Vulnerabilities (CVE)

Filtered by vendor Mozilla Subscribe
Filtered by product Firefox Esr
Total 1078 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2013-1690 6 Canonical, Debian, Mozilla and 3 more 16 Ubuntu Linux, Debian Linux, Firefox and 13 more 2024-07-09 9.3 HIGH 8.8 HIGH
Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbird before 17.0.7, and Thunderbird ESR 17.x before 17.0.7 do not properly handle onreadystatechange events in conjunction with page reloading, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted web site that triggers an attempt to execute data at an unmapped memory location.
CVE-2019-11708 1 Mozilla 3 Firefox, Firefox Esr, Thunderbird 2024-07-02 10.0 HIGH 10.0 CRITICAL
Insufficient vetting of parameters passed with the Prompt:Open IPC message between child and parent processes can result in the non-sandboxed parent process opening web content chosen by a compromised child process. When combined with additional vulnerabilities this could result in executing arbitrary code on the user's computer. This vulnerability affects Firefox ESR < 60.7.2, Firefox < 67.0.4, and Thunderbird < 60.7.2.
CVE-2015-4495 6 Canonical, Mozilla, Opensuse and 3 more 16 Ubuntu Linux, Firefox, Firefox Esr and 13 more 2024-06-28 4.3 MEDIUM 8.8 HIGH
The PDF reader in Mozilla Firefox before 39.0.3, Firefox ESR 38.x before 38.1.1, and Firefox OS before 2.2 allows remote attackers to bypass the Same Origin Policy, and read arbitrary files or gain privileges, via vectors involving crafted JavaScript code and a native setter, as exploited in the wild in August 2015.
CVE-2023-4863 8 Bentley, Debian, Fedoraproject and 5 more 10 Seequent Leapfrog, Debian Linux, Fedora and 7 more 2024-06-27 N/A 8.8 HIGH
Heap buffer overflow in libwebp in Google Chrome prior to 116.0.5845.187 and libwebp 1.3.2 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: Critical)
CVE-2023-5217 7 Apple, Debian, Fedoraproject and 4 more 12 Ipad Os, Iphone Os, Debian Linux and 9 more 2024-02-15 N/A 8.8 HIGH
Heap buffer overflow in vp8 encoding in libvpx in Google Chrome prior to 117.0.5938.132 and libvpx 1.13.1 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
CVE-2014-1486 7 Canonical, Debian, Fedoraproject and 4 more 17 Ubuntu Linux, Debian Linux, Fedora and 14 more 2024-02-14 10.0 HIGH 9.8 CRITICAL
Use-after-free vulnerability in the imgRequestProxy function in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, and SeaMonkey before 2.24 allows remote attackers to execute arbitrary code via vectors involving unspecified Content-Type values for image data.
CVE-2014-1477 7 Canonical, Debian, Fedoraproject and 4 more 18 Ubuntu Linux, Debian Linux, Fedora and 15 more 2024-02-14 6.8 MEDIUM 9.8 CRITICAL
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, and SeaMonkey before 2.24 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
CVE-2014-1482 7 Canonical, Debian, Fedoraproject and 4 more 18 Ubuntu Linux, Debian Linux, Fedora and 15 more 2024-02-14 9.3 HIGH 8.8 HIGH
RasterImage.cpp in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, and SeaMonkey before 2.24 does not prevent access to discarded data, which allows remote attackers to execute arbitrary code or cause a denial of service (incorrect write operations) via crafted image data, as demonstrated by Goo Create.
CVE-2014-1487 7 Canonical, Debian, Fedoraproject and 4 more 18 Ubuntu Linux, Debian Linux, Fedora and 15 more 2024-02-14 5.0 MEDIUM 7.5 HIGH
The Web workers implementation in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, and SeaMonkey before 2.24 allows remote attackers to bypass the Same Origin Policy and obtain sensitive authentication information via vectors involving error messages.
CVE-2014-1481 7 Canonical, Debian, Fedoraproject and 4 more 18 Ubuntu Linux, Debian Linux, Fedora and 15 more 2024-02-14 5.0 MEDIUM 7.5 HIGH
Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, and SeaMonkey before 2.24 allow remote attackers to bypass intended restrictions on window objects by leveraging inconsistency in native getter methods across different JavaScript engines.
CVE-2014-1479 7 Canonical, Debian, Fedoraproject and 4 more 18 Ubuntu Linux, Debian Linux, Fedora and 15 more 2024-02-14 5.0 MEDIUM 7.5 HIGH
The System Only Wrapper (SOW) implementation in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, and SeaMonkey before 2.24 does not prevent certain cloning operations, which allows remote attackers to bypass intended restrictions on XUL content via vectors involving XBL content scopes.
CVE-2014-1490 7 Canonical, Debian, Fedoraproject and 4 more 14 Ubuntu Linux, Debian Linux, Fedora and 11 more 2024-02-14 9.3 HIGH N/A
Race condition in libssl in Mozilla Network Security Services (NSS) before 3.15.4, as used in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, SeaMonkey before 2.24, and other products, allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via vectors involving a resumption handshake that triggers incorrect replacement of a session ticket.
CVE-2024-0749 2 Debian, Mozilla 4 Debian Linux, Firefox, Firefox Esr and 1 more 2024-02-09 N/A 4.3 MEDIUM
A phishing site could have repurposed an `about:` dialog to show phishing content with an incorrect origin in the address bar. This vulnerability affects Firefox < 122 and Thunderbird < 115.7.
CVE-2024-0741 2 Debian, Mozilla 4 Debian Linux, Firefox, Firefox Esr and 1 more 2024-02-02 N/A 6.5 MEDIUM
An out of bounds write in ANGLE could have allowed an attacker to corrupt memory leading to a potentially exploitable crash. This vulnerability affects Firefox < 122, Firefox ESR < 115.7, and Thunderbird < 115.7.
CVE-2024-0742 2 Debian, Mozilla 4 Debian Linux, Firefox, Firefox Esr and 1 more 2024-02-02 N/A 4.3 MEDIUM
It was possible for certain browser prompts and dialogs to be activated or dismissed unintentionally by the user due to an incorrect timestamp used to prevent input after page load. This vulnerability affects Firefox < 122, Firefox ESR < 115.7, and Thunderbird < 115.7.
CVE-2024-0746 2 Debian, Mozilla 4 Debian Linux, Firefox, Firefox Esr and 1 more 2024-02-02 N/A 6.5 MEDIUM
A Linux user opening the print preview dialog could have caused the browser to crash. This vulnerability affects Firefox < 122, Firefox ESR < 115.7, and Thunderbird < 115.7.
CVE-2024-0747 2 Debian, Mozilla 4 Debian Linux, Firefox, Firefox Esr and 1 more 2024-02-02 N/A 6.5 MEDIUM
When a parent page loaded a child in an iframe with `unsafe-inline`, the parent Content Security Policy could have overridden the child Content Security Policy. This vulnerability affects Firefox < 122, Firefox ESR < 115.7, and Thunderbird < 115.7.
CVE-2024-0750 2 Debian, Mozilla 4 Debian Linux, Firefox, Firefox Esr and 1 more 2024-02-02 N/A 8.8 HIGH
A bug in popup notifications delay calculation could have made it possible for an attacker to trick a user into granting permissions. This vulnerability affects Firefox < 122, Firefox ESR < 115.7, and Thunderbird < 115.7.
CVE-2024-0751 2 Debian, Mozilla 4 Debian Linux, Firefox, Firefox Esr and 1 more 2024-02-02 N/A 8.8 HIGH
A malicious devtools extension could have been used to escalate privileges. This vulnerability affects Firefox < 122, Firefox ESR < 115.7, and Thunderbird < 115.7.
CVE-2024-0753 2 Debian, Mozilla 4 Debian Linux, Firefox, Firefox Esr and 1 more 2024-02-02 N/A 6.5 MEDIUM
In specific HSTS configurations an attacker could have bypassed HSTS on a subdomain. This vulnerability affects Firefox < 122, Firefox ESR < 115.7, and Thunderbird < 115.7.