mozilla

3,565 tracked vulnerabilities.

CVE-2022-38475 MEDIUM
Firefox < 104.0 - Incorrect Authorization via Zero-Length JavaScript Array
Dec 22, 2022
CVSS 6.5
EPSS 0.00
CVE-2022-38474 MEDIUM
Firefox < 104.0 for Android - Unauthenticated Audio Recording Without Notification
Dec 22, 2022
CVSS 4.3
EPSS 0.00
CVE-2022-38473 HIGH
Thunderbird/Firefox < 102.2/<91.13/<104 - SSRF
Dec 22, 2022
CVSS 8.8
EPSS 0.00
CVE-2022-38472 MEDIUM
Thunderbird <102.2-Firefox <104 - CSRF
Dec 22, 2022
CVSS 6.5
EPSS 0.00
CVE-2022-36320 CRITICAL
Mozilla Firefox <103 - Memory Corruption
Dec 22, 2022
CVSS 9.8
EPSS 0.01
CVE-2022-36319 HIGH
Firefox < 103.0 and Firefox ESR < 102.1 - UI Layer Spoofing via CSS Overflow and Transform
Dec 22, 2022
CVSS 7.5
EPSS 0.00
CVE-2022-36318 MEDIUM
Firefox ESR < 102.1, Firefox ESR < 91.12, Firefox < 103, Thunderbir...
Dec 22, 2022
CVSS 5.3
EPSS 0.00
CVE-2022-36317 MEDIUM
Firefox < 103.0 - Denial of Service via Overly Long URL
Dec 22, 2022
CVSS 6.5
EPSS 0.00
CVE-2022-36316 MEDIUM
Firefox < 103.0 - URL Redirection to Untrusted Site via Performance API
Dec 22, 2022
CVSS 6.1
EPSS 0.00
CVE-2022-36315 MEDIUM
Firefox < 103.0 - Insufficient Verification of Data Authenticity via Cached Script Reuse
Dec 22, 2022
CVSS 4.3
EPSS 0.00
CVE-2022-36314 MEDIUM
Firefox < 103.0 and Firefox ESR < 102.1 - Uncontrolled Search Path Element via Windows Shortcut
Dec 22, 2022
CVSS 5.5
EPSS 0.00
CVE-2022-34485 CRITICAL
Firefox < 102 - Out-of-bounds Write
Dec 22, 2022
CVSS 9.8
EPSS 0.01
CVE-2022-34484 HIGH
Firefox < 102.0 and Firefox ESR < 91.11 - Use-After-Free
Dec 22, 2022
CVSS 8.8
EPSS 0.00
CVE-2022-34483 HIGH
Firefox < 102.0 - Unrestricted Upload of Executable File via Drag-and-Drop Filename Manipulation
Dec 22, 2022
CVSS 8.8
EPSS 0.01
CVE-2022-34482 HIGH
Firefox < 102.0 - Unauthenticated Executable File Upload via Drag-and-Drop Filename Manipulation
Dec 22, 2022
CVSS 8.8
EPSS 0.00
CVE-2022-34481 HIGH
Firefox < 102.0 and Firefox ESR < 91.11 - Integer Overflow in nsTArray_Impl::ReplaceElementsAt()
Dec 22, 2022
CVSS 8.8
EPSS 0.00
CVE-2022-34480 HIGH
Firefox < 102.0 - Use-After-Free in lg_init() Function
Dec 22, 2022
CVSS 8.8
EPSS 0.00
CVE-2022-34479 MEDIUM
Firefox <102, Firefox ESR <91.11, Thunderbird <102, Thunderbird <91...
Dec 22, 2022
CVSS 6.5
EPSS 0.00
CVE-2022-34478 MEDIUM
Firefox < 102.0 and Firefox ESR < 91.11 - URL Redirection to Untrusted Site via ms-msdt, search, and search-ms Protocols
Dec 22, 2022
CVSS 6.5
EPSS 0.00
CVE-2022-34477 HIGH
Firefox < 102.0 - Cross-Site Leak via MediaError Message Inconsistency
Dec 22, 2022
CVSS 7.5
EPSS 0.00
CVE-2022-34476 CRITICAL
Firefox < 102.0 - ASN.1 Parsing Vulnerability via Malformed Indefinite SEQUENCE
Dec 22, 2022
CVSS 9.8
EPSS 0.01
CVE-2022-34475 MEDIUM
Firefox < 102.0 - Cross-Site Scripting via SVG Use Tag and HTML Sanitizer API
Dec 22, 2022
CVSS 6.1
EPSS 0.01
CVE-2022-34474 MEDIUM
Firefox < 102.0 - Open Redirect via Sandboxed Iframe
Dec 22, 2022
CVSS 6.1
EPSS 0.00
CVE-2022-34473 MEDIUM
Firefox < 102.0 - Cross-Site Scripting via SVG xlink:href Attribute
Dec 22, 2022
CVSS 6.1
EPSS 0.01
CVE-2022-34472 MEDIUM
Firefox <102, Thunderbird <91.11 - Info Disclosure
Dec 22, 2022
CVSS 4.3
EPSS 0.00
Products
firefox 3,130 thunderbird 1,729 seamonkey 704 firefox_esr 488 Firefox 387 Thunderbird 359 thunderbird_esr 228 bugzilla 145 mozilla 108 network_security_services 50 Firefox ESR 44 mozilla_suite 27 firefox_focus 20 firefox_mobile 20 Firefox for iOS 19 focus 15 firefox_os 14 nss 6 Focus for iOS 5 bleach 5 bonsai 4 camino 4 vpn 4 convict 3 netscape_portable_runtime 3 geckodriver 2 mozjpeg 2 nunjucks 2 pollbot 2 webthings_gateway 2
Quick Filters
Critical CVEs With Exploits In CISA KEV