mozilla

3,565 tracked vulnerabilities.

CVE-2024-7526 MEDIUM
Firefox < 129 and Firefox ESR < 115.14 - Information Disclosure via Uninitialized Memory Read
Aug 06, 2024
CVSS 6.5
EPSS 0.00
CVE-2024-7525 HIGH
Firefox < 129 and ESR < 115.14 - Improper Access Control via StreamFilter
Aug 06, 2024
CVSS 8.1
EPSS 0.00
CVE-2024-7524 MEDIUM
Firefox < 129 and Firefox ESR < 115.14 - Cross-Site Scripting via DOM Clobbering Bypass
Aug 06, 2024
CVSS 6.1
EPSS 0.00
CVE-2024-7523 HIGH
Firefox < 129 (Android) - UI Spoofing via Select Option Overlay
Aug 06, 2024
CVSS 8.1
EPSS 0.00
CVE-2024-7522 HIGH
Firefox < 129 and Firefox ESR < 115.14 - Out-of-bounds Read in Editor Attribute Handling
Aug 06, 2024
CVSS 8.8
EPSS 0.00
CVE-2024-7521 HIGH
Firefox < 129 and Firefox ESR < 115.14 - Use-After-Free via WebAssembly Exception Handling
Aug 06, 2024
CVSS 8.8
EPSS 0.00
CVE-2024-7520 HIGH
Firefox < 129, Firefox ESR < 128.1, and Thunderbird < 128.1 - Remote Code Execution via WebAssembly Type Confusion
Aug 06, 2024
CVSS 8.8
EPSS 0.01
CVE-2024-7519 CRITICAL
Firefox < 129 and Firefox ESR < 115.14 - Out-of-bounds Write in Graphics Shared Memory
Aug 06, 2024
CVSS 9.6
EPSS 0.00
CVE-2024-7518 MEDIUM
Firefox < 129, Firefox ESR < 128.1, and Thunderbird < 128.1 - UI Spoofing via Fullscreen Notification Obscuring
Aug 06, 2024
CVSS 6.5
EPSS 0.00
CVE-2024-6615 HIGH
Firefox < 128.0 - Out-of-bounds Write
Jul 09, 2024
CVSS 8.8
EPSS 0.01
CVE-2024-6614 MEDIUM
Firefox < 128 - Denial of Service via WASM Frame Iterator Loop
Jul 09, 2024
CVSS 4.3
EPSS 0.00
CVE-2024-6613 MEDIUM
Firefox and Thunderbird < 128 - Information Disclosure via WASM Frame Iterator
Jul 09, 2024
CVSS 5.5
EPSS 0.00
CVE-2024-6612 MEDIUM
Firefox < 128 and Thunderbird < 128 - DNS Prefetch Information Leak via CSP Violation Console Links
Jul 09, 2024
CVSS 5.3
EPSS 0.00
CVE-2024-6611 CRITICAL
Firefox < 128 and Thunderbird < 128 - Sensitive Cookie Exposure via SameSite Attribute Bypass
Jul 09, 2024
CVSS 9.8
EPSS 0.01
CVE-2024-6610 MEDIUM
Firefox and Thunderbird < 128.0 - UI Misrepresentation via Form Validation Popup Escape Key Capture
Jul 09, 2024
CVSS 4.3
EPSS 0.00
CVE-2024-6609 HIGH
Firefox < 128 and Thunderbird < 128 - Use-After-Free in Elliptic Curve Key Handling
Jul 09, 2024
CVSS 8.8
EPSS 0.01
CVE-2024-6608 MEDIUM
Firefox < 128 - Cursor Position Manipulation via Pointer Lock in Iframe
Jul 09, 2024
CVSS 4.3
EPSS 0.00
CVE-2024-6607 HIGH
Firefox < 128 and Thunderbird < 128 - Use-After-Free via Pointer Lock and Custom Validity Overlay
Jul 09, 2024
CVSS 8.8
EPSS 0.01
CVE-2024-6606 HIGH
Firefox < 128 and Thunderbird < 128 - Out-of-bounds Read in Clipboard Array Access
Jul 09, 2024
CVSS 8.2
EPSS 0.00
CVE-2024-6605 HIGH
Firefox <128 - Privilege Escalation
Jul 09, 2024
CVSS 8.8
EPSS 0.01
CVE-2024-6604 HIGH
Firefox < 128 and ESR < 115.13 - Memory Corruption
Jul 09, 2024
CVSS 7.5
EPSS 0.00
CVE-2024-6603 HIGH
Firefox < 128 and ESR < 115.13 - Use-After-Free via Out-of-Memory Allocation Failure
Jul 09, 2024
CVSS 7.4
EPSS 0.00
CVE-2024-6602 CRITICAL
Firefox < 128 and ESR < 115.13 - Memory Corruption via Allocator-Deallocator Mismatch
Jul 09, 2024
CVSS 9.8
EPSS 0.01
CVE-2024-6601 MEDIUM
Firefox < 128 and Thunderbird < 128 - Race Condition Leading to Cross-Origin Permission Escalation
Jul 09, 2024
CVSS 4.7
EPSS 0.00
CVE-2024-6600 MEDIUM
Firefox < 128 and ESR < 115.13 - Out-of-Bounds Access via Large GLSL Shader Allocation
Jul 09, 2024
CVSS 6.3
EPSS 0.00
Products
firefox 3,130 thunderbird 1,729 seamonkey 704 firefox_esr 488 Firefox 387 Thunderbird 359 thunderbird_esr 228 bugzilla 145 mozilla 108 network_security_services 50 Firefox ESR 44 mozilla_suite 27 firefox_focus 20 firefox_mobile 20 Firefox for iOS 19 focus 15 firefox_os 14 nss 6 Focus for iOS 5 bleach 5 bonsai 4 camino 4 vpn 4 convict 3 netscape_portable_runtime 3 geckodriver 2 mozjpeg 2 nunjucks 2 pollbot 2 webthings_gateway 2
Quick Filters
Critical CVEs With Exploits In CISA KEV