mozilla

3,565 tracked vulnerabilities.

CVE-2021-23957 HIGH
Firefox < 85.0 - Sandbox Escape via Android Intent URL Scheme
Feb 26, 2021
CVSS 7.4
EPSS 0.00
CVE-2021-23956 MEDIUM
Firefox < 85.0 - Unintended Directory Upload via Ambiguous File Picker
Feb 26, 2021
CVSS 6.5
EPSS 0.00
CVE-2021-23955 MEDIUM
Firefox < 85.0 - Clickjacking via Pointer Lock State Transfer
Feb 26, 2021
CVSS 6.1
EPSS 0.00
CVE-2021-23954 HIGH
Firefox < 85.0 and Firefox ESR < 78.7 - Type Confusion via JavaScript Logical Assignment in Switch Statement
Feb 26, 2021
CVSS 8.8
EPSS 0.00
CVE-2021-23953 MEDIUM
Firefox < 85 - Thunderbird < 78.7 - Firefox ESR < 78.7 - XSS
Feb 26, 2021
CVSS 4.3
EPSS 0.00
CVE-2021-23976 HIGH
Firefox < 86.0 - UI Spoofing and Cross-Origin Attacks via Malicious Intent Manifest
Feb 26, 2021
CVSS 8.1
EPSS 0.00
CVE-2021-23975 MEDIUM
Firefox < 86.0 - Missing Authorization in about:memory Measure Function
Feb 26, 2021
CVSS 6.5
EPSS 0.00
CVE-2021-23974 MEDIUM
Firefox < 86.0 - Cross-Site Scripting via DOMParser Noscript Element Handling
Feb 26, 2021
CVSS 6.1
EPSS 0.00
CVE-2021-23973 MEDIUM
Firefox < 86.0, Firefox ESR < 78.8, Thunderbird < 78.8 - Information Disclosure via Cross-Origin Media Decoding Error
Feb 26, 2021
CVSS 6.5
EPSS 0.01
CVE-2021-23972 HIGH
Firefox < 86.0 - Phishing Attack via Cached HTTP Auth Redirect
Feb 26, 2021
CVSS 8.8
EPSS 0.00
CVE-2021-23971 MEDIUM
Firefox < 86.0 - Information Disclosure via Conflicting Referrer-Policy
Feb 26, 2021
CVSS 6.5
EPSS 0.00
CVE-2021-23970 MEDIUM
Firefox < 86.0 - Reachable Assertion in Multithreaded WebAssembly Code
Feb 26, 2021
CVSS 6.5
EPSS 0.00
CVE-2021-23969 MEDIUM
Firefox < 86.0, Firefox ESR < 78.8, Thunderbird < 78.8 - Information Disclosure via CSP Redirect Handling
Feb 26, 2021
CVSS 4.3
EPSS 0.01
CVE-2021-23968 MEDIUM
Firefox < 86.0, Firefox ESR < 78.8, Thunderbird < 78.8 - Information Disclosure via CSP Violation Report
Feb 26, 2021
CVSS 4.3
EPSS 0.00
CVE-2020-6817 HIGH
bleach < 3.1.4 - Regular Expression Denial of Service via Style Attribute Parsing
Feb 16, 2023
CVSS 7.5
EPSS 0.01
CVE-2020-12413 MEDIUM
Firefox < 78.0 and Firefox ESR < 68.10.0 - Timing Attack via DHE Ciphersuites
Feb 16, 2023
CVSS 5.9
EPSS 0.00
CVE-2020-15685 HIGH
Thunderbird < 78.7.0 - Command Injection via STARTTLS Plaintext Phase
Dec 22, 2022
CVSS 8.8
EPSS 0.01
CVE-2020-15679 HIGH
Mozilla VPN <1.2.2 - Session Fixation
Dec 22, 2022
CVSS 7.6
EPSS 0.01
CVE-2020-15660 HIGH
geckodriver < 0.27.0 - Cross-Site Request Forgery via Missing Content-Type Header Check
Jul 20, 2021
CVSS 8.8
EPSS 0.01
CVE-2020-12403 CRITICAL
NSS < 3.55 - Out-of-bounds Read in CHACHA20-POLY1305 Implementation
May 27, 2021
CVSS 9.1
EPSS 0.01
CVE-2020-16012 MEDIUM
Google Chrome < 87.0.4280.66 - Side-Channel Information Leakage via Graphics
Jan 08, 2021
CVSS 4.3
EPSS 0.05
CVE-2020-35114 HIGH
Mozilla Firefox <84 - Memory Corruption
Jan 07, 2021
CVSS 8.8
EPSS 0.00
CVE-2020-35113 HIGH
Mozilla Firefox <84 - Memory Corruption
Jan 07, 2021
CVSS 8.8
EPSS 0.01
CVE-2020-35112 HIGH
Firefox <84, Thunderbird <78.6, Firefox ESR <78.6 - Path Traversal
Jan 07, 2021
CVSS 8.8
EPSS 0.01
CVE-2020-35111 MEDIUM
Firefox <84, Thunderbird <78.6, Firefox ESR <78.6 - Info Disclosure
Jan 07, 2021
CVSS 4.3
EPSS 0.00
Products
firefox 3,130 thunderbird 1,729 seamonkey 704 firefox_esr 488 Firefox 387 Thunderbird 359 thunderbird_esr 228 bugzilla 145 mozilla 108 network_security_services 50 Firefox ESR 44 mozilla_suite 27 firefox_focus 20 firefox_mobile 20 Firefox for iOS 19 focus 15 firefox_os 14 nss 6 Focus for iOS 5 bleach 5 bonsai 4 camino 4 vpn 4 convict 3 netscape_portable_runtime 3 geckodriver 2 mozjpeg 2 nunjucks 2 pollbot 2 webthings_gateway 2
Quick Filters
Critical CVEs With Exploits In CISA KEV