Mozilla Security Vulnerabilities (CVEs)

CVE-2024-9403 is a memory safety vulnerability in Firefox and Thunderbird that could allow memory corruption. With sufficient effort, attackers could ...

This vulnerability allows attackers to execute arbitrary JavaScript in the privileged devtools origin via specially crafted multipart responses, enabl...

A memory corruption vulnerability in Firefox, Firefox ESR, and Thunderbird could allow attackers to execute arbitrary code or cause denial of service ...

This vulnerability allows attackers to detect whether specific protocol handler applications are installed on a user's system by exploiting how Firefo...

A denial-of-service vulnerability in Firefox, Firefox ESR, and Thunderbird allows a malicious website to crash the browser process by initiating a spe...

This vulnerability allows attackers to write arbitrary data to a user's clipboard without user consent during specific navigational sequences. It affe...

This vulnerability allows attackers to spoof the address bar in Firefox for Android by exploiting an open redirect on a trusted site. When users are r...

This vulnerability allows malicious websites to spoof URL addresses displayed in the Focus navigation bar on iOS devices. Attackers can make a malicio...

Firefox versions before 130, 128.2 ESR, and 115.15 ESR automatically launch external applications for news: and snews: schemes without user confirmati...

This vulnerability allows malicious websites with popup permissions to overlay select elements on top of legitimate sites, enabling UI spoofing attack...

A cross-site scripting (XSS) vulnerability in Firefox for iOS allows attackers to execute malicious scripts by tricking users into long-pressing on sp...

A use-after-free vulnerability in WebAssembly exception handling in Mozilla products could allow remote code execution. This affects Firefox, Firefox ...

This vulnerability allows malicious websites to partially obscure security permission prompts in Firefox for Android, potentially tricking users into ...

This vulnerability allows web extensions with minimal permissions to intercept and modify HTTP responses for any website, bypassing normal security re...

This CVE describes a use-after-free vulnerability in Mozilla's garbage collection mechanism that could allow an attacker to execute arbitrary code or ...

This vulnerability allows malicious websites to partially obscure security permission prompts using the date picker interface, potentially tricking us...

CVE-2024-7530 is a use-after-free vulnerability in Firefox caused by incorrect garbage collection interaction. Attackers could exploit this to execute...

This vulnerability allows malicious websites to obscure the fullscreen notification dialog in Firefox and Thunderbird, enabling spoofing attacks where...

This vulnerability in Firefox and Thunderbird involves a WebAssembly (wasm) frame iterator getting stuck in an infinite loop when processing certain w...

This CVE describes memory safety bugs in Firefox and Thunderbird that could lead to memory corruption. With sufficient effort, attackers could potenti...

This vulnerability in Angle's GLSL shader memory allocation on macOS allows out-of-bounds memory access when allocating large amounts of private shade...

This CVE describes memory safety bugs in Firefox and Thunderbird that could lead to memory corruption. With sufficient effort, attackers could potenti...

This vulnerability in Firefox and Thunderbird involves improper bounds checking in clipboard code, allowing an out-of-bounds read. Attackers could exp...

This vulnerability allows an attacker to move the cursor outside the browser viewport and Firefox window using pointerlock from an iframe. This affect...

A use-after-free vulnerability in Firefox and Thunderbird occurs when the browser is nearly out of memory, causing an elliptic curve key that was neve...

This vulnerability in Firefox Focus for iOS allows URL spoofing by hiding the file scheme in the location bar, potentially tricking users into believi...

A vulnerability in Firefox allows a file dialog displayed during full-screen mode to leave the window disabled, potentially enabling clickjacking atta...

CVE-2024-4772 is a vulnerability in Firefox where HTTP digest authentication nonce values were generated using the predictable rand() function instead...

This vulnerability in Firefox allows attackers to spoof websites by exploiting a network error during page loading. When a network error occurs, previ...

A missing iterator stop condition in Firefox's built-in profiler when handling WASM code could lead to invalid memory access and undefined behavior. T...

This vulnerability in Firefox, Firefox ESR, and Thunderbird allows attackers to trick users into granting WebAuthn permissions via manipulated popup n...

A use-after-free vulnerability in Firefox, Firefox ESR, and Thunderbird occurs when saving pages to PDF with certain font styles, potentially causing ...

This vulnerability allows attackers to hide the fullscreen notification in Firefox for Android, potentially tricking users into interacting with spoof...

This vulnerability in Firefox, Firefox ESR, and Thunderbird occurs when the GetBoundName function returns an incorrect object version due to JIT optim...

This vulnerability in Mozilla's JavaScript JIT compiler incorrectly optimizes switch statements, leading to out-of-bounds memory reads. It affects Fir...

A use-after-free vulnerability in Firefox's WebAssembly (WASM) garbage collection allows attackers to execute arbitrary code when users visit maliciou...

This vulnerability allows an attacker to crash Firefox by manipulating JavaScript objects to trigger a JIT (Just-In-Time) compiler failure. It affects...

CVE-2024-3865 is a memory safety vulnerability in Firefox that could allow attackers to execute arbitrary code on affected systems. The vulnerability ...

This vulnerability in Firefox for iOS causes the browser to incorrectly display a secure lock icon when insecure content loads on a page after a delay...