mozilla

3,565 tracked vulnerabilities.

CVE-2024-4772 MEDIUM
Firefox < 126.0 - Predictable HTTP Digest Authentication Nonce via Weak PRNG
May 14, 2024
CVSS 5.9
EPSS 0.00
CVE-2024-4771 HIGH
Firefox < 126.0 - Use-After-Free via Failed Memory Allocation
May 14, 2024
CVSS 8.6
EPSS 0.01
CVE-2024-4770 HIGH
Firefox < 126 and ESR < 115.11 - Use-After-Free in PDF Page Save
May 14, 2024
CVSS 8.8
EPSS 0.00
CVE-2024-4769 MEDIUM
Firefox <126, Firefox ESR <115.11, Thunderbird <115.11 - Info Discl...
May 14, 2024
CVSS 5.9
EPSS 0.01
CVE-2024-4768 MEDIUM
Firefox <126, Firefox ESR <115.11, Thunderbird <115.11 - Privilege ...
May 14, 2024
CVSS 6.1
EPSS 0.01
CVE-2024-4767 MEDIUM
Firefox <126, Firefox ESR <115.11, Thunderbird <115.11 - Info Discl...
May 14, 2024
CVSS 4.3
EPSS 0.01
CVE-2024-4766 MEDIUM
Firefox for Android < 126.0 - Fullscreen Notification Spoofing
May 14, 2024
CVSS 4.3
EPSS 0.00
CVE-2024-4765 HIGH
Firefox < 126.0 for Android - Arbitrary Code Execution via Manifest Hash Collision
May 14, 2024
CVSS 8.1
EPSS 0.00
CVE-2024-4764 CRITICAL
Firefox < 126.0 - Use-After-Free in WebRTC Audio Input Handling
May 14, 2024
CVSS 9.8
EPSS 0.01
CVE-2024-4367 HIGH
Firefox < 126 and ESR < 115.11 - Arbitrary JavaScript Execution in PDF.js via Missing Type Check
May 14, 2024
CVSS 8.8
EPSS 0.38
CVE-2024-3865 HIGH
Firefox < 125.0 - Memory Corruption
Apr 16, 2024
CVSS 8.1
EPSS 0.00
CVE-2024-3864 HIGH
Firefox < 125 and ESR < 115.10 - Memory Corruption
Apr 16, 2024
CVSS 8.1
EPSS 0.01
CVE-2024-3863 CRITICAL
Firefox < 125 and ESR < 115.10 - Unrestricted Download of Dangerous File Type
Apr 16, 2024
CVSS 9.8
EPSS 0.00
CVE-2024-3862 MEDIUM
Firefox < 125.0 - Use of Uninitialized Memory in MarkStack Assignment Operator
Apr 16, 2024
CVSS 5.3
EPSS 0.00
CVE-2024-3861 MEDIUM
Firefox < 125 and ESR < 115.10 - Use-After-Free via AlignedBuffer Self-Assignment
Apr 16, 2024
CVSS 4.0
EPSS 0.00
CVE-2024-3860 MEDIUM
Firefox < 125.0 - Use-After-Free via Empty Shape List
Apr 16, 2024
CVSS 6.2
EPSS 0.00
CVE-2024-3859 MEDIUM
Firefox < 125 and ESR < 115.10 - Integer Overflow via OpenType Font Parsing
Apr 16, 2024
CVSS 5.9
EPSS 0.02
CVE-2024-3858 HIGH
Firefox < 125.0 - Denial of Service via JavaScript Object Mutation
Apr 16, 2024
CVSS 7.5
EPSS 0.01
CVE-2024-3857 HIGH
Firefox < 125 and ESR < 115.10 - Use-After-Free in JIT Argument Handling
Apr 16, 2024
CVSS 7.8
EPSS 0.00
CVE-2024-3856 HIGH
Firefox < 125.0 - Use-After-Free during WASM Array Creation
Apr 16, 2024
CVSS 8.8
EPSS 0.00
CVE-2024-3855 MEDIUM
Firefox < 125.0 - Out-of-bounds Read via MSubstr JIT Optimization
Apr 16, 2024
CVSS 6.5
EPSS 0.00
CVE-2024-3854 HIGH
Firefox < 125 and ESR < 115.10 - Out-of-bounds Read via JIT Switch Statement Optimization
Apr 16, 2024
CVSS 8.8
EPSS 0.01
CVE-2024-3853 HIGH
Firefox < 125.0 - Use-After-Free during JavaScript Realm Initialization
Apr 16, 2024
CVSS 7.5
EPSS 0.00
CVE-2024-3852 HIGH
Firefox < 125 and ESR < 115.10 - Use-After-Free via JIT Optimization
Apr 16, 2024
CVSS 7.5
EPSS 0.01
CVE-2024-3302 LOW
Firefox < 125, Firefox ESR < 115.10, Thunderbird < 115.10 - DoS
Apr 16, 2024
CVSS 3.7
EPSS 0.00
Products
firefox 3,130 thunderbird 1,729 seamonkey 704 firefox_esr 488 Firefox 387 Thunderbird 359 thunderbird_esr 228 bugzilla 145 mozilla 108 network_security_services 50 Firefox ESR 44 mozilla_suite 27 firefox_focus 20 firefox_mobile 20 Firefox for iOS 19 focus 15 firefox_os 14 nss 6 Focus for iOS 5 bleach 5 bonsai 4 camino 4 vpn 4 convict 3 netscape_portable_runtime 3 geckodriver 2 mozjpeg 2 nunjucks 2 pollbot 2 webthings_gateway 2
Quick Filters
Critical CVEs With Exploits In CISA KEV