| Bug | Description |
|---|
| CVE-2024-29944 | An attacker was able to inject an event handler into a privileged obje ... |
| CVE-2024-10467 | Memory safety bugs present in Firefox 131, Firefox ESR 128.3, and Thun ... |
| CVE-2024-10466 | By sending a specially crafted push message, a remote server could hav ... |
| CVE-2024-10465 | A clipboard "paste" button could persist across tabs which allowed a s ... |
| CVE-2024-10464 | Repeated writes to history interface attributes could have been used t ... |
| CVE-2024-10463 | Video frames could have been leaked between origins in some situations ... |
| CVE-2024-10462 | Truncation of a long URL could have allowed origin spoofing in a permi ... |
| CVE-2024-10461 | In multipart/x-mixed-replace responses, `Content-Disposition: attachme ... |
| CVE-2024-10460 | The origin of an external protocol handler prompt could have been obsc ... |
| CVE-2024-10459 | An attacker could have caused a use-after-free when accessibility was ... |
| CVE-2024-10458 | A permission leak could have occurred from a trusted site to an untrus ... |
| CVE-2024-9680 | An attacker was able to achieve code execution in the content process ... |
| CVE-2024-9401 | Memory safety bugs present in Firefox 130, Firefox ESR 115.15, Firefox ... |
| CVE-2024-9394 | An attacker could, via a specially crafted multipart response, execute ... |
| CVE-2024-9393 | An attacker could, via a specially crafted multipart response, execute ... |
| CVE-2024-9392 | A compromised content process could have allowed for the arbitrary loa ... |
| CVE-2024-8384 | The JavaScript garbage collector could mis-color cross-compartment obj ... |
| CVE-2024-8383 | Firefox normally asks for confirmation before asking the operating sys ... |
| CVE-2024-8382 | Internal browser event interfaces were exposed to web content when pri ... |
| CVE-2024-8381 | A potentially exploitable type confusion could be triggered when looki ... |
| CVE-2024-7652 | An error in the ECMA-262 specification relating to Async Generators co ... |
| CVE-2024-7531 | Calling `PK11_Encrypt()` in NSS using CKM_CHACHA20 and the same buffer ... |
| CVE-2024-7529 | The date picker could partially obscure security prompts. This could b ... |
| CVE-2024-7527 | Unexpected marking work at the start of sweeping could have led to a u ... |
| CVE-2024-7526 | ANGLE failed to initialize parameters which lead to reading from unini ... |
| CVE-2024-7525 | It was possible for a web extension with minimal permissions to create ... |
| CVE-2024-7524 | Firefox adds web-compatibility shims in place of some tracking scripts ... |
| CVE-2024-7522 | Editor code failed to check an attribute value. This could have led to ... |
| CVE-2024-7521 | Incomplete WebAssembly exception handing could have led to a use-after ... |
| CVE-2024-7519 | Insufficient checks when processing graphics shared memory could have ... |
| CVE-2024-6604 | Memory safety bugs present in Firefox 127, Firefox ESR 115.12, and Thu ... |
| CVE-2024-6603 | In an out-of-memory scenario an allocation could fail but free would h ... |
| CVE-2024-6602 | A mismatch between allocator and deallocator could have lead to memory ... |
| CVE-2024-6601 | A race condition could lead to a cross-origin container obtaining perm ... |
| CVE-2024-6600 | Due to large allocation checks in Angle for GLSL shaders being too len ... |
| CVE-2024-5702 | Memory corruption in the networking stack could have led to a potentia ... |
| CVE-2024-5700 | Memory safety bugs present in Firefox 126, Firefox ESR 115.11, and Thu ... |
| CVE-2024-5696 | By manipulating the text in an `<input>` tag, an attacker could ... |
| CVE-2024-5693 | Offscreen Canvas did not properly track cross-origin tainting, which c ... |
| CVE-2024-5692 | On Windows 10, when using the 'Save As' functionality, an attacker cou ... |
| CVE-2024-5691 | By tricking the browser with a `X-Frame-Options` header, a sandboxed i ... |
| CVE-2024-5690 | By monitoring the time certain operations take, an attacker could have ... |
| CVE-2024-5688 | If a garbage collection was triggered at the right time, a use-after-f ... |
| CVE-2024-4777 | Memory safety bugs present in Firefox 125, Firefox ESR 115.10, and Thu ... |
| CVE-2024-4770 | When saving a page to PDF, certain font styles could have led to a pot ... |
| CVE-2024-4769 | When importing resources using Web Workers, error messages would disti ... |
| CVE-2024-4768 | A bug in popup notifications' interaction with WebAuthn made it easier ... |
| CVE-2024-4767 | If the `browser.privatebrowsing.autostart` preference is enabled, Inde ... |
| CVE-2024-4367 | A type check was missing when handling fonts in PDF.js, which would al ... |
| CVE-2024-3864 | Memory safety bug present in Firefox 124, Firefox ESR 115.9, and Thund ... |
| CVE-2024-3863 | The executable file warning was not presented when downloading .xrm-ms ... |
| CVE-2024-3861 | If an AlignedBuffer were assigned to itself, the subsequent self-move ... |
| CVE-2024-3859 | On 32-bit versions there were integer-overflows that led to an out-of- ... |
| CVE-2024-3857 | The JIT created incorrect code for arguments in certain cases. This le ... |
| CVE-2024-3854 | In some code patterns the JIT incorrectly optimized switch statements ... |
| CVE-2024-3852 | GetBoundName could return the wrong version of an object when JIT opti ... |
| CVE-2024-3302 | There was no limit to the number of HTTP/2 CONTINUATION frames that wo ... |
| CVE-2024-2616 | To harden ICU against exploitation, the behavior for out-of-memory con ... |
| CVE-2024-2614 | Memory safety bugs present in Firefox 123, Firefox ESR 115.8, and Thun ... |
| CVE-2024-2612 | If an attacker could find a way to trigger a particular code path in ` ... |
| CVE-2024-2611 | A missing delay on when pointer lock was used could have allowed a mal ... |
| CVE-2024-2610 | Using a markup injection an attacker could have stolen nonce values. T ... |
| CVE-2024-2609 | The permission prompt input delay could expire while the window is not ... |
| CVE-2024-2608 | `AppendEncodedAttributeValue(), ExtraSpaceNeededForAttrEncoding()` and ... |
| CVE-2024-2607 | Return registers were overwritten which could have allowed an attacker ... |
| CVE-2024-2605 | An attacker could have leveraged the Windows Error Reporter to run arb ... |
| CVE-2024-1553 | Memory safety bugs present in Firefox 122, Firefox ESR 115.7, and Thun ... |
| CVE-2024-1552 | Incorrect code generation could have led to unexpected numeric convers ... |
| CVE-2024-1551 | Set-Cookie response headers were being incorrectly honored in multipar ... |
| CVE-2024-1550 | A malicious website could have used a combination of exiting fullscree ... |
| CVE-2024-1549 | If a website set a large custom cursor, portions of the cursor could h ... |
| CVE-2024-1548 | A website could have obscured the fullscreen notification by using a d ... |
| CVE-2024-1547 | Through a series of API calls and redirects, an attacker-controlled al ... |
| CVE-2024-1546 | When storing and re-accessing data on a networking channel, the length ... |
| CVE-2024-0755 | Memory safety bugs present in Firefox 121, Firefox ESR 115.6, and Thun ... |
| CVE-2024-0753 | In specific HSTS configurations an attacker could have bypassed HSTS o ... |
| CVE-2024-0751 | A malicious devtools extension could have been used to escalate privil ... |
| CVE-2024-0750 | A bug in popup notifications delay calculation could have made it poss ... |
| CVE-2024-0749 | A phishing site could have repurposed an `about:` dialog to show phish ... |
| CVE-2024-0747 | When a parent page loaded a child in an iframe with `unsafe-inline`, t ... |
| CVE-2024-0746 | A Linux user opening the print preview dialog could have caused the br ... |
| CVE-2024-0743 | An unchecked return value in TLS handshake code could have caused a po ... |
| CVE-2024-0742 | It was possible for certain browser prompts and dialogs to be activate ... |
| CVE-2024-0741 | An out of bounds write in ANGLE could have allowed an attacker to corr ... |
| CVE-2023-37211 | Memory safety bugs present in Firefox 114, Firefox ESR 102.12, and Thu ... |
| CVE-2023-37208 | When opening Diagcab files, Firefox did not warn the user that these f ... |
| CVE-2023-37207 | A website could have obscured the fullscreen notification by using a U ... |
| CVE-2023-37202 | Cross-compartment wrappers wrapping a scripted proxy could have caused ... |
| CVE-2023-37201 | An attacker could have triggered a use-after-free condition when creat ... |
| CVE-2023-34416 | Memory safety bugs present in Firefox 113, Firefox ESR 102.11, and Thu ... |
| CVE-2023-34414 | The error page for sites with invalid TLS certificates was missing the ... |
| CVE-2023-32215 | Memory safety bugs present in Firefox 112 and Firefox ESR 102.10. Some ... |
| CVE-2023-32214 | Protocol handlers `ms-cxh` and `ms-cxh-full` could have been leveraged ... |
| CVE-2023-32213 | When reading a file, an uninitialized value could have been used as re ... |
| CVE-2023-32212 | An attacker could have positioned a <code>datalist</code> element to o ... |
| CVE-2023-32211 | A type checking bug would have led to invalid code being compiled. Thi ... |
| CVE-2023-32207 | A missing delay in popup notifications could have made it possible for ... |
| CVE-2023-32206 | An out-of-bound read could have led to a crash in the RLBox Expat driv ... |
| CVE-2023-32205 | In multiple cases browser prompts could have been obscured by popups c ... |
| CVE-2023-29550 | Memory safety bugs present in Firefox 111 and Firefox ESR 102.9. Some ... |
| CVE-2023-29548 | A wrong lowering instruction in the ARM64 Ion compiler resulted in a w ... |
| CVE-2023-29545 | Similar to CVE-2023-28163, this time when choosing 'Save Link As', sug ... |
| CVE-2023-29542 | A newline in a filename could have been used to bypass the file extens ... |
| CVE-2023-29541 | Firefox did not properly handle downloads of files ending in <code>.de ... |
| CVE-2023-29539 | When handling the filename directive in the Content-Disposition header ... |
| CVE-2023-29536 | An attacker could cause the memory manager to incorrectly free a point ... |
| CVE-2023-29535 | Following a Garbage Collector compaction, weak maps may have been acce ... |
| CVE-2023-29533 | A website could have obscured the fullscreen notification by using a c ... |
| CVE-2023-29532 | A local attacker can trick the Mozilla Maintenance Service into applyi ... |
| CVE-2023-29531 | An attacker could have caused an out of bounds memory access using Web ... |
| CVE-2023-28176 | Memory safety bugs present in Firefox 110 and Firefox ESR 102.8. Some ... |
| CVE-2023-28164 | Dragging a URL from a cross-origin iframe that was removed during the ... |
| CVE-2023-28163 | When downloading files through the Save As dialog on Windows with sugg ... |
| CVE-2023-28162 | While implementing AudioWorklets, some code may have casted one type t ... |
| CVE-2023-25752 | When accessing throttled streams, the count of available bytes needed ... |
| CVE-2023-25751 | Sometimes, when invalidating JIT code while following an iterator, the ... |
| CVE-2023-25746 | Memory safety bugs present in Firefox ESR 102.7. Some of these bugs sh ... |
| CVE-2023-25744 | Mmemory safety bugs present in Firefox 109 and Firefox ESR 102.7. Some ... |
| CVE-2023-25743 | A lack of in app notification for entering fullscreen mode could have ... |
| CVE-2023-25742 | When importing a SPKI RSA public key as ECDSA P-256, the key would be ... |
| CVE-2023-25739 | Module load requests that failed were not being checked as to whether ... |
| CVE-2023-25738 | Members of the <code>DEVMODEW</code> struct set by the printer device ... |
| CVE-2023-25737 | An invalid downcast from <code>nsTextNode</code> to <code>SVGElement</ ... |
| CVE-2023-25735 | Cross-compartment wrappers wrapping a scripted proxy could have caused ... |
| CVE-2023-25734 | After downloading a Windows <code>.url</code> shortcut from the local ... |
| CVE-2023-25732 | When encoding data from an <code>inputStream</code> in <code>xpcom</co ... |
| CVE-2023-25730 | A background script invoking <code>requestFullscreen</code> and then b ... |
| CVE-2023-25729 | Permission prompts for opening external schemes were only shown for <c ... |
| CVE-2023-25728 | The <code>Content-Security-Policy-Report-Only</code> header could allo ... |
| CVE-2023-23605 | Memory safety bugs present in Firefox 108 and Firefox ESR 102.6. Some ... |
| CVE-2023-23603 | Regular expressions used to filter out forbidden properties and values ... |
| CVE-2023-23602 | A mishandled security check when creating a WebSocket in a WebWorker c ... |
| CVE-2023-23601 | Navigations were being allowed when dragging a URL from a cross-origin ... |
| CVE-2023-23599 | When copying a network request from the developer tools panel as a cur ... |
| CVE-2023-23598 | Due to the Firefox GTK wrapper code's use of text/plain for drag data ... |
| CVE-2023-6867 | The timing of a button click causing a popup to disappear was approxim ... |
| CVE-2023-6865 | `EncryptingOutputStream` was susceptible to exposing uninitialized dat ... |
| CVE-2023-6864 | Memory safety bugs present in Firefox 120, Firefox ESR 115.5, and Thun ... |
| CVE-2023-6863 | The `ShutdownObserver()` was susceptible to potentially undefined beha ... |
| CVE-2023-6862 | A use-after-free was identified in the `nsDNSService::Init`. This iss ... |
| CVE-2023-6861 | The `nsWindow::PickerOpen(void)` method was susceptible to a heap buff ... |
| CVE-2023-6860 | The `VideoBridge` allowed any content process to use textures produced ... |
| CVE-2023-6859 | A use-after-free condition affected TLS socket creation when under mem ... |
| CVE-2023-6858 | Firefox was susceptible to a heap buffer overflow in `nsTextFragment` ... |
| CVE-2023-6857 | When resolving a symlink, a race may occur where the buffer passed to ... |
| CVE-2023-6856 | The WebGL `DrawElementsInstanced` method was susceptible to a heap buf ... |
| CVE-2023-6212 | Memory safety bugs present in Firefox 119, Firefox ESR 115.4, and Thun ... |
| CVE-2023-6209 | Relative URLs starting with three slashes were incorrectly parsed, and ... |
| CVE-2023-6208 | When using X11, text selected by the page using the Selection API was ... |
| CVE-2023-6207 | Ownership mismanagement led to a use-after-free in ReadableByteStreams ... |
| CVE-2023-6206 | The black fade animation when exiting fullscreen is roughly the length ... |
| CVE-2023-6205 | It was possible to cause the use of a MessagePort after it had already ... |
| CVE-2023-6204 | On some systems\u2014depending on the graphics settings and drivers\u2 ... |
| CVE-2023-5732 | An attacker could have created a malicious link using bidirectional ch ... |
| CVE-2023-5730 | Memory safety bugs present in Firefox 118, Firefox ESR 115.3, and Thun ... |
| CVE-2023-5728 | During garbage collection extra operations were performed on a object ... |
| CVE-2023-5727 | The executable file warning was not presented when downloading .msix, ... |
| CVE-2023-5726 | A website could have obscured the full screen notification by using th ... |
| CVE-2023-5725 | A malicious installed WebExtension could open arbitrary URLs, which un ... |
| CVE-2023-5724 | Drivers are not always robust to extremely large draw calls and in som ... |
| CVE-2023-5721 | It was possible for certain browser prompts and dialogs to be activate ... |
| CVE-2023-5388 | NSS was susceptible to a timing side-channel attack when performing RS ... |
| CVE-2023-5176 | Memory safety bugs present in Firefox 117, Firefox ESR 115.2, and Thun ... |
| CVE-2023-5174 | If Windows failed to duplicate a handle during process creation, the s ... |
| CVE-2023-5171 | During Ion compilation, a Garbage Collection could have resulted in a ... |
| CVE-2023-5169 | A compromised content process could have provided malicious data in a ... |
| CVE-2023-5168 | A compromised content process could have provided malicious data to `F ... |
| CVE-2023-4863 | Heap buffer overflow in libwebp in Google Chrome prior to 116.0.5845.1 ... |
| CVE-2023-4585 | Memory safety bugs present in Firefox 116, Firefox ESR 115.1, and Thun ... |
| CVE-2023-4584 | Memory safety bugs present in Firefox 116, Firefox ESR 102.14, Firefox ... |
| CVE-2023-4583 | When checking if the Browsing Context had been discarded in `HttpBaseC ... |
| CVE-2023-4582 | Due to large allocation checks in Angle for glsl shaders being too len ... |
| CVE-2023-4581 | Excel `.xll` add-in files did not have a blocklist entry in Firefox's ... |
| CVE-2023-4580 | Push notifications stored on disk in private browsing mode were not be ... |
| CVE-2023-4578 | When calling `JS::CheckRegExpSyntax` a Syntax Error could have been se ... |
| CVE-2023-4577 | When `UpdateRegExpStatics` attempted to access `initialStringHeap` it ... |
| CVE-2023-4576 | On Windows, an integer overflow could occur in `RecordedSourceSurfaceC ... |
| CVE-2023-4575 | When creating a callback over IPC for showing the File Picker window, ... |
| CVE-2023-4574 | When creating a callback over IPC for showing the Color Picker window, ... |
| CVE-2023-4573 | When receiving rendering data over IPC `mStream` could have been destr ... |
| CVE-2023-4057 | Memory safety bugs present in Firefox 115, Firefox ESR 115.0, and Thun ... |
| CVE-2023-4056 | Memory safety bugs present in Firefox 115, Firefox ESR 115.0, Firefox ... |
| CVE-2023-4055 | When the number of cookies per domain was exceeded in `document.cookie ... |
| CVE-2023-4054 | When opening appref-ms files, Firefox did not warn the user that these ... |
| CVE-2023-4053 | A website could have obscured the full screen notification by using a ... |
| CVE-2023-4052 | The Firefox updater created a directory writable by non-privileged use ... |
| CVE-2023-4051 | A website could have obscured the full screen notification by using th ... |
| CVE-2023-4050 | In some cases, an untrusted input stream was copied to a stack buffer ... |
| CVE-2023-4049 | Race conditions in reference counting code were found through code ins ... |
| CVE-2023-4048 | An out-of-bounds read could have led to an exploitable crash when pars ... |
| CVE-2023-4047 | A bug in popup notifications delay calculation could have made it poss ... |
| CVE-2023-4046 | In some circumstances, a stale value could have been used for a global ... |
| CVE-2023-4045 | Offscreen Canvas did not properly track cross-origin tainting, which c ... |
| CVE-2023-1999 | There exists a use after free/double free in libwebp. An attacker can ... |
| CVE-2023-1945 | Unexpected data returned from the Safe Browsing API could have led to ... |
| CVE-2023-0767 | An attacker could construct a PKCS 12 cert bundle in such a way that c ... |
| CVE-2022-46882 | A use-after-free in WebGL extensions could have led to a potentially e ... |
| CVE-2022-46881 | An optimization in WebGL was incorrect in some cases, and could have l ... |
| CVE-2022-46880 | A missing check related to tex units could have led to a use-after-fre ... |
| CVE-2022-46878 | Mozilla developers Randell Jesup, Valentin Gosu, Olli Pettay, and the ... |
| CVE-2022-46877 | By confusing the browser, the fullscreen notification could have been ... |
| CVE-2022-46875 | The executable file warning was not presented when downloading .atloc ... |
| CVE-2022-46874 | A file with a long filename could have had its filename truncated to r ... |
| CVE-2022-46872 | An attacker who compromised a content process could have partially esc ... |
| CVE-2022-46871 | An out of date library (libusrsctp) contained vulnerabilities that cou ... |
| CVE-2022-45421 | Mozilla developers Andrew McCreight and Gabriele Svelto reported memor ... |
| CVE-2022-45420 | Use tables inside of an iframe, an attacker could have caused iframe c ... |
| CVE-2022-45418 | If a custom mouse cursor is specified in CSS, under certain circumstan ... |
| CVE-2022-45416 | Keyboard events reference strings like "KeyA" that were at fixed, know ... |
| CVE-2022-45412 | When resolving a symlink such as <code>file:///proc/self/fd/1</code>, ... |
| CVE-2022-45411 | Cross-Site Tracing occurs when a server will echo a request back via t ... |
| CVE-2022-45410 | When a ServiceWorker intercepted a request with <code>FetchEvent</code ... |
| CVE-2022-45409 | The garbage collector could have been aborted in several states and zo ... |
| CVE-2022-45408 | Through a series of popups that reuse windowName, an attacker can caus ... |
| CVE-2022-45406 | If an out-of-memory condition occurred when creating a JavaScript glob ... |
| CVE-2022-45405 | Freeing arbitrary <code>nsIInputStream</code>'s on a different thread ... |
| CVE-2022-45404 | Through a series of popup and <code>window.print()</code> calls, an at ... |
| CVE-2022-45403 | Service Workers should not be able to infer information about opaque c ... |
| CVE-2022-42932 | Mozilla developers Ashley Hale and the Mozilla Fuzzing Team reported m ... |
| CVE-2022-42929 | If a website called `window.print()` in a particular way, it could cau ... |
| CVE-2022-42928 | Certain types of allocations were missing annotations that, if the Gar ... |
| CVE-2022-42927 | A same-origin policy violation could have allowed the theft of cross-o ... |
| CVE-2022-40962 | Mozilla developers Nika Layzell, Timothy Nikkel, Sebastian Hengst, And ... |
| CVE-2022-40960 | Concurrent use of the URL parser with non-UTF-8 data was not thread-sa ... |
| CVE-2022-40959 | During iframe navigation, certain pages did not have their FeaturePoli ... |
| CVE-2022-40958 | By injecting a cookie with certain special characters, an attacker on ... |
| CVE-2022-40957 | Inconsistent data in instruction and data cache when creating wasm cod ... |
| CVE-2022-40956 | When injecting an HTML base element, some requests would ignore the CS ... |
| CVE-2022-38478 | Members the Mozilla Fuzzing Team reported memory safety bugs present i ... |
| CVE-2022-38477 | Mozilla developer Nika Layzell and the Mozilla Fuzzing Team reported m ... |
| CVE-2022-38476 | A data race could occur in the <code>PK11_ChangePW</code> function, po ... |
| CVE-2022-38473 | A cross-origin iframe referencing an XSLT document would inherit the p ... |
| CVE-2022-38472 | An attacker could have abused XSLT error handling to associate attacke ... |
| CVE-2022-36319 | When combining CSS properties for overflow and transform, the mouse cu ... |
| CVE-2022-36318 | When visiting directory listings for `chrome://` URLs as source text, ... |
| CVE-2022-34484 | The Mozilla Fuzzing Team reported potential vulnerabilities present in ... |
| CVE-2022-34481 | In the <code>nsTArray_Impl::ReplaceElementsAt()</code> function, an in ... |
| CVE-2022-34479 | A malicious website that could create a popup could have resized the p ... |
| CVE-2022-34478 | The <code>ms-msdt</code>, <code>search</code>, and <code>search-ms</co ... |
| CVE-2022-34472 | If there was a PAC URL set and the server that hosts the PAC was not r ... |
| CVE-2022-34470 | Session history navigations may have led to a use-after-free and poten ... |
| CVE-2022-34468 | An iframe that was not permitted to run scripts could do so if the use ... |
| CVE-2022-31747 | Mozilla developers Andrew McCreight, Nicolas B. Pierron, and the Mozil ... |
| CVE-2022-31744 | An attacker could have injected CSS into stylesheets accessible via in ... |
| CVE-2022-31742 | An attacker could have exploited a timing attack by sending a large nu ... |
| CVE-2022-31741 | A crafted CMS message could have been processed incorrectly, leading t ... |
| CVE-2022-31740 | On arm64, WASM code could have resulted in incorrect assembly generati ... |
| CVE-2022-31739 | When downloading files on Windows, the % character was not escaped, wh ... |
| CVE-2022-31738 | When exiting fullscreen mode, an iframe could have confused the browse ... |
| CVE-2022-31737 | A malicious webpage could have caused an out-of-bounds write in WebGL, ... |
| CVE-2022-31736 | A malicious website could have learned the size of a cross-origin reso ... |
| CVE-2022-29917 | Mozilla developers Andrew McCreight, Gabriele Svelto, Tom Ritter and t ... |
| CVE-2022-29916 | Firefox behaved slightly differently for already known resources when ... |
| CVE-2022-29914 | When reusing existing popups Firefox would have allowed them to cover ... |
| CVE-2022-29912 | Requests initiated through reader mode did not properly omit cookies w ... |
| CVE-2022-29911 | An improper implementation of the new iframe sandbox keyword <code>all ... |
| CVE-2022-29909 | Documents in deeply-nested cross-origin browsing contexts could have o ... |
| CVE-2022-28289 | Mozilla developers and community members Nika Layzell, Andrew McCreigh ... |
| CVE-2022-28286 | Due to a layout change, iframe contents could have been rendered outsi ... |
| CVE-2022-28285 | When generating the assembly code for <code>MLoadTypedArrayElementHole ... |
| CVE-2022-28282 | By using a link with <code>rel="localization"</code> a use-after-free ... |
| CVE-2022-28281 | If a compromised content process sent an unexpected number of WebAuthN ... |
| CVE-2022-26486 | An unexpected message in the WebGPU IPC framework could lead to a use- ... |
| CVE-2022-26485 | Removing an XSLT parameter during processing could have lead to an exp ... |
| CVE-2022-26387 | When installing an add-on, Firefox verified the signature before promp ... |
| CVE-2022-26386 | Previously Firefox for macOS and Linux would download temporary files ... |
| CVE-2022-26384 | If an attacker could control the contents of an iframe sandboxed with ... |
| CVE-2022-26383 | When resizing a popup after requesting fullscreen access, the popup wo ... |
| CVE-2022-26381 | An attacker could have caused a use-after-free by forcing a text reflo ... |
| CVE-2022-24713 | regex is an implementation of regular expressions for the Rust languag ... |
| CVE-2022-22764 | Mozilla developers Paul Adenot and the Mozilla Fuzzing Team reported m ... |
| CVE-2022-22763 | When a worker is shutdown, it was possible to cause script to run late ... |
| CVE-2022-22761 | Web-accessible extension pages (pages with a moz-extension:// scheme) ... |
| CVE-2022-22760 | When importing resources using Web Workers, error messages would disti ... |
| CVE-2022-22759 | If a document created a sandboxed iframe without <code>allow-scripts</ ... |
| CVE-2022-22756 | If a user was convinced to drag and drop an image to their desktop or ... |
| CVE-2022-22754 | If a user installed an extension of a particular type, the extension c ... |
| CVE-2022-22753 | A Time-of-Check Time-of-Use bug existed in the Maintenance (Updater) S ... |
| CVE-2022-22751 | Mozilla developers Calixte Denizet, Kershaw Chang, Christian Holler, J ... |
| CVE-2022-22748 | Malicious websites could have confused Firefox into showing the wrong ... |
| CVE-2022-22747 | After accepting an untrusted certificate, handling an empty pkcs7 sequ ... |
| CVE-2022-22746 | A race condition could have allowed bypassing the fullscreen notificat ... |
| CVE-2022-22745 | Securitypolicyviolation events could have leaked cross-origin informat ... |
| CVE-2022-22744 | The constructed curl command from the "Copy as curl" feature in DevToo ... |
| CVE-2022-22743 | When navigating from inside an iframe while requesting fullscreen acce ... |
| CVE-2022-22742 | When inserting text while in edit mode, some characters might have lea ... |
| CVE-2022-22741 | When resizing a popup while requesting fullscreen access, the popup wo ... |
| CVE-2022-22740 | Certain network request objects were freed too early when releasing a ... |
| CVE-2022-22739 | Malicious websites could have tricked users into accepting launching a ... |
| CVE-2022-22738 | Applying a CSS filter effect could have accessed out of bounds memory. ... |
| CVE-2022-22737 | Constructing audio sinks could have lead to a race condition when play ... |
| CVE-2022-3266 | An out-of-bounds read can occur when decoding H264 video. This results ... |
| CVE-2022-2200 | If an object prototype was corrupted by an attacker, they would have b ... |
| CVE-2022-1802 | If an attacker was able to corrupt the methods of an Array object in J ... |
| CVE-2022-1529 | An attacker could have sent a message to the parent process where the ... |
| CVE-2022-1196 | After a VR Process is destroyed, a reference to it may have been retai ... |
| CVE-2022-1097 | <code>NSSToken</code> objects were referenced via direct points, and c ... |
| CVE-2021-43546 | It was possible to recreate previous cursor spoofing attacks against u ... |
| CVE-2021-43545 | Using the Location API in a loop could have caused severe application ... |
| CVE-2021-43543 | Documents loaded with the CSP sandbox directive could have escaped the ... |
| CVE-2021-43542 | Using XMLHttpRequest, an attacker could have identified installed appl ... |
| CVE-2021-43541 | When invoking protocol handlers for external protocols, a supplied par ... |
| CVE-2021-43539 | Failure to correctly record the location of live pointers across wasm ... |
| CVE-2021-43538 | By misusing a race in our notification code, an attacker could have fo ... |
| CVE-2021-43537 | An incorrect type conversion of sizes from 64bit to 32bit integers all ... |
| CVE-2021-43536 | Under certain circumstances, asynchronous functions could have caused ... |
| CVE-2021-43535 | A use-after-free could have occured when an HTTP2 session object was r ... |
| CVE-2021-43534 | Mozilla developers and community members reported memory safety bugs p ... |
| CVE-2021-38510 | The executable file warning was not presented when downloading .inetlo ... |
| CVE-2021-38509 | Due to an unusual sequence of attacker-controlled events, a Javascript ... |
| CVE-2021-38508 | By displaying a form validity message in the correct location at the s ... |
| CVE-2021-38507 | The Opportunistic Encryption feature of HTTP2 (RFC 8164) allows a conn ... |
| CVE-2021-38506 | Through a series of navigations, Firefox could have entered fullscreen ... |
| CVE-2021-38505 | Microsoft introduced a new feature in Windows 10 known as Cloud Clipbo ... |
| CVE-2021-38504 | When interacting with an HTML input element's file picker dialog with ... |
| CVE-2021-38503 | The iframe sandbox rules were not correctly applied to XSLT stylesheet ... |
| CVE-2021-38501 | Mozilla developers reported memory safety bugs present in Firefox 92 a ... |
| CVE-2021-38500 | Mozilla developers reported memory safety bugs present in Firefox 92 a ... |
| CVE-2021-38498 | During process shutdown, a document could have caused a use-after-free ... |
| CVE-2021-38497 | Through use of reportValidity() and window.open(), a plain-text valida ... |
| CVE-2021-38496 | During operations on MessageTasks, a task may have been removed while ... |
| CVE-2021-38493 | Mozilla developers reported memory safety bugs present in Firefox 91 a ... |
| CVE-2021-38492 | When delegating navigations to the operating system, Firefox would acc ... |
| CVE-2021-32810 | crossbeam-deque is a package of work-stealing deques for building task ... |
| CVE-2021-30547 | Out of bounds write in ANGLE in Google Chrome prior to 91.0.4472.101 a ... |
| CVE-2021-29989 | Mozilla developers reported memory safety bugs present in Firefox 90 a ... |
| CVE-2021-29988 | Firefox incorrectly treated an inline list-item element as a block ele ... |
| CVE-2021-29986 | A suspected race condition when calling getaddrinfo led to memory corr ... |
| CVE-2021-29985 | A use-after-free vulnerability in media channels could have led to mem ... |
| CVE-2021-29984 | Instruction reordering resulted in a sequence of instructions that wou ... |
| CVE-2021-29980 | Uninitialized memory in a canvas object could have caused an incorrect ... |
| CVE-2021-29976 | Mozilla developers reported memory safety bugs present in code shared ... |
| CVE-2021-29970 | A malicious webpage could have triggered a use-after-free, memory corr ... |
| CVE-2021-29967 | Mozilla developers reported memory safety bugs present in Firefox 88 a ... |
| CVE-2021-29964 | A locally-installed hostile program could send `WM_COPYDATA` messages ... |
| CVE-2021-29955 | A transient execution vulnerability, named Floating Point Value Inject ... |
| CVE-2021-29951 | The Mozilla Maintenance Service granted SERVICE_START access to BUILTI ... |
| CVE-2021-29946 | Ports that were written as an integer overflow above the bounds of a 1 ... |
| CVE-2021-29945 | The WebAssembly JIT could miscalculate the size of a return type, whic ... |
| CVE-2021-24002 | When a user clicked on an FTP URL containing encoded newline character ... |
| CVE-2021-23999 | If a Blob URL was loaded through some unusual user interaction, it cou ... |
| CVE-2021-23998 | Through complicated navigations with new windows, an HTTP page could h ... |
| CVE-2021-23995 | When Responsive Design Mode was enabled, it used references to objects ... |
| CVE-2021-23994 | A WebGL framebuffer was not initialized early enough, resulting in mem ... |
| CVE-2021-23987 | Mozilla developers and community members reported memory safety bugs p ... |
| CVE-2021-23984 | A malicious extension could have opened a popup window lacking an addr ... |
| CVE-2021-23982 | Using techniques that built on the slipstream research, a malicious we ... |
| CVE-2021-23981 | A texture upload of a Pixel Buffer Object could have confused the WebG ... |
| CVE-2021-23978 | Mozilla developers reported memory safety bugs present in Firefox 85 a ... |
| CVE-2021-23973 | When trying to load a cross-origin resource in an audio/video context ... |
| CVE-2021-23969 | As specified in the W3C Content Security Policy draft, when creating a ... |
| CVE-2021-23968 | If Content Security Policy blocked frame navigation, the full destinat ... |
| CVE-2021-23964 | Mozilla developers reported memory safety bugs present in Firefox 84 a ... |
| CVE-2021-23961 | Further techniques that built on the slipstream research combined with ... |
| CVE-2021-23960 | Performing garbage collection on re-declared JavaScript variables resu ... |
| CVE-2021-23954 | Using the new logical assignment operators in a JavaScript switch stat ... |
| CVE-2021-23953 | If a user clicked into a specifically crafted PDF, the PDF reader coul ... |
| CVE-2021-4140 | It was possible to construct specific XSLT markup that would be able t ... |
| CVE-2021-4129 | Mozilla developers and community members Julian Hector, Randell Jesup, ... |
| CVE-2021-4127 | An out of date graphics library (Angle) likely contained vulnerabiliti ... |
| CVE-2020-35113 | Mozilla developers reported memory safety bugs present in Firefox 83 a ... |
| CVE-2020-35112 | If a user downloaded a file lacking an extension on Windows, and then ... |
| CVE-2020-35111 | When an extension with the proxy permission registered to receive <all ... |
| CVE-2020-26978 | Using techniques that built on the slipstream research, a malicious we ... |
| CVE-2020-26976 | When a HTTPS pages was embedded in a HTTP page, and there was a servic ... |
| CVE-2020-26974 | When flex-basis was used on a table wrapper, a StyleGenericFlexBasis o ... |
| CVE-2020-26973 | Certain input to the CSS Sanitizer confused it, resulting in incorrect ... |
| CVE-2020-26971 | Certain blit values provided by the user were not properly constrained ... |
| CVE-2020-26968 | Mozilla developers reported memory safety bugs present in Firefox 82 a ... |
| CVE-2020-26966 | Searching for a single word from the address bar caused an mDNS reques ... |
| CVE-2020-26965 | Some websites have a feature "Show Password" where clicking a button w ... |
| CVE-2020-26961 | When DNS over HTTPS is in use, it intentionally filters RFC1918 and re ... |
| CVE-2020-26960 | If the Compact() method was called on an nsTArray, the array could hav ... |
| CVE-2020-26959 | During browser shutdown, reference decrementing could have occured on ... |
| CVE-2020-26958 | Firefox did not block execution of scripts with incorrect MIME types w ... |
| CVE-2020-26956 | In some cases, removing HTML elements during sanitization would keep e ... |
| CVE-2020-26953 | It was possible to cause the browser to enter fullscreen mode without ... |
| CVE-2020-26951 | A parsing and event loading mismatch in Firefox's SVG code could have ... |
| CVE-2020-26950 | In certain circumstances, the MCallGetProperty opcode can be emitted w ... |
| CVE-2020-16048 | Out of bounds read in ANGLE allowed a remote attacker to obtain sensit ... |
| CVE-2020-16044 | Use after free in WebRTC in Google Chrome prior to 88.0.4324.96 allowe ... |
| CVE-2020-16042 | Uninitialized Use in V8 in Google Chrome prior to 87.0.4280.88 allowed ... |
| CVE-2020-16012 | Side-channel information leakage in graphics in Google Chrome prior to ... |
| CVE-2020-15969 | Use after free in WebRTC in Google Chrome prior to 86.0.4240.75 allowe ... |
| CVE-2020-15683 | Mozilla developers and community members reported memory safety bugs p ... |
| CVE-2020-15678 | When recursing through graphical layers while scrolling, an iterator m ... |
| CVE-2020-15677 | By exploiting an Open Redirect vulnerability on a website, an attacker ... |
| CVE-2020-15676 | Firefox sometimes ran the onload handler for SVG elements that the DOM ... |
| CVE-2020-15673 | Mozilla developers reported memory safety bugs present in Firefox 80 a ... |
| CVE-2020-15669 | When aborting an operation, such as a fetch, an abort signal may be de ... |
| CVE-2020-15664 | By holding a reference to the eval() function from an about:blank wind ... |
| CVE-2020-15663 | If Firefox is installed to a user-writable directory, the Mozilla Main ... |
| CVE-2020-15659 | Mozilla developers and community members reported memory safety bugs p ... |
| CVE-2020-15652 | By observing the stack trace for JavaScript errors in web workers, it ... |
| CVE-2020-15650 | Given an installed malicious file picker application, an attacker was ... |
| CVE-2020-15649 | Given an installed malicious file picker application, an attacker was ... |
| CVE-2020-12421 | When performing add-on updates, certificate chains terminating in non- ... |
| CVE-2020-12420 | When trying to connect to a STUN server, a race condition could have c ... |
| CVE-2020-12419 | When processing callbacks that occurred during window flushing in the ... |
| CVE-2020-12418 | Manipulating individual parts of a URL object could have caused an out ... |
| CVE-2020-12417 | Due to confusion about ValueTags on JavaScript Objects, an object may ... |
| CVE-2020-12410 | Mozilla developers reported memory safety bugs present in Firefox 76 a ... |
| CVE-2020-12406 | Mozilla Developer Iain Ireland discovered a missing type check during ... |
| CVE-2020-12405 | When browsing a malicious page, a race condition in our SharedWorkerSe ... |
| CVE-2020-12399 | NSS has shown timing differences when performing DSA signatures, which ... |
| CVE-2020-12395 | Mozilla developers and community members reported memory safety bugs p ... |
| CVE-2020-12393 | The 'Copy as cURL' feature of Devtools' network tab did not properly e ... |
| CVE-2020-12392 | The 'Copy as cURL' feature of Devtools' network tab did not properly e ... |
| CVE-2020-12389 | The Firefox content processes did not sufficiently lockdown access con ... |
| CVE-2020-12388 | The Firefox content processes did not sufficiently lockdown access con ... |
| CVE-2020-12387 | A race condition when running shutdown code for Web Worker led to a us ... |
| CVE-2020-6831 | A buffer overflow could occur when parsing and validating SCTP chunks ... |
| CVE-2020-6828 | A malicious Android application could craft an Intent that would have ... |
| CVE-2020-6827 | When following a link that opened an intent://-schemed URL, causing a ... |
| CVE-2020-6825 | Mozilla developers and community members Tyson Smith and Christian Hol ... |
| CVE-2020-6822 | On 32-bit builds, an out of bounds write could have occurred when proc ... |
| CVE-2020-6821 | When reading from areas partially or fully outside the source resource ... |
| CVE-2020-6820 | Under certain conditions, when handling a ReadableStream, a race condi ... |
| CVE-2020-6819 | Under certain conditions, when running the nsDocShell destructor, a ra ... |
| CVE-2020-6814 | Mozilla developers reported memory safety bugs present in Firefox and ... |
| CVE-2020-6812 | The first time AirPods are connected to an iPhone, they become named a ... |
| CVE-2020-6811 | The 'Copy as cURL' feature of Devtools' network tab did not properly e ... |
| CVE-2020-6807 | When a device was changed while a stream was about to be destroyed, th ... |
| CVE-2020-6806 | By carefully crafting promise resolutions, it was possible to cause an ... |
| CVE-2020-6805 | When removing data about an origin whose tab was recently closed, a us ... |
| CVE-2020-6800 | Mozilla developers and community members reported memory safety bugs p ... |
| CVE-2020-6799 | Command line arguments could have been injected during Firefox invocat ... |
| CVE-2020-6798 | If a template tag was used in a select tag, the parser could be confus ... |
| CVE-2020-6797 | By downloading a file with the .fileloc extension, a semi-privileged e ... |
| CVE-2020-6796 | A content process could have modified shared memory relating to crash ... |
| CVE-2020-6514 | Inappropriate implementation in WebRTC in Google Chrome prior to 84.0. ... |
| CVE-2020-6463 | Use after free in ANGLE in Google Chrome prior to 81.0.4044.122 allowe ... |
| CVE-2019-20503 | usrsctp before 2019-12-20 has out-of-bounds reads in sctp_load_address ... |
| CVE-2019-17026 | Incorrect alias information in IonMonkey JIT compiler for setting arra ... |
| CVE-2019-17024 | Mozilla developers reported memory safety bugs present in Firefox 71 a ... |
| CVE-2019-17022 | When pasting a <style> tag from the clipboard into a rich text e ... |
| CVE-2019-17021 | During the initialization of a new content process, a race condition o ... |
| CVE-2019-17017 | Due to a missing case handling object types, a type confusion vulnerab ... |
| CVE-2019-17016 | When pasting a <style> tag from the clipboard into a rich text e ... |
| CVE-2019-17015 | During the initialization of a new content process, a pointer offset c ... |
| CVE-2019-17012 | Mozilla developers reported memory safety bugs present in Firefox 70 a ... |
| CVE-2019-17011 | Under certain conditions, when retrieving a document from a DocShell i ... |
| CVE-2019-17010 | Under certain conditions, when checking the Resist Fingerprinting pref ... |
| CVE-2019-17009 | When running, the updater service wrote status and log files to an unr ... |
| CVE-2019-17008 | When using nested workers, a use-after-free could occur during worker ... |
| CVE-2019-17005 | The plain text serializer used a fixed-size array for the number of <o ... |
| CVE-2019-15903 | In libexpat before 2.2.8, crafted XML input could fool the parser into ... |
| CVE-2019-13722 | Inappropriate implementation in WebRTC in Google Chrome prior to 79.0. ... |
| CVE-2019-13075 | Tor Browser through 8.5.3 has an information exposure vulnerability. I ... |
| CVE-2019-11764 | Mozilla developers and community members reported memory safety bugs p ... |
| CVE-2019-11763 | Failure to correctly handle null bytes when processing HTML entities r ... |
| CVE-2019-11762 | If two same-origin documents set document.domain differently to become ... |
| CVE-2019-11761 | By using a form with a data URI it was possible to gain access to the ... |
| CVE-2019-11760 | A fixed-size stack buffer could overflow in nrappkit when doing WebRTC ... |
| CVE-2019-11759 | An attacker could have caused 4 bytes of HMAC output to be written pas ... |
| CVE-2019-11758 | Mozilla community member Philipp reported a memory safety bug present ... |
| CVE-2019-11757 | When following the value's prototype chain, it was possible to retain ... |
| CVE-2019-11753 | The Firefox installer allows Firefox to be installed to a custom user ... |
| CVE-2019-11752 | It is possible to delete an IndexedDB key value and subsequently try t ... |
| CVE-2019-11751 | Logging-related command line parameters are not properly sanitized whe ... |
| CVE-2019-11750 | A type confusion vulnerability exists in Spidermonkey, which results i ... |
| CVE-2019-11749 | A vulnerability exists in WebRTC where malicious web content can use p ... |
| CVE-2019-11748 | WebRTC in Firefox will honor persisted permissions given to sites for ... |
| CVE-2019-11747 | The "Forget about this site" feature in the History pane is intended t ... |
| CVE-2019-11746 | A use-after-free vulnerability can occur while manipulating video elem ... |
| CVE-2019-11744 | Some HTML elements, such as <title> and <textarea>, can co ... |
| CVE-2019-11743 | Navigation events were not fully adhering to the W3C's "Navigation-Tim ... |
| CVE-2019-11742 | A same-origin policy violation occurs allowing the theft of cross-orig ... |
| CVE-2019-11740 | Mozilla developers and community members reported memory safety bugs p ... |
| CVE-2019-11738 | If a Content Security Policy (CSP) directive is defined that uses a ha ... |
| CVE-2019-11736 | The Mozilla Maintenance Service does not guard against files being har ... |
| CVE-2019-11735 | Mozilla developers and community members reported memory safety bugs p ... |
| CVE-2019-11730 | A vulnerability exists where if a user opens a locally saved HTML file ... |
| CVE-2019-11729 | Empty or malformed p256-ECDH public keys may trigger a segmentation fa ... |
| CVE-2019-11719 | When importing a curve25519 private key in PKCS#8format with leading 0 ... |
| CVE-2019-11717 | A vulnerability exists where the caret ("^") character is improperly e ... |
| CVE-2019-11715 | Due to an error while parsing page content, it is possible for properl ... |
| CVE-2019-11713 | A use-after-free vulnerability can occur in HTTP/2 when a cached HTTP/ ... |
| CVE-2019-11712 | POST requests made by NPAPI plugins, such as Flash, that receive a sta ... |
| CVE-2019-11711 | When an inner window is reused, it does not consider the use of docume ... |
| CVE-2019-11709 | Mozilla developers and community members reported memory safety bugs p ... |
| CVE-2019-11708 | Insufficient vetting of parameters passed with the Prompt:Open IPC mes ... |
| CVE-2019-11707 | A type confusion vulnerability can occur when manipulating JavaScript ... |
| CVE-2019-11698 | If a crafted hyperlink is dragged and dropped to the bookmark bar or s ... |
| CVE-2019-11694 | A vulnerability exists in the Windows sandbox where an uninitialized v ... |
| CVE-2019-11693 | The bufferdata function in WebGL is vulnerable to a buffer overflow wi ... |
| CVE-2019-11692 | A use-after-free vulnerability can occur when listeners are removed fr ... |
| CVE-2019-11691 | A use-after-free vulnerability can occur when working with XMLHttpRequ ... |
| CVE-2019-9820 | A use-after-free vulnerability can occur in the chrome event handler w ... |
| CVE-2019-9819 | A vulnerability where a JavaScript compartment mismatch can occur whil ... |
| CVE-2019-9818 | A race condition is present in the crash generation server used to gen ... |
| CVE-2019-9817 | Images from a different domain can be read using a canvas object in so ... |
| CVE-2019-9816 | A possible vulnerability exists where type confusion can occur when ma ... |
| CVE-2019-9815 | If hyperthreading is not disabled, a timing attack vulnerability exist ... |
| CVE-2019-9813 | Incorrect handling of __proto__ mutations may lead to type confusion i ... |
| CVE-2019-9812 | Given a compromised sandboxed content process due to a separate vulner ... |
| CVE-2019-9811 | As part of a winning Pwn2Own entry, a researcher demonstrated a sandbo ... |
| CVE-2019-9810 | Incorrect alias information in IonMonkey JIT compiler for Array.protot ... |
| CVE-2019-9801 | Firefox will accept any registered Program ID as an external protocol ... |
| CVE-2019-9800 | Mozilla developers and community members reported memory safety bugs p ... |
| CVE-2019-9797 | Cross-origin images can be read in violation of the same-origin policy ... |
| CVE-2019-9796 | A use-after-free vulnerability can occur when the SMIL animation contr ... |
| CVE-2019-9795 | A vulnerability where type-confusion in the IonMonkey just-in-time (JI ... |
| CVE-2019-9794 | A vulnerability was discovered where specific command line arguments a ... |
| CVE-2019-9793 | A mechanism was discovered that removes some bounds checking for strin ... |
| CVE-2019-9792 | The IonMonkey just-in-time (JIT) compiler can leak an internal JS_OPTI ... |
| CVE-2019-9791 | The type inference system allows the compilation of functions that can ... |
| CVE-2019-9790 | A use-after-free vulnerability can occur when a raw pointer to a DOM e ... |
| CVE-2019-9788 | Mozilla developers and community members reported memory safety bugs p ... |
| CVE-2019-7317 | png_image_free in png.c in libpng 1.6.x before 1.6.37 has a use-after- ... |
| CVE-2019-5798 | Lack of correct bounds checking in Skia in Google Chrome prior to 73.0 ... |
| CVE-2019-5785 | Incorrect convexity calculations in Skia in Google Chrome prior to 72. ... |
| CVE-2018-18511 | Cross-origin images can be read from a canvas element in violation of ... |
| CVE-2018-18506 | When proxy auto-detection is enabled, if a web server serves a Proxy A ... |
| CVE-2018-18505 | An earlier fix for an Inter-process Communication (IPC) vulnerability, ... |
| CVE-2018-18501 | Mozilla developers and community members reported memory safety bugs p ... |
| CVE-2018-18500 | A use-after-free vulnerability can occur while parsing an HTML5 stream ... |
| CVE-2018-18499 | A same-origin policy violation allowing the theft of cross-origin URL ... |
| CVE-2018-18498 | A potential vulnerability leading to an integer overflow can occur dur ... |
| CVE-2018-18494 | A same-origin policy violation allowing the theft of cross-origin URL ... |
| CVE-2018-18493 | A buffer overflow can occur in the Skia library during buffer offset c ... |
| CVE-2018-18492 | A use-after-free vulnerability can occur after deleting a selection el ... |
| CVE-2018-18356 | An integer overflow in path handling lead to a use after free in Skia ... |
| CVE-2018-18335 | Heap buffer overflow in Skia in Google Chrome prior to 71.0.3578.80 al ... |
| CVE-2018-17466 | Incorrect texture handling in Angle in Google Chrome prior to 70.0.353 ... |
| CVE-2018-12405 | Mozilla developers and community members reported memory safety bugs p ... |
| CVE-2018-12397 | A WebExtension can request access to local files without the warning p ... |
| CVE-2018-12396 | A vulnerability where a WebExtension can run content scripts in disall ... |
| CVE-2018-12395 | By rewriting the Host: request headers using the webRequest API, a Web ... |
| CVE-2018-12393 | A potential vulnerability was found in 32-bit builds where an integer ... |
| CVE-2018-12392 | When manipulating user events in nested loops while opening a document ... |
| CVE-2018-12391 | During HTTP Live Stream playback on Firefox for Android, audio data ca ... |
| CVE-2018-12390 | Mozilla developers and community members reported memory safety bugs p ... |
| CVE-2018-12389 | Mozilla developers and community members reported memory safety bugs p ... |
| CVE-2018-12387 | A vulnerability where the JavaScript JIT compiler inlines Array.protot ... |
| CVE-2018-12386 | A vulnerability in register allocation in JavaScript can lead to type ... |
| CVE-2018-12385 | A potentially exploitable crash in TransportSecurityInfo used for SSL ... |
| CVE-2018-12383 | If a user saved passwords before Firefox 58 and then later set a maste ... |
| CVE-2018-12381 | Manually dragging and dropping an Outlook email message into the brows ... |
| CVE-2018-12379 | When the Mozilla Updater opens a MAR format file which contains a very ... |
| CVE-2018-12378 | A use-after-free vulnerability can occur when an IndexedDB index is de ... |
| CVE-2018-12377 | A use-after-free vulnerability can occur when refresh driver timers ar ... |
| CVE-2018-12376 | Memory safety bugs present in Firefox 61 and Firefox ESR 60.1. Some of ... |
| CVE-2018-12368 | Windows 10 does not warn users before opening executable files with th ... |
| CVE-2018-12366 | An invalid grid size during QCMS (color profile) transformations can r ... |
| CVE-2018-12365 | A compromised IPC child process can escape the content sandbox and lis ... |
| CVE-2018-12364 | NPAPI plugins, such as Adobe Flash, can send non-simple cross-origin r ... |
| CVE-2018-12363 | A use-after-free vulnerability can occur when script uses mutation eve ... |
| CVE-2018-12362 | An integer overflow can occur during graphics operations done by the S ... |
| CVE-2018-12360 | A use-after-free vulnerability can occur when deleting an input elemen ... |
| CVE-2018-12359 | A buffer overflow can occur when rendering canvas content while adjust ... |
| CVE-2018-6126 | A precision error in Skia in Google Chrome prior to 67.0.3396.62 allow ... |
| CVE-2018-5188 | Memory safety bugs present in Firefox 60, Firefox ESR 60, and Firefox ... |
| CVE-2018-5183 | Mozilla developers backported selected changes in the Skia library. Th ... |
| CVE-2018-5178 | A buffer overflow was found during UTF8 to Unicode string conversion w ... |
| CVE-2018-5174 | In the Windows 10 April 2018 Update, Windows Defender SmartScreen hono ... |
| CVE-2018-5168 | Sites can bypass security checks on permissions to install lightweight ... |
| CVE-2018-5159 | An integer overflow can occur in the Skia library due to 32-bit intege ... |
| CVE-2018-5158 | The PDF viewer does not sufficiently sanitize PostScript calculator fu ... |
| CVE-2018-5157 | Same-origin protections for the PDF viewer can be bypassed, allowing a ... |
| CVE-2018-5156 | A vulnerability can occur when capturing a media stream when the media ... |
| CVE-2018-5155 | A use-after-free vulnerability can occur while adjusting layout during ... |
| CVE-2018-5154 | A use-after-free vulnerability can occur while enumerating attributes ... |
| CVE-2018-5150 | Memory safety bugs were reported in Firefox 59, Firefox ESR 52.7, and ... |
| CVE-2018-5148 | A use-after-free vulnerability can occur in the compositor during cert ... |
| CVE-2018-5147 | The libtremor library has the same flaw as CVE-2018-5146. This library ... |
| CVE-2018-5146 | An out of bounds memory write while processing Vorbis audio data was r ... |
| CVE-2018-5145 | Memory safety bugs were reported in Firefox ESR 52.6. These bugs showe ... |
| CVE-2018-5144 | An integer overflow can occur during conversion of text to some Unicod ... |
| CVE-2018-5131 | Under certain circumstances the "fetch()" API can return transient loc ... |
| CVE-2018-5130 | When packets with a mismatched RTP payload type are sent in WebRTC con ... |
| CVE-2018-5129 | A lack of parameter validation on IPC messages results in a potential ... |
| CVE-2018-5127 | A buffer overflow can occur when manipulating the SVG "animatedPathSeg ... |
| CVE-2018-5125 | Memory safety bugs were reported in Firefox 58 and Firefox ESR 52.6. S ... |
| CVE-2018-5124 | Unsanitized output in the browser UI leaves HTML tags in place and can ... |
| CVE-2018-5117 | If right-to-left text is used in the addressbar with left-to-right ali ... |
| CVE-2018-5104 | A use-after-free vulnerability can occur during font face manipulation ... |
| CVE-2018-5103 | A use-after-free vulnerability can occur during mouse event handling d ... |
| CVE-2018-5102 | A use-after-free vulnerability can occur when manipulating HTML media ... |
| CVE-2018-5099 | A use-after-free vulnerability can occur when the widget listener is h ... |
| CVE-2018-5098 | A use-after-free vulnerability can occur when form input elements, foc ... |
| CVE-2018-5097 | A use-after-free vulnerability can occur during XSL transformations wh ... |
| CVE-2018-5096 | A use-after-free vulnerability can occur while editing events in form ... |
| CVE-2018-5095 | An integer overflow vulnerability in the Skia library when allocating ... |
| CVE-2018-5091 | A use-after-free vulnerability can occur during WebRTC connections whe ... |
| CVE-2018-5089 | Memory safety bugs were reported in Firefox 57 and Firefox ESR 52.5. S ... |
| CVE-2017-16541 | Tor Browser before 7.0.9 on macOS and Linux allows remote attackers to ... |
| CVE-2017-7845 | A buffer overflow occurs when drawing and validating elements using Di ... |
| CVE-2017-7843 | When Private Browsing mode is used, it is possible for a web worker to ... |
| CVE-2017-7830 | The Resource Timing API incorrectly revealed navigations in cross-orig ... |
| CVE-2017-7828 | A use-after-free vulnerability can occur when flushing and resizing la ... |
| CVE-2017-7826 | Memory safety bugs were reported in Firefox 56 and Firefox ESR 52.4. S ... |
| CVE-2017-7825 | Several fonts on OS X display some Tibetan and Arabic characters as wh ... |
| CVE-2017-7824 | A buffer overflow occurs when drawing and validating elements with the ... |
| CVE-2017-7823 | The content security policy (CSP) "sandbox" directive did not create a ... |
| CVE-2017-7819 | A use-after-free vulnerability can occur in design mode when image obj ... |
| CVE-2017-7818 | A use-after-free vulnerability can occur when manipulating arrays of A ... |
| CVE-2017-7814 | File downloads encoded with "blob:" and "data:" URL elements bypassed ... |
| CVE-2017-7810 | Memory safety bugs were reported in Firefox 55 and Firefox ESR 52.3. S ... |
| CVE-2017-7809 | A use-after-free vulnerability can occur when an editor DOM node is de ... |
| CVE-2017-7807 | A mechanism that uses AppCache to hijack a URL in a domain using fallb ... |
| CVE-2017-7805 | During TLS 1.2 exchanges, handshake hashes are generated which point t ... |
| CVE-2017-7804 | The destructor function for the "WindowsDllDetourPatcher" class can be ... |
| CVE-2017-7803 | When a page's content security policy (CSP) header contains a "sandbox ... |
| CVE-2017-7802 | A use-after-free vulnerability can occur when manipulating the DOM dur ... |
| CVE-2017-7801 | A use-after-free vulnerability can occur while re-computing layout for ... |
| CVE-2017-7800 | A use-after-free vulnerability can occur in WebSockets when the object ... |
| CVE-2017-7798 | The Developer Tools feature suffers from a XUL injection vulnerability ... |
| CVE-2017-7793 | A use-after-free vulnerability can occur in the Fetch API when the wor ... |
| CVE-2017-7792 | A buffer overflow will occur when viewing a certificate in the certifi ... |
| CVE-2017-7791 | On pages containing an iframe, the "data:" protocol can be used to cre ... |
| CVE-2017-7787 | Same-origin policy protections can be bypassed on pages with embedded ... |
| CVE-2017-7786 | A buffer overflow can occur when the image renderer attempts to paint ... |
| CVE-2017-7785 | A buffer overflow can occur when manipulating Accessible Rich Internet ... |
| CVE-2017-7784 | A use-after-free vulnerability can occur when reading an image observe ... |
| CVE-2017-7782 | An error in the "WindowsDllDetourPatcher" where a RWX ("Read/Write/Exe ... |
| CVE-2017-7779 | Memory safety bugs were reported in Firefox 54, Firefox ESR 52.2, and ... |
| CVE-2017-7778 | A number of security vulnerabilities in the Graphite 2 library includi ... |
| CVE-2017-7777 | Use of uninitialized memory in Graphite2 library in Firefox before 54 ... |
| CVE-2017-7776 | Heap-based Buffer Overflow read in Graphite2 library in Firefox before ... |
| CVE-2017-7774 | Out-of-bounds read in Graphite2 Library in Firefox before 54 in graphi ... |
| CVE-2017-7773 | Heap-based Buffer Overflow write in Graphite2 library in Firefox befor ... |
| CVE-2017-7772 | Heap-based Buffer Overflow in Graphite2 library in Firefox before 54 i ... |
| CVE-2017-7771 | Out-of-bounds read in Graphite2 Library in Firefox before 54 in graphi ... |
| CVE-2017-7768 | The Mozilla Maintenance Service can be invoked by an unprivileged user ... |
| CVE-2017-7767 | The Mozilla Maintenance Service can be invoked by an unprivileged user ... |
| CVE-2017-7766 | An attack using manipulation of "updater.ini" contents, used by the Mo ... |
| CVE-2017-7765 | The "Mark of the Web" was not correctly saved on Windows when files wi ... |
| CVE-2017-7764 | Characters from the "Canadian Syllabics" unicode block can be mixed wi ... |
| CVE-2017-7763 | Default fonts on OS X display some Tibetan characters as whitespace. W ... |
| CVE-2017-7761 | The Mozilla Maintenance Service "helper.exe" application creates a tem ... |
| CVE-2017-7760 | The Mozilla Windows updater modifies some files to be updated by readi ... |
| CVE-2017-7758 | An out-of-bounds read vulnerability with the Opus encoder when the num ... |
| CVE-2017-7757 | A use-after-free vulnerability in IndexedDB when one of its objects is ... |
| CVE-2017-7756 | A use-after-free and use-after-scope vulnerability when logging errors ... |
| CVE-2017-7755 | The Firefox installer on Windows can be made to load malicious DLL fil ... |
| CVE-2017-7754 | An out-of-bounds read in WebGL with a maliciously crafted "ImageInfo" ... |
| CVE-2017-7753 | An out-of-bounds read occurs when applying style rules to pseudo-eleme ... |
| CVE-2017-7752 | A use-after-free vulnerability during specific user interactions with ... |
| CVE-2017-7751 | A use-after-free vulnerability with content viewer listeners that resu ... |
| CVE-2017-7750 | A use-after-free vulnerability during video control operations when a ... |
| CVE-2017-7749 | A use-after-free vulnerability when using an incorrect URL during the ... |
| CVE-2017-5472 | A use-after-free vulnerability with the frameloader during tree recons ... |
| CVE-2017-5470 | Memory safety bugs were reported in Firefox 53 and Firefox ESR 52.1. S ... |
| CVE-2017-5469 | Fixed potential buffer overflows in generated Firefox code due to CVE- ... |
| CVE-2017-5465 | An out-of-bounds read while processing SVG content in "ConvolvePixel". ... |
| CVE-2017-5464 | During DOM manipulations of the accessibility tree through script, the ... |
| CVE-2017-5462 | A flaw in DRBG number generation within the Network Security Services ... |
| CVE-2017-5461 | Mozilla Network Security Services (NSS) before 3.21.4, 3.22.x through ... |
| CVE-2017-5460 | A use-after-free vulnerability in frame selection triggered by a combi ... |
| CVE-2017-5459 | A buffer overflow in WebGL triggerable by web content, resulting in a ... |
| CVE-2017-5448 | An out-of-bounds write in "ClearKeyDecryptor" while decrypting some Cl ... |
| CVE-2017-5447 | An out-of-bounds read during the processing of glyph widths during tex ... |
| CVE-2017-5446 | An out-of-bounds read when an HTTP/2 connection to a servers sends "DA ... |
| CVE-2017-5445 | A vulnerability while parsing "application/http-index-format" format c ... |
| CVE-2017-5444 | A buffer overflow vulnerability while parsing "application/http-index- ... |
| CVE-2017-5443 | An out-of-bounds write vulnerability while decoding improperly formed ... |
| CVE-2017-5442 | A use-after-free vulnerability during changes in style when manipulati ... |
| CVE-2017-5441 | A use-after-free vulnerability when holding a selection during scroll ... |
| CVE-2017-5440 | A use-after-free vulnerability during XSLT processing due to a failure ... |
| CVE-2017-5439 | A use-after-free vulnerability during XSLT processing due to poor hand ... |
| CVE-2017-5438 | A use-after-free vulnerability during XSLT processing due to the resul ... |
| CVE-2017-5436 | An out-of-bounds write in the Graphite 2 library triggered with a mali ... |
| CVE-2017-5435 | A use-after-free vulnerability occurs during transaction processing in ... |
| CVE-2017-5434 | A use-after-free vulnerability occurs when redirecting focus handling ... |
| CVE-2017-5433 | A use-after-free vulnerability in SMIL animation functions occurs when ... |
| CVE-2017-5432 | A use-after-free vulnerability occurs during certain text input select ... |
| CVE-2017-5430 | Memory safety bugs were reported in Firefox 52, Firefox ESR 52, and Th ... |
| CVE-2017-5429 | Memory safety bugs were reported in Firefox 52, Firefox ESR 45.8, Fire ... |
| CVE-2017-5428 | An integer overflow in "createImageBitmap()" was reported through the ... |
| CVE-2017-5410 | Memory corruption resulting in a potentially exploitable crash during ... |
| CVE-2017-5409 | The Mozilla Windows updater can be called by a non-privileged user to ... |
| CVE-2017-5408 | Video files loaded video captions cross-origin without checking for th ... |
| CVE-2017-5407 | Using SVG filters that don't use the fixed point math implementation o ... |
| CVE-2017-5405 | Certain response codes in FTP connections can result in the use of uni ... |
| CVE-2017-5404 | A use-after-free error can occur when manipulating ranges in selection ... |
| CVE-2017-5402 | A use-after-free can occur when events are fired for a "FontFace" obje ... |
| CVE-2017-5401 | A crash triggerable by web content in which an "ErrorResult" reference ... |
| CVE-2017-5400 | JIT-spray targeting asm.js combined with a heap spray allows for a byp ... |
| CVE-2017-5398 | Memory safety bugs were reported in Thunderbird 45.7. Some of these bu ... |
| CVE-2017-5396 | A use-after-free vulnerability in the Media Decoder when working with ... |
| CVE-2017-5393 | The "mozAddonManager" allows for the installation of extensions from t ... |
| CVE-2017-5391 | Special "about:" pages used by web content, such as RSS feeds, can loa ... |
| CVE-2017-5390 | The JSON viewer in the Developer Tools uses insecure methods to create ... |
| CVE-2017-5389 | WebExtensions could use the "mozAddonManager" API by modifying the CSP ... |
| CVE-2017-5388 | A STUN server in conjunction with a large number of "webkitRTCPeerConn ... |
| CVE-2017-5387 | The existence of a specifically requested local file can be found due ... |
| CVE-2017-5386 | WebExtension scripts can use the "data:" protocol to affect pages load ... |
| CVE-2017-5385 | Data sent with in multipart channels, such as the multipart/x-mixed-re ... |
| CVE-2017-5384 | Proxy Auto-Config (PAC) files can specify a JavaScript function called ... |
| CVE-2017-5383 | URLs containing certain unicode glyphs for alternative hyphens and quo ... |
| CVE-2017-5382 | Feed preview for RSS feeds can be used to capture errors and exception ... |
| CVE-2017-5381 | The "export" function in the Certificate Viewer can force local filesy ... |
| CVE-2017-5380 | A potential use-after-free found through fuzzing during DOM manipulati ... |
| CVE-2017-5379 | Use-after-free vulnerability in Web Animations when interacting with c ... |
| CVE-2017-5378 | Hashed codes of JavaScript objects are shared between pages. This allo ... |
| CVE-2017-5377 | A memory corruption vulnerability in Skia that can occur when using tr ... |
| CVE-2017-5376 | Use-after-free while manipulating XSL in XSLT documents. This vulnerab ... |
| CVE-2017-5375 | JIT code allocation can allow for a bypass of ASLR and DEP protections ... |
| CVE-2017-5374 | Memory safety bugs were reported in Firefox 50.1. Some of these bugs s ... |
| CVE-2017-5373 | Memory safety bugs were reported in Firefox 50.1 and Firefox ESR 45.6. ... |
| CVE-2016-9905 | A potentially exploitable crash in "EnumerateSubDocuments" while addin ... |
| CVE-2016-9904 | An attacker could use a JavaScript Map/Set timing attack to determine ... |
| CVE-2016-9903 | Mozilla's add-ons SDK had a world-accessible resource with an HTML inj ... |
| CVE-2016-9902 | The Pocket toolbar button, once activated, listens for events fired fr ... |
| CVE-2016-9901 | HTML tags received from the Pocket server will be processed without sa ... |
| CVE-2016-9900 | External resources that should be blocked when loaded by SVG images ca ... |
| CVE-2016-9899 | Use-after-free while manipulating DOM events and removing audio elemen ... |
| CVE-2016-9898 | Use-after-free resulting in potentially exploitable crash when manipul ... |
| CVE-2016-9897 | Memory corruption resulting in a potentially exploitable crash during ... |
| CVE-2016-9896 | Use-after-free while manipulating the "navigator" object within WebVR. ... |
| CVE-2016-9895 | Event handlers on "marquee" elements were executed despite a strict Co ... |
| CVE-2016-9894 | A buffer overflow in SkiaGl caused when a GrGLBuffer is truncated duri ... |
| CVE-2016-9893 | Memory safety bugs were reported in Thunderbird 45.5. Some of these bu ... |
| CVE-2016-9080 | Memory safety bugs were reported in Firefox 50.0.2. Some of these bugs ... |
| CVE-2016-9079 | A use-after-free vulnerability in SVG Animation has been discovered. A ... |
| CVE-2016-9078 | Redirection from an HTTP connection to a "data:" URL assigns the refer ... |
| CVE-2016-9077 | Canvas allows the use of the "feDisplacementMap" filter on images load ... |
| CVE-2016-9076 | An issue where a "<select>" dropdown menu can be used to cover locatio ... |
| CVE-2016-9075 | An issue where WebExtensions can use the mozAddonManager API to elevat ... |
| CVE-2016-9074 | An existing mitigation of timing side-channel attacks is insufficient ... |
| CVE-2016-9073 | WebExtensions can bypass security checks to load privileged URLs and p ... |
| CVE-2016-9072 | When a new Firefox profile is created on 64-bit Windows installations, ... |
| CVE-2016-9071 | Content Security Policy combined with HTTP to HTTPS redirection can be ... |
| CVE-2016-9070 | A maliciously crafted page loaded to the sidebar through a bookmark ca ... |
| CVE-2016-9068 | A use-after-free during web animations when working with timelines res ... |
| CVE-2016-9067 | Two use-after-free errors during DOM operations resulting in potential ... |
| CVE-2016-9066 | A buffer overflow resulting in a potentially exploitable crash due to ... |
| CVE-2016-9064 | Add-on updates failed to verify that the add-on ID inside the signed p ... |
| CVE-2016-9063 | An integer overflow during the parsing of XML using the Expat library. ... |
| CVE-2016-5297 | An error in argument length checking in JavaScript, leading to potenti ... |
| CVE-2016-5296 | A heap-buffer-overflow in Cairo when processing SVG content caused by ... |
| CVE-2016-5294 | The Mozilla Updater can be made to choose an arbitrary target working ... |
| CVE-2016-5293 | When the Mozilla Updater is run, if the Updater's log file in the work ... |
| CVE-2016-5292 | During URL parsing, a maliciously crafted URL can cause a potentially ... |
| CVE-2016-5291 | A same-origin policy bypass with local shortcut files to load arbitrar ... |
| CVE-2016-5290 | Memory safety bugs were reported in Firefox 49 and Firefox ESR 45.4. S ... |
| CVE-2016-5289 | Memory safety bugs were reported in Firefox 49. Some of these bugs sho ... |
| CVE-2016-5288 | Web content could access information in the HTTP cache if e10s is disa ... |
| CVE-2016-5287 | A potentially exploitable use-after-free crash during actor destructio ... |
| CVE-2016-5284 | Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4, and Thunder ... |
| CVE-2016-5283 | Mozilla Firefox before 49.0 allows remote attackers to bypass the Same ... |
| CVE-2016-5282 | Mozilla Firefox before 49.0 does not properly restrict the scheme in f ... |
| CVE-2016-5281 | Use-after-free vulnerability in the DOMSVGLength class in Mozilla Fire ... |
| CVE-2016-5280 | Use-after-free vulnerability in the mozilla::nsTextNodeDirectionalityM ... |
| CVE-2016-5279 | Mozilla Firefox before 49.0 allows user-assisted remote attackers to o ... |
| CVE-2016-5278 | Heap-based buffer overflow in the nsBMPEncoder::AddImageFrame function ... |
| CVE-2016-5277 | Use-after-free vulnerability in the nsRefreshDriver::Tick function in ... |
| CVE-2016-5276 | Use-after-free vulnerability in the mozilla::a11y::DocAccessible::Proc ... |
| CVE-2016-5275 | Buffer overflow in the mozilla::gfx::FilterSupport::ComputeSourceNeede ... |
| CVE-2016-5274 | Use-after-free vulnerability in the nsFrameManager::CaptureFrameState ... |
| CVE-2016-5273 | The mozilla::a11y::HyperTextAccessible::GetChildOffset function in the ... |
| CVE-2016-5272 | The nsImageGeometryMixin class in Mozilla Firefox before 49.0, Firefox ... |
| CVE-2016-5271 | The PropertyProvider::GetSpacingInternal function in Mozilla Firefox b ... |
| CVE-2016-5270 | Heap-based buffer overflow in the nsCaseTransformTextRunFactory::Trans ... |
| CVE-2016-5268 | Mozilla Firefox before 48.0 does not properly set the LINKABLE and URI ... |
| CVE-2016-5267 | Mozilla Firefox before 48.0 on Android allows remote attackers to spoo ... |
| CVE-2016-5266 | Mozilla Firefox before 48.0 does not properly restrict drag-and-drop ( ... |
| CVE-2016-5265 | Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 allow use ... |
| CVE-2016-5264 | Use-after-free vulnerability in the nsNodeUtils::NativeAnonymousChildL ... |
| CVE-2016-5263 | The nsDisplayList::HitTest function in Mozilla Firefox before 48.0 and ... |
| CVE-2016-5262 | Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 process J ... |
| CVE-2016-5261 | Integer overflow in the WebSocketChannel class in the WebSockets subsy ... |
| CVE-2016-5260 | Mozilla Firefox before 48.0 mishandles changes from 'INPUT type="passw ... |
| CVE-2016-5259 | Use-after-free vulnerability in the CanonicalizeXPCOMParticipant funct ... |
| CVE-2016-5258 | Use-after-free vulnerability in the WebRTC socket thread in Mozilla Fi ... |
| CVE-2016-5257 | Multiple unspecified vulnerabilities in the browser engine in Mozilla ... |
| CVE-2016-5256 | Multiple unspecified vulnerabilities in the browser engine in Mozilla ... |
| CVE-2016-5255 | Use-after-free vulnerability in the js::PreliminaryObjectArray::sweep ... |
| CVE-2016-5254 | Use-after-free vulnerability in the nsXULPopupManager::KeyDown functio ... |
| CVE-2016-5253 | The Updater in Mozilla Firefox before 48.0 on Windows allows local use ... |
| CVE-2016-5252 | Stack-based buffer underflow in the mozilla::gfx::BasePoint4d function ... |
| CVE-2016-5251 | Mozilla Firefox before 48.0 allows remote attackers to spoof the locat ... |
| CVE-2016-5250 | Mozilla Firefox before 48.0, Firefox ESR < 45.4 and Thunderbird < 45.4 ... |
| CVE-2016-2839 | Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 on Linux ... |
| CVE-2016-2838 | Heap-based buffer overflow in the nsBidi::BracketData::AddOpening func ... |
| CVE-2016-2837 | Heap-based buffer overflow in the ClearKey Content Decryption Module ( ... |
| CVE-2016-2836 | Multiple unspecified vulnerabilities in the browser engine in Mozilla ... |
| CVE-2016-2835 | Multiple unspecified vulnerabilities in the browser engine in Mozilla ... |
| CVE-2016-2834 | Mozilla Network Security Services (NSS) before 3.23, as used in Mozill ... |
| CVE-2016-2833 | Mozilla Firefox before 47.0 ignores Content Security Policy (CSP) dire ... |
| CVE-2016-2832 | Mozilla Firefox before 47.0 allows remote attackers to discover the li ... |
| CVE-2016-2831 | Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2 do not en ... |
| CVE-2016-2830 | Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 preserve ... |
| CVE-2016-2829 | Mozilla Firefox before 47.0 allows remote attackers to spoof permissio ... |
| CVE-2016-2828 | Use-after-free vulnerability in Mozilla Firefox before 47.0 and Firefo ... |
| CVE-2016-2827 | The mozilla::net::IsValidReferrerPolicy function in Mozilla Firefox be ... |
| CVE-2016-2826 | The maintenance service in Mozilla Firefox before 47.0 and Firefox ESR ... |
| CVE-2016-2825 | Mozilla Firefox before 47.0 allows remote attackers to bypass the Same ... |
| CVE-2016-2824 | The TSymbolTableLevel class in ANGLE, as used in Mozilla Firefox befor ... |
| CVE-2016-2822 | Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2 allow rem ... |
| CVE-2016-2821 | Use-after-free vulnerability in the mozilla::dom::Element class in Moz ... |
| CVE-2016-2820 | The Firefox Health Reports (aka FHR or about:healthreport) feature in ... |
| CVE-2016-2819 | Heap-based buffer overflow in Mozilla Firefox before 47.0 and Firefox ... |
| CVE-2016-2818 | Multiple unspecified vulnerabilities in the browser engine in Mozilla ... |
| CVE-2016-2817 | The WebExtension sandbox feature in browser/components/extensions/ext- ... |
| CVE-2016-2816 | Mozilla Firefox before 46.0 allows remote attackers to bypass the Cont ... |
| CVE-2016-2815 | Multiple unspecified vulnerabilities in the browser engine in Mozilla ... |
| CVE-2016-2814 | Heap-based buffer overflow in the stagefright::SampleTable::parseSampl ... |
| CVE-2016-2813 | Mozilla Firefox before 46.0 on Android does not properly restrict Java ... |
| CVE-2016-2812 | Race condition in the get implementation in the ServiceWorkerManager c ... |
| CVE-2016-2811 | Use-after-free vulnerability in the ServiceWorkerInfo class in the Ser ... |
| CVE-2016-2810 | Mozilla Firefox before 46.0 on Android before 5.0 allows attackers to ... |
| CVE-2016-2809 | The Mozilla Maintenance Service updater in Mozilla Firefox before 46.0 ... |
| CVE-2016-2808 | The watch implementation in the JavaScript engine in Mozilla Firefox b ... |
| CVE-2016-2807 | Multiple unspecified vulnerabilities in the browser engine in Mozilla ... |
| CVE-2016-2806 | Multiple unspecified vulnerabilities in the browser engine in Mozilla ... |
| CVE-2016-2805 | Unspecified vulnerability in the browser engine in Mozilla Firefox ESR ... |
| CVE-2016-2804 | Multiple unspecified vulnerabilities in the browser engine in Mozilla ... |
| CVE-2016-2802 | The graphite2::TtfUtil::CmapSubtable4NextCodepoint function in Graphit ... |
| CVE-2016-2801 | The graphite2::TtfUtil::CmapSubtable12Lookup function in TtfUtil.cpp i ... |
| CVE-2016-2800 | The graphite2::Slot::getAttr function in Slot.cpp in Graphite 2 before ... |
| CVE-2016-2799 | Heap-based buffer overflow in the graphite2::Slot::setAttr function in ... |
| CVE-2016-2798 | The graphite2::GlyphCache::Loader::Loader function in Graphite 2 befor ... |
| CVE-2016-2797 | The graphite2::TtfUtil::CmapSubtable12Lookup function in Graphite 2 be ... |
| CVE-2016-2796 | Heap-based buffer overflow in the graphite2::vm::Machine::Code::Code f ... |
| CVE-2016-2795 | The graphite2::FileFace::get_table_fn function in Graphite 2 before 1. ... |
| CVE-2016-2794 | The graphite2::TtfUtil::CmapSubtable12NextCodepoint function in Graphi ... |
| CVE-2016-2793 | CachedCmap.cpp in Graphite 2 before 1.3.6, as used in Mozilla Firefox ... |
| CVE-2016-2792 | The graphite2::Slot::getAttr function in Slot.cpp in Graphite 2 before ... |
| CVE-2016-2791 | The graphite2::GlyphCache::glyph function in Graphite 2 before 1.3.6, ... |
| CVE-2016-2790 | The graphite2::TtfUtil::GetTableInfo function in Graphite 2 before 1.3 ... |
| CVE-2016-1979 | Use-after-free vulnerability in the PK11_ImportDERPrivateKeyInfoAndRet ... |
| CVE-2016-1977 | The Machine::Code::decoder::analysis::set_ref function in Graphite 2 b ... |
| CVE-2016-1974 | The nsScannerString::AppendUnicodeTo function in Mozilla Firefox befor ... |
| CVE-2016-1973 | Race condition in the GetStaticInstance function in the WebRTC impleme ... |
| CVE-2016-1969 | The setAttr function in Graphite 2 before 1.3.6, as used in Mozilla Fi ... |
| CVE-2016-1968 | Integer underflow in Brotli, as used in Mozilla Firefox before 45.0, a ... |
| CVE-2016-1967 | Mozilla Firefox before 45.0 does not properly restrict the availabilit ... |
| CVE-2016-1966 | The nsNPObjWrapper::GetNewOrUsed function in dom/plugins/base/nsJSNPRu ... |
| CVE-2016-1965 | Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 mishandle ... |
| CVE-2016-1964 | Use-after-free vulnerability in the AtomicBaseIncDec function in Mozil ... |
| CVE-2016-1963 | The FileReader class in Mozilla Firefox before 45.0 allows local users ... |
| CVE-2016-1962 | Use-after-free vulnerability in the mozilla::DataChannelConnection::Cl ... |
| CVE-2016-1961 | Use-after-free vulnerability in the nsHTMLDocument::SetBody function i ... |
| CVE-2016-1960 | Integer underflow in the nsHtml5TreeBuilder class in the HTML5 string ... |
| CVE-2016-1959 | The ServiceWorkerManager class in Mozilla Firefox before 45.0 allows r ... |
| CVE-2016-1958 | browser/base/content/browser.js in Mozilla Firefox before 45.0 and Fir ... |
| CVE-2016-1957 | Memory leak in libstagefright in Mozilla Firefox before 45.0 and Firef ... |
| CVE-2016-1956 | Mozilla Firefox before 45.0 on Linux, when an Intel video driver is us ... |
| CVE-2016-1955 | Mozilla Firefox before 45.0 allows remote attackers to bypass the Same ... |
| CVE-2016-1954 | The nsCSPContext::SendReports function in dom/security/nsCSPContext.cp ... |
| CVE-2016-1953 | Multiple unspecified vulnerabilities in the browser engine in Mozilla ... |
| CVE-2016-1952 | Multiple unspecified vulnerabilities in the browser engine in Mozilla ... |
| CVE-2016-1951 | Multiple integer overflows in io/prprf.c in Mozilla Netscape Portable ... |
| CVE-2016-1950 | Heap-based buffer overflow in Mozilla Network Security Services (NSS) ... |
| CVE-2016-1949 | Mozilla Firefox before 44.0.2 does not properly restrict the interacti ... |
| CVE-2016-0718 | Expat allows context-dependent attackers to cause a denial of service ... |
| CVE-2013-5594 | Mozilla Firefox before 25 allows modification of anonymous content of ... |
| CVE-2011-2670 | Mozilla Firefox before 3.6 is vulnerable to XSS via the rendering of C ... |
| CVE-2011-2669 | Mozilla Firefox prior to 3.6 has a DoS vulnerability due to an issue i ... |
| CVE-2011-2668 | Mozilla Firefox through 1.5.0.3 has a vulnerability in processing the ... |
| CVE-2007-0801 | The nsExternalAppHandler::SetUpTempFile function in Mozilla Firefox 1. ... |
| CVE-2006-6585 | The Extensions manager in Mozilla Firefox 2.0 does not properly popula ... |
| CVE-2006-6504 | Mozilla Firefox 2.x before 2.0.0.1, 1.5.x before 1.5.0.9, and SeaMonke ... |
| CVE-2006-6503 | Mozilla Firefox 2.x before 2.0.0.1, 1.5.x before 1.5.0.9, Thunderbird ... |
| CVE-2006-6502 | Use-after-free vulnerability in the LiveConnect bridge code for Mozill ... |
| CVE-2006-6501 | Unspecified vulnerability in Mozilla Firefox 2.x before 2.0.0.1, 1.5.x ... |
| CVE-2006-6499 | The js_dtoa function in Mozilla Firefox 2.x before 2.0.0.1, 1.5.x befo ... |
| CVE-2006-6498 | Multiple unspecified vulnerabilities in the JavaScript engine for Mozi ... |
| CVE-2006-6497 | Multiple unspecified vulnerabilities in the layout engine for Mozilla ... |
| CVE-2006-5748 | Multiple unspecified vulnerabilities in the JavaScript engine in Mozil ... |
| CVE-2006-5747 | Unspecified vulnerability in Mozilla Firefox before 1.5.0.8, Thunderbi ... |
| CVE-2006-5633 | Firefox 1.5.0.7 and 2.0, and Seamonkey 1.1b, allows remote attackers t ... |
| CVE-2006-5464 | Multiple unspecified vulnerabilities in the layout engine in Mozilla F ... |
| CVE-2006-5463 | Unspecified vulnerability in Mozilla Firefox before 1.5.0.8, Thunderbi ... |
| CVE-2006-5462 | Mozilla Network Security Service (NSS) library before 3.11.3, as used ... |
| CVE-2006-4310 | Mozilla Firefox 1.5.0.6 allows remote attackers to cause a denial of s ... |
| CVE-2006-2723 | Unspecified versions of Mozilla Firefox allow remote attackers to caus ... |