📦 Firefox Esr

This vulnerability allows attackers to trigger type confusion when accessing properties on objects used as 'with' statement environments in Mozilla products. Successful exploitation could lead to arbi...

A critical memory corruption vulnerability in Mozilla's JavaScript garbage collector could allow attackers to execute arbitrary code or cause denial of service. This affects Firefox, Firefox ESR, and ...

This CVE describes memory safety bugs in Firefox, Firefox ESR, and Thunderbird that could lead to memory corruption. With sufficient effort, attackers could potentially exploit these vulnerabilities t...

This vulnerability allows memory corruption through insufficient checks in graphics shared memory processing, potentially enabling sandbox escape. It affects Firefox, Firefox ESR, and Thunderbird user...

This CVE describes memory safety bugs in Firefox, Firefox ESR, and Thunderbird that could lead to memory corruption. With sufficient effort, attackers could exploit these vulnerabilities to execute ar...

This vulnerability allows a compromised content process in Firefox to trigger an out-of-bounds write in the FilterNodeD2D1 component, potentially leading to privilege escalation or remote code executi...

This CVE describes a use-after-free vulnerability in Firefox/Thunderbird on Windows when run in non-standard configurations (like using 'runas'). If exploited, it could allow arbitrary code execution ...

This CVE describes memory safety bugs in Firefox, Firefox ESR, and Thunderbird that could lead to memory corruption. With sufficient effort, attackers could potentially exploit these vulnerabilities t...

CVE-2023-34416 is a critical memory safety vulnerability affecting Mozilla Firefox, Firefox ESR, and Thunderbird. It involves memory corruption bugs that could potentially allow attackers to execute a...

This vulnerability allows an attacker to trigger an out-of-bounds memory access via WebGL APIs in Firefox or Thunderbird on macOS, potentially leading to memory corruption and an exploitable crash. It...

This vulnerability allows malicious iframes to bypass sandbox restrictions when loading XSLT stylesheets, enabling script execution and top-level frame navigation that should be blocked. It affects Fi...

This CVE describes memory safety bugs in Firefox and Thunderbird that could lead to memory corruption. With sufficient effort, attackers could exploit these vulnerabilities to execute arbitrary code o...

This vulnerability allows attackers to execute arbitrary JavaScript in the privileged devtools origin via specially crafted multipart responses, enabling cross-origin JSON data theft. On Android devic...

Firefox versions before 130, 128.2 ESR, and 115.15 ESR automatically launch external applications for news: and snews: schemes without user confirmation. This allows malicious websites to execute untr...

A use-after-free vulnerability in WebAssembly exception handling in Mozilla products could allow remote code execution. This affects Firefox, Firefox ESR, and Thunderbird users running outdated versio...

This vulnerability allows web extensions with minimal permissions to intercept and modify HTTP responses for any website, bypassing normal security restrictions. It affects Firefox, Firefox ESR, and T...

This CVE describes a use-after-free vulnerability in Mozilla's garbage collection mechanism that could allow an attacker to execute arbitrary code or cause a crash. It affects Firefox, Firefox ESR, an...

A timing vulnerability in Firefox, Firefox ESR, and Thunderbird allows attackers to manipulate popup notification delays, tricking users into granting unintended permissions. This affects users runnin...

This CVE describes memory safety bugs in Firefox, Firefox ESR, and Thunderbird that could lead to memory corruption. With sufficient effort, attackers could potentially exploit these vulnerabilities t...

This CVE describes a heap buffer overflow vulnerability in Firefox's WebGL DrawElementsInstanced method when used with Mesa VM driver. An attacker could exploit this to execute arbitrary code and pote...

CVE-2023-6858 is a heap buffer overflow vulnerability in Firefox's nsTextFragment component caused by insufficient out-of-memory handling. Attackers could exploit this to execute arbitrary code or cau...

This vulnerability allows remote attackers to execute arbitrary code via a heap buffer overflow in Firefox's nsWindow::PickerOpen method when running in headless mode. It affects Firefox ESR versions ...

This vulnerability in Firefox, Firefox ESR, and Thunderbird involves undefined behavior in the ShutdownObserver() function due to missing virtual destructor in a dynamic type. Attackers could potentia...

This CVE describes memory safety bugs in Firefox, Firefox ESR, and Thunderbird that could lead to memory corruption. With sufficient effort, attackers could potentially exploit these vulnerabilities t...

This vulnerability is a use-after-free memory corruption flaw in Firefox, Firefox ESR, and Thunderbird's ReadableByteStreams implementation. It allows attackers to potentially execute arbitrary code o...

This vulnerability in Mozilla graphics drivers allows attackers to cause denial of service through large draw calls. It affects Firefox versions before 119, Firefox ESR before 115.4, and Thunderbird b...

A use-after-free vulnerability in Firefox, Firefox ESR, and Thunderbird garbage collection could allow attackers to cause a crash or potentially execute arbitrary code. This affects users running vuln...

This vulnerability is an integer overflow in Firefox's RecordedSourceSurfaceCreation function on Windows, leading to a heap buffer overflow. It could leak sensitive data and potentially allow sandbox ...

This vulnerability allows buffer overflow attacks in Firefox on macOS due to insufficient memory allocation checks in Angle's GLSL shader processing. Attackers could exploit this to execute arbitrary ...

CVE-2023-4584 is a memory corruption vulnerability in Mozilla products that could allow attackers to execute arbitrary code on affected systems. This affects Firefox, Firefox ESR, and Thunderbird user...

This CVE describes a use-after-free vulnerability in Firefox, Firefox ESR, and Thunderbird that occurs during worker lifecycle management. If exploited, it could lead to a potentially exploitable cras...

This CVE describes memory safety bugs in Firefox, Firefox ESR, and Thunderbird that could lead to memory corruption. With sufficient effort, attackers could potentially exploit these vulnerabilities t...

Firefox and Thunderbird failed to warn users when opening Diagcab files, which could contain malicious code. This vulnerability allows attackers to execute arbitrary code by tricking users into openin...

This vulnerability allows an attacker to trigger a use-after-free condition when establishing a WebRTC connection over HTTPS, potentially leading to arbitrary code execution. It affects Firefox versio...

This vulnerability allows attackers to trigger denial of service conditions on Windows systems by exploiting protocol handlers ms-cxh and ms-cxh-full in affected Mozilla products. It affects Firefox, ...

This vulnerability in Firefox, Firefox ESR, and Thunderbird allows attackers to bypass popup notification delays, tricking users into granting permissions without proper consideration. It affects user...

This vulnerability in Mozilla Firefox, Firefox ESR, and Thunderbird involves using an uninitialized value as a read limit when processing files, potentially allowing attackers to read arbitrary memory...

CVE-2023-28176 is a memory safety vulnerability in Mozilla Firefox, Firefox ESR, and Thunderbird that could allow memory corruption. With sufficient effort, attackers could potentially exploit this to...

This is a use-after-free vulnerability in Mozilla's memory manager that allows an attacker to cause incorrect pointer freeing, leading to memory corruption or crashes. It affects Firefox, Firefox ESR,...

This vulnerability allows attackers to execute arbitrary commands on Linux systems by tricking users into downloading malicious .desktop files through Firefox. It affects Firefox, Firefox ESR, Thunder...

CVE-2023-29550 is a collection of memory safety bugs in Mozilla products that could lead to memory corruption. With sufficient effort, attackers could potentially exploit these vulnerabilities to exec...

This vulnerability allows attackers to perform reflected file download attacks by exploiting NULL character truncation in Firefox's Content-Disposition header filename handling. Attackers can trick us...

This vulnerability involves an invalid downcast from nsTextNode to SVGElement in Mozilla products, which could lead to undefined behavior including potential memory corruption. It affects Firefox vers...

This vulnerability is a use-after-free flaw in Firefox, Thunderbird, and Firefox ESR that occurs when failed module load requests aren't properly checked for cancellation. Attackers could exploit this...

This vulnerability allows Firefox/Thunderbird extensions to bypass permission prompts when opening external schemes (like file://, mailto:, etc.), enabling them to automatically download files or inte...

This vulnerability allows attackers to craft malicious Windows .url shortcut files that, when downloaded and opened in Firefox on Windows, can trigger unauthorized network requests and potentially lea...

This vulnerability allows an attacker to craft a malicious PKCS 12 certificate bundle that triggers arbitrary memory writes when processed by affected applications. It affects Firefox versions below 1...

This CVE describes memory safety bugs in Firefox and Thunderbird that could lead to memory corruption. With sufficient effort, attackers could potentially exploit these vulnerabilities to execute arbi...

This vulnerability in Firefox, Thunderbird, and Firefox ESR on macOS allows malicious .inetloc files to execute commands without displaying the standard executable file warning. Attackers can trick us...

This CVE describes memory safety bugs in Mozilla products that could lead to memory corruption. With sufficient effort, attackers could potentially exploit these vulnerabilities to execute arbitrary c...

This vulnerability involves an incorrect type conversion from 64-bit to 32-bit integers in Mozilla products, allowing memory corruption that could lead to exploitable crashes. It affects Thunderbird, ...

A use-after-free vulnerability in Mozilla's WebAssembly (wasm) implementation could allow an attacker to cause memory corruption and potentially execute arbitrary code. This affects Thunderbird, Firef...

This vulnerability allows attackers to detect whether specific protocol handler applications are installed on a user's system by exploiting how Firefox and Thunderbird handle window.open calls. It aff...

This vulnerability allows malicious websites with popup permissions to overlay select elements on top of legitimate sites, enabling UI spoofing attacks. Attackers could trick users into interacting wi...

This vulnerability allows malicious websites to partially obscure security permission prompts using the date picker interface, potentially tricking users into granting unintended permissions. It affec...

This vulnerability allows malicious websites to obscure the fullscreen notification dialog in Firefox and Thunderbird, enabling spoofing attacks where users might be tricked into interacting with fake...