Filtered by vendor Mozilla
Subscriptions
Filtered by product Firefox
Subscriptions
Total
3083 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-0247 | 1 Mozilla | 2 Firefox, Thunderbird | 2025-04-03 | 9.8 Critical |
| Memory safety bugs present in Firefox 133 and Thunderbird 133. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 134 and Thunderbird < 134. | ||||
| CVE-2024-11700 | 1 Mozilla | 2 Firefox, Thunderbird | 2025-04-03 | 8.1 High |
| Malicious websites may have been able to perform user intent confirmation through tapjacking. This could have led to users unknowingly approving the launch of external applications, potentially exposing them to underlying vulnerabilities. This vulnerability affects Firefox < 133 and Thunderbird < 133. | ||||
| CVE-2024-11693 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2025-04-03 | 9.8 Critical |
| The executable file warning was not presented when downloading .library-ms files. *Note: This issue only affected Windows operating systems. Other operating systems are unaffected.* This vulnerability affects Firefox < 133, Firefox ESR < 128.5, Thunderbird < 133, and Thunderbird < 128.5. | ||||
| CVE-2025-27425 | 2 Apple, Mozilla | 2 Iphone Os, Firefox | 2025-04-03 | 4.3 Medium |
| Scanning certain QR codes that included text with a website URL could allow the URL to be opened without presenting the user with a confirmation alert first This vulnerability affects Firefox for iOS < 136. | ||||
| CVE-2025-27426 | 2 Apple, Mozilla | 2 Iphone Os, Firefox | 2025-04-03 | 5.4 Medium |
| Malicious websites utilizing a server-side redirect to an internal error page could result in a spoofed website URL This vulnerability affects Firefox for iOS < 136. | ||||
| CVE-2025-1940 | 1 Mozilla | 1 Firefox | 2025-04-03 | 7.1 High |
| A select option could partially obscure the confirmation prompt shown before launching external apps. This could be used to trick a user in to launching an external app unexpectedly. *This issue only affects Android versions of Firefox.* This vulnerability affects Firefox < 136. | ||||
| CVE-2006-4253 | 4 K-meleon Project, Mozilla, Netscape and 1 more | 4 K-meleon, Firefox, Navigator and 1 more | 2025-04-03 | N/A |
| Concurrency vulnerability in Mozilla Firefox 1.5.0.6 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via multiple Javascript timed events that load a deeply nested XML file, followed by redirecting the browser to another page, which leads to a concurrency failure that causes structures to be freed incorrectly, as demonstrated by (1) ffoxdie and (2) ffoxdie3. NOTE: it has been reported that Netscape 8.1 and K-Meleon 1.0.1 are also affected by ffoxdie. Mozilla confirmed to CVE that ffoxdie and ffoxdie3 trigger the same underlying vulnerability. NOTE: it was later reported that Firefox 2.0 RC2 and 1.5.0.7 are also affected. | ||||
| CVE-2005-0401 | 2 Mozilla, Redhat | 3 Firefox, Mozilla, Enterprise Linux | 2025-04-03 | N/A |
| FireFox 1.0.1 and Mozilla before 1.7.6 do not sufficiently address all attack vectors for loading chrome files and hijacking drag and drop events, which allows remote attackers to execute arbitrary XUL code by tricking a user into dragging a scrollbar, a variant of CVE-2005-0527, aka "Firescrolling 2." | ||||
| CVE-2005-0142 | 2 Mozilla, Redhat | 4 Firefox, Mozilla, Thunderbird and 1 more | 2025-04-03 | N/A |
| Firefox 0.9, Thunderbird 0.6 and other versions before 0.9, and Mozilla 1.7 before 1.7.5 save temporary files with world-readable permissions, which allows local users to read certain web content or attachments that belong to other users, e.g. content that is managed by helper applications such as PDF. | ||||
| CVE-2006-4568 | 2 Mozilla, Redhat | 3 Firefox, Seamonkey, Enterprise Linux | 2025-04-03 | N/A |
| Mozilla Firefox before 1.5.0.7 and SeaMonkey before 1.0.5 allows remote attackers to bypass the security model and inject content into the sub-frame of another site via targetWindow.frames[n].document.open(), which facilitates spoofing and other attacks. | ||||
| CVE-2005-1531 | 2 Mozilla, Redhat | 3 Firefox, Mozilla, Enterprise Linux | 2025-04-03 | N/A |
| Firefox before 1.0.4 and Mozilla Suite before 1.7.8 does not properly implement certain security checks for script injection, which allows remote attackers to execute script via "Wrapped" javascript: URLs, as demonstrated using (1) a javascript: URL in a view-source: URL, (2) a javascript: URL in a jar: URL, or (3) "a nested variant." | ||||
| CVE-2006-3113 | 2 Mozilla, Redhat | 4 Firefox, Seamonkey, Thunderbird and 1 more | 2025-04-03 | N/A |
| Mozilla Firefox 1.5 before 1.5.0.5, Thunderbird before 1.5.0.5, and SeaMonkey before 1.0.3 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via simultaneous XPCOM events, which causes a timer object to be deleted in a way that triggers memory corruption. | ||||
| CVE-2006-2778 | 2 Mozilla, Redhat | 3 Firefox, Thunderbird, Enterprise Linux | 2025-04-03 | N/A |
| The crypto.signText function in Mozilla Firefox and Thunderbird before 1.5.0.4 allows remote attackers to execute arbitrary code via certain optional Certificate Authority name arguments, which causes an invalid array index and triggers a buffer overflow. | ||||
| CVE-2006-2777 | 1 Mozilla | 2 Firefox, Seamonkey | 2025-04-03 | N/A |
| Unspecified vulnerability in Mozilla Firefox before 1.5.0.4 and SeaMonkey before 1.0.2 allows remote attackers to execute arbitrary code by using the nsISelectionPrivate interface of the Selection object to add a SelectionListener and create notifications that are executed in a privileged context. | ||||
| CVE-2004-0648 | 1 Mozilla | 3 Firefox, Mozilla, Thunderbird | 2025-04-03 | N/A |
| Mozilla (Suite) before 1.7.1, Firefox before 0.9.2, and Thunderbird before 0.7.2 allow remote attackers to launch arbitrary programs via a URI referencing the shell: protocol. | ||||
| CVE-2004-0763 | 2 Mozilla, Redhat | 2 Firefox, Enterprise Linux | 2025-04-03 | N/A |
| Mozilla Firefox 0.9.1 and 0.9.2 allows remote web sites to spoof certificates of trusted web sites via redirects and Javascript that uses the "onunload" method. | ||||
| CVE-2004-0757 | 2 Mozilla, Redhat | 4 Firefox, Mozilla, Thunderbird and 1 more | 2025-04-03 | N/A |
| Heap-based buffer overflow in the SendUidl in the POP3 capability for Mozilla before 1.7, Firefox before 0.9, and Thunderbird before 0.7, may allow remote POP3 mail servers to execute arbitrary code. | ||||
| CVE-2006-2776 | 2 Mozilla, Redhat | 3 Firefox, Thunderbird, Enterprise Linux | 2025-04-03 | N/A |
| Certain privileged UI code in Mozilla Firefox and Thunderbird before 1.5.0.4 calls content-defined setters on an object prototype, which allows remote attackers to execute code at a higher privilege than intended. | ||||
| CVE-2006-2894 | 2 Mozilla, Netscape | 4 Firefox, Mozilla Suite, Seamonkey and 1 more | 2025-04-03 | N/A |
| Mozilla Firefox 1.5.0.4, 2.0.x before 2.0.0.8, Mozilla Suite 1.7.13, Mozilla SeaMonkey 1.0.2 and other versions before 1.1.5, and Netscape 8.1 and earlier allow user-assisted remote attackers to read arbitrary files by tricking a user into typing the characters of the target filename in a text box and using the OnKeyDown, OnKeyPress, and OnKeyUp Javascript keystroke events to change the focus and cause those characters to be inserted into a file upload input control, which can then upload the file when the user submits the form. | ||||
| CVE-2006-4561 | 1 Mozilla | 1 Firefox | 2025-04-03 | N/A |
| Mozilla Firefox 1.5.0.6 allows remote attackers to execute arbitrary JavaScript in the context of the browser's session with an arbitrary intranet web server, by hosting script on an Internet web server that can be made inaccessible by the attacker and that has a domain name under the attacker's control, which can force the browser to drop DNS pinning and perform a new DNS query for the domain name after the script is already running. | ||||