| Bug | Description |
|---|
| CVE-2024-11159 | Using remote content in OpenPGP encrypted messages can lead to the dis ... |
| CVE-2024-10467 | Memory safety bugs present in Firefox 131, Firefox ESR 128.3, and Thun ... |
| CVE-2024-10466 | By sending a specially crafted push message, a remote server could hav ... |
| CVE-2024-10465 | A clipboard "paste" button could persist across tabs which allowed a s ... |
| CVE-2024-10464 | Repeated writes to history interface attributes could have been used t ... |
| CVE-2024-10463 | Video frames could have been leaked between origins in some situations ... |
| CVE-2024-10462 | Truncation of a long URL could have allowed origin spoofing in a permi ... |
| CVE-2024-10461 | In multipart/x-mixed-replace responses, `Content-Disposition: attachme ... |
| CVE-2024-10460 | The origin of an external protocol handler prompt could have been obsc ... |
| CVE-2024-10459 | An attacker could have caused a use-after-free when accessibility was ... |
| CVE-2024-10458 | A permission leak could have occurred from a trusted site to an untrus ... |
| CVE-2024-9680 | An attacker was able to achieve code execution in the content process ... |
| CVE-2024-9402 | Memory safety bugs present in Firefox 130, Firefox ESR 128.2, and Thun ... |
| CVE-2024-9401 | Memory safety bugs present in Firefox 130, Firefox ESR 115.15, Firefox ... |
| CVE-2024-9400 | A potential memory corruption vulnerability could be triggered if an a ... |
| CVE-2024-9399 | A website configured to initiate a specially crafted WebTransport sess ... |
| CVE-2024-9398 | By checking the result of calls to `window.open` with specifically set ... |
| CVE-2024-9397 | A missing delay in directory upload UI could have made it possible for ... |
| CVE-2024-9396 | It is currently unknown if this issue is exploitable but a condition m ... |
| CVE-2024-9394 | An attacker could, via a specially crafted multipart response, execute ... |
| CVE-2024-9393 | An attacker could, via a specially crafted multipart response, execute ... |
| CVE-2024-9392 | A compromised content process could have allowed for the arbitrary loa ... |
| CVE-2024-8900 | An attacker could write data to the user's clipboard, bypassing the us ... |
| CVE-2024-8394 | When aborting the verification of an OTR chat session, an attacker cou ... |
| CVE-2024-8387 | Memory safety bugs present in Firefox 129, Firefox ESR 128.1, and Thun ... |
| CVE-2024-8386 | If a site had been granted the permission to open popup windows, it co ... |
| CVE-2024-8385 | A difference in the handling of StructFields and ArrayTypes in WASM co ... |
| CVE-2024-8384 | The JavaScript garbage collector could mis-color cross-compartment obj ... |
| CVE-2024-8383 | Firefox normally asks for confirmation before asking the operating sys ... |
| CVE-2024-8382 | Internal browser event interfaces were exposed to web content when pri ... |
| CVE-2024-8381 | A potentially exploitable type confusion could be triggered when looki ... |
| CVE-2024-7652 | An error in the ECMA-262 specification relating to Async Generators co ... |
| CVE-2024-7529 | The date picker could partially obscure security prompts. This could b ... |
| CVE-2024-7527 | Unexpected marking work at the start of sweeping could have led to a u ... |
| CVE-2024-7526 | ANGLE failed to initialize parameters which lead to reading from unini ... |
| CVE-2024-7525 | It was possible for a web extension with minimal permissions to create ... |
| CVE-2024-7522 | Editor code failed to check an attribute value. This could have led to ... |
| CVE-2024-7521 | Incomplete WebAssembly exception handing could have led to a use-after ... |
| CVE-2024-7519 | Insufficient checks when processing graphics shared memory could have ... |
| CVE-2024-6604 | Memory safety bugs present in Firefox 127, Firefox ESR 115.12, and Thu ... |
| CVE-2024-6603 | In an out-of-memory scenario an allocation could fail but free would h ... |
| CVE-2024-6602 | A mismatch between allocator and deallocator could have lead to memory ... |
| CVE-2024-6601 | A race condition could lead to a cross-origin container obtaining perm ... |
| CVE-2024-6600 | Due to large allocation checks in Angle for GLSL shaders being too len ... |
| CVE-2024-5702 | Memory corruption in the networking stack could have led to a potentia ... |
| CVE-2024-5700 | Memory safety bugs present in Firefox 126, Firefox ESR 115.11, and Thu ... |
| CVE-2024-5696 | By manipulating the text in an `<input>` tag, an attacker could ... |
| CVE-2024-5693 | Offscreen Canvas did not properly track cross-origin tainting, which c ... |
| CVE-2024-5692 | On Windows 10, when using the 'Save As' functionality, an attacker cou ... |
| CVE-2024-5691 | By tricking the browser with a `X-Frame-Options` header, a sandboxed i ... |
| CVE-2024-5690 | By monitoring the time certain operations take, an attacker could have ... |
| CVE-2024-5688 | If a garbage collection was triggered at the right time, a use-after-f ... |
| CVE-2024-4777 | Memory safety bugs present in Firefox 125, Firefox ESR 115.10, and Thu ... |
| CVE-2024-4770 | When saving a page to PDF, certain font styles could have led to a pot ... |
| CVE-2024-4769 | When importing resources using Web Workers, error messages would disti ... |
| CVE-2024-4768 | A bug in popup notifications' interaction with WebAuthn made it easier ... |
| CVE-2024-4767 | If the `browser.privatebrowsing.autostart` preference is enabled, Inde ... |
| CVE-2024-4367 | A type check was missing when handling fonts in PDF.js, which would al ... |
| CVE-2024-3864 | Memory safety bug present in Firefox 124, Firefox ESR 115.9, and Thund ... |
| CVE-2024-3863 | The executable file warning was not presented when downloading .xrm-ms ... |
| CVE-2024-3861 | If an AlignedBuffer were assigned to itself, the subsequent self-move ... |
| CVE-2024-3859 | On 32-bit versions there were integer-overflows that led to an out-of- ... |
| CVE-2024-3857 | The JIT created incorrect code for arguments in certain cases. This le ... |
| CVE-2024-3854 | In some code patterns the JIT incorrectly optimized switch statements ... |
| CVE-2024-3852 | GetBoundName could return the wrong version of an object when JIT opti ... |
| CVE-2024-3302 | There was no limit to the number of HTTP/2 CONTINUATION frames that wo ... |
| CVE-2024-2616 | To harden ICU against exploitation, the behavior for out-of-memory con ... |
| CVE-2024-2614 | Memory safety bugs present in Firefox 123, Firefox ESR 115.8, and Thun ... |
| CVE-2024-2612 | If an attacker could find a way to trigger a particular code path in ` ... |
| CVE-2024-2611 | A missing delay on when pointer lock was used could have allowed a mal ... |
| CVE-2024-2610 | Using a markup injection an attacker could have stolen nonce values. T ... |
| CVE-2024-2609 | The permission prompt input delay could expire while the window is not ... |
| CVE-2024-2608 | `AppendEncodedAttributeValue(), ExtraSpaceNeededForAttrEncoding()` and ... |
| CVE-2024-2607 | Return registers were overwritten which could have allowed an attacker ... |
| CVE-2024-2605 | An attacker could have leveraged the Windows Error Reporter to run arb ... |
| CVE-2024-1936 | The encrypted subject of an email message could be incorrectly and per ... |
| CVE-2024-1553 | Memory safety bugs present in Firefox 122, Firefox ESR 115.7, and Thun ... |
| CVE-2024-1552 | Incorrect code generation could have led to unexpected numeric convers ... |
| CVE-2024-1551 | Set-Cookie response headers were being incorrectly honored in multipar ... |
| CVE-2024-1550 | A malicious website could have used a combination of exiting fullscree ... |
| CVE-2024-1549 | If a website set a large custom cursor, portions of the cursor could h ... |
| CVE-2024-1548 | A website could have obscured the fullscreen notification by using a d ... |
| CVE-2024-1547 | Through a series of API calls and redirects, an attacker-controlled al ... |
| CVE-2024-1546 | When storing and re-accessing data on a networking channel, the length ... |
| CVE-2024-0755 | Memory safety bugs present in Firefox 121, Firefox ESR 115.6, and Thun ... |
| CVE-2024-0753 | In specific HSTS configurations an attacker could have bypassed HSTS o ... |
| CVE-2024-0751 | A malicious devtools extension could have been used to escalate privil ... |
| CVE-2024-0750 | A bug in popup notifications delay calculation could have made it poss ... |
| CVE-2024-0749 | A phishing site could have repurposed an `about:` dialog to show phish ... |
| CVE-2024-0747 | When a parent page loaded a child in an iframe with `unsafe-inline`, t ... |
| CVE-2024-0746 | A Linux user opening the print preview dialog could have caused the br ... |
| CVE-2024-0743 | An unchecked return value in TLS handshake code could have caused a po ... |
| CVE-2024-0742 | It was possible for certain browser prompts and dialogs to be activate ... |
| CVE-2024-0741 | An out of bounds write in ANGLE could have allowed an attacker to corr ... |
| CVE-2023-50762 | When processing a PGP/MIME payload that contains digitally signed text ... |
| CVE-2023-50761 | The signature of a digitally signed S/MIME email message may optionall ... |
| CVE-2023-37211 | Memory safety bugs present in Firefox 114, Firefox ESR 102.12, and Thu ... |
| CVE-2023-37208 | When opening Diagcab files, Firefox did not warn the user that these f ... |
| CVE-2023-37207 | A website could have obscured the fullscreen notification by using a U ... |
| CVE-2023-37202 | Cross-compartment wrappers wrapping a scripted proxy could have caused ... |
| CVE-2023-37201 | An attacker could have triggered a use-after-free condition when creat ... |
| CVE-2023-34416 | Memory safety bugs present in Firefox 113, Firefox ESR 102.11, and Thu ... |
| CVE-2023-34414 | The error page for sites with invalid TLS certificates was missing the ... |
| CVE-2023-32215 | Memory safety bugs present in Firefox 112 and Firefox ESR 102.10. Some ... |
| CVE-2023-32214 | Protocol handlers `ms-cxh` and `ms-cxh-full` could have been leveraged ... |
| CVE-2023-32213 | When reading a file, an uninitialized value could have been used as re ... |
| CVE-2023-32212 | An attacker could have positioned a <code>datalist</code> element to o ... |
| CVE-2023-32211 | A type checking bug would have led to invalid code being compiled. Thi ... |
| CVE-2023-32207 | A missing delay in popup notifications could have made it possible for ... |
| CVE-2023-32206 | An out-of-bound read could have led to a crash in the RLBox Expat driv ... |
| CVE-2023-32205 | In multiple cases browser prompts could have been obscured by popups c ... |
| CVE-2023-29550 | Memory safety bugs present in Firefox 111 and Firefox ESR 102.9. Some ... |
| CVE-2023-29548 | A wrong lowering instruction in the ARM64 Ion compiler resulted in a w ... |
| CVE-2023-29545 | Similar to CVE-2023-28163, this time when choosing 'Save Link As', sug ... |
| CVE-2023-29542 | A newline in a filename could have been used to bypass the file extens ... |
| CVE-2023-29541 | Firefox did not properly handle downloads of files ending in <code>.de ... |
| CVE-2023-29539 | When handling the filename directive in the Content-Disposition header ... |
| CVE-2023-29536 | An attacker could cause the memory manager to incorrectly free a point ... |
| CVE-2023-29535 | Following a Garbage Collector compaction, weak maps may have been acce ... |
| CVE-2023-29533 | A website could have obscured the fullscreen notification by using a c ... |
| CVE-2023-29532 | A local attacker can trick the Mozilla Maintenance Service into applyi ... |
| CVE-2023-29531 | An attacker could have caused an out of bounds memory access using Web ... |
| CVE-2023-29479 | Ribose RNP before 0.16.3 may hang when the input is malformed. |
| CVE-2023-28427 | matrix-js-sdk is a Matrix messaging protocol Client-Server SDK for Jav ... |
| CVE-2023-28176 | Memory safety bugs present in Firefox 110 and Firefox ESR 102.8. Some ... |
| CVE-2023-28164 | Dragging a URL from a cross-origin iframe that was removed during the ... |
| CVE-2023-28163 | When downloading files through the Save As dialog on Windows with sugg ... |
| CVE-2023-28162 | While implementing AudioWorklets, some code may have casted one type t ... |
| CVE-2023-25752 | When accessing throttled streams, the count of available bytes needed ... |
| CVE-2023-25751 | Sometimes, when invalidating JIT code while following an iterator, the ... |
| CVE-2023-25746 | Memory safety bugs present in Firefox ESR 102.7. Some of these bugs sh ... |
| CVE-2023-25744 | Mmemory safety bugs present in Firefox 109 and Firefox ESR 102.7. Some ... |
| CVE-2023-25742 | When importing a SPKI RSA public key as ECDSA P-256, the key would be ... |
| CVE-2023-25739 | Module load requests that failed were not being checked as to whether ... |
| CVE-2023-25738 | Members of the <code>DEVMODEW</code> struct set by the printer device ... |
| CVE-2023-25737 | An invalid downcast from <code>nsTextNode</code> to <code>SVGElement</ ... |
| CVE-2023-25735 | Cross-compartment wrappers wrapping a scripted proxy could have caused ... |
| CVE-2023-25734 | After downloading a Windows <code>.url</code> shortcut from the local ... |
| CVE-2023-25732 | When encoding data from an <code>inputStream</code> in <code>xpcom</co ... |
| CVE-2023-25730 | A background script invoking <code>requestFullscreen</code> and then b ... |
| CVE-2023-25729 | Permission prompts for opening external schemes were only shown for <c ... |
| CVE-2023-25728 | The <code>Content-Security-Policy-Report-Only</code> header could allo ... |
| CVE-2023-23605 | Memory safety bugs present in Firefox 108 and Firefox ESR 102.6. Some ... |
| CVE-2023-23603 | Regular expressions used to filter out forbidden properties and values ... |
| CVE-2023-23602 | A mishandled security check when creating a WebSocket in a WebWorker c ... |
| CVE-2023-23601 | Navigations were being allowed when dragging a URL from a cross-origin ... |
| CVE-2023-23599 | When copying a network request from the developer tools panel as a cur ... |
| CVE-2023-23598 | Due to the Firefox GTK wrapper code's use of text/plain for drag data ... |
| CVE-2023-6873 | Memory safety bugs present in Firefox 120. Some of these bugs showed e ... |
| CVE-2023-6864 | Memory safety bugs present in Firefox 120, Firefox ESR 115.5, and Thun ... |
| CVE-2023-6862 | A use-after-free was identified in the `nsDNSService::Init`. This iss ... |
| CVE-2023-6861 | The `nsWindow::PickerOpen(void)` method was susceptible to a heap buff ... |
| CVE-2023-6860 | The `VideoBridge` allowed any content process to use textures produced ... |
| CVE-2023-6859 | A use-after-free condition affected TLS socket creation when under mem ... |
| CVE-2023-6858 | Firefox was susceptible to a heap buffer overflow in `nsTextFragment` ... |
| CVE-2023-6857 | When resolving a symlink, a race may occur where the buffer passed to ... |
| CVE-2023-6856 | The WebGL `DrawElementsInstanced` method was susceptible to a heap buf ... |
| CVE-2023-6212 | Memory safety bugs present in Firefox 119, Firefox ESR 115.4, and Thun ... |
| CVE-2023-6209 | Relative URLs starting with three slashes were incorrectly parsed, and ... |
| CVE-2023-6208 | When using X11, text selected by the page using the Selection API was ... |
| CVE-2023-6207 | Ownership mismanagement led to a use-after-free in ReadableByteStreams ... |
| CVE-2023-6206 | The black fade animation when exiting fullscreen is roughly the length ... |
| CVE-2023-6205 | It was possible to cause the use of a MessagePort after it had already ... |
| CVE-2023-6204 | On some systems\u2014depending on the graphics settings and drivers\u2 ... |
| CVE-2023-5732 | An attacker could have created a malicious link using bidirectional ch ... |
| CVE-2023-5730 | Memory safety bugs present in Firefox 118, Firefox ESR 115.3, and Thun ... |
| CVE-2023-5728 | During garbage collection extra operations were performed on a object ... |
| CVE-2023-5727 | The executable file warning was not presented when downloading .msix, ... |
| CVE-2023-5726 | A website could have obscured the full screen notification by using th ... |
| CVE-2023-5725 | A malicious installed WebExtension could open arbitrary URLs, which un ... |
| CVE-2023-5724 | Drivers are not always robust to extremely large draw calls and in som ... |
| CVE-2023-5721 | It was possible for certain browser prompts and dialogs to be activate ... |
| CVE-2023-5388 | NSS was susceptible to a timing side-channel attack when performing RS ... |
| CVE-2023-5217 | Heap buffer overflow in vp8 encoding in libvpx in Google Chrome prior ... |
| CVE-2023-5176 | Memory safety bugs present in Firefox 117, Firefox ESR 115.2, and Thun ... |
| CVE-2023-5174 | If Windows failed to duplicate a handle during process creation, the s ... |
| CVE-2023-5171 | During Ion compilation, a Garbage Collection could have resulted in a ... |
| CVE-2023-5169 | A compromised content process could have provided malicious data in a ... |
| CVE-2023-5168 | A compromised content process could have provided malicious data to `F ... |
| CVE-2023-4863 | Heap buffer overflow in libwebp in Google Chrome prior to 116.0.5845.1 ... |
| CVE-2023-4585 | Memory safety bugs present in Firefox 116, Firefox ESR 115.1, and Thun ... |
| CVE-2023-4584 | Memory safety bugs present in Firefox 116, Firefox ESR 102.14, Firefox ... |
| CVE-2023-4583 | When checking if the Browsing Context had been discarded in `HttpBaseC ... |
| CVE-2023-4582 | Due to large allocation checks in Angle for glsl shaders being too len ... |
| CVE-2023-4581 | Excel `.xll` add-in files did not have a blocklist entry in Firefox's ... |
| CVE-2023-4580 | Push notifications stored on disk in private browsing mode were not be ... |
| CVE-2023-4578 | When calling `JS::CheckRegExpSyntax` a Syntax Error could have been se ... |
| CVE-2023-4577 | When `UpdateRegExpStatics` attempted to access `initialStringHeap` it ... |
| CVE-2023-4576 | On Windows, an integer overflow could occur in `RecordedSourceSurfaceC ... |
| CVE-2023-4575 | When creating a callback over IPC for showing the File Picker window, ... |
| CVE-2023-4574 | When creating a callback over IPC for showing the Color Picker window, ... |
| CVE-2023-4573 | When receiving rendering data over IPC `mStream` could have been destr ... |
| CVE-2023-4057 | Memory safety bugs present in Firefox 115, Firefox ESR 115.0, and Thun ... |
| CVE-2023-4056 | Memory safety bugs present in Firefox 115, Firefox ESR 115.0, Firefox ... |
| CVE-2023-4055 | When the number of cookies per domain was exceeded in `document.cookie ... |
| CVE-2023-4054 | When opening appref-ms files, Firefox did not warn the user that these ... |
| CVE-2023-4053 | A website could have obscured the full screen notification by using a ... |
| CVE-2023-4052 | The Firefox updater created a directory writable by non-privileged use ... |
| CVE-2023-4051 | A website could have obscured the full screen notification by using th ... |
| CVE-2023-4050 | In some cases, an untrusted input stream was copied to a stack buffer ... |
| CVE-2023-4049 | Race conditions in reference counting code were found through code ins ... |
| CVE-2023-4048 | An out-of-bounds read could have led to an exploitable crash when pars ... |
| CVE-2023-4047 | A bug in popup notifications delay calculation could have made it poss ... |
| CVE-2023-4046 | In some circumstances, a stale value could have been used for a global ... |
| CVE-2023-4045 | Offscreen Canvas did not properly track cross-origin tainting, which c ... |
| CVE-2023-3600 | During the worker lifecycle, a use-after-free condition could have occ ... |
| CVE-2023-3417 | Thunderbird allowed the Text Direction Override Unicode Character in f ... |
| CVE-2023-1999 | There exists a use after free/double free in libwebp. An attacker can ... |
| CVE-2023-1945 | Unexpected data returned from the Safe Browsing API could have led to ... |
| CVE-2023-0767 | An attacker could construct a PKCS 12 cert bundle in such a way that c ... |
| CVE-2023-0616 | If a MIME email combines OpenPGP and OpenPGP MIME data in a certain wa ... |
| CVE-2023-0547 | OCSP revocation status of recipient certificates was not checked when ... |
| CVE-2023-0430 | Certificate OCSP revocation status was not checked when verifying S/Mi ... |
| CVE-2022-46882 | A use-after-free in WebGL extensions could have led to a potentially e ... |
| CVE-2022-46881 | An optimization in WebGL was incorrect in some cases, and could have l ... |
| CVE-2022-46880 | A missing check related to tex units could have led to a use-after-fre ... |
| CVE-2022-46878 | Mozilla developers Randell Jesup, Valentin Gosu, Olli Pettay, and the ... |
| CVE-2022-46877 | By confusing the browser, the fullscreen notification could have been ... |
| CVE-2022-46875 | The executable file warning was not presented when downloading .atloc ... |
| CVE-2022-46874 | A file with a long filename could have had its filename truncated to r ... |
| CVE-2022-46872 | An attacker who compromised a content process could have partially esc ... |
| CVE-2022-46871 | An out of date library (libusrsctp) contained vulnerabilities that cou ... |
| CVE-2022-45421 | Mozilla developers Andrew McCreight and Gabriele Svelto reported memor ... |
| CVE-2022-45420 | Use tables inside of an iframe, an attacker could have caused iframe c ... |
| CVE-2022-45418 | If a custom mouse cursor is specified in CSS, under certain circumstan ... |
| CVE-2022-45416 | Keyboard events reference strings like "KeyA" that were at fixed, know ... |
| CVE-2022-45414 | If a Thunderbird user quoted from an HTML email, for example by replyi ... |
| CVE-2022-45412 | When resolving a symlink such as <code>file:///proc/self/fd/1</code>, ... |
| CVE-2022-45411 | Cross-Site Tracing occurs when a server will echo a request back via t ... |
| CVE-2022-45410 | When a ServiceWorker intercepted a request with <code>FetchEvent</code ... |
| CVE-2022-45409 | The garbage collector could have been aborted in several states and zo ... |
| CVE-2022-45408 | Through a series of popups that reuse windowName, an attacker can caus ... |
| CVE-2022-45406 | If an out-of-memory condition occurred when creating a JavaScript glob ... |
| CVE-2022-45405 | Freeing arbitrary <code>nsIInputStream</code>'s on a different thread ... |
| CVE-2022-45404 | Through a series of popup and <code>window.print()</code> calls, an at ... |
| CVE-2022-45403 | Service Workers should not be able to infer information about opaque c ... |
| CVE-2022-42932 | Mozilla developers Ashley Hale and the Mozilla Fuzzing Team reported m ... |
| CVE-2022-42929 | If a website called `window.print()` in a particular way, it could cau ... |
| CVE-2022-42928 | Certain types of allocations were missing annotations that, if the Gar ... |
| CVE-2022-42927 | A same-origin policy violation could have allowed the theft of cross-o ... |
| CVE-2022-40962 | Mozilla developers Nika Layzell, Timothy Nikkel, Sebastian Hengst, And ... |
| CVE-2022-40960 | Concurrent use of the URL parser with non-UTF-8 data was not thread-sa ... |
| CVE-2022-40959 | During iframe navigation, certain pages did not have their FeaturePoli ... |
| CVE-2022-40958 | By injecting a cookie with certain special characters, an attacker on ... |
| CVE-2022-40957 | Inconsistent data in instruction and data cache when creating wasm cod ... |
| CVE-2022-40956 | When injecting an HTML base element, some requests would ignore the CS ... |
| CVE-2022-38478 | Members the Mozilla Fuzzing Team reported memory safety bugs present i ... |
| CVE-2022-38477 | Mozilla developer Nika Layzell and the Mozilla Fuzzing Team reported m ... |
| CVE-2022-38476 | A data race could occur in the <code>PK11_ChangePW</code> function, po ... |
| CVE-2022-38473 | A cross-origin iframe referencing an XSLT document would inherit the p ... |
| CVE-2022-38472 | An attacker could have abused XSLT error handling to associate attacke ... |
| CVE-2022-36319 | When combining CSS properties for overflow and transform, the mouse cu ... |
| CVE-2022-36318 | When visiting directory listings for `chrome://` URLs as source text, ... |
| CVE-2022-36314 | When opening a Windows shortcut from the local filesystem, an attacker ... |
| CVE-2022-36059 | matrix-js-sdk is a Matrix messaging protocol Client-Server SDK for Jav ... |
| CVE-2022-34484 | The Mozilla Fuzzing Team reported potential vulnerabilities present in ... |
| CVE-2022-34481 | In the <code>nsTArray_Impl::ReplaceElementsAt()</code> function, an in ... |
| CVE-2022-34479 | A malicious website that could create a popup could have resized the p ... |
| CVE-2022-34478 | The <code>ms-msdt</code>, <code>search</code>, and <code>search-ms</co ... |
| CVE-2022-34472 | If there was a PAC URL set and the server that hosts the PAC was not r ... |
| CVE-2022-34470 | Session history navigations may have led to a use-after-free and poten ... |
| CVE-2022-34468 | An iframe that was not permitted to run scripts could do so if the use ... |
| CVE-2022-31747 | Mozilla developers Andrew McCreight, Nicolas B. Pierron, and the Mozil ... |
| CVE-2022-31744 | An attacker could have injected CSS into stylesheets accessible via in ... |
| CVE-2022-31742 | An attacker could have exploited a timing attack by sending a large nu ... |
| CVE-2022-31741 | A crafted CMS message could have been processed incorrectly, leading t ... |
| CVE-2022-31740 | On arm64, WASM code could have resulted in incorrect assembly generati ... |
| CVE-2022-31739 | When downloading files on Windows, the % character was not escaped, wh ... |
| CVE-2022-31738 | When exiting fullscreen mode, an iframe could have confused the browse ... |
| CVE-2022-31737 | A malicious webpage could have caused an out-of-bounds write in WebGL, ... |
| CVE-2022-31736 | A malicious website could have learned the size of a cross-origin reso ... |
| CVE-2022-29917 | Mozilla developers Andrew McCreight, Gabriele Svelto, Tom Ritter and t ... |
| CVE-2022-29916 | Firefox behaved slightly differently for already known resources when ... |
| CVE-2022-29914 | When reusing existing popups Firefox would have allowed them to cover ... |
| CVE-2022-29913 | The parent process would not properly check whether the Speech Synthes ... |
| CVE-2022-29912 | Requests initiated through reader mode did not properly omit cookies w ... |
| CVE-2022-29911 | An improper implementation of the new iframe sandbox keyword <code>all ... |
| CVE-2022-29909 | Documents in deeply-nested cross-origin browsing contexts could have o ... |
| CVE-2022-28289 | Mozilla developers and community members Nika Layzell, Andrew McCreigh ... |
| CVE-2022-28286 | Due to a layout change, iframe contents could have been rendered outsi ... |
| CVE-2022-28285 | When generating the assembly code for <code>MLoadTypedArrayElementHole ... |
| CVE-2022-28282 | By using a link with <code>rel="localization"</code> a use-after-free ... |
| CVE-2022-28281 | If a compromised content process sent an unexpected number of WebAuthN ... |
| CVE-2022-26486 | An unexpected message in the WebGPU IPC framework could lead to a use- ... |
| CVE-2022-26485 | Removing an XSLT parameter during processing could have lead to an exp ... |
| CVE-2022-26387 | When installing an add-on, Firefox verified the signature before promp ... |
| CVE-2022-26386 | Previously Firefox for macOS and Linux would download temporary files ... |
| CVE-2022-26384 | If an attacker could control the contents of an iframe sandboxed with ... |
| CVE-2022-26383 | When resizing a popup after requesting fullscreen access, the popup wo ... |
| CVE-2022-26381 | An attacker could have caused a use-after-free by forcing a text reflo ... |
| CVE-2022-24713 | regex is an implementation of regular expressions for the Rust languag ... |
| CVE-2022-22764 | Mozilla developers Paul Adenot and the Mozilla Fuzzing Team reported m ... |
| CVE-2022-22763 | When a worker is shutdown, it was possible to cause script to run late ... |
| CVE-2022-22761 | Web-accessible extension pages (pages with a moz-extension:// scheme) ... |
| CVE-2022-22760 | When importing resources using Web Workers, error messages would disti ... |
| CVE-2022-22759 | If a document created a sandboxed iframe without <code>allow-scripts</ ... |
| CVE-2022-22756 | If a user was convinced to drag and drop an image to their desktop or ... |
| CVE-2022-22754 | If a user installed an extension of a particular type, the extension c ... |
| CVE-2022-22753 | A Time-of-Check Time-of-Use bug existed in the Maintenance (Updater) S ... |
| CVE-2022-22751 | Mozilla developers Calixte Denizet, Kershaw Chang, Christian Holler, J ... |
| CVE-2022-22748 | Malicious websites could have confused Firefox into showing the wrong ... |
| CVE-2022-22747 | After accepting an untrusted certificate, handling an empty pkcs7 sequ ... |
| CVE-2022-22746 | A race condition could have allowed bypassing the fullscreen notificat ... |
| CVE-2022-22745 | Securitypolicyviolation events could have leaked cross-origin informat ... |
| CVE-2022-22744 | The constructed curl command from the "Copy as curl" feature in DevToo ... |
| CVE-2022-22743 | When navigating from inside an iframe while requesting fullscreen acce ... |
| CVE-2022-22742 | When inserting text while in edit mode, some characters might have lea ... |
| CVE-2022-22741 | When resizing a popup while requesting fullscreen access, the popup wo ... |
| CVE-2022-22740 | Certain network request objects were freed too early when releasing a ... |
| CVE-2022-22739 | Malicious websites could have tricked users into accepting launching a ... |
| CVE-2022-22738 | Applying a CSS filter effect could have accessed out of bounds memory. ... |
| CVE-2022-22737 | Constructing audio sinks could have lead to a race condition when play ... |
| CVE-2022-3266 | An out-of-bounds read can occur when decoding H264 video. This results ... |
| CVE-2022-3155 | When saving or opening an email attachment on macOS, Thunderbird did n ... |
| CVE-2022-3034 | When receiving an HTML email that specified to load an <code>iframe</c ... |
| CVE-2022-3033 | If a Thunderbird user replied to a crafted HTML email containing a <co ... |
| CVE-2022-3032 | When receiving an HTML email that contained an <code>iframe</code> ele ... |
| CVE-2022-2505 | Mozilla developers and the Mozilla Fuzzing Team reported memory safety ... |
| CVE-2022-2226 | An OpenPGP digital signature includes information about the date when ... |
| CVE-2022-2200 | If an object prototype was corrupted by an attacker, they would have b ... |
| CVE-2022-1834 | When displaying the sender of an email, and the sender name contained ... |
| CVE-2022-1802 | If an attacker was able to corrupt the methods of an Array object in J ... |
| CVE-2022-1529 | An attacker could have sent a message to the parent process where the ... |
| CVE-2022-1520 | When viewing an email message A, which contains an attached message B, ... |
| CVE-2022-1197 | When importing a revoked key that specified key compromise as the revo ... |
| CVE-2022-1196 | After a VR Process is destroyed, a reference to it may have been retai ... |
| CVE-2022-1097 | <code>NSSToken</code> objects were referenced via direct points, and c ... |
| CVE-2022-0566 | It may be possible for an attacker to craft an email message that caus ... |
| CVE-2021-44538 | The olm_session_describe function in Matrix libolm before 3.2.7 is vul ... |
| CVE-2021-43546 | It was possible to recreate previous cursor spoofing attacks against u ... |
| CVE-2021-43545 | Using the Location API in a loop could have caused severe application ... |
| CVE-2021-43543 | Documents loaded with the CSP sandbox directive could have escaped the ... |
| CVE-2021-43542 | Using XMLHttpRequest, an attacker could have identified installed appl ... |
| CVE-2021-43541 | When invoking protocol handlers for external protocols, a supplied par ... |
| CVE-2021-43539 | Failure to correctly record the location of live pointers across wasm ... |
| CVE-2021-43538 | By misusing a race in our notification code, an attacker could have fo ... |
| CVE-2021-43537 | An incorrect type conversion of sizes from 64bit to 32bit integers all ... |
| CVE-2021-43536 | Under certain circumstances, asynchronous functions could have caused ... |
| CVE-2021-43535 | A use-after-free could have occured when an HTTP2 session object was r ... |
| CVE-2021-43534 | Mozilla developers and community members reported memory safety bugs p ... |
| CVE-2021-43529 | Thunderbird versions prior to 91.3.0 are vulnerable to the heap overfl ... |
| CVE-2021-43528 | Thunderbird unexpectedly enabled JavaScript in the composition area. T ... |
| CVE-2021-38510 | The executable file warning was not presented when downloading .inetlo ... |
| CVE-2021-38509 | Due to an unusual sequence of attacker-controlled events, a Javascript ... |
| CVE-2021-38508 | By displaying a form validity message in the correct location at the s ... |
| CVE-2021-38507 | The Opportunistic Encryption feature of HTTP2 (RFC 8164) allows a conn ... |
| CVE-2021-38506 | Through a series of navigations, Firefox could have entered fullscreen ... |
| CVE-2021-38505 | Microsoft introduced a new feature in Windows 10 known as Cloud Clipbo ... |
| CVE-2021-38504 | When interacting with an HTML input element's file picker dialog with ... |
| CVE-2021-38503 | The iframe sandbox rules were not correctly applied to XSLT stylesheet ... |
| CVE-2021-38502 | Thunderbird ignored the configuration to require STARTTLS security for ... |
| CVE-2021-38501 | Mozilla developers reported memory safety bugs present in Firefox 92 a ... |
| CVE-2021-38500 | Mozilla developers reported memory safety bugs present in Firefox 92 a ... |
| CVE-2021-38498 | During process shutdown, a document could have caused a use-after-free ... |
| CVE-2021-38497 | Through use of reportValidity() and window.open(), a plain-text valida ... |
| CVE-2021-38496 | During operations on MessageTasks, a task may have been removed while ... |
| CVE-2021-38495 | Mozilla developers reported memory safety bugs present in Thunderbird ... |
| CVE-2021-38493 | Mozilla developers reported memory safety bugs present in Firefox 91 a ... |
| CVE-2021-38492 | When delegating navigations to the operating system, Firefox would acc ... |
| CVE-2021-32810 | crossbeam-deque is a package of work-stealing deques for building task ... |
| CVE-2021-30547 | Out of bounds write in ANGLE in Google Chrome prior to 91.0.4472.101 a ... |
| CVE-2021-29989 | Mozilla developers reported memory safety bugs present in Firefox 90 a ... |
| CVE-2021-29988 | Firefox incorrectly treated an inline list-item element as a block ele ... |
| CVE-2021-29987 | After requesting multiple permissions, and closing the first permissio ... |
| CVE-2021-29986 | A suspected race condition when calling getaddrinfo led to memory corr ... |
| CVE-2021-29985 | A use-after-free vulnerability in media channels could have led to mem ... |
| CVE-2021-29984 | Instruction reordering resulted in a sequence of instructions that wou ... |
| CVE-2021-29982 | Due to incorrect JIT optimization, we incorrectly interpreted data fro ... |
| CVE-2021-29981 | An issue present in lowering/register allocation could have led to obs ... |
| CVE-2021-29980 | Uninitialized memory in a canvas object could have caused an incorrect ... |
| CVE-2021-29976 | Mozilla developers reported memory safety bugs present in code shared ... |
| CVE-2021-29970 | A malicious webpage could have triggered a use-after-free, memory corr ... |
| CVE-2021-29969 | If Thunderbird was configured to use STARTTLS for an IMAP connection, ... |
| CVE-2021-29967 | Mozilla developers reported memory safety bugs present in Firefox 88 a ... |
| CVE-2021-29964 | A locally-installed hostile program could send `WM_COPYDATA` messages ... |
| CVE-2021-29957 | If a MIME encoded email contains an OpenPGP inline signed or encrypted ... |
| CVE-2021-29956 | OpenPGP secret keys that were imported using Thunderbird version 78.8. ... |
| CVE-2021-29951 | The Mozilla Maintenance Service granted SERVICE_START access to BUILTI ... |
| CVE-2021-29950 | Thunderbird unprotects a secret OpenPGP key prior to using it for a de ... |
| CVE-2021-29949 | When loading the shared library that provides the OTR protocol impleme ... |
| CVE-2021-29948 | Signatures are written to disk before and read during verification, wh ... |
| CVE-2021-29946 | Ports that were written as an integer overflow above the bounds of a 1 ... |
| CVE-2021-29945 | The WebAssembly JIT could miscalculate the size of a return type, whic ... |
| CVE-2021-24002 | When a user clicked on an FTP URL containing encoded newline character ... |
| CVE-2021-23999 | If a Blob URL was loaded through some unusual user interaction, it cou ... |
| CVE-2021-23998 | Through complicated navigations with new windows, an HTTP page could h ... |
| CVE-2021-23995 | When Responsive Design Mode was enabled, it used references to objects ... |
| CVE-2021-23994 | A WebGL framebuffer was not initialized early enough, resulting in mem ... |
| CVE-2021-23993 | An attacker may perform a DoS attack to prevent a user from sending en ... |
| CVE-2021-23992 | Thunderbird did not check if the user ID associated with an OpenPGP ke ... |
| CVE-2021-23991 | If a Thunderbird user has previously imported Alice's OpenPGP key, and ... |
| CVE-2021-23987 | Mozilla developers and community members reported memory safety bugs p ... |
| CVE-2021-23984 | A malicious extension could have opened a popup window lacking an addr ... |
| CVE-2021-23982 | Using techniques that built on the slipstream research, a malicious we ... |
| CVE-2021-23981 | A texture upload of a Pixel Buffer Object could have confused the WebG ... |
| CVE-2021-23978 | Mozilla developers reported memory safety bugs present in Firefox 85 a ... |
| CVE-2021-23973 | When trying to load a cross-origin resource in an audio/video context ... |
| CVE-2021-23969 | As specified in the W3C Content Security Policy draft, when creating a ... |
| CVE-2021-23968 | If Content Security Policy blocked frame navigation, the full destinat ... |
| CVE-2021-23964 | Mozilla developers reported memory safety bugs present in Firefox 84 a ... |
| CVE-2021-23961 | Further techniques that built on the slipstream research combined with ... |
| CVE-2021-23960 | Performing garbage collection on re-declared JavaScript variables resu ... |
| CVE-2021-23954 | Using the new logical assignment operators in a JavaScript switch stat ... |
| CVE-2021-23953 | If a user clicked into a specifically crafted PDF, the PDF reader coul ... |
| CVE-2021-4140 | It was possible to construct specific XSLT markup that would be able t ... |
| CVE-2021-4129 | Mozilla developers and community members Julian Hector, Randell Jesup, ... |
| CVE-2021-4127 | An out of date graphics library (Angle) likely contained vulnerabiliti ... |
| CVE-2021-4126 | When receiving an OpenPGP/MIME signed email message that contains an a ... |
| CVE-2020-35113 | Mozilla developers reported memory safety bugs present in Firefox 83 a ... |
| CVE-2020-35112 | If a user downloaded a file lacking an extension on Windows, and then ... |
| CVE-2020-35111 | When an extension with the proxy permission registered to receive <all ... |
| CVE-2020-26978 | Using techniques that built on the slipstream research, a malicious we ... |
| CVE-2020-26976 | When a HTTPS pages was embedded in a HTTP page, and there was a servic ... |
| CVE-2020-26974 | When flex-basis was used on a table wrapper, a StyleGenericFlexBasis o ... |
| CVE-2020-26973 | Certain input to the CSS Sanitizer confused it, resulting in incorrect ... |
| CVE-2020-26971 | Certain blit values provided by the user were not properly constrained ... |
| CVE-2020-26970 | When reading SMTP server status codes, Thunderbird writes an integer v ... |
| CVE-2020-26968 | Mozilla developers reported memory safety bugs present in Firefox 82 a ... |
| CVE-2020-26966 | Searching for a single word from the address bar caused an mDNS reques ... |
| CVE-2020-26965 | Some websites have a feature "Show Password" where clicking a button w ... |
| CVE-2020-26961 | When DNS over HTTPS is in use, it intentionally filters RFC1918 and re ... |
| CVE-2020-26960 | If the Compact() method was called on an nsTArray, the array could hav ... |
| CVE-2020-26959 | During browser shutdown, reference decrementing could have occured on ... |
| CVE-2020-26958 | Firefox did not block execution of scripts with incorrect MIME types w ... |
| CVE-2020-26956 | In some cases, removing HTML elements during sanitization would keep e ... |
| CVE-2020-26953 | It was possible to cause the browser to enter fullscreen mode without ... |
| CVE-2020-26951 | A parsing and event loading mismatch in Firefox's SVG code could have ... |
| CVE-2020-26950 | In certain circumstances, the MCallGetProperty opcode can be emitted w ... |
| CVE-2020-16044 | Use after free in WebRTC in Google Chrome prior to 88.0.4324.96 allowe ... |
| CVE-2020-16042 | Uninitialized Use in V8 in Google Chrome prior to 87.0.4280.88 allowed ... |
| CVE-2020-16012 | Side-channel information leakage in graphics in Google Chrome prior to ... |
| CVE-2020-15969 | Use after free in WebRTC in Google Chrome prior to 86.0.4240.75 allowe ... |
| CVE-2020-15685 | During the plaintext phase of the STARTTLS connection setup, protocol ... |
| CVE-2020-15683 | Mozilla developers and community members reported memory safety bugs p ... |
| CVE-2020-15678 | When recursing through graphical layers while scrolling, an iterator m ... |
| CVE-2020-15677 | By exploiting an Open Redirect vulnerability on a website, an attacker ... |
| CVE-2020-15676 | Firefox sometimes ran the onload handler for SVG elements that the DOM ... |
| CVE-2020-15673 | Mozilla developers reported memory safety bugs present in Firefox 80 a ... |
| CVE-2020-15669 | When aborting an operation, such as a fetch, an abort signal may be de ... |
| CVE-2020-15664 | By holding a reference to the eval() function from an about:blank wind ... |
| CVE-2020-15663 | If Firefox is installed to a user-writable directory, the Mozilla Main ... |
| CVE-2020-15659 | Mozilla developers and community members reported memory safety bugs p ... |
| CVE-2020-15658 | The code for downloading files did not properly take care of special c ... |
| CVE-2020-15657 | Firefox could be made to load attacker-supplied DLL files from the ins ... |
| CVE-2020-15656 | JIT optimizations involving the Javascript arguments object could conf ... |
| CVE-2020-15655 | A redirected HTTP request which is observed or modified through a web ... |
| CVE-2020-15654 | When in an endless loop, a website specifying a custom cursor using CS ... |
| CVE-2020-15653 | An iframe sandbox element with the allow-popups flag could be bypassed ... |
| CVE-2020-15652 | By observing the stack trace for JavaScript errors in web workers, it ... |
| CVE-2020-15646 | If an attacker intercepts Thunderbird's initial attempt to perform aut ... |
| CVE-2020-12421 | When performing add-on updates, certificate chains terminating in non- ... |
| CVE-2020-12420 | When trying to connect to a STUN server, a race condition could have c ... |
| CVE-2020-12419 | When processing callbacks that occurred during window flushing in the ... |
| CVE-2020-12418 | Manipulating individual parts of a URL object could have caused an out ... |
| CVE-2020-12417 | Due to confusion about ValueTags on JavaScript Objects, an object may ... |
| CVE-2020-12410 | Mozilla developers reported memory safety bugs present in Firefox 76 a ... |
| CVE-2020-12406 | Mozilla Developer Iain Ireland discovered a missing type check during ... |
| CVE-2020-12405 | When browsing a malicious page, a race condition in our SharedWorkerSe ... |
| CVE-2020-12399 | NSS has shown timing differences when performing DSA signatures, which ... |
| CVE-2020-12398 | If Thunderbird is configured to use STARTTLS for an IMAP server, and t ... |
| CVE-2020-12397 | By encoding Unicode whitespace characters within the From email header ... |
| CVE-2020-12395 | Mozilla developers and community members reported memory safety bugs p ... |
| CVE-2020-12393 | The 'Copy as cURL' feature of Devtools' network tab did not properly e ... |
| CVE-2020-12392 | The 'Copy as cURL' feature of Devtools' network tab did not properly e ... |
| CVE-2020-12387 | A race condition when running shutdown code for Web Worker led to a us ... |
| CVE-2020-6831 | A buffer overflow could occur when parsing and validating SCTP chunks ... |
| CVE-2020-6825 | Mozilla developers and community members Tyson Smith and Christian Hol ... |
| CVE-2020-6822 | On 32-bit builds, an out of bounds write could have occurred when proc ... |
| CVE-2020-6821 | When reading from areas partially or fully outside the source resource ... |
| CVE-2020-6820 | Under certain conditions, when handling a ReadableStream, a race condi ... |
| CVE-2020-6819 | Under certain conditions, when running the nsDocShell destructor, a ra ... |
| CVE-2020-6814 | Mozilla developers reported memory safety bugs present in Firefox and ... |
| CVE-2020-6812 | The first time AirPods are connected to an iPhone, they become named a ... |
| CVE-2020-6811 | The 'Copy as cURL' feature of Devtools' network tab did not properly e ... |
| CVE-2020-6807 | When a device was changed while a stream was about to be destroyed, th ... |
| CVE-2020-6806 | By carefully crafting promise resolutions, it was possible to cause an ... |
| CVE-2020-6805 | When removing data about an origin whose tab was recently closed, a us ... |
| CVE-2020-6800 | Mozilla developers and community members reported memory safety bugs p ... |
| CVE-2020-6798 | If a template tag was used in a select tag, the parser could be confus ... |
| CVE-2020-6797 | By downloading a file with the .fileloc extension, a semi-privileged e ... |
| CVE-2020-6795 | When processing a message that contains multiple S/MIME signatures, a ... |
| CVE-2020-6794 | If a user saved passwords before Thunderbird 60 and then later set a m ... |
| CVE-2020-6793 | When processing an email message with an ill-formed envelope, Thunderb ... |
| CVE-2020-6792 | When deriving an identifier for an email message, uninitialized memory ... |
| CVE-2020-6514 | Inappropriate implementation in WebRTC in Google Chrome prior to 84.0. ... |
| CVE-2020-6463 | Use after free in ANGLE in Google Chrome prior to 81.0.4044.122 allowe ... |
| CVE-2019-20503 | usrsctp before 2019-12-20 has out-of-bounds reads in sctp_load_address ... |
| CVE-2019-17026 | Incorrect alias information in IonMonkey JIT compiler for setting arra ... |
| CVE-2019-17024 | Mozilla developers reported memory safety bugs present in Firefox 71 a ... |
| CVE-2019-17022 | When pasting a <style> tag from the clipboard into a rich text e ... |
| CVE-2019-17021 | During the initialization of a new content process, a race condition o ... |
| CVE-2019-17017 | Due to a missing case handling object types, a type confusion vulnerab ... |
| CVE-2019-17016 | When pasting a <style> tag from the clipboard into a rich text e ... |
| CVE-2019-17015 | During the initialization of a new content process, a pointer offset c ... |
| CVE-2019-17012 | Mozilla developers reported memory safety bugs present in Firefox 70 a ... |
| CVE-2019-17011 | Under certain conditions, when retrieving a document from a DocShell i ... |
| CVE-2019-17010 | Under certain conditions, when checking the Resist Fingerprinting pref ... |
| CVE-2019-17009 | When running, the updater service wrote status and log files to an unr ... |
| CVE-2019-17008 | When using nested workers, a use-after-free could occur during worker ... |
| CVE-2019-17005 | The plain text serializer used a fixed-size array for the number of <o ... |
| CVE-2019-15903 | In libexpat before 2.2.8, crafted XML input could fool the parser into ... |
| CVE-2019-13722 | Inappropriate implementation in WebRTC in Google Chrome prior to 79.0. ... |
| CVE-2019-11764 | Mozilla developers and community members reported memory safety bugs p ... |
| CVE-2019-11763 | Failure to correctly handle null bytes when processing HTML entities r ... |
| CVE-2019-11762 | If two same-origin documents set document.domain differently to become ... |
| CVE-2019-11761 | By using a form with a data URI it was possible to gain access to the ... |
| CVE-2019-11760 | A fixed-size stack buffer could overflow in nrappkit when doing WebRTC ... |
| CVE-2019-11759 | An attacker could have caused 4 bytes of HMAC output to be written pas ... |
| CVE-2019-11758 | Mozilla community member Philipp reported a memory safety bug present ... |
| CVE-2019-11757 | When following the value's prototype chain, it was possible to retain ... |
| CVE-2019-11755 | A crafted S/MIME message consisting of an inner encryption layer and a ... |
| CVE-2019-11752 | It is possible to delete an IndexedDB key value and subsequently try t ... |
| CVE-2019-11746 | A use-after-free vulnerability can occur while manipulating video elem ... |
| CVE-2019-11744 | Some HTML elements, such as <title> and <textarea>, can co ... |
| CVE-2019-11743 | Navigation events were not fully adhering to the W3C's "Navigation-Tim ... |
| CVE-2019-11742 | A same-origin policy violation occurs allowing the theft of cross-orig ... |
| CVE-2019-11740 | Mozilla developers and community members reported memory safety bugs p ... |
| CVE-2019-11739 | Encrypted S/MIME parts in a crafted multipart/alternative message can ... |
| CVE-2019-11730 | A vulnerability exists where if a user opens a locally saved HTML file ... |
| CVE-2019-11729 | Empty or malformed p256-ECDH public keys may trigger a segmentation fa ... |
| CVE-2019-11719 | When importing a curve25519 private key in PKCS#8format with leading 0 ... |
| CVE-2019-11717 | A vulnerability exists where the caret ("^") character is improperly e ... |
| CVE-2019-11715 | Due to an error while parsing page content, it is possible for properl ... |
| CVE-2019-11713 | A use-after-free vulnerability can occur in HTTP/2 when a cached HTTP/ ... |
| CVE-2019-11712 | POST requests made by NPAPI plugins, such as Flash, that receive a sta ... |
| CVE-2019-11711 | When an inner window is reused, it does not consider the use of docume ... |
| CVE-2019-11709 | Mozilla developers and community members reported memory safety bugs p ... |
| CVE-2019-11708 | Insufficient vetting of parameters passed with the Prompt:Open IPC mes ... |
| CVE-2019-11707 | A type confusion vulnerability can occur when manipulating JavaScript ... |
| CVE-2019-11706 | A flaw in Thunderbird's implementation of iCal causes a type confusion ... |
| CVE-2019-11705 | A flaw in Thunderbird's implementation of iCal causes a stack buffer o ... |
| CVE-2019-11704 | A flaw in Thunderbird's implementation of iCal causes a heap buffer ov ... |
| CVE-2019-11703 | A flaw in Thunderbird's implementation of iCal causes a heap buffer ov ... |
| CVE-2019-11698 | If a crafted hyperlink is dragged and dropped to the bookmark bar or s ... |
| CVE-2019-11694 | A vulnerability exists in the Windows sandbox where an uninitialized v ... |
| CVE-2019-11693 | The bufferdata function in WebGL is vulnerable to a buffer overflow wi ... |
| CVE-2019-11692 | A use-after-free vulnerability can occur when listeners are removed fr ... |
| CVE-2019-11691 | A use-after-free vulnerability can occur when working with XMLHttpRequ ... |
| CVE-2019-9820 | A use-after-free vulnerability can occur in the chrome event handler w ... |
| CVE-2019-9819 | A vulnerability where a JavaScript compartment mismatch can occur whil ... |
| CVE-2019-9818 | A race condition is present in the crash generation server used to gen ... |
| CVE-2019-9817 | Images from a different domain can be read using a canvas object in so ... |
| CVE-2019-9816 | A possible vulnerability exists where type confusion can occur when ma ... |
| CVE-2019-9815 | If hyperthreading is not disabled, a timing attack vulnerability exist ... |
| CVE-2019-9811 | As part of a winning Pwn2Own entry, a researcher demonstrated a sandbo ... |
| CVE-2019-9801 | Firefox will accept any registered Program ID as an external protocol ... |
| CVE-2019-9800 | Mozilla developers and community members reported memory safety bugs p ... |
| CVE-2019-9797 | Cross-origin images can be read in violation of the same-origin policy ... |
| CVE-2019-9796 | A use-after-free vulnerability can occur when the SMIL animation contr ... |
| CVE-2019-9795 | A vulnerability where type-confusion in the IonMonkey just-in-time (JI ... |
| CVE-2019-9794 | A vulnerability was discovered where specific command line arguments a ... |
| CVE-2019-9793 | A mechanism was discovered that removes some bounds checking for strin ... |
| CVE-2019-9792 | The IonMonkey just-in-time (JIT) compiler can leak an internal JS_OPTI ... |
| CVE-2019-9791 | The type inference system allows the compilation of functions that can ... |
| CVE-2019-9790 | A use-after-free vulnerability can occur when a raw pointer to a DOM e ... |
| CVE-2019-9788 | Mozilla developers and community members reported memory safety bugs p ... |
| CVE-2019-7317 | png_image_free in png.c in libpng 1.6.x before 1.6.37 has a use-after- ... |
| CVE-2019-5798 | Lack of correct bounds checking in Skia in Google Chrome prior to 73.0 ... |
| CVE-2019-5785 | Incorrect convexity calculations in Skia in Google Chrome prior to 72. ... |
| CVE-2018-18513 | A crash can occur when processing a crafted S/MIME message or an XPI p ... |
| CVE-2018-18512 | A use-after-free vulnerability can occur while playing a sound notific ... |
| CVE-2018-18511 | Cross-origin images can be read from a canvas element in violation of ... |
| CVE-2018-18509 | A flaw during verification of certain S/MIME signatures causes emails ... |
| CVE-2018-18506 | When proxy auto-detection is enabled, if a web server serves a Proxy A ... |
| CVE-2018-18505 | An earlier fix for an Inter-process Communication (IPC) vulnerability, ... |
| CVE-2018-18501 | Mozilla developers and community members reported memory safety bugs p ... |
| CVE-2018-18500 | A use-after-free vulnerability can occur while parsing an HTML5 stream ... |
| CVE-2018-18499 | A same-origin policy violation allowing the theft of cross-origin URL ... |
| CVE-2018-18498 | A potential vulnerability leading to an integer overflow can occur dur ... |
| CVE-2018-18494 | A same-origin policy violation allowing the theft of cross-origin URL ... |
| CVE-2018-18493 | A buffer overflow can occur in the Skia library during buffer offset c ... |
| CVE-2018-18492 | A use-after-free vulnerability can occur after deleting a selection el ... |
| CVE-2018-18356 | An integer overflow in path handling lead to a use after free in Skia ... |
| CVE-2018-18335 | Heap buffer overflow in Skia in Google Chrome prior to 71.0.3578.80 al ... |
| CVE-2018-17466 | Incorrect texture handling in Angle in Google Chrome prior to 70.0.353 ... |
| CVE-2018-12405 | Mozilla developers and community members reported memory safety bugs p ... |
| CVE-2018-12393 | A potential vulnerability was found in 32-bit builds where an integer ... |
| CVE-2018-12392 | When manipulating user events in nested loops while opening a document ... |
| CVE-2018-12391 | During HTTP Live Stream playback on Firefox for Android, audio data ca ... |
| CVE-2018-12390 | Mozilla developers and community members reported memory safety bugs p ... |
| CVE-2018-12389 | Mozilla developers and community members reported memory safety bugs p ... |
| CVE-2018-12385 | A potentially exploitable crash in TransportSecurityInfo used for SSL ... |
| CVE-2018-12383 | If a user saved passwords before Firefox 58 and then later set a maste ... |
| CVE-2018-12379 | When the Mozilla Updater opens a MAR format file which contains a very ... |
| CVE-2018-12378 | A use-after-free vulnerability can occur when an IndexedDB index is de ... |
| CVE-2018-12377 | A use-after-free vulnerability can occur when refresh driver timers ar ... |
| CVE-2018-12376 | Memory safety bugs present in Firefox 61 and Firefox ESR 60.1. Some of ... |
| CVE-2018-12374 | Plaintext of decrypted emails can leak through by user submitting an e ... |
| CVE-2018-12373 | dDecrypted S/MIME parts hidden with CSS or the plaintext HTML tag can ... |
| CVE-2018-12372 | Decrypted S/MIME parts, when included in HTML crafted for an attack, c ... |
| CVE-2018-12371 | An integer overflow vulnerability in the Skia library when allocating ... |
| CVE-2018-12368 | Windows 10 does not warn users before opening executable files with th ... |
| CVE-2018-12367 | In the previous mitigations for Spectre, the resolution or precision o ... |
| CVE-2018-12366 | An invalid grid size during QCMS (color profile) transformations can r ... |
| CVE-2018-12365 | A compromised IPC child process can escape the content sandbox and lis ... |
| CVE-2018-12364 | NPAPI plugins, such as Adobe Flash, can send non-simple cross-origin r ... |
| CVE-2018-12363 | A use-after-free vulnerability can occur when script uses mutation eve ... |
| CVE-2018-12362 | An integer overflow can occur during graphics operations done by the S ... |
| CVE-2018-12361 | An integer overflow can occur in the SwizzleData code while calculatin ... |
| CVE-2018-12360 | A use-after-free vulnerability can occur when deleting an input elemen ... |
| CVE-2018-12359 | A buffer overflow can occur when rendering canvas content while adjust ... |
| CVE-2018-5188 | Memory safety bugs present in Firefox 60, Firefox ESR 60, and Firefox ... |
| CVE-2018-5187 | Memory safety bugs present in Firefox 60 and Firefox ESR 60. Some of t ... |
| CVE-2018-5185 | Plaintext of decrypted emails can leak through by user submitting an e ... |
| CVE-2018-5184 | Using remote content in encrypted messages can lead to the disclosure ... |
| CVE-2018-5183 | Mozilla developers backported selected changes in the Skia library. Th ... |
| CVE-2018-5178 | A buffer overflow was found during UTF8 to Unicode string conversion w ... |
| CVE-2018-5174 | In the Windows 10 April 2018 Update, Windows Defender SmartScreen hono ... |
| CVE-2018-5170 | It is possible to spoof the filename of an attachment and display an a ... |
| CVE-2018-5168 | Sites can bypass security checks on permissions to install lightweight ... |
| CVE-2018-5162 | Plaintext of decrypted emails can leak through the src attribute of re ... |
| CVE-2018-5161 | Crafted message headers can cause a Thunderbird process to hang on rec ... |
| CVE-2018-5159 | An integer overflow can occur in the Skia library due to 32-bit intege ... |
| CVE-2018-5156 | A vulnerability can occur when capturing a media stream when the media ... |
| CVE-2018-5155 | A use-after-free vulnerability can occur while adjusting layout during ... |
| CVE-2018-5154 | A use-after-free vulnerability can occur while enumerating attributes ... |
| CVE-2018-5150 | Memory safety bugs were reported in Firefox 59, Firefox ESR 52.7, and ... |
| CVE-2018-5146 | An out of bounds memory write while processing Vorbis audio data was r ... |
| CVE-2018-5145 | Memory safety bugs were reported in Firefox ESR 52.6. These bugs showe ... |
| CVE-2018-5144 | An integer overflow can occur during conversion of text to some Unicod ... |
| CVE-2018-5129 | A lack of parameter validation on IPC messages results in a potential ... |
| CVE-2018-5127 | A buffer overflow can occur when manipulating the SVG "animatedPathSeg ... |
| CVE-2018-5125 | Memory safety bugs were reported in Firefox 58 and Firefox ESR 52.6. S ... |
| CVE-2018-5117 | If right-to-left text is used in the addressbar with left-to-right ali ... |
| CVE-2018-5104 | A use-after-free vulnerability can occur during font face manipulation ... |
| CVE-2018-5103 | A use-after-free vulnerability can occur during mouse event handling d ... |
| CVE-2018-5102 | A use-after-free vulnerability can occur when manipulating HTML media ... |
| CVE-2018-5099 | A use-after-free vulnerability can occur when the widget listener is h ... |
| CVE-2018-5098 | A use-after-free vulnerability can occur when form input elements, foc ... |
| CVE-2018-5097 | A use-after-free vulnerability can occur during XSL transformations wh ... |
| CVE-2018-5096 | A use-after-free vulnerability can occur while editing events in form ... |
| CVE-2018-5095 | An integer overflow vulnerability in the Skia library when allocating ... |
| CVE-2018-5089 | Memory safety bugs were reported in Firefox 57 and Firefox ESR 52.5. S ... |
| CVE-2017-16541 | Tor Browser before 7.0.9 on macOS and Linux allows remote attackers to ... |
| CVE-2017-7848 | RSS fields can inject new lines into the created email structure, modi ... |
| CVE-2017-7847 | Crafted CSS in an RSS feed can leak and reveal local path strings, whi ... |
| CVE-2017-7846 | It is possible to execute JavaScript in the parsed RSS feed when RSS f ... |
| CVE-2017-7845 | A buffer overflow occurs when drawing and validating elements using Di ... |
| CVE-2017-7830 | The Resource Timing API incorrectly revealed navigations in cross-orig ... |
| CVE-2017-7829 | It is possible to spoof the sender's email address and display an arbi ... |
| CVE-2017-7828 | A use-after-free vulnerability can occur when flushing and resizing la ... |
| CVE-2017-7826 | Memory safety bugs were reported in Firefox 56 and Firefox ESR 52.4. S ... |
| CVE-2017-7824 | A buffer overflow occurs when drawing and validating elements with the ... |
| CVE-2017-7823 | The content security policy (CSP) "sandbox" directive did not create a ... |
| CVE-2017-7819 | A use-after-free vulnerability can occur in design mode when image obj ... |
| CVE-2017-7818 | A use-after-free vulnerability can occur when manipulating arrays of A ... |
| CVE-2017-7814 | File downloads encoded with "blob:" and "data:" URL elements bypassed ... |
| CVE-2017-7810 | Memory safety bugs were reported in Firefox 55 and Firefox ESR 52.3. S ... |
| CVE-2017-7805 | During TLS 1.2 exchanges, handshake hashes are generated which point t ... |
| CVE-2017-7793 | A use-after-free vulnerability can occur in the Fetch API when the wor ... |
| CVE-2016-5824 | libical 1.0 allows remote attackers to cause a denial of service (use- ... |
| CVE-2006-4571 | Multiple unspecified vulnerabilities in Firefox before 1.5.0.7, Thunde ... |
| CVE-2006-4570 | Mozilla Thunderbird before 1.5.0.7 and SeaMonkey before 1.0.5, with "L ... |
| CVE-2006-4569 | The popup blocker in Mozilla Firefox before 1.5.0.7 opens the "blocked ... |
| CVE-2006-4568 | Mozilla Firefox before 1.5.0.7 and SeaMonkey before 1.0.5 allows remot ... |
| CVE-2006-4567 | Mozilla Firefox before 1.5.0.7 and Thunderbird before 1.5.0.7 makes it ... |
| CVE-2006-4566 | Mozilla Firefox before 1.5.0.7, Thunderbird before 1.5.0.7, and SeaMon ... |
| CVE-2006-4565 | Heap-based buffer overflow in Mozilla Firefox before 1.5.0.7, Thunderb ... |
| CVE-2006-4340 | Mozilla Network Security Service (NSS) library before 3.11.3, as used ... |
| CVE-2006-4253 | Concurrency vulnerability in Mozilla Firefox 1.5.0.6 and earlier allow ... |
| CVE-2006-3812 | Mozilla Firefox before 1.5.0.5, Thunderbird before 1.5.0.5, and SeaMon ... |
| CVE-2006-3811 | Multiple vulnerabilities in Mozilla Firefox before 1.5.0.5, Thunderbir ... |
| CVE-2006-3810 | Cross-site scripting (XSS) vulnerability in Mozilla Firefox 1.5 before ... |
| CVE-2006-3809 | Mozilla Firefox before 1.5.0.5, Thunderbird before 1.5.0.5, and SeaMon ... |
| CVE-2006-3808 | Mozilla Firefox before 1.5.0.5 and SeaMonkey before 1.0.3 allows remot ... |
| CVE-2006-3807 | Mozilla Firefox before 1.5.0.5, Thunderbird before 1.5.0.5, and SeaMon ... |
| CVE-2006-3806 | Multiple integer overflows in the Javascript engine in Mozilla Firefox ... |
| CVE-2006-3805 | The Javascript engine in Mozilla Firefox before 1.5.0.5, Thunderbird b ... |
| CVE-2006-3804 | Heap-based buffer overflow in Mozilla Thunderbird before 1.5.0.5 and S ... |
| CVE-2006-3803 | Race condition in the JavaScript garbage collection in Mozilla Firefox ... |
| CVE-2006-3802 | Mozilla Firefox before 1.5.0.5, Thunderbird before 1.5.0.5, and SeaMon ... |
| CVE-2006-3801 | Mozilla Firefox 1.5 before 1.5.0.5 and SeaMonkey before 1.0.3 does not ... |
| CVE-2006-3677 | Mozilla Firefox 1.5 before 1.5.0.5 and SeaMonkey before 1.0.3 allows r ... |
| CVE-2006-3113 | Mozilla Firefox 1.5 before 1.5.0.5, Thunderbird before 1.5.0.5, and Se ... |
| CVE-2006-2787 | EvalInSandbox in Mozilla Firefox and Thunderbird before 1.5.0.4 allows ... |
| CVE-2006-2786 | HTTP response smuggling vulnerability in Mozilla Firefox and Thunderbi ... |
| CVE-2006-2783 | Mozilla Firefox and Thunderbird before 1.5.0.4 strip the Unicode Byte- ... |
| CVE-2006-2781 | Double free vulnerability in nsVCard.cpp in Mozilla Thunderbird before ... |
| CVE-2006-2780 | Integer overflow in Mozilla Firefox and Thunderbird before 1.5.0.4 all ... |
| CVE-2006-2779 | Mozilla Firefox and Thunderbird before 1.5.0.4 allow remote attackers ... |
| CVE-2006-2778 | The crypto.signText function in Mozilla Firefox and Thunderbird before ... |
| CVE-2006-2776 | Certain privileged UI code in Mozilla Firefox and Thunderbird before 1 ... |
| CVE-2006-2775 | Mozilla Firefox and Thunderbird before 1.5.0.4 associates XUL attribut ... |
| CVE-2006-1942 | Mozilla Firefox 1.5.0.2 and possibly other versions before 1.5.0.4, Ne ... |
| CVE-2006-1790 | A regression fix in Mozilla Firefox 1.0.7 allows remote attackers to c ... |
| CVE-2006-1742 | The JavaScript engine in Mozilla Firefox and Thunderbird 1.x before 1. ... |
| CVE-2006-1741 | Mozilla Firefox 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite b ... |
| CVE-2006-1740 | Mozilla Firefox 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite b ... |
| CVE-2006-1739 | The CSS border-rendering code in Mozilla Firefox and Thunderbird 1.x b ... |
| CVE-2006-1738 | Unspecified vulnerability in Mozilla Firefox and Thunderbird 1.x befor ... |
| CVE-2006-1737 | Integer overflow in Mozilla Firefox and Thunderbird 1.x before 1.5 and ... |
| CVE-2006-1735 | Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, ... |
| CVE-2006-1734 | Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, ... |
| CVE-2006-1733 | Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, ... |
| CVE-2006-1732 | Unspecified vulnerability in Mozilla Firefox and Thunderbird 1.x befor ... |
| CVE-2006-1731 | Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, ... |
| CVE-2006-1730 | Integer overflow in Mozilla Firefox and Thunderbird 1.x before 1.5.0.2 ... |
| CVE-2006-1728 | Unspecified vulnerability in Mozilla Firefox and Thunderbird 1.x befor ... |
| CVE-2006-1727 | Unspecified vulnerability in Mozilla Firefox and Thunderbird 1.x befor ... |
| CVE-2006-1726 | Unspecified vulnerability in Firefox and Thunderbird 1.5 before 1.5.0. ... |
| CVE-2006-1724 | Unspecified vulnerability in Firefox and Thunderbird before 1.5.0.2, 1 ... |
| CVE-2006-1723 | Unspecified vulnerability in Firefox and Thunderbird before 1.5.0.2, a ... |
| CVE-2006-1531 | Unspecified vulnerability in Firefox and Thunderbird before 1.5.0.2, a ... |
| CVE-2006-1530 | Unspecified vulnerability in Firefox and Thunderbird before 1.5.0.2, a ... |
| CVE-2006-1529 | Unspecified vulnerability in Firefox and Thunderbird before 1.5.0.2, a ... |
| CVE-2006-1045 | The HTML rendering engine in Mozilla Thunderbird 1.5, when "Block load ... |
| CVE-2006-0884 | The WYSIWYG rendering engine ("rich mail" editor) in Mozilla Thunderbi ... |
| CVE-2006-0749 | nsHTMLContentSink.cpp in Mozilla Firefox and Thunderbird 1.x before 1. ... |
| CVE-2006-0748 | Mozilla Firefox and Thunderbird 1.x before 1.5.0.2 and 1.0.x before 1. ... |
| CVE-2006-0299 | The E4X implementation in Mozilla Firefox before 1.5.0.1, Thunderbird ... |
| CVE-2006-0298 | The XML parser in Mozilla Firefox before 1.5.0.1 and SeaMonkey before ... |
| CVE-2006-0297 | Multiple integer overflows in Mozilla Firefox 1.5, Thunderbird 1.5 if ... |
| CVE-2006-0296 | The XULDocument.persist function in Mozilla, Firefox before 1.5.0.1, a ... |
| CVE-2006-0295 | Mozilla Firefox 1.5, Thunderbird 1.5 if Javascript is enabled in mail, ... |
| CVE-2006-0294 | Mozilla Firefox before 1.5.0.1, Thunderbird 1.5 if running Javascript ... |
| CVE-2006-0292 | The Javascript interpreter (jsinterp.c) in Mozilla and Firefox before ... |
| CVE-2005-2353 | run-mozilla.sh in Thunderbird, with debugging enabled, allows local us ... |