Vulnerabilities (CVE)

Filtered by vendor Mozilla Subscribe
Filtered by product Firefox
Total 2385 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2020-6806 2 Canonical, Mozilla 4 Ubuntu Linux, Firefox, Firefox Esr and 1 more 2023-02-03 6.8 MEDIUM 8.8 HIGH
By carefully crafting promise resolutions, it was possible to cause an out-of-bounds read off the end of an array resized during script execution. This could have led to memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird < 68.6, Firefox < 74, Firefox < ESR68.6, and Firefox ESR < 68.6.
CVE-2019-11763 2 Canonical, Mozilla 4 Ubuntu Linux, Firefox, Firefox Esr and 1 more 2023-02-03 4.3 MEDIUM 6.1 MEDIUM
Failure to correctly handle null bytes when processing HTML entities resulted in Firefox incorrectly parsing these entities. This could have led to HTML comment text being treated as HTML which could have led to XSS in a web application under certain conditions. It could have also led to HTML entities being masked from filters - enabling the use of entities to mask the actual characters of interest from filters. This vulnerability affects Firefox < 70, Thunderbird < 68.2, and Firefox ESR < 68.2.
CVE-2020-15658 2 Canonical, Mozilla 4 Ubuntu Linux, Firefox, Firefox Esr and 1 more 2023-02-02 4.3 MEDIUM 6.5 MEDIUM
The code for downloading files did not properly take care of special characters, which led to an attacker being able to cut off the file ending at an earlier position, leading to a different file type being downloaded than shown in the dialog. This vulnerability affects Firefox ESR < 78.1, Firefox < 79, and Thunderbird < 78.1.
CVE-2020-15653 2 Canonical, Mozilla 4 Ubuntu Linux, Firefox, Firefox Esr and 1 more 2023-02-02 4.3 MEDIUM 6.5 MEDIUM
An iframe sandbox element with the allow-popups flag could be bypassed when using noopener links. This could have led to security issues for websites relying on sandbox configurations that allowed popups and hosted arbitrary content. This vulnerability affects Firefox ESR < 78.1, Firefox < 79, and Thunderbird < 78.1.
CVE-2020-15654 2 Canonical, Mozilla 4 Ubuntu Linux, Firefox, Firefox Esr and 1 more 2023-02-02 4.3 MEDIUM 6.5 MEDIUM
When in an endless loop, a website specifying a custom cursor using CSS could make it look like the user is interacting with the user interface, when they are not. This could lead to a perceived broken state, especially when interactions with existing browser dialogs and warnings do not work. This vulnerability affects Firefox ESR < 78.1, Firefox < 79, and Thunderbird < 78.1.
CVE-2020-15656 3 Canonical, Mozilla, Opensuse 5 Ubuntu Linux, Firefox, Firefox Esr and 2 more 2023-02-02 9.3 HIGH 8.8 HIGH
JIT optimizations involving the Javascript arguments object could confuse later optimizations. This risk was already mitigated by various precautions in the code, resulting in this bug rated at only moderate severity. This vulnerability affects Firefox ESR < 78.1, Firefox < 79, and Thunderbird < 78.1.
CVE-2016-0718 9 Apple, Canonical, Debian and 6 more 14 Mac Os X, Ubuntu Linux, Debian Linux and 11 more 2023-02-02 7.5 HIGH 9.8 CRITICAL
An out-of-bounds read flaw was found in the way Expat processed certain input. A remote attacker could send specially crafted XML that, when parsed by an application using the Expat library, would cause that application to crash or, possibly, execute arbitrary code with the permission of the user running the application.
CVE-2009-0354 1 Mozilla 1 Firefox 2023-02-02 2.6 LOW N/A
CVE-2009-0354 Firefox XSS using a chrome XBL method and window.eval
CVE-2008-5504 1 Mozilla 1 Firefox 2023-02-02 7.5 HIGH N/A
CVE-2008-5504 Firefox 2 XSS attack vectors in feed preview
CVE-2007-5960 1 Mozilla 2 Firefox, Seamonkey 2023-02-02 4.3 MEDIUM N/A
CVE-2007-5960 Mozilla Cross-site Request Forgery flaw
CVE-2009-0581 4 Gimp, Littlecms, Mozilla and 1 more 4 Gimp, Little Cms, Firefox and 1 more 2023-02-02 4.3 MEDIUM N/A
CVE-2009-0581 LittleCms memory leak
CVE-2009-1308 1 Mozilla 3 Firefox, Seamonkey, Thunderbird 2023-02-02 4.3 MEDIUM N/A
CVE-2009-1308 Firefox XSS hazard using third-party stylesheets and XBL bindings
CVE-2008-3836 1 Mozilla 1 Firefox 2023-02-02 7.5 HIGH N/A
CVE-2008-3836 mozilla: Privilege escalation using feed preview page and XSS flaw
CVE-2008-5513 3 Canonical, Debian, Mozilla 5 Ubuntu Linux, Debian Linux, Firefox and 2 more 2023-02-02 4.3 MEDIUM N/A
CVE-2008-5513 Firefox XSS vulnerabilities in SessionStore
CVE-2008-5511 3 Canonical, Debian, Mozilla 5 Ubuntu Linux, Debian Linux, Firefox and 2 more 2023-02-02 4.3 MEDIUM N/A
CVE-2008-5511 Firefox XSS via XBL bindings to unloaded document
CVE-2008-5019 3 Canonical, Debian, Mozilla 3 Ubuntu Linux, Debian Linux, Firefox 2023-02-02 4.3 MEDIUM N/A
CVE-2008-5019 Mozilla XSS via session restore
CVE-2019-11757 2 Canonical, Mozilla 4 Ubuntu Linux, Firefox, Firefox Esr and 1 more 2023-02-01 6.8 MEDIUM 8.8 HIGH
When following the value's prototype chain, it was possible to retain a reference to a locale, delete it, and subsequently reference it. This resulted in a use-after-free and a potentially exploitable crash. This vulnerability affects Firefox < 70, Thunderbird < 68.2, and Firefox ESR < 68.2.
CVE-2019-11759 2 Canonical, Mozilla 4 Ubuntu Linux, Firefox, Firefox Esr and 1 more 2023-02-01 6.8 MEDIUM 8.8 HIGH
An attacker could have caused 4 bytes of HMAC output to be written past the end of a buffer stored on the stack. This could be used by an attacker to execute arbitrary code or more likely lead to a crash. This vulnerability affects Firefox < 70, Thunderbird < 68.2, and Firefox ESR < 68.2.
CVE-2019-11760 2 Canonical, Mozilla 4 Ubuntu Linux, Firefox, Firefox Esr and 1 more 2023-02-01 6.8 MEDIUM 8.8 HIGH
A fixed-size stack buffer could overflow in nrappkit when doing WebRTC signaling. This resulted in a potentially exploitable crash in some instances. This vulnerability affects Firefox < 70, Thunderbird < 68.2, and Firefox ESR < 68.2.
CVE-2019-11761 2 Canonical, Mozilla 4 Ubuntu Linux, Firefox, Firefox Esr and 1 more 2023-02-01 5.8 MEDIUM 5.4 MEDIUM
By using a form with a data URI it was possible to gain access to the privileged JSONView object that had been cloned into content. Impact from exposing this object appears to be minimal, however it was a bypass of existing defense in depth mechanisms. This vulnerability affects Firefox < 70, Thunderbird < 68.2, and Firefox ESR < 68.2.