Search for packages
| purl | pkg:deb/debian/firefox-esr@0?distro=trixie |
| Vulnerability | Summary | Fixed by |
|---|---|---|
| This package is not known to be affected by vulnerabilities. | ||
| Vulnerability | Summary | Aliases |
|---|---|---|
| VCID-15mn-5hnv-w7f4 | The Firefox content processes did not sufficiently lockdown access control which could result in a sandbox escape.*Note: this issue only affects Firefox on Windows operating systems.* |
CVE-2020-12389
|
| VCID-19r2-4svk-uydr | Multiple vulnerabilities have been discovered in Mozilla Thunderbird, the worst of which could lead to remote code execution. |
CVE-2023-4578
|
| VCID-1dkk-86db-s3ch | Multiple vulnerabilities have been discovered in Mozilla Thunderbird, the worst of which could lead to remote code execution. |
CVE-2023-5168
|
| VCID-1rj3-tt63-4yc1 | Through use of reportValidity() and window.open(), a plain-text validation message could have been overlaid on another origin, leading to possible user confusion and spoofing attacks. |
CVE-2021-38497
|
| VCID-1ur2-g3su-pqd3 | A Cliqz.com developer demonstrated that web content could access information in the HTTP cache if e10s is disabled. This can reveal some visited URLs and the contents of those pages. This issue affects Firefox 48 and 49. |
CVE-2016-5288
|
| VCID-1w8j-w2rh-hqdf | Multiple vulnerabilities have been found in Mozilla Firefox and Thunderbird the worst of which could lead to the execution of arbitrary code. |
CVE-2016-2809
|
| VCID-2a5d-8cac-mkft | A newline in a filename could have been used to bypass the file extension security mechanisms that replace malicious file extensions such as .lnk with .download. This could have led to accidental execution of malicious code.*This bug only affects Firefox on Windows. Other versions of Firefox are unaffected.* |
CVE-2023-29542
|
| VCID-2w58-mdmk-guh8 | Mozilla has updated the version of Network Security Services (NSS) library used in Firefox to NSS 3.23. This addresses four moderate rated networking security issues reported by Mozilla engineers Tyson Smith and Jed Davis. |
CVE-2016-2834
|
| VCID-2xtz-k8nq-n3hf | A malicious Android application could craft an Intent that would have been processed by Firefox for Android and potentially result in a file overwrite in the user's profile directory. One exploitation vector for this would be to supply a user.js file providing arbitrary malicious preference values. Control of arbitrary preferences can lead to sufficient compromise such that it is generally equivalent to arbitrary code execution. *Note: This issue only affects Firefox for Android. Other operating systems are unaffected.* |
CVE-2020-6828
|
| VCID-2z7p-2uj3-2qfb | If hyperthreading is not disabled, a timing attack vulnerability exists, similar to previous Spectre attacks. Apple has shipped macOS 10.14.5 with an option to disable hyperthreading in applications running untrusted code in a thread through a new sysctl. Firefox now makes use of it on the main thread and any worker threads. *Note: users need to update to macOS 10.14.5 in order to take advantage of this change.* |
CVE-2019-9815
|
| VCID-3465-gq22-3kfy | Multiple vulnerabilities have been found in Expat, the worst of which may allow execution of arbitrary code. |
CVE-2016-0718
|
| VCID-44zf-meps-6fey | Given an installed malicious file picker application, an attacker was able to overwrite local files and thus overwrite Firefox settings (but not access the previous profile). *Note: This issue only affected Firefox for Android. Other operating systems are unaffected.* |
CVE-2020-15650
|
| VCID-47dr-szw4-ryfr | During URL parsing, a maliciously crafted URL can cause a potentially exploitable crash. |
CVE-2016-5292
|
| VCID-4c3c-ygt3-kbg5 | Multiple vulnerabilities have been found in Mozilla Firefox, the worst of which may allow execution of arbitrary code. |
CVE-2020-6797
|
| VCID-4r8e-64b6-bbbu | Use-after-free in the Widget: Cocoa component. This vulnerability affects Firefox < 149, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9. |
CVE-2026-4711
|
| VCID-4rpa-nwnh-b3h3 | The Mozilla Windows updater modifies some files to be updated by reading the original file and applying changes to it. The location of the original file can be altered by a malicious user by passing a special path to the callback parameter through the Mozilla Maintenance Service, allowing the manipulation of files in the installation directory and privilege escalation by manipulating the Mozilla Maintenance Service, which has privileged access. *Note: This attack requires local system access and only affects Windows. Other operating systems are not affected.* |
CVE-2017-7760
|
| VCID-4sv2-j8zg-xkhf | When running, the updater service wrote status and log files to an unrestricted location; potentially allowing an unprivileged process to locate and exploit a vulnerability in file handling in the updater service. *Note: This attack requires local system access and only affects Windows. Other operating systems are not affected.* |
CVE-2019-17009
|
| VCID-4vps-3cxv-xyd5 | On Windows 10, when using the 'Save As' functionality, an attacker could have tricked the browser into saving the file with a disallowed extension such as .url by including an invalid character in the extension. *Note:* This issue only affected Windows operating systems. Other operating systems are unaffected. |
CVE-2024-5692
|
| VCID-4z19-eyh7-9yf4 | The existence of a specifically requested local file can be found due to the double firing of the onerror when the source attribute on a <track> tag refers to a file that does not exist if the source page is loaded locally. |
CVE-2017-5387
|
| VCID-5666-pp89-aqc2 | The 'Copy as cURL' feature of Devtools' network tab did not properly escape the HTTP method of a request, which can be controlled by the website. If a user used the 'Copy as cURL' feature and pasted the command into a terminal, it could have resulted in command injection and arbitrary command execution.*Note: this issue only affects Firefox on Windows operating systems.* |
CVE-2020-12393
|
| VCID-5aga-y5nk-5fha | A locally-installed hostile program could send `WM_COPYDATA` messages that Firefox would processing incorrectly, leading to an out-of-bounds read. *This bug only affects Firefox on Windows. Other operating systems are unaffected.* |
CVE-2021-29964
|
| VCID-5c1p-6gjw-wkgx | Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could lead to the execution of arbitrary code. |
CVE-2018-12391
|
| VCID-5p2x-6brd-xfad | Default fonts on OS X display some Tibetan characters as whitespace. When used in the addressbar as part of an IDN this can be used for domain name spoofing attacks. *Note: This attack only affects OS X operating systems. Other operating systems are unaffected.* |
CVE-2017-7763
|
| VCID-5srb-q1nd-1qfh | A buffer overflow occurs when drawing and validating elements using Direct 3D 9 with the ANGLE graphics library, used for WebGL content. This is due to an incorrect value being passed within the library during checks and results in a potentially exploitable crash. *Note: This attack only affects Windows operating systems. Other operating systems are unaffected.* |
CVE-2017-7845
|
| VCID-5zmj-5xkc-zkgc | A vulnerability exists in the Windows sandbox where an uninitialized value in memory can be leaked to a renderer from a broker when making a call to access an otherwise unavailable file. This results in the potential leaking of information stored at that memory location. *Note: this issue only occurs on Windows. Other operating systems are unaffected.* |
CVE-2019-11694
|
| VCID-6cde-35h4-vqaj | An issue where WebExtensions can use the mozAddonManager API to elevate privilege due to privileged pages being allowed in the permissions list. This allows a malicious extension to then install additional extensions without explicit user permission. |
CVE-2016-9075
|
| VCID-6p3q-f7f6-mygv | Mozilla developers and community members Christian Holler, Jon Coppeard, Milan Sreckovic, Tyson Smith, Ronald Crane, Randell Jesup, Philipp, Tooru Fujisawa, and Kan-Ru Chen reported memory safety bugs present in Firefox 52 and Firefox ESR 52. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. |
CVE-2017-5430
|
| VCID-6pk2-g77j-h3b2 | An integer overflow during the parsing of XML using the Expat library. |
CVE-2016-9063
|
| VCID-6rpt-16pv-yfar | The Firefox installer on Windows can be made to load malicious DLL files stored in the same directory as the installer when it is run. This allows privileged execution if the installer is run with elevated privileges. *Note: This attack only affects Windows operating systems. Other operating systems are unaffected.* |
CVE-2017-7755
|
| VCID-6s88-vfr8-u3hj | Multiple vulnerabilities have been discovered in Mozilla Thunderbird, the worst of which could lead to remote code execution. |
CVE-2023-4585
|
| VCID-6uth-8k3d-7qdj | Multiple vulnerabilities have been found in Mozilla Firefox, the worst of which may allow execution of arbitrary code. |
CVE-2018-12381
|
| VCID-6zjy-1agk-nbd9 | Multiple vulnerabilities have been discovered in Mozilla Thunderbird, the worst of which could lead to remote code execution. |
CVE-2023-5174
|
| VCID-754j-7erb-z7ae | Mozilla Firefox's update mechanism allowed a medium-integrity user process to interfere with the SYSTEM-level updater by manipulating the file-locking behavior. By injecting code into the user-privileged process, an attacker could bypass intended access controls, allowing SYSTEM-level file operations on paths controlled by a non-privileged user and enabling privilege escalation. |
CVE-2025-2817
|
| VCID-7939-5qcd-tqgg | Modification of specific WebGL shader attributes could trigger an out-of-bounds read, which, when chained with other vulnerabilities, could be used to escalate privileges.*This bug only affects Firefox for macOS. Other versions of Firefox are unaffected.* |
CVE-2025-4082
|
| VCID-7fvy-7hpe-kbej | Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could result in the arbitrary execution of code. |
CVE-2021-38492
|
| VCID-7sbd-1n7f-ryed | Multiple vulnerabilities have been discovered in Mozilla Thunderbird, the worst of which could lead to remote code execution. |
CVE-2023-4057
|
| VCID-7u5b-uzd5-7kdc | Certain WebGL operations on Apple silicon M series devices could have lead to an out-of-bounds write and memory corruption due to a flaw in Apple's GPU driver. *This bug only affected the application on Apple M series hardware. Other platforms were unaffected.* |
CVE-2024-11691
|
| VCID-7xh6-s1h4-dbhw |
CVE-2026-6759
|
|
| VCID-8bvd-y3qe-8qfk | The Mozilla Maintenance Service does not guard against files being hardlinked to another file in the updates directory, allowing for the replacement of local files, including the Maintenance Service executable, which is run with privileged access. Additionally, there was a race condition during checks for junctions and symbolic links by the Maintenance Service, allowing for potential local file and directory manipulation to be undetected in some circumstances. This allows for potential privilege escalation by a user with unprivileged local access. *Note: These attacks requires local system access and only affects Windows. Other operating systems are not affected.* |
CVE-2019-11736
|
| VCID-8cv4-kvfj-4uek | Mozilla community member Philipp reported a memory safety bug present in Firefox 68 when 360 Total Security was installed. This bug showed evidence of memory corruption in the accessibility engine and we presume that with enough effort that it could be exploited to run arbitrary code. |
CVE-2019-11758
|
| VCID-8hgj-7cb6-fbbp | A race condition is present in the crash generation server used to generate data for the crash reporter. This issue can lead to a use-after-free in the main process, resulting in a potentially exploitable crash and a sandbox escape. *Note: this vulnerability only affects Windows. Other operating systems are unaffected.* |
CVE-2019-9818
|
| VCID-8kgq-qhy6-e3c2 | Multiple vulnerabilities have been discovered in Mozilla Firefox, the worst of which could result in arbitrary code execution. |
CVE-2022-38476
|
| VCID-8xz8-qent-zkav | Multiple vulnerabilities have been found in Mozilla Firefox and Thunderbird the worst of which could lead to the execution of arbitrary code. |
CVE-2016-5260
|
| VCID-9dpt-xfu6-cuh5 | Multiple vulnerabilities have been discovered in Mozilla Thunderbird, the worst of which could lead to remote code execution. |
CVE-2023-4580
|
| VCID-9fsb-vzuc-efc5 | A buffer overflow in SkiaGl caused when a GrGLBuffer is truncated during allocation. Later writers will overflow the buffer, resulting in a potentially exploitable crash. |
CVE-2016-9894
|
| VCID-9fxa-6w88-y3h4 | Multiple vulnerabilities have been found in Mozilla Firefox and Thunderbird the worst of which could lead to the execution of arbitrary code. |
CVE-2016-5268
|
| VCID-9gcq-8grt-vfhc | A maliciously crafted page loaded to the sidebar through a bookmark can reference a privileged chrome window and engage in limited JavaScript operations violating cross-origin protections. |
CVE-2016-9070
|
| VCID-9hep-yqmw-8bg4 | When a new Firefox profile is created on 64-bit Windows installations, the sandbox for 64-bit NPAPI plugins is not enabled by default. *Note: This issue only affects 64-bit Windows. 32-bit Windows and other operating systems are unaffected.* |
CVE-2016-9072
|
| VCID-9tnr-m8mg-3ffw | Due to insufficient escaping of the ampersand character in the “Copy as cURL” feature, an attacker could trick a user into using this command, potentially leading to local code execution on the user's system.*This bug only affects Firefox for Windows. Other versions of Firefox are unaffected.* |
CVE-2025-5265
|
| VCID-9y48-sjn7-rqeu | Mozilla developers and community members Kevin Brosnan, Mihai Alexandru Michis, and Christian Holler reported memory safety bugs present in Thunderbird 91.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. |
CVE-2021-38501
|
| VCID-a2as-nfu2-ykax | Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could lead to remote code execution. |
CVE-2023-32214
|
| VCID-a68p-hcz6-jffj | The Firefox content processes did not sufficiently lockdown access control which could result in a sandbox escape.*Note: this issue only affects Firefox on Windows operating systems.* |
CVE-2020-12388
|
| VCID-af5n-5ye1-s3fd | Mozilla Firefox before 3.6 is vulnerable to XSS via the rendering of Cascading Style Sheets |
CVE-2011-2670
|
| VCID-af6b-4jqc-fugx | The mozAddonManager allows for the installation of extensions from the CDN for addons.mozilla.org, a publicly accessible site. This could allow malicious extensions to install additional extensions from the CDN in combination with an XSS attack on Mozilla AMO sites. |
CVE-2017-5393
|
| VCID-ahzr-nr7g-5ue2 | A STUN server in conjunction with a large number of webkitRTCPeerConnection objects can be used to send large STUN packets in a short period of time due to a lack of rate limiting being applied on e10s systems, allowing for a denial of service attack. |
CVE-2017-5388
|
| VCID-akwm-tx92-bqfs | Mozilla Firefox through 1.5.0.3 has a vulnerability in processing the content-length header |
CVE-2011-2668
|
| VCID-avgs-nz9j-gqg8 | On Windows, a compromised content process could use bad StreamData sent over AudioIPC to trigger a use-after-free in the Browser process. This could have led to a sandbox escape. |
CVE-2025-1930
|
| VCID-ax8a-z9s4-e3dk | A vulnerability was discovered where specific command line arguments are not properly discarded during Firefox invocation as a shell handler for URLs. This could be used to retrieve and execute files whose location is supplied through these command line arguments if Firefox is configured as the default URI handler for a given URI scheme in third party applications and these applications insufficiently sanitize URL data. *Note: This issue only affects Windows operating systems. Other operating systems are unaffected.* |
CVE-2019-9794
|
| VCID-b28z-4pwb-buc2 | When following a link that opened an intent://-schemed URL, causing a custom tab to be opened, Firefox for Android could be tricked into displaying the incorrect URI. *Note: This issue only affects Firefox for Android. Other operating systems are unaffected.* |
CVE-2020-6827
|
| VCID-b65s-fwk5-gkbs | Multiple vulnerabilities have been found in Mozilla Firefox and Thunderbird the worst of which could lead to the execution of arbitrary code. |
CVE-2016-2827
|
| VCID-b8qk-zbj4-yfg2 | When setting a thread name on Windows in WebRTC, an incorrect number of arguments could have been supplied, leading to stack corruption and a potentially exploitable crash. *Note: this issue only occurs on Windows. Other operating systems are unaffected.* |
CVE-2019-13722
|
| VCID-baq3-sm51-3qae | An error in the WindowsDllDetourPatcher where a RWX ("Read/Write/Execute") 4k block is allocated but never protected, violating DEP protections. *Note: This attack only affects Windows operating systems. Other operating systems are not affected.* |
CVE-2017-7782
|
| VCID-bb61-y349-fqgx | Multiple vulnerabilities have been found in Mozilla Firefox and Thunderbird the worst of which could lead to the execution of arbitrary code. |
CVE-2016-5266
|
| VCID-bbsb-t7kv-4bbw | Mozilla developers and community members reported several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. |
CVE-2016-2815
|
| VCID-bd6g-ev4d-kyf6 | Multiple vulnerabilities have been found in Mozilla Thunderbird and Firefox, the worst of which could lead to the execution of arbitrary code. |
CVE-2018-18335
|
| VCID-c52k-tg8d-sbeg | Multiple vulnerabilities have been discovered in Mozilla Thunderbird, the worst of which could result in arbitrary code execution. |
CVE-2023-23599
|
| VCID-c6jc-3917-x7dx | Security researcher Tim McCormack reported that when a page requests a series of permissions in a short timespan, the resulting permission notifications can show the icon for the wrong permission request. This can lead to user confusion and inadvertent consent given when a user is prompted by web content to give permissions, such as for geolocation or microphone access. |
CVE-2016-2829
|
| VCID-cfqv-7r6b-g3e9 | Multiple vulnerabilities have been discovered in Mozilla Thunderbird, the worst of which could lead to remote code execution. |
CVE-2023-4576
|
| VCID-cfy8-73k1-jkdj | The Mozilla Maintenance Service helper.exe application creates a temporary directory writable by non-privileged users. When this is combined with creation of a junction (a form of symbolic link), protected files in the target directory of the junction can be deleted by the Mozilla Maintenance Service, which has privileged access. *Note: This attack requires local system access and only affects Windows. Other operating systems are not affected.* |
CVE-2017-7761
|
| VCID-cmnc-fyxb-rfd4 | An attacker could have caused an out of bounds memory access using WebGL APIs, leading to memory corruption and a potentially exploitable crash.*This bug only affects Firefox for macOS. Other operating systems are unaffected.* |
CVE-2023-29531
|
| VCID-cpra-u2v5-3qg5 | An attack using manipulation of updater.ini contents, used by the Mozilla Windows Updater, and privilege escalation through the Mozilla Maintenance Service to allow for arbitrary file execution and deletion by the Maintenance Service, which has privileged access. *Note: This attack requires local system access and only affects Windows. Other operating systems are not affected.* |
CVE-2017-7766
|
| VCID-cqtb-7t8w-rug2 | A potentially exploitable use-after-free crash during actor destruction with service workers. This issue does not affect releases earlier than Firefox 49. |
CVE-2016-5287
|
| VCID-d5hs-m1zz-kybj | The destructor function for the WindowsDllDetourPatcher class can be re-purposed by malicious code in concert with another vulnerability to write arbitrary data to an attacker controlled location in memory. This can be used to bypass existing memory protections in this situation. *Note: This attack only affects Windows operating systems. Other operating systems are not affected.* |
CVE-2017-7804
|
| VCID-d9dm-aww1-pfbm | Multiple vulnerabilities have been found in Mozilla Firefox and Thunderbird the worst of which could lead to the execution of arbitrary code. |
CVE-2016-5253
|
| VCID-de4g-6sjv-6ugg | Multiple vulnerabilities have been found in Mozilla Firefox and Thunderbird the worst of which could lead to the execution of arbitrary code. |
CVE-2016-2820
|
| VCID-dv2d-9a59-xkaq | Proxy Auto-Config (PAC) files can specify a JavaScript function called for all URL requests with the full URL path which exposes more information than would be sent to the proxy itself in the case of HTTPS. Normally the Proxy Auto-Config file is specified by the user or machine owner and presumed to be non-malicious, but if a user has enabled Web Proxy Auto Detect (WPAD) this file can be served remotely. |
CVE-2017-5384
|
| VCID-dveb-sthz-bkgu | Multiple vulnerabilities have been discovered in Mozilla Thunderbird, the worst of which could result in arbitrary code execution. |
CVE-2023-25738
|
| VCID-dyn7-63ve-37at | Multiple vulnerabilities have been found in Mozilla Firefox and Thunderbird the worst of which could lead to the execution of arbitrary code. |
CVE-2016-2813
|
| VCID-e2ww-ngam-cugq | The "export" function in the Certificate Viewer can force local filesystem navigation when the "common name" in a certificate contains slashes, allowing certificate content to be saved in unsafe locations with an arbitrary filename. |
CVE-2017-5381
|
| VCID-e7p8-zrwx-5ug6 | A flaw in handling fullscreen transitions may have inadvertently caused the application to become stuck in fullscreen mode when a modal dialog was opened during the transition. This issue left users unable to exit fullscreen mode using standard actions like pressing "Esc" or accessing right-click menus, resulting in a disrupted browsing experience until the browser is restarted. *This bug only affects the application when running on macOS. Other operating systems are unaffected.* |
CVE-2024-11698
|
| VCID-ebhp-kzkz-euhu | Similar to CVE-2023-28163, this time when choosing 'Save Link As', suggested filenames containing environment variable names would have resolved those in the context of the current user. *This bug only affects Firefox on Windows. Other versions of Firefox are unaffected.* |
CVE-2023-29545
|
| VCID-efvs-1tuf-guf4 | Information disclosure in the Widget: Cocoa component. This vulnerability affects Firefox < 149, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9. |
CVE-2026-4712
|
| VCID-ewet-6xtr-sqdn | Mozilla Firefox prior to 3.6 has a DoS vulnerability due to an issue in the validation of certificates. |
CVE-2011-2669
|
| VCID-f4ja-2ydw-cufu | The executable file warning was not presented when downloading .library-ms files. *Note: This issue only affected Windows operating systems. Other operating systems are unaffected.* |
CVE-2024-11693
|
| VCID-f8c7-p8nz-bbap | A local attacker can trick the Mozilla Maintenance Service into applying an unsigned update file by pointing the service at an update file on a malicious SMB server. The update file can be replaced after the signature check, before the use, because the write-lock requested by the service does not work on a SMB server.*Note: This attack requires local system access and only affects Windows. Other operating systems are not affected.* |
CVE-2023-29532
|
| VCID-f8wd-xgwu-8kgm | Canvas allows the use of the feDisplacementMap filter on images loaded cross-origin. The rendering by the filter is variable depending on the input pixel, allowing for timing attacks when the images are loaded from third party locations. |
CVE-2016-9077
|
| VCID-fmub-ph5x-pbdu | Redirection from an HTTP connection to a data: URL assigns the referring site's origin to the data: URL in some circumstances. This can result in same-origin violations against a domain if it loads resources from malicious sites. Cross-origin setting of cookies has been demonstrated without the ability to read them. *Note: This issue only affects Firefox 49 and 50.* |
CVE-2016-9078
|
| VCID-fvp8-grcg-27d3 | Multiple vulnerabilities have been found in Mozilla Firefox and Thunderbird the worst of which could lead to the execution of arbitrary code. |
CVE-2016-2812
|
| VCID-g2et-bnvt-9fem | During the initialization of a new content process, a race condition occurs that can allow a content process to disclose heap addresses from the parent process. *Note: this issue only occurs on Windows. Other operating systems are unaffected.* |
CVE-2019-17021
|
| VCID-gbsw-gmc4-uqad | Multiple vulnerabilities have been found in Mozilla Firefox and Thunderbird the worst of which could lead to the execution of arbitrary code. |
CVE-2016-2811
|
| VCID-gqbc-wbhs-4bbx | Multiple vulnerabilities have been found in Mozilla Firefox and Thunderbird the worst of which could lead to the execution of arbitrary code. |
CVE-2016-5256
|
| VCID-gqhc-h5p7-dyh1 | Mozilla's add-ons SDK had a world-accessible resource with an HTML injection vulnerability. If an additional vulnerability allowed this resource to be loaded as a document it could allow injecting content and script into an add-on's context. |
CVE-2016-9903
|
| VCID-gu5n-35b2-a3am | Multiple vulnerabilities have been found in Mozilla Firefox and Thunderbird the worst of which could lead to the execution of arbitrary code. |
CVE-2016-2839
|
| VCID-hhtb-ha1v-tffj | A memory corruption vulnerability in Skia that can occur when using transforms to make gradients, resulting in a potentially exploitable crash. |
CVE-2017-5377
|
| VCID-hhu1-cgcx-nfev | During process shutdown, a document could have caused a use-after-free of a languages service object, leading to memory corruption and a potentially exploitable crash. |
CVE-2021-38498
|
| VCID-htpg-t39z-nbex | Use-after-free vulnerability in Web Animations when interacting with cycle collection found through fuzzing. |
CVE-2017-5379
|
| VCID-j2ax-jb2h-byeu | Multiple vulnerabilities have been discovered in Mozilla Thunderbird, the worst of which could lead to remote code execution. |
CVE-2023-4052
|
| VCID-j2ga-ggcd-fkg1 | Multiple vulnerabilities have been found in Mozilla Firefox and Thunderbird the worst of which could lead to the execution of arbitrary code. |
CVE-2016-2805
|
| VCID-jvy8-w1m2-ayaw | A use-after-free during web animations when working with timelines resulting in a potentially exploitable crash. |
CVE-2016-9068
|
| VCID-jxq3-3gzd-yycp | Multiple vulnerabilities have been found in Mozilla Firefox and Thunderbird the worst of which could lead to the execution of arbitrary code. |
CVE-2016-5294
|
| VCID-k1u4-hqjh-zbc8 | Multiple vulnerabilities have been found in Mozilla Firefox and Thunderbird the worst of which could lead to the execution of arbitrary code. |
CVE-2016-5251
|
| VCID-k813-qahc-ubf4 | Security researcher Aral reported an out-of-bounds write when using the ANGLE graphics library, which is used for WebGL content on Windows systems. This crash occurs due to improper size checking while writing to an array during some WebGL shader operations. The ANGLE graphics library is only used on Windows. Linux, OS X, and Android operating systems are not affected by this vulnerability. |
CVE-2016-2824
|
| VCID-kr94-y6hg-d3hp | Multiple vulnerabilities have been found in Mozilla Firefox, the worst of which may allow execution of arbitrary code. |
CVE-2020-6799
|
| VCID-krg2-d4vy-z7fu | During the initialization of a new content process, a pointer offset can be manipulated leading to memory corruption and a potentially exploitable crash in the parent process. *Note: this issue only occurs on Windows. Other operating systems are unaffected.* |
CVE-2019-17015
|
| VCID-m2vr-a1ee-j7gv | Multiple vulnerabilities have been found in Mozilla Firefox and Thunderbird the worst of which could lead to the execution of arbitrary code. |
CVE-2016-5255
|
| VCID-m5pb-75ag-tfep | Use-after-free while manipulating the navigator object within WebVR. *Note: WebVR is not currently enabled by default.* |
CVE-2016-9896
|
| VCID-m92a-91pv-dffv | If a user downloaded a file lacking an extension on Windows, and then "Open"-ed it from the downloads panel, if there was an executable file in the downloads directory with the same name but with an executable extension (such as .bat or .exe) that executable would have been launched instead.*Note: This issue only affected Windows operating systems. Other operating systems are unaffected.* |
CVE-2020-35112
|
| VCID-mdpv-kcbb-9ubj | Content Security Policy combined with HTTP to HTTPS redirection can be used by malicious server to verify whether a known site is within a user's browser history. |
CVE-2016-9071
|
| VCID-mp4n-ez8p-63ek | Multiple vulnerabilities have been discovered in Mozilla Thunderbird, the worst of which could result in arbitrary code execution. |
CVE-2023-28163
|
| VCID-mqte-f1hw-2ya5 | Multiple vulnerabilities have been found in Mozilla Firefox, the worst of which could result in the arbitrary execution of code. |
CVE-2022-22753
|
| VCID-mtkx-1vvb-3yhp | In the Angle graphics library, depth pitch computations did not take into account the block size and simply multiplied the row pitch with the pixel height. This caused the load functions to use a very high depth pitch, reading past the end of the user-supplied buffer.*Note: This issue only affected Windows operating systems. Other operating systems are unaffected.* |
CVE-2020-16048
|
| VCID-mwrr-ashj-bfg3 | Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could lead to the execution of arbitrary code. |
CVE-2017-7825
|
| VCID-myv9-89b8-w7dm | In the Windows 10 April 2018 Update, Windows Defender SmartScreen honors the SEE_MASK_FLAG_NO_UI flag associated with downloaded files and will not show any UI. Files that are unknown and potentially dangerous will be allowed to run because SmartScreen will not prompt the user for a decision, and if the user is offline all files will be allowed to be opened because Windows won’t prompt the user to ask what to do. Firefox incorrectly sets this flag when downloading files, leading to less secure behavior from SmartScreen. *Note: this issue only affects Windows 10 users running the April 2018 update or later. It does not affect other Windows users or other operating systems.* |
CVE-2018-5174
|
| VCID-n8hk-44ah-bugr | Due to insufficient escaping of the ampersand character in the "copy as cURL" feature, an attacker could trick a user into using this command, potentially leading to local code execution on the user's system.*This bug only affects Firefox for Windows. Other versions of Firefox are unaffected.* |
CVE-2025-4084
|
| VCID-ngw4-xb6d-gqfm | An integer overflow in createImageBitmap() was reported through the Pwn2Own contest. The fix for this vulnerability disables the experimental extensions to the createImageBitmap API. This function runs in the content sandbox, requiring a second vulnerability to compromise a user's computer. |
CVE-2017-5428
|
| VCID-p365-j5gq-4uct | Multiple vulnerabilities have been found in Mozilla Firefox and Thunderbird the worst of which could lead to the execution of arbitrary code. |
CVE-2016-2816
|
| VCID-p595-z1gu-6fgf | Mozilla Firefox before 25 allows modification of anonymous content of pluginProblem.xml binding |
CVE-2013-5594
|
| VCID-pber-bzw2-r3gw | The Mozilla Maintenance Service can be invoked by an unprivileged user to read 32 bytes of any arbitrary file on the local system by convincing the service that it is reading a status file provided by the Mozilla Windows Updater. The Mozilla Maintenance Service executes with privileged access, bypassing system protections against unprivileged users. *Note: This attack requires local system access and only affects Windows. Other operating systems are not affected.* |
CVE-2017-7768
|
| VCID-pn68-e9g7-qbf1 | The executable file warning did not warn users before opening files with the terminal extension. *This bug only affects Thunderbird for macOS. Other versions of Thunderbird are unaffected.* |
CVE-2025-6426
|
| VCID-pv9q-fcta-ffbq | Multiple vulnerabilities have been discovered in Mozilla Thunderbird, the worst of which could lead to remote code execution. |
CVE-2023-4577
|
| VCID-pybp-xzy7-q3a8 | Two use-after-free errors during DOM operations resulting in potentially exploitable crashes. |
CVE-2016-9067
|
| VCID-q38n-z9wb-qufk | Multiple vulnerabilities have been found in Mozilla Firefox and Thunderbird the worst of which could lead to the execution of arbitrary code. |
CVE-2016-5283
|
| VCID-q77k-hc9g-9fhm | The Mozilla Maintenance Service granted SERVICE_START access to BUILTIN|Users which, in a domain network, grants normal remote users access to start or stop the service. This could be used to prevent the browser update service from operating (if an attacker spammed the 'Stop' command); but also exposed attack surface in the maintenance service.*Note: This issue only affected Windows operating systems older than Win 10 build 1709. Other operating systems are unaffected.* |
CVE-2021-29951
|
| VCID-qa9c-xyvd-kygu | Mozilla developer John Schoenick reported that CSS pseudo-classes can be used by web content to leak information on plugins that are installed but disabled. This can be used for information disclosure through a fingerprinting attack that lists all of the plugins installed by a user on a system, even when they are disabled. |
CVE-2016-2832
|
| VCID-qjs9-h3tt-qucf | Special about: pages used by web content, such as RSS feeds, can load privileged about: pages in an iframe. If a content-injection bug were found in one of those pages this could allow for potential privilege escalation. |
CVE-2017-5391
|
| VCID-qrbp-3x9q-q3g2 | Multiple vulnerabilities have been found in Mozilla Firefox and Thunderbird the worst of which could lead to the execution of arbitrary code. |
CVE-2016-5273
|
| VCID-qrqw-p9v1-zfb2 | Multiple vulnerabilities have been found in Mozilla Firefox and Thunderbird the worst of which could lead to the execution of arbitrary code. |
CVE-2016-5282
|
| VCID-qu9b-rst3-v7fa | Security researcher Frédéric Hoguin reported a mechanism where the Mozilla Windows updater could be used to overwrite arbitrary files. He found that files extracted by the updater from a MAR archive are not locked for writing and can be overwritten by other processes while the updater is running. A malicious local program could invoke the updater and then interfere with the extracted files, replacing them with its own. This vulnerability could be used for privilege escalation if these overwritten files were later invoked by other Windows components that had higher privileges. This issue does not affect non-Windows operating systems. |
CVE-2016-2826
|
| VCID-qv7a-3c41-x3cr | Multiple vulnerabilities have been discovered in Mozilla Firefox, the worst of which could result in arbitrary code execution. |
CVE-2022-38477
|
| VCID-qw5k-tgdz-vkcw | The Mozilla Windows updater can be called by a non-privileged user to delete an arbitrary local file by passing a special path to the callback parameter through the Mozilla Maintenance Service, which has privileged access. *Note: This attack requires local system access and only affects Windows. Other operating systems are not affected.* |
CVE-2017-5409
|
| VCID-qwc9-da7w-4kdr | Multiple vulnerabilities have been found in Mozilla Firefox and Thunderbird the worst of which could lead to the execution of arbitrary code. |
CVE-2016-2804
|
| VCID-qzrz-4abn-q7f2 | Security researcher Armin Ebert reported that the location.host property can be set to an arbitrary string after creating an invalid data: URI. This allows for a bypass of some same-origin policy protections. This issue is mitigated by the data: URI in use and any same-origin checks for http: or https: are still enforced correctly. As a result cookie stealing and other common same-origin bypass attacks are not possible. |
CVE-2016-2825
|
| VCID-r34s-64j2-dfff | Feed preview for RSS feeds can be used to capture errors and exceptions generated by privileged content, allowing for the exposure of internal information not meant to be seen by web content. |
CVE-2017-5382
|
| VCID-r7te-y4n3-1uhj | Data sent with in multipart channels, such as the multipart/x-mixed-replace MIME type, will ignore the referrer-policy response header, leading to potential information disclosure for sites using this header. |
CVE-2017-5385
|
| VCID-r8jw-hvmm-pkhs | Multiple vulnerabilities have been found in Mozilla Firefox and Thunderbird the worst of which could lead to the execution of arbitrary code. |
CVE-2016-2835
|
| VCID-rakk-h5vn-kbaw | Given an installed malicious file picker application, an attacker was able to steal and upload local files of their choosing, regardless of the actually files picked. *Note: This issue only affected Firefox for Android. Other operating systems are unaffected.* |
CVE-2020-15649
|
| VCID-rsy6-acfe-ffb5 | The constructed curl command from the "Copy as curl" feature in DevTools was not properly escaped for PowerShell. This could have lead to command injection if pasted into a Powershell prompt.*This bug only affects Firefox for Windows. Other operating systems are unaffected.* |
CVE-2022-22744
|
| VCID-rz6b-kepf-cfg9 | Mozilla developers and community members Christian Holler, Andrew McCreight, Dan Minor, Tyson Smith, Jon Coppeard, Jan-Ivar Bruaroey, Jesse Ruderman, and Markus Stange reported memory safety bugs present in Firefox 49. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. |
CVE-2016-5289
|
| VCID-s3kc-mhdz-nkeh | Multiple vulnerabilities have been discovered in Mozilla Thunderbird, the worst of which could result in arbitrary code execution. |
CVE-2023-25743
|
| VCID-sjy7-cp3x-nfh2 | Multiple vulnerabilities have been found in Mozilla Firefox, the worst of which may allow execution of arbitrary code. |
CVE-2018-12368
|
| VCID-snbc-j4e3-uff1 | Multiple vulnerabilities have been discovered in Mozilla Thunderbird, the worst of which could lead to remote code execution. |
CVE-2023-4582
|
| VCID-sncs-nk53-jbap | Multiple vulnerabilities have been found in Mozilla Firefox and Thunderbird the worst of which could lead to the execution of arbitrary code. |
CVE-2016-5279
|
| VCID-sp11-eqxh-t3gw | Multiple vulnerabilities have been found in Mozilla Firefox and Thunderbird the worst of which could lead to the execution of arbitrary code. |
CVE-2016-2817
|
| VCID-srf6-8n4s-uyb6 | The Mozilla Maintenance Service can be invoked by an unprivileged user to overwrite arbitrary files with junk data using the Mozilla Windows Updater, which runs with the Maintenance Service's privileged access. *Note: This attack requires local system access and only affects Windows. Other operating systems are not affected.* |
CVE-2017-7767
|
| VCID-t769-2t1u-57b6 | Microsoft introduced a new feature in Windows 10 known as Cloud Clipboard which, if enabled, will record data copied to the clipboard to the cloud, and make it available on other computers in certain scenarios. Applications that wish to prevent copied data from being recorded in Cloud History must use specific clipboard formats; and Firefox before versions 94 and ESR 91.3 did not implement them. This could have caused sensitive data to be recorded to a user's Microsoft account.*This bug only affects Firefox for Windows 10+ with Cloud Clipboard enabled. Other operating systems are unaffected.* |
CVE-2021-38505
|
| VCID-t8mb-cdc3-6ydq | Due to large allocation checks in Angle for GLSL shaders being too lenient an out-of-bounds access could occur when allocating more than 8192 ints in private shader memory on mac OS. |
CVE-2024-6600
|
| VCID-tfny-yt17-mffx | Multiple vulnerabilities have been discovered in Mozilla Thunderbird, the worst of which could lead to remote code execution. |
CVE-2023-4054
|
| VCID-tjp3-ck7p-5qg3 | An attacker could have leveraged the Windows Error Reporter to run arbitrary code on the system escaping the sandbox. *Note:* This issue only affected Windows operating systems. Other operating systems are unaffected. |
CVE-2024-2605
|
| VCID-tnxh-tgsm-tuex | A race condition could have allowed bypassing the fullscreen notification which could have lead to a fullscreen window spoof being unnoticed.*This bug only affects Firefox for Windows. Other operating systems are unaffected.* |
CVE-2022-22746
|
| VCID-tq43-rx5u-eybv | Multiple vulnerabilities have been discovered in Mozilla Thunderbird, the worst of which could lead to remote code execution. |
CVE-2023-4583
|
| VCID-u1nc-fgsw-mkhc | Mozilla developers and community members Gary Kwong, Olli Pettay, Tooru Fujisawa, Carsten Book, Andrew McCreight, Chris Pearce, Ronald Crane, Jan de Mooij, Julian Seward, Nicolas Pierron, Randell Jesup, Esther Monchari, Honza Bambas, and Philipp reported memory safety bugs present in Firefox 50.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. |
CVE-2017-5374
|
| VCID-u5n5-6h82-tqhw | Multiple vulnerabilities have been discovered in Mozilla Thunderbird, the worst of which could result in arbitrary code execution. |
CVE-2023-25734
|
| VCID-uhct-zkhb-k3ca | Multiple vulnerabilities have been found in Mozilla Firefox and Thunderbird the worst of which could lead to the execution of arbitrary code. |
CVE-2016-5275
|
| VCID-umhx-zswu-kkbt | Multiple vulnerabilities have been found in Mozilla Firefox and Thunderbird the worst of which could lead to the execution of arbitrary code. |
CVE-2016-5293
|
| VCID-urpr-qse2-7kcf | Searching for a single word from the address bar caused an mDNS request to be sent on the local network searching for a hostname consisting of that string; resulting in an information leak.*Note: This issue only affected Windows operating systems. Other operating systems are unaffected.* |
CVE-2020-26966
|
| VCID-uuc6-a3xx-6khk | Firefox will accept any registered Program ID as an external protocol handler and offer to launch this local application when given a matching URL on Windows operating systems. This should only happen if the program has specifically registered itself as a "URL Handler" in the Windows registry. *Note: This issue only affects Windows operating systems. Other operating systems are unaffected.* |
CVE-2019-9801
|
| VCID-v28j-cvrw-p3c7 | WebExtensions can bypass security checks to load privileged URLs and potentially escape the WebExtension sandbox. |
CVE-2016-9073
|
| VCID-v9ua-1tey-cyaa | Multiple vulnerabilities have been discovered in Mozilla Thunderbird, the worst of which could result in arbitrary code execution. |
CVE-2022-46875
|
| VCID-vdvy-zc8w-6kbf | Multiple vulnerabilities have been found in Mozilla Firefox and Thunderbird the worst of which could lead to the execution of arbitrary code. |
CVE-2016-5271
|
| VCID-vnuz-wp96-pqgt | WebExtensions could use the mozAddonManager API by modifying the CSP headers on sites with the appropriate permissions and then using host requests to redirect script loads to a malicious site. This allows a malicious extension to then install additional extensions without explicit user permission. |
CVE-2017-5389
|
| VCID-vtjf-sufh-p3h4 | crossbeam-deque Data Race before v0.7.4 and v0.8.1 ### Impact In the affected version of this crate, the result of the race condition is that one or more tasks in the worker queue can be popped twice instead of other tasks that are forgotten and never popped. If tasks are allocated on the heap, this can cause double free and a memory leak. If not, this still can cause a logical bug. Crates using `Stealer::steal`, `Stealer::steal_batch`, or `Stealer::steal_batch_and_pop` are affected by this issue. ### Patches This has been fixed in crossbeam-deque 0.8.1 and 0.7.4. ### Credits This issue was reported and fixed by Maor Kleinberger. ### License This advisory is in the public domain. |
CVE-2021-32810
GHSA-pqqp-xmhj-wgcw |
| VCID-vun4-z8ju-gbbc | If Firefox is installed to a user-writable directory, the Mozilla Maintenance Service would execute updater.exe from the install location with administrative privileges. Although the Mozilla Maintenance Service does ensure that updater.exe is signed by Mozilla, the version could have been rolled back to a previous version which would have allowed exploitation of an older bug and arbitrary code execution with system privileges.*Note: This issue only affected Windows operating systems. Other operating systems are unaffected.* |
CVE-2020-15663
|
| VCID-vw4n-4r41-ukbp | Multiple vulnerabilities have been discovered in Mozilla Thunderbird, the worst of which could lead to remote code execution. |
CVE-2023-5727
|
| VCID-vzg5-b77s-g3ft | Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could result in the arbitrary execution of code. |
CVE-2022-34478
|
| VCID-vzkp-7dsz-kbee | Multiple vulnerabilities have been found in Mozilla Firefox and Thunderbird the worst of which could lead to the execution of arbitrary code. |
CVE-2016-2810
|
| VCID-vzwe-r2ms-m7bv | Mozilla engineer Matt Wobensmith reported that Content Security Policy (CSP) does not block the loading of cross-domain Java applets when specified by policy. This is because the Java applet is loaded by the Java plugin, which then mediates all network requests without checking against CSP. This could allow a malicious site to manipulate content through a Java applet to bypass CSP protections, allowing for possible cross-site scripting (XSS) attacks. |
CVE-2016-2833
|
| VCID-wffz-7y83-qkbm | Mozilla developers and community members Kan-Ru Chen, Christian Holler, and Tyson Smith reported memory safety bugs present in Firefox 50.0.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. |
CVE-2016-9080
|
| VCID-wfkr-weku-fudt | Logging-related command line parameters are not properly sanitized when Firefox is launched by another program, such as when a user clicks on malicious links in a chat application. This can be used to write a log file to an arbitrary location such as the Windows 'Startup' folder. *Note: this issue only affects Firefox on Windows operating systems.* |
CVE-2019-11751
|
| VCID-wfqy-u76t-ybgb | Following the recent Chrome sandbox escape (CVE-2025-2783), various Firefox developers identified a similar pattern in our IPC code. A compromised child process could cause the parent process to return an unintentionally powerful handle, leading to a sandbox escape. The original vulnerability was being exploited in the wild. *This only affects Firefox on Windows. Other operating systems are unaffected.* |
CVE-2025-2857
|
| VCID-wzxk-316c-xqcg | When downloading files on Windows, the % character was not escaped, which could have lead to a download incorrectly being saved to attacker-influenced paths that used variables such as %HOMEPATH% or %APPDATA%.*This bug only affects Firefox for Windows. Other operating systems are unaffected.* |
CVE-2022-31739
|
| VCID-xrg1-azru-5qf1 | Multiple vulnerabilities have been discovered in Mozilla Thunderbird, the worst of which could lead to remote code execution. |
CVE-2023-4051
|
| VCID-xspq-dfwk-27gq | Mozilla developer Johann Hofmann reported that unsanitized output in the browser UI can lead to arbitrary code execution. This issue did not affect Firefox for Android or Firefox 52 ESR. |
CVE-2018-5124
|
| VCID-y7rn-wb1d-vbdg | The "Mark of the Web" was not correctly saved on Windows when files with very long names were downloaded from the Internet. Without the Mark of the Web data, the security warning that Windows displays before running executables downloaded from the Internet is not shown. *Note: This attack only affects Windows operating systems. Other operating systems are unaffected.* |
CVE-2017-7765
|
| VCID-yfmg-82tr-gfec | The executable file warning was not presented when downloading .inetloc files, which, due to a flaw in Mac OS, can run commands on a user's computer.*Note: This issue only affected Mac OS operating systems. Other operating systems are unaffected.* |
CVE-2021-38510
|
| VCID-ygrd-4scr-wkau | Multiple vulnerabilities have been discovered in Mozilla Thunderbird, the worst of which could lead to remote code execution. |
CVE-2023-4053
|
| VCID-yust-3g8v-muas | The executable file warning was not presented when downloading .xrm-ms files. *Note: This issue only affected Windows operating systems. Other operating systems are unaffected.* |
CVE-2024-3863
|
| VCID-yy4z-p3f1-qbbc | An issue where a <select> dropdown menu can be used to cover location bar content, resulting in potential spoofing attacks. This attack requires e10s to be enabled in order to function. |
CVE-2016-9076
|
| VCID-z86r-71n4-p7aj | Multiple vulnerabilities have been found in Mozilla Firefox and Thunderbird the worst of which could lead to the execution of arbitrary code. |
CVE-2016-5267
|
| VCID-zdbt-zhtq-xfhj | Insufficient escaping in the “Copy as cURL” feature could have been used to trick a user into executing unexpected code on Windows. This did not affect Firefox running on other operating systems. |
CVE-2025-11713
|
| VCID-zjn8-79ab-tqd3 | Multiple vulnerabilities have been discovered in Mozilla Thunderbird, the worst of which could lead to remote code execution. |
CVE-2023-5726
|
| VCID-zycf-ufab-8yfb | The Firefox installer allows Firefox to be installed to a custom user writable location, leaving it unprotected from manipulation by unprivileged users or malware. If the Mozilla Maintenance Service is manipulated to update this unprotected location and the updated maintenance service in the unprotected location has been altered, the altered maintenance service can run with elevated privileges during the update process due to a lack of integrity checks. This allows for privilege escalation if the executable has been replaced locally. *Note: This attack requires local system access and only affects Windows. Other operating systems are not affected.* |
CVE-2019-11753
|