mozilla

3,565 tracked vulnerabilities.

CVE-2024-31393 MEDIUM
Firefox for iOS < 124.0 - Security Bypass via JavaScript URL Drag to Address Bar
Apr 03, 2024
CVSS 4.3
EPSS 0.00
CVE-2024-31392 HIGH
Firefox for iOS <124 - Info Disclosure
Apr 03, 2024
CVSS 7.5
EPSS 0.00
CVE-2024-29944 HIGH
Firefox < 124.0.1 and ESR < 115.9.1 - Arbitrary JavaScript Execution via Privileged Object Event Handler Injection
Mar 22, 2024
CVSS 8.4
EPSS 0.01
CVE-2024-29943 CRITICAL
Firefox < 124.0.1 - Memory Corruption
Mar 22, 2024
CVSS 9.8
EPSS 0.54
CVE-2024-2616 LOW
Firefox ESR < 115.9 - Use After Free
Mar 19, 2024
CVSS 2.7
EPSS 0.00
CVE-2024-2615 CRITICAL
Firefox < 124.0 - Out-of-bounds Write
Mar 19, 2024
CVSS 9.8
EPSS 0.00
CVE-2024-2614 HIGH
Firefox < 124 and ESR < 115.9 - Out-of-bounds Write
Mar 19, 2024
CVSS 8.8
EPSS 0.02
CVE-2024-2613 HIGH
Firefox < 124.0 - Denial of Service via QUIC ACK Frame Decoding
Mar 19, 2024
CVSS 7.5
EPSS 0.00
CVE-2024-2612 HIGH
Firefox <124, Firefox ESR <115.9, Thunderbird <115.9 - Code Execution
Mar 19, 2024
CVSS 8.1
EPSS 0.02
CVE-2024-2611 MEDIUM
Firefox < 124 and ESR < 115.9 - Permission Grant Spoofing via Pointer Lock
Mar 19, 2024
CVSS 5.5
EPSS 0.00
CVE-2024-2610 MEDIUM
Firefox <124, Firefox ESR <115.9, Thunderbird <115.9 - Info Disclosure
Mar 19, 2024
CVSS 6.1
EPSS 0.00
CVE-2024-2609 MEDIUM
Firefox <124, Firefox ESR <115.10, Thunderbird <115.10 - CSRF
Mar 19, 2024
CVSS 6.1
EPSS 0.01
CVE-2024-2608 HIGH
Firefox <124, Firefox ESR <115.9, Thunderbird <115.9 - Buffer Overflow
Mar 19, 2024
CVSS 8.4
EPSS 0.00
CVE-2024-2607 HIGH
Firefox < 124 and ESR < 115.9 - Remote Code Execution via Return Register Overwrite
Mar 19, 2024
CVSS 8.1
EPSS 0.01
CVE-2024-2606 LOW
Firefox < 124.0 - Incorrect Type Conversion in WebAssembly
Mar 19, 2024
CVSS 3.7
EPSS 0.00
CVE-2024-2605 MEDIUM
Firefox <124, Firefox ESR <115.9, Thunderbird <115.9 - RCE
Mar 19, 2024
CVSS 5.9
EPSS 0.00
CVE-2024-1936 HIGH
Thunderbird < 115.8.1 - Insecure Storage of Sensitive Information via Email Subject Cache Contamination
Mar 04, 2024
CVSS 7.5
EPSS 0.00
CVE-2024-26284 MEDIUM
Firefox Focus < 123.0 - Universal Cross-Site Scripting via 302 Redirect
Feb 22, 2024
CVSS 6.1
EPSS 0.00
CVE-2024-26283 HIGH
Firefox for iOS < 123.0 - Cross-Site Scripting via JavaScript URI in Custom Scheme
Feb 22, 2024
CVSS 7.8
EPSS 0.00
CVE-2024-26282 HIGH
Firefox for iOS < 123.0 - Cross-Site Scripting via AMP URL Canonical Element
Feb 22, 2024
CVSS 7.1
EPSS 0.00
CVE-2024-26281 MEDIUM
Firefox for iOS < 123.0 - Cross-Site Scripting via QR Code Scanner
Feb 22, 2024
CVSS 4.7
EPSS 0.00
CVE-2024-1563 HIGH
Firefox Focus < 122.0 - Unauthorized Script Execution via JavaScript URI and Timeout Race Condition
Feb 22, 2024
CVSS 8.1
EPSS 0.00
CVE-2024-1557 HIGH
Firefox < 123.0 - Out-of-bounds Write
Feb 20, 2024
CVSS 8.1
EPSS 0.00
CVE-2024-1556 MEDIUM
Firefox < 123.0 - Invalid Memory Access via Built-in Profiler NULL Check
Feb 20, 2024
CVSS 6.5
EPSS 0.00
CVE-2024-1555 HIGH
Firefox < 123.0 - SameSite Cookie Bypass via firefox:// Protocol Handler
Feb 20, 2024
CVSS 8.3
EPSS 0.00
Products
firefox 3,130 thunderbird 1,729 seamonkey 704 firefox_esr 488 Firefox 387 Thunderbird 359 thunderbird_esr 228 bugzilla 145 mozilla 108 network_security_services 50 Firefox ESR 44 mozilla_suite 27 firefox_focus 20 firefox_mobile 20 Firefox for iOS 19 focus 15 firefox_os 14 nss 6 Focus for iOS 5 bleach 5 bonsai 4 camino 4 vpn 4 convict 3 netscape_portable_runtime 3 geckodriver 2 mozjpeg 2 nunjucks 2 pollbot 2 webthings_gateway 2
Quick Filters
Critical CVEs With Exploits In CISA KEV