mozilla
3,565 tracked vulnerabilities.
CVE-2024-9393
HIGH
Firefox < 131 and Firefox ESR < 115.16.0 - Origin Validation Error via Multipart Response
Oct 01, 2024
CVSS 7.5
EPSS 0.00
CVE-2024-9392
CRITICAL
Firefox < 131 and ESR < 128.3 - Arbitrary Cross-Origin Page Loading via Compromised Content Process
Oct 01, 2024
CVSS 9.8
EPSS 0.00
CVE-2024-9391
MEDIUM
Firefox Focus for Android < 131.0 - Authentication Bypass by Spoofing via Full-Screen Mode
Oct 01, 2024
CVSS 6.5
EPSS 0.00
CVE-2024-8900
HIGH
Firefox < 129.0 - Unauthenticated Clipboard Write Bypass via Navigational Event Sequence
Sep 17, 2024
CVSS 7.5
EPSS 0.00
CVE-2024-8897
MEDIUM
Firefox for Android < 130.0.1 - Address Bar Spoofing via Open Redirect
Sep 17, 2024
CVSS 6.1
EPSS 0.12
CVE-2024-7652
HIGH
Firefox < 128 and ESR < 115.13 - Type Confusion via Async Generator Handling
Sep 06, 2024
CVSS 7.5
EPSS 0.00
CVE-2024-8394
MEDIUM
Thunderbird < 128.2 - Use After Free
Sep 06, 2024
CVSS 6.5
EPSS 0.00
CVE-2024-8399
MEDIUM
Firefox Focus < 130.0 - URL Spoofing via JavaScript Links
Sep 03, 2024
CVSS 4.7
EPSS 0.00
CVE-2024-8389
CRITICAL
Firefox < 130 - Memory Corruption
Sep 03, 2024
CVSS 9.8
EPSS 0.01
CVE-2024-8388
MEDIUM
Firefox < 130.0 - UI Spoofing via Fullscreen Transition Notification Obscuring
Sep 03, 2024
CVSS 5.3
EPSS 0.00
CVE-2024-8387
CRITICAL
Firefox < 130, Firefox ESR < 128.2, and Thunderbird < 128.2 - Memory Corruption
Sep 03, 2024
CVSS 9.8
EPSS 0.01
CVE-2024-8386
MEDIUM
Firefox < 130- Thunderbird < 128.2 - XSS
Sep 03, 2024
CVSS 6.1
EPSS 0.00
CVE-2024-8385
CRITICAL
Firefox < 130.0 and Firefox ESR < 128.2 - Type Confusion via WASM StructFields and ArrayTypes
Sep 03, 2024
CVSS 9.8
EPSS 0.00
CVE-2024-8384
CRITICAL
Firefox < 130 and Firefox ESR < 115.15 - Use-After-Free in JavaScript Garbage Collector
Sep 03, 2024
CVSS 9.8
EPSS 0.00
CVE-2024-8383
HIGH
Firefox < 130.0 and Firefox ESR < 115.15 - Insecure Default Handler Initialization for news: and snews: Schemes
Sep 03, 2024
CVSS 7.5
EPSS 0.00
CVE-2024-8382
HIGH
Firefox < 130 and Firefox ESR < 115.15 - Privilege Escalation via EventHandler Interface Exposure
Sep 03, 2024
CVSS 8.8
EPSS 0.00
CVE-2024-8381
CRITICAL
Firefox < 130 and Firefox ESR < 115.15 - Type Confusion via 'with' Environment Property Lookup
Sep 03, 2024
CVSS 9.8
EPSS 0.12
CVE-2024-43113
MEDIUM
Firefox for iOS < 129 - Cross-Site Scripting via Link Contextual Menu
Aug 06, 2024
CVSS 6.1
EPSS 0.01
CVE-2024-43112
MEDIUM
Firefox for iOS < 129 - Cross-Site Scripting via Download Link Long Press
Aug 06, 2024
CVSS 6.1
EPSS 0.01
CVE-2024-43111
MEDIUM
Firefox for iOS < 129 - Cross-Site Scripting via Download Link Long Press
Aug 06, 2024
CVSS 6.1
EPSS 0.01
CVE-2024-7531
MEDIUM
Firefox < 129 and Firefox ESR < 115.14 - Information Exposure via QUIC Header Protection
Aug 06, 2024
CVSS 6.5
EPSS 0.00
CVE-2024-7530
HIGH
Firefox < 129.0 - Use-After-Free via Garbage Collection Interaction
Aug 06, 2024
CVSS 8.8
EPSS 0.01
CVE-2024-7529
MEDIUM
Firefox < 129 and Firefox ESR < 115.14 - UI Misrepresentation via Date Picker Overlay
Aug 06, 2024
CVSS 6.5
EPSS 0.00
CVE-2024-7528
HIGH
Firefox < 129, Firefox ESR < 128.1, and Thunderbird < 128.1 - Use-After-Free in IndexedDB
Aug 06, 2024
CVSS 8.8
EPSS 0.00
CVE-2024-7527
HIGH
Firefox < 129 and Firefox ESR < 115.14 - Use-After-Free
Aug 06, 2024
CVSS 8.8
EPSS 0.00
Products
firefox 3,130
thunderbird 1,729
seamonkey 704
firefox_esr 488
Firefox 387
Thunderbird 359
thunderbird_esr 228
bugzilla 145
mozilla 108
network_security_services 50
Firefox ESR 44
mozilla_suite 27
firefox_focus 20
firefox_mobile 20
Firefox for iOS 19
focus 15
firefox_os 14
nss 6
Focus for iOS 5
bleach 5
bonsai 4
camino 4
vpn 4
convict 3
netscape_portable_runtime 3
geckodriver 2
mozjpeg 2
nunjucks 2
pollbot 2
webthings_gateway 2
Quick Filters