📦 Firefox

This vulnerability involves uninitialized memory in Firefox's Graphics: Text component, which could allow attackers to read sensitive data from memory or potentially execute arbitrary code. It affects...

A JIT miscompilation vulnerability in Firefox's JavaScript: WebAssembly component could allow arbitrary code execution when processing malicious web content. This affects Firefox versions before 148, ...

A spoofing vulnerability in the WebAuthn component of Firefox for Android allows attackers to potentially impersonate legitimate websites during authentication. This affects Firefox for Android versio...

A use-after-free vulnerability in Firefox's JavaScript engine allows attackers to execute arbitrary code by tricking users into visiting malicious websites. This affects Firefox versions below 148 and...

This vulnerability involves incorrect boundary conditions in the GMP (Gecko Media Plugins) audio/video component of Firefox, which could allow memory corruption. It affects Firefox versions below 148,...

This CVE describes a same-origin policy bypass vulnerability in Firefox's JAR (Java Archive) networking component. It allows malicious websites to access data from other origins, potentially leading t...

Memory safety vulnerabilities in Mozilla Firefox and Thunderbird could allow memory corruption attacks. With sufficient effort, attackers could exploit these bugs to execute arbitrary code on affected...

This CVE describes a sandbox escape vulnerability in Firefox's Telemetry component due to incorrect boundary conditions. Attackers could potentially break out of browser security sandboxes to execute ...

This CVE describes a sandbox escape vulnerability in Firefox's DOM Core & HTML component due to incorrect boundary conditions. It allows malicious web content to break out of browser security sandboxe...

This CVE describes a privilege escalation vulnerability in Firefox's Netmonitor component. Attackers could exploit this to gain elevated privileges within the browser. It affects Firefox versions belo...

This CVE describes a privilege escalation vulnerability in Firefox's Netmonitor component that allows attackers to gain elevated privileges on affected systems. It affects Firefox versions below 148 a...

This CVE describes a DOM security component mitigation bypass vulnerability in Firefox. Attackers could potentially bypass security controls to execute malicious code or access restricted content. Aff...

This CVE describes a sandbox escape vulnerability in Firefox's IndexedDB storage component. Attackers could potentially break out of browser security restrictions to execute arbitrary code. Affects Fi...

This CVE describes a use-after-free vulnerability in Firefox's DOM Bindings (WebIDL) component that could allow an attacker to execute arbitrary code. It affects Firefox versions below 148, Firefox ES...

A use-after-free vulnerability in Firefox's audio/video playback component allows attackers to execute arbitrary code or cause crashes. This affects Firefox versions below 148, Firefox ESR below 115.3...

An integer overflow vulnerability in Firefox's Audio/Video component could allow attackers to execute arbitrary code or cause denial of service. This affects Firefox versions below 148, Firefox ESR be...

A use-after-free vulnerability in Firefox's JavaScript garbage collector component allows attackers to execute arbitrary code by manipulating memory after it has been freed. This affects Firefox versi...

This CVE describes a sandbox escape vulnerability in Firefox's WebRender graphics component due to incorrect boundary conditions. It allows attackers to break out of browser security sandboxes and pot...

An integer overflow vulnerability in Firefox's JavaScript Standard Library component could allow attackers to execute arbitrary code or cause denial of service. This affects Firefox versions below 148...

This CVE describes a use-after-free vulnerability in Firefox's JavaScript JIT compiler that could allow arbitrary code execution. It affects Firefox versions below 148 and Firefox ESR versions below 1...

This CVE describes a use-after-free vulnerability in Firefox's DOM Core & HTML components that could allow attackers to execute arbitrary code or cause crashes. It affects Firefox versions before 148....

This vulnerability allows attackers to read uninitialized memory in Firefox and Firefox Focus for Android, potentially exposing sensitive information. It affects all users running Firefox versions bel...

A heap buffer overflow vulnerability in libvpx video codec library allows attackers to execute arbitrary code or cause denial of service. This affects Firefox browsers below specific versions across m...

A use-after-free vulnerability in Firefox's Layout: Scrolling and Overflow component allows attackers to execute arbitrary code by tricking users into visiting malicious web pages. This affects all Fi...

A denial-of-service vulnerability in Firefox and Thunderbird's DOM Service Workers component allows attackers to crash the browser or email client. This affects users running Firefox versions below 14...

This CVE describes memory safety bugs in Firefox and Thunderbird that could lead to memory corruption. With sufficient effort, attackers could potentially exploit these vulnerabilities to execute arbi...

This CVE describes a mitigation bypass vulnerability in the DOM Security component of Mozilla products. It allows attackers to circumvent security protections, potentially leading to arbitrary code ex...

This CVE describes a sandbox escape vulnerability in the Graphics: CanvasWebGL component due to incorrect boundary conditions. It allows attackers to break out of browser security sandboxes and execut...

This CVE describes an integer overflow vulnerability in the Graphics component of Mozilla products that allows sandbox escape. Attackers could exploit this to execute arbitrary code outside the browse...

A use-after-free vulnerability in Firefox and Thunderbird's IPC component allows attackers to execute arbitrary code or cause denial of service. This affects Firefox versions below 147 and specific ES...

CVE-2025-14861 is a memory safety vulnerability in Firefox that could allow attackers to execute arbitrary code on affected systems. The vulnerability involves memory corruption bugs that could be exp...

A JIT (Just-In-Time) compilation vulnerability in Mozilla's JavaScript engine allows memory corruption through miscompiled code. This affects Firefox, Firefox ESR, and Thunderbird users running outdat...

This vulnerability allows attackers to spoof download notifications in Firefox and Thunderbird, potentially tricking users into executing malicious files. It affects all users running vulnerable versi...

This CVE describes a privilege escalation vulnerability in the Netmonitor component of Mozilla products. It allows attackers to gain elevated privileges on affected systems. The vulnerability affects ...

This CVE describes a privilege escalation vulnerability in the Netmonitor component of Mozilla products. Attackers could exploit this to gain elevated privileges on affected systems. It affects Firefo...

Memory safety bugs in Firefox and Thunderbird could allow attackers to corrupt memory and potentially execute arbitrary code. This affects all users running Firefox versions before 146 or Thunderbird ...

This CVE describes memory safety bugs in Mozilla Firefox and Thunderbird that could lead to memory corruption. With sufficient effort, attackers could potentially exploit these vulnerabilities to exec...

This CVE describes a sandbox escape vulnerability in Firefox and Thunderbird's Graphics: CanvasWebGL component due to incorrect boundary conditions. It allows attackers to break out of browser sandbox...

This CVE describes a privilege escalation vulnerability in the DOM Notifications component of Mozilla products. It allows attackers to elevate privileges within the browser context, potentially execut...

This vulnerability allows attackers to bypass the same-origin policy in Firefox and Thunderbird by exploiting a flaw in the DOM Workers component. It enables malicious websites to access data from oth...

This CVE describes a use-after-free vulnerability in the WebRTC audio/video component of Mozilla products. It allows attackers to execute arbitrary code or cause denial of service by exploiting memory...

This vulnerability involves incorrect boundary conditions in Firefox and Thunderbird's WebGPU component, allowing memory corruption. Attackers could exploit this to execute arbitrary code or cause den...

Memory safety vulnerabilities in Firefox and Thunderbird versions before 145 could allow memory corruption. With sufficient effort, attackers could potentially exploit these bugs to execute arbitrary ...

A race condition vulnerability in the Graphics component of Mozilla products could allow an attacker to execute arbitrary code or cause a denial of service. This affects Firefox, Firefox ESR, and Thun...

This is a use-after-free vulnerability in the Audio/Video component of Mozilla products that could allow an attacker to execute arbitrary code or cause a crash. It affects Firefox, Firefox ESR, and Th...

This vulnerability involves incorrect boundary conditions in the WebAssembly component of Firefox and Thunderbird, potentially allowing memory corruption. It affects users running vulnerable versions ...

This CVE describes a same-origin policy bypass vulnerability in the DOM Notifications component of Mozilla products. It allows malicious websites to access data from other origins they shouldn't have ...

This CVE describes a mitigation bypass vulnerability in the DOM Security component of Mozilla products. It allows attackers to circumvent security controls, potentially leading to arbitrary code execu...

This vulnerability in Firefox and Thunderbird's 'Copy as cURL' feature allows insufficient escaping on Windows systems, potentially tricking users into executing malicious code. Attackers could craft ...

This CVE describes memory safety bugs in Firefox and Thunderbird that could lead to memory corruption. With sufficient effort, attackers could potentially exploit these vulnerabilities to execute arbi...

This CVE describes an integer overflow vulnerability in Firefox's Canvas2D graphics component that allows sandbox escape. Attackers could exploit this to execute arbitrary code outside the browser's s...

This CVE describes memory safety vulnerabilities in Firefox and Thunderbird that could lead to memory corruption. With sufficient effort, attackers could potentially exploit these bugs to execute arbi...

This vulnerability in Firefox for Android's Privacy component allows attackers to bypass privacy protections and access sensitive information that should be restricted. It affects all Firefox for Andr...

An integer overflow vulnerability in the SVG component of Mozilla products allows attackers to execute arbitrary code or cause denial of service. This affects Firefox, Firefox ESR, and Thunderbird use...

This CVE describes a use-after-free vulnerability in the Canvas2D graphics component of Mozilla products, allowing sandbox escape. Attackers could exploit this to execute arbitrary code with elevated ...

This vulnerability allows attackers to cause denial-of-service through memory exhaustion in Firefox and Thunderbird's WebRender graphics component. It affects all users running vulnerable versions of ...

This CVE describes memory safety vulnerabilities in Firefox and Thunderbird that could allow memory corruption. With sufficient effort, attackers could potentially exploit these bugs to execute arbitr...

This vulnerability in Firefox for iOS allows malicious scripts to bypass the popup blocker, enabling attackers to open excessive new tabs. This could lead to denial of service by consuming device reso...

This vulnerability allows search terms to persist in the URL bar after navigating away from search pages, potentially exposing sensitive search queries. It affects Firefox, Firefox ESR, Thunderbird, a...

This CVE describes memory safety bugs in multiple Mozilla products that could lead to memory corruption. With sufficient effort, attackers could potentially exploit these vulnerabilities to execute ar...

A race condition vulnerability in Firefox's JavaScript garbage collector (GC) component could allow attackers to execute arbitrary code or cause denial of service. This affects Firefox versions before...

A use-after-free vulnerability in Firefox's WebAssembly JavaScript component allows attackers to execute arbitrary code by manipulating freed memory. This affects all Firefox users running versions be...

This CVE describes a mitigation bypass vulnerability in Firefox's Privacy: Anti-Tracking component that could allow attackers to circumvent privacy protections. It affects Firefox versions below 147.0...

This CVE describes a use-after-free vulnerability in the JavaScript garbage collection component of Mozilla products. Attackers could exploit this to execute arbitrary code or cause crashes by manipul...

A memory corruption vulnerability in Firefox and Thunderbird's graphics component due to incorrect boundary conditions. This could allow attackers to execute arbitrary code or cause denial of service....

This CVE describes a clickjacking vulnerability in the PDF Viewer component of Mozilla products that could allow information disclosure. Attackers could trick users into clicking hidden UI elements, p...

This CVE describes an information disclosure vulnerability in the XML component of Firefox and Thunderbird. It allows attackers to potentially access sensitive data from affected browsers. Users runni...

This CVE describes a spoofing vulnerability in Firefox and Thunderbird's DOM copy-paste and drag-drop components. Attackers can manipulate clipboard or drag-drop operations to trick users into interac...

This CVE describes an information disclosure vulnerability in the Networking component of Mozilla products. It allows attackers to potentially access sensitive information from affected browsers and e...

This vulnerability allows malicious websites to use Unicode Right-to-Left Override (RTLO) characters to spoof filenames in Firefox for iOS downloads UI. Attackers could trick users into saving files w...

This CVE describes a same-origin policy bypass vulnerability in Firefox and Thunderbird's request handling component. It allows malicious websites to access data from other origins they shouldn't have...

This CVE describes a mitigation bypass vulnerability in the DOM: Core & HTML component of Mozilla products. It allows attackers to bypass security mitigations, potentially leading to arbitrary code ex...

This vulnerability allows malicious web pages to bypass browser security controls using OBJECT tags when servers don't provide proper content-type headers. Attackers could potentially execute cross-si...

This vulnerability in Firefox for iOS incorrectly shared cookie storage between private (Incognito) and normal browsing sessions, allowing data from private tabs to leak into regular browsing even aft...

This vulnerability involves incorrect boundary conditions in Firefox and Thunderbird's JavaScript garbage collector (GC) component, which could allow an attacker to execute arbitrary code or cause a d...

A spoofing vulnerability in Firefox for Android's WebAuthn component allows attackers to bypass authentication by presenting fake credentials. This affects Firefox for Android versions below 143 and T...

This CVE describes a mitigation bypass vulnerability in the Web Compatibility: Tooling component of Firefox and Thunderbird. Attackers could potentially bypass security mitigations to execute arbitrar...

This CVE describes a same-origin policy bypass vulnerability in the Layout component of Mozilla products. It allows malicious websites to access data from other origins they shouldn't have access to, ...

A spoofing vulnerability in Firefox Focus for Android's address bar component allows attackers to display malicious URLs that appear legitimate. This affects Firefox versions below 142 on Android devi...

This vulnerability involves uninitialized memory in the JavaScript Engine component of Mozilla products, which could allow an attacker to execute arbitrary code or cause a crash. It affects Firefox, F...

Firefox for Android displayed URLs incorrectly by truncating from the end instead of showing the origin first, potentially hiding malicious domains. This affects Firefox for Android versions before 14...

This vulnerability allows attackers to bypass Firefox for Android's external link prompt, potentially exposing users to security vulnerabilities or privacy leaks in external applications. Only Firefox...

Firefox incorrectly parses URLs in embed tags, rewriting them to youtube.com and bypassing website security checks that restrict embed domains. This allows attackers to embed unauthorized content from...

This vulnerability in Firefox and Thunderbird's 'Copy as cURL' feature allows command injection via insufficient newline character escaping. An attacker can trick users into executing malicious curl c...

This CVE describes an XS-Leaks (Cross-Site Leaks) vulnerability in Firefox and Thunderbird where script elements loading cross-origin resources generated load and error events that leaked information....

This vulnerability in Thunderbird and Firefox allows attackers to trigger undefined behavior through XPath parsing, potentially leading to out-of-bounds memory reads and memory corruption. It affects ...

This vulnerability in Firefox and Thunderbird's 'copy as cURL' feature allows attackers to craft malicious commands with insufficient escaping of special characters. If a user copies and executes such...

A race condition in Firefox's nsHttpTransaction component could allow memory corruption, potentially leading to arbitrary code execution. This affects Firefox versions before 137.0.2. Attackers could ...

This vulnerability allows JavaScript code to trigger a use-after-free condition during XSLT document transformations in Mozilla browsers and email clients. Attackers could exploit this to execute arbi...

This vulnerability allows an attacker to read 32 bits of sensitive data from the stack in JIT-compiled JavaScript functions. It affects Firefox web browser versions before 137 and Thunderbird email cl...

This CVE describes a spoofing vulnerability in Mozilla Firefox and Thunderbird that could allow an attacker to trick users into believing they are interacting with a legitimate website or email when t...