mozilla
3,621 tracked vulnerabilities.
CVE-2024-9399
HIGH
Firefox < 131 and ESR < 128.3 - Denial of Service via WebTransport Session
Oct 01, 2024
CVSS 7.5
EPSS 0.00
CVE-2024-9398
MEDIUM
Firefox < 131 and Firefox ESR < 128.3 - Information Disclosure via Protocol Handler Detection
Oct 01, 2024
CVSS 5.3
EPSS 0.01
CVE-2024-9397
MEDIUM
Firefox < 131, Firefox ESR < 128.3, Thunderbird < 128.3 - CSRF
Oct 01, 2024
CVSS 6.1
EPSS 0.00
CVE-2024-9396
HIGH
Firefox < 131 and ESR < 128.3 - Memory Corruption via Structured Clone
Oct 01, 2024
CVSS 8.8
EPSS 0.01
CVE-2024-9395
MEDIUM
Firefox < 131.0 for Android - Filename Extension Spoofing via Large Number of Spaces
Oct 01, 2024
CVSS 5.3
EPSS 0.00
CVE-2024-9394
HIGH
Firefox < 131 and ESR < 115.16.0 - Cross-Site Scripting via Multipart Response
Oct 01, 2024
CVSS 7.5
EPSS 0.00
CVE-2024-9393
HIGH
Firefox < 131 and Firefox ESR < 115.16.0 - Origin Validation Error via Multipart Response
Oct 01, 2024
CVSS 7.5
EPSS 0.00
CVE-2024-9392
CRITICAL
Firefox < 131 and ESR < 128.3 - Arbitrary Cross-Origin Page Loading via Compromised Content Process
Oct 01, 2024
CVSS 9.8
EPSS 0.01
CVE-2024-9391
MEDIUM
Firefox Focus for Android < 131.0 - Authentication Bypass by Spoofing via Full-Screen Mode
Oct 01, 2024
CVSS 6.5
EPSS 0.00
CVE-2024-8900
HIGH
Firefox < 129.0 - Unauthenticated Clipboard Write Bypass via Navigational Event Sequence
Sep 17, 2024
CVSS 7.5
EPSS 0.00
CVE-2024-8897
MEDIUM
Firefox for Android < 130.0.1 - Address Bar Spoofing via Open Redirect
Sep 17, 2024
CVSS 6.1
EPSS 0.07
CVE-2024-7652
HIGH
Firefox < 128 and ESR < 115.13 - Type Confusion via Async Generator Handling
Sep 06, 2024
CVSS 7.5
EPSS 0.01
CVE-2024-8394
MEDIUM
Thunderbird < 128.2 - Use After Free
Sep 06, 2024
CVSS 6.5
EPSS 0.00
CVE-2024-8399
MEDIUM
Firefox Focus < 130.0 - URL Spoofing via JavaScript Links
Sep 03, 2024
CVSS 4.7
EPSS 0.00
CVE-2024-8389
CRITICAL
Firefox < 130 - Memory Corruption
Sep 03, 2024
CVSS 9.8
EPSS 0.00
CVE-2024-8388
MEDIUM
Firefox < 130.0 - UI Spoofing via Fullscreen Transition Notification Obscuring
Sep 03, 2024
CVSS 5.3
EPSS 0.00
CVE-2024-8387
CRITICAL
Firefox < 130, Firefox ESR < 128.2, and Thunderbird < 128.2 - Memory Corruption
Sep 03, 2024
CVSS 9.8
EPSS 0.01
CVE-2024-8386
MEDIUM
Firefox < 130- Thunderbird < 128.2 - XSS
Sep 03, 2024
CVSS 6.1
EPSS 0.00
CVE-2024-8385
CRITICAL
Firefox < 130.0 and Firefox ESR < 128.2 - Type Confusion via WASM StructFields and ArrayTypes
Sep 03, 2024
CVSS 9.8
EPSS 0.01
CVE-2024-8384
CRITICAL
Firefox < 130 and Firefox ESR < 115.15 - Use-After-Free in JavaScript Garbage Collector
Sep 03, 2024
CVSS 9.8
EPSS 0.01
CVE-2024-8383
HIGH
Firefox < 130.0 and Firefox ESR < 115.15 - Insecure Default Handler Initialization for news: and snews: Schemes
Sep 03, 2024
CVSS 7.5
EPSS 0.01
CVE-2024-8382
HIGH
Firefox < 130 and Firefox ESR < 115.15 - Privilege Escalation via EventHandler Interface Exposure
Sep 03, 2024
CVSS 8.8
EPSS 0.01
CVE-2024-8381
CRITICAL
Firefox < 130 and Firefox ESR < 115.15 - Type Confusion via 'with' Environment Property Lookup
Sep 03, 2024
CVSS 9.8
EPSS 0.04
CVE-2024-43113
MEDIUM
Firefox for iOS < 129 - Cross-Site Scripting via Link Contextual Menu
Aug 06, 2024
CVSS 6.1
EPSS 0.00
CVE-2024-43112
MEDIUM
Firefox for iOS < 129 - Cross-Site Scripting via Download Link Long Press
Aug 06, 2024
CVSS 6.1
EPSS 0.00
Products
firefox 3,179
thunderbird 1,773
seamonkey 704
firefox_esr 488
Firefox 434
Thunderbird 403
thunderbird_esr 228
bugzilla 145
mozilla 108
network_security_services 50
Firefox ESR 44
mozilla_suite 27
Firefox for iOS 25
firefox_mobile 22
firefox_focus 20
focus 16
firefox_os 14
Focus for iOS 6
nss 6
bleach 5
bonsai 4
camino 4
vpn 4
convict 3
netscape_portable_runtime 3
geckodriver 2
mozjpeg 2
nunjucks 2
pollbot 2
webthings_gateway 2
Quick Filters