Vulnerabilities (CVE)

Filtered by vendor Mozilla Subscribe
Total 2550 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2015-2742 3 Apple, Mozilla, Oracle 3 Macos, Firefox, Solaris 2021-09-22 4.3 MEDIUM N/A
Mozilla Firefox before 39.0 on OS X includes native key press information during the logging of crashes, which allows remote attackers to obtain sensitive information by leveraging access to a crash-reporting data stream.
CVE-2013-6853 3 Apple, Mozilla, Yahoo 3 Macos, Firefox, Toolbar 2021-09-22 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in clickstream.js in Y! Toolbar plugin for FireFox 3.1.0.20130813024103 for Mac, and 2.5.9.2013418100420 for Windows, allows remote attackers to inject arbitrary web script or HTML via a crafted URL that is stored by the victim.
CVE-2021-29966 1 Mozilla 1 Firefox 2021-09-20 6.8 MEDIUM 8.8 HIGH
Mozilla developers reported memory safety bugs present in Firefox 88. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 89.
CVE-2021-29961 1 Mozilla 1 Firefox 2021-09-20 4.3 MEDIUM 4.3 MEDIUM
When styling and rendering an oversized `<select>` element, Firefox did not apply correct clipping which allowed an attacker to paint over the user interface. This vulnerability affects Firefox < 89.
CVE-2021-29960 1 Mozilla 1 Firefox 2021-09-20 4.3 MEDIUM 4.3 MEDIUM
Firefox used to cache the last filename used for printing a file. When generating a filename for printing, Firefox usually suggests the web page title. The caching and suggestion techniques combined may have lead to the title of a website visited during private browsing mode being stored on disk. This vulnerability affects Firefox < 89.
CVE-2021-29959 1 Mozilla 1 Firefox 2021-09-20 4.3 MEDIUM 4.3 MEDIUM
When a user has already allowed a website to access microphone and camera, disabling camera sharing would not fully prevent the website from re-enabling it without an additional prompt. This was only possible if the website kept recording with the microphone until re-enabling the camera. This vulnerability affects Firefox < 89.
CVE-2020-6797 2 Apple, Mozilla 4 Macos, Firefox, Firefox Esr and 1 more 2021-09-16 4.3 MEDIUM 4.3 MEDIUM
By downloading a file with the .fileloc extension, a semi-privileged extension could launch an arbitrary application on the user's computer. The attacker is restricted as they are unable to download non-quarantined files or supply command line arguments to the application, limiting the impact. Note: this issue only occurs on Mac OSX. Other operating systems are unaffected. This vulnerability affects Thunderbird < 68.5, Firefox < 73, and Firefox < ESR68.5.
CVE-2019-9815 2 Apple, Mozilla 4 Macos, Firefox, Firefox Esr and 1 more 2021-09-08 6.8 MEDIUM 8.1 HIGH
If hyperthreading is not disabled, a timing attack vulnerability exists, similar to previous Spectre attacks. Apple has shipped macOS 10.14.5 with an option to disable hyperthreading in applications running untrusted code in a thread through a new sysctl. Firefox now makes use of it on the main thread and any worker threads. *Note: users need to update to macOS 10.14.5 in order to take advantage of this change.*. This vulnerability affects Thunderbird < 60.7, Firefox < 67, and Firefox ESR < 60.7.
CVE-2021-29987 2 Linux, Mozilla 3 Linux Kernel, Firefox, Thunderbird 2021-08-25 4.3 MEDIUM 6.5 MEDIUM
After requesting multiple permissions, and closing the first permission panel, subsequent permission panels will be displayed in a different position but still record a click in the default location, making it possible to trick a user into accepting a permission they did not want to. *This bug only affects Firefox on Linux. Other operating systems are unaffected.*. This vulnerability affects Firefox < 91 and Thunderbird < 91.
CVE-2021-29986 2 Linux, Mozilla 4 Linux Kernel, Firefox, Firefox Esr and 1 more 2021-08-25 6.8 MEDIUM 8.1 HIGH
A suspected race condition when calling getaddrinfo led to memory corruption and a potentially exploitable crash. *Note: This issue only affected Linux operating systems. Other operating systems are unaffected.* This vulnerability affects Thunderbird < 78.13, Thunderbird < 91, Firefox ESR < 78.13, and Firefox < 91.
CVE-2021-29990 1 Mozilla 1 Firefox 2021-08-25 6.8 MEDIUM 8.8 HIGH
Mozilla developers and community members reported memory safety bugs present in Firefox 90. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 91.
CVE-2021-29989 1 Mozilla 3 Firefox, Firefox Esr, Thunderbird 2021-08-25 6.8 MEDIUM 8.8 HIGH
Mozilla developers reported memory safety bugs present in Firefox 90 and Firefox ESR 78.12. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird < 78.13, Firefox ESR < 78.13, and Firefox < 91.
CVE-2021-29988 1 Mozilla 3 Firefox, Firefox Esr, Thunderbird 2021-08-25 6.8 MEDIUM 8.8 HIGH
Firefox incorrectly treated an inline list-item element as a block element, resulting in an out of bounds read or memory corruption, and a potentially exploitable crash. This vulnerability affects Thunderbird < 78.13, Thunderbird < 91, Firefox ESR < 78.13, and Firefox < 91.
CVE-2021-29984 1 Mozilla 3 Firefox, Firefox Esr, Thunderbird 2021-08-25 6.8 MEDIUM 8.8 HIGH
Instruction reordering resulted in a sequence of instructions that would cause an object to be incorrectly considered during garbage collection. This led to memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird < 78.13, Thunderbird < 91, Firefox ESR < 78.13, and Firefox < 91.
CVE-2021-29983 2 Google, Mozilla 2 Android, Firefox 2021-08-25 4.3 MEDIUM 6.5 MEDIUM
Firefox for Android could get stuck in fullscreen mode and not exit it even after normal interactions that should cause it to exit. *Note: This issue only affected Firefox for Android. Other operating systems are unaffected.*. This vulnerability affects Firefox < 91.
CVE-2021-29982 1 Mozilla 2 Firefox, Thunderbird 2021-08-25 4.3 MEDIUM 6.5 MEDIUM
Due to incorrect JIT optimization, we incorrectly interpreted data from the wrong type of object, resulting in the potential leak of a single bit of memory. This vulnerability affects Firefox < 91 and Thunderbird < 91.
CVE-2021-29985 1 Mozilla 3 Firefox, Firefox Esr, Thunderbird 2021-08-25 6.8 MEDIUM 8.8 HIGH
A use-after-free vulnerability in media channels could have led to memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird < 78.13, Thunderbird < 91, Firefox ESR < 78.13, and Firefox < 91.
CVE-2021-29981 1 Mozilla 2 Firefox, Thunderbird 2021-08-25 6.8 MEDIUM 8.8 HIGH
An issue present in lowering/register allocation could have led to obscure but deterministic register confusion failures in JITted code that would lead to a potentially exploitable crash. This vulnerability affects Firefox < 91 and Thunderbird < 91.
CVE-2021-29980 1 Mozilla 3 Firefox, Firefox Esr, Thunderbird 2021-08-25 6.8 MEDIUM 8.8 HIGH
Uninitialized memory in a canvas object could have caused an incorrect free() leading to memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird < 78.13, Thunderbird < 91, Firefox ESR < 78.13, and Firefox < 91.
CVE-2021-29978 1 Mozilla 1 Mozilla Vpn 2021-08-13 10.0 HIGH 9.8 CRITICAL
Multiple low security issues were discovered and fixed in a security audit of Mozilla VPN 2.x branch as part of a 3rd party security audit. This vulnerability affects Mozilla VPN < 2.3.