| Bug | Description |
|---|
| CVE-2024-43113 | The contextual menu for links could provide an opportunity for cross-s ... |
| CVE-2024-43112 | Long pressing on a download link could potentially provide a means for ... |
| CVE-2024-43111 | Long pressing on a download link could potentially allow Javascript co ... |
| CVE-2024-38313 | In certain scenarios a malicious website could attempt to display a fa ... |
| CVE-2024-38312 | When browsing private tabs, some data related to location history or w ... |
| CVE-2024-31393 | Dragging Javascript URLs to the address bar could cause them to be loa ... |
| CVE-2024-31392 | If an insecure element was added to a page after a delay, Firefox woul ... |
| CVE-2024-29944 | An attacker was able to inject an event handler into a privileged obje ... |
| CVE-2024-29943 | An attacker was able to perform an out-of-bounds read or write on a Ja ... |
| CVE-2024-26283 | An attacker could have executed unauthorized scripts on top origin sit ... |
| CVE-2024-26282 | Using an AMP url with a canonical element, an attacker could have exec ... |
| CVE-2024-26281 | Upon scanning a JavaScript URI with the QR code scanner, an attacker c ... |
| CVE-2024-10941 | A malicious website could have included an iframe with an malformed UR ... |
| CVE-2024-10474 | Focus was incorrectly allowing internal links to utilize the app schem ... |
| CVE-2024-10468 | Potential race conditions in IndexedDB could have caused memory corrup ... |
| CVE-2024-10467 | Memory safety bugs present in Firefox 131, Firefox ESR 128.3, and Thun ... |
| CVE-2024-10466 | By sending a specially crafted push message, a remote server could hav ... |
| CVE-2024-10465 | A clipboard "paste" button could persist across tabs which allowed a s ... |
| CVE-2024-10464 | Repeated writes to history interface attributes could have been used t ... |
| CVE-2024-10463 | Video frames could have been leaked between origins in some situations ... |
| CVE-2024-10462 | Truncation of a long URL could have allowed origin spoofing in a permi ... |
| CVE-2024-10461 | In multipart/x-mixed-replace responses, `Content-Disposition: attachme ... |
| CVE-2024-10460 | The origin of an external protocol handler prompt could have been obsc ... |
| CVE-2024-10459 | An attacker could have caused a use-after-free when accessibility was ... |
| CVE-2024-10458 | A permission leak could have occurred from a trusted site to an untrus ... |
| CVE-2024-10004 | Opening an external link to an HTTP website when Firefox iOS was previ ... |
| CVE-2024-9936 | When manipulating the selection node cache, an attacker may have been ... |
| CVE-2024-9680 | An attacker was able to achieve code execution in the content process ... |
| CVE-2024-9403 | Memory safety bugs present in Firefox 130. Some of these bugs showed e ... |
| CVE-2024-9402 | Memory safety bugs present in Firefox 130, Firefox ESR 128.2, and Thun ... |
| CVE-2024-9401 | Memory safety bugs present in Firefox 130, Firefox ESR 115.15, Firefox ... |
| CVE-2024-9400 | A potential memory corruption vulnerability could be triggered if an a ... |
| CVE-2024-9399 | A website configured to initiate a specially crafted WebTransport sess ... |
| CVE-2024-9398 | By checking the result of calls to `window.open` with specifically set ... |
| CVE-2024-9397 | A missing delay in directory upload UI could have made it possible for ... |
| CVE-2024-9396 | It is currently unknown if this issue is exploitable but a condition m ... |
| CVE-2024-9395 | A specially crafted filename containing a large number of spaces could ... |
| CVE-2024-9394 | An attacker could, via a specially crafted multipart response, execute ... |
| CVE-2024-9393 | An attacker could, via a specially crafted multipart response, execute ... |
| CVE-2024-9392 | A compromised content process could have allowed for the arbitrary loa ... |
| CVE-2024-9391 | A user who enables full-screen mode on a specially crafted web page co ... |
| CVE-2024-8900 | An attacker could write data to the user's clipboard, bypassing the us ... |
| CVE-2024-8897 | Under certain conditions, an attacker with the ability to redirect use ... |
| CVE-2024-8389 | Memory safety bugs present in Firefox 129. Some of these bugs showed e ... |
| CVE-2024-8388 | Multiple prompts and panels from both Firefox and the Android OS could ... |
| CVE-2024-8387 | Memory safety bugs present in Firefox 129, Firefox ESR 128.1, and Thun ... |
| CVE-2024-8386 | If a site had been granted the permission to open popup windows, it co ... |
| CVE-2024-8385 | A difference in the handling of StructFields and ArrayTypes in WASM co ... |
| CVE-2024-8384 | The JavaScript garbage collector could mis-color cross-compartment obj ... |
| CVE-2024-8383 | Firefox normally asks for confirmation before asking the operating sys ... |
| CVE-2024-8382 | Internal browser event interfaces were exposed to web content when pri ... |
| CVE-2024-8381 | A potentially exploitable type confusion could be triggered when looki ... |
| CVE-2024-7652 | An error in the ECMA-262 specification relating to Async Generators co ... |
| CVE-2024-7531 | Calling `PK11_Encrypt()` in NSS using CKM_CHACHA20 and the same buffer ... |
| CVE-2024-7530 | Incorrect garbage collection interaction could have led to a use-after ... |
| CVE-2024-7529 | The date picker could partially obscure security prompts. This could b ... |
| CVE-2024-7528 | Incorrect garbage collection interaction in IndexedDB could have led t ... |
| CVE-2024-7527 | Unexpected marking work at the start of sweeping could have led to a u ... |
| CVE-2024-7526 | ANGLE failed to initialize parameters which lead to reading from unini ... |
| CVE-2024-7525 | It was possible for a web extension with minimal permissions to create ... |
| CVE-2024-7524 | Firefox adds web-compatibility shims in place of some tracking scripts ... |
| CVE-2024-7523 | A select option could partially obscure security prompts. This could b ... |
| CVE-2024-7522 | Editor code failed to check an attribute value. This could have led to ... |
| CVE-2024-7521 | Incomplete WebAssembly exception handing could have led to a use-after ... |
| CVE-2024-7520 | A type confusion bug in WebAssembly could be leveraged by an attacker ... |
| CVE-2024-7519 | Insufficient checks when processing graphics shared memory could have ... |
| CVE-2024-7518 | Select options could obscure the fullscreen notification dialog. This ... |
| CVE-2024-6615 | Memory safety bugs present in Firefox 127 and Thunderbird 127. Some of ... |
| CVE-2024-6614 | The frame iterator could get stuck in a loop when encountering certain ... |
| CVE-2024-6613 | The frame iterator could get stuck in a loop when encountering certain ... |
| CVE-2024-6612 | CSP violations generated links in the console tab of the developer too ... |
| CVE-2024-6611 | A nested iframe, triggering a cross-site navigation, could send SameSi ... |
| CVE-2024-6610 | Form validation popups could capture escape key presses. Therefore, sp ... |
| CVE-2024-6609 | When almost out-of-memory an elliptic curve key which was never alloca ... |
| CVE-2024-6608 | It was possible to move the cursor using pointerlock from an iframe. T ... |
| CVE-2024-6607 | It was possible to prevent a user from exiting pointerlock when pressi ... |
| CVE-2024-6606 | Clipboard code failed to check the index on an array access. This coul ... |
| CVE-2024-6605 | Firefox Android allowed immediate interaction with permission prompts. ... |
| CVE-2024-6604 | Memory safety bugs present in Firefox 127, Firefox ESR 115.12, and Thu ... |
| CVE-2024-6603 | In an out-of-memory scenario an allocation could fail but free would h ... |
| CVE-2024-6602 | A mismatch between allocator and deallocator could have lead to memory ... |
| CVE-2024-6601 | A race condition could lead to a cross-origin container obtaining perm ... |
| CVE-2024-6600 | Due to large allocation checks in Angle for GLSL shaders being too len ... |
| CVE-2024-5701 | Memory safety bugs present in Firefox 126. Some of these bugs showed e ... |
| CVE-2024-5700 | Memory safety bugs present in Firefox 126, Firefox ESR 115.11, and Thu ... |
| CVE-2024-5699 | In violation of spec, cookie prefixes such as `__Secure` were being ig ... |
| CVE-2024-5698 | By manipulating the fullscreen feature while opening a data-list, an a ... |
| CVE-2024-5697 | A website was able to detect when a user took a screenshot of a page u ... |
| CVE-2024-5696 | By manipulating the text in an `<input>` tag, an attacker could ... |
| CVE-2024-5695 | If an out-of-memory condition occurs at a specific point using allocat ... |
| CVE-2024-5694 | An attacker could have caused a use-after-free in the JavaScript engin ... |
| CVE-2024-5693 | Offscreen Canvas did not properly track cross-origin tainting, which c ... |
| CVE-2024-5692 | On Windows 10, when using the 'Save As' functionality, an attacker cou ... |
| CVE-2024-5691 | By tricking the browser with a `X-Frame-Options` header, a sandboxed i ... |
| CVE-2024-5690 | By monitoring the time certain operations take, an attacker could have ... |
| CVE-2024-5689 | In addition to detecting when a user was taking a screenshot (XXX), a ... |
| CVE-2024-5688 | If a garbage collection was triggered at the right time, a use-after-f ... |
| CVE-2024-5687 | If a specific sequence of actions is performed when opening a new tab, ... |
| CVE-2024-4778 | Memory safety bugs present in Firefox 125. Some of these bugs showed e ... |
| CVE-2024-4777 | Memory safety bugs present in Firefox 125, Firefox ESR 115.10, and Thu ... |
| CVE-2024-4776 | A file dialog shown while in full-screen mode could have resulted in t ... |
| CVE-2024-4775 | An iterator stop condition was missing when handling WASM code in the ... |
| CVE-2024-4774 | The `ShmemCharMapHashEntry()` code was susceptible to potentially unde ... |
| CVE-2024-4773 | When a network error occurred during page load, the prior content coul ... |
| CVE-2024-4772 | An HTTP digest authentication nonce value was generated using `rand()` ... |
| CVE-2024-4771 | A memory allocation check was missing which would lead to a use-after- ... |
| CVE-2024-4770 | When saving a page to PDF, certain font styles could have led to a pot ... |
| CVE-2024-4769 | When importing resources using Web Workers, error messages would disti ... |
| CVE-2024-4768 | A bug in popup notifications' interaction with WebAuthn made it easier ... |
| CVE-2024-4767 | If the `browser.privatebrowsing.autostart` preference is enabled, Inde ... |
| CVE-2024-4766 | Different techniques existed to obscure the fullscreen notification in ... |
| CVE-2024-4765 | Web application manifests were stored by using an insecure MD5 hash wh ... |
| CVE-2024-4764 | Multiple WebRTC threads could have claimed a newly connected audio inp ... |
| CVE-2024-4367 | A type check was missing when handling fonts in PDF.js, which would al ... |
| CVE-2024-3865 | Memory safety bugs present in Firefox 124. Some of these bugs showed e ... |
| CVE-2024-3864 | Memory safety bug present in Firefox 124, Firefox ESR 115.9, and Thund ... |
| CVE-2024-3863 | The executable file warning was not presented when downloading .xrm-ms ... |
| CVE-2024-3862 | The MarkStack assignment operator, part of the JavaScript engine, coul ... |
| CVE-2024-3861 | If an AlignedBuffer were assigned to itself, the subsequent self-move ... |
| CVE-2024-3860 | An out-of-memory condition during object initialization could result i ... |
| CVE-2024-3859 | On 32-bit versions there were integer-overflows that led to an out-of- ... |
| CVE-2024-3858 | It was possible to mutate a JavaScript object so that the JIT could cr ... |
| CVE-2024-3857 | The JIT created incorrect code for arguments in certain cases. This le ... |
| CVE-2024-3856 | A use-after-free could occur during WASM execution if garbage collecti ... |
| CVE-2024-3855 | In certain cases the JIT incorrectly optimized MSubstr operations, whi ... |
| CVE-2024-3854 | In some code patterns the JIT incorrectly optimized switch statements ... |
| CVE-2024-3853 | A use-after-free could result if a JavaScript realm was in the process ... |
| CVE-2024-3852 | GetBoundName could return the wrong version of an object when JIT opti ... |
| CVE-2024-3302 | There was no limit to the number of HTTP/2 CONTINUATION frames that wo ... |
| CVE-2024-2615 | Memory safety bugs present in Firefox 123. Some of these bugs showed e ... |
| CVE-2024-2614 | Memory safety bugs present in Firefox 123, Firefox ESR 115.8, and Thun ... |
| CVE-2024-2613 | Data was not properly sanitized when decoding a QUIC ACK frame; this c ... |
| CVE-2024-2612 | If an attacker could find a way to trigger a particular code path in ` ... |
| CVE-2024-2611 | A missing delay on when pointer lock was used could have allowed a mal ... |
| CVE-2024-2610 | Using a markup injection an attacker could have stolen nonce values. T ... |
| CVE-2024-2609 | The permission prompt input delay could expire while the window is not ... |
| CVE-2024-2608 | `AppendEncodedAttributeValue(), ExtraSpaceNeededForAttrEncoding()` and ... |
| CVE-2024-2607 | Return registers were overwritten which could have allowed an attacker ... |
| CVE-2024-2606 | Passing invalid data could have led to invalid wasm values being creat ... |
| CVE-2024-2605 | An attacker could have leveraged the Windows Error Reporter to run arb ... |
| CVE-2024-1557 | Memory safety bugs present in Firefox 122. Some of these bugs showed e ... |
| CVE-2024-1556 | The incorrect object was checked for NULL in the built-in profiler, po ... |
| CVE-2024-1555 | When opening a website using the `firefox://` protocol handler, SameSi ... |
| CVE-2024-1554 | The `fetch()` API and navigation incorrectly shared the same cache, as ... |
| CVE-2024-1553 | Memory safety bugs present in Firefox 122, Firefox ESR 115.7, and Thun ... |
| CVE-2024-1552 | Incorrect code generation could have led to unexpected numeric convers ... |
| CVE-2024-1551 | Set-Cookie response headers were being incorrectly honored in multipar ... |
| CVE-2024-1550 | A malicious website could have used a combination of exiting fullscree ... |
| CVE-2024-1549 | If a website set a large custom cursor, portions of the cursor could h ... |
| CVE-2024-1548 | A website could have obscured the fullscreen notification by using a d ... |
| CVE-2024-1547 | Through a series of API calls and redirects, an attacker-controlled al ... |
| CVE-2024-1546 | When storing and re-accessing data on a networking channel, the length ... |
| CVE-2024-0953 | When a user scans a QR Code with the QR Code Scanner feature, the user ... |
| CVE-2024-0755 | Memory safety bugs present in Firefox 121, Firefox ESR 115.6, and Thun ... |
| CVE-2024-0754 | Some WASM source files could have caused a crash when loaded in devtoo ... |
| CVE-2024-0753 | In specific HSTS configurations an attacker could have bypassed HSTS o ... |
| CVE-2024-0752 | A use-after-free crash could have occurred on macOS if a Firefox updat ... |
| CVE-2024-0751 | A malicious devtools extension could have been used to escalate privil ... |
| CVE-2024-0750 | A bug in popup notifications delay calculation could have made it poss ... |
| CVE-2024-0749 | A phishing site could have repurposed an `about:` dialog to show phish ... |
| CVE-2024-0748 | A compromised content process could have updated the document URI. Thi ... |
| CVE-2024-0747 | When a parent page loaded a child in an iframe with `unsafe-inline`, t ... |
| CVE-2024-0746 | A Linux user opening the print preview dialog could have caused the br ... |
| CVE-2024-0745 | The WebAudio `OscillatorNode` object was susceptible to a stack buffer ... |
| CVE-2024-0744 | In some circumstances, JIT compiled code could have dereferenced a wil ... |
| CVE-2024-0743 | An unchecked return value in TLS handshake code could have caused a po ... |
| CVE-2024-0742 | It was possible for certain browser prompts and dialogs to be activate ... |
| CVE-2024-0741 | An out of bounds write in ANGLE could have allowed an attacker to corr ... |
| CVE-2023-49061 | An attacker could have performed HTML template injection via Reader Mo ... |
| CVE-2023-49060 | An attacker could have accessed internal pages or data by ex-filtratin ... |
| CVE-2023-37456 | The session restore helper crashed whenever there was no parameter sen ... |
| CVE-2023-37455 | The permission request prompt from the site in the background tab was ... |
| CVE-2023-37212 | Memory safety bugs present in Firefox 114. Some of these bugs showed e ... |
| CVE-2023-37211 | Memory safety bugs present in Firefox 114, Firefox ESR 102.12, and Thu ... |
| CVE-2023-37210 | A website could prevent a user from exiting full-screen mode via alert ... |
| CVE-2023-37209 | A use-after-free condition existed in `NotifyOnHistoryReload` where a ... |
| CVE-2023-37208 | When opening Diagcab files, Firefox did not warn the user that these f ... |
| CVE-2023-37207 | A website could have obscured the fullscreen notification by using a U ... |
| CVE-2023-37206 | Uploading files which contain symlinks may have allowed an attacker to ... |
| CVE-2023-37205 | The use of RTL Arabic characters in the address bar may have allowed f ... |
| CVE-2023-37204 | A website could have obscured the fullscreen notification by using an ... |
| CVE-2023-37203 | Insufficient validation in the Drag and Drop API in conjunction with s ... |
| CVE-2023-37202 | Cross-compartment wrappers wrapping a scripted proxy could have caused ... |
| CVE-2023-37201 | An attacker could have triggered a use-after-free condition when creat ... |
| CVE-2023-34417 | Memory safety bugs present in Firefox 113. Some of these bugs showed e ... |
| CVE-2023-34416 | Memory safety bugs present in Firefox 113, Firefox ESR 102.11, and Thu ... |
| CVE-2023-34415 | When choosing a site-isolated process for a document loaded from a dat ... |
| CVE-2023-34414 | The error page for sites with invalid TLS certificates was missing the ... |
| CVE-2023-32216 | Memory safety bugs present in Firefox 112. Some of these bugs showed ... |
| CVE-2023-32215 | Memory safety bugs present in Firefox 112 and Firefox ESR 102.10. Some ... |
| CVE-2023-32214 | Protocol handlers `ms-cxh` and `ms-cxh-full` could have been leveraged ... |
| CVE-2023-32213 | When reading a file, an uninitialized value could have been used as re ... |
| CVE-2023-32212 | An attacker could have positioned a <code>datalist</code> element to o ... |
| CVE-2023-32211 | A type checking bug would have led to invalid code being compiled. Thi ... |
| CVE-2023-32210 | Documents were incorrectly assuming an ordering of principal objects w ... |
| CVE-2023-32209 | A maliciously crafted favicon could have led to an out of memory crash ... |
| CVE-2023-32208 | Service workers could reveal script base URL due to dynamic `import()` ... |
| CVE-2023-32207 | A missing delay in popup notifications could have made it possible for ... |
| CVE-2023-32206 | An out-of-bound read could have led to a crash in the RLBox Expat driv ... |
| CVE-2023-32205 | In multiple cases browser prompts could have been obscured by popups c ... |
| CVE-2023-29551 | Memory safety bugs present in Firefox 111. Some of these bugs showed e ... |
| CVE-2023-29550 | Memory safety bugs present in Firefox 111 and Firefox ESR 102.9. Some ... |
| CVE-2023-29549 | Under certain circumstances, a call to the <code>bind</code> function ... |
| CVE-2023-29548 | A wrong lowering instruction in the ARM64 Ion compiler resulted in a w ... |
| CVE-2023-29547 | When a secure cookie existed in the Firefox cookie jar an insecure coo ... |
| CVE-2023-29546 | When recording the screen while in Private Browsing on Firefox for And ... |
| CVE-2023-29545 | Similar to CVE-2023-28163, this time when choosing 'Save Link As', sug ... |
| CVE-2023-29544 | If multiple instances of resource exhaustion occurred at the incorrect ... |
| CVE-2023-29543 | An attacker could have caused memory corruption and a potentially expl ... |
| CVE-2023-29542 | A newline in a filename could have been used to bypass the file extens ... |
| CVE-2023-29541 | Firefox did not properly handle downloads of files ending in <code>.de ... |
| CVE-2023-29540 | Using a redirect embedded into <code>sourceMappingUrls</code> could al ... |
| CVE-2023-29539 | When handling the filename directive in the Content-Disposition header ... |
| CVE-2023-29538 | Under specific circumstances a WebExtension may have received a <code> ... |
| CVE-2023-29537 | Multiple race conditions in the font initialization could have led to ... |
| CVE-2023-29536 | An attacker could cause the memory manager to incorrectly free a point ... |
| CVE-2023-29535 | Following a Garbage Collector compaction, weak maps may have been acce ... |
| CVE-2023-29534 | Different techniques existed to obscure the fullscreen notification in ... |
| CVE-2023-29533 | A website could have obscured the fullscreen notification by using a c ... |
| CVE-2023-29532 | A local attacker can trick the Mozilla Maintenance Service into applyi ... |
| CVE-2023-29531 | An attacker could have caused an out of bounds memory access using Web ... |
| CVE-2023-28177 | Memory safety bugs present in Firefox 110. Some of these bugs showed e ... |
| CVE-2023-28176 | Memory safety bugs present in Firefox 110 and Firefox ESR 102.8. Some ... |
| CVE-2023-28164 | Dragging a URL from a cross-origin iframe that was removed during the ... |
| CVE-2023-28163 | When downloading files through the Save As dialog on Windows with sugg ... |
| CVE-2023-28162 | While implementing AudioWorklets, some code may have casted one type t ... |
| CVE-2023-28161 | If temporary "one-time" permissions, such as the ability to use the Ca ... |
| CVE-2023-28160 | When following a redirect to a publicly accessible web extension file, ... |
| CVE-2023-28159 | The fullscreen notification could have been hidden on Firefox for Andr ... |
| CVE-2023-25752 | When accessing throttled streams, the count of available bytes needed ... |
| CVE-2023-25751 | Sometimes, when invalidating JIT code while following an iterator, the ... |
| CVE-2023-25750 | Under certain circumstances, a ServiceWorker's offline cache may have ... |
| CVE-2023-25749 | Android applications with unpatched vulnerabilities can be launched fr ... |
| CVE-2023-25748 | By displaying a prompt with a long description, the fullscreen notific ... |
| CVE-2023-25747 | A potential use-after-free in libaudio was fixed by disabling the AAud ... |
| CVE-2023-25745 | Memory safety bugs present in Firefox 109. Some of these bugs showed e ... |
| CVE-2023-25744 | Mmemory safety bugs present in Firefox 109 and Firefox ESR 102.7. Some ... |
| CVE-2023-25743 | A lack of in app notification for entering fullscreen mode could have ... |
| CVE-2023-25742 | When importing a SPKI RSA public key as ECDSA P-256, the key would be ... |
| CVE-2023-25741 | When dragging and dropping an image cross-origin, the image's size cou ... |
| CVE-2023-25740 | After downloading a Windows <code>.scf</code> script from the local fi ... |
| CVE-2023-25739 | Module load requests that failed were not being checked as to whether ... |
| CVE-2023-25738 | Members of the <code>DEVMODEW</code> struct set by the printer device ... |
| CVE-2023-25737 | An invalid downcast from <code>nsTextNode</code> to <code>SVGElement</ ... |
| CVE-2023-25736 | An invalid downcast from `nsHTMLDocument` to `nsIContent` could have l ... |
| CVE-2023-25735 | Cross-compartment wrappers wrapping a scripted proxy could have caused ... |
| CVE-2023-25734 | After downloading a Windows <code>.url</code> shortcut from the local ... |
| CVE-2023-25733 | The return value from `gfx::SourceSurfaceSkia::Map()` wasn't being ver ... |
| CVE-2023-25732 | When encoding data from an <code>inputStream</code> in <code>xpcom</co ... |
| CVE-2023-25731 | Due to URL previews in the network panel of developer tools improperly ... |
| CVE-2023-25730 | A background script invoking <code>requestFullscreen</code> and then b ... |
| CVE-2023-25729 | Permission prompts for opening external schemes were only shown for <c ... |
| CVE-2023-25728 | The <code>Content-Security-Policy-Report-Only</code> header could allo ... |
| CVE-2023-23606 | Memory safety bugs present in Firefox 108. Some of these bugs showed e ... |
| CVE-2023-23605 | Memory safety bugs present in Firefox 108 and Firefox ESR 102.6. Some ... |
| CVE-2023-23604 | A duplicate <code>SystemPrincipal</code> object could be created when ... |
| CVE-2023-23603 | Regular expressions used to filter out forbidden properties and values ... |
| CVE-2023-23602 | A mishandled security check when creating a WebSocket in a WebWorker c ... |
| CVE-2023-23601 | Navigations were being allowed when dragging a URL from a cross-origin ... |
| CVE-2023-23600 | Per origin notification permissions were being stored in a way that di ... |
| CVE-2023-23599 | When copying a network request from the developer tools panel as a cur ... |
| CVE-2023-23598 | Due to the Firefox GTK wrapper code's use of text/plain for drag data ... |
| CVE-2023-23597 | A compromised web child process could disable web security opening res ... |
| CVE-2023-6873 | Memory safety bugs present in Firefox 120. Some of these bugs showed e ... |
| CVE-2023-6872 | Browser tab titles were being leaked by GNOME to system logs. This cou ... |
| CVE-2023-6871 | Under certain conditions, Firefox did not display a warning when a use ... |
| CVE-2023-6870 | Applications which spawn a Toast notification in a background thread m ... |
| CVE-2023-6869 | A `<dialog>` element could have been manipulated to paint content o ... |
| CVE-2023-6868 | In some instances, the user-agent would allow push requests which lack ... |
| CVE-2023-6867 | The timing of a button click causing a popup to disappear was approxim ... |
| CVE-2023-6866 | TypedArrays can be fallible and lacked proper exception handling. This ... |
| CVE-2023-6865 | `EncryptingOutputStream` was susceptible to exposing uninitialized dat ... |
| CVE-2023-6864 | Memory safety bugs present in Firefox 120, Firefox ESR 115.5, and Thun ... |
| CVE-2023-6863 | The `ShutdownObserver()` was susceptible to potentially undefined beha ... |
| CVE-2023-6861 | The `nsWindow::PickerOpen(void)` method was susceptible to a heap buff ... |
| CVE-2023-6860 | The `VideoBridge` allowed any content process to use textures produced ... |
| CVE-2023-6859 | A use-after-free condition affected TLS socket creation when under mem ... |
| CVE-2023-6858 | Firefox was susceptible to a heap buffer overflow in `nsTextFragment` ... |
| CVE-2023-6857 | When resolving a symlink, a race may occur where the buffer passed to ... |
| CVE-2023-6856 | The WebGL `DrawElementsInstanced` method was susceptible to a heap buf ... |
| CVE-2023-6213 | Memory safety bugs present in Firefox 119. Some of these bugs showed e ... |
| CVE-2023-6212 | Memory safety bugs present in Firefox 119, Firefox ESR 115.4, and Thun ... |
| CVE-2023-6211 | If an attacker needed a user to load an insecure http: page and knew t ... |
| CVE-2023-6210 | When an https: web page created a pop-up from a "javascript:" URL, tha ... |
| CVE-2023-6209 | Relative URLs starting with three slashes were incorrectly parsed, and ... |
| CVE-2023-6208 | When using X11, text selected by the page using the Selection API was ... |
| CVE-2023-6207 | Ownership mismanagement led to a use-after-free in ReadableByteStreams ... |
| CVE-2023-6206 | The black fade animation when exiting fullscreen is roughly the length ... |
| CVE-2023-6205 | It was possible to cause the use of a MessagePort after it had already ... |
| CVE-2023-6204 | On some systems\u2014depending on the graphics settings and drivers\u2 ... |
| CVE-2023-6135 | Multiple NSS NIST curves were susceptible to a side-channel attack kno ... |
| CVE-2023-5758 | When opening a page in reader mode, the redirect URL could have caused ... |
| CVE-2023-5731 | Memory safety bugs present in Firefox 118. Some of these bugs showed e ... |
| CVE-2023-5730 | Memory safety bugs present in Firefox 118, Firefox ESR 115.3, and Thun ... |
| CVE-2023-5729 | A malicious web site can enter fullscreen mode while simultaneously tr ... |
| CVE-2023-5728 | During garbage collection extra operations were performed on a object ... |
| CVE-2023-5727 | The executable file warning was not presented when downloading .msix, ... |
| CVE-2023-5726 | A website could have obscured the full screen notification by using th ... |
| CVE-2023-5725 | A malicious installed WebExtension could open arbitrary URLs, which un ... |
| CVE-2023-5724 | Drivers are not always robust to extremely large draw calls and in som ... |
| CVE-2023-5723 | An attacker with temporary script access to a site could have set a co ... |
| CVE-2023-5722 | Using iterative requests an attacker was able to learn the size of an ... |
| CVE-2023-5721 | It was possible for certain browser prompts and dialogs to be activate ... |
| CVE-2023-5388 | NSS was susceptible to a timing side-channel attack when performing RS ... |
| CVE-2023-5176 | Memory safety bugs present in Firefox 117, Firefox ESR 115.2, and Thun ... |
| CVE-2023-5175 | During process shutdown, it was possible that an `ImageBitmap` was cre ... |
| CVE-2023-5174 | If Windows failed to duplicate a handle during process creation, the s ... |
| CVE-2023-5173 | In a non-standard configuration of Firefox, an integer overflow could ... |
| CVE-2023-5172 | A hashtable in the Ion Engine could have been mutated while there was ... |
| CVE-2023-5171 | During Ion compilation, a Garbage Collection could have resulted in a ... |
| CVE-2023-5170 | In canvas rendering, a compromised content process could have caused a ... |
| CVE-2023-5169 | A compromised content process could have provided malicious data in a ... |
| CVE-2023-5168 | A compromised content process could have provided malicious data to `F ... |
| CVE-2023-4863 | Heap buffer overflow in libwebp in Google Chrome prior to 116.0.5845.1 ... |
| CVE-2023-4585 | Memory safety bugs present in Firefox 116, Firefox ESR 115.1, and Thun ... |
| CVE-2023-4584 | Memory safety bugs present in Firefox 116, Firefox ESR 102.14, Firefox ... |
| CVE-2023-4583 | When checking if the Browsing Context had been discarded in `HttpBaseC ... |
| CVE-2023-4582 | Due to large allocation checks in Angle for glsl shaders being too len ... |
| CVE-2023-4581 | Excel `.xll` add-in files did not have a blocklist entry in Firefox's ... |
| CVE-2023-4580 | Push notifications stored on disk in private browsing mode were not be ... |
| CVE-2023-4579 | Search queries in the default search engine could appear to have been ... |
| CVE-2023-4578 | When calling `JS::CheckRegExpSyntax` a Syntax Error could have been se ... |
| CVE-2023-4577 | When `UpdateRegExpStatics` attempted to access `initialStringHeap` it ... |
| CVE-2023-4576 | On Windows, an integer overflow could occur in `RecordedSourceSurfaceC ... |
| CVE-2023-4575 | When creating a callback over IPC for showing the File Picker window, ... |
| CVE-2023-4574 | When creating a callback over IPC for showing the Color Picker window, ... |
| CVE-2023-4573 | When receiving rendering data over IPC `mStream` could have been destr ... |
| CVE-2023-4058 | Memory safety bugs present in Firefox 115. Some of these bugs showed e ... |
| CVE-2023-4057 | Memory safety bugs present in Firefox 115, Firefox ESR 115.0, and Thun ... |
| CVE-2023-4056 | Memory safety bugs present in Firefox 115, Firefox ESR 115.0, Firefox ... |
| CVE-2023-4055 | When the number of cookies per domain was exceeded in `document.cookie ... |
| CVE-2023-4054 | When opening appref-ms files, Firefox did not warn the user that these ... |
| CVE-2023-4053 | A website could have obscured the full screen notification by using a ... |
| CVE-2023-4052 | The Firefox updater created a directory writable by non-privileged use ... |
| CVE-2023-4051 | A website could have obscured the full screen notification by using th ... |
| CVE-2023-4050 | In some cases, an untrusted input stream was copied to a stack buffer ... |
| CVE-2023-4049 | Race conditions in reference counting code were found through code ins ... |
| CVE-2023-4048 | An out-of-bounds read could have led to an exploitable crash when pars ... |
| CVE-2023-4047 | A bug in popup notifications delay calculation could have made it poss ... |
| CVE-2023-4046 | In some circumstances, a stale value could have been used for a global ... |
| CVE-2023-4045 | Offscreen Canvas did not properly track cross-origin tainting, which c ... |
| CVE-2023-3600 | During the worker lifecycle, a use-after-free condition could have occ ... |
| CVE-2023-3482 | When Firefox is configured to block storage of all cookies, it was sti ... |
| CVE-2023-1999 | There exists a use after free/double free in libwebp. An attacker can ... |
| CVE-2023-0767 | An attacker could construct a PKCS 12 cert bundle in such a way that c ... |
| CVE-2022-46885 | Mozilla developers Timothy Nikkel, Ashley Hale, and the Mozilla Fuzzin ... |
| CVE-2022-46884 | A potential use-after-free vulnerability existed in SVG Images if the ... |
| CVE-2022-46883 | Mozilla developers Gabriele Svelto, Yulia Startsev, Andrew McCreight a ... |
| CVE-2022-46882 | A use-after-free in WebGL extensions could have led to a potentially e ... |
| CVE-2022-46881 | An optimization in WebGL was incorrect in some cases, and could have l ... |
| CVE-2022-46880 | A missing check related to tex units could have led to a use-after-fre ... |
| CVE-2022-46879 | Mozilla developers and community members Lukas Bernhard, Gabriele Svel ... |
| CVE-2022-46878 | Mozilla developers Randell Jesup, Valentin Gosu, Olli Pettay, and the ... |
| CVE-2022-46877 | By confusing the browser, the fullscreen notification could have been ... |
| CVE-2022-46875 | The executable file warning was not presented when downloading .atloc ... |
| CVE-2022-46874 | A file with a long filename could have had its filename truncated to r ... |
| CVE-2022-46873 | Because Firefox did not implement the <code>unsafe-hashes</code> CSP d ... |
| CVE-2022-46872 | An attacker who compromised a content process could have partially esc ... |
| CVE-2022-46871 | An out of date library (libusrsctp) contained vulnerabilities that cou ... |
| CVE-2022-45421 | Mozilla developers Andrew McCreight and Gabriele Svelto reported memor ... |
| CVE-2022-45420 | Use tables inside of an iframe, an attacker could have caused iframe c ... |
| CVE-2022-45419 | If the user added a security exception for an invalid TLS certificate, ... |
| CVE-2022-45418 | If a custom mouse cursor is specified in CSS, under certain circumstan ... |
| CVE-2022-45417 | Service Workers did not detect Private Browsing Mode correctly in all ... |
| CVE-2022-45416 | Keyboard events reference strings like "KeyA" that were at fixed, know ... |
| CVE-2022-45415 | When downloading an HTML file, if the title of the page was formatted ... |
| CVE-2022-45413 | Using the <code>S.browser_fallback_url parameter</code> parameter, an ... |
| CVE-2022-45412 | When resolving a symlink such as <code>file:///proc/self/fd/1</code>, ... |
| CVE-2022-45411 | Cross-Site Tracing occurs when a server will echo a request back via t ... |
| CVE-2022-45410 | When a ServiceWorker intercepted a request with <code>FetchEvent</code ... |
| CVE-2022-45409 | The garbage collector could have been aborted in several states and zo ... |
| CVE-2022-45408 | Through a series of popups that reuse windowName, an attacker can caus ... |
| CVE-2022-45407 | If an attacker loaded a font using <code>FontFace()</code> on a backgr ... |
| CVE-2022-45406 | If an out-of-memory condition occurred when creating a JavaScript glob ... |
| CVE-2022-45405 | Freeing arbitrary <code>nsIInputStream</code>'s on a different thread ... |
| CVE-2022-45404 | Through a series of popup and <code>window.print()</code> calls, an at ... |
| CVE-2022-45403 | Service Workers should not be able to infer information about opaque c ... |
| CVE-2022-42932 | Mozilla developers Ashley Hale and the Mozilla Fuzzing Team reported m ... |
| CVE-2022-42931 | Logins saved by Firefox should be managed by the Password Manager comp ... |
| CVE-2022-42930 | If two Workers were simultaneously initializing their CacheStorage, a ... |
| CVE-2022-42929 | If a website called `window.print()` in a particular way, it could cau ... |
| CVE-2022-42928 | Certain types of allocations were missing annotations that, if the Gar ... |
| CVE-2022-42927 | A same-origin policy violation could have allowed the theft of cross-o ... |
| CVE-2022-40962 | Mozilla developers Nika Layzell, Timothy Nikkel, Sebastian Hengst, And ... |
| CVE-2022-40961 | During startup, a graphics driver with an unexpected name could lead t ... |
| CVE-2022-40960 | Concurrent use of the URL parser with non-UTF-8 data was not thread-sa ... |
| CVE-2022-40959 | During iframe navigation, certain pages did not have their FeaturePoli ... |
| CVE-2022-40958 | By injecting a cookie with certain special characters, an attacker on ... |
| CVE-2022-40957 | Inconsistent data in instruction and data cache when creating wasm cod ... |
| CVE-2022-40956 | When injecting an HTML base element, some requests would ignore the CS ... |
| CVE-2022-38478 | Members the Mozilla Fuzzing Team reported memory safety bugs present i ... |
| CVE-2022-38477 | Mozilla developer Nika Layzell and the Mozilla Fuzzing Team reported m ... |
| CVE-2022-38475 | An attacker could have written a value to the first element in a zero- ... |
| CVE-2022-38474 | A website that had permission to access the microphone could record au ... |
| CVE-2022-38473 | A cross-origin iframe referencing an XSLT document would inherit the p ... |
| CVE-2022-38472 | An attacker could have abused XSLT error handling to associate attacke ... |
| CVE-2022-36320 | Mozilla developers and the Mozilla Fuzzing Team reported memory safety ... |
| CVE-2022-36319 | When combining CSS properties for overflow and transform, the mouse cu ... |
| CVE-2022-36318 | When visiting directory listings for `chrome://` URLs as source text, ... |
| CVE-2022-36317 | When visiting a website with an overly long URL, the user interface wo ... |
| CVE-2022-36316 | When using the Performance API, an attacker was able to notice subtle ... |
| CVE-2022-36315 | When loading a script with Subresource Integrity, attackers with an in ... |
| CVE-2022-36314 | When opening a Windows shortcut from the local filesystem, an attacker ... |
| CVE-2022-34485 | Mozilla developers Bryce Seager van Dyk and the Mozilla Fuzzing Team r ... |
| CVE-2022-34484 | The Mozilla Fuzzing Team reported potential vulnerabilities present in ... |
| CVE-2022-34483 | An attacker who could have convinced a user to drag and drop an image ... |
| CVE-2022-34482 | An attacker who could have convinced a user to drag and drop an image ... |
| CVE-2022-34481 | In the <code>nsTArray_Impl::ReplaceElementsAt()</code> function, an in ... |
| CVE-2022-34480 | Within the <code>lg_init()</code> function, if several allocations suc ... |
| CVE-2022-34479 | A malicious website that could create a popup could have resized the p ... |
| CVE-2022-34478 | The <code>ms-msdt</code>, <code>search</code>, and <code>search-ms</co ... |
| CVE-2022-34477 | The MediaError message property should be consistent to avoid leaking ... |
| CVE-2022-34476 | ASN.1 parsing of an indefinite SEQUENCE inside an indefinite GROUP cou ... |
| CVE-2022-34475 | SVG <code><use></code> tags that referenced a same-origin docume ... |
| CVE-2022-34474 | Even when an iframe was sandboxed with <code>allow-top-navigation-by-u ... |
| CVE-2022-34473 | The HTML Sanitizer should have sanitized the <code>href</code> attribu ... |
| CVE-2022-34472 | If there was a PAC URL set and the server that hosts the PAC was not r ... |
| CVE-2022-34471 | When downloading an update for an addon, the downloaded addon update's ... |
| CVE-2022-34470 | Session history navigations may have led to a use-after-free and poten ... |
| CVE-2022-34469 | When a TLS Certificate error occurs on a domain protected by the HSTS ... |
| CVE-2022-34468 | An iframe that was not permitted to run scripts could do so if the use ... |
| CVE-2022-31748 | Mozilla developers Gabriele Svelto, Timothy Nikkel, Randell Jesup, Jon ... |
| CVE-2022-31747 | Mozilla developers Andrew McCreight, Nicolas B. Pierron, and the Mozil ... |
| CVE-2022-31746 | Internal URLs are protected by a secret UUID key, which could have bee ... |
| CVE-2022-31745 | If array shift operations are not used, the Garbage Collector may have ... |
| CVE-2022-31744 | An attacker could have injected CSS into stylesheets accessible via in ... |
| CVE-2022-31743 | Firefox's HTML parser did not correctly interpret HTML comment tags, r ... |
| CVE-2022-31742 | An attacker could have exploited a timing attack by sending a large nu ... |
| CVE-2022-31741 | A crafted CMS message could have been processed incorrectly, leading t ... |
| CVE-2022-31740 | On arm64, WASM code could have resulted in incorrect assembly generati ... |
| CVE-2022-31739 | When downloading files on Windows, the % character was not escaped, wh ... |
| CVE-2022-31738 | When exiting fullscreen mode, an iframe could have confused the browse ... |
| CVE-2022-31737 | A malicious webpage could have caused an out-of-bounds write in WebGL, ... |
| CVE-2022-31736 | A malicious website could have learned the size of a cross-origin reso ... |
| CVE-2022-29918 | Mozilla developers Gabriele Svelto, Randell Jesup and the Mozilla Fuzz ... |
| CVE-2022-29917 | Mozilla developers Andrew McCreight, Gabriele Svelto, Tom Ritter and t ... |
| CVE-2022-29916 | Firefox behaved slightly differently for already known resources when ... |
| CVE-2022-29915 | The Performance API did not properly hide the fact whether a request c ... |
| CVE-2022-29914 | When reusing existing popups Firefox would have allowed them to cover ... |
| CVE-2022-29912 | Requests initiated through reader mode did not properly omit cookies w ... |
| CVE-2022-29911 | An improper implementation of the new iframe sandbox keyword <code>all ... |
| CVE-2022-29910 | When closed or sent to the background, Firefox for Android would not p ... |
| CVE-2022-29909 | Documents in deeply-nested cross-origin browsing contexts could have o ... |
| CVE-2022-28289 | Mozilla developers and community members Nika Layzell, Andrew McCreigh ... |
| CVE-2022-28288 | Mozilla developers and community members Randell Jesup, Sebastian Heng ... |
| CVE-2022-28287 | In unusual circumstances, selecting text could cause text selection ca ... |
| CVE-2022-28286 | Due to a layout change, iframe contents could have been rendered outsi ... |
| CVE-2022-28285 | When generating the assembly code for <code>MLoadTypedArrayElementHole ... |
| CVE-2022-28284 | SVG's <code><use></code> element could have been used to load un ... |
| CVE-2022-28283 | The sourceMapURL feature in devtools was missing security checks that ... |
| CVE-2022-28282 | By using a link with <code>rel="localization"</code> a use-after-free ... |
| CVE-2022-28281 | If a compromised content process sent an unexpected number of WebAuthN ... |
| CVE-2022-26486 | An unexpected message in the WebGPU IPC framework could lead to a use- ... |
| CVE-2022-26485 | Removing an XSLT parameter during processing could have lead to an exp ... |
| CVE-2022-26387 | When installing an add-on, Firefox verified the signature before promp ... |
| CVE-2022-26385 | In unusual circumstances, an individual thread may outlive the thread' ... |
| CVE-2022-26384 | If an attacker could control the contents of an iframe sandboxed with ... |
| CVE-2022-26383 | When resizing a popup after requesting fullscreen access, the popup wo ... |
| CVE-2022-26382 | While the text displayed in Autofill tooltips cannot be directly read ... |
| CVE-2022-26381 | An attacker could have caused a use-after-free by forcing a text reflo ... |
| CVE-2022-24713 | regex is an implementation of regular expressions for the Rust languag ... |
| CVE-2022-22764 | Mozilla developers Paul Adenot and the Mozilla Fuzzing Team reported m ... |
| CVE-2022-22762 | Under certain circumstances, a JavaScript alert (or prompt) could have ... |
| CVE-2022-22761 | Web-accessible extension pages (pages with a moz-extension:// scheme) ... |
| CVE-2022-22760 | When importing resources using Web Workers, error messages would disti ... |
| CVE-2022-22759 | If a document created a sandboxed iframe without <code>allow-scripts</ ... |
| CVE-2022-22758 | When clicking on a tel: link, USSD codes, specified after a <code>\*</ ... |
| CVE-2022-22757 | Remote Agent, used in WebDriver, did not validate the Host or Origin h ... |
| CVE-2022-22756 | If a user was convinced to drag and drop an image to their desktop or ... |
| CVE-2022-22755 | By using XSL Transforms, a malicious webserver could have served a use ... |
| CVE-2022-22754 | If a user installed an extension of a particular type, the extension c ... |
| CVE-2022-22753 | A Time-of-Check Time-of-Use bug existed in the Maintenance (Updater) S ... |
| CVE-2022-22752 | Mozilla developers Christian Holler and Jason Kratzer reported memory ... |
| CVE-2022-22751 | Mozilla developers Calixte Denizet, Kershaw Chang, Christian Holler, J ... |
| CVE-2022-22750 | By generally accepting and passing resource handles across processes, ... |
| CVE-2022-22749 | When scanning QR codes, Firefox for Android would have allowed navigat ... |
| CVE-2022-22748 | Malicious websites could have confused Firefox into showing the wrong ... |
| CVE-2022-22747 | After accepting an untrusted certificate, handling an empty pkcs7 sequ ... |
| CVE-2022-22746 | A race condition could have allowed bypassing the fullscreen notificat ... |
| CVE-2022-22745 | Securitypolicyviolation events could have leaked cross-origin informat ... |
| CVE-2022-22744 | The constructed curl command from the "Copy as curl" feature in DevToo ... |
| CVE-2022-22743 | When navigating from inside an iframe while requesting fullscreen acce ... |
| CVE-2022-22742 | When inserting text while in edit mode, some characters might have lea ... |
| CVE-2022-22741 | When resizing a popup while requesting fullscreen access, the popup wo ... |
| CVE-2022-22740 | Certain network request objects were freed too early when releasing a ... |
| CVE-2022-22739 | Malicious websites could have tricked users into accepting launching a ... |
| CVE-2022-22738 | Applying a CSS filter effect could have accessed out of bounds memory. ... |
| CVE-2022-22737 | Constructing audio sinks could have lead to a race condition when play ... |
| CVE-2022-22736 | If Firefox was installed to a world-writable directory, a local privil ... |
| CVE-2022-3266 | An out-of-bounds read can occur when decoding H264 video. This results ... |
| CVE-2022-2505 | Mozilla developers and the Mozilla Fuzzing Team reported memory safety ... |
| CVE-2022-2205 | |
| CVE-2022-2200 | If an object prototype was corrupted by an attacker, they would have b ... |
| CVE-2022-1919 | Use after free in Codecs in Google Chrome prior to 101.0.4951.41 allow ... |
| CVE-2022-1887 | The search term could have been specified externally to trigger SQL in ... |
| CVE-2022-1802 | If an attacker was able to corrupt the methods of an Array object in J ... |
| CVE-2022-1529 | An attacker could have sent a message to the parent process where the ... |
| CVE-2022-1097 | <code>NSSToken</code> objects were referenced via direct points, and c ... |
| CVE-2022-0843 | Mozilla developers Kershaw Chang, Ryan VanderMeulen, and Randell Jesup ... |
| CVE-2022-0511 | Mozilla developers and community members Gabriele Svelto, Sebastian He ... |
| CVE-2021-43546 | It was possible to recreate previous cursor spoofing attacks against u ... |
| CVE-2021-43545 | Using the Location API in a loop could have caused severe application ... |
| CVE-2021-43544 | When receiving a URL through a SEND intent, Firefox would have searche ... |
| CVE-2021-43543 | Documents loaded with the CSP sandbox directive could have escaped the ... |
| CVE-2021-43542 | Using XMLHttpRequest, an attacker could have identified installed appl ... |
| CVE-2021-43541 | When invoking protocol handlers for external protocols, a supplied par ... |
| CVE-2021-43540 | WebExtensions with the correct permissions were able to create and ins ... |
| CVE-2021-43539 | Failure to correctly record the location of live pointers across wasm ... |
| CVE-2021-43538 | By misusing a race in our notification code, an attacker could have fo ... |
| CVE-2021-43537 | An incorrect type conversion of sizes from 64bit to 32bit integers all ... |
| CVE-2021-43536 | Under certain circumstances, asynchronous functions could have caused ... |
| CVE-2021-43535 | A use-after-free could have occured when an HTTP2 session object was r ... |
| CVE-2021-43534 | Mozilla developers and community members reported memory safety bugs p ... |
| CVE-2021-43533 | When parsing internationalized domain names, high bits of the characte ... |
| CVE-2021-43532 | The 'Copy Image Link' context menu action would copy the final image U ... |
| CVE-2021-43531 | When a user loaded a Web Extensions context menu, the Web Extension co ... |
| CVE-2021-43530 | A Universal XSS vulnerability was present in Firefox for Android resul ... |
| CVE-2021-38510 | The executable file warning was not presented when downloading .inetlo ... |
| CVE-2021-38509 | Due to an unusual sequence of attacker-controlled events, a Javascript ... |
| CVE-2021-38508 | By displaying a form validity message in the correct location at the s ... |
| CVE-2021-38507 | The Opportunistic Encryption feature of HTTP2 (RFC 8164) allows a conn ... |
| CVE-2021-38506 | Through a series of navigations, Firefox could have entered fullscreen ... |
| CVE-2021-38505 | Microsoft introduced a new feature in Windows 10 known as Cloud Clipbo ... |
| CVE-2021-38504 | When interacting with an HTML input element's file picker dialog with ... |
| CVE-2021-38503 | The iframe sandbox rules were not correctly applied to XSLT stylesheet ... |
| CVE-2021-38501 | Mozilla developers reported memory safety bugs present in Firefox 92 a ... |
| CVE-2021-38500 | Mozilla developers reported memory safety bugs present in Firefox 92 a ... |
| CVE-2021-38499 | Mozilla developers reported memory safety bugs present in Firefox 92. ... |
| CVE-2021-38498 | During process shutdown, a document could have caused a use-after-free ... |
| CVE-2021-38497 | Through use of reportValidity() and window.open(), a plain-text valida ... |
| CVE-2021-38496 | During operations on MessageTasks, a task may have been removed while ... |
| CVE-2021-38494 | Mozilla developers reported memory safety bugs present in Firefox 91. ... |
| CVE-2021-38493 | Mozilla developers reported memory safety bugs present in Firefox 91 a ... |
| CVE-2021-38492 | When delegating navigations to the operating system, Firefox would acc ... |
| CVE-2021-38491 | Mixed-content checks were unable to analyze opaque origins which led t ... |
| CVE-2021-32810 | crossbeam-deque is a package of work-stealing deques for building task ... |
| CVE-2021-30547 | Out of bounds write in ANGLE in Google Chrome prior to 91.0.4472.101 a ... |
| CVE-2021-29993 | Firefox for Android allowed navigations through the `intent://` protoc ... |
| CVE-2021-29991 | Firefox incorrectly accepted a newline in a HTTP/3 header, interpretti ... |
| CVE-2021-29990 | Mozilla developers and community members reported memory safety bugs p ... |
| CVE-2021-29989 | Mozilla developers reported memory safety bugs present in Firefox 90 a ... |
| CVE-2021-29988 | Firefox incorrectly treated an inline list-item element as a block ele ... |
| CVE-2021-29987 | After requesting multiple permissions, and closing the first permissio ... |
| CVE-2021-29986 | A suspected race condition when calling getaddrinfo led to memory corr ... |
| CVE-2021-29985 | A use-after-free vulnerability in media channels could have led to mem ... |
| CVE-2021-29984 | Instruction reordering resulted in a sequence of instructions that wou ... |
| CVE-2021-29983 | Firefox for Android could get stuck in fullscreen mode and not exit it ... |
| CVE-2021-29982 | Due to incorrect JIT optimization, we incorrectly interpreted data fro ... |
| CVE-2021-29981 | An issue present in lowering/register allocation could have led to obs ... |
| CVE-2021-29980 | Uninitialized memory in a canvas object could have caused an incorrect ... |
| CVE-2021-29977 | Mozilla developers reported memory safety bugs present in Firefox 89. ... |
| CVE-2021-29976 | Mozilla developers reported memory safety bugs present in code shared ... |
| CVE-2021-29975 | Through a series of DOM manipulations, a message, over which the attac ... |
| CVE-2021-29974 | When network partitioning was enabled, e.g. as a result of Enhanced Tr ... |
| CVE-2021-29973 | Password autofill was enabled without user interaction on insecure web ... |
| CVE-2021-29972 | A use-after-free vulnerability was found via testing, and traced to an ... |
| CVE-2021-29971 | If a user had granted a permission to a webpage and saved that grant, ... |
| CVE-2021-29970 | A malicious webpage could have triggered a use-after-free, memory corr ... |
| CVE-2021-29968 | When drawing text onto a canvas with WebRender disabled, an out of bou ... |
| CVE-2021-29967 | Mozilla developers reported memory safety bugs present in Firefox 88 a ... |
| CVE-2021-29966 | Mozilla developers reported memory safety bugs present in Firefox 88. ... |
| CVE-2021-29965 | A malicious website that causes an HTTP Authentication dialog to be sp ... |
| CVE-2021-29964 | A locally-installed hostile program could send `WM_COPYDATA` messages ... |
| CVE-2021-29963 | Address bar search suggestions in private browsing mode were re-using ... |
| CVE-2021-29962 | Firefox for Android would become unstable and hard-to-recover when a w ... |
| CVE-2021-29961 | When styling and rendering an oversized `<select>` element, Firefox di ... |
| CVE-2021-29960 | Firefox used to cache the last filename used for printing a file. When ... |
| CVE-2021-29959 | When a user has already allowed a website to access microphone and cam ... |
| CVE-2021-29958 | When a download was initiated, the client did not check whether it was ... |
| CVE-2021-29955 | A transient execution vulnerability, named Floating Point Value Inject ... |
| CVE-2021-29953 | A malicious webpage could have forced a Firefox for Android user into ... |
| CVE-2021-29952 | When Web Render components were destructed, a race condition could hav ... |
| CVE-2021-29947 | Mozilla developers and community members reported memory safety bugs p ... |
| CVE-2021-29946 | Ports that were written as an integer overflow above the bounds of a 1 ... |
| CVE-2021-29945 | The WebAssembly JIT could miscalculate the size of a return type, whic ... |
| CVE-2021-29944 | Lack of escaping allowed HTML injection when a webpage was viewed in R ... |
| CVE-2021-24002 | When a user clicked on an FTP URL containing encoded newline character ... |
| CVE-2021-24001 | A compromised content process could have performed session history man ... |
| CVE-2021-24000 | A race condition with requestPointerLock() and setTimeout() could have ... |
| CVE-2021-23999 | If a Blob URL was loaded through some unusual user interaction, it cou ... |
| CVE-2021-23998 | Through complicated navigations with new windows, an HTTP page could h ... |
| CVE-2021-23997 | Due to unexpected data type conversions, a use-after-free could have o ... |
| CVE-2021-23996 | By utilizing 3D CSS in conjunction with Javascript, content could have ... |
| CVE-2021-23995 | When Responsive Design Mode was enabled, it used references to objects ... |
| CVE-2021-23994 | A WebGL framebuffer was not initialized early enough, resulting in mem ... |
| CVE-2021-23988 | Mozilla developers reported memory safety bugs present in Firefox 86. ... |
| CVE-2021-23987 | Mozilla developers and community members reported memory safety bugs p ... |
| CVE-2021-23986 | A malicious extension with the 'search' permission could have installe ... |
| CVE-2021-23985 | If an attacker is able to alter specific about:config values (for exam ... |
| CVE-2021-23984 | A malicious extension could have opened a popup window lacking an addr ... |
| CVE-2021-23983 | By causing a transition on a parent node by removing a CSS rule, an in ... |
| CVE-2021-23982 | Using techniques that built on the slipstream research, a malicious we ... |
| CVE-2021-23981 | A texture upload of a Pixel Buffer Object could have confused the WebG ... |
| CVE-2021-23979 | Mozilla developers reported memory safety bugs present in Firefox 85. ... |
| CVE-2021-23978 | Mozilla developers reported memory safety bugs present in Firefox 85 a ... |
| CVE-2021-23977 | Firefox for Android suffered from a time-of-check-time-of-use vulnerab ... |
| CVE-2021-23976 | When accepting a malicious intent from other installed apps, Firefox f ... |
| CVE-2021-23975 | The developer page about:memory has a Measure function for exploring w ... |
| CVE-2021-23974 | The DOMParser API did not properly process '<noscript>' elements for e ... |
| CVE-2021-23973 | When trying to load a cross-origin resource in an audio/video context ... |
| CVE-2021-23972 | One phishing tactic on the web is to provide a link with HTTP Auth. Fo ... |
| CVE-2021-23971 | When processing a redirect with a conflicting Referrer-Policy, Firefox ... |
| CVE-2021-23970 | Context-specific code was included in a shared jump table; resulting i ... |
| CVE-2021-23969 | As specified in the W3C Content Security Policy draft, when creating a ... |
| CVE-2021-23968 | If Content Security Policy blocked frame navigation, the full destinat ... |
| CVE-2021-23965 | Mozilla developers reported memory safety bugs present in Firefox 84. ... |
| CVE-2021-23964 | Mozilla developers reported memory safety bugs present in Firefox 84 a ... |
| CVE-2021-23963 | When sharing geolocation during an active WebRTC share, Firefox could ... |
| CVE-2021-23962 | Incorrect use of the '<RowCountChanged>' method could have led to a us ... |
| CVE-2021-23961 | Further techniques that built on the slipstream research combined with ... |
| CVE-2021-23960 | Performing garbage collection on re-declared JavaScript variables resu ... |
| CVE-2021-23959 | An XSS bug in internal error pages could have led to various spoofing ... |
| CVE-2021-23958 | The browser could have been confused into transferring a screen sharin ... |
| CVE-2021-23957 | Navigations through the Android-specific `intent` URL scheme could hav ... |
| CVE-2021-23956 | An ambiguous file picker design could have confused users who intended ... |
| CVE-2021-23955 | The browser could have been confused into transferring a pointer lock ... |
| CVE-2021-23954 | Using the new logical assignment operators in a JavaScript switch stat ... |
| CVE-2021-23953 | If a user clicked into a specifically crafted PDF, the PDF reader coul ... |
| CVE-2021-4221 | If a domain name contained a RTL character, it would cause the domain ... |
| CVE-2021-4140 | It was possible to construct specific XSLT markup that would be able t ... |
| CVE-2021-4129 | Mozilla developers and community members Julian Hector, Randell Jesup, ... |
| CVE-2021-4128 | When transitioning in and out of fullscreen mode, a graphics object wa ... |
| CVE-2020-35114 | Mozilla developers reported memory safety bugs present in Firefox 83. ... |
| CVE-2020-35113 | Mozilla developers reported memory safety bugs present in Firefox 83 a ... |
| CVE-2020-35112 | If a user downloaded a file lacking an extension on Windows, and then ... |
| CVE-2020-35111 | When an extension with the proxy permission registered to receive <all ... |
| CVE-2020-26979 | When a user typed a URL in the address bar or the search bar and quick ... |
| CVE-2020-26978 | Using techniques that built on the slipstream research, a malicious we ... |
| CVE-2020-26977 | By attempting to connect a website using an unresponsive port, an atta ... |
| CVE-2020-26976 | When a HTTPS pages was embedded in a HTTP page, and there was a servic ... |
| CVE-2020-26975 | When a malicious application installed on the user's device broadcast ... |
| CVE-2020-26974 | When flex-basis was used on a table wrapper, a StyleGenericFlexBasis o ... |
| CVE-2020-26973 | Certain input to the CSS Sanitizer confused it, resulting in incorrect ... |
| CVE-2020-26972 | The lifecycle of IPC Actors allows managed actors to outlive their man ... |
| CVE-2020-26971 | Certain blit values provided by the user were not properly constrained ... |
| CVE-2020-26969 | Mozilla developers reported memory safety bugs present in Firefox 82. ... |
| CVE-2020-26968 | Mozilla developers reported memory safety bugs present in Firefox 82 a ... |
| CVE-2020-26967 | When listening for page changes with a Mutation Observer, a malicious ... |
| CVE-2020-26966 | Searching for a single word from the address bar caused an mDNS reques ... |
| CVE-2020-26965 | Some websites have a feature "Show Password" where clicking a button w ... |
| CVE-2020-26964 | If the Remote Debugging via USB feature was enabled in Firefox for And ... |
| CVE-2020-26963 | Repeated calls to the history and location interfaces could have been ... |
| CVE-2020-26962 | Cross-origin iframes that contained a login form could have been recog ... |
| CVE-2020-26961 | When DNS over HTTPS is in use, it intentionally filters RFC1918 and re ... |
| CVE-2020-26960 | If the Compact() method was called on an nsTArray, the array could hav ... |
| CVE-2020-26959 | During browser shutdown, reference decrementing could have occured on ... |
| CVE-2020-26958 | Firefox did not block execution of scripts with incorrect MIME types w ... |
| CVE-2020-26957 | OneCRL was non-functional in the new Firefox for Android due to a miss ... |
| CVE-2020-26956 | In some cases, removing HTML elements during sanitization would keep e ... |
| CVE-2020-26955 | When a user downloaded a file in Firefox for Android, if a cookie is s ... |
| CVE-2020-26954 | When accepting a malicious intent from other installed apps, Firefox f ... |
| CVE-2020-26953 | It was possible to cause the browser to enter fullscreen mode without ... |
| CVE-2020-26952 | Incorrect bookkeeping of functions inlined during JIT compilation coul ... |
| CVE-2020-26951 | A parsing and event loading mismatch in Firefox's SVG code could have ... |
| CVE-2020-26950 | In certain circumstances, the MCallGetProperty opcode can be emitted w ... |
| CVE-2020-16048 | Out of bounds read in ANGLE allowed a remote attacker to obtain sensit ... |
| CVE-2020-16044 | Use after free in WebRTC in Google Chrome prior to 88.0.4324.96 allowe ... |
| CVE-2020-16042 | Uninitialized Use in V8 in Google Chrome prior to 87.0.4280.88 allowed ... |
| CVE-2020-16012 | Side-channel information leakage in graphics in Google Chrome prior to ... |
| CVE-2020-15969 | Use after free in WebRTC in Google Chrome prior to 86.0.4240.75 allowe ... |
| CVE-2020-15684 | Mozilla developers reported memory safety bugs present in Firefox 81. ... |
| CVE-2020-15683 | Mozilla developers and community members reported memory safety bugs p ... |
| CVE-2020-15682 | When a link to an external protocol was clicked, a prompt was presente ... |
| CVE-2020-15681 | When multiple WASM threads had a reference to a module, and were looki ... |
| CVE-2020-15680 | If a valid external protocol handler was referenced in an image tag, t ... |
| CVE-2020-15678 | When recursing through graphical layers while scrolling, an iterator m ... |
| CVE-2020-15677 | By exploiting an Open Redirect vulnerability on a website, an attacker ... |
| CVE-2020-15676 | Firefox sometimes ran the onload handler for SVG elements that the DOM ... |
| CVE-2020-15675 | When processing surfaces, the lifetime may outlive a persistent buffer ... |
| CVE-2020-15674 | Mozilla developers reported memory safety bugs present in Firefox 80. ... |
| CVE-2020-15673 | Mozilla developers reported memory safety bugs present in Firefox 80 a ... |
| CVE-2020-15671 | When typing in a password under certain conditions, a race may have oc ... |
| CVE-2020-15670 | Mozilla developers reported memory safety bugs present in Firefox for ... |
| CVE-2020-15668 | A lock was missing when accessing a data structure and importing certi ... |
| CVE-2020-15667 | When processing a MAR update file, after the signature has been valida ... |
| CVE-2020-15666 | When trying to load a non-video in an audio/video context the exact st ... |
| CVE-2020-15665 | Firefox did not reset the address bar after the beforeunload dialog wa ... |
| CVE-2020-15664 | By holding a reference to the eval() function from an about:blank wind ... |
| CVE-2020-15663 | If Firefox is installed to a user-writable directory, the Mozilla Main ... |
| CVE-2020-15662 | A rogue webpage could override the injected WKUserScript used by the d ... |
| CVE-2020-15661 | A rogue webpage could override the injected WKUserScript used by the l ... |
| CVE-2020-15659 | Mozilla developers and community members reported memory safety bugs p ... |
| CVE-2020-15658 | The code for downloading files did not properly take care of special c ... |
| CVE-2020-15657 | Firefox could be made to load attacker-supplied DLL files from the ins ... |
| CVE-2020-15656 | JIT optimizations involving the Javascript arguments object could conf ... |
| CVE-2020-15655 | A redirected HTTP request which is observed or modified through a web ... |
| CVE-2020-15654 | When in an endless loop, a website specifying a custom cursor using CS ... |
| CVE-2020-15653 | An iframe sandbox element with the allow-popups flag could be bypassed ... |
| CVE-2020-15652 | By observing the stack trace for JavaScript errors in web workers, it ... |
| CVE-2020-15651 | A unicode RTL order character in the downloaded file name can be used ... |
| CVE-2020-15650 | Given an installed malicious file picker application, an attacker was ... |
| CVE-2020-15649 | Given an installed malicious file picker application, an attacker was ... |
| CVE-2020-15648 | Using object or embed tags, it was possible to frame other websites, e ... |
| CVE-2020-15647 | A Content Provider in Firefox for Android allowed local files accessib ... |
| CVE-2020-15254 | Crossbeam is a set of tools for concurrent programming. In crossbeam-c ... |
| CVE-2020-12426 | Mozilla developers and community members reported memory safety bugs p ... |
| CVE-2020-12425 | Due to confusion processing a hyphen character in Date.parse(), a one- ... |
| CVE-2020-12424 | When constructing a permission prompt for WebRTC, a URI was supplied f ... |
| CVE-2020-12423 | When the Windows DLL "webauthn.dll" was missing from the Operating Sys ... |
| CVE-2020-12422 | In non-standard configurations, a JPEG image created by JavaScript cou ... |
| CVE-2020-12421 | When performing add-on updates, certificate chains terminating in non- ... |
| CVE-2020-12420 | When trying to connect to a STUN server, a race condition could have c ... |
| CVE-2020-12419 | When processing callbacks that occurred during window flushing in the ... |
| CVE-2020-12418 | Manipulating individual parts of a URL object could have caused an out ... |
| CVE-2020-12417 | Due to confusion about ValueTags on JavaScript Objects, an object may ... |
| CVE-2020-12416 | A VideoStreamEncoder may have been freed in a race condition with Vide ... |
| CVE-2020-12415 | When "%2F" was present in a manifest URL, Firefox's AppCache behavior ... |
| CVE-2020-12414 | IndexedDB should be cleared when leaving private browsing mode and it ... |
| CVE-2020-12412 | By navigating a tab using the history API, an attacker could cause the ... |
| CVE-2020-12411 | Mozilla developers reported memory safety bugs present in Firefox 76. ... |
| CVE-2020-12410 | Mozilla developers reported memory safety bugs present in Firefox 76 a ... |
| CVE-2020-12409 | When using certain blank characters in a URL, they where incorrectly r ... |
| CVE-2020-12408 | When browsing a document hosted on an IP address, an attacker could in ... |
| CVE-2020-12407 | Mozilla Developer Nicolas Silva found that when using WebRender, Firef ... |
| CVE-2020-12406 | Mozilla Developer Iain Ireland discovered a missing type check during ... |
| CVE-2020-12405 | When browsing a malicious page, a race condition in our SharedWorkerSe ... |
| CVE-2020-12404 | For native-to-JS bridging the app requires a unique token to be passed ... |
| CVE-2020-12401 | During ECDSA signature generation, padding applied in the nonce design ... |
| CVE-2020-12400 | When converting coordinates from projective to affine, the modular inv ... |
| CVE-2020-12399 | NSS has shown timing differences when performing DSA signatures, which ... |
| CVE-2020-12396 | Mozilla developers and community members reported memory safety bugs p ... |
| CVE-2020-12395 | Mozilla developers and community members reported memory safety bugs p ... |
| CVE-2020-12394 | A logic flaw in our location bar implementation could have allowed a l ... |
| CVE-2020-12393 | The 'Copy as cURL' feature of Devtools' network tab did not properly e ... |
| CVE-2020-12392 | The 'Copy as cURL' feature of Devtools' network tab did not properly e ... |
| CVE-2020-12391 | Documents formed using data: URLs in an OBJECT element failed to inher ... |
| CVE-2020-12390 | Incorrect origin serialization of URLs with IPv6 addresses could lead ... |
| CVE-2020-12389 | The Firefox content processes did not sufficiently lockdown access con ... |
| CVE-2020-12388 | The Firefox content processes did not sufficiently lockdown access con ... |
| CVE-2020-12387 | A race condition when running shutdown code for Web Worker led to a us ... |
| CVE-2020-6831 | A buffer overflow could occur when parsing and validating SCTP chunks ... |
| CVE-2020-6830 | For native-to-JS bridging, the app requires a unique token to be passe ... |
| CVE-2020-6829 | When performing EC scalar point multiplication, the wNAF point multipl ... |
| CVE-2020-6826 | Mozilla developers Tyson Smith, Bob Clary, and Alexandru Michis report ... |
| CVE-2020-6825 | Mozilla developers and community members Tyson Smith and Christian Hol ... |
| CVE-2020-6824 | Initially, a user opens a Private Browsing Window and generates a pass ... |
| CVE-2020-6823 | A malicious extension could have called <code>browser.identity.launchW ... |
| CVE-2020-6822 | On 32-bit builds, an out of bounds write could have occurred when proc ... |
| CVE-2020-6821 | When reading from areas partially or fully outside the source resource ... |
| CVE-2020-6820 | Under certain conditions, when handling a ReadableStream, a race condi ... |
| CVE-2020-6819 | Under certain conditions, when running the nsDocShell destructor, a ra ... |
| CVE-2020-6815 | Mozilla developers reported memory safety and script safety bugs prese ... |
| CVE-2020-6814 | Mozilla developers reported memory safety bugs present in Firefox and ... |
| CVE-2020-6813 | When protecting CSS blocks with the nonce feature of Content Security ... |
| CVE-2020-6812 | The first time AirPods are connected to an iPhone, they become named a ... |
| CVE-2020-6811 | The 'Copy as cURL' feature of Devtools' network tab did not properly e ... |
| CVE-2020-6810 | After a website had entered fullscreen mode, it could have used a prev ... |
| CVE-2020-6809 | When a Web Extension had the all-urls permission and made a fetch requ ... |
| CVE-2020-6808 | When a JavaScript URL (javascript:) is evaluated and the result is a s ... |
| CVE-2020-6807 | When a device was changed while a stream was about to be destroyed, th ... |
| CVE-2020-6806 | By carefully crafting promise resolutions, it was possible to cause an ... |
| CVE-2020-6805 | When removing data about an origin whose tab was recently closed, a us ... |
| CVE-2020-6801 | Mozilla developers reported memory safety bugs present in Firefox 72. ... |
| CVE-2020-6800 | Mozilla developers and community members reported memory safety bugs p ... |
| CVE-2020-6799 | Command line arguments could have been injected during Firefox invocat ... |
| CVE-2020-6798 | If a template tag was used in a select tag, the parser could be confus ... |
| CVE-2020-6797 | By downloading a file with the .fileloc extension, a semi-privileged e ... |
| CVE-2020-6796 | A content process could have modified shared memory relating to crash ... |
| CVE-2020-6514 | Inappropriate implementation in WebRTC in Google Chrome prior to 84.0. ... |
| CVE-2020-6463 | Use after free in ANGLE in Google Chrome prior to 81.0.4044.122 allowe ... |
| CVE-2019-25136 | A compromised child process could have injected XBL Bindings into priv ... |
| CVE-2019-20503 | usrsctp before 2019-12-20 has out-of-bounds reads in sctp_load_address ... |
| CVE-2019-17026 | Incorrect alias information in IonMonkey JIT compiler for setting arra ... |
| CVE-2019-17025 | Mozilla developers reported memory safety bugs present in Firefox 71. ... |
| CVE-2019-17024 | Mozilla developers reported memory safety bugs present in Firefox 71 a ... |
| CVE-2019-17023 | After a HelloRetryRequest has been sent, the client may negotiate a lo ... |
| CVE-2019-17022 | When pasting a <style> tag from the clipboard into a rich text e ... |
| CVE-2019-17021 | During the initialization of a new content process, a race condition o ... |
| CVE-2019-17020 | If an XML file is served with a Content Security Policy and the XML fi ... |
| CVE-2019-17019 | When Python was installed on Windows, a python file being served with ... |
| CVE-2019-17018 | When in Private Browsing Mode on Windows 10, the Windows keyboard may ... |
| CVE-2019-17017 | Due to a missing case handling object types, a type confusion vulnerab ... |
| CVE-2019-17016 | When pasting a <style> tag from the clipboard into a rich text e ... |
| CVE-2019-17015 | During the initialization of a new content process, a pointer offset c ... |
| CVE-2019-17014 | If an image had not loaded correctly (such as when it is not actually ... |
| CVE-2019-17013 | Mozilla developers reported memory safety bugs present in Firefox 70. ... |
| CVE-2019-17012 | Mozilla developers reported memory safety bugs present in Firefox 70 a ... |
| CVE-2019-17011 | Under certain conditions, when retrieving a document from a DocShell i ... |
| CVE-2019-17010 | Under certain conditions, when checking the Resist Fingerprinting pref ... |
| CVE-2019-17009 | When running, the updater service wrote status and log files to an unr ... |
| CVE-2019-17008 | When using nested workers, a use-after-free could occur during worker ... |
| CVE-2019-17005 | The plain text serializer used a fixed-size array for the number of <o ... |
| CVE-2019-17002 | If upgrade-insecure-requests was specified in the Content Security Pol ... |
| CVE-2019-17001 | A Content-Security-Policy that blocks in-line scripts could be bypasse ... |
| CVE-2019-17000 | An object tag with a data URI did not correctly inherit the document's ... |
| CVE-2019-15903 | In libexpat before 2.2.8, crafted XML input could fool the parser into ... |
| CVE-2019-13722 | Inappropriate implementation in WebRTC in Google Chrome prior to 79.0. ... |
| CVE-2019-13075 | Tor Browser through 8.5.3 has an information exposure vulnerability. I ... |
| CVE-2019-11765 | A compromised content process could send a message to the parent proce ... |
| CVE-2019-11764 | Mozilla developers and community members reported memory safety bugs p ... |
| CVE-2019-11763 | Failure to correctly handle null bytes when processing HTML entities r ... |
| CVE-2019-11762 | If two same-origin documents set document.domain differently to become ... |
| CVE-2019-11761 | By using a form with a data URI it was possible to gain access to the ... |
| CVE-2019-11760 | A fixed-size stack buffer could overflow in nrappkit when doing WebRTC ... |
| CVE-2019-11759 | An attacker could have caused 4 bytes of HMAC output to be written pas ... |
| CVE-2019-11757 | When following the value's prototype chain, it was possible to retain ... |
| CVE-2019-11756 | Improper refcounting of soft token session objects could cause a use-a ... |
| CVE-2019-11754 | When the pointer lock is enabled by a website though requestPointerLoc ... |
| CVE-2019-11753 | The Firefox installer allows Firefox to be installed to a custom user ... |
| CVE-2019-11752 | It is possible to delete an IndexedDB key value and subsequently try t ... |
| CVE-2019-11751 | Logging-related command line parameters are not properly sanitized whe ... |
| CVE-2019-11750 | A type confusion vulnerability exists in Spidermonkey, which results i ... |
| CVE-2019-11749 | A vulnerability exists in WebRTC where malicious web content can use p ... |
| CVE-2019-11748 | WebRTC in Firefox will honor persisted permissions given to sites for ... |
| CVE-2019-11747 | The "Forget about this site" feature in the History pane is intended t ... |
| CVE-2019-11746 | A use-after-free vulnerability can occur while manipulating video elem ... |
| CVE-2019-11744 | Some HTML elements, such as <title> and <textarea>, can co ... |
| CVE-2019-11743 | Navigation events were not fully adhering to the W3C's "Navigation-Tim ... |
| CVE-2019-11742 | A same-origin policy violation occurs allowing the theft of cross-orig ... |
| CVE-2019-11741 | A compromised sandboxed content process can perform a Universal Cross- ... |
| CVE-2019-11740 | Mozilla developers and community members reported memory safety bugs p ... |
| CVE-2019-11738 | If a Content Security Policy (CSP) directive is defined that uses a ha ... |
| CVE-2019-11737 | If a wildcard ('*') is specified for the host in Content Security Poli ... |
| CVE-2019-11736 | The Mozilla Maintenance Service does not guard against files being har ... |
| CVE-2019-11735 | Mozilla developers and community members reported memory safety bugs p ... |
| CVE-2019-11734 | Mozilla developers and community members reported memory safety bugs p ... |
| CVE-2019-11733 | When a master password is set, it is required to be entered again befo ... |
| CVE-2019-11730 | A vulnerability exists where if a user opens a locally saved HTML file ... |
| CVE-2019-11729 | Empty or malformed p256-ECDH public keys may trigger a segmentation fa ... |
| CVE-2019-11728 | The HTTP Alternative Services header, Alt-Svc, can be used by a malici ... |
| CVE-2019-11727 | A vulnerability exists where it possible to force Network Security Ser ... |
| CVE-2019-11725 | When a user navigates to site marked as unsafe by the Safebrowsing API ... |
| CVE-2019-11724 | Application permissions give additional remote troubleshooting permiss ... |
| CVE-2019-11723 | A vulnerability exists during the installation of add-ons where the in ... |
| CVE-2019-11721 | The unicode latin 'kra' character can be used to spoof a standard 'k' ... |
| CVE-2019-11720 | Some unicode characters are incorrectly treated as whitespace during t ... |
| CVE-2019-11719 | When importing a curve25519 private key in PKCS#8format with leading 0 ... |
| CVE-2019-11718 | Activity Stream can display content from sent from the Snippet Service ... |
| CVE-2019-11717 | A vulnerability exists where the caret ("^") character is improperly e ... |
| CVE-2019-11716 | Until explicitly accessed by script, window.globalThis is not enumerab ... |
| CVE-2019-11715 | Due to an error while parsing page content, it is possible for properl ... |
| CVE-2019-11714 | Necko can access a child on the wrong thread during UDP connections, r ... |
| CVE-2019-11713 | A use-after-free vulnerability can occur in HTTP/2 when a cached HTTP/ ... |
| CVE-2019-11712 | POST requests made by NPAPI plugins, such as Flash, that receive a sta ... |
| CVE-2019-11711 | When an inner window is reused, it does not consider the use of docume ... |
| CVE-2019-11710 | Mozilla developers and community members reported memory safety bugs p ... |
| CVE-2019-11709 | Mozilla developers and community members reported memory safety bugs p ... |
| CVE-2019-11708 | Insufficient vetting of parameters passed with the Prompt:Open IPC mes ... |
| CVE-2019-11707 | A type confusion vulnerability can occur when manipulating JavaScript ... |
| CVE-2019-11702 | A hyperlink using protocols associated with Internet Explorer, such as ... |
| CVE-2019-11701 | The default webcal: protocol handler will load a web site vulnerable t ... |
| CVE-2019-11700 | A hyperlink using the res: protocol can be used to open local files at ... |
| CVE-2019-11699 | A malicious page can briefly cause the wrong name to be highlighted as ... |
| CVE-2019-11698 | If a crafted hyperlink is dragged and dropped to the bookmark bar or s ... |
| CVE-2019-11697 | If the ALT and "a" keys are pressed when users receive an extension in ... |
| CVE-2019-11696 | Files with the .JNLP extension used for "Java web start" applications ... |
| CVE-2019-11695 | A custom cursor defined by scripting on a site can position itself ove ... |
| CVE-2019-11694 | A vulnerability exists in the Windows sandbox where an uninitialized v ... |
| CVE-2019-11693 | The bufferdata function in WebGL is vulnerable to a buffer overflow wi ... |
| CVE-2019-11692 | A use-after-free vulnerability can occur when listeners are removed fr ... |
| CVE-2019-11691 | A use-after-free vulnerability can occur when working with XMLHttpRequ ... |
| CVE-2019-9821 | A use-after-free vulnerability can occur in AssertWorkerThread due to ... |
| CVE-2019-9820 | A use-after-free vulnerability can occur in the chrome event handler w ... |
| CVE-2019-9819 | A vulnerability where a JavaScript compartment mismatch can occur whil ... |
| CVE-2019-9818 | A race condition is present in the crash generation server used to gen ... |
| CVE-2019-9817 | Images from a different domain can be read using a canvas object in so ... |
| CVE-2019-9816 | A possible vulnerability exists where type confusion can occur when ma ... |
| CVE-2019-9815 | If hyperthreading is not disabled, a timing attack vulnerability exist ... |
| CVE-2019-9814 | Mozilla developers and community members reported memory safety bugs p ... |
| CVE-2019-9813 | Incorrect handling of __proto__ mutations may lead to type confusion i ... |
| CVE-2019-9812 | Given a compromised sandboxed content process due to a separate vulner ... |
| CVE-2019-9811 | As part of a winning Pwn2Own entry, a researcher demonstrated a sandbo ... |
| CVE-2019-9810 | Incorrect alias information in IonMonkey JIT compiler for Array.protot ... |
| CVE-2019-9809 | If the source for resources on a page is through an FTP connection, it ... |
| CVE-2019-9808 | If WebRTC permission is requested from documents with data: or blob: U ... |
| CVE-2019-9807 | When arbitrary text is sent over an FTP connection and a page reload i ... |
| CVE-2019-9806 | A vulnerability exists during authorization prompting for FTP transact ... |
| CVE-2019-9805 | A latent vulnerability exists in the Prio library where data may be re ... |
| CVE-2019-9804 | In Firefox Developer Tools it is possible that pasting the result of t ... |
| CVE-2019-9803 | The Upgrade-Insecure-Requests (UIR) specification states that if UIR i ... |
| CVE-2019-9802 | If a Sandbox content process is compromised, it can initiate an FTP do ... |
| CVE-2019-9801 | Firefox will accept any registered Program ID as an external protocol ... |
| CVE-2019-9800 | Mozilla developers and community members reported memory safety bugs p ... |
| CVE-2019-9799 | Insufficient bounds checking of data during inter-process communicatio ... |
| CVE-2019-9798 | On Android systems, Firefox can load a library from APITRACE_LIB, whic ... |
| CVE-2019-9797 | Cross-origin images can be read in violation of the same-origin policy ... |
| CVE-2019-9796 | A use-after-free vulnerability can occur when the SMIL animation contr ... |
| CVE-2019-9795 | A vulnerability where type-confusion in the IonMonkey just-in-time (JI ... |
| CVE-2019-9794 | A vulnerability was discovered where specific command line arguments a ... |
| CVE-2019-9793 | A mechanism was discovered that removes some bounds checking for strin ... |
| CVE-2019-9792 | The IonMonkey just-in-time (JIT) compiler can leak an internal JS_OPTI ... |
| CVE-2019-9791 | The type inference system allows the compilation of functions that can ... |
| CVE-2019-9790 | A use-after-free vulnerability can occur when a raw pointer to a DOM e ... |
| CVE-2019-9789 | Mozilla developers and community members reported memory safety bugs p ... |
| CVE-2019-9788 | Mozilla developers and community members reported memory safety bugs p ... |
| CVE-2019-7317 | png_image_free in png.c in libpng 1.6.x before 1.6.37 has a use-after- ... |
| CVE-2019-5849 | Out of bounds read in Skia in Google Chrome prior to 75.0.3770.80 allo ... |
| CVE-2019-5785 | Incorrect convexity calculations in Skia in Google Chrome prior to 72. ... |
| CVE-2018-18511 | Cross-origin images can be read from a canvas element in violation of ... |
| CVE-2018-18510 | The about:crashcontent and about:crashparent pages can be triggered by ... |
| CVE-2018-18506 | When proxy auto-detection is enabled, if a web server serves a Proxy A ... |
| CVE-2018-18505 | An earlier fix for an Inter-process Communication (IPC) vulnerability, ... |
| CVE-2018-18504 | A crash and out-of-bounds read can occur when the buffer of a texture ... |
| CVE-2018-18503 | When JavaScript is used to create and manipulate an audio buffer, a po ... |
| CVE-2018-18502 | Mozilla developers and community members reported memory safety bugs p ... |
| CVE-2018-18501 | Mozilla developers and community members reported memory safety bugs p ... |
| CVE-2018-18500 | A use-after-free vulnerability can occur while parsing an HTML5 stream ... |
| CVE-2018-18499 | A same-origin policy violation allowing the theft of cross-origin URL ... |
| CVE-2018-18498 | A potential vulnerability leading to an integer overflow can occur dur ... |
| CVE-2018-18497 | Limitations on the URIs allowed to WebExtensions by the browser.window ... |
| CVE-2018-18496 | When the RSS Feed preview about:feeds page is framed within another pa ... |
| CVE-2018-18495 | WebExtension content scripts can be loaded into about: pages in some c ... |
| CVE-2018-18494 | A same-origin policy violation allowing the theft of cross-origin URL ... |
| CVE-2018-18493 | A buffer overflow can occur in the Skia library during buffer offset c ... |
| CVE-2018-18492 | A use-after-free vulnerability can occur after deleting a selection el ... |
| CVE-2018-18356 | An integer overflow in path handling lead to a use after free in Skia ... |
| CVE-2018-17466 | Incorrect texture handling in Angle in Google Chrome prior to 70.0.353 ... |
| CVE-2018-12407 | A buffer overflow occurs when drawing and validating elements with the ... |
| CVE-2018-12406 | Mozilla developers and community members reported memory safety bugs p ... |
| CVE-2018-12405 | Mozilla developers and community members reported memory safety bugs p ... |
| CVE-2018-12403 | If a site is loaded over a HTTPS connection but loads a favicon resour ... |
| CVE-2018-12402 | The internal WebBrowserPersist code does not use correct origin contex ... |
| CVE-2018-12401 | Some special resource URIs will cause a non-exploitable crash if loade ... |
| CVE-2018-12400 | In private browsing mode on Firefox for Android, favicons are cached i ... |
| CVE-2018-12399 | When a new protocol handler is registered, the API accepts a title arg ... |
| CVE-2018-12398 | By using the reflected URL in some special resource URIs, such as chro ... |
| CVE-2018-12397 | A WebExtension can request access to local files without the warning p ... |
| CVE-2018-12396 | A vulnerability where a WebExtension can run content scripts in disall ... |
| CVE-2018-12395 | By rewriting the Host: request headers using the webRequest API, a Web ... |
| CVE-2018-12393 | A potential vulnerability was found in 32-bit builds where an integer ... |
| CVE-2018-12392 | When manipulating user events in nested loops while opening a document ... |
| CVE-2018-12391 | During HTTP Live Stream playback on Firefox for Android, audio data ca ... |
| CVE-2018-12390 | Mozilla developers and community members reported memory safety bugs p ... |
| CVE-2018-12388 | Mozilla developers and community members reported memory safety bugs p ... |
| CVE-2018-12387 | A vulnerability where the JavaScript JIT compiler inlines Array.protot ... |
| CVE-2018-12386 | A vulnerability in register allocation in JavaScript can lead to type ... |
| CVE-2018-12385 | A potentially exploitable crash in TransportSecurityInfo used for SSL ... |
| CVE-2018-12383 | If a user saved passwords before Firefox 58 and then later set a maste ... |
| CVE-2018-12382 | The displayed addressbar URL can be spoofed on Firefox for Android usi ... |
| CVE-2018-12381 | Manually dragging and dropping an Outlook email message into the brows ... |
| CVE-2018-12379 | When the Mozilla Updater opens a MAR format file which contains a very ... |
| CVE-2018-12378 | A use-after-free vulnerability can occur when an IndexedDB index is de ... |
| CVE-2018-12377 | A use-after-free vulnerability can occur when refresh driver timers ar ... |
| CVE-2018-12376 | Memory safety bugs present in Firefox 61 and Firefox ESR 60.1. Some of ... |
| CVE-2018-12375 | Memory safety bugs present in Firefox 61. Some of these bugs showed ev ... |
| CVE-2018-12371 | An integer overflow vulnerability in the Skia library when allocating ... |
| CVE-2018-12370 | In Reader View SameSite cookie protections are not checked on exiting. ... |
| CVE-2018-12369 | WebExtensions bundled with embedded experiments were not correctly che ... |
| CVE-2018-12368 | Windows 10 does not warn users before opening executable files with th ... |
| CVE-2018-12367 | In the previous mitigations for Spectre, the resolution or precision o ... |
| CVE-2018-12366 | An invalid grid size during QCMS (color profile) transformations can r ... |
| CVE-2018-12365 | A compromised IPC child process can escape the content sandbox and lis ... |
| CVE-2018-12364 | NPAPI plugins, such as Adobe Flash, can send non-simple cross-origin r ... |
| CVE-2018-12363 | A use-after-free vulnerability can occur when script uses mutation eve ... |
| CVE-2018-12362 | An integer overflow can occur during graphics operations done by the S ... |
| CVE-2018-12361 | An integer overflow can occur in the SwizzleData code while calculatin ... |
| CVE-2018-12360 | A use-after-free vulnerability can occur when deleting an input elemen ... |
| CVE-2018-12359 | A buffer overflow can occur when rendering canvas content while adjust ... |
| CVE-2018-12358 | Service workers can use redirection to avoid the tainting of cross-ori ... |
| CVE-2018-6156 | Incorect derivation of a packet length in WebRTC in Google Chrome prio ... |
| CVE-2018-6126 | A precision error in Skia in Google Chrome prior to 67.0.3396.62 allow ... |
| CVE-2018-5188 | Memory safety bugs present in Firefox 60, Firefox ESR 60, and Firefox ... |
| CVE-2018-5187 | Memory safety bugs present in Firefox 60 and Firefox ESR 60. Some of t ... |
| CVE-2018-5186 | Memory safety bugs present in Firefox 60. Some of these bugs showed ev ... |
| CVE-2018-5182 | If a text string that happens to be a filename in the operating system ... |
| CVE-2018-5181 | If a URL using the "file:" protocol is dragged and dropped onto an ope ... |
| CVE-2018-5180 | A use-after-free vulnerability can occur during WebGL operations. Whil ... |
| CVE-2018-5177 | A vulnerability exists in XSLT during number formatting where a negati ... |
| CVE-2018-5176 | The JSON Viewer displays clickable hyperlinks for strings that are par ... |
| CVE-2018-5175 | A mechanism to bypass Content Security Policy (CSP) protections on sit ... |
| CVE-2018-5174 | In the Windows 10 April 2018 Update, Windows Defender SmartScreen hono ... |
| CVE-2018-5173 | The filename appearing in the "Downloads" panel improperly renders som ... |
| CVE-2018-5172 | The Live Bookmarks page and the PDF viewer can run injected script con ... |
| CVE-2018-5169 | If manipulated hyperlinked text with "chrome:" URL contained in it is ... |
| CVE-2018-5168 | Sites can bypass security checks on permissions to install lightweight ... |
| CVE-2018-5167 | The web console and JavaScript debugger do not sanitize all output tha ... |
| CVE-2018-5166 | WebExtensions can use request redirection and a "filterReponseData" fi ... |
| CVE-2018-5165 | In 32-bit versions of Firefox, the Adobe Flash plugin setting for "Ena ... |
| CVE-2018-5164 | Content Security Policy (CSP) is not applied correctly to all parts of ... |
| CVE-2018-5163 | If a malicious attacker has used another vulnerability to gain full co ... |
| CVE-2018-5160 | WebRTC can use a "WrappedI420Buffer" pixel buffer but the owning image ... |
| CVE-2018-5159 | An integer overflow can occur in the Skia library due to 32-bit intege ... |
| CVE-2018-5158 | The PDF viewer does not sufficiently sanitize PostScript calculator fu ... |
| CVE-2018-5157 | Same-origin protections for the PDF viewer can be bypassed, allowing a ... |
| CVE-2018-5156 | A vulnerability can occur when capturing a media stream when the media ... |
| CVE-2018-5155 | A use-after-free vulnerability can occur while adjusting layout during ... |
| CVE-2018-5154 | A use-after-free vulnerability can occur while enumerating attributes ... |
| CVE-2018-5153 | If websocket data is sent with mixed text and binary in a single messa ... |
| CVE-2018-5152 | WebExtensions with the appropriate permissions can attach content scri ... |
| CVE-2018-5151 | Memory safety bugs were reported in Firefox 59. Some of these bugs sho ... |
| CVE-2018-5150 | Memory safety bugs were reported in Firefox 59, Firefox ESR 52.7, and ... |
| CVE-2018-5148 | A use-after-free vulnerability can occur in the compositor during cert ... |
| CVE-2018-5147 | The libtremor library has the same flaw as CVE-2018-5146. This library ... |
| CVE-2018-5146 | An out of bounds memory write while processing Vorbis audio data was r ... |
| CVE-2018-5143 | URLs using "javascript:" have the protocol removed when pasted into th ... |
| CVE-2018-5142 | If Media Capture and Streams API permission is requested from document ... |
| CVE-2018-5141 | A vulnerability in the notifications Push API where notifications can ... |
| CVE-2018-5140 | Image for moz-icons can be accessed through the "moz-icon:" protocol t ... |
| CVE-2018-5138 | A spoofing vulnerability can occur when a malicious site with an extre ... |
| CVE-2018-5137 | A legacy extension's non-contentaccessible, defined resources can be l ... |
| CVE-2018-5136 | A shared worker created from a "data:" URL in one tab can be shared by ... |
| CVE-2018-5135 | WebExtensions can bypass normal restrictions in some circumstances and ... |
| CVE-2018-5134 | WebExtensions may use "view-source:" URLs to view local "file:" URL co ... |
| CVE-2018-5133 | If the "app.support.baseURL" preference is changed by a malicious loca ... |
| CVE-2018-5132 | The Find API for WebExtensions can search some privileged pages, such ... |
| CVE-2018-5131 | Under certain circumstances the "fetch()" API can return transient loc ... |
| CVE-2018-5130 | When packets with a mismatched RTP payload type are sent in WebRTC con ... |
| CVE-2018-5129 | A lack of parameter validation on IPC messages results in a potential ... |
| CVE-2018-5128 | A use-after-free vulnerability can occur when manipulating elements, e ... |
| CVE-2018-5127 | A buffer overflow can occur when manipulating the SVG "animatedPathSeg ... |
| CVE-2018-5126 | Memory safety bugs were reported in Firefox 58. Some of these bugs sho ... |
| CVE-2018-5125 | Memory safety bugs were reported in Firefox 58 and Firefox ESR 52.6. S ... |
| CVE-2018-5124 | Unsanitized output in the browser UI leaves HTML tags in place and can ... |
| CVE-2018-5122 | A potential integer overflow in the "DoCrypt" function of WebCrypto wa ... |
| CVE-2018-5121 | Low descenders on some Tibetan characters in several fonts on OS X are ... |
| CVE-2018-5119 | The reader view will display cross-origin content when CORS headers ar ... |
| CVE-2018-5118 | The screenshot images displayed in the Activity Stream page displayed ... |
| CVE-2018-5117 | If right-to-left text is used in the addressbar with left-to-right ali ... |
| CVE-2018-5116 | WebExtensions with the "ActiveTab" permission are able to access frame ... |
| CVE-2018-5115 | If an HTTP authentication prompt is triggered by a background network ... |
| CVE-2018-5114 | If an existing cookie is changed to be "HttpOnly" while a document is ... |
| CVE-2018-5113 | The "browser.identity.launchWebAuthFlow" function of WebExtensions is ... |
| CVE-2018-5112 | Development Tools panels of an extension are required to load URLs for ... |
| CVE-2018-5111 | When the text of a specially formatted URL is dragged to the addressba ... |
| CVE-2018-5110 | If cursor visibility is toggled by script using from 'none' to an imag ... |
| CVE-2018-5109 | An audio capture session can started under an incorrect origin from th ... |
| CVE-2018-5108 | A Blob URL can violate origin attribute segregation, allowing it to be ... |
| CVE-2018-5107 | The printing process can bypass local access protections to read files ... |
| CVE-2018-5106 | Style editor traffic in the Developer Tools can be routed through a se ... |
| CVE-2018-5105 | WebExtensions can bypass user prompts to first save and then open an a ... |
| CVE-2018-5104 | A use-after-free vulnerability can occur during font face manipulation ... |
| CVE-2018-5103 | A use-after-free vulnerability can occur during mouse event handling d ... |
| CVE-2018-5102 | A use-after-free vulnerability can occur when manipulating HTML media ... |
| CVE-2018-5101 | A use-after-free vulnerability can occur when manipulating floating "f ... |
| CVE-2018-5100 | A use-after-free vulnerability can occur when arguments passed to the ... |
| CVE-2018-5099 | A use-after-free vulnerability can occur when the widget listener is h ... |
| CVE-2018-5098 | A use-after-free vulnerability can occur when form input elements, foc ... |
| CVE-2018-5097 | A use-after-free vulnerability can occur during XSL transformations wh ... |
| CVE-2018-5095 | An integer overflow vulnerability in the Skia library when allocating ... |
| CVE-2018-5094 | A heap buffer overflow vulnerability may occur in WebAssembly when "sh ... |
| CVE-2018-5093 | A heap buffer overflow vulnerability may occur in WebAssembly during M ... |
| CVE-2018-5092 | A use-after-free vulnerability can occur when the thread for a Web Wor ... |
| CVE-2018-5091 | A use-after-free vulnerability can occur during WebRTC connections whe ... |
| CVE-2018-5090 | Memory safety bugs were reported in Firefox 57. Some of these bugs sho ... |
| CVE-2018-5089 | Memory safety bugs were reported in Firefox 57 and Firefox ESR 52.5. S ... |
| CVE-2017-16541 | Tor Browser before 7.0.9 on macOS and Linux allows remote attackers to ... |
| CVE-2017-7845 | A buffer overflow occurs when drawing and validating elements using Di ... |
| CVE-2017-7844 | A combination of an external SVG image referenced on a page and the co ... |
| CVE-2017-7843 | When Private Browsing mode is used, it is possible for a web worker to ... |
| CVE-2017-7842 | If a document's Referrer Policy attribute is set to "no-referrer" some ... |
| CVE-2017-7840 | JavaScript can be injected into an exported bookmarks file by placing ... |
| CVE-2017-7839 | Control characters prepended before "javascript:" URLs pasted in the a ... |
| CVE-2017-7838 | Punycode format text will be displayed for entire qualified internatio ... |
| CVE-2017-7837 | SVG loaded through "<img>" tags can use "<meta>" tags within the SVG d ... |
| CVE-2017-7836 | The "pingsender" executable used by the Firefox Health Report dynamica ... |
| CVE-2017-7835 | Mixed content blocking of insecure (HTTP) sub-resources in a secure (H ... |
| CVE-2017-7834 | A "data:" URL loaded in a new tab did not inherit the Content Security ... |
| CVE-2017-7833 | Some Arabic and Indic vowel marker characters can be combined with Lat ... |
| CVE-2017-7832 | The combined, single character, version of the letter 'i' with any of ... |
| CVE-2017-7831 | A vulnerability where the security wrapper does not deny access to som ... |
| CVE-2017-7830 | The Resource Timing API incorrectly revealed navigations in cross-orig ... |
| CVE-2017-7828 | A use-after-free vulnerability can occur when flushing and resizing la ... |
| CVE-2017-7827 | Memory safety bugs were reported in Firefox 56. Some of these bugs sho ... |
| CVE-2017-7826 | Memory safety bugs were reported in Firefox 56 and Firefox ESR 52.4. S ... |
| CVE-2017-7825 | Several fonts on OS X display some Tibetan and Arabic characters as wh ... |
| CVE-2017-7824 | A buffer overflow occurs when drawing and validating elements with the ... |
| CVE-2017-7823 | The content security policy (CSP) "sandbox" directive did not create a ... |
| CVE-2017-7822 | The AES-GCM implementation in WebCrypto API accepts 0-length IV when i ... |
| CVE-2017-7821 | A vulnerability where WebExtensions can download and attempt to open a ... |
| CVE-2017-7820 | The "instanceof" operator can bypass the Xray wrapper mechanism. When ... |
| CVE-2017-7819 | A use-after-free vulnerability can occur in design mode when image obj ... |
| CVE-2017-7818 | A use-after-free vulnerability can occur when manipulating arrays of A ... |
| CVE-2017-7817 | A spoofing vulnerability can occur when a page switches to fullscreen ... |
| CVE-2017-7816 | WebExtensions could use popups and panels in the extension UI to load ... |
| CVE-2017-7815 | On pages containing an iframe, the "data:" protocol can be used to cre ... |
| CVE-2017-7814 | File downloads encoded with "blob:" and "data:" URL elements bypassed ... |
| CVE-2017-7813 | Inside the JavaScript parser, a cast of an integer to a narrower type ... |
| CVE-2017-7812 | If web content on a page is dragged onto portions of the browser UI, s ... |
| CVE-2017-7811 | Memory safety bugs were reported in Firefox 55. Some of these bugs sho ... |
| CVE-2017-7810 | Memory safety bugs were reported in Firefox 55 and Firefox ESR 52.3. S ... |
| CVE-2017-7809 | A use-after-free vulnerability can occur when an editor DOM node is de ... |
| CVE-2017-7808 | A content security policy (CSP) "frame-ancestors" directive containing ... |
| CVE-2017-7807 | A mechanism that uses AppCache to hijack a URL in a domain using fallb ... |
| CVE-2017-7806 | A use-after-free vulnerability can occur when the layer manager is fre ... |
| CVE-2017-7805 | During TLS 1.2 exchanges, handshake hashes are generated which point t ... |
| CVE-2017-7804 | The destructor function for the "WindowsDllDetourPatcher" class can be ... |
| CVE-2017-7803 | When a page's content security policy (CSP) header contains a "sandbox ... |
| CVE-2017-7802 | A use-after-free vulnerability can occur when manipulating the DOM dur ... |
| CVE-2017-7801 | A use-after-free vulnerability can occur while re-computing layout for ... |
| CVE-2017-7800 | A use-after-free vulnerability can occur in WebSockets when the object ... |
| CVE-2017-7799 | JavaScript in the "about:webrtc" page is not sanitized properly being ... |
| CVE-2017-7798 | The Developer Tools feature suffers from a XUL injection vulnerability ... |
| CVE-2017-7797 | Response header name interning does not have same-origin protections a ... |
| CVE-2017-7796 | On Windows systems, the logger run by the Windows updater deletes the ... |
| CVE-2017-7794 | On Linux systems, if the content process is compromised, the sandbox b ... |
| CVE-2017-7793 | A use-after-free vulnerability can occur in the Fetch API when the wor ... |
| CVE-2017-7792 | A buffer overflow will occur when viewing a certificate in the certifi ... |
| CVE-2017-7791 | On pages containing an iframe, the "data:" protocol can be used to cre ... |
| CVE-2017-7790 | On Windows systems, if non-null-terminated strings are copied into the ... |
| CVE-2017-7789 | If a server sends two Strict-Transport-Security (STS) headers for a si ... |
| CVE-2017-7788 | When an "iframe" has a "sandbox" attribute and its content is specifie ... |
| CVE-2017-7787 | Same-origin policy protections can be bypassed on pages with embedded ... |
| CVE-2017-7786 | A buffer overflow can occur when the image renderer attempts to paint ... |
| CVE-2017-7785 | A buffer overflow can occur when manipulating Accessible Rich Internet ... |
| CVE-2017-7784 | A use-after-free vulnerability can occur when reading an image observe ... |
| CVE-2017-7783 | If a long user name is used in a username/password combination in a si ... |
| CVE-2017-7782 | An error in the "WindowsDllDetourPatcher" where a RWX ("Read/Write/Exe ... |
| CVE-2017-7781 | An error occurs in the elliptic curve point addition algorithm that us ... |
| CVE-2017-7780 | Memory safety bugs were reported in Firefox 54. Some of these bugs sho ... |
| CVE-2017-7779 | Memory safety bugs were reported in Firefox 54, Firefox ESR 52.2, and ... |
| CVE-2017-7778 | A number of security vulnerabilities in the Graphite 2 library includi ... |
| CVE-2017-7777 | Use of uninitialized memory in Graphite2 library in Firefox before 54 ... |
| CVE-2017-7776 | Heap-based Buffer Overflow read in Graphite2 library in Firefox before ... |
| CVE-2017-7774 | Out-of-bounds read in Graphite2 Library in Firefox before 54 in graphi ... |
| CVE-2017-7773 | Heap-based Buffer Overflow write in Graphite2 library in Firefox befor ... |
| CVE-2017-7772 | Heap-based Buffer Overflow in Graphite2 library in Firefox before 54 i ... |
| CVE-2017-7771 | Out-of-bounds read in Graphite2 Library in Firefox before 54 in graphi ... |
| CVE-2017-7770 | A mechanism where when a new tab is loaded through JavaScript events, ... |
| CVE-2017-7768 | The Mozilla Maintenance Service can be invoked by an unprivileged user ... |
| CVE-2017-7767 | The Mozilla Maintenance Service can be invoked by an unprivileged user ... |
| CVE-2017-7766 | An attack using manipulation of "updater.ini" contents, used by the Mo ... |
| CVE-2017-7765 | The "Mark of the Web" was not correctly saved on Windows when files wi ... |
| CVE-2017-7764 | Characters from the "Canadian Syllabics" unicode block can be mixed wi ... |
| CVE-2017-7763 | Default fonts on OS X display some Tibetan characters as whitespace. W ... |
| CVE-2017-7762 | When entered directly, Reader Mode did not strip the username and pass ... |
| CVE-2017-7761 | The Mozilla Maintenance Service "helper.exe" application creates a tem ... |
| CVE-2017-7760 | The Mozilla Windows updater modifies some files to be updated by readi ... |
| CVE-2017-7759 | Android intent URLs given to Firefox for Android can be used to naviga ... |
| CVE-2017-7758 | An out-of-bounds read vulnerability with the Opus encoder when the num ... |
| CVE-2017-7757 | A use-after-free vulnerability in IndexedDB when one of its objects is ... |
| CVE-2017-7756 | A use-after-free and use-after-scope vulnerability when logging errors ... |
| CVE-2017-7755 | The Firefox installer on Windows can be made to load malicious DLL fil ... |
| CVE-2017-7754 | An out-of-bounds read in WebGL with a maliciously crafted "ImageInfo" ... |
| CVE-2017-7753 | An out-of-bounds read occurs when applying style rules to pseudo-eleme ... |
| CVE-2017-7752 | A use-after-free vulnerability during specific user interactions with ... |
| CVE-2017-7751 | A use-after-free vulnerability with content viewer listeners that resu ... |
| CVE-2017-7750 | A use-after-free vulnerability during video control operations when a ... |
| CVE-2017-7749 | A use-after-free vulnerability when using an incorrect URL during the ... |
| CVE-2017-5472 | A use-after-free vulnerability with the frameloader during tree recons ... |
| CVE-2017-5471 | Memory safety bugs were reported in Firefox 53. Some of these bugs sho ... |
| CVE-2017-5470 | Memory safety bugs were reported in Firefox 53 and Firefox ESR 52.1. S ... |
| CVE-2017-5469 | Fixed potential buffer overflows in generated Firefox code due to CVE- ... |
| CVE-2017-5468 | An issue with incorrect ownership model of "privateBrowsing" informati ... |
| CVE-2017-5467 | A potential memory corruption and crash when using Skia content when d ... |
| CVE-2017-5466 | If a page is loaded from an original site through a hyperlink and cont ... |
| CVE-2017-5465 | An out-of-bounds read while processing SVG content in "ConvolvePixel". ... |
| CVE-2017-5464 | During DOM manipulations of the accessibility tree through script, the ... |
| CVE-2017-5463 | Android intents can be used to launch Firefox for Android in reader mo ... |
| CVE-2017-5462 | A flaw in DRBG number generation within the Network Security Services ... |
| CVE-2017-5461 | Mozilla Network Security Services (NSS) before 3.21.4, 3.22.x through ... |
| CVE-2017-5460 | A use-after-free vulnerability in frame selection triggered by a combi ... |
| CVE-2017-5459 | A buffer overflow in WebGL triggerable by web content, resulting in a ... |
| CVE-2017-5458 | When a "javascript:" URL is drag and dropped by a user into the addres ... |
| CVE-2017-5456 | A mechanism to bypass file system access protections in the sandbox us ... |
| CVE-2017-5455 | The internal feed reader APIs that crossed the sandbox barrier allowed ... |
| CVE-2017-5454 | A mechanism to bypass file system access protections in the sandbox to ... |
| CVE-2017-5453 | A mechanism to inject static HTML into the RSS reader preview page due ... |
| CVE-2017-5452 | Malicious sites can display a spoofed addressbar on a page when the ex ... |
| CVE-2017-5451 | A mechanism to spoof the addressbar through the user interaction on th ... |
| CVE-2017-5450 | A mechanism to spoof the Firefox for Android addressbar using a "javas ... |
| CVE-2017-5449 | A possibly exploitable crash triggered during layout and manipulation ... |
| CVE-2017-5448 | An out-of-bounds write in "ClearKeyDecryptor" while decrypting some Cl ... |
| CVE-2017-5447 | An out-of-bounds read during the processing of glyph widths during tex ... |
| CVE-2017-5446 | An out-of-bounds read when an HTTP/2 connection to a servers sends "DA ... |
| CVE-2017-5445 | A vulnerability while parsing "application/http-index-format" format c ... |
| CVE-2017-5444 | A buffer overflow vulnerability while parsing "application/http-index- ... |
| CVE-2017-5443 | An out-of-bounds write vulnerability while decoding improperly formed ... |
| CVE-2017-5442 | A use-after-free vulnerability during changes in style when manipulati ... |
| CVE-2017-5441 | A use-after-free vulnerability when holding a selection during scroll ... |
| CVE-2017-5440 | A use-after-free vulnerability during XSLT processing due to a failure ... |
| CVE-2017-5439 | A use-after-free vulnerability during XSLT processing due to poor hand ... |
| CVE-2017-5438 | A use-after-free vulnerability during XSLT processing due to the resul ... |
| CVE-2017-5436 | An out-of-bounds write in the Graphite 2 library triggered with a mali ... |
| CVE-2017-5435 | A use-after-free vulnerability occurs during transaction processing in ... |
| CVE-2017-5434 | A use-after-free vulnerability occurs when redirecting focus handling ... |
| CVE-2017-5433 | A use-after-free vulnerability in SMIL animation functions occurs when ... |
| CVE-2017-5432 | A use-after-free vulnerability occurs during certain text input select ... |
| CVE-2017-5430 | Memory safety bugs were reported in Firefox 52, Firefox ESR 52, and Th ... |
| CVE-2017-5429 | Memory safety bugs were reported in Firefox 52, Firefox ESR 45.8, Fire ... |
| CVE-2017-5428 | An integer overflow in "createImageBitmap()" was reported through the ... |
| CVE-2017-5427 | A non-existent chrome.manifest file will attempt to be loaded during s ... |
| CVE-2017-5426 | On Linux, if the secure computing mode BPF (seccomp-bpf) filter is run ... |
| CVE-2017-5425 | The Gecko Media Plugin sandbox allows access to local files that match ... |
| CVE-2017-5422 | If a malicious site uses the "view-source:" protocol in a series withi ... |
| CVE-2017-5421 | A malicious site could spoof the contents of the print preview window ... |
| CVE-2017-5420 | A "javascript:" url loaded by a malicious page can obfuscate its locat ... |
| CVE-2017-5419 | If a malicious site repeatedly triggers a modal authentication prompt, ... |
| CVE-2017-5418 | An out of bounds read error occurs when parsing some HTTP digest autho ... |
| CVE-2017-5417 | When dragging content from the primary browser pane to the addressbar ... |
| CVE-2017-5416 | In certain circumstances a networking event listener can be prematurel ... |
| CVE-2017-5415 | An attack can use a blob URL and script to spoof an arbitrary addressb ... |
| CVE-2017-5414 | The file picker dialog can choose and display the wrong local default ... |
| CVE-2017-5413 | A segmentation fault can occur during some bidirectional layout operat ... |
| CVE-2017-5412 | A buffer overflow read during SVG filter color value operations, resul ... |
| CVE-2017-5411 | A use-after-free can occur during buffer storage operations within the ... |
| CVE-2017-5410 | Memory corruption resulting in a potentially exploitable crash during ... |
| CVE-2017-5409 | The Mozilla Windows updater can be called by a non-privileged user to ... |
| CVE-2017-5408 | Video files loaded video captions cross-origin without checking for th ... |
| CVE-2017-5407 | Using SVG filters that don't use the fixed point math implementation o ... |
| CVE-2017-5406 | A segmentation fault can occur in the Skia graphics library during som ... |
| CVE-2017-5405 | Certain response codes in FTP connections can result in the use of uni ... |
| CVE-2017-5404 | A use-after-free error can occur when manipulating ranges in selection ... |
| CVE-2017-5403 | When adding a range to an object in the DOM, it is possible to use "ad ... |
| CVE-2017-5402 | A use-after-free can occur when events are fired for a "FontFace" obje ... |
| CVE-2017-5401 | A crash triggerable by web content in which an "ErrorResult" reference ... |
| CVE-2017-5400 | JIT-spray targeting asm.js combined with a heap spray allows for a byp ... |
| CVE-2017-5399 | Memory safety bugs were reported in Firefox 51. Some of these bugs sho ... |
| CVE-2017-5398 | Memory safety bugs were reported in Thunderbird 45.7. Some of these bu ... |
| CVE-2017-5397 | The cache directory on the local file system is set to be world writab ... |
| CVE-2017-5396 | A use-after-free vulnerability in the Media Decoder when working with ... |
| CVE-2017-5395 | Malicious sites can display a spoofed location bar on a subsequently l ... |
| CVE-2017-5394 | A location bar spoofing attack where the location bar of loaded page w ... |
| CVE-2017-5393 | The "mozAddonManager" allows for the installation of extensions from t ... |
| CVE-2017-5392 | Weak proxy objects have weak references on multiple threads when they ... |
| CVE-2017-5391 | Special "about:" pages used by web content, such as RSS feeds, can loa ... |
| CVE-2017-5390 | The JSON viewer in the Developer Tools uses insecure methods to create ... |
| CVE-2017-5389 | WebExtensions could use the "mozAddonManager" API by modifying the CSP ... |
| CVE-2017-5388 | A STUN server in conjunction with a large number of "webkitRTCPeerConn ... |
| CVE-2017-5387 | The existence of a specifically requested local file can be found due ... |
| CVE-2017-5386 | WebExtension scripts can use the "data:" protocol to affect pages load ... |
| CVE-2017-5385 | Data sent with in multipart channels, such as the multipart/x-mixed-re ... |
| CVE-2017-5384 | Proxy Auto-Config (PAC) files can specify a JavaScript function called ... |
| CVE-2017-5383 | URLs containing certain unicode glyphs for alternative hyphens and quo ... |
| CVE-2017-5382 | Feed preview for RSS feeds can be used to capture errors and exception ... |
| CVE-2017-5381 | The "export" function in the Certificate Viewer can force local filesy ... |
| CVE-2017-5380 | A potential use-after-free found through fuzzing during DOM manipulati ... |
| CVE-2017-5379 | Use-after-free vulnerability in Web Animations when interacting with c ... |
| CVE-2017-5378 | Hashed codes of JavaScript objects are shared between pages. This allo ... |
| CVE-2017-5377 | A memory corruption vulnerability in Skia that can occur when using tr ... |
| CVE-2017-5376 | Use-after-free while manipulating XSL in XSLT documents. This vulnerab ... |
| CVE-2017-5375 | JIT code allocation can allow for a bypass of ASLR and DEP protections ... |
| CVE-2017-5374 | Memory safety bugs were reported in Firefox 50.1. Some of these bugs s ... |
| CVE-2017-5373 | Memory safety bugs were reported in Firefox 50.1 and Firefox ESR 45.6. ... |
| CVE-2016-9905 | A potentially exploitable crash in "EnumerateSubDocuments" while addin ... |
| CVE-2016-9904 | An attacker could use a JavaScript Map/Set timing attack to determine ... |
| CVE-2016-9903 | Mozilla's add-ons SDK had a world-accessible resource with an HTML inj ... |
| CVE-2016-9902 | The Pocket toolbar button, once activated, listens for events fired fr ... |
| CVE-2016-9901 | HTML tags received from the Pocket server will be processed without sa ... |
| CVE-2016-9900 | External resources that should be blocked when loaded by SVG images ca ... |
| CVE-2016-9899 | Use-after-free while manipulating DOM events and removing audio elemen ... |
| CVE-2016-9898 | Use-after-free resulting in potentially exploitable crash when manipul ... |
| CVE-2016-9897 | Memory corruption resulting in a potentially exploitable crash during ... |
| CVE-2016-9896 | Use-after-free while manipulating the "navigator" object within WebVR. ... |
| CVE-2016-9895 | Event handlers on "marquee" elements were executed despite a strict Co ... |
| CVE-2016-9894 | A buffer overflow in SkiaGl caused when a GrGLBuffer is truncated duri ... |
| CVE-2016-9893 | Memory safety bugs were reported in Thunderbird 45.5. Some of these bu ... |
| CVE-2016-9080 | Memory safety bugs were reported in Firefox 50.0.2. Some of these bugs ... |
| CVE-2016-9079 | A use-after-free vulnerability in SVG Animation has been discovered. A ... |
| CVE-2016-9078 | Redirection from an HTTP connection to a "data:" URL assigns the refer ... |
| CVE-2016-9077 | Canvas allows the use of the "feDisplacementMap" filter on images load ... |
| CVE-2016-9076 | An issue where a "<select>" dropdown menu can be used to cover locatio ... |
| CVE-2016-9075 | An issue where WebExtensions can use the mozAddonManager API to elevat ... |
| CVE-2016-9073 | WebExtensions can bypass security checks to load privileged URLs and p ... |
| CVE-2016-9072 | When a new Firefox profile is created on 64-bit Windows installations, ... |
| CVE-2016-9071 | Content Security Policy combined with HTTP to HTTPS redirection can be ... |
| CVE-2016-9070 | A maliciously crafted page loaded to the sidebar through a bookmark ca ... |
| CVE-2016-9069 | A use-after-free in nsINode::ReplaceOrInsertBefore during DOM operatio ... |
| CVE-2016-9068 | A use-after-free during web animations when working with timelines res ... |
| CVE-2016-9067 | Two use-after-free errors during DOM operations resulting in potential ... |
| CVE-2016-9066 | A buffer overflow resulting in a potentially exploitable crash due to ... |
| CVE-2016-9065 | The location bar in Firefox for Android can be spoofed by forcing a us ... |
| CVE-2016-9064 | Add-on updates failed to verify that the add-on ID inside the signed p ... |
| CVE-2016-9063 | An integer overflow during the parsing of XML using the Expat library. ... |
| CVE-2016-9062 | Private browsing mode leaves metadata information, such as URLs, for s ... |
| CVE-2016-9061 | A previously installed malicious Android application which defines a s ... |
| CVE-2016-5299 | A previously installed malicious Android application with same signatu ... |
| CVE-2016-5298 | A mechanism where disruption of the loading of a new web page can caus ... |
| CVE-2016-5297 | An error in argument length checking in JavaScript, leading to potenti ... |
| CVE-2016-5296 | A heap-buffer-overflow in Cairo when processing SVG content caused by ... |
| CVE-2016-5295 | This vulnerability allows an attacker to use the Mozilla Maintenance S ... |
| CVE-2016-5294 | The Mozilla Updater can be made to choose an arbitrary target working ... |
| CVE-2016-5293 | When the Mozilla Updater is run, if the Updater's log file in the work ... |
| CVE-2016-5292 | During URL parsing, a maliciously crafted URL can cause a potentially ... |
| CVE-2016-5291 | A same-origin policy bypass with local shortcut files to load arbitrar ... |
| CVE-2016-5290 | Memory safety bugs were reported in Firefox 49 and Firefox ESR 45.4. S ... |
| CVE-2016-5289 | Memory safety bugs were reported in Firefox 49. Some of these bugs sho ... |
| CVE-2016-5288 | Web content could access information in the HTTP cache if e10s is disa ... |
| CVE-2016-5287 | A potentially exploitable use-after-free crash during actor destructio ... |
| CVE-2016-5284 | Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4, and Thunder ... |
| CVE-2016-5283 | Mozilla Firefox before 49.0 allows remote attackers to bypass the Same ... |
| CVE-2016-5282 | Mozilla Firefox before 49.0 does not properly restrict the scheme in f ... |
| CVE-2016-5281 | Use-after-free vulnerability in the DOMSVGLength class in Mozilla Fire ... |
| CVE-2016-5280 | Use-after-free vulnerability in the mozilla::nsTextNodeDirectionalityM ... |
| CVE-2016-5279 | Mozilla Firefox before 49.0 allows user-assisted remote attackers to o ... |
| CVE-2016-5278 | Heap-based buffer overflow in the nsBMPEncoder::AddImageFrame function ... |
| CVE-2016-5277 | Use-after-free vulnerability in the nsRefreshDriver::Tick function in ... |
| CVE-2016-5276 | Use-after-free vulnerability in the mozilla::a11y::DocAccessible::Proc ... |
| CVE-2016-5275 | Buffer overflow in the mozilla::gfx::FilterSupport::ComputeSourceNeede ... |
| CVE-2016-5274 | Use-after-free vulnerability in the nsFrameManager::CaptureFrameState ... |
| CVE-2016-5273 | The mozilla::a11y::HyperTextAccessible::GetChildOffset function in the ... |
| CVE-2016-5272 | The nsImageGeometryMixin class in Mozilla Firefox before 49.0, Firefox ... |
| CVE-2016-5271 | The PropertyProvider::GetSpacingInternal function in Mozilla Firefox b ... |
| CVE-2016-5270 | Heap-based buffer overflow in the nsCaseTransformTextRunFactory::Trans ... |
| CVE-2016-5268 | Mozilla Firefox before 48.0 does not properly set the LINKABLE and URI ... |
| CVE-2016-5267 | Mozilla Firefox before 48.0 on Android allows remote attackers to spoo ... |
| CVE-2016-5266 | Mozilla Firefox before 48.0 does not properly restrict drag-and-drop ( ... |
| CVE-2016-5265 | Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 allow use ... |
| CVE-2016-5264 | Use-after-free vulnerability in the nsNodeUtils::NativeAnonymousChildL ... |
| CVE-2016-5263 | The nsDisplayList::HitTest function in Mozilla Firefox before 48.0 and ... |
| CVE-2016-5262 | Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 process J ... |
| CVE-2016-5261 | Integer overflow in the WebSocketChannel class in the WebSockets subsy ... |
| CVE-2016-5260 | Mozilla Firefox before 48.0 mishandles changes from 'INPUT type="passw ... |
| CVE-2016-5259 | Use-after-free vulnerability in the CanonicalizeXPCOMParticipant funct ... |
| CVE-2016-5258 | Use-after-free vulnerability in the WebRTC socket thread in Mozilla Fi ... |
| CVE-2016-5257 | Multiple unspecified vulnerabilities in the browser engine in Mozilla ... |
| CVE-2016-5256 | Multiple unspecified vulnerabilities in the browser engine in Mozilla ... |
| CVE-2016-5255 | Use-after-free vulnerability in the js::PreliminaryObjectArray::sweep ... |
| CVE-2016-5254 | Use-after-free vulnerability in the nsXULPopupManager::KeyDown functio ... |
| CVE-2016-5253 | The Updater in Mozilla Firefox before 48.0 on Windows allows local use ... |
| CVE-2016-5252 | Stack-based buffer underflow in the mozilla::gfx::BasePoint4d function ... |
| CVE-2016-5251 | Mozilla Firefox before 48.0 allows remote attackers to spoof the locat ... |
| CVE-2016-5250 | Mozilla Firefox before 48.0, Firefox ESR < 45.4 and Thunderbird < 45.4 ... |
| CVE-2016-2839 | Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 on Linux ... |
| CVE-2016-2838 | Heap-based buffer overflow in the nsBidi::BracketData::AddOpening func ... |
| CVE-2016-2837 | Heap-based buffer overflow in the ClearKey Content Decryption Module ( ... |
| CVE-2016-2836 | Multiple unspecified vulnerabilities in the browser engine in Mozilla ... |
| CVE-2016-2835 | Multiple unspecified vulnerabilities in the browser engine in Mozilla ... |
| CVE-2016-2834 | Mozilla Network Security Services (NSS) before 3.23, as used in Mozill ... |
| CVE-2016-2833 | Mozilla Firefox before 47.0 ignores Content Security Policy (CSP) dire ... |
| CVE-2016-2832 | Mozilla Firefox before 47.0 allows remote attackers to discover the li ... |
| CVE-2016-2831 | Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2 do not en ... |
| CVE-2016-2830 | Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 preserve ... |
| CVE-2016-2829 | Mozilla Firefox before 47.0 allows remote attackers to spoof permissio ... |
| CVE-2016-2828 | Use-after-free vulnerability in Mozilla Firefox before 47.0 and Firefo ... |
| CVE-2016-2827 | The mozilla::net::IsValidReferrerPolicy function in Mozilla Firefox be ... |
| CVE-2016-2826 | The maintenance service in Mozilla Firefox before 47.0 and Firefox ESR ... |
| CVE-2016-2825 | Mozilla Firefox before 47.0 allows remote attackers to bypass the Same ... |
| CVE-2016-2824 | The TSymbolTableLevel class in ANGLE, as used in Mozilla Firefox befor ... |
| CVE-2016-2822 | Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2 allow rem ... |
| CVE-2016-2821 | Use-after-free vulnerability in the mozilla::dom::Element class in Moz ... |
| CVE-2016-2820 | The Firefox Health Reports (aka FHR or about:healthreport) feature in ... |
| CVE-2016-2819 | Heap-based buffer overflow in Mozilla Firefox before 47.0 and Firefox ... |
| CVE-2016-2818 | Multiple unspecified vulnerabilities in the browser engine in Mozilla ... |
| CVE-2016-2817 | The WebExtension sandbox feature in browser/components/extensions/ext- ... |
| CVE-2016-2816 | Mozilla Firefox before 46.0 allows remote attackers to bypass the Cont ... |
| CVE-2016-2815 | Multiple unspecified vulnerabilities in the browser engine in Mozilla ... |
| CVE-2016-2814 | Heap-based buffer overflow in the stagefright::SampleTable::parseSampl ... |
| CVE-2016-2813 | Mozilla Firefox before 46.0 on Android does not properly restrict Java ... |
| CVE-2016-2812 | Race condition in the get implementation in the ServiceWorkerManager c ... |
| CVE-2016-2811 | Use-after-free vulnerability in the ServiceWorkerInfo class in the Ser ... |
| CVE-2016-2810 | Mozilla Firefox before 46.0 on Android before 5.0 allows attackers to ... |
| CVE-2016-2809 | The Mozilla Maintenance Service updater in Mozilla Firefox before 46.0 ... |
| CVE-2016-2808 | The watch implementation in the JavaScript engine in Mozilla Firefox b ... |
| CVE-2016-2807 | Multiple unspecified vulnerabilities in the browser engine in Mozilla ... |
| CVE-2016-2806 | Multiple unspecified vulnerabilities in the browser engine in Mozilla ... |
| CVE-2016-2805 | Unspecified vulnerability in the browser engine in Mozilla Firefox ESR ... |
| CVE-2016-2804 | Multiple unspecified vulnerabilities in the browser engine in Mozilla ... |
| CVE-2016-2802 | The graphite2::TtfUtil::CmapSubtable4NextCodepoint function in Graphit ... |
| CVE-2016-2801 | The graphite2::TtfUtil::CmapSubtable12Lookup function in TtfUtil.cpp i ... |
| CVE-2016-2800 | The graphite2::Slot::getAttr function in Slot.cpp in Graphite 2 before ... |
| CVE-2016-2799 | Heap-based buffer overflow in the graphite2::Slot::setAttr function in ... |
| CVE-2016-2798 | The graphite2::GlyphCache::Loader::Loader function in Graphite 2 befor ... |
| CVE-2016-2797 | The graphite2::TtfUtil::CmapSubtable12Lookup function in Graphite 2 be ... |
| CVE-2016-2796 | Heap-based buffer overflow in the graphite2::vm::Machine::Code::Code f ... |
| CVE-2016-2795 | The graphite2::FileFace::get_table_fn function in Graphite 2 before 1. ... |
| CVE-2016-2794 | The graphite2::TtfUtil::CmapSubtable12NextCodepoint function in Graphi ... |
| CVE-2016-2793 | CachedCmap.cpp in Graphite 2 before 1.3.6, as used in Mozilla Firefox ... |
| CVE-2016-2792 | The graphite2::Slot::getAttr function in Slot.cpp in Graphite 2 before ... |
| CVE-2016-2791 | The graphite2::GlyphCache::glyph function in Graphite 2 before 1.3.6, ... |
| CVE-2016-2790 | The graphite2::TtfUtil::GetTableInfo function in Graphite 2 before 1.3 ... |
| CVE-2016-1979 | Use-after-free vulnerability in the PK11_ImportDERPrivateKeyInfoAndRet ... |
| CVE-2016-1977 | The Machine::Code::decoder::analysis::set_ref function in Graphite 2 b ... |
| CVE-2016-1974 | The nsScannerString::AppendUnicodeTo function in Mozilla Firefox befor ... |
| CVE-2016-1973 | Race condition in the GetStaticInstance function in the WebRTC impleme ... |
| CVE-2016-1969 | The setAttr function in Graphite 2 before 1.3.6, as used in Mozilla Fi ... |
| CVE-2016-1968 | Integer underflow in Brotli, as used in Mozilla Firefox before 45.0, a ... |
| CVE-2016-1967 | Mozilla Firefox before 45.0 does not properly restrict the availabilit ... |
| CVE-2016-1966 | The nsNPObjWrapper::GetNewOrUsed function in dom/plugins/base/nsJSNPRu ... |
| CVE-2016-1965 | Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 mishandle ... |
| CVE-2016-1964 | Use-after-free vulnerability in the AtomicBaseIncDec function in Mozil ... |
| CVE-2016-1963 | The FileReader class in Mozilla Firefox before 45.0 allows local users ... |
| CVE-2016-1962 | Use-after-free vulnerability in the mozilla::DataChannelConnection::Cl ... |
| CVE-2016-1961 | Use-after-free vulnerability in the nsHTMLDocument::SetBody function i ... |
| CVE-2016-1960 | Integer underflow in the nsHtml5TreeBuilder class in the HTML5 string ... |
| CVE-2016-1959 | The ServiceWorkerManager class in Mozilla Firefox before 45.0 allows r ... |
| CVE-2016-1958 | browser/base/content/browser.js in Mozilla Firefox before 45.0 and Fir ... |
| CVE-2016-1957 | Memory leak in libstagefright in Mozilla Firefox before 45.0 and Firef ... |
| CVE-2016-1956 | Mozilla Firefox before 45.0 on Linux, when an Intel video driver is us ... |
| CVE-2016-1955 | Mozilla Firefox before 45.0 allows remote attackers to bypass the Same ... |
| CVE-2016-1954 | The nsCSPContext::SendReports function in dom/security/nsCSPContext.cp ... |
| CVE-2016-1953 | Multiple unspecified vulnerabilities in the browser engine in Mozilla ... |
| CVE-2016-1952 | Multiple unspecified vulnerabilities in the browser engine in Mozilla ... |
| CVE-2016-1951 | Multiple integer overflows in io/prprf.c in Mozilla Netscape Portable ... |
| CVE-2016-1950 | Heap-based buffer overflow in Mozilla Network Security Services (NSS) ... |
| CVE-2016-1949 | Mozilla Firefox before 44.0.2 does not properly restrict the interacti ... |
| CVE-2016-0718 | Expat allows context-dependent attackers to cause a denial of service ... |
| CVE-2011-2670 | Mozilla Firefox before 3.6 is vulnerable to XSS via the rendering of C ... |
| CVE-2011-2669 | Mozilla Firefox prior to 3.6 has a DoS vulnerability due to an issue i ... |
| CVE-2011-2668 | Mozilla Firefox through 1.5.0.3 has a vulnerability in processing the ... |
| CVE-2007-0801 | The nsExternalAppHandler::SetUpTempFile function in Mozilla Firefox 1. ... |
| CVE-2006-6585 | The Extensions manager in Mozilla Firefox 2.0 does not properly popula ... |
| CVE-2006-6504 | Mozilla Firefox 2.x before 2.0.0.1, 1.5.x before 1.5.0.9, and SeaMonke ... |
| CVE-2006-6503 | Mozilla Firefox 2.x before 2.0.0.1, 1.5.x before 1.5.0.9, Thunderbird ... |
| CVE-2006-6502 | Use-after-free vulnerability in the LiveConnect bridge code for Mozill ... |
| CVE-2006-6501 | Unspecified vulnerability in Mozilla Firefox 2.x before 2.0.0.1, 1.5.x ... |
| CVE-2006-6500 | Heap-based buffer overflow in Mozilla Firefox 2.x before 2.0.0.1, 1.5. ... |
| CVE-2006-6499 | The js_dtoa function in Mozilla Firefox 2.x before 2.0.0.1, 1.5.x befo ... |
| CVE-2006-6498 | Multiple unspecified vulnerabilities in the JavaScript engine for Mozi ... |
| CVE-2006-6497 | Multiple unspecified vulnerabilities in the layout engine for Mozilla ... |
| CVE-2006-5748 | Multiple unspecified vulnerabilities in the JavaScript engine in Mozil ... |
| CVE-2006-5747 | Unspecified vulnerability in Mozilla Firefox before 1.5.0.8, Thunderbi ... |
| CVE-2006-5633 | Firefox 1.5.0.7 and 2.0, and Seamonkey 1.1b, allows remote attackers t ... |
| CVE-2006-5464 | Multiple unspecified vulnerabilities in the layout engine in Mozilla F ... |
| CVE-2006-5463 | Unspecified vulnerability in Mozilla Firefox before 1.5.0.8, Thunderbi ... |
| CVE-2006-5462 | Mozilla Network Security Service (NSS) library before 3.11.3, as used ... |
| CVE-2006-5160 | Multiple unspecified vulnerabilities in Mozilla Firefox have unspecifi ... |
| CVE-2006-4571 | Multiple unspecified vulnerabilities in Firefox before 1.5.0.7, Thunde ... |
| CVE-2006-4569 | The popup blocker in Mozilla Firefox before 1.5.0.7 opens the "blocked ... |
| CVE-2006-4568 | Mozilla Firefox before 1.5.0.7 and SeaMonkey before 1.0.5 allows remot ... |
| CVE-2006-4567 | Mozilla Firefox before 1.5.0.7 and Thunderbird before 1.5.0.7 makes it ... |
| CVE-2006-4566 | Mozilla Firefox before 1.5.0.7, Thunderbird before 1.5.0.7, and SeaMon ... |
| CVE-2006-4565 | Heap-based buffer overflow in Mozilla Firefox before 1.5.0.7, Thunderb ... |
| CVE-2006-4561 | Mozilla Firefox 1.5.0.6 allows remote attackers to execute arbitrary J ... |
| CVE-2006-4340 | Mozilla Network Security Service (NSS) library before 3.11.3, as used ... |
| CVE-2006-4310 | Mozilla Firefox 1.5.0.6 allows remote attackers to cause a denial of s ... |
| CVE-2006-4253 | Concurrency vulnerability in Mozilla Firefox 1.5.0.6 and earlier allow ... |
| CVE-2006-3812 | Mozilla Firefox before 1.5.0.5, Thunderbird before 1.5.0.5, and SeaMon ... |
| CVE-2006-3811 | Multiple vulnerabilities in Mozilla Firefox before 1.5.0.5, Thunderbir ... |
| CVE-2006-3810 | Cross-site scripting (XSS) vulnerability in Mozilla Firefox 1.5 before ... |
| CVE-2006-3809 | Mozilla Firefox before 1.5.0.5, Thunderbird before 1.5.0.5, and SeaMon ... |
| CVE-2006-3808 | Mozilla Firefox before 1.5.0.5 and SeaMonkey before 1.0.3 allows remot ... |
| CVE-2006-3807 | Mozilla Firefox before 1.5.0.5, Thunderbird before 1.5.0.5, and SeaMon ... |
| CVE-2006-3806 | Multiple integer overflows in the Javascript engine in Mozilla Firefox ... |
| CVE-2006-3805 | The Javascript engine in Mozilla Firefox before 1.5.0.5, Thunderbird b ... |
| CVE-2006-3803 | Race condition in the JavaScript garbage collection in Mozilla Firefox ... |
| CVE-2006-3802 | Mozilla Firefox before 1.5.0.5, Thunderbird before 1.5.0.5, and SeaMon ... |
| CVE-2006-3801 | Mozilla Firefox 1.5 before 1.5.0.5 and SeaMonkey before 1.0.3 does not ... |
| CVE-2006-3731 | Mozilla Firefox 1.5.0.4 and earlier allows remote user-assisted attack ... |
| CVE-2006-3677 | Mozilla Firefox 1.5 before 1.5.0.5 and SeaMonkey before 1.0.3 allows r ... |
| CVE-2006-3113 | Mozilla Firefox 1.5 before 1.5.0.5, Thunderbird before 1.5.0.5, and Se ... |
| CVE-2006-2788 | Double free vulnerability in the getRawDER function for nsIX509Cert in ... |
| CVE-2006-2787 | EvalInSandbox in Mozilla Firefox and Thunderbird before 1.5.0.4 allows ... |
| CVE-2006-2786 | HTTP response smuggling vulnerability in Mozilla Firefox and Thunderbi ... |
| CVE-2006-2785 | Cross-site scripting (XSS) vulnerability in Mozilla Firefox before 1.5 ... |
| CVE-2006-2784 | The PLUGINSPAGE functionality in Mozilla Firefox before 1.5.0.4 allows ... |
| CVE-2006-2783 | Mozilla Firefox and Thunderbird before 1.5.0.4 strip the Unicode Byte- ... |
| CVE-2006-2782 | Firefox 1.5.0.2 does not fix all test cases associated with CVE-2006-1 ... |
| CVE-2006-2780 | Integer overflow in Mozilla Firefox and Thunderbird before 1.5.0.4 all ... |
| CVE-2006-2779 | Mozilla Firefox and Thunderbird before 1.5.0.4 allow remote attackers ... |
| CVE-2006-2778 | The crypto.signText function in Mozilla Firefox and Thunderbird before ... |
| CVE-2006-2777 | Unspecified vulnerability in Mozilla Firefox before 1.5.0.4 and SeaMon ... |
| CVE-2006-2776 | Certain privileged UI code in Mozilla Firefox and Thunderbird before 1 ... |
| CVE-2006-2775 | Mozilla Firefox and Thunderbird before 1.5.0.4 associates XUL attribut ... |
| CVE-2006-2723 | Unspecified versions of Mozilla Firefox allow remote attackers to caus ... |
| CVE-2006-2332 | Mozilla Firefox 1.5.0.3 allows remote attackers to cause a denial of s ... |
| CVE-2006-1993 | Mozilla Firefox 1.5.0.2, when designMode is enabled, allows remote att ... |
| CVE-2006-1942 | Mozilla Firefox 1.5.0.2 and possibly other versions before 1.5.0.4, Ne ... |
| CVE-2006-1790 | A regression fix in Mozilla Firefox 1.0.7 allows remote attackers to c ... |
| CVE-2006-1742 | The JavaScript engine in Mozilla Firefox and Thunderbird 1.x before 1. ... |
| CVE-2006-1741 | Mozilla Firefox 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite b ... |
| CVE-2006-1740 | Mozilla Firefox 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite b ... |
| CVE-2006-1739 | The CSS border-rendering code in Mozilla Firefox and Thunderbird 1.x b ... |
| CVE-2006-1738 | Unspecified vulnerability in Mozilla Firefox and Thunderbird 1.x befor ... |
| CVE-2006-1737 | Integer overflow in Mozilla Firefox and Thunderbird 1.x before 1.5 and ... |
| CVE-2006-1736 | Mozilla Firefox 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite b ... |
| CVE-2006-1735 | Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, ... |
| CVE-2006-1734 | Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, ... |
| CVE-2006-1733 | Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, ... |
| CVE-2006-1732 | Unspecified vulnerability in Mozilla Firefox and Thunderbird 1.x befor ... |
| CVE-2006-1731 | Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, ... |
| CVE-2006-1730 | Integer overflow in Mozilla Firefox and Thunderbird 1.x before 1.5.0.2 ... |
| CVE-2006-1729 | Mozilla Firefox 1.x before 1.5.0.2 and 1.0.x before 1.0.8, Mozilla Sui ... |
| CVE-2006-1728 | Unspecified vulnerability in Mozilla Firefox and Thunderbird 1.x befor ... |
| CVE-2006-1727 | Unspecified vulnerability in Mozilla Firefox and Thunderbird 1.x befor ... |
| CVE-2006-1726 | Unspecified vulnerability in Firefox and Thunderbird 1.5 before 1.5.0. ... |
| CVE-2006-1725 | Mozilla Firefox 1.5 before 1.5.0.2 and SeaMonkey before 1.0.1 causes c ... |
| CVE-2006-1724 | Unspecified vulnerability in Firefox and Thunderbird before 1.5.0.2, 1 ... |
| CVE-2006-1723 | Unspecified vulnerability in Firefox and Thunderbird before 1.5.0.2, a ... |
| CVE-2006-1531 | Unspecified vulnerability in Firefox and Thunderbird before 1.5.0.2, a ... |
| CVE-2006-1530 | Unspecified vulnerability in Firefox and Thunderbird before 1.5.0.2, a ... |
| CVE-2006-1529 | Unspecified vulnerability in Firefox and Thunderbird before 1.5.0.2, a ... |
| CVE-2006-1045 | The HTML rendering engine in Mozilla Thunderbird 1.5, when "Block load ... |
| CVE-2006-0884 | The WYSIWYG rendering engine ("rich mail" editor) in Mozilla Thunderbi ... |
| CVE-2006-0749 | nsHTMLContentSink.cpp in Mozilla Firefox and Thunderbird 1.x before 1. ... |
| CVE-2006-0748 | Mozilla Firefox and Thunderbird 1.x before 1.5.0.2 and 1.0.x before 1. ... |
| CVE-2006-0299 | The E4X implementation in Mozilla Firefox before 1.5.0.1, Thunderbird ... |
| CVE-2006-0298 | The XML parser in Mozilla Firefox before 1.5.0.1 and SeaMonkey before ... |
| CVE-2006-0297 | Multiple integer overflows in Mozilla Firefox 1.5, Thunderbird 1.5 if ... |
| CVE-2006-0296 | The XULDocument.persist function in Mozilla, Firefox before 1.5.0.1, a ... |
| CVE-2006-0295 | Mozilla Firefox 1.5, Thunderbird 1.5 if Javascript is enabled in mail, ... |
| CVE-2006-0294 | Mozilla Firefox before 1.5.0.1, Thunderbird 1.5 if running Javascript ... |
| CVE-2006-0293 | The function allocation code (js_NewFunction in jsfun.c) in Firefox 1. ... |
| CVE-2006-0292 | The Javascript interpreter (jsinterp.c) in Mozilla and Firefox before ... |
| CVE-2005-4809 | Mozilla Firefox 1.0.1 and possibly other versions, including Mozilla a ... |
| CVE-2005-4720 | Mozilla Firefox 1.0.7 and earlier on Linux allows remote attackers to ... |
| CVE-2005-4134 | Mozilla Firefox 1.5, Netscape 8.0.4 and 7.2, and K-Meleon before 0.9.1 ... |
| CVE-2005-3896 | Mozilla allows remote attackers to cause a denial of service (CPU cons ... |
| CVE-2005-2414 | Race condition in the xpcom library, as used by web browsers such as F ... |
| CVE-2005-2353 | run-mozilla.sh in Thunderbird, with debugging enabled, allows local us ... |
| CVE-2004-2657 | Mozilla Firefox 1.5.0.1, and possibly other versions, preserves some r ... |