
CVSS 3.1
9.8
EPSS
0.1%
CVE-2026-2799 CRITICAL PATCH Act Now

Use-after-free in Firefox DOM Core & HTML before 148. DOM object lifecycle error.

Use After Free Memory Corruption Mozilla Information Disclosure Thunderbird
NVD VulDB
CVSS 3.1
9.8
EPSS
0.0%
CVE-2026-2798 HIGH PATCH This Week

A use-after-free vulnerability in Firefox and Thunderbird's DOM processing allows remote attackers to execute arbitrary code through a malicious webpage or email attachment, requiring only user interaction to trigger. This affects Firefox versions below 148 and Thunderbird versions below 148, with no patch currently available.

Use After Free Memory Corruption Mozilla Information Disclosure Thunderbird
NVD VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-2797 CRITICAL PATCH Act Now

Use-after-free in Firefox JavaScript GC before 148. Second GC UAF, different from CVE-2026-2795.

Use After Free Memory Corruption Mozilla Information Disclosure Thunderbird
NVD VulDB
CVSS 3.1
9.8
EPSS
0.0%
CVE-2026-2796 CRITICAL POC PATCH Act Now

JIT miscompilation in Firefox WebAssembly before 148. The JIT compiler generates incorrect Wasm code, enabling type confusion. PoC available.

Mozilla Memory Corruption Information Disclosure Thunderbird
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.1%
CVE-2026-2795 CRITICAL PATCH Act Now

Use-after-free in Firefox JavaScript GC component before 148. GC-specific UAF affecting only mainline Firefox and Thunderbird.

Use After Free Memory Corruption Mozilla Information Disclosure Thunderbird
NVD VulDB
CVSS 3.1
9.8
EPSS
0.0%
CVE-2026-2793 CRITICAL PATCH Act Now

Memory safety bugs in Firefox ESR 115.32, ESR 140.7, and Firefox 147. Broader set of memory corruption issues than CVE-2026-2792.

Memory Corruption Mozilla Buffer Overflow RCE Thunderbird
NVD VulDB
CVSS 3.1
9.8
EPSS
0.1%
CVE-2026-2792 CRITICAL PATCH Act Now

Memory safety bugs in Firefox ESR 140.7 and Firefox 147 with evidence of memory corruption and potential code execution exploitability.

Memory Corruption Mozilla Buffer Overflow RCE Thunderbird
NVD VulDB
CVSS 3.1
9.8
EPSS
0.1%
CVE-2026-2778 CRITICAL PATCH Act Now

Sandbox escape via DOM Core & HTML component in Firefox before 148. CVSS 10.0 — fifth sandbox escape in this release.

Mozilla Buffer Overflow Thunderbird
NVD VulDB
CVSS 3.1
10.0
EPSS
0.1%
CVE-2026-2777 CRITICAL PATCH Act Now

Privilege escalation in Firefox Messaging System component before 148. The inter-process messaging system allows escalation from content to privileged process.

Privilege Escalation Mozilla Thunderbird
NVD VulDB
CVSS 3.1
9.8
EPSS
0.1%
CVE-2026-2776 CRITICAL PATCH Act Now

Sandbox escape via Telemetry component in Firefox external software before 148. CVSS 10.0 — fourth sandbox escape in this release, through the telemetry subsystem.

Buffer Overflow Mozilla Thunderbird
NVD VulDB
CVSS 3.1
10.0
EPSS
0.1%
CVE-2026-2775 CRITICAL PATCH Act Now

HTML parser mitigation bypass in Firefox DOM before 148. Bypasses content sanitization protections via alternate authentication path in the HTML parser.

Mozilla Authentication Bypass Thunderbird
NVD VulDB
CVSS 3.1
9.8
EPSS
0.1%
CVE-2026-2774 CRITICAL PATCH Act Now

Integer overflow in Firefox Audio/Video component before 148. Overflow in media processing leads to incorrect memory allocations.

Integer Overflow Mozilla Buffer Overflow Thunderbird
NVD VulDB
CVSS 3.1
9.8
EPSS
0.0%
CVE-2026-2773 CRITICAL PATCH Act Now

Boundary error in Firefox Web Audio component before 148. Crafted audio processing triggers memory corruption.

Buffer Overflow Mozilla Thunderbird
NVD VulDB
CVSS 3.1
9.8
EPSS
0.1%
CVE-2026-2772 CRITICAL PATCH Act Now

Use-after-free in Firefox Audio/Video Playback component before 148. Media playback triggers memory corruption.

Use After Free Memory Corruption Mozilla Information Disclosure Thunderbird
NVD VulDB
CVSS 3.1
9.8
EPSS
0.0%
CVE-2026-2771 CRITICAL PATCH Act Now

Undefined behavior in Firefox DOM Core & HTML component before 148. Can lead to memory corruption and potential code execution.

Buffer Overflow Mozilla Information Disclosure Thunderbird
NVD VulDB
CVSS 3.1
9.8
EPSS
0.1%
CVE-2026-2770 CRITICAL PATCH Act Now

Use-after-free in Firefox DOM Bindings (WebIDL) component before 148. Memory corruption in the interface between JavaScript and native DOM objects.

Use After Free Memory Corruption Mozilla Information Disclosure Thunderbird
NVD VulDB
CVSS 3.1
9.8
EPSS
0.0%
CVE-2026-2769 HIGH PATCH This Week

A use-after-free vulnerability in the IndexedDB storage component of Firefox and Thunderbird allows remote attackers to achieve arbitrary code execution through user interaction. Affected versions include Firefox below 148, Firefox ESR below 115.33 and 140.8, and Thunderbird below 148 and 140.8. No patch is currently available for this high-severity flaw.

Use After Free Memory Corruption Mozilla Information Disclosure Thunderbird
NVD VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-2768 CRITICAL PATCH Act Now

Sandbox escape via IndexedDB in Firefox before 148 and Thunderbird. CVSS 10.0 — the Storage: IndexedDB component allows escaping the content process sandbox.

Authentication Bypass Mozilla Thunderbird
NVD VulDB
CVSS 3.1
10.0
EPSS
0.1%
CVE-2026-2767 CRITICAL PATCH Act Now

Use-after-free in Firefox JavaScript WebAssembly component before 148. WebAssembly-specific memory management bug.

Use After Free Memory Corruption Mozilla Information Disclosure Thunderbird
NVD VulDB
CVSS 3.1
9.8
EPSS
0.0%
CVE-2026-2766 CRITICAL PATCH Act Now

Use-after-free in Firefox JavaScript JIT compiler before 148. Second JIT-related UAF in this release, different from CVE-2026-2764.

Use After Free Memory Corruption Mozilla Information Disclosure Thunderbird
NVD VulDB
CVSS 3.1
9.8
EPSS
0.1%
CVE-2026-2765 CRITICAL PATCH Act Now

Use-after-free in Firefox JavaScript Engine before 148 and Thunderbird ESR 140.8. Separate UAF from CVE-2026-2763 and CVE-2026-2758.

Use After Free Memory Corruption Mozilla Information Disclosure Thunderbird
NVD VulDB
CVSS 3.1
9.8
EPSS
0.1%
CVE-2026-2764 CRITICAL PATCH Act Now

JIT miscompilation causing use-after-free in Firefox JavaScript JIT compiler before 148. JIT bugs are highly exploitable due to their deterministic nature.

Use After Free Memory Corruption Mozilla Information Disclosure Thunderbird
NVD VulDB
CVSS 3.1
9.8
EPSS
0.1%
CVE-2026-2763 CRITICAL PATCH Act Now

Use-after-free in Firefox JavaScript Engine before 148. One of multiple JS engine UAFs fixed in this release.

Use After Free Memory Corruption Mozilla Information Disclosure Thunderbird
NVD VulDB
CVSS 3.1
9.8
EPSS
0.1%
CVE-2026-2762 CRITICAL PATCH Act Now

Integer overflow in Firefox JavaScript Standard Library before 148 leads to memory corruption through crafted JavaScript operations.

Integer Overflow Mozilla Buffer Overflow Thunderbird
NVD VulDB
CVSS 3.1
9.8
EPSS
0.1%
CVE-2026-2761 CRITICAL PATCH Act Now

Second sandbox escape in Firefox WebRender component. CVSS 10.0 — independent path from CVE-2026-2760 to escape the content process sandbox.

Information Disclosure Mozilla Thunderbird
NVD VulDB
CVSS 3.1
10.0
EPSS
0.1%
CVE-2026-2760 CRITICAL PATCH Act Now

Sandbox escape via boundary violation in Firefox WebRender graphics component. CVSS 10.0 — allows escaping the content sandbox to execute code with elevated privileges.

Information Disclosure Mozilla Thunderbird
NVD VulDB
CVSS 3.1
10.0
EPSS
0.1%
CVE-2026-2759 CRITICAL PATCH Act Now

Boundary violation in Firefox ImageLib graphics component before 148 enables memory corruption through crafted images.

Mozilla Information Disclosure Thunderbird
NVD VulDB
CVSS 3.1
9.8
EPSS
0.1%
CVE-2026-2758 CRITICAL PATCH Act Now

Use-after-free in Firefox JavaScript garbage collector before 148 allows remote code execution through crafted JavaScript.

Use After Free Memory Corruption Mozilla Information Disclosure Thunderbird
NVD VulDB
CVSS 3.1
9.8
EPSS
0.1%
CVE-2026-2757 CRITICAL PATCH Act Now

Boundary violation in Firefox WebRTC Audio/Video component before 148 allows remote code execution through crafted WebRTC media streams.

Mozilla Information Disclosure Thunderbird
NVD VulDB
CVSS 3.1
9.8
EPSS
0.1%
CVE-2026-2447 HIGH PATCH This Week

Heap buffer overflow in libvpx affects Firefox and Thunderbird across multiple versions, enabling remote code execution when a user interacts with malicious content. An unauthenticated attacker can exploit this vulnerability over the network without special privileges to achieve complete system compromise including data theft and integrity violations. No patch is currently available, making this a critical risk for affected users.

Buffer Overflow Mozilla Heap Overflow Thunderbird
NVD VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-0891 HIGH PATCH This Week

Arbitrary code execution in Firefox and Thunderbird versions prior to 147/140.7 results from memory corruption vulnerabilities that could allow remote attackers to execute malicious code with no user interaction required. Multiple memory safety flaws across Firefox ESR 140.6, Thunderbird ESR 140.6, Firefox 146, and Thunderbird 146 create conditions for potential exploitation despite no patch currently being available. The high CVSS score of 8.1 reflects the critical nature of achieving full system compromise through network-based attack vectors.

Mozilla Buffer Overflow RCE Thunderbird
NVD VulDB
CVSS 3.1
8.1
EPSS
0.0%
CVE-2026-0882 HIGH PATCH This Week

A use-after-free vulnerability in the IPC component of Firefox (versions below 147 and ESR versions below 115.32/140.7) and Thunderbird (versions below 147 and 140.7) enables remote code execution when users interact with malicious content. The flaw requires user interaction and network access, allowing attackers to achieve full system compromise with high integrity and confidentiality impact. No patch is currently available for this vulnerability.

Use After Free Memory Corruption Mozilla Information Disclosure Thunderbird
NVD VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-0881 CRITICAL PATCH Act Now

Firefox Messaging System component has a sandbox escape vulnerability. Maximum CVSS 10.0 with scope change. Affects Firefox < 147 and Thunderbird < 147.

Authentication Bypass Mozilla Thunderbird
NVD VulDB
CVSS 3.1
10.0
EPSS
0.0%
CVE-2026-0880 HIGH PATCH This Week

Integer overflow in Firefox and Thunderbird's Graphics component enables sandbox escape, allowing remote attackers to execute arbitrary code with high privileges through a malicious webpage or content requiring user interaction. Affected versions include Firefox below 147, Firefox ESR below 115.32 and 140.7, and Thunderbird below 147 and 140.7. No patch is currently available.

Integer Overflow Mozilla Buffer Overflow Thunderbird
NVD VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-0879 CRITICAL PATCH Act Now

Firefox sandbox escape via incorrect boundary conditions in the Graphics component. Affects Firefox < 147, Firefox ESR < 115.32 and < 140.7, Thunderbird < 147 and < 140.7.

Mozilla Buffer Overflow Thunderbird
NVD VulDB
CVSS 3.1
9.8
EPSS
0.0%
CVE-2026-0878 HIGH PATCH This Week

Incorrect boundary condition validation in Firefox and Thunderbird's WebGL graphics component allows attackers to escape the sandbox and potentially execute arbitrary code through a crafted web page or malicious content. The vulnerability affects Firefox versions below 147, Firefox ESR below 140.7, Thunderbird below 147, and Thunderbird ESR below 140.7, and requires user interaction to exploit. No patch is currently available.

Mozilla Information Disclosure Thunderbird
NVD VulDB
CVSS 3.1
8.0
EPSS
0.0%
CVE-2026-0877 HIGH PATCH This Week

DOM security bypass in Firefox and Thunderbird allows remote attackers to circumvent protective mitigations through user interaction, affecting multiple versions across both products. An attacker can exploit this to achieve high-impact compromise of confidentiality and integrity without requiring authentication. Currently no patch is available for affected users.

Mozilla Authentication Bypass Thunderbird
NVD VulDB
CVSS 3.1
8.1
EPSS
0.0%
CVE-2025-14333 HIGH PATCH This Week

Multiple memory corruption flaws in Firefox and Thunderbird enable remote code execution via network-accessible attack vectors. Mozilla Firefox ESR 140.5, Firefox 145, Thunderbird ESR 140.5, and Thunderbird 145 contain memory safety bugs with evidence of corruption that Mozilla presumes exploitable for arbitrary code execution. Authentication requirements not confirmed from available data (CVSS vector shows PR:N). Vendor-released patches available: Firefox 146, Firefox ESR 140.6, Thunderbird 146, Thunderbird 140.6. EPSS probability is low (0.09%, 25th percentile), and no public exploit identified at time of analysis.

Memory Corruption Mozilla RCE Buffer Overflow Thunderbird +2
NVD VulDB
CVSS 3.1
8.1
EPSS
0.1%
CVE-2025-14332 HIGH PATCH This Week

Memory corruption vulnerabilities in Mozilla Firefox 145 and Thunderbird 145 enable remote code execution via multiple memory safety bugs. Unauthenticated remote attackers can exploit these flaws (CWE-787 buffer overflow) through network-based attack vectors with low complexity, requiring no user interaction. Mozilla has released patches in Firefox 146 and Thunderbird 146. EPSS score of 0.07% (21st percentile) suggests low observed exploitation probability, and no public exploit identified at time of analysis, though the vendor's assessment indicates memory corruption with exploitable potential.

Memory Corruption Mozilla RCE Buffer Overflow Thunderbird +2
NVD VulDB
CVSS 3.1
7.3
EPSS
0.1%
CVE-2025-14331 MEDIUM PATCH This Month

Same-origin policy bypass in Firefox and Thunderbird request handling allows unauthenticated remote attackers to access sensitive information from cross-origin resources with low attack complexity and no user interaction required. The vulnerability affects Firefox versions below 146, Firefox ESR below 115.31 and 140.6, Thunderbird below 146, and Thunderbird ESR below 140.6. No public exploit code has been identified at time of analysis, and the EPSS score of 0.04% indicates low real-world exploitation probability despite the moderate CVSS rating.

Mozilla Authentication Bypass Thunderbird Red Hat Suse
NVD VulDB
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-14330 CRITICAL PATCH Act Now

Just-In-Time (JIT) compilation flaws in Mozilla's JavaScript engine allow unauthenticated remote attackers to achieve arbitrary code execution with high integrity and availability impact across Firefox and Thunderbird. Affects Firefox <146, Firefox ESR <140.6, Thunderbird <146, and Thunderbird ESR <140.6. Despite a critical CVSS 9.8 score, EPSS probability remains low at 0.09% (25th percentile), and no public exploit or active exploitation (CISA KEV) has been identified at time of analysis. Vendor-released patches are available across all affected product lines.

Mozilla Buffer Overflow Thunderbird Red Hat Suse
NVD VulDB
CVSS 3.1
9.8
EPSS
0.1%
CVE-2025-14329 HIGH PATCH This Week

Privilege escalation in Mozilla Firefox and Thunderbird Netmonitor component allows remote attackers to execute arbitrary code with elevated privileges when users interact with malicious content. Affects Firefox versions prior to 146, Firefox ESR prior to 140.6, Thunderbird prior to 146, and Thunderbird ESR prior to 140.6. Mozilla released patches in January 2025 across all product lines. EPSS score of 0.07% (22nd percentile) indicates low current exploitation probability, with no confirmed active exploitation (not in CISA KEV) and no public exploit code identified at time of analysis. CVSS 8.8 reflects the high impact potential despite requiring user interaction.

Mozilla Privilege Escalation Thunderbird Red Hat Suse
NVD VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2025-14328 HIGH PATCH This Week

Privilege escalation in Mozilla Firefox and Thunderbird's Netmonitor component allows unauthenticated remote attackers to gain elevated privileges via user interaction. Affects Firefox <146, Firefox ESR <140.6, Thunderbird <146, and Thunderbird ESR <140.6. With an 8.8 CVSS score but only 0.07% EPSS (22nd percentile), no public exploit identified at time of analysis, and vendor-released patches available. Not listed in CISA KEV, indicating no confirmed active exploitation.

Mozilla Privilege Escalation Thunderbird Red Hat Suse
NVD VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2025-14327 HIGH PATCH This Week

Downloads Panel in Mozilla Firefox and Thunderbird allows remote spoofing attacks enabling integrity compromise without authentication. Affects Firefox <146, Thunderbird <146, Firefox ESR <140.7, and Thunderbird ESR <140.7. The authentication bypass flaw (CWE-290) permits network-based attackers to manipulate download information displayed to users with low attack complexity and no user interaction required. Despite CVSS 7.5 (High), EPSS score of 0.02% (3rd percentile) indicates minimal real-world exploitation likelihood. No active exploitation confirmed (not in CISA KEV), and no public exploit identified at time of analysis.

Mozilla Authentication Bypass Thunderbird Red Hat Suse
NVD VulDB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2025-14326 CRITICAL PATCH Act Now

Remote code execution in Mozilla Firefox and Thunderbird (pre-146) allows unauthenticated network attackers to execute arbitrary code via a use-after-free flaw in the GMP (Gecko Media Plugin) audio/video component. Despite a critical CVSS 9.8 rating, EPSS probability remains low (0.08%, 23rd percentile), and no public exploit identified at time of analysis. Mozilla patched both products in version 146, with vendor advisories and technical details available via Bugzilla.

Memory Corruption Mozilla Use After Free Information Disclosure Thunderbird +2
NVD VulDB
CVSS 3.1
9.8
EPSS
0.1%
CVE-2025-14325 HIGH PATCH This Week

JIT compiler miscompilation in Mozilla Firefox and Thunderbird's JavaScript engine enables remote attackers to achieve limited confidentiality, integrity, and availability impact without authentication or user interaction. Affects Firefox < 146, Firefox ESR < 140.6, Thunderbird < 146, and Thunderbird ESR < 140.6. Vendor-released patches available in Firefox 146, Firefox ESR 140.6, Thunderbird 146, and Thunderbird 140.6. No public exploit identified at time of analysis, with EPSS score of 0.11% (30th percentile) indicating low predicted exploitation probability.

Memory Corruption Mozilla Information Disclosure Thunderbird Red Hat +1
NVD VulDB
CVSS 3.1
7.3
EPSS
0.1%
CVE-2025-14324 CRITICAL PATCH Act Now

JIT compiler miscompilation in Mozilla's JavaScript engine allows remote code execution without authentication in Firefox (versions <146, <115.31 ESR, <140.6 ESR) and Thunderbird (versions <146, <140.6 ESR). The CVSS 9.8 critical score reflects network-based exploitation requiring no user interaction. EPSS score of 0.10% (27th percentile) suggests low predicted exploitation probability despite severity. No public exploit identified at time of analysis, and vendor-released patches are available across all affected product lines per Mozilla security advisories MFSA2025-92 through MFSA2025-96.

Mozilla RCE Code Injection Thunderbird Red Hat +1
NVD VulDB
CVSS 3.1
9.8
EPSS
0.1%
CVE-2025-14323 HIGH PATCH This Week

Privilege escalation in Mozilla Firefox and Thunderbird's DOM Notifications component enables unauthenticated remote attackers to achieve high-severity impacts (confidentiality, integrity, availability) via user interaction. Affects Firefox <146, Firefox ESR <115.31 and <140.6, Thunderbird <146 and <140.6. EPSS exploitation probability is low (0.08%, 23rd percentile), and no public exploit or active exploitation (CISA KEV) has been identified at time of analysis. Vendor-released patches are available across all affected product lines.

Mozilla Privilege Escalation Thunderbird Red Hat Suse
NVD VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2025-14322 HIGH PATCH This Week

Sandbox escape in Mozilla Firefox and Thunderbird's CanvasWebGL component allows remote attackers to bypass security boundaries via crafted web content with user interaction. Affects Firefox <146, Firefox ESR <115.31 and <140.6, Thunderbird <146 and Thunderbird ESR <140.6. EPSS probability is low (0.06%, 20th percentile), and no public exploit identified at time of analysis. The CVSS score of 8.0 reflects high confidentiality and integrity impact with scope change, though attack complexity is high and requires user interaction.

Mozilla Information Disclosure Thunderbird Red Hat Suse
NVD VulDB
CVSS 3.1
8.0
EPSS
0.1%
CVE-2025-14321 CRITICAL PATCH Act Now

Remote code execution via use-after-free in Mozilla Firefox and Thunderbird WebRTC signaling allows unauthenticated network attackers to execute arbitrary code without user interaction. Affects Firefox <146, Firefox ESR <140.6, Thunderbird <146, and Thunderbird ESR <140.6. Vendor-released patches available (Firefox 146, Firefox ESR 140.6, Thunderbird 146, Thunderbird 140.6). CVSS 9.8 (critical) reflects maximum technical severity, though EPSS 0.09% (25th percentile) and absence from CISA KEV suggest limited real-world exploitation at time of analysis. No public exploit identified at time of analysis.

Memory Corruption Mozilla Use After Free Information Disclosure Thunderbird +2
NVD VulDB
CVSS 3.1
9.8
EPSS
0.1%
CVE-2025-11721 CRITICAL PATCH Act Now

Remote code execution in Mozilla Firefox 143 and Thunderbird 143 allows unauthenticated network attackers to execute arbitrary code via memory corruption. The vulnerability stems from a memory safety bug (CWE-119 buffer overflow) exploitable without user interaction. CVSS score of 9.8 reflects critical severity with network-based attack vector, low complexity, and no privileges required. Vendor-released patches are available in Firefox 144 and Thunderbird 144. No public exploit identified at time of analysis, though Mozilla's assessment indicates the memory corruption is presumed exploitable with sufficient effort.

Mozilla RCE Buffer Overflow Thunderbird Red Hat +1
NVD
CVSS 3.1
9.8
EPSS
0.1%
CVE-2025-11719 CRITICAL PATCH Act Now

Use-after-free memory corruption in Mozilla Thunderbird 143+ and Firefox allows remote code execution via malicious web extensions exploiting the native messaging API on Windows. CVSS 9.8 (critical) with network-based attack vector requiring no user interaction or authentication. Patched in Firefox 144 and Thunderbird 144. No public exploit identified at time of analysis, but CVSS metrics indicate high exploitability (AV:N/AC:L/PR:N/UI:N) with complete impact to confidentiality, integrity, and availability.

Memory Corruption Use After Free Buffer Overflow Mozilla Microsoft +3
NVD
CVSS 3.1
9.8
EPSS
0.1%
CVE-2025-11716 MEDIUM PATCH This Month

Sandboxed iframes in Firefox and Thunderbird can bypass Android permission restrictions to launch external applications without the required allow-permissions, enabling attackers to trigger unintended app launches through malicious links. Unauthenticated remote attackers can exploit this via user interaction (link click) to achieve integrity impact. Firefox 144 and Thunderbird 144 contain fixes; no public exploit code or active exploitation has been identified.

Mozilla Google Authentication Bypass Thunderbird Suse
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-11715 HIGH PATCH This Week

Memory corruption in Firefox 143, Firefox ESR 140.3, Thunderbird 143, and Thunderbird ESR 140.3 enables remote arbitrary code execution when users interact with malicious content. Exploitation requires user interaction (opening crafted web content or email), but no authentication is needed. Mozilla issued patches in Firefox 144, Firefox ESR 140.4, Thunderbird 144, and Thunderbird ESR 140.4. With CVSS 8.8 and EPSS data unavailable, the vulnerability represents critical risk to unpatched installations. No public exploit identified at time of analysis, though Mozilla's acknowledgment of memory corruption evidence suggests exploitation is technically feasible.

Mozilla RCE Buffer Overflow Thunderbird Red Hat +1
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2025-11714 HIGH PATCH This Week

Memory corruption vulnerabilities in Mozilla Firefox and Thunderbird allow remote code execution when users interact with malicious web content. Affects Firefox ESR 115.28 and below, Firefox ESR 140.3 and below, Firefox 143 and below, Thunderbird 143 and below, and Thunderbird ESR 140.3 and below. Mozilla confirmed memory safety bugs with evidence of memory corruption presumed exploitable for arbitrary code execution. Vendor-released patches available: Firefox 144, Firefox ESR 115.29, Firefox ESR 140.4, Thunderbird 144, and Thunderbird 140.4. CVSS 8.8 severity driven by network attack vector with low complexity requiring only user interaction, no authentication required. No public exploit identified at time of analysis, though multiple internal bug reports suggest coordinated fix effort.

Mozilla RCE Buffer Overflow Thunderbird Red Hat +1
NVD VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2025-11713 HIGH PATCH This Week

Command injection via Firefox/Thunderbird 'Copy as cURL' feature on Windows allows remote attackers to execute arbitrary commands when users copy network requests as cURL commands and paste them into terminals. Affects Firefox <144, Firefox ESR <140.4, Thunderbird <144, and Thunderbird <140.4 exclusively on Windows platforms. No public exploit identified at time of analysis, but attack vector requires only user interaction (CVSS PR:N/UI:R) with no privileges needed.

Mozilla Information Disclosure Microsoft Thunderbird Red Hat +1
NVD VulDB
CVSS 3.1
8.1
EPSS
0.0%
CVE-2025-11712 MEDIUM PATCH This Month

Firefox and Thunderbird allow cross-site scripting (XSS) attacks when a malicious page uses the type attribute of an OBJECT tag to override default browser behavior for resources served without a content-type header. An attacker can craft a malicious webpage that exploits this flaw to execute arbitrary JavaScript in the context of a vulnerable site that unsafely omits content-type headers, affecting Firefox versions before 144, Firefox ESR before 140.4, Thunderbird before 144, and Thunderbird ESR before 140.4. No public exploit code or active exploitation has been identified at time of analysis.

Mozilla XSS Thunderbird Red Hat Suse
NVD VulDB
CVSS 3.1
6.1
EPSS
0.0%
CVE-2025-11711 MEDIUM PATCH This Month

Modify read-only JavaScript Object properties in Firefox and Thunderbird via crafted web content, allowing attackers to bypass property immutability protections and alter application state. Affects Firefox versions below 144, Firefox ESR below 115.29 and 140.4, Thunderbird below 144 and 140.4. Requires user interaction (malicious website visit) but no authentication. CVSS 6.5 reflects high integrity impact with user-interaction requirement; no evidence of active exploitation or public exploit code at time of analysis.

Mozilla Information Disclosure Thunderbird Red Hat Suse
NVD VulDB
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-11710 CRITICAL PATCH Act Now

Information disclosure in Mozilla Firefox and Thunderbird allows unauthenticated remote attackers to extract privileged browser process memory via malicious IPC messages from a compromised web content process. Affects Firefox <144, Firefox ESR <115.29 and <140.4, and Thunderbird <144 and <140.4. CVSS 9.8 indicates network-exploitable with no auth required, though actual exploitation requires first compromising a web content process. Vendor-released patches available (Firefox 144, Firefox ESR 115.29/140.4, Thunderbird 144/140.4). No public exploit identified at time of analysis; EPSS data not provided.

Mozilla Information Disclosure Thunderbird Red Hat Suse
NVD VulDB
CVSS 3.1
9.8
EPSS
0.1%
CVE-2025-11709 CRITICAL PATCH Act Now

Out-of-bounds memory corruption in Mozilla Firefox and Thunderbird allows unauthenticated remote attackers to achieve code execution via malicious WebGL texture operations. A compromised web content process can exploit manipulated WebGL textures to trigger out-of-bounds reads and writes in privileged browser processes, potentially leading to full system compromise. Affects Firefox <144, Firefox ESR <115.29 and <140.4, and Thunderbird <144 and <140.4. Vendor-released patches available across all affected product lines. CVSS 9.8 reflects network-accessible, no-authentication-required attack with high impact across confidentiality, integrity, and availability. No public exploit identified at time of analysis, though the specific Bugzilla reference (1989127) indicates detailed technical analysis exists.

Memory Corruption Mozilla Buffer Overflow Thunderbird Red Hat +1
NVD VulDB
CVSS 3.1
9.8
EPSS
0.1%
CVE-2025-11708 CRITICAL PATCH Act Now

Remote code execution in Mozilla Firefox (all versions prior to 144, ESR prior to 140.4) and Thunderbird (all versions prior to 144, ESR prior to 140.4) allows unauthenticated remote attackers to execute arbitrary code, disclose sensitive information, or cause denial of service through a use-after-free vulnerability in MediaTrackGraphImpl::GetInstance(). With a critical CVSS score of 9.8 and no authentication required, this memory corruption flaw represents a severe security risk. No public exploit identified at time of analysis, though EPSS data not available to assess exploitation probability.

Memory Corruption Mozilla Use After Free Information Disclosure Thunderbird +2
NVD VulDB
CVSS 3.1
9.8
EPSS
0.1%
CVE-2025-8044 CRITICAL PATCH Act Now

Memory corruption in Firefox 140 and Thunderbird 140 enables remote code execution without authentication. Mozilla confirmed multiple memory safety bugs with evidence of corruption, collectively presumed exploitable for arbitrary code execution. Fixed in Firefox 141 and Thunderbird 141. CVSS 9.8 critical severity with network-accessible attack vector requiring no user interaction. EPSS data not provided; no public exploit identified at time of analysis.

Mozilla RCE Buffer Overflow Thunderbird Red Hat +1
NVD
CVSS 3.1
9.8
EPSS
0.1%
CVE-2025-8043 CRITICAL POC PATCH Act Now

Firefox and Thunderbird URL truncation flaw enables spoofing attacks by displaying misleading origins in the address bar. Affects all Firefox versions prior to 141 and corresponding Thunderbird releases. Attackers can craft URLs that hide the true destination, tricking users into visiting malicious sites. Publicly available exploit code exists. CVSS 9.8 critical rating reflects network-based attack requiring no authentication, though real-world exploitation requires social engineering (user interaction despite UI:N vector).

Mozilla Information Disclosure Thunderbird Red Hat Suse
NVD
CVSS 3.1
9.8
EPSS
0.1%
CVE-2025-8040 HIGH PATCH This Week

Memory corruption in Mozilla Firefox 140 and Thunderbird 140 (including ESR versions) allows remote code execution when users interact with malicious web content. Affected versions include Firefox ESR 140.0, Firefox 140, Thunderbird ESR 140.0, and Thunderbird 140. With CVSS 8.8 and requiring only user interaction (no authentication), this represents a significant threat to enterprise and consumer users. No public exploit identified at time of analysis, though Mozilla confirmed memory corruption evidence suggesting exploitability with sufficient attacker effort. Vendor-released patches available in Firefox 141, Firefox ESR 140.1, Thunderbird 141, and Thunderbird 140.1.

Mozilla RCE Buffer Overflow Thunderbird Red Hat +1
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2025-8039 HIGH PATCH This Week

Search term leakage in Mozilla Firefox and Thunderbird URL bars exposes sensitive user queries to unauthorized parties when URLs are shared or logged. Firefox versions prior to 141 (regular) and 140.1 (ESR), and Thunderbird versions prior to 141 (regular) and 140.1 (ESR) fail to properly clear search parameters from the URL bar after navigation, enabling information disclosure through shoulder surfing, screenshot sharing, browser history exports, or URL-based tracking. No public exploit identified at time of analysis, though the attack requires only user interaction (EPSS data not provided). CVSS 8.1 reflects high confidentiality and integrity impact despite requiring user interaction.

Mozilla Information Disclosure Thunderbird Red Hat Suse
NVD
CVSS 3.1
8.1
EPSS
0.1%
CVE-2025-8038 CRITICAL PATCH Act Now

Frame navigation validation bypass in Mozilla Firefox and Thunderbird allows unauthenticated remote attackers to violate security boundaries due to improper path checking (CWE-345). Affects Firefox <141, Firefox ESR <140.1, Thunderbird <141, and Thunderbird ESR <140.1. The CVSS 9.8 critical score reflects network-based exploitation with no user interaction required, enabling potential unauthorized access, data manipulation, and service disruption. No public exploit identified at time of analysis, though the network attack vector (AV:N) and low complexity (AC:L) suggest straightforward exploitation once technical details emerge.

Mozilla Information Disclosure Thunderbird Red Hat Suse
NVD
CVSS 3.1
9.8
EPSS
0.1%
CVE-2025-8037 CRITICAL PATCH Act Now

Cookie shadowing in Mozilla Firefox (versions prior to 141 and ESR prior to 140.1) and Thunderbird (versions prior to 141 and ESR prior to 140.1) allows remote unauthenticated attackers to bypass Secure cookie protections and access or modify session data. A nameless cookie containing an equals sign set over insecure HTTP can override cookies with the Secure attribute, enabling session hijacking or authentication bypass. No public exploit identified at time of analysis, though the attack complexity is low (CVSS AC:L) with network-based attack vector requiring no user interaction.

Mozilla Information Disclosure Thunderbird Red Hat Suse
NVD
CVSS 3.1
9.1
EPSS
0.0%
CVE-2025-8036 HIGH PATCH This Week

DNS rebinding attacks can bypass Cross-Origin Resource Sharing (CORS) protections in Mozilla Firefox and Thunderbird due to improper cache invalidation of CORS preflight responses when target IP addresses change. Remote attackers can exploit this via malicious websites to access confidential cross-origin data without user authentication (CVSS: PR:N, UI:R). No public exploit identified at time of analysis, though CERT VU#652514 provides technical disclosure. EPSS data not provided, but the combination of network-accessible attack vector, low complexity, and no required privileges warrants attention for organizations using affected Mozilla products.

Mozilla Information Disclosure Thunderbird Red Hat Suse
NVD
CVSS 3.1
8.1
EPSS
0.1%
CVE-2025-8035 HIGH PATCH This Week

Remote code execution in Mozilla Firefox (ESR 128.12, 140.0, Firefox 140) and Thunderbird (ESR 128.12, 140.0, Thunderbird 140) allows unauthenticated remote attackers to execute arbitrary code via memory corruption vulnerabilities classified as buffer overflow (CWE-119). User interaction is required. Mozilla has released patches for all affected products (Firefox 141, ESR 128.13, ESR 140.1, Thunderbird 141, 128.13, 140.1). No public exploit identified at time of analysis, though CVSS score of 8.8 reflects high severity with complete compromise potential.

Mozilla RCE Buffer Overflow Thunderbird Red Hat +1
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2025-8034 HIGH PATCH This Week

Remote code execution in Mozilla Firefox (ESR 115.x through 115.25, 128.x through 128.12, 140.0, regular 140) and Thunderbird (ESR 128.12, 140.0, regular 140) via memory safety bugs (CWE-119 buffer overflow). Attackers can execute arbitrary code by delivering crafted web content that triggers memory corruption when a user interacts with malicious pages or emails. CVSS 8.8 (High) reflects network-based attack requiring user interaction but no authentication. Vendor-released patches available: Firefox 141, Firefox ESR 115.26/128.13/140.1, Thunderbird 141/128.13/140.1. EPSS data not provided; no public exploit identified at time of analysis, though Mozilla notes evidence of memory corruption suggesting exploitability with effort.

Mozilla RCE Buffer Overflow Thunderbird Red Hat +1
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2025-8033 MEDIUM PATCH This Month

Null pointer dereference in Firefox and Thunderbird JavaScript engines allows remote attackers to cause denial of service via malformed closed generator objects. The vulnerability affects Firefox versions below 141, Firefox ESR versions below 115.26/128.13/140.1, Thunderbird versions below 141/128.13/140.1, and is triggered when a user visits a malicious webpage or opens a crafted email containing JavaScript that improperly resumes a closed generator. While the CVSS score is 6.5 (medium-high), the impact is limited to availability-no information disclosure or code execution is possible.

Mozilla Denial Of Service Null Pointer Dereference Thunderbird Red Hat +1
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-8032 HIGH PATCH This Week

Content Security Policy bypass in Mozilla Firefox and Thunderbird allows remote attackers to circumvent CSP protections via maliciously crafted XSLT documents. The flaw affects Firefox versions prior to 141 and Firefox ESR prior to 128.13/140.1, as well as Thunderbird versions prior to 141 and Thunderbird ESR prior to 128.13/140.1. Attack requires user interaction (visiting a malicious site or opening a malicious email) but no authentication. With CVSS 8.1 (High severity) and documented in six separate Mozilla security advisories, this CSP bypass enables high-impact confidentiality and integrity violations, though no public exploit or active exploitation has been identified at time of analysis.

Mozilla Authentication Bypass Thunderbird Red Hat Suse
NVD
CVSS 3.1
8.1
EPSS
0.1%
CVE-2025-8031 CRITICAL PATCH Act Now

HTTP Basic Authentication credentials leak in Mozilla Firefox and Thunderbird via Content Security Policy (CSP) violation reports affects all versions prior to Firefox 141, Firefox ESR 128.13/140.1, and Thunderbird 141/128.13/140.1. When CSP violations occur on pages using HTTP Basic Auth, the browser incorrectly includes username:password in the violation report URL sent to the CSP report endpoint, exposing credentials to potentially untrusted third parties. With CVSS 9.8 and network-based unauthenticated attack vector (AV:N/AC:L/PR:N), this represents a critical credential disclosure vulnerability, though no public exploit or active exploitation (non-KEV) is confirmed at time of analysis.

Mozilla Privilege Escalation Thunderbird Red Hat Suse
NVD
CVSS 3.1
9.8
EPSS
0.1%
CVE-2025-8030 HIGH PATCH This Week

Firefox and Thunderbird's 'Copy as cURL' feature improperly escapes shell metacharacters, allowing remote attackers to trick users into executing arbitrary commands when pasting copied network requests into a terminal. Affects Firefox <141, Firefox ESR <128.13/140.1, and Thunderbird <141, <128.13/140.1. Vendor-released patches available across all affected branches. CVSS 8.1 with network attack vector requiring user interaction; no public exploit identified at time of analysis. EPSS data not provided but social engineering dependency limits automated exploitation risk.

Mozilla RCE Code Injection Thunderbird Red Hat +1
NVD
CVSS 3.1
8.1
EPSS
0.1%
CVE-2025-8029 HIGH PATCH This Week

Mozilla Firefox and Thunderbird execute JavaScript via crafted object/embed tags, enabling remote attackers to achieve high-impact XSS without authentication. Affects Firefox <141, Firefox ESR <128.13/<140.1, and Thunderbird <141/128.13/140.1. Users must visit a malicious page (UI:R), but attack complexity is low (AC:L) and no privileges required (PR:N). Vendor-released patches available across all affected product lines. No public exploit identified at time of analysis, though the attack surface is broad given browser/email client ubiquity.

Mozilla XSS Thunderbird Red Hat Suse
NVD
CVSS 3.1
8.1
EPSS
0.1%
CVE-2025-8028 CRITICAL PATCH Act Now

WebAssembly JIT compiler on ARM64 architectures incorrectly calculates branch addresses when processing WASM br_table instructions with numerous entries, enabling remote code execution in Firefox <141, Firefox ESR <115.26/128.13/140.1, and Thunderbird <141/128.13/140.1. The vulnerability requires no authentication or user interaction (CVSS AV:N/AC:L/PR:N/UI:N), allowing network-based attackers to potentially execute arbitrary code through malicious WASM content. Vendor-released patches are available across all affected product lines. No public exploit identified at time of analysis, though the CVSS 9.8 critical rating reflects the theoretical severity of unauthenticated remote code execution.

Mozilla Information Disclosure Thunderbird Red Hat Suse
NVD
CVSS 3.1
9.8
EPSS
0.2%
CVE-2025-8027 MEDIUM PATCH This Month

Information disclosure in Mozilla Firefox and Thunderbird on 64-bit platforms allows remote attackers to leak sensitive memory contents via specially crafted web content. The IonMonkey JIT compiler writes only 32 bits of the 64-bit return value space on the stack, while the Baseline JIT reads the entire 64 bits, exposing uninitialized stack memory. Exploitation requires user interaction (UI:R) and no authentication. Fixes are available: Firefox 141+, Firefox ESR 115.26+, Firefox ESR 128.13+, Firefox ESR 140.1+, Thunderbird 141+, Thunderbird 128.13+, and Thunderbird 140.1+.

Mozilla Information Disclosure Thunderbird Red Hat Suse
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-5262 HIGH PATCH This Month

A double-free could have occurred in `vpx_codec_enc_init_multi` after a failed allocation when initializing the encoder for WebRTC. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Mozilla Thunderbird Red Hat Suse
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2024-11708 MEDIUM This Month

Missing thread synchronization primitives could have led to a data race on members of the PlaybackParams structure. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Race Condition Information Disclosure Mozilla Firefox Thunderbird
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2024-11706 MEDIUM This Month

A null pointer dereference may have inadvertently occurred in `pk12util`, and specifically in the `SEC_ASN1DecodeItem_Util` function, when handling malformed or improperly formatted input files. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Mozilla Firefox Thunderbird
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2024-11705 CRITICAL Act Now

`NSC_DeriveKey` inadvertently assumed that the `phKey` parameter is always non-NULL. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Mozilla Firefox Thunderbird
NVD
CVSS 3.1
9.1
EPSS
0.7%
CVE-2024-11704 CRITICAL Act Now

A double-free issue could have occurred in `sec_pkcs7_decoder_start_decrypt()` when handling an error path. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Mozilla Firefox Thunderbird
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2024-11702 HIGH This Week

Copying sensitive information from Private Browsing tabs on Android, such as passwords, may have inadvertently stored data in the cloud-based clipboard history if enabled. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Google Mozilla Firefox Thunderbird
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2024-11701 MEDIUM This Month

The incorrect domain may have been displayed in the address bar during an interrupted navigation attempt. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Mozilla Firefox Thunderbird
NVD
CVSS 3.1
4.3
EPSS
0.4%
CVE-2024-11700 HIGH This Week

Malicious websites may have been able to perform user intent confirmation through tapjacking. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Mozilla Firefox Thunderbird
NVD
CVSS 3.1
8.1
EPSS
0.5%
CVE-2024-11698 CRITICAL Act Now

A flaw in handling fullscreen transitions may have inadvertently caused the application to become stuck in fullscreen mode when a modal dialog was opened during the transition. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure Mozilla Firefox Thunderbird
NVD
CVSS 3.1
9.8
EPSS
0.7%
EPSS 0% CVSS 6.5
MEDIUM This Month

An attacker who can send HTML chat messages (via Matrix or XMPP) can inject arbitrary styled content, phishing links, and CSS that manipulates the chat UI. This vulnerability was fixed in Thunderbird 152.0.1 and Thunderbird 140.12.1.

Mozilla Thunderbird XSS
NVD VulDB
EPSS 0% CVSS 5.3
MEDIUM This Month

A malicious LDAP server, which a Thunderbird user is configured to query for address-book autocomplete, can stash arbitrarily large amounts of attacker-supplied data into the Thunderbird LDAP client until it crashes due to memory exhaustion. This vulnerability was fixed in Thunderbird 152.0.1 and Thunderbird 140.12.1.

Mozilla Thunderbird Denial Of Service
NVD VulDB
EPSS 0% CVSS 7.4
HIGH PATCH This Week

Thunderbird's mail parser fails to validate string length parameters, allowing a compromised mail server to trigger out-of-bounds memory reads through malformed email content. Affected users running versions prior to 149 and 140.9 could experience application crashes or disclosure of sensitive data from process memory. The vulnerability requires network access but no user interaction, though no patch is currently available.

Mozilla Buffer Overflow Information Disclosure +1
NVD VulDB
EPSS 0% CVSS 9.8
CRITICAL PATCH Act Now

Memory safety bugs in Firefox 147 and Thunderbird 147 with evidence of memory corruption. Mainline-only bugs not present in ESR branches.

Memory Corruption Mozilla Buffer Overflow +2
NVD VulDB
EPSS 0% CVSS 9.8
CRITICAL PATCH Act Now

Use-after-free in Firefox DOM Core & HTML before 148. DOM object lifecycle error.

Use After Free Memory Corruption Mozilla +2
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

A use-after-free vulnerability in Firefox and Thunderbird's DOM processing allows remote attackers to execute arbitrary code through a malicious webpage or email attachment, requiring only user interaction to trigger. This affects Firefox versions below 148 and Thunderbird versions below 148, with no patch currently available.

Use After Free Memory Corruption Mozilla +2
NVD VulDB
EPSS 0% CVSS 9.8
CRITICAL PATCH Act Now

Use-after-free in Firefox JavaScript GC before 148. Second GC UAF, different from CVE-2026-2795.

Use After Free Memory Corruption Mozilla +2
NVD VulDB
EPSS 0% CVSS 9.8
CRITICAL POC PATCH Act Now

JIT miscompilation in Firefox WebAssembly before 148. The JIT compiler generates incorrect Wasm code, enabling type confusion. PoC available.

Mozilla Memory Corruption Information Disclosure +1
NVD GitHub VulDB
EPSS 0% CVSS 9.8
CRITICAL PATCH Act Now

Use-after-free in Firefox JavaScript GC component before 148. GC-specific UAF affecting only mainline Firefox and Thunderbird.

Use After Free Memory Corruption Mozilla +2
NVD VulDB
EPSS 0% CVSS 9.8
CRITICAL PATCH Act Now

Memory safety bugs in Firefox ESR 115.32, ESR 140.7, and Firefox 147. Broader set of memory corruption issues than CVE-2026-2792.

Memory Corruption Mozilla Buffer Overflow +2
NVD VulDB
EPSS 0% CVSS 9.8
CRITICAL PATCH Act Now

Memory safety bugs in Firefox ESR 140.7 and Firefox 147 with evidence of memory corruption and potential code execution exploitability.

Memory Corruption Mozilla Buffer Overflow +2
NVD VulDB
EPSS 0% CVSS 10.0
CRITICAL PATCH Act Now

Sandbox escape via DOM Core & HTML component in Firefox before 148. CVSS 10.0 — fifth sandbox escape in this release.

Mozilla Buffer Overflow Thunderbird
NVD VulDB
EPSS 0% CVSS 9.8
CRITICAL PATCH Act Now

Privilege escalation in Firefox Messaging System component before 148. The inter-process messaging system allows escalation from content to privileged process.

Privilege Escalation Mozilla Thunderbird
NVD VulDB
EPSS 0% CVSS 10.0
CRITICAL PATCH Act Now

Sandbox escape via Telemetry component in Firefox external software before 148. CVSS 10.0 — fourth sandbox escape in this release, through the telemetry subsystem.

Buffer Overflow Mozilla Thunderbird
NVD VulDB
EPSS 0% CVSS 9.8
CRITICAL PATCH Act Now

HTML parser mitigation bypass in Firefox DOM before 148. Bypasses content sanitization protections via alternate authentication path in the HTML parser.

Mozilla Authentication Bypass Thunderbird
NVD VulDB
EPSS 0% CVSS 9.8
CRITICAL PATCH Act Now

Integer overflow in Firefox Audio/Video component before 148. Overflow in media processing leads to incorrect memory allocations.

Integer Overflow Mozilla Buffer Overflow +1
NVD VulDB
EPSS 0% CVSS 9.8
CRITICAL PATCH Act Now

Boundary error in Firefox Web Audio component before 148. Crafted audio processing triggers memory corruption.

Buffer Overflow Mozilla Thunderbird
NVD VulDB
EPSS 0% CVSS 9.8
CRITICAL PATCH Act Now

Use-after-free in Firefox Audio/Video Playback component before 148. Media playback triggers memory corruption.

Use After Free Memory Corruption Mozilla +2
NVD VulDB
EPSS 0% CVSS 9.8
CRITICAL PATCH Act Now

Undefined behavior in Firefox DOM Core & HTML component before 148. Can lead to memory corruption and potential code execution.

Buffer Overflow Mozilla Information Disclosure +1
NVD VulDB
EPSS 0% CVSS 9.8
CRITICAL PATCH Act Now

Use-after-free in Firefox DOM Bindings (WebIDL) component before 148. Memory corruption in the interface between JavaScript and native DOM objects.

Use After Free Memory Corruption Mozilla +2
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

A use-after-free vulnerability in the IndexedDB storage component of Firefox and Thunderbird allows remote attackers to achieve arbitrary code execution through user interaction. Affected versions include Firefox below 148, Firefox ESR below 115.33 and 140.8, and Thunderbird below 148 and 140.8. No patch is currently available for this high-severity flaw.

Use After Free Memory Corruption Mozilla +2
NVD VulDB
EPSS 0% CVSS 10.0
CRITICAL PATCH Act Now

Sandbox escape via IndexedDB in Firefox before 148 and Thunderbird. CVSS 10.0 — the Storage: IndexedDB component allows escaping the content process sandbox.

Authentication Bypass Mozilla Thunderbird
NVD VulDB
EPSS 0% CVSS 9.8
CRITICAL PATCH Act Now

Use-after-free in Firefox JavaScript WebAssembly component before 148. WebAssembly-specific memory management bug.

Use After Free Memory Corruption Mozilla +2
NVD VulDB
EPSS 0% CVSS 9.8
CRITICAL PATCH Act Now

Use-after-free in Firefox JavaScript JIT compiler before 148. Second JIT-related UAF in this release, different from CVE-2026-2764.

Use After Free Memory Corruption Mozilla +2
NVD VulDB
EPSS 0% CVSS 9.8
CRITICAL PATCH Act Now

Use-after-free in Firefox JavaScript Engine before 148 and Thunderbird ESR 140.8. Separate UAF from CVE-2026-2763 and CVE-2026-2758.

Use After Free Memory Corruption Mozilla +2
NVD VulDB
EPSS 0% CVSS 9.8
CRITICAL PATCH Act Now

JIT miscompilation causing use-after-free in Firefox JavaScript JIT compiler before 148. JIT bugs are highly exploitable due to their deterministic nature.

Use After Free Memory Corruption Mozilla +2
NVD VulDB
EPSS 0% CVSS 9.8
CRITICAL PATCH Act Now

Use-after-free in Firefox JavaScript Engine before 148. One of multiple JS engine UAFs fixed in this release.

Use After Free Memory Corruption Mozilla +2
NVD VulDB
EPSS 0% CVSS 9.8
CRITICAL PATCH Act Now

Integer overflow in Firefox JavaScript Standard Library before 148 leads to memory corruption through crafted JavaScript operations.

Integer Overflow Mozilla Buffer Overflow +1
NVD VulDB
EPSS 0% CVSS 10.0
CRITICAL PATCH Act Now

Second sandbox escape in Firefox WebRender component. CVSS 10.0 — independent path from CVE-2026-2760 to escape the content process sandbox.

Information Disclosure Mozilla Thunderbird
NVD VulDB
EPSS 0% CVSS 10.0
CRITICAL PATCH Act Now

Sandbox escape via boundary violation in Firefox WebRender graphics component. CVSS 10.0 — allows escaping the content sandbox to execute code with elevated privileges.

Information Disclosure Mozilla Thunderbird
NVD VulDB
EPSS 0% CVSS 9.8
CRITICAL PATCH Act Now

Boundary violation in Firefox ImageLib graphics component before 148 enables memory corruption through crafted images.

Mozilla Information Disclosure Thunderbird
NVD VulDB
EPSS 0% CVSS 9.8
CRITICAL PATCH Act Now

Use-after-free in Firefox JavaScript garbage collector before 148 allows remote code execution through crafted JavaScript.

Use After Free Memory Corruption Mozilla +2
NVD VulDB
EPSS 0% CVSS 9.8
CRITICAL PATCH Act Now

Boundary violation in Firefox WebRTC Audio/Video component before 148 allows remote code execution through crafted WebRTC media streams.

Mozilla Information Disclosure Thunderbird
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Heap buffer overflow in libvpx affects Firefox and Thunderbird across multiple versions, enabling remote code execution when a user interacts with malicious content. An unauthenticated attacker can exploit this vulnerability over the network without special privileges to achieve complete system compromise including data theft and integrity violations. No patch is currently available, making this a critical risk for affected users.

Buffer Overflow Mozilla Heap Overflow +1
NVD VulDB
EPSS 0% CVSS 8.1
HIGH PATCH This Week

Arbitrary code execution in Firefox and Thunderbird versions prior to 147/140.7 results from memory corruption vulnerabilities that could allow remote attackers to execute malicious code with no user interaction required. Multiple memory safety flaws across Firefox ESR 140.6, Thunderbird ESR 140.6, Firefox 146, and Thunderbird 146 create conditions for potential exploitation despite no patch currently being available. The high CVSS score of 8.1 reflects the critical nature of achieving full system compromise through network-based attack vectors.

Mozilla Buffer Overflow RCE +1
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

A use-after-free vulnerability in the IPC component of Firefox (versions below 147 and ESR versions below 115.32/140.7) and Thunderbird (versions below 147 and 140.7) enables remote code execution when users interact with malicious content. The flaw requires user interaction and network access, allowing attackers to achieve full system compromise with high integrity and confidentiality impact. No patch is currently available for this vulnerability.

Use After Free Memory Corruption Mozilla +2
NVD VulDB
EPSS 0% CVSS 10.0
CRITICAL PATCH Act Now

Firefox Messaging System component has a sandbox escape vulnerability. Maximum CVSS 10.0 with scope change. Affects Firefox < 147 and Thunderbird < 147.

Authentication Bypass Mozilla Thunderbird
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Integer overflow in Firefox and Thunderbird's Graphics component enables sandbox escape, allowing remote attackers to execute arbitrary code with high privileges through a malicious webpage or content requiring user interaction. Affected versions include Firefox below 147, Firefox ESR below 115.32 and 140.7, and Thunderbird below 147 and 140.7. No patch is currently available.

Integer Overflow Mozilla Buffer Overflow +1
NVD VulDB
EPSS 0% CVSS 9.8
CRITICAL PATCH Act Now

Firefox sandbox escape via incorrect boundary conditions in the Graphics component. Affects Firefox < 147, Firefox ESR < 115.32 and < 140.7, Thunderbird < 147 and < 140.7.

Mozilla Buffer Overflow Thunderbird
NVD VulDB
EPSS 0% CVSS 8.0
HIGH PATCH This Week

Incorrect boundary condition validation in Firefox and Thunderbird's WebGL graphics component allows attackers to escape the sandbox and potentially execute arbitrary code through a crafted web page or malicious content. The vulnerability affects Firefox versions below 147, Firefox ESR below 140.7, Thunderbird below 147, and Thunderbird ESR below 140.7, and requires user interaction to exploit. No patch is currently available.

Mozilla Information Disclosure Thunderbird
NVD VulDB
EPSS 0% CVSS 8.1
HIGH PATCH This Week

DOM security bypass in Firefox and Thunderbird allows remote attackers to circumvent protective mitigations through user interaction, affecting multiple versions across both products. An attacker can exploit this to achieve high-impact compromise of confidentiality and integrity without requiring authentication. Currently no patch is available for affected users.

Mozilla Authentication Bypass Thunderbird
NVD VulDB
EPSS 0% CVSS 8.1
HIGH PATCH This Week

Multiple memory corruption flaws in Firefox and Thunderbird enable remote code execution via network-accessible attack vectors. Mozilla Firefox ESR 140.5, Firefox 145, Thunderbird ESR 140.5, and Thunderbird 145 contain memory safety bugs with evidence of corruption that Mozilla presumes exploitable for arbitrary code execution. Authentication requirements not confirmed from available data (CVSS vector shows PR:N). Vendor-released patches available: Firefox 146, Firefox ESR 140.6, Thunderbird 146, Thunderbird 140.6. EPSS probability is low (0.09%, 25th percentile), and no public exploit identified at time of analysis.

Memory Corruption Mozilla RCE +4
NVD VulDB
EPSS 0% CVSS 7.3
HIGH PATCH This Week

Memory corruption vulnerabilities in Mozilla Firefox 145 and Thunderbird 145 enable remote code execution via multiple memory safety bugs. Unauthenticated remote attackers can exploit these flaws (CWE-787 buffer overflow) through network-based attack vectors with low complexity, requiring no user interaction. Mozilla has released patches in Firefox 146 and Thunderbird 146. EPSS score of 0.07% (21st percentile) suggests low observed exploitation probability, and no public exploit identified at time of analysis, though the vendor's assessment indicates memory corruption with exploitable potential.

Memory Corruption Mozilla RCE +4
NVD VulDB
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

Same-origin policy bypass in Firefox and Thunderbird request handling allows unauthenticated remote attackers to access sensitive information from cross-origin resources with low attack complexity and no user interaction required. The vulnerability affects Firefox versions below 146, Firefox ESR below 115.31 and 140.6, Thunderbird below 146, and Thunderbird ESR below 140.6. No public exploit code has been identified at time of analysis, and the EPSS score of 0.04% indicates low real-world exploitation probability despite the moderate CVSS rating.

Mozilla Authentication Bypass Thunderbird +2
NVD VulDB
EPSS 0% CVSS 9.8
CRITICAL PATCH Act Now

Just-In-Time (JIT) compilation flaws in Mozilla's JavaScript engine allow unauthenticated remote attackers to achieve arbitrary code execution with high integrity and availability impact across Firefox and Thunderbird. Affects Firefox <146, Firefox ESR <140.6, Thunderbird <146, and Thunderbird ESR <140.6. Despite a critical CVSS 9.8 score, EPSS probability remains low at 0.09% (25th percentile), and no public exploit or active exploitation (CISA KEV) has been identified at time of analysis. Vendor-released patches are available across all affected product lines.

Mozilla Buffer Overflow Thunderbird +2
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Privilege escalation in Mozilla Firefox and Thunderbird Netmonitor component allows remote attackers to execute arbitrary code with elevated privileges when users interact with malicious content. Affects Firefox versions prior to 146, Firefox ESR prior to 140.6, Thunderbird prior to 146, and Thunderbird ESR prior to 140.6. Mozilla released patches in January 2025 across all product lines. EPSS score of 0.07% (22nd percentile) indicates low current exploitation probability, with no confirmed active exploitation (not in CISA KEV) and no public exploit code identified at time of analysis. CVSS 8.8 reflects the high impact potential despite requiring user interaction.

Mozilla Privilege Escalation Thunderbird +2
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Privilege escalation in Mozilla Firefox and Thunderbird's Netmonitor component allows unauthenticated remote attackers to gain elevated privileges via user interaction. Affects Firefox <146, Firefox ESR <140.6, Thunderbird <146, and Thunderbird ESR <140.6. With an 8.8 CVSS score but only 0.07% EPSS (22nd percentile), no public exploit identified at time of analysis, and vendor-released patches available. Not listed in CISA KEV, indicating no confirmed active exploitation.

Mozilla Privilege Escalation Thunderbird +2
NVD VulDB
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Downloads Panel in Mozilla Firefox and Thunderbird allows remote spoofing attacks enabling integrity compromise without authentication. Affects Firefox <146, Thunderbird <146, Firefox ESR <140.7, and Thunderbird ESR <140.7. The authentication bypass flaw (CWE-290) permits network-based attackers to manipulate download information displayed to users with low attack complexity and no user interaction required. Despite CVSS 7.5 (High), EPSS score of 0.02% (3rd percentile) indicates minimal real-world exploitation likelihood. No active exploitation confirmed (not in CISA KEV), and no public exploit identified at time of analysis.

Mozilla Authentication Bypass Thunderbird +2
NVD VulDB
EPSS 0% CVSS 9.8
CRITICAL PATCH Act Now

Remote code execution in Mozilla Firefox and Thunderbird (pre-146) allows unauthenticated network attackers to execute arbitrary code via a use-after-free flaw in the GMP (Gecko Media Plugin) audio/video component. Despite a critical CVSS 9.8 rating, EPSS probability remains low (0.08%, 23rd percentile), and no public exploit identified at time of analysis. Mozilla patched both products in version 146, with vendor advisories and technical details available via Bugzilla.

Memory Corruption Mozilla Use After Free +4
NVD VulDB
EPSS 0% CVSS 7.3
HIGH PATCH This Week

JIT compiler miscompilation in Mozilla Firefox and Thunderbird's JavaScript engine enables remote attackers to achieve limited confidentiality, integrity, and availability impact without authentication or user interaction. Affects Firefox < 146, Firefox ESR < 140.6, Thunderbird < 146, and Thunderbird ESR < 140.6. Vendor-released patches available in Firefox 146, Firefox ESR 140.6, Thunderbird 146, and Thunderbird 140.6. No public exploit identified at time of analysis, with EPSS score of 0.11% (30th percentile) indicating low predicted exploitation probability.

Memory Corruption Mozilla Information Disclosure +3
NVD VulDB
EPSS 0% CVSS 9.8
CRITICAL PATCH Act Now

JIT compiler miscompilation in Mozilla's JavaScript engine allows remote code execution without authentication in Firefox (versions <146, <115.31 ESR, <140.6 ESR) and Thunderbird (versions <146, <140.6 ESR). The CVSS 9.8 critical score reflects network-based exploitation requiring no user interaction. EPSS score of 0.10% (27th percentile) suggests low predicted exploitation probability despite severity. No public exploit identified at time of analysis, and vendor-released patches are available across all affected product lines per Mozilla security advisories MFSA2025-92 through MFSA2025-96.

Mozilla RCE Code Injection +3
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Privilege escalation in Mozilla Firefox and Thunderbird's DOM Notifications component enables unauthenticated remote attackers to achieve high-severity impacts (confidentiality, integrity, availability) via user interaction. Affects Firefox <146, Firefox ESR <115.31 and <140.6, Thunderbird <146 and <140.6. EPSS exploitation probability is low (0.08%, 23rd percentile), and no public exploit or active exploitation (CISA KEV) has been identified at time of analysis. Vendor-released patches are available across all affected product lines.

Mozilla Privilege Escalation Thunderbird +2
NVD VulDB
EPSS 0% CVSS 8.0
HIGH PATCH This Week

Sandbox escape in Mozilla Firefox and Thunderbird's CanvasWebGL component allows remote attackers to bypass security boundaries via crafted web content with user interaction. Affects Firefox <146, Firefox ESR <115.31 and <140.6, Thunderbird <146 and Thunderbird ESR <140.6. EPSS probability is low (0.06%, 20th percentile), and no public exploit identified at time of analysis. The CVSS score of 8.0 reflects high confidentiality and integrity impact with scope change, though attack complexity is high and requires user interaction.

Mozilla Information Disclosure Thunderbird +2
NVD VulDB
EPSS 0% CVSS 9.8
CRITICAL PATCH Act Now

Remote code execution via use-after-free in Mozilla Firefox and Thunderbird WebRTC signaling allows unauthenticated network attackers to execute arbitrary code without user interaction. Affects Firefox <146, Firefox ESR <140.6, Thunderbird <146, and Thunderbird ESR <140.6. Vendor-released patches available (Firefox 146, Firefox ESR 140.6, Thunderbird 146, Thunderbird 140.6). CVSS 9.8 (critical) reflects maximum technical severity, though EPSS 0.09% (25th percentile) and absence from CISA KEV suggest limited real-world exploitation at time of analysis. No public exploit identified at time of analysis.

Memory Corruption Mozilla Use After Free +4
NVD VulDB
EPSS 0% CVSS 9.8
CRITICAL PATCH Act Now

Remote code execution in Mozilla Firefox 143 and Thunderbird 143 allows unauthenticated network attackers to execute arbitrary code via memory corruption. The vulnerability stems from a memory safety bug (CWE-119 buffer overflow) exploitable without user interaction. CVSS score of 9.8 reflects critical severity with network-based attack vector, low complexity, and no privileges required. Vendor-released patches are available in Firefox 144 and Thunderbird 144. No public exploit identified at time of analysis, though Mozilla's assessment indicates the memory corruption is presumed exploitable with sufficient effort.

Mozilla RCE Buffer Overflow +3
NVD
EPSS 0% CVSS 9.8
CRITICAL PATCH Act Now

Use-after-free memory corruption in Mozilla Thunderbird 143+ and Firefox allows remote code execution via malicious web extensions exploiting the native messaging API on Windows. CVSS 9.8 (critical) with network-based attack vector requiring no user interaction or authentication. Patched in Firefox 144 and Thunderbird 144. No public exploit identified at time of analysis, but CVSS metrics indicate high exploitability (AV:N/AC:L/PR:N/UI:N) with complete impact to confidentiality, integrity, and availability.

Memory Corruption Use After Free Buffer Overflow +5
NVD
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

Sandboxed iframes in Firefox and Thunderbird can bypass Android permission restrictions to launch external applications without the required allow-permissions, enabling attackers to trigger unintended app launches through malicious links. Unauthenticated remote attackers can exploit this via user interaction (link click) to achieve integrity impact. Firefox 144 and Thunderbird 144 contain fixes; no public exploit code or active exploitation has been identified.

Mozilla Google Authentication Bypass +2
NVD
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Memory corruption in Firefox 143, Firefox ESR 140.3, Thunderbird 143, and Thunderbird ESR 140.3 enables remote arbitrary code execution when users interact with malicious content. Exploitation requires user interaction (opening crafted web content or email), but no authentication is needed. Mozilla issued patches in Firefox 144, Firefox ESR 140.4, Thunderbird 144, and Thunderbird ESR 140.4. With CVSS 8.8 and EPSS data unavailable, the vulnerability represents critical risk to unpatched installations. No public exploit identified at time of analysis, though Mozilla's acknowledgment of memory corruption evidence suggests exploitation is technically feasible.

Mozilla RCE Buffer Overflow +3
NVD
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Memory corruption vulnerabilities in Mozilla Firefox and Thunderbird allow remote code execution when users interact with malicious web content. Affects Firefox ESR 115.28 and below, Firefox ESR 140.3 and below, Firefox 143 and below, Thunderbird 143 and below, and Thunderbird ESR 140.3 and below. Mozilla confirmed memory safety bugs with evidence of memory corruption presumed exploitable for arbitrary code execution. Vendor-released patches available: Firefox 144, Firefox ESR 115.29, Firefox ESR 140.4, Thunderbird 144, and Thunderbird 140.4. CVSS 8.8 severity driven by network attack vector with low complexity requiring only user interaction, no authentication required. No public exploit identified at time of analysis, though multiple internal bug reports suggest coordinated fix effort.

Mozilla RCE Buffer Overflow +3
NVD VulDB
EPSS 0% CVSS 8.1
HIGH PATCH This Week

Command injection via Firefox/Thunderbird 'Copy as cURL' feature on Windows allows remote attackers to execute arbitrary commands when users copy network requests as cURL commands and paste them into terminals. Affects Firefox <144, Firefox ESR <140.4, Thunderbird <144, and Thunderbird <140.4 exclusively on Windows platforms. No public exploit identified at time of analysis, but attack vector requires only user interaction (CVSS PR:N/UI:R) with no privileges needed.

Mozilla Information Disclosure Microsoft +3
NVD VulDB
EPSS 0% CVSS 6.1
MEDIUM PATCH This Month

Firefox and Thunderbird allow cross-site scripting (XSS) attacks when a malicious page uses the type attribute of an OBJECT tag to override default browser behavior for resources served without a content-type header. An attacker can craft a malicious webpage that exploits this flaw to execute arbitrary JavaScript in the context of a vulnerable site that unsafely omits content-type headers, affecting Firefox versions before 144, Firefox ESR before 140.4, Thunderbird before 144, and Thunderbird ESR before 140.4. No public exploit code or active exploitation has been identified at time of analysis.

Mozilla XSS Thunderbird +2
NVD VulDB
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

Modify read-only JavaScript Object properties in Firefox and Thunderbird via crafted web content, allowing attackers to bypass property immutability protections and alter application state. Affects Firefox versions below 144, Firefox ESR below 115.29 and 140.4, Thunderbird below 144 and 140.4. Requires user interaction (malicious website visit) but no authentication. CVSS 6.5 reflects high integrity impact with user-interaction requirement; no evidence of active exploitation or public exploit code at time of analysis.

Mozilla Information Disclosure Thunderbird +2
NVD VulDB
EPSS 0% CVSS 9.8
CRITICAL PATCH Act Now

Information disclosure in Mozilla Firefox and Thunderbird allows unauthenticated remote attackers to extract privileged browser process memory via malicious IPC messages from a compromised web content process. Affects Firefox <144, Firefox ESR <115.29 and <140.4, and Thunderbird <144 and <140.4. CVSS 9.8 indicates network-exploitable with no auth required, though actual exploitation requires first compromising a web content process. Vendor-released patches available (Firefox 144, Firefox ESR 115.29/140.4, Thunderbird 144/140.4). No public exploit identified at time of analysis; EPSS data not provided.

Mozilla Information Disclosure Thunderbird +2
NVD VulDB
EPSS 0% CVSS 9.8
CRITICAL PATCH Act Now

Out-of-bounds memory corruption in Mozilla Firefox and Thunderbird allows unauthenticated remote attackers to achieve code execution via malicious WebGL texture operations. A compromised web content process can exploit manipulated WebGL textures to trigger out-of-bounds reads and writes in privileged browser processes, potentially leading to full system compromise. Affects Firefox <144, Firefox ESR <115.29 and <140.4, and Thunderbird <144 and <140.4. Vendor-released patches available across all affected product lines. CVSS 9.8 reflects network-accessible, no-authentication-required attack with high impact across confidentiality, integrity, and availability. No public exploit identified at time of analysis, though the specific Bugzilla reference (1989127) indicates detailed technical analysis exists.

Memory Corruption Mozilla Buffer Overflow +3
NVD VulDB
EPSS 0% CVSS 9.8
CRITICAL PATCH Act Now

Remote code execution in Mozilla Firefox (all versions prior to 144, ESR prior to 140.4) and Thunderbird (all versions prior to 144, ESR prior to 140.4) allows unauthenticated remote attackers to execute arbitrary code, disclose sensitive information, or cause denial of service through a use-after-free vulnerability in MediaTrackGraphImpl::GetInstance(). With a critical CVSS score of 9.8 and no authentication required, this memory corruption flaw represents a severe security risk. No public exploit identified at time of analysis, though EPSS data not available to assess exploitation probability.

Memory Corruption Mozilla Use After Free +4
NVD VulDB
EPSS 0% CVSS 9.8
CRITICAL PATCH Act Now

Memory corruption in Firefox 140 and Thunderbird 140 enables remote code execution without authentication. Mozilla confirmed multiple memory safety bugs with evidence of corruption, collectively presumed exploitable for arbitrary code execution. Fixed in Firefox 141 and Thunderbird 141. CVSS 9.8 critical severity with network-accessible attack vector requiring no user interaction. EPSS data not provided; no public exploit identified at time of analysis.

Mozilla RCE Buffer Overflow +3
NVD
EPSS 0% CVSS 9.8
CRITICAL POC PATCH Act Now

Firefox and Thunderbird URL truncation flaw enables spoofing attacks by displaying misleading origins in the address bar. Affects all Firefox versions prior to 141 and corresponding Thunderbird releases. Attackers can craft URLs that hide the true destination, tricking users into visiting malicious sites. Publicly available exploit code exists. CVSS 9.8 critical rating reflects network-based attack requiring no authentication, though real-world exploitation requires social engineering (user interaction despite UI:N vector).

Mozilla Information Disclosure Thunderbird +2
NVD
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Memory corruption in Mozilla Firefox 140 and Thunderbird 140 (including ESR versions) allows remote code execution when users interact with malicious web content. Affected versions include Firefox ESR 140.0, Firefox 140, Thunderbird ESR 140.0, and Thunderbird 140. With CVSS 8.8 and requiring only user interaction (no authentication), this represents a significant threat to enterprise and consumer users. No public exploit identified at time of analysis, though Mozilla confirmed memory corruption evidence suggesting exploitability with sufficient attacker effort. Vendor-released patches available in Firefox 141, Firefox ESR 140.1, Thunderbird 141, and Thunderbird 140.1.

Mozilla RCE Buffer Overflow +3
NVD
EPSS 0% CVSS 8.1
HIGH PATCH This Week

Search term leakage in Mozilla Firefox and Thunderbird URL bars exposes sensitive user queries to unauthorized parties when URLs are shared or logged. Firefox versions prior to 141 (regular) and 140.1 (ESR), and Thunderbird versions prior to 141 (regular) and 140.1 (ESR) fail to properly clear search parameters from the URL bar after navigation, enabling information disclosure through shoulder surfing, screenshot sharing, browser history exports, or URL-based tracking. No public exploit identified at time of analysis, though the attack requires only user interaction (EPSS data not provided). CVSS 8.1 reflects high confidentiality and integrity impact despite requiring user interaction.

Mozilla Information Disclosure Thunderbird +2
NVD
EPSS 0% CVSS 9.8
CRITICAL PATCH Act Now

Frame navigation validation bypass in Mozilla Firefox and Thunderbird allows unauthenticated remote attackers to violate security boundaries due to improper path checking (CWE-345). Affects Firefox <141, Firefox ESR <140.1, Thunderbird <141, and Thunderbird ESR <140.1. The CVSS 9.8 critical score reflects network-based exploitation with no user interaction required, enabling potential unauthorized access, data manipulation, and service disruption. No public exploit identified at time of analysis, though the network attack vector (AV:N) and low complexity (AC:L) suggest straightforward exploitation once technical details emerge.

Mozilla Information Disclosure Thunderbird +2
NVD
EPSS 0% CVSS 9.1
CRITICAL PATCH Act Now

Cookie shadowing in Mozilla Firefox (versions prior to 141 and ESR prior to 140.1) and Thunderbird (versions prior to 141 and ESR prior to 140.1) allows remote unauthenticated attackers to bypass Secure cookie protections and access or modify session data. A nameless cookie containing an equals sign set over insecure HTTP can override cookies with the Secure attribute, enabling session hijacking or authentication bypass. No public exploit identified at time of analysis, though the attack complexity is low (CVSS AC:L) with network-based attack vector requiring no user interaction.

Mozilla Information Disclosure Thunderbird +2
NVD
EPSS 0% CVSS 8.1
HIGH PATCH This Week

DNS rebinding attacks can bypass Cross-Origin Resource Sharing (CORS) protections in Mozilla Firefox and Thunderbird due to improper cache invalidation of CORS preflight responses when target IP addresses change. Remote attackers can exploit this via malicious websites to access confidential cross-origin data without user authentication (CVSS: PR:N, UI:R). No public exploit identified at time of analysis, though CERT VU#652514 provides technical disclosure. EPSS data not provided, but the combination of network-accessible attack vector, low complexity, and no required privileges warrants attention for organizations using affected Mozilla products.

Mozilla Information Disclosure Thunderbird +2
NVD
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Remote code execution in Mozilla Firefox (ESR 128.12, 140.0, Firefox 140) and Thunderbird (ESR 128.12, 140.0, Thunderbird 140) allows unauthenticated remote attackers to execute arbitrary code via memory corruption vulnerabilities classified as buffer overflow (CWE-119). User interaction is required. Mozilla has released patches for all affected products (Firefox 141, ESR 128.13, ESR 140.1, Thunderbird 141, 128.13, 140.1). No public exploit identified at time of analysis, though CVSS score of 8.8 reflects high severity with complete compromise potential.

Mozilla RCE Buffer Overflow +3
NVD
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Remote code execution in Mozilla Firefox (ESR 115.x through 115.25, 128.x through 128.12, 140.0, regular 140) and Thunderbird (ESR 128.12, 140.0, regular 140) via memory safety bugs (CWE-119 buffer overflow). Attackers can execute arbitrary code by delivering crafted web content that triggers memory corruption when a user interacts with malicious pages or emails. CVSS 8.8 (High) reflects network-based attack requiring user interaction but no authentication. Vendor-released patches available: Firefox 141, Firefox ESR 115.26/128.13/140.1, Thunderbird 141/128.13/140.1. EPSS data not provided; no public exploit identified at time of analysis, though Mozilla notes evidence of memory corruption suggesting exploitability with effort.

Mozilla RCE Buffer Overflow +3
NVD
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

Null pointer dereference in Firefox and Thunderbird JavaScript engines allows remote attackers to cause denial of service via malformed closed generator objects. The vulnerability affects Firefox versions below 141, Firefox ESR versions below 115.26/128.13/140.1, Thunderbird versions below 141/128.13/140.1, and is triggered when a user visits a malicious webpage or opens a crafted email containing JavaScript that improperly resumes a closed generator. While the CVSS score is 6.5 (medium-high), the impact is limited to availability-no information disclosure or code execution is possible.

Mozilla Denial Of Service Null Pointer Dereference +3
NVD
EPSS 0% CVSS 8.1
HIGH PATCH This Week

Content Security Policy bypass in Mozilla Firefox and Thunderbird allows remote attackers to circumvent CSP protections via maliciously crafted XSLT documents. The flaw affects Firefox versions prior to 141 and Firefox ESR prior to 128.13/140.1, as well as Thunderbird versions prior to 141 and Thunderbird ESR prior to 128.13/140.1. Attack requires user interaction (visiting a malicious site or opening a malicious email) but no authentication. With CVSS 8.1 (High severity) and documented in six separate Mozilla security advisories, this CSP bypass enables high-impact confidentiality and integrity violations, though no public exploit or active exploitation has been identified at time of analysis.

Mozilla Authentication Bypass Thunderbird +2
NVD
EPSS 0% CVSS 9.8
CRITICAL PATCH Act Now

HTTP Basic Authentication credentials leak in Mozilla Firefox and Thunderbird via Content Security Policy (CSP) violation reports affects all versions prior to Firefox 141, Firefox ESR 128.13/140.1, and Thunderbird 141/128.13/140.1. When CSP violations occur on pages using HTTP Basic Auth, the browser incorrectly includes username:password in the violation report URL sent to the CSP report endpoint, exposing credentials to potentially untrusted third parties. With CVSS 9.8 and network-based unauthenticated attack vector (AV:N/AC:L/PR:N), this represents a critical credential disclosure vulnerability, though no public exploit or active exploitation (non-KEV) is confirmed at time of analysis.

Mozilla Privilege Escalation Thunderbird +2
NVD
EPSS 0% CVSS 8.1
HIGH PATCH This Week

Firefox and Thunderbird's 'Copy as cURL' feature improperly escapes shell metacharacters, allowing remote attackers to trick users into executing arbitrary commands when pasting copied network requests into a terminal. Affects Firefox <141, Firefox ESR <128.13/140.1, and Thunderbird <141, <128.13/140.1. Vendor-released patches available across all affected branches. CVSS 8.1 with network attack vector requiring user interaction; no public exploit identified at time of analysis. EPSS data not provided but social engineering dependency limits automated exploitation risk.

Mozilla RCE Code Injection +3
NVD
EPSS 0% CVSS 8.1
HIGH PATCH This Week

Mozilla Firefox and Thunderbird execute JavaScript via crafted object/embed tags, enabling remote attackers to achieve high-impact XSS without authentication. Affects Firefox <141, Firefox ESR <128.13/<140.1, and Thunderbird <141/128.13/140.1. Users must visit a malicious page (UI:R), but attack complexity is low (AC:L) and no privileges required (PR:N). Vendor-released patches available across all affected product lines. No public exploit identified at time of analysis, though the attack surface is broad given browser/email client ubiquity.

Mozilla XSS Thunderbird +2
NVD
EPSS 0% CVSS 9.8
CRITICAL PATCH Act Now

WebAssembly JIT compiler on ARM64 architectures incorrectly calculates branch addresses when processing WASM br_table instructions with numerous entries, enabling remote code execution in Firefox <141, Firefox ESR <115.26/128.13/140.1, and Thunderbird <141/128.13/140.1. The vulnerability requires no authentication or user interaction (CVSS AV:N/AC:L/PR:N/UI:N), allowing network-based attackers to potentially execute arbitrary code through malicious WASM content. Vendor-released patches are available across all affected product lines. No public exploit identified at time of analysis, though the CVSS 9.8 critical rating reflects the theoretical severity of unauthenticated remote code execution.

Mozilla Information Disclosure Thunderbird +2
NVD
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

Information disclosure in Mozilla Firefox and Thunderbird on 64-bit platforms allows remote attackers to leak sensitive memory contents via specially crafted web content. The IonMonkey JIT compiler writes only 32 bits of the 64-bit return value space on the stack, while the Baseline JIT reads the entire 64 bits, exposing uninitialized stack memory. Exploitation requires user interaction (UI:R) and no authentication. Fixes are available: Firefox 141+, Firefox ESR 115.26+, Firefox ESR 128.13+, Firefox ESR 140.1+, Thunderbird 141+, Thunderbird 128.13+, and Thunderbird 140.1+.

Mozilla Information Disclosure Thunderbird +2
NVD
EPSS 0% CVSS 7.5
HIGH PATCH This Month

A double-free could have occurred in `vpx_codec_enc_init_multi` after a failed allocation when initializing the encoder for WebRTC. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Mozilla Thunderbird +2
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

Missing thread synchronization primitives could have led to a data race on members of the PlaybackParams structure. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Race Condition Information Disclosure Mozilla +2
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

A null pointer dereference may have inadvertently occurred in `pk12util`, and specifically in the `SEC_ASN1DecodeItem_Util` function, when handling malformed or improperly formatted input files. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Mozilla +2
NVD
EPSS 1% CVSS 9.1
CRITICAL Act Now

`NSC_DeriveKey` inadvertently assumed that the `phKey` parameter is always non-NULL. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Mozilla +2
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

A double-free issue could have occurred in `sec_pkcs7_decoder_start_decrypt()` when handling an error path. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Mozilla Firefox +1
NVD
EPSS 1% CVSS 7.5
HIGH This Week

Copying sensitive information from Private Browsing tabs on Android, such as passwords, may have inadvertently stored data in the cloud-based clipboard history if enabled. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Google Mozilla +2
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

The incorrect domain may have been displayed in the address bar during an interrupted navigation attempt. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Mozilla Firefox +1
NVD
EPSS 0% CVSS 8.1
HIGH This Week

Malicious websites may have been able to perform user intent confirmation through tapjacking. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Mozilla Firefox +1
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

A flaw in handling fullscreen transitions may have inadvertently caused the application to become stuck in fullscreen mode when a modal dialog was opened during the transition. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure Mozilla +2
NVD
Page 1 of 12 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy