Filtered by vendor Mozilla
Subscriptions
Filtered by product Firefox
Subscriptions
Total
2949 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-14330 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2025-12-11 | 9.8 Critical |
| JIT miscompilation in the JavaScript Engine: JIT component. This vulnerability affects Firefox < 146, Firefox ESR < 140.6, Thunderbird < 146, and Thunderbird < 140.6. | ||||
| CVE-2025-14321 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2025-12-11 | 9.8 Critical |
| Use-after-free in the WebRTC: Signaling component. This vulnerability affects Firefox < 146, Firefox ESR < 140.6, Thunderbird < 146, and Thunderbird < 140.6. | ||||
| CVE-2025-14324 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2025-12-11 | 9.8 Critical |
| JIT miscompilation in the JavaScript Engine: JIT component. This vulnerability affects Firefox < 146, Firefox ESR < 115.31, Firefox ESR < 140.6, Thunderbird < 146, and Thunderbird < 140.6. | ||||
| CVE-2025-14322 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2025-12-10 | 8 High |
| Sandbox escape due to incorrect boundary conditions in the Graphics: CanvasWebGL component. This vulnerability affects Firefox < 146, Firefox ESR < 115.31, Firefox ESR < 140.6, Thunderbird < 146, and Thunderbird < 140.6. | ||||
| CVE-2025-14323 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2025-12-10 | 8.8 High |
| Privilege escalation in the DOM: Notifications component. This vulnerability affects Firefox < 146, Firefox ESR < 115.31, Firefox ESR < 140.6, Thunderbird < 146, and Thunderbird < 140.6. | ||||
| CVE-2025-14325 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2025-12-10 | 7.3 High |
| JIT miscompilation in the JavaScript Engine: JIT component. This vulnerability affects Firefox < 146, Firefox ESR < 140.6, Thunderbird < 146, and Thunderbird < 140.6. | ||||
| CVE-2025-14326 | 1 Mozilla | 2 Firefox, Thunderbird | 2025-12-10 | 9.8 Critical |
| Use-after-free in the Audio/Video: GMP component. This vulnerability affects Firefox < 146 and Thunderbird < 146. | ||||
| CVE-2025-14327 | 1 Mozilla | 2 Firefox, Thunderbird | 2025-12-10 | 7.5 High |
| Spoofing issue in the Downloads Panel component. This vulnerability affects Firefox < 146 and Thunderbird < 146. | ||||
| CVE-2025-14328 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2025-12-10 | 8.8 High |
| Privilege escalation in the Netmonitor component. This vulnerability affects Firefox < 146, Firefox ESR < 140.6, Thunderbird < 146, and Thunderbird < 140.6. | ||||
| CVE-2025-14329 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2025-12-10 | 8.8 High |
| Privilege escalation in the Netmonitor component. This vulnerability affects Firefox < 146, Firefox ESR < 140.6, Thunderbird < 146, and Thunderbird < 140.6. | ||||
| CVE-2025-14331 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2025-12-10 | 6.5 Medium |
| Same-origin policy bypass in the Request Handling component. This vulnerability affects Firefox < 146, Firefox ESR < 115.31, Firefox ESR < 140.6, Thunderbird < 146, and Thunderbird < 140.6. | ||||
| CVE-2025-14332 | 1 Mozilla | 2 Firefox, Thunderbird | 2025-12-10 | 7.3 High |
| Memory safety bugs present in Firefox 145 and Thunderbird 145. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 146 and Thunderbird < 146. | ||||
| CVE-2025-14333 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2025-12-10 | 8.1 High |
| Memory safety bugs present in Firefox ESR 140.5, Thunderbird ESR 140.5, Firefox 145 and Thunderbird 145. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 146, Firefox ESR < 140.6, Thunderbird < 146, and Thunderbird < 140.6. | ||||
| CVE-2025-13012 | 1 Mozilla | 2 Firefox, Firefox Esr | 2025-11-26 | 7.5 High |
| Race condition in the Graphics component. This vulnerability affects Firefox < 145, Firefox ESR < 140.5, Firefox ESR < 115.30, Thunderbird < 145, and Thunderbird < 140.5. | ||||
| CVE-2025-13013 | 1 Mozilla | 2 Firefox, Firefox Esr | 2025-11-26 | 6.1 Medium |
| Mitigation bypass in the DOM: Core & HTML component. This vulnerability affects Firefox < 145, Firefox ESR < 140.5, Firefox ESR < 115.30, Thunderbird < 145, and Thunderbird < 140.5. | ||||
| CVE-2025-13014 | 1 Mozilla | 2 Firefox, Firefox Esr | 2025-11-26 | 8.8 High |
| Use-after-free in the Audio/Video component. This vulnerability affects Firefox < 145, Firefox ESR < 140.5, Firefox ESR < 115.30, Thunderbird < 145, and Thunderbird < 140.5. | ||||
| CVE-2017-5455 | 2 Mozilla, Redhat | 7 Firefox, Enterprise Linux, Enterprise Linux Desktop and 4 more | 2025-11-25 | N/A |
| The internal feed reader APIs that crossed the sandbox barrier allowed for a sandbox escape and escalation of privilege if combined with another vulnerability that resulted in remote code execution inside the sandboxed process. This vulnerability affects Firefox ESR < 52.1 and Firefox < 53. | ||||
| CVE-2017-7823 | 3 Debian, Mozilla, Redhat | 9 Debian Linux, Firefox, Thunderbird and 6 more | 2025-11-25 | N/A |
| The content security policy (CSP) "sandbox" directive did not create a unique origin for the document, causing it to behave as if the "allow-same-origin" keyword were always specified. This could allow a Cross-Site Scripting (XSS) attack to be launched from unsafe content. This vulnerability affects Firefox < 56, Firefox ESR < 52.4, and Thunderbird < 52.4. | ||||
| CVE-2017-7825 | 3 Apple, Debian, Mozilla | 4 Mac Os X, Debian Linux, Firefox and 1 more | 2025-11-25 | N/A |
| Several fonts on OS X display some Tibetan and Arabic characters as whitespace. When used in the addressbar as part of an IDN this can be used for domain name spoofing attacks. Note: This attack only affects OS X operating systems. Other operating systems are unaffected. This vulnerability affects Firefox < 56, Firefox ESR < 52.4, and Thunderbird < 52.4. | ||||
| CVE-2017-7766 | 2 Microsoft, Mozilla | 2 Windows, Firefox | 2025-11-25 | N/A |
| An attack using manipulation of "updater.ini" contents, used by the Mozilla Windows Updater, and privilege escalation through the Mozilla Maintenance Service to allow for arbitrary file execution and deletion by the Maintenance Service, which has privileged access. Note: This attack requires local system access and only affects Windows. Other operating systems are not affected. This vulnerability affects Firefox ESR < 52.2 and Firefox < 54. | ||||