| Bug | Description |
|---|
| CVE-2018-5188 | Memory safety bugs present in Firefox 60, Firefox ESR 60, and Firefox ... |
| CVE-2018-5187 | Memory safety bugs present in Firefox 60 and Firefox ESR 60. Some of ... |
| CVE-2018-5185 | Plaintext of decrypted emails can leak through by user submitting an ... |
| CVE-2018-5184 | Using remote content in encrypted messages can lead to the disclosure ... |
| CVE-2018-5183 | Mozilla developers backported selected changes in the Skia library. ... |
| CVE-2018-5178 | A buffer overflow was found during UTF8 to Unicode string conversion ... |
| CVE-2018-5174 | In the Windows 10 April 2018 Update, Windows Defender SmartScreen ... |
| CVE-2018-5170 | It is possible to spoof the filename of an attachment and display an ... |
| CVE-2018-5168 | Sites can bypass security checks on permissions to install lightweight ... |
| CVE-2018-5162 | Plaintext of decrypted emails can leak through the src attribute of ... |
| CVE-2018-5161 | Crafted message headers can cause a Thunderbird process to hang on ... |
| CVE-2018-5159 | An integer overflow can occur in the Skia library due to 32-bit ... |
| CVE-2018-5156 | A vulnerability can occur when capturing a media stream when the media ... |
| CVE-2018-5155 | A use-after-free vulnerability can occur while adjusting layout during ... |
| CVE-2018-5154 | A use-after-free vulnerability can occur while enumerating attributes ... |
| CVE-2018-5150 | Memory safety bugs were reported in Firefox 59, Firefox ESR 52.7, and ... |
| CVE-2018-5146 | An out of bounds memory write while processing Vorbis audio data was ... |
| CVE-2018-5145 | Memory safety bugs were reported in Firefox ESR 52.6. These bugs ... |
| CVE-2018-5144 | An integer overflow can occur during conversion of text to some ... |
| CVE-2018-5129 | A lack of parameter validation on IPC messages results in a potential ... |
| CVE-2018-5127 | A buffer overflow can occur when manipulating the SVG ... |
| CVE-2018-5125 | Memory safety bugs were reported in Firefox 58 and Firefox ESR 52.6. ... |
| CVE-2018-5117 | If right-to-left text is used in the addressbar with left-to-right ... |
| CVE-2018-5104 | A use-after-free vulnerability can occur during font face manipulation ... |
| CVE-2018-5103 | A use-after-free vulnerability can occur during mouse event handling ... |
| CVE-2018-5102 | A use-after-free vulnerability can occur when manipulating HTML media ... |
| CVE-2018-5099 | A use-after-free vulnerability can occur when the widget listener is ... |
| CVE-2018-5098 | A use-after-free vulnerability can occur when form input elements, ... |
| CVE-2018-5097 | A use-after-free vulnerability can occur during XSL transformations ... |
| CVE-2018-5096 | A use-after-free vulnerability can occur while editing events in form ... |
| CVE-2018-5095 | An integer overflow vulnerability in the Skia library when allocating ... |
| CVE-2018-5091 | A use-after-free vulnerability can occur during WebRTC connections ... |
| CVE-2018-5089 | Memory safety bugs were reported in Firefox 57 and Firefox ESR 52.5. ... |
| CVE-2018-12393 | |
| CVE-2018-12392 | |
| CVE-2018-12391 | |
| CVE-2018-12390 | |
| CVE-2018-12389 | |
| CVE-2018-12385 | A potentially exploitable crash in TransportSecurityInfo used for SSL ... |
| CVE-2018-12383 | If a user saved passwords before Firefox 58 and then later set a ... |
| CVE-2018-12379 | When the Mozilla Updater opens a MAR format file which contains a very ... |
| CVE-2018-12378 | A use-after-free vulnerability can occur when an IndexedDB index is ... |
| CVE-2018-12377 | A use-after-free vulnerability can occur when refresh driver timers ... |
| CVE-2018-12376 | Memory safety bugs present in Firefox 61 and Firefox ESR 60.1. Some of ... |
| CVE-2018-12374 | Plaintext of decrypted emails can leak through by user submitting an ... |
| CVE-2018-12373 | dDecrypted S/MIME parts hidden with CSS or the plaintext HTML tag can ... |
| CVE-2018-12372 | Decrypted S/MIME parts, when included in HTML crafted for an attack, ... |
| CVE-2018-12371 | |
| CVE-2018-12368 | Windows 10 does not warn users before opening executable files with ... |
| CVE-2018-12367 | In the previous mitigations for Spectre, the resolution or precision ... |
| CVE-2018-12366 | An invalid grid size during QCMS (color profile) transformations can ... |
| CVE-2018-12365 | A compromised IPC child process can escape the content sandbox and ... |
| CVE-2018-12364 | NPAPI plugins, such as Adobe Flash, can send non-simple cross-origin ... |
| CVE-2018-12363 | A use-after-free vulnerability can occur when script uses mutation ... |
| CVE-2018-12362 | An integer overflow can occur during graphics operations done by the ... |
| CVE-2018-12361 | An integer overflow can occur in the SwizzleData code while ... |
| CVE-2018-12360 | A use-after-free vulnerability can occur when deleting an input ... |
| CVE-2018-12359 | A buffer overflow can occur when rendering canvas content while ... |
| CVE-2017-7848 | RSS fields can inject new lines into the created email structure, ... |
| CVE-2017-7847 | Crafted CSS in an RSS feed can leak and reveal local path strings, ... |
| CVE-2017-7846 | It is possible to execute JavaScript in the parsed RSS feed when RSS ... |
| CVE-2017-7845 | A buffer overflow occurs when drawing and validating elements using ... |
| CVE-2017-7830 | The Resource Timing API incorrectly revealed navigations in ... |
| CVE-2017-7829 | It is possible to spoof the sender's email address and display an ... |
| CVE-2017-7828 | A use-after-free vulnerability can occur when flushing and resizing ... |
| CVE-2017-7826 | Memory safety bugs were reported in Firefox 56 and Firefox ESR 52.4. ... |
| CVE-2017-7824 | A buffer overflow occurs when drawing and validating elements with the ... |
| CVE-2017-7823 | The content security policy (CSP) "sandbox" directive did not create a ... |
| CVE-2017-7819 | A use-after-free vulnerability can occur in design mode when image ... |
| CVE-2017-7818 | A use-after-free vulnerability can occur when manipulating arrays of ... |
| CVE-2017-7814 | File downloads encoded with "blob:" and "data:" URL elements bypassed ... |
| CVE-2017-7810 | Memory safety bugs were reported in Firefox 55 and Firefox ESR 52.3. ... |
| CVE-2017-7805 | During TLS 1.2 exchanges, handshake hashes are generated which point ... |
| CVE-2017-7793 | A use-after-free vulnerability can occur in the Fetch API when the ... |
| CVE-2017-16541 | Tor Browser before 7.0.9 on macOS and Linux allows remote attackers to ... |
| CVE-2006-4571 | Multiple unspecified vulnerabilities in Firefox before 1.5.0.7, ... |
| CVE-2006-4570 | Mozilla Thunderbird before 1.5.0.7 and SeaMonkey before 1.0.5, with ... |
| CVE-2006-4569 | The popup blocker in Mozilla Firefox before 1.5.0.7 opens the "blocked ... |
| CVE-2006-4568 | Mozilla Firefox before 1.5.0.7 and SeaMonkey before 1.0.5 allows ... |
| CVE-2006-4567 | Mozilla Firefox before 1.5.0.7 and Thunderbird before 1.5.0.7 makes it ... |
| CVE-2006-4566 | Mozilla Firefox before 1.5.0.7, Thunderbird before 1.5.0.7, and ... |
| CVE-2006-4565 | Heap-based buffer overflow in Mozilla Firefox before 1.5.0.7, ... |
| CVE-2006-4340 | Mozilla Network Security Service (NSS) library before 3.11.3, as used ... |
| CVE-2006-4253 | Concurrency vulnerability in Mozilla Firefox 1.5.0.6 and earlier ... |
| CVE-2006-3812 | Mozilla Firefox before 1.5.0.5, Thunderbird before 1.5.0.5, and ... |
| CVE-2006-3811 | Multiple vulnerabilities in Mozilla Firefox before 1.5.0.5, ... |
| CVE-2006-3810 | Cross-site scripting (XSS) vulnerability in Mozilla Firefox 1.5 before ... |
| CVE-2006-3809 | Mozilla Firefox before 1.5.0.5, Thunderbird before 1.5.0.5, and ... |
| CVE-2006-3808 | Mozilla Firefox before 1.5.0.5 and SeaMonkey before 1.0.3 allows ... |
| CVE-2006-3807 | Mozilla Firefox before 1.5.0.5, Thunderbird before 1.5.0.5, and ... |
| CVE-2006-3806 | Multiple integer overflows in the Javascript engine in Mozilla Firefox ... |
| CVE-2006-3805 | The Javascript engine in Mozilla Firefox before 1.5.0.5, Thunderbird ... |
| CVE-2006-3804 | Heap-based buffer overflow in Mozilla Thunderbird before 1.5.0.5 and ... |
| CVE-2006-3803 | Race condition in the JavaScript garbage collection in Mozilla Firefox ... |
| CVE-2006-3802 | Mozilla Firefox before 1.5.0.5, Thunderbird before 1.5.0.5, and ... |
| CVE-2006-3801 | Mozilla Firefox 1.5 before 1.5.0.5 and SeaMonkey before 1.0.3 does not ... |
| CVE-2006-3677 | Mozilla Firefox 1.5 before 1.5.0.5 and SeaMonkey before 1.0.3 allows ... |
| CVE-2006-3113 | Mozilla Firefox 1.5 before 1.5.0.5, Thunderbird before 1.5.0.5, and ... |
| CVE-2006-2787 | EvalInSandbox in Mozilla Firefox and Thunderbird before 1.5.0.4 allows ... |
| CVE-2006-2786 | HTTP response smuggling vulnerability in Mozilla Firefox and ... |
| CVE-2006-2783 | Mozilla Firefox and Thunderbird before 1.5.0.4 strip the Unicode ... |
| CVE-2006-2781 | Double free vulnerability in nsVCard.cpp in Mozilla Thunderbird before ... |
| CVE-2006-2780 | Integer overflow in Mozilla Firefox and Thunderbird before 1.5.0.4 ... |
| CVE-2006-2779 | Mozilla Firefox and Thunderbird before 1.5.0.4 allow remote attackers ... |
| CVE-2006-2778 | The crypto.signText function in Mozilla Firefox and Thunderbird before ... |
| CVE-2006-2776 | Certain privileged UI code in Mozilla Firefox and Thunderbird before ... |
| CVE-2006-2775 | Mozilla Firefox and Thunderbird before 1.5.0.4 associates XUL ... |
| CVE-2006-1942 | Mozilla Firefox 1.5.0.2 and possibly other versions before 1.5.0.4, ... |
| CVE-2006-1790 | A regression fix in Mozilla Firefox 1.0.7 allows remote attackers to ... |
| CVE-2006-1742 | The JavaScript engine in Mozilla Firefox and Thunderbird 1.x before ... |
| CVE-2006-1741 | Mozilla Firefox 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite ... |
| CVE-2006-1740 | Mozilla Firefox 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite ... |
| CVE-2006-1739 | The CSS border-rendering code in Mozilla Firefox and Thunderbird 1.x ... |
| CVE-2006-1738 | Unspecified vulnerability in Mozilla Firefox and Thunderbird 1.x ... |
| CVE-2006-1737 | Integer overflow in Mozilla Firefox and Thunderbird 1.x before 1.5 and ... |
| CVE-2006-1735 | Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, ... |
| CVE-2006-1734 | Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, ... |
| CVE-2006-1733 | Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, ... |
| CVE-2006-1732 | Unspecified vulnerability in Mozilla Firefox and Thunderbird 1.x ... |
| CVE-2006-1731 | Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, ... |
| CVE-2006-1730 | Integer overflow in Mozilla Firefox and Thunderbird 1.x before 1.5.0.2 ... |
| CVE-2006-1728 | Unspecified vulnerability in Mozilla Firefox and Thunderbird 1.x ... |
| CVE-2006-1727 | Unspecified vulnerability in Mozilla Firefox and Thunderbird 1.x ... |
| CVE-2006-1726 | Unspecified vulnerability in Firefox and Thunderbird 1.5 before ... |
| CVE-2006-1724 | Unspecified vulnerability in Firefox and Thunderbird before 1.5.0.2, ... |
| CVE-2006-1723 | Unspecified vulnerability in Firefox and Thunderbird before 1.5.0.2, ... |
| CVE-2006-1531 | Unspecified vulnerability in Firefox and Thunderbird before 1.5.0.2, ... |
| CVE-2006-1530 | Unspecified vulnerability in Firefox and Thunderbird before 1.5.0.2, ... |
| CVE-2006-1529 | Unspecified vulnerability in Firefox and Thunderbird before 1.5.0.2, ... |
| CVE-2006-1045 | The HTML rendering engine in Mozilla Thunderbird 1.5, when "Block ... |
| CVE-2006-0884 | The WYSIWYG rendering engine ("rich mail" editor) in Mozilla ... |
| CVE-2006-0749 | nsHTMLContentSink.cpp in Mozilla Firefox and Thunderbird 1.x before ... |
| CVE-2006-0748 | Mozilla Firefox and Thunderbird 1.x before 1.5.0.2 and 1.0.x before ... |
| CVE-2006-0299 | The E4X implementation in Mozilla Firefox before 1.5.0.1, Thunderbird ... |
| CVE-2006-0298 | The XML parser in Mozilla Firefox before 1.5.0.1 and SeaMonkey before ... |
| CVE-2006-0297 | Multiple integer overflows in Mozilla Firefox 1.5, Thunderbird 1.5 if ... |
| CVE-2006-0296 | The XULDocument.persist function in Mozilla, Firefox before 1.5.0.1, ... |
| CVE-2006-0295 | Mozilla Firefox 1.5, Thunderbird 1.5 if Javascript is enabled in mail, ... |
| CVE-2006-0294 | Mozilla Firefox before 1.5.0.1, Thunderbird 1.5 if running Javascript ... |
| CVE-2006-0292 | The Javascript interpreter (jsinterp.c) in Mozilla and Firefox before ... |
| CVE-2005-2353 | run-mozilla.sh in Thunderbird, with debugging enabled, allows local ... |