mozilla
3,621 tracked vulnerabilities.
CVE-2022-2200
HIGH
Firefox < 102.0 and Firefox ESR < 91.11 - Prototype Pollution leading to Privileged Code Execution
Dec 22, 2022
CVSS 8.8
EPSS 0.24
CVE-2022-29918
HIGH
Firefox < 100.0 - Out-of-bounds Write
Dec 22, 2022
CVSS 8.8
EPSS 0.01
CVE-2022-29917
CRITICAL
Firefox < 100.0 and Firefox ESR < 91.9 - Out-of-bounds Write
Dec 22, 2022
CVSS 9.8
EPSS 0.01
CVE-2022-29916
MEDIUM
Firefox < 100.0 and Firefox ESR < 91.9 - Browser History Probing via CSS Variable Resource Loading
Dec 22, 2022
CVSS 6.5
EPSS 0.01
CVE-2022-29915
MEDIUM
Firefox < 100.0 - Origin Validation Error via Performance API
Dec 22, 2022
CVSS 4.3
EPSS 0.00
CVE-2022-29914
MEDIUM
Firefox < 100.0 and Firefox ESR < 91.9 - UI Spoofing via Fullscreen Notification Overlay
Dec 22, 2022
CVSS 6.5
EPSS 0.01
CVE-2022-29913
MEDIUM
Thunderbird < 91.9 - Improper Authorization via Speech Synthesis Feature
Dec 22, 2022
CVSS 6.5
EPSS 0.00
CVE-2022-29912
MEDIUM
Firefox < 100.0 and Firefox ESR < 91.9 - Open Redirect via Reader Mode
Dec 22, 2022
CVSS 6.1
EPSS 0.01
CVE-2022-29911
MEDIUM
Thunderbird <91.9 & Firefox <100 - XSS
Dec 22, 2022
CVSS 6.1
EPSS 0.01
CVE-2022-29910
MEDIUM
Firefox for Android < 100.0 - HSTS Bypass via Improper Persistence
Dec 22, 2022
CVSS 6.1
EPSS 0.00
CVE-2022-29909
HIGH
Firefox < 100.0 and Firefox ESR < 91.9 - Incorrect Default Permissions via Cross-Origin Browsing Context
Dec 22, 2022
CVSS 8.8
EPSS 0.01
CVE-2022-28289
HIGH
Firefox < 99.0 and Firefox ESR < 91.8 - Out-of-bounds Write
Dec 22, 2022
CVSS 8.8
EPSS 0.01
CVE-2022-28288
HIGH
Firefox < 99.0 - Out-of-bounds Write
Dec 22, 2022
CVSS 8.8
EPSS 0.01
CVE-2022-28287
MEDIUM
Firefox < 99.0 - Denial of Service via Text Selection Caching
Dec 22, 2022
CVSS 6.5
EPSS 0.01
CVE-2022-28286
MEDIUM
Firefox < 99.0 and Firefox ESR < 91.8 - UI Spoofing via Iframe Layout Rendering
Dec 22, 2022
CVSS 5.4
EPSS 0.01
CVE-2022-28285
MEDIUM
Firefox < 99.0 and Firefox ESR < 91.8 - Out-of-bounds Read in MLoadTypedArrayElementHole
Dec 22, 2022
CVSS 6.5
EPSS 0.01
CVE-2022-28284
HIGH
Firefox < 99.0 - Cross-Site Scripting via SVG Use Element
Dec 22, 2022
CVSS 8.8
EPSS 0.01
CVE-2022-28283
MEDIUM
Firefox < 99.0 - Unauthenticated Arbitrary File Read via DevTools sourceMapURL
Dec 22, 2022
CVSS 6.5
EPSS 0.01
CVE-2022-28282
MEDIUM
Firefox < 99.0 and Firefox ESR < 91.8 - Use-After-Free via Localization Link
Dec 22, 2022
CVSS 6.5
EPSS 0.02
CVE-2022-28281
HIGH
Firefox < 99.0 and Firefox ESR < 91.8 - Out-of-bounds Write via WebAuthN Extensions
Dec 22, 2022
CVSS 8.8
EPSS 0.03
CVE-2022-26486
CRITICAL
KEV
Firefox < 97.0.2, ESR < 91.6.1, Android < 97.3.0, Thunderbird < 91.6.2, Focus < 97.3.0 - Use-After-Free via WebGPU IPC
Dec 22, 2022
CVSS 9.6
EPSS 0.02
CVE-2022-26485
HIGH
KEV
Firefox < 97.0.2 - Use After Free
Dec 22, 2022
CVSS 8.8
EPSS 0.14
CVE-2022-26387
HIGH
Firefox < 98 and Firefox ESR < 91.7 - Time-of-check Time-of-use Race Condition in Add-on Installation
Dec 22, 2022
CVSS 7.5
EPSS 0.01
CVE-2022-26386
MEDIUM
Firefox ESR < 91.7 - Info Disclosure
Dec 22, 2022
CVSS 6.5
EPSS 0.01
CVE-2022-26385
MEDIUM
Firefox < 98.0 - Use-After-Free during Thread Shutdown
Dec 22, 2022
CVSS 6.5
EPSS 0.01
Products
firefox 3,181
thunderbird 1,773
seamonkey 704
firefox_esr 488
Firefox 434
Thunderbird 403
thunderbird_esr 228
bugzilla 145
mozilla 108
network_security_services 50
Firefox ESR 44
mozilla_suite 27
Firefox for iOS 25
firefox_mobile 23
firefox_focus 20
focus 16
firefox_os 14
Focus for iOS 6
nss 6
bleach 5
bonsai 4
camino 4
vpn 4
convict 3
netscape_portable_runtime 3
geckodriver 2
mozjpeg 2
nunjucks 2
pollbot 2
webthings_gateway 2
Quick Filters