mozilla

3,565 tracked vulnerabilities.

CVE-2022-22737 HIGH
Firefox < 96.0 and Firefox ESR < 91.5 - Use-After-Free via Audio Sink Race Condition
Dec 22, 2022
CVSS 7.5
EPSS 0.00
CVE-2022-22736 HIGH
Firefox < 96.0 - Local Privilege Escalation via World-Writable Installation Directory
Dec 22, 2022
CVSS 7.0
EPSS 0.00
CVE-2022-1887 CRITICAL
Firefox for iOS < 101 - SQL Injection
Dec 22, 2022
CVSS 9.8
EPSS 0.01
CVE-2022-1834 MEDIUM
Thunderbird < 91.10 - Improper Certificate Validation via Braille Pattern Blank Character
Dec 22, 2022
CVSS 6.5
EPSS 0.00
CVE-2022-1802 HIGH
Firefox < 100.0.2, Firefox ESR < 91.9.1, Thunderbird < 91.9.1 - Privileged JavaScript Execution via Prototype Pollution
Dec 22, 2022
CVSS 8.8
EPSS 0.68
CVE-2022-1529 HIGH
Firefox < 100.0.2 and Firefox ESR < 91.9.1 - Prototype Pollution via Parent Process Message Handling
Dec 22, 2022
CVSS 8.8
EPSS 0.04
CVE-2022-1520 MEDIUM
Thunderbird < 91.9 - Origin Validation Error in Attached Message Security Status Display
Dec 22, 2022
CVSS 4.3
EPSS 0.00
CVE-2022-1197 MEDIUM
Thunderbird < 91.8 - Improper Certificate Validation
Dec 22, 2022
CVSS 5.4
EPSS 0.00
CVE-2022-1196 MEDIUM
Firefox ESR < 91.8 - Use-After-Free in VR Process
Dec 22, 2022
CVSS 6.5
EPSS 0.00
CVE-2022-1097 MEDIUM
Firefox < 99.0 and Firefox ESR < 91.8 - Use-After-Free in NSSToken
Dec 22, 2022
CVSS 6.5
EPSS 0.00
CVE-2022-0843 HIGH
Firefox < 98 - Out-of-bounds Write
Dec 22, 2022
CVSS 8.8
EPSS 0.00
CVE-2022-0566 HIGH
Thunderbird <91.6.1 - Buffer Overflow
Dec 22, 2022
CVSS 8.8
EPSS 0.00
CVE-2022-0517 HIGH
Mozilla VPN < 2.7.1 - Arbitrary Code Execution via OpenSSL Configuration File
Dec 22, 2022
CVSS 7.8
EPSS 0.00
CVE-2022-0511 HIGH
Mozilla Firefox <97 - Memory Corruption
Dec 22, 2022
CVSS 8.8
EPSS 0.00
CVE-2022-4066 LOW
davidmoreno onion - Info Disclosure
Nov 19, 2022
CVSS 3.5
EPSS 0.01
CVE-2022-3479 HIGH
Network Security Services 3.77-3.87 - Denial of Service via Client Auth Crash
Oct 14, 2022
CVSS 7.5
EPSS 0.00
CVE-2022-21190 HIGH
convict < 6.2.3 - Prototype Pollution via Bypass of CVE-2022-22143 Fix
May 13, 2022
CVSS 7.5
EPSS 0.01
CVE-2022-29167 HIGH
Hawk < 9.0.1 - Denial of Service via Host Header Regular Expression
May 05, 2022
CVSS 7.4
EPSS 0.00
CVE-2022-22143 HIGH
convict <6.2.2 - Prototype Pollution
May 01, 2022
CVSS 7.5
EPSS 0.02
CVE-2021-43529 CRITICAL
Thunderbird <91.3.0 - Heap Overflow
Feb 16, 2023
CVSS 9.8
EPSS 0.00
CVE-2021-23980 MEDIUM
Mozilla Bleach < 3.3.0 - Cross-Site Scripting via SVG/Math Tags with Strip Comments Disabled
Feb 16, 2023
CVSS 6.1
EPSS 0.00
CVE-2021-4221 MEDIUM
Firefox < 92.0 - Domain Spoofing via RTL Character Homoglyph
Dec 22, 2022
CVSS 4.3
EPSS 0.00
CVE-2021-4140 CRITICAL
Firefox ESR < 91.5, Firefox < 96, Thunderbird < 91.5 - XSS
Dec 22, 2022
CVSS 10.0
EPSS 0.00
CVE-2021-4129 CRITICAL
Firefox < 95.0 and Firefox ESR < 91.4.0 - Out-of-bounds Write
Dec 22, 2022
CVSS 9.8
EPSS 0.00
CVE-2021-4128 MEDIUM
Firefox < 95.0 - Use-After-Free in Fullscreen Mode Transition
Dec 22, 2022
CVSS 6.5
EPSS 0.00
Products
firefox 3,130 thunderbird 1,729 seamonkey 704 firefox_esr 488 Firefox 387 Thunderbird 359 thunderbird_esr 228 bugzilla 145 mozilla 108 network_security_services 50 Firefox ESR 44 mozilla_suite 27 firefox_focus 20 firefox_mobile 20 Firefox for iOS 19 focus 15 firefox_os 14 nss 6 Focus for iOS 5 bleach 5 bonsai 4 camino 4 vpn 4 convict 3 netscape_portable_runtime 3 geckodriver 2 mozjpeg 2 nunjucks 2 pollbot 2 webthings_gateway 2
Quick Filters
Critical CVEs With Exploits In CISA KEV