Filtered by vendor Mozilla
Subscriptions
Filtered by product Firefox Esr
Subscriptions
Total
827 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-11709 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2025-11-03 | 9.8 Critical |
| A compromised web process was able to trigger out of bounds reads and writes in a more privileged process using manipulated WebGL textures. This vulnerability affects Firefox < 144, Firefox ESR < 115.29, Firefox ESR < 140.4, Thunderbird < 144, and Thunderbird < 140.4. | ||||
| CVE-2025-11708 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2025-11-03 | 9.8 Critical |
| Use-after-free in MediaTrackGraphImpl::GetInstance() This vulnerability affects Firefox < 144, Firefox ESR < 140.4, Thunderbird < 144, and Thunderbird < 140.4. | ||||
| CVE-2024-6603 | 2 Mozilla, Redhat | 9 Firefox, Firefox Esr, Thunderbird and 6 more | 2025-10-30 | 7.4 High |
| In an out-of-memory scenario an allocation could fail but free would have been called on the pointer afterwards leading to memory corruption. This vulnerability affects Firefox < 128, Firefox ESR < 115.13, Thunderbird < 115.13, and Thunderbird < 128. | ||||
| CVE-2024-7652 | 2 Mozilla, Redhat | 9 Firefox, Firefox Esr, Thunderbird and 6 more | 2025-10-30 | 7.5 High |
| An error in the ECMA-262 specification relating to Async Generators could have resulted in a type confusion, potentially leading to memory corruption and an exploitable crash. This vulnerability affects Firefox < 128, Firefox ESR < 115.13, Thunderbird < 115.13, and Thunderbird < 128. | ||||
| CVE-2025-6426 | 2 Apple, Mozilla | 3 Macos, Firefox, Firefox Esr | 2025-10-30 | 8.8 High |
| The executable file warning did not warn users before opening files with the `terminal` extension. *This bug only affects Firefox for macOS. Other versions of Firefox are unaffected.* This vulnerability affects Firefox < 140, Firefox ESR < 128.12, Thunderbird < 140, and Thunderbird < 128.12. | ||||
| CVE-2025-9184 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2025-10-30 | 8.1 High |
| Memory safety bugs present in Firefox ESR 140.1, Thunderbird ESR 140.1, Firefox 141 and Thunderbird 141. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 142, Firefox ESR < 140.2, Thunderbird < 142, and Thunderbird < 140.2. | ||||
| CVE-2025-9183 | 1 Mozilla | 2 Firefox, Firefox Esr | 2025-10-30 | 6.5 Medium |
| Spoofing issue in the Address Bar component. This vulnerability affects Firefox < 142 and Firefox ESR < 140.2. | ||||
| CVE-2025-9182 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2025-10-30 | 7.5 High |
| Denial-of-service due to out-of-memory in the Graphics: WebRender component. This vulnerability affects Firefox < 142, Firefox ESR < 140.2, Thunderbird < 142, and Thunderbird < 140.2. | ||||
| CVE-2025-8040 | 1 Mozilla | 4 Firefox, Firefox Esr, Thunderbird and 1 more | 2025-10-30 | 8.8 High |
| Memory safety bugs present in Firefox ESR 140.0, Thunderbird ESR 140.0, Firefox 140 and Thunderbird 140. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 141, Firefox ESR < 140.1, Thunderbird < 141, and Thunderbird < 140.1. | ||||
| CVE-2025-8039 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2025-10-30 | 8.1 High |
| In some cases search terms persisted in the URL bar even after navigating away from the search page. This vulnerability affects Firefox < 141, Firefox ESR < 140.1, Thunderbird < 141, and Thunderbird < 140.1. | ||||
| CVE-2025-8038 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2025-10-30 | 9.8 Critical |
| Thunderbird ignored paths when checking the validity of navigations in a frame. This vulnerability affects Firefox < 141, Firefox ESR < 140.1, Thunderbird < 141, and Thunderbird < 140.1. | ||||
| CVE-2025-8037 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2025-10-30 | 9.1 Critical |
| Setting a nameless cookie with an equals sign in the value shadowed other cookies. Even if the nameless cookie was set over HTTP and the shadowed cookie included the `Secure` attribute. This vulnerability affects Firefox < 141, Firefox ESR < 140.1, Thunderbird < 141, and Thunderbird < 140.1. | ||||
| CVE-2024-2612 | 2 Mozilla, Redhat | 8 Firefox, Firefox Esr, Thunderbird and 5 more | 2025-07-17 | 8.1 High |
| If an attacker could find a way to trigger a particular code path in `SafeRefPtr`, it could have triggered a crash or potentially be leveraged to achieve code execution. This vulnerability affects Firefox < 124, Firefox ESR < 115.9, and Thunderbird < 115.9. | ||||
| CVE-2024-11698 | 2 Apple, Mozilla | 4 Macos, Firefox, Firefox Esr and 1 more | 2025-06-24 | 9.8 Critical |
| A flaw in handling fullscreen transitions may have inadvertently caused the application to become stuck in fullscreen mode when a modal dialog was opened during the transition. This issue left users unable to exit fullscreen mode using standard actions like pressing "Esc" or accessing right-click menus, resulting in a disrupted browsing experience until the browser is restarted. *This bug only affects the application when running on macOS. Other operating systems are unaffected.* This vulnerability affects Firefox < 133, Firefox ESR < 128.5, Thunderbird < 133, and Thunderbird < 128.5. | ||||
| CVE-2024-11691 | 2 Apple, Mozilla | 18 M1, M1 Max, M1 Pro and 15 more | 2025-06-24 | 8.8 High |
| Certain WebGL operations on Apple silicon M series devices could have lead to an out-of-bounds write and memory corruption due to a flaw in Apple's GPU driver. *This bug only affected the application on Apple M series hardware. Other platforms were unaffected.* This vulnerability affects Firefox < 133, Firefox ESR < 128.5, Firefox ESR < 115.18, Thunderbird < 133, Thunderbird < 128.5, and Thunderbird < 115.18. | ||||
| CVE-2024-0751 | 3 Debian, Mozilla, Redhat | 9 Debian Linux, Firefox, Firefox Esr and 6 more | 2025-06-20 | 8.8 High |
| A malicious devtools extension could have been used to escalate privileges. This vulnerability affects Firefox < 122, Firefox ESR < 115.7, and Thunderbird < 115.7. | ||||
| CVE-2024-0750 | 3 Debian, Mozilla, Redhat | 9 Debian Linux, Firefox, Firefox Esr and 6 more | 2025-06-20 | 8.8 High |
| A bug in popup notifications delay calculation could have made it possible for an attacker to trick a user into granting permissions. This vulnerability affects Firefox < 122, Firefox ESR < 115.7, and Thunderbird < 115.7. | ||||
| CVE-2024-0746 | 3 Debian, Mozilla, Redhat | 9 Debian Linux, Firefox, Firefox Esr and 6 more | 2025-06-20 | 6.5 Medium |
| A Linux user opening the print preview dialog could have caused the browser to crash. This vulnerability affects Firefox < 122, Firefox ESR < 115.7, and Thunderbird < 115.7. | ||||
| CVE-2024-0753 | 3 Debian, Mozilla, Redhat | 9 Debian Linux, Firefox, Firefox Esr and 6 more | 2025-06-07 | 6.5 Medium |
| In specific HSTS configurations an attacker could have bypassed HSTS on a subdomain. This vulnerability affects Firefox < 122, Firefox ESR < 115.7, and Thunderbird < 115.7. | ||||
| CVE-2024-0742 | 3 Debian, Mozilla, Redhat | 9 Debian Linux, Firefox, Firefox Esr and 6 more | 2025-05-30 | 4.3 Medium |
| It was possible for certain browser prompts and dialogs to be activated or dismissed unintentionally by the user due to an incorrect timestamp used to prevent input after page load. This vulnerability affects Firefox < 122, Firefox ESR < 115.7, and Thunderbird < 115.7. | ||||