mozilla

3,565 tracked vulnerabilities.

CVE-2022-29913 MEDIUM
Thunderbird < 91.9 - Improper Authorization via Speech Synthesis Feature
Dec 22, 2022
CVSS 6.5
EPSS 0.00
CVE-2022-29912 MEDIUM
Firefox < 100.0 and Firefox ESR < 91.9 - Open Redirect via Reader Mode
Dec 22, 2022
CVSS 6.1
EPSS 0.00
CVE-2022-29911 MEDIUM
Thunderbird <91.9 & Firefox <100 - XSS
Dec 22, 2022
CVSS 6.1
EPSS 0.00
CVE-2022-29910 MEDIUM
Firefox for Android < 100.0 - HSTS Bypass via Improper Persistence
Dec 22, 2022
CVSS 6.1
EPSS 0.00
CVE-2022-29909 HIGH
Firefox < 100.0 and Firefox ESR < 91.9 - Incorrect Default Permissions via Cross-Origin Browsing Context
Dec 22, 2022
CVSS 8.8
EPSS 0.00
CVE-2022-28289 HIGH
Firefox < 99.0 and Firefox ESR < 91.8 - Out-of-bounds Write
Dec 22, 2022
CVSS 8.8
EPSS 0.01
CVE-2022-28288 HIGH
Firefox < 99.0 - Out-of-bounds Write
Dec 22, 2022
CVSS 8.8
EPSS 0.00
CVE-2022-28287 MEDIUM
Firefox < 99.0 - Denial of Service via Text Selection Caching
Dec 22, 2022
CVSS 6.5
EPSS 0.00
CVE-2022-28286 MEDIUM
Firefox < 99.0 and Firefox ESR < 91.8 - UI Spoofing via Iframe Layout Rendering
Dec 22, 2022
CVSS 5.4
EPSS 0.00
CVE-2022-28285 MEDIUM
Firefox < 99.0 and Firefox ESR < 91.8 - Out-of-bounds Read in MLoadTypedArrayElementHole
Dec 22, 2022
CVSS 6.5
EPSS 0.00
CVE-2022-28284 HIGH
Firefox < 99.0 - Cross-Site Scripting via SVG Use Element
Dec 22, 2022
CVSS 8.8
EPSS 0.00
CVE-2022-28283 MEDIUM
Firefox < 99.0 - Unauthenticated Arbitrary File Read via DevTools sourceMapURL
Dec 22, 2022
CVSS 6.5
EPSS 0.00
CVE-2022-28282 MEDIUM
Firefox < 99.0 and Firefox ESR < 91.8 - Use-After-Free via Localization Link
Dec 22, 2022
CVSS 6.5
EPSS 0.05
CVE-2022-28281 HIGH
Firefox < 99.0 and Firefox ESR < 91.8 - Out-of-bounds Write via WebAuthN Extensions
Dec 22, 2022
CVSS 8.8
EPSS 0.14
CVE-2022-26486 CRITICAL KEV
Firefox < 97.0.2, ESR < 91.6.1, Android < 97.3.0, Thunderbird < 91.6.2, Focus < 97.3.0 - Use-After-Free via WebGPU IPC
Dec 22, 2022
CVSS 9.6
EPSS 0.06
CVE-2022-26485 HIGH KEV
Firefox < 97.0.2 - Use After Free
Dec 22, 2022
CVSS 8.8
EPSS 0.07
CVE-2022-26387 HIGH
Firefox < 98 and Firefox ESR < 91.7 - Time-of-check Time-of-use Race Condition in Add-on Installation
Dec 22, 2022
CVSS 7.5
EPSS 0.00
CVE-2022-26386 MEDIUM
Firefox ESR < 91.7 - Info Disclosure
Dec 22, 2022
CVSS 6.5
EPSS 0.00
CVE-2022-26385 MEDIUM
Firefox < 98.0 - Use-After-Free during Thread Shutdown
Dec 22, 2022
CVSS 6.5
EPSS 0.00
CVE-2022-26384 CRITICAL
Firefox <98, Firefox ESR <91.7, Thunderbird <91.7 - XSS
Dec 22, 2022
CVSS 9.6
EPSS 0.00
CVE-2022-26383 MEDIUM
Firefox < 98.0, Firefox ESR < 91.7, and Thunderbird < 91.7 - Fullscreen Notification Bypass via Popup Resizing
Dec 22, 2022
CVSS 4.3
EPSS 0.00
CVE-2022-26382 MEDIUM
Firefox < 98.0 - Information Disclosure via Autofill Tooltip Font Rendering
Dec 22, 2022
CVSS 4.3
EPSS 0.00
CVE-2022-26381 HIGH
Firefox <98- Thunderbird <91.7 - Use After Free
Dec 22, 2022
CVSS 8.8
EPSS 0.00
CVE-2022-22764 HIGH
Firefox < 97.0 and Firefox ESR < 91.6 - Out-of-bounds Write
Dec 22, 2022
CVSS 8.8
EPSS 0.00
CVE-2022-22763 HIGH
Firefox < 96.0, Firefox ESR < 91.6, Thunderbird < 91.6 - Race Condition in Worker Shutdown
Dec 22, 2022
CVSS 8.8
EPSS 0.01
Products
firefox 3,130 thunderbird 1,729 seamonkey 704 firefox_esr 488 Firefox 387 Thunderbird 359 thunderbird_esr 228 bugzilla 145 mozilla 108 network_security_services 50 Firefox ESR 44 mozilla_suite 27 firefox_focus 20 firefox_mobile 20 Firefox for iOS 19 focus 15 firefox_os 14 nss 6 Focus for iOS 5 bleach 5 bonsai 4 camino 4 vpn 4 convict 3 netscape_portable_runtime 3 geckodriver 2 mozjpeg 2 nunjucks 2 pollbot 2 webthings_gateway 2
Quick Filters
Critical CVEs With Exploits In CISA KEV