| Bug | Description |
|---|
| CVE-2020-6800 | Mozilla developers and community members reported memory safety bugs p ... |
| CVE-2020-6798 | If a template tag was used in a select tag, the parser could be confus ... |
| CVE-2020-6797 | By downloading a file with the .fileloc extension, a semi-privileged e ... |
| CVE-2020-6795 | When processing a message that contains multiple S/MIME signatures, a ... |
| CVE-2020-6794 | If a user saved passwords before Thunderbird 60 and then later set a m ... |
| CVE-2020-6793 | When processing an email message with an ill-formed envelope, Thunderb ... |
| CVE-2020-6792 | When deriving an identifier for an email message, uninitialized memory ... |
| CVE-2019-9820 | A use-after-free vulnerability can occur in the chrome event handler w ... |
| CVE-2019-9819 | A vulnerability where a JavaScript compartment mismatch can occur whil ... |
| CVE-2019-9818 | A race condition is present in the crash generation server used to gen ... |
| CVE-2019-9817 | Images from a different domain can be read using a canvas object in so ... |
| CVE-2019-9816 | A possible vulnerability exists where type confusion can occur when ma ... |
| CVE-2019-9815 | If hyperthreading is not disabled, a timing attack vulnerability exist ... |
| CVE-2019-9811 | As part of a winning Pwn2Own entry, a researcher demonstrated a sandbo ... |
| CVE-2019-9801 | Firefox will accept any registered Program ID as an external protocol ... |
| CVE-2019-9800 | Mozilla developers and community members reported memory safety bugs p ... |
| CVE-2019-9797 | Cross-origin images can be read in violation of the same-origin policy ... |
| CVE-2019-9796 | A use-after-free vulnerability can occur when the SMIL animation contr ... |
| CVE-2019-9795 | A vulnerability where type-confusion in the IonMonkey just-in-time (JI ... |
| CVE-2019-9794 | A vulnerability was discovered where specific command line arguments a ... |
| CVE-2019-9793 | A mechanism was discovered that removes some bounds checking for strin ... |
| CVE-2019-9792 | The IonMonkey just-in-time (JIT) compiler can leak an internal JS_OPTI ... |
| CVE-2019-9791 | The type inference system allows the compilation of functions that can ... |
| CVE-2019-9790 | A use-after-free vulnerability can occur when a raw pointer to a DOM e ... |
| CVE-2019-9788 | Mozilla developers and community members reported memory safety bugs p ... |
| CVE-2019-7317 | png_image_free in png.c in libpng 1.6.x before 1.6.37 has a use-after- ... |
| CVE-2019-5798 | Lack of correct bounds checking in Skia in Google Chrome prior to 73.0 ... |
| CVE-2019-5785 | Incorrect convexity calculations in Skia in Google Chrome prior to 72. ... |
| CVE-2019-17026 | Incorrect alias information in IonMonkey JIT compiler for setting arra ... |
| CVE-2019-17024 | Mozilla developers reported memory safety bugs present in Firefox 71 a ... |
| CVE-2019-17022 | When pasting a <style> tag from the clipboard into a ric ... |
| CVE-2019-17021 | During the initialization of a new content process, a race condition o ... |
| CVE-2019-17017 | Due to a missing case handling object types, a type confusion vulnerab ... |
| CVE-2019-17016 | When pasting a <style> tag from the clipboard into a ric ... |
| CVE-2019-17015 | During the initialization of a new content process, a pointer offset c ... |
| CVE-2019-17012 | Mozilla developers reported memory safety bugs present in Firefox 70 a ... |
| CVE-2019-17011 | Under certain conditions, when retrieving a document from a DocShell i ... |
| CVE-2019-17010 | Under certain conditions, when checking the Resist Fingerprinting pref ... |
| CVE-2019-17009 | When running, the updater service wrote status and log files to an unr ... |
| CVE-2019-17008 | When using nested workers, a use-after-free could occur during worker ... |
| CVE-2019-17005 | The plain text serializer used a fixed-size array for the number of &l ... |
| CVE-2019-15903 | In libexpat before 2.2.8, crafted XML input could fool the parser into ... |
| CVE-2019-13722 | Inappropriate implementation in WebRTC in Google Chrome prior to 79.0. ... |
| CVE-2019-11764 | Mozilla developers and community members reported memory safety bugs p ... |
| CVE-2019-11763 | Failure to correctly handle null bytes when processing HTML entities r ... |
| CVE-2019-11762 | If two same-origin documents set document.domain differently to become ... |
| CVE-2019-11761 | By using a form with a data URI it was possible to gain access to the ... |
| CVE-2019-11760 | A fixed-size stack buffer could overflow in nrappkit when doing WebRTC ... |
| CVE-2019-11759 | An attacker could have caused 4 bytes of HMAC output to be written pas ... |
| CVE-2019-11758 | Mozilla community member Philipp reported a memory safety bug present ... |
| CVE-2019-11757 | When following the value's prototype chain, it was possible to retain ... |
| CVE-2019-11755 | A crafted S/MIME message consisting of an inner encryption layer and a ... |
| CVE-2019-11752 | It is possible to delete an IndexedDB key value and subsequently try t ... |
| CVE-2019-11746 | A use-after-free vulnerability can occur while manipulating video elem ... |
| CVE-2019-11744 | Some HTML elements, such as <title> and <textarea ... |
| CVE-2019-11743 | Navigation events were not fully adhering to the W3C's "Navigation-Tim ... |
| CVE-2019-11742 | A same-origin policy violation occurs allowing the theft of cross-orig ... |
| CVE-2019-11740 | Mozilla developers and community members reported memory safety bugs p ... |
| CVE-2019-11739 | Encrypted S/MIME parts in a crafted multipart/alternative message can ... |
| CVE-2019-11730 | A vulnerability exists where if a user opens a locally saved HTML file ... |
| CVE-2019-11729 | Empty or malformed p256-ECDH public keys may trigger a segmentation fa ... |
| CVE-2019-11719 | When importing a curve25519 private key in PKCS#8format with leading 0 ... |
| CVE-2019-11717 | A vulnerability exists where the caret ("^") character is improperly e ... |
| CVE-2019-11715 | Due to an error while parsing page content, it is possible for properl ... |
| CVE-2019-11713 | A use-after-free vulnerability can occur in HTTP/2 when a cached HTTP/ ... |
| CVE-2019-11712 | POST requests made by NPAPI plugins, such as Flash, that receive a sta ... |
| CVE-2019-11711 | When an inner window is reused, it does not consider the use of docume ... |
| CVE-2019-11709 | Mozilla developers and community members reported memory safety bugs p ... |
| CVE-2019-11708 | Insufficient vetting of parameters passed with the Prompt:Open IPC mes ... |
| CVE-2019-11707 | A type confusion vulnerability can occur when manipulating JavaScript ... |
| CVE-2019-11706 | A flaw in Thunderbird's implementation of iCal causes a type confusion ... |
| CVE-2019-11705 | A flaw in Thunderbird's implementation of iCal causes a stack buffer o ... |
| CVE-2019-11704 | A flaw in Thunderbird's implementation of iCal causes a heap buffer ov ... |
| CVE-2019-11703 | A flaw in Thunderbird's implementation of iCal causes a heap buffer ov ... |
| CVE-2019-11698 | If a crafted hyperlink is dragged and dropped to the bookmark bar or s ... |
| CVE-2019-11694 | A vulnerability exists in the Windows sandbox where an uninitialized v ... |
| CVE-2019-11693 | The bufferdata function in WebGL is vulnerable to a buffer overflow wi ... |
| CVE-2019-11692 | A use-after-free vulnerability can occur when listeners are removed fr ... |
| CVE-2019-11691 | A use-after-free vulnerability can occur when working with XMLHttpRequ ... |
| CVE-2018-5188 | Memory safety bugs present in Firefox 60, Firefox ESR 60, and Firefox ... |
| CVE-2018-5187 | Memory safety bugs present in Firefox 60 and Firefox ESR 60. Some of t ... |
| CVE-2018-5185 | Plaintext of decrypted emails can leak through by user submitting an e ... |
| CVE-2018-5184 | Using remote content in encrypted messages can lead to the disclosure ... |
| CVE-2018-5183 | Mozilla developers backported selected changes in the Skia library. Th ... |
| CVE-2018-5178 | A buffer overflow was found during UTF8 to Unicode string conversion w ... |
| CVE-2018-5174 | In the Windows 10 April 2018 Update, Windows Defender SmartScreen hono ... |
| CVE-2018-5170 | It is possible to spoof the filename of an attachment and display an a ... |
| CVE-2018-5168 | Sites can bypass security checks on permissions to install lightweight ... |
| CVE-2018-5162 | Plaintext of decrypted emails can leak through the src attribute of re ... |
| CVE-2018-5161 | Crafted message headers can cause a Thunderbird process to hang on rec ... |
| CVE-2018-5159 | An integer overflow can occur in the Skia library due to 32-bit intege ... |
| CVE-2018-5156 | A vulnerability can occur when capturing a media stream when the media ... |
| CVE-2018-5155 | A use-after-free vulnerability can occur while adjusting layout during ... |
| CVE-2018-5154 | A use-after-free vulnerability can occur while enumerating attributes ... |
| CVE-2018-5150 | Memory safety bugs were reported in Firefox 59, Firefox ESR 52.7, and ... |
| CVE-2018-5146 | An out of bounds memory write while processing Vorbis audio data was r ... |
| CVE-2018-5145 | Memory safety bugs were reported in Firefox ESR 52.6. These bugs showe ... |
| CVE-2018-5144 | An integer overflow can occur during conversion of text to some Unicod ... |
| CVE-2018-5129 | A lack of parameter validation on IPC messages results in a potential ... |
| CVE-2018-5127 | A buffer overflow can occur when manipulating the SVG "animatedPathSeg ... |
| CVE-2018-5125 | Memory safety bugs were reported in Firefox 58 and Firefox ESR 52.6. S ... |
| CVE-2018-5117 | If right-to-left text is used in the addressbar with left-to-right ali ... |
| CVE-2018-5104 | A use-after-free vulnerability can occur during font face manipulation ... |
| CVE-2018-5103 | A use-after-free vulnerability can occur during mouse event handling d ... |
| CVE-2018-5102 | A use-after-free vulnerability can occur when manipulating HTML media ... |
| CVE-2018-5099 | A use-after-free vulnerability can occur when the widget listener is h ... |
| CVE-2018-5098 | A use-after-free vulnerability can occur when form input elements, foc ... |
| CVE-2018-5097 | A use-after-free vulnerability can occur during XSL transformations wh ... |
| CVE-2018-5096 | A use-after-free vulnerability can occur while editing events in form ... |
| CVE-2018-5095 | An integer overflow vulnerability in the Skia library when allocating ... |
| CVE-2018-5091 | A use-after-free vulnerability can occur during WebRTC connections whe ... |
| CVE-2018-5089 | Memory safety bugs were reported in Firefox 57 and Firefox ESR 52.5. S ... |
| CVE-2018-18513 | A crash can occur when processing a crafted S/MIME message or an XPI p ... |
| CVE-2018-18512 | A use-after-free vulnerability can occur while playing a sound notific ... |
| CVE-2018-18511 | Cross-origin images can be read from a canvas element in violation of ... |
| CVE-2018-18509 | A flaw during verification of certain S/MIME signatures causes emails ... |
| CVE-2018-18506 | When proxy auto-detection is enabled, if a web server serves a Proxy A ... |
| CVE-2018-18505 | An earlier fix for an Inter-process Communication (IPC) vulnerability, ... |
| CVE-2018-18501 | Mozilla developers and community members reported memory safety bugs p ... |
| CVE-2018-18500 | A use-after-free vulnerability can occur while parsing an HTML5 stream ... |
| CVE-2018-18499 | A same-origin policy violation allowing the theft of cross-origin URL ... |
| CVE-2018-18498 | A potential vulnerability leading to an integer overflow can occur dur ... |
| CVE-2018-18494 | A same-origin policy violation allowing the theft of cross-origin URL ... |
| CVE-2018-18493 | A buffer overflow can occur in the Skia library during buffer offset c ... |
| CVE-2018-18492 | A use-after-free vulnerability can occur after deleting a selection el ... |
| CVE-2018-18356 | An integer overflow in path handling lead to a use after free in Skia ... |
| CVE-2018-18335 | Heap buffer overflow in Skia in Google Chrome prior to 71.0.3578.80 al ... |
| CVE-2018-17466 | Incorrect texture handling in Angle in Google Chrome prior to 70.0.353 ... |
| CVE-2018-12405 | Mozilla developers and community members reported memory safety bugs p ... |
| CVE-2018-12393 | A potential vulnerability was found in 32-bit builds where an integer ... |
| CVE-2018-12392 | When manipulating user events in nested loops while opening a document ... |
| CVE-2018-12391 | During HTTP Live Stream playback on Firefox for Android, audio data ca ... |
| CVE-2018-12390 | Mozilla developers and community members reported memory safety bugs p ... |
| CVE-2018-12389 | Mozilla developers and community members reported memory safety bugs p ... |
| CVE-2018-12385 | A potentially exploitable crash in TransportSecurityInfo used for SSL ... |
| CVE-2018-12383 | If a user saved passwords before Firefox 58 and then later set a maste ... |
| CVE-2018-12379 | When the Mozilla Updater opens a MAR format file which contains a very ... |
| CVE-2018-12378 | A use-after-free vulnerability can occur when an IndexedDB index is de ... |
| CVE-2018-12377 | A use-after-free vulnerability can occur when refresh driver timers ar ... |
| CVE-2018-12376 | Memory safety bugs present in Firefox 61 and Firefox ESR 60.1. Some of ... |
| CVE-2018-12374 | Plaintext of decrypted emails can leak through by user submitting an e ... |
| CVE-2018-12373 | dDecrypted S/MIME parts hidden with CSS or the plaintext HTML tag can ... |
| CVE-2018-12372 | Decrypted S/MIME parts, when included in HTML crafted for an attack, c ... |
| CVE-2018-12371 | |
| CVE-2018-12368 | Windows 10 does not warn users before opening executable files with th ... |
| CVE-2018-12367 | In the previous mitigations for Spectre, the resolution or precision o ... |
| CVE-2018-12366 | An invalid grid size during QCMS (color profile) transformations can r ... |
| CVE-2018-12365 | A compromised IPC child process can escape the content sandbox and lis ... |
| CVE-2018-12364 | NPAPI plugins, such as Adobe Flash, can send non-simple cross-origin r ... |
| CVE-2018-12363 | A use-after-free vulnerability can occur when script uses mutation eve ... |
| CVE-2018-12362 | An integer overflow can occur during graphics operations done by the S ... |
| CVE-2018-12361 | An integer overflow can occur in the SwizzleData code while calculatin ... |
| CVE-2018-12360 | A use-after-free vulnerability can occur when deleting an input elemen ... |
| CVE-2018-12359 | A buffer overflow can occur when rendering canvas content while adjust ... |
| CVE-2017-7848 | RSS fields can inject new lines into the created email structure, modi ... |
| CVE-2017-7847 | Crafted CSS in an RSS feed can leak and reveal local path strings, whi ... |
| CVE-2017-7846 | It is possible to execute JavaScript in the parsed RSS feed when RSS f ... |
| CVE-2017-7845 | A buffer overflow occurs when drawing and validating elements using Di ... |
| CVE-2017-7830 | The Resource Timing API incorrectly revealed navigations in cross-orig ... |
| CVE-2017-7829 | It is possible to spoof the sender's email address and display an arbi ... |
| CVE-2017-7828 | A use-after-free vulnerability can occur when flushing and resizing la ... |
| CVE-2017-7826 | Memory safety bugs were reported in Firefox 56 and Firefox ESR 52.4. S ... |
| CVE-2017-7824 | A buffer overflow occurs when drawing and validating elements with the ... |
| CVE-2017-7823 | The content security policy (CSP) "sandbox" directive did not create a ... |
| CVE-2017-7819 | A use-after-free vulnerability can occur in design mode when image obj ... |
| CVE-2017-7818 | A use-after-free vulnerability can occur when manipulating arrays of A ... |
| CVE-2017-7814 | File downloads encoded with "blob:" and "data:" URL elements bypassed ... |
| CVE-2017-7810 | Memory safety bugs were reported in Firefox 55 and Firefox ESR 52.3. S ... |
| CVE-2017-7805 | During TLS 1.2 exchanges, handshake hashes are generated which point t ... |
| CVE-2017-7793 | A use-after-free vulnerability can occur in the Fetch API when the wor ... |
| CVE-2017-16541 | Tor Browser before 7.0.9 on macOS and Linux allows remote attackers to ... |
| CVE-2016-5824 | libical 1.0 allows remote attackers to cause a denial of service (use- ... |
| CVE-2006-4571 | Multiple unspecified vulnerabilities in Firefox before 1.5.0.7, Thunde ... |
| CVE-2006-4570 | Mozilla Thunderbird before 1.5.0.7 and SeaMonkey before 1.0.5, with "L ... |
| CVE-2006-4569 | The popup blocker in Mozilla Firefox before 1.5.0.7 opens the "blocked ... |
| CVE-2006-4568 | Mozilla Firefox before 1.5.0.7 and SeaMonkey before 1.0.5 allows remot ... |
| CVE-2006-4567 | Mozilla Firefox before 1.5.0.7 and Thunderbird before 1.5.0.7 makes it ... |
| CVE-2006-4566 | Mozilla Firefox before 1.5.0.7, Thunderbird before 1.5.0.7, and SeaMon ... |
| CVE-2006-4565 | Heap-based buffer overflow in Mozilla Firefox before 1.5.0.7, Thunderb ... |
| CVE-2006-4340 | Mozilla Network Security Service (NSS) library before 3.11.3, as used ... |
| CVE-2006-4253 | Concurrency vulnerability in Mozilla Firefox 1.5.0.6 and earlier allow ... |
| CVE-2006-3812 | Mozilla Firefox before 1.5.0.5, Thunderbird before 1.5.0.5, and SeaMon ... |
| CVE-2006-3811 | Multiple vulnerabilities in Mozilla Firefox before 1.5.0.5, Thunderbir ... |
| CVE-2006-3810 | Cross-site scripting (XSS) vulnerability in Mozilla Firefox 1.5 before ... |
| CVE-2006-3809 | Mozilla Firefox before 1.5.0.5, Thunderbird before 1.5.0.5, and SeaMon ... |
| CVE-2006-3808 | Mozilla Firefox before 1.5.0.5 and SeaMonkey before 1.0.3 allows remot ... |
| CVE-2006-3807 | Mozilla Firefox before 1.5.0.5, Thunderbird before 1.5.0.5, and SeaMon ... |
| CVE-2006-3806 | Multiple integer overflows in the Javascript engine in Mozilla Firefox ... |
| CVE-2006-3805 | The Javascript engine in Mozilla Firefox before 1.5.0.5, Thunderbird b ... |
| CVE-2006-3804 | Heap-based buffer overflow in Mozilla Thunderbird before 1.5.0.5 and S ... |
| CVE-2006-3803 | Race condition in the JavaScript garbage collection in Mozilla Firefox ... |
| CVE-2006-3802 | Mozilla Firefox before 1.5.0.5, Thunderbird before 1.5.0.5, and SeaMon ... |
| CVE-2006-3801 | Mozilla Firefox 1.5 before 1.5.0.5 and SeaMonkey before 1.0.3 does not ... |
| CVE-2006-3677 | Mozilla Firefox 1.5 before 1.5.0.5 and SeaMonkey before 1.0.3 allows r ... |
| CVE-2006-3113 | Mozilla Firefox 1.5 before 1.5.0.5, Thunderbird before 1.5.0.5, and Se ... |
| CVE-2006-2787 | EvalInSandbox in Mozilla Firefox and Thunderbird before 1.5.0.4 allows ... |
| CVE-2006-2786 | HTTP response smuggling vulnerability in Mozilla Firefox and Thunderbi ... |
| CVE-2006-2783 | Mozilla Firefox and Thunderbird before 1.5.0.4 strip the Unicode Byte- ... |
| CVE-2006-2781 | Double free vulnerability in nsVCard.cpp in Mozilla Thunderbird before ... |
| CVE-2006-2780 | Integer overflow in Mozilla Firefox and Thunderbird before 1.5.0.4 all ... |
| CVE-2006-2779 | Mozilla Firefox and Thunderbird before 1.5.0.4 allow remote attackers ... |
| CVE-2006-2778 | The crypto.signText function in Mozilla Firefox and Thunderbird before ... |
| CVE-2006-2776 | Certain privileged UI code in Mozilla Firefox and Thunderbird before 1 ... |
| CVE-2006-2775 | Mozilla Firefox and Thunderbird before 1.5.0.4 associates XUL attribut ... |
| CVE-2006-1942 | Mozilla Firefox 1.5.0.2 and possibly other versions before 1.5.0.4, Ne ... |
| CVE-2006-1790 | A regression fix in Mozilla Firefox 1.0.7 allows remote attackers to c ... |
| CVE-2006-1742 | The JavaScript engine in Mozilla Firefox and Thunderbird 1.x before 1. ... |
| CVE-2006-1741 | Mozilla Firefox 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite b ... |
| CVE-2006-1740 | Mozilla Firefox 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite b ... |
| CVE-2006-1739 | The CSS border-rendering code in Mozilla Firefox and Thunderbird 1.x b ... |
| CVE-2006-1738 | Unspecified vulnerability in Mozilla Firefox and Thunderbird 1.x befor ... |
| CVE-2006-1737 | Integer overflow in Mozilla Firefox and Thunderbird 1.x before 1.5 and ... |
| CVE-2006-1735 | Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, ... |
| CVE-2006-1734 | Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, ... |
| CVE-2006-1733 | Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, ... |
| CVE-2006-1732 | Unspecified vulnerability in Mozilla Firefox and Thunderbird 1.x befor ... |
| CVE-2006-1731 | Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, ... |
| CVE-2006-1730 | Integer overflow in Mozilla Firefox and Thunderbird 1.x before 1.5.0.2 ... |
| CVE-2006-1728 | Unspecified vulnerability in Mozilla Firefox and Thunderbird 1.x befor ... |
| CVE-2006-1727 | Unspecified vulnerability in Mozilla Firefox and Thunderbird 1.x befor ... |
| CVE-2006-1726 | Unspecified vulnerability in Firefox and Thunderbird 1.5 before 1.5.0. ... |
| CVE-2006-1724 | Unspecified vulnerability in Firefox and Thunderbird before 1.5.0.2, 1 ... |
| CVE-2006-1723 | Unspecified vulnerability in Firefox and Thunderbird before 1.5.0.2, a ... |
| CVE-2006-1531 | Unspecified vulnerability in Firefox and Thunderbird before 1.5.0.2, a ... |
| CVE-2006-1530 | Unspecified vulnerability in Firefox and Thunderbird before 1.5.0.2, a ... |
| CVE-2006-1529 | Unspecified vulnerability in Firefox and Thunderbird before 1.5.0.2, a ... |
| CVE-2006-1045 | The HTML rendering engine in Mozilla Thunderbird 1.5, when "Block load ... |
| CVE-2006-0884 | The WYSIWYG rendering engine ("rich mail" editor) in Mozilla Thunderbi ... |
| CVE-2006-0749 | nsHTMLContentSink.cpp in Mozilla Firefox and Thunderbird 1.x before 1. ... |
| CVE-2006-0748 | Mozilla Firefox and Thunderbird 1.x before 1.5.0.2 and 1.0.x before 1. ... |
| CVE-2006-0299 | The E4X implementation in Mozilla Firefox before 1.5.0.1, Thunderbird ... |
| CVE-2006-0298 | The XML parser in Mozilla Firefox before 1.5.0.1 and SeaMonkey before ... |
| CVE-2006-0297 | Multiple integer overflows in Mozilla Firefox 1.5, Thunderbird 1.5 if ... |
| CVE-2006-0296 | The XULDocument.persist function in Mozilla, Firefox before 1.5.0.1, a ... |
| CVE-2006-0295 | Mozilla Firefox 1.5, Thunderbird 1.5 if Javascript is enabled in mail, ... |
| CVE-2006-0294 | Mozilla Firefox before 1.5.0.1, Thunderbird 1.5 if running Javascript ... |
| CVE-2006-0292 | The Javascript interpreter (jsinterp.c) in Mozilla and Firefox before ... |
| CVE-2005-2353 | run-mozilla.sh in Thunderbird, with debugging enabled, allows local us ... |