2675
CVEs
589
Critical
1053
High
10
KEV
274
PoC
1036
Unpatched C/H
29.9%
Patch Rate
1.8%
Avg EPSS
Severity Breakdown
CRITICAL
589
HIGH
1053
MEDIUM
996
LOW
36
Monthly CVE Trend
Affected Products (30)
Firefox
1659
Thunderbird
989
Firefox Esr
461
Ubuntu Linux
363
Seamonkey
313
Android
288
Opensuse
284
Debian Linux
256
Thunderbird Esr
223
Enterprise Linux Server
163
Enterprise Linux Workstation
163
Enterprise Linux Desktop
163
Linux Enterprise Desktop
121
Linux Enterprise Server
121
Enterprise Linux Eus
111
Leap
108
Enterprise Linux Server Aus
100
Linux Enterprise Software Development Kit
97
Enterprise Linux Server Eus
95
Enterprise Linux Server Tus
68
Fedora
67
Solaris
66
Suse Linux Enterprise Server
55
Chrome
48
Suse Linux Enterprise Software Development Kit
45
Suse Linux Enterprise Desktop
45
Network Security Services
29
Open Redirect
29
Firefox Mobile
20
Linux Enterprise
20
Top Risky CVEs
| CVE | Summary | Severity | CVSS | EPSS | Priority | Signals |
|---|---|---|---|---|---|---|
| CVE-2015-4495 | The PDF reader in Mozilla Firefox before 39.0.3, Firefox ESR 38.x before 38.1.1, and Firefox OS before 2.2 allows remote attackers to bypass the Same Origin Policy, and read arbitrary files or gain. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Actively exploited in the wild (cisa kev) and public exploit code available. | HIGH | 8.8 | 71.6% | 186 |
KEV
PoC
|
| CVE-2013-1690 | Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbird before 17.0.7, and Thunderbird ESR 17.x before 17.0.7 do not properly handle onreadystatechange events in conjunction with. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Actively exploited in the wild (cisa kev) and public exploit code available. | HIGH | 8.8 | 47.1% | 176 |
KEV
PoC
No patch
|
| CVE-2013-0758 | Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.2, and SeaMonkey before 2.15. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 87.4%. | CRITICAL | 9.3 | 87.4% | 169 |
PoC
No patch
|
| CVE-2013-0753 | Use-after-free vulnerability in the serializeToStream implementation in the XMLSerializer component in Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.2, Thunderbird. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 84.0%. | CRITICAL | 9.3 | 84.0% | 166 |
PoC
|
| CVE-2012-3993 | The Chrome Object Wrapper (COW) implementation in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 80.8%. | CRITICAL | 9.3 | 80.8% | 162 |
PoC
No patch
|
| CVE-2013-1710 | The crypto.generateCRMFRequest function in Mozilla Firefox before 23.0, Firefox ESR 17.x before 17.0.8, Thunderbird before 17.0.8, Thunderbird ESR 17.x before 17.0.8, and SeaMonkey before 2.20 allows. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 76.5%. | CRITICAL | 10.0 | 76.5% | 161 |
PoC
No patch
|
| CVE-2017-3823 | An issue was discovered in the Cisco WebEx Extension before 1.0.7 on Google Chrome, the ActiveTouch General Plugin Container before 106 on Mozilla Firefox, the GpcContainer Class ActiveX control. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 80.4%. | HIGH | 8.8 | 80.4% | 159 |
PoC
No patch
|
| CVE-2014-8636 | The XrayWrapper implementation in Mozilla Firefox before 35.0 and SeaMonkey before 2.32 does not properly interact with a DOM object that has a named getter, which might allow remote attackers to. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 83.6%. | HIGH | 7.5 | 83.6% | 156 |
PoC
No patch
|
| CVE-2013-0757 | The Chrome Object Wrapper (COW) implementation in Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.2, and SeaMonkey before 2.15. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 74.6%. | CRITICAL | 9.3 | 74.6% | 156 |
PoC
No patch
|
| CVE-2014-1510 | The Web IDL implementation in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allows remote attackers to execute arbitrary JavaScript. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 71.1%. | CRITICAL | 9.8 | 71.1% | 155 |
PoC
No patch
|
| CVE-2014-1511 | Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allow remote attackers to bypass the popup blocker via unspecified vectors. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 70.5%. | CRITICAL | 9.8 | 70.5% | 154 |
PoC
No patch
|
| CVE-2013-0643 | The Firefox sandbox in Adobe Flash Player before 10.3.183.67 and 11.x before 11.6.602.171 on Windows and Mac OS X, and before 10.3.183.67 and 11.x before 11.2.202.273 on Linux, does not properly. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Actively exploited in the wild (cisa kev) and EPSS exploitation probability 57.9%. | HIGH | 8.8 | 57.9% | 152 |
KEV
|
| CVE-2016-1960 | Integer underflow in the nsHtml5TreeBuilder class in the HTML5 string parser in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allows remote attackers to execute arbitrary code or cause. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 86.5%. | HIGH | 8.8 | 86.5% | 150 |
PoC
No patch
|
| CVE-2015-0816 | Mozilla Firefox before 37.0, Firefox ESR 31.x before 31.6, and Thunderbird before 31.6 do not properly restrict resource: URLs, which makes it easier for remote attackers to execute arbitrary. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 85.4%. | MEDIUM | 5.0 | 85.4% | 145 |
PoC
No patch
|
| CVE-2015-0802 | Mozilla Firefox before 37.0 relies on docshell type information instead of page principal information for Window.webidl access control, which might allow remote attackers to execute arbitrary. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 80.4%. | MEDIUM | 5.0 | 80.4% | 140 |
PoC
No patch
|