Search for packages
| purl | pkg:deb/debian/firefox-esr@115.14.0esr-1~deb11u1?distro=trixie |
| Next non-vulnerable version | 115.14.0esr-1~deb12u1 |
| Latest non-vulnerable version | 140.9.1esr-1~deb13u1 |
| Risk | 4.4 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-5dw5-vpt8-zqbz
Aliases: CVE-2026-5731 |
Memory safety bugs present in Firefox ESR 115.34.0, Firefox ESR 140.9.0, Thunderbird ESR 140.9.0, Firefox 149.0.1 and Thunderbird 149.0.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. |
Affected by 1 other vulnerability. Affected by 1 other vulnerability. Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 1 other vulnerability. |
|
VCID-9ag7-z86d-nba9
Aliases: CVE-2026-5734 |
Memory safety bugs present in Firefox ESR 140.9.0, Thunderbird ESR 140.9.0, Firefox 149.0.1 and Thunderbird 149.0.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. |
Affected by 1 other vulnerability. Affected by 1 other vulnerability. Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 1 other vulnerability. |
|
VCID-qbzp-euvv-q7c7
Aliases: CVE-2026-5732 |
Affected by 1 other vulnerability. Affected by 1 other vulnerability. Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 1 other vulnerability. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| VCID-11pv-s4za-tbch | A bug in popup notifications' interaction with WebAuthn made it easier for an attacker to trick a user into granting permissions. |
CVE-2024-4768
|
| VCID-135c-h34e-tye5 | Multiple vulnerabilities have been found in Mozilla Thunderbird, the world of which could result in arbitrary code execution. |
CVE-2022-40957
|
| VCID-13he-qsr4-h3d4 | Incorrect boundary conditions in the Audio/Video: GMP component. This vulnerability affects Firefox < 149, Firefox ESR < 115.34, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9. |
CVE-2026-4709
|
| VCID-13hn-7fbd-mfhq | Multiple vulnerabilities have been discovered in Mozilla Thunderbird, the worst of which could lead to remote code execution. |
CVE-2024-1553
|
| VCID-14gr-rfym-5yha | Multiple vulnerabilities have been found in Mozilla Firefox, the worst of which could result in the arbitrary execution of code. |
CVE-2020-6463
|
| VCID-15mn-5hnv-w7f4 | The Firefox content processes did not sufficiently lockdown access control which could result in a sandbox escape.*Note: this issue only affects Firefox on Windows operating systems.* |
CVE-2020-12389
|
| VCID-16q2-yvfb-u3br | Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could result in the arbitrary execution of code. |
CVE-2019-11717
|
| VCID-17tt-jftn-m3bd | Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could result in the arbitrary execution of code. |
CVE-2022-31737
|
| VCID-18my-61hh-n3gb | Multiple vulnerabilities have been discovered in Mozilla Firefox, the worst of which can lead to arbitrary code execution. |
CVE-2025-1934
|
| VCID-19cb-y1de-u3bn | Multiple vulnerabilities have been found in Firefox, Thunderbird, Network Security Services (NSS), and NetScape Portable Runtime (NSPR) with the worst of which may allow remote execution of arbitrary code. |
CVE-2016-1957
|
| VCID-19r2-4svk-uydr | Multiple vulnerabilities have been discovered in Mozilla Thunderbird, the worst of which could lead to remote code execution. |
CVE-2023-4578
|
| VCID-1a64-m2w1-hkhs | Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could result in the arbitrary execution of code. |
CVE-2020-6814
|
| VCID-1dkk-86db-s3ch | Multiple vulnerabilities have been discovered in Mozilla Thunderbird, the worst of which could lead to remote code execution. |
CVE-2023-5168
|
| VCID-1e61-jk2b-aubw | Multiple vulnerabilities have been found in Mozilla Firefox, the worst of which could result in the arbitrary execution of code. |
CVE-2021-23994
|
| VCID-1erb-xc8r-8kfm | Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could result in the arbitrary execution of code. |
CVE-2022-26384
|
| VCID-1frd-d76n-13fm | Multiple vulnerabilities have been found in Mozilla Firefox, the worst of which could result in the arbitrary execution of code. |
CVE-2020-26965
|
| VCID-1fv1-edht-ufag | Uninitialized memory in the Graphics: Canvas2D component. This vulnerability affects Firefox < 149, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9. |
CVE-2026-4715
|
| VCID-1gbp-dg93-wud9 | Multiple vulnerabilities have been found in Mozilla Firefox, the worst of which may allow execution of arbitrary code. |
CVE-2018-5129
|
| VCID-1hak-cqnh-tqay | Multiple vulnerabilities have been discovered in Mozilla Thunderbird, the worst of which could result in arbitrary code execution. |
CVE-2022-45406
|
| VCID-1hay-xe3q-gyb4 | Use-after-free in the Graphics: ImageLib component. This vulnerability affects Firefox < 148, Firefox ESR < 115.33, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8. |
CVE-2026-2789
|
| VCID-1jqj-tqfp-73f7 | JIT miscompilation in the JavaScript Engine: JIT component. This vulnerability affects Firefox < 146, Firefox ESR < 140.6, Thunderbird < 146, and Thunderbird < 140.6. |
CVE-2025-14325
|
| VCID-1phe-59fw-9qdt | Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could result in the arbitrary execution of code. |
CVE-2022-22739
|
| VCID-1q54-juu2-xbat | Multiple vulnerabilities have been found in Mozilla Firefox and Mozilla Thunderbird, the worst of which could result in the arbitrary execution of code. |
CVE-2020-15683
|
| VCID-1rj3-tt63-4yc1 | Through use of reportValidity() and window.open(), a plain-text validation message could have been overlaid on another origin, leading to possible user confusion and spoofing attacks. |
CVE-2021-38497
|
| VCID-1s5n-6p4c-q3ds | Multiple vulnerabilities have been found in Mozilla Firefox, the worst of which could result in the arbitrary execution of code. |
CVE-2020-12417
|
| VCID-1tcx-3zn1-ykdq | Multiple vulnerabilities have been found in Mozilla Firefox and Thunderbird the worst of which could lead to the execution of arbitrary code. |
CVE-2016-9904
|
| VCID-1u8u-pnq3-t7ae | Incorrect boundary conditions in the WebRTC: Audio/Video component. This vulnerability affects Firefox < 148, Firefox ESR < 115.33, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8. |
CVE-2026-2757
|
| VCID-1ur2-g3su-pqd3 | A Cliqz.com developer demonstrated that web content could access information in the HTTP cache if e10s is disabled. This can reveal some visited URLs and the contents of those pages. This issue affects Firefox 48 and 49. |
CVE-2016-5288
|
| VCID-1v2s-g46y-ybdc | Memory safety bugs present in Firefox ESR 140.7, Thunderbird ESR 140.7, Firefox 147 and Thunderbird 147. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. |
CVE-2026-2792
|
| VCID-1vpc-vfey-qkb6 | Multiple vulnerabilities have been discovered in Mozilla Thunderbird, the worst of which could result in arbitrary code execution. |
CVE-2023-25732
|
| VCID-1w8j-w2rh-hqdf | Multiple vulnerabilities have been found in Mozilla Firefox and Thunderbird the worst of which could lead to the execution of arbitrary code. |
CVE-2016-2809
|
| VCID-1xcg-n9k4-tqc4 | A bug in WebAssembly code generation could have lead to a crash. It may have been possible for an attacker to leverage this to achieve code execution. |
CVE-2025-1011
|
| VCID-1zf8-qjts-9fbc | Multiple vulnerabilities have been discovered in Mozilla Firefox, the worst of which can lead to arbitrary code execution. |
CVE-2024-11704
|
| VCID-22wr-t2b9-g7bv | Multiple vulnerabilities have been reported in the SeaMonkey project, some of which may allow the remote execution of arbitrary code. |
CVE-2006-6499
|
| VCID-23bx-as83-e3bv | Multiple vulnerabilities have been found in Mozilla Firefox, the worst of which may allow execution of arbitrary code. |
CVE-2017-5435
|
| VCID-23eu-22t2-cydd | Incorrect boundary conditions in the Audio/Video component. This vulnerability affects Firefox < 149, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9. |
CVE-2026-4714
|
| VCID-2648-ggwp-cyfv | Multiple vulnerabilities have been discovered in Mozilla Thunderbird, the worst of which could result in arbitrary code execution. |
CVE-2023-25735
|
| VCID-26d3-ctnj-7kbh | Use-after-free in the CSS Parsing and Computation component. This vulnerability affects Firefox < 149, Firefox ESR < 115.34, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9. |
CVE-2026-4691
|
| VCID-26jx-pxqe-yucz | Multiple vulnerabilities have been found in Firefox, Thunderbird, Network Security Services (NSS), and NetScape Portable Runtime (NSPR) with the worst of which may allow remote execution of arbitrary code. |
CVE-2016-1958
|
| VCID-27hw-egkx-w7d4 | Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could result in the arbitrary execution of code. |
CVE-2022-1529
|
| VCID-289s-f2w6-53g9 | Incorrect boundary conditions, uninitialized memory in the JavaScript Engine component. This vulnerability affects Firefox < 149, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9. |
CVE-2026-4716
|
| VCID-2a5d-8cac-mkft | A newline in a filename could have been used to bypass the file extension security mechanisms that replace malicious file extensions such as .lnk with .download. This could have led to accidental execution of malicious code.*This bug only affects Firefox on Windows. Other versions of Firefox are unaffected.* |
CVE-2023-29542
|
| VCID-2bnv-phbv-7khe | Multiple vulnerabilities have been reported in Mozilla Firefox. |
CVE-2006-5464
|
| VCID-2cd3-m37k-5ydh | Multiple vulnerabilities have been found in Mozilla Firefox, the worst of which could result in the arbitrary execution of code. |
CVE-2021-29946
|
| VCID-2ejc-7bd5-qkbf | Multiple vulnerabilities have been discovered in Mozilla Firefox, the worst of which can lead to arbitrary code execution. |
CVE-2025-3028
|
| VCID-2j27-84u7-83ak | Multiple vulnerabilities have been found in Mozilla Firefox and Thunderbird the worst of which could lead to the execution of arbitrary code. |
CVE-2016-5276
|
| VCID-2j6k-5q8j-3fbc | Multiple vulnerabilities have been discovered in Mozilla Firefox, the worst of which arbitrary code execution. |
CVE-2024-9680
|
| VCID-2k99-39yt-gkbe | During operations on MessageTasks, a task may have been removed while it was still scheduled, resulting in memory corruption and a potentially exploitable crash. |
CVE-2021-38496
|
| VCID-2ptm-gx1p-uyhf | Multiple vulnerabilities have been found in Mozilla Firefox and Thunderbird the worst of which could lead to the execution of arbitrary code. |
CVE-2016-9897
|
| VCID-2pvz-3cmq-53dk | Multiple vulnerabilities have been discovered in Mozilla Thunderbird, the worst of which could lead to remote code execution. |
CVE-2024-7519
|
| VCID-2s85-r5tn-wucn | Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could result in the arbitrary execution of code. |
CVE-2022-31741
|
| VCID-2sd2-88zt-kkaq | Multiple vulnerabilities have been found in Mozilla Firefox, the worst of which may allow execution of arbitrary code. |
CVE-2020-6796
|
| VCID-2syj-hbw7-fkbp | Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could result in the arbitrary execution of code. |
CVE-2021-29988
|
| VCID-2tts-gwgd-zqcz | A vulnerability has been discovered in NSS, which can lead to the recovery of private data. |
CVE-2023-5388
|
| VCID-2u79-8nnu-e7dj | The Extensions manager in Mozilla Firefox 2.0 does not properly populate the list of local extensions, which allows attackers to construct an extension that hides itself by finding its name in the list and then calling RemoveElement, as demonstrated by the FFsniFF extension. NOTE: it was later reported that 3.0 is also affected. |
CVE-2006-6585
|
| VCID-2vyc-yhw7-muea | Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could result in the arbitrary execution of code. |
CVE-2021-43546
|
| VCID-2w58-mdmk-guh8 | Mozilla has updated the version of Network Security Services (NSS) library used in Firefox to NSS 3.23. This addresses four moderate rated networking security issues reported by Mozilla engineers Tyson Smith and Jed Davis. |
CVE-2016-2834
|
| VCID-2wqx-77qd-fbfd | Multiple vulnerabilities have been found in Mozilla Firefox, the worst of which may allow execution of arbitrary code. |
CVE-2018-12386
|
| VCID-2xe3-59tz-zbc3 | Multiple vulnerabilities have been found in Mozilla Firefox and Thunderbird the worst of which could lead to the execution of arbitrary code. |
CVE-2016-9901
|
| VCID-2xtz-k8nq-n3hf | A malicious Android application could craft an Intent that would have been processed by Firefox for Android and potentially result in a file overwrite in the user's profile directory. One exploitation vector for this would be to supply a user.js file providing arbitrary malicious preference values. Control of arbitrary preferences can lead to sufficient compromise such that it is generally equivalent to arbitrary code execution. *Note: This issue only affects Firefox for Android. Other operating systems are unaffected.* |
CVE-2020-6828
|
| VCID-2xza-hhmr-5ybw | Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could lead to the execution of arbitrary code. |
CVE-2017-7826
|
| VCID-2z7p-2uj3-2qfb | If hyperthreading is not disabled, a timing attack vulnerability exists, similar to previous Spectre attacks. Apple has shipped macOS 10.14.5 with an option to disable hyperthreading in applications running untrusted code in a thread through a new sysctl. Firefox now makes use of it on the main thread and any worker threads. *Note: users need to update to macOS 10.14.5 in order to take advantage of this change.* |
CVE-2019-9815
|
| VCID-2zdh-azdw-tuav | Multiple vulnerabilities have been discovered in Mozilla Thunderbird, the worst of which could lead to remote code execution. |
CVE-2024-2609
|
| VCID-32pc-j3he-pffx | Multiple vulnerabilities have been discovered in Mozilla Thunderbird, the worst of which could lead to remote code execution. |
CVE-2023-4055
|
| VCID-3315-b7du-kydm | Multiple vulnerabilities have been found in Mozilla Firefox, the worst of which may allow execution of arbitrary code. |
CVE-2017-5448
|
| VCID-3465-gq22-3kfy | Multiple vulnerabilities have been found in Expat, the worst of which may allow execution of arbitrary code. |
CVE-2016-0718
|
| VCID-351y-4nek-u3aw | JIT miscompilation in the JavaScript Engine: JIT component. This vulnerability affects Firefox < 149, Firefox ESR < 115.34, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9. |
CVE-2026-4698
|
| VCID-362f-1bn1-mbg5 | Multiple vulnerabilities have been discovered in Mozilla Thunderbird, the worst of which could result in arbitrary code execution. |
CVE-2022-46882
|
| VCID-37ud-wx7n-mqhs | Multiple vulnerabilities have been found in Mozilla Firefox, the worst of which could result in arbitrary code execution. |
CVE-2022-42927
|
| VCID-38j9-cugr-abc9 | Multiple vulnerabilities have been found in Mozilla Firefox and Mozilla Thunderbird, the worst of which could result in the arbitrary execution of code. |
CVE-2020-35113
|
| VCID-3ayf-d2s1-67ff | Multiple vulnerabilities have been discovered in Mozilla Thunderbird, the worst of which could lead to remote code execution. |
CVE-2024-8382
|
| VCID-3cbn-278y-hkah | Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could lead to the execution of arbitrary code. |
CVE-2017-7784
|
| VCID-3dea-vjmc-b7eb | Multiple vulnerabilities have been found in Mozilla Firefox and Thunderbird the worst of which could lead to the execution of arbitrary code. |
CVE-2016-5297
|
| VCID-3ega-m6fz-uugy | Multiple vulnerabilities have been found in Mozilla Firefox, the worst of which may allow execution of arbitrary code. |
CVE-2017-5464
|
| VCID-3ehk-593t-abcp | Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could lead to the execution of arbitrary code. |
CVE-2017-5408
|
| VCID-3gmj-y8qd-ufej | Use-after-free in the DOM: Window and Location component. This vulnerability affects Firefox < 148, Firefox ESR < 115.33, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8. |
CVE-2026-2787
|
| VCID-3grf-hwk1-3fh8 | Incorrect boundary conditions in the Graphics: Text component. This vulnerability affects Firefox < 149, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9. |
CVE-2026-4719
|
| VCID-3kd3-hwzv-efbn | Memory safety bugs present in Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird ESR 140.8, Firefox 148 and Thunderbird 148. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. |
CVE-2026-4721
|
| VCID-3nup-1513-ybaq | Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could lead to the execution of arbitrary code. |
CVE-2017-5400
|
| VCID-3nzs-5tgj-q3hw | Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could result in the arbitrary execution of code. |
CVE-2021-23964
|
| VCID-3p7d-8qjd-kyd5 | An out of date graphics library (Angle) likely contained vulnerabilities that could potentially be exploited. |
CVE-2021-4127
|
| VCID-3pvs-3ppc-r7a5 | Multiple vulnerabilities have been discovered in Mozilla Thunderbird, the worst of which could lead to remote code execution. |
CVE-2024-3857
|
| VCID-3qfb-sxha-v3cw | Same-origin policy bypass in the Layout component. This vulnerability affects Firefox < 143, Firefox ESR < 140.3, Thunderbird < 143, and Thunderbird < 140.3. |
CVE-2025-10529
|
| VCID-3sg3-9yx7-fufa | Same-origin policy bypass in the Networking: JAR component. This vulnerability affects Firefox < 148, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8. |
CVE-2026-2790
|
| VCID-3smq-ax5u-ryd3 | Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could result in the arbitrary execution of code. |
CVE-2019-17012
|
| VCID-3tww-nhmh-gua6 | Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could lead to the execution of arbitrary code. |
CVE-2017-5410
|
| VCID-3ux5-gp3e-2udq | Multiple vulnerabilities have been found in Mozilla Firefox and Mozilla Thunderbird, the worst of which could result in the arbitrary execution of code. |
CVE-2020-15669
|
| VCID-3v78-2fyv-tqht | Multiple vulnerabilities have been found in Mozilla Firefox, the worst of which may allow execution of arbitrary code. |
CVE-2018-12385
|
| VCID-3vbp-2h4f-7bav | A missing delay on when pointer lock was used could have allowed a malicious page to trick a user into granting permissions. |
CVE-2024-2611
|
| VCID-3xgu-7evz-mffw | Undefined behavior in the WebRTC: Signaling component. This vulnerability affects Firefox < 149, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9. |
CVE-2026-4705
|
| VCID-3yea-3gw6-xkcb | Multiple vulnerabilities have been found in Mozilla Firefox and Mozilla Thunderbird, the worst of which could result in the arbitrary execution of code. |
CVE-2020-35111
|
| VCID-3zwq-1hwc-3fgj | Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could result in the arbitrary execution of code. |
CVE-2021-29976
|
| VCID-41g2-dvb2-yqhg | Memory safety bugs present in Firefox 123, Firefox ESR 115.8, and Thunderbird 115.8. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. |
CVE-2024-2614
|
| VCID-436x-mrs7-q3gk | Multiple vulnerabilities have been found in Mozilla Firefox, the worst of which could result in the arbitrary execution of code. |
CVE-2020-26960
|
| VCID-43dj-vtap-2qd2 | Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could lead to remote code execution. |
CVE-2023-32206
|
| VCID-43nm-4qjy-vfgj | On arm64, a WASM br_table instruction with a lot of entries could lead to the label being too far from the instruction causing truncation and incorrect computation of the branch address. |
CVE-2025-8028
|
| VCID-44zf-meps-6fey | Given an installed malicious file picker application, an attacker was able to overwrite local files and thus overwrite Firefox settings (but not access the previous profile). *Note: This issue only affected Firefox for Android. Other operating systems are unaffected.* |
CVE-2020-15650
|
| VCID-46cy-x3cp-tke5 | Multiple vulnerabilities have been discovered in Mozilla Firefox, the worst of which could result in arbitrary code execution. |
CVE-2024-0743
|
| VCID-47dr-szw4-ryfr | During URL parsing, a maliciously crafted URL can cause a potentially exploitable crash. |
CVE-2016-5292
|
| VCID-48em-7yxs-pqf9 | Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could lead to the execution of arbitrary code. |
CVE-2017-7779
|
| VCID-4azu-y4y6-nyff | Multiple vulnerabilities have been found in Graphite, the worst of which could lead to the remote execution of arbitrary code. |
CVE-2016-2794
|
| VCID-4bw1-v6ze-kbds | Mitigation bypass in the DOM: Security component. This vulnerability affects Firefox < 145, Firefox ESR < 140.5, Thunderbird < 145, and Thunderbird < 140.5. |
CVE-2025-13018
|
| VCID-4byg-5gy3-kkff | The username:password part was not correctly stripped from URLs in CSP reports potentially leaking HTTP Basic Authentication credentials. |
CVE-2025-8031
|
| VCID-4c3c-ygt3-kbg5 | Multiple vulnerabilities have been found in Mozilla Firefox, the worst of which may allow execution of arbitrary code. |
CVE-2020-6797
|
| VCID-4d2q-usge-77ft | Multiple vulnerabilities have been found in Mozilla Firefox and Thunderbird the worst of which could lead to the execution of arbitrary code. |
CVE-2016-9898
|
| VCID-4f4y-p7h8-dygq | Multiple vulnerabilities have been discovered in Mozilla Thunderbird, the worst of which could lead to remote code execution. |
CVE-2023-5728
|
| VCID-4g3s-bh4t-qqhc | Multiple vulnerabilities have been found in Mozilla Firefox, the worst of which could lead to remote code execution. |
CVE-2023-6867
|
| VCID-4g7u-xmdq-mkdn | Privilege escalation in the Netmonitor component. This vulnerability affects Firefox < 146, Firefox ESR < 140.6, Thunderbird < 146, and Thunderbird < 140.6. |
CVE-2025-14328
|
| VCID-4gsx-puz4-a3f1 | Use-after-free in MediaTrackGraphImpl::GetInstance() |
CVE-2025-11708
|
| VCID-4gwx-75uj-tyep | Mozilla community member jomo reported a use-after-free crash when processing WebGL content. This issue was caused by the use of a texture after its recycle pool has been destroyed during WebGL operations, which frees the memory associated with the texture. This results in a potentially exploitable crash when the texture is later called. |
CVE-2016-2828
|
| VCID-4hnb-y6bt-4fb1 | Multiple vulnerabilities have been found in Graphite, the worst of which could lead to the remote execution of arbitrary code. |
CVE-2016-2798
|
| VCID-4jqv-p541-tfa9 | Multiple vulnerabilities have been found in Mozilla Firefox, the worst of which may allow execution of arbitrary code. |
CVE-2017-7749
|
| VCID-4kd3-95cm-g3fc | Same-origin policy bypass in the DOM: Workers component. This vulnerability affects Firefox < 145, Firefox ESR < 140.5, Thunderbird < 145, and Thunderbird < 140.5. |
CVE-2025-13019
|
| VCID-4m2d-td6c-ukd4 | Multiple vulnerabilities have been found in Mozilla Thunderbird, the world of which could result in arbitrary code execution. |
CVE-2022-40958
|
| VCID-4n3b-syg9-ykh9 | Multiple vulnerabilities have been found in Mozilla Firefox, the worst of which may allow execution of arbitrary code. |
CVE-2017-5446
|
| VCID-4nqf-nxkj-x3g4 | GetBoundName could return the wrong version of an object when JIT optimizations were applied. |
CVE-2024-3852
|
| VCID-4q6h-ac7c-6fav | Multiple vulnerabilities have been found in Mozilla Firefox, the worst of which could result in arbitrary code execution. |
CVE-2022-42928
|
| VCID-4q6w-tdk9-d3an | Memory safety bugs present in Firefox ESR 140.8, Thunderbird ESR 140.8, Firefox 148 and Thunderbird 148. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. |
CVE-2026-4720
|
| VCID-4r8e-64b6-bbbu | Use-after-free in the Widget: Cocoa component. This vulnerability affects Firefox < 149, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9. |
CVE-2026-4711
|
| VCID-4rpa-nwnh-b3h3 | The Mozilla Windows updater modifies some files to be updated by reading the original file and applying changes to it. The location of the original file can be altered by a malicious user by passing a special path to the callback parameter through the Mozilla Maintenance Service, allowing the manipulation of files in the installation directory and privilege escalation by manipulating the Mozilla Maintenance Service, which has privileged access. *Note: This attack requires local system access and only affects Windows. Other operating systems are not affected.* |
CVE-2017-7760
|
| VCID-4seg-6hwv-3qaw | The "Forget about this site" feature in the History pane is intended to remove all saved user data that indicates a user has visited a site. This includes removing any HTTP Strict Transport Security (HSTS) settings received from sites that use it. Due to a bug, sites on the pre-load list also have their HSTS setting removed. On the next visit to that site if the user specifies an http: URL rather than secure https: they will not be protected by the pre-loaded HSTS setting. After that visit the site's HSTS setting will be restored. |
CVE-2019-11747
|
| VCID-4sv2-j8zg-xkhf | When running, the updater service wrote status and log files to an unrestricted location; potentially allowing an unprivileged process to locate and exploit a vulnerability in file handling in the updater service. *Note: This attack requires local system access and only affects Windows. Other operating systems are not affected.* |
CVE-2019-17009
|
| VCID-4vps-3cxv-xyd5 | On Windows 10, when using the 'Save As' functionality, an attacker could have tricked the browser into saving the file with a disallowed extension such as .url by including an invalid character in the extension. *Note:* This issue only affected Windows operating systems. Other operating systems are unaffected. |
CVE-2024-5692
|
| VCID-4vt1-q4wj-87bm | Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could result in the arbitrary execution of code. |
CVE-2021-29980
|
| VCID-4xqc-36jb-63c2 | Use-after-free in the JavaScript Engine component. This vulnerability affects Firefox < 148, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8. |
CVE-2026-2786
|
| VCID-4xud-hwda-pyhw | Multiple vulnerabilities have been found in Mozilla Firefox and Thunderbird the worst of which could lead to the execution of arbitrary code. |
CVE-2016-5272
|
| VCID-4yvm-d9qr-ebaw | Multiple vulnerabilities have been discovered in NSS, the worst of which could result in arbitrary code execution. |
CVE-2022-1097
|
| VCID-4z19-eyh7-9yf4 | The existence of a specifically requested local file can be found due to the double firing of the onerror when the source attribute on a <track> tag refers to a file that does not exist if the source page is loaded locally. |
CVE-2017-5387
|
| VCID-4z8m-8jr8-pqh6 | Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could lead to remote code execution. |
CVE-2023-32212
|
| VCID-4zjw-4gjw-pqh1 | Multiple vulnerabilities have been discovered in Mozilla Firefox, the worst of which can lead to arbitrary code execution. |
CVE-2025-0242
|
| VCID-51jr-5fzq-hbav | Multiple vulnerabilities have been found in Mozilla Firefox, the worst of which could result in the arbitrary execution of code. |
CVE-2021-23969
|
| VCID-52ha-qvpu-ruc8 | Multiple vulnerabilities have been discovered in Mozilla Thunderbird, the worst of which could lead to remote code execution. |
CVE-2023-37208
|
| VCID-545u-wnrj-z3dh | Multiple vulnerabilities have been found in Mozilla Firefox and Thunderbird the worst of which could lead to the execution of arbitrary code. |
CVE-2016-5291
|
| VCID-54vr-pby9-ffg7 | Multiple vulnerabilities have been found in Mozilla Firefox, the worst of which may allow execution of arbitrary code. |
CVE-2017-5459
|
| VCID-5666-pp89-aqc2 | The 'Copy as cURL' feature of Devtools' network tab did not properly escape the HTTP method of a request, which can be controlled by the website. If a user used the 'Copy as cURL' feature and pasted the command into a terminal, it could have resulted in command injection and arbitrary command execution.*Note: this issue only affects Firefox on Windows operating systems.* |
CVE-2020-12393
|
| VCID-58mr-4qat-sfet | Multiple vulnerabilities have been discovered in Mozilla Firefox, the worst of which could arbitrary code execution. |
CVE-2024-29944
|
| VCID-59up-n66e-fyhx | Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could result in the arbitrary execution of code. |
CVE-2022-28281
|
| VCID-59wd-mtjt-4ban | Memory safety bugs present in Firefox ESR 115.28, Firefox ESR 140.3, Thunderbird ESR 140.3, Firefox 143 and Thunderbird 143. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. |
CVE-2025-11714
|
| VCID-59xd-f8wh-xbe5 | Mozilla Firefox 1.5.0.6 allows remote attackers to cause a denial of service (crash) via a crafted FTP response, when attempting to connect with a username and password via the FTP URI. |
CVE-2006-4310
|
| VCID-5aga-y5nk-5fha | A locally-installed hostile program could send `WM_COPYDATA` messages that Firefox would processing incorrectly, leading to an out-of-bounds read. *This bug only affects Firefox on Windows. Other operating systems are unaffected.* |
CVE-2021-29964
|
| VCID-5c1p-6gjw-wkgx | Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could lead to the execution of arbitrary code. |
CVE-2018-12391
|
| VCID-5dw5-vpt8-zqbz | Memory safety bugs present in Firefox ESR 115.34.0, Firefox ESR 140.9.0, Thunderbird ESR 140.9.0, Firefox 149.0.1 and Thunderbird 149.0.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. |
CVE-2026-5731
|
| VCID-5dyh-s3yd-vqes | Multiple vulnerabilities have been found in Mozilla Firefox and Thunderbird the worst of which could lead to the execution of arbitrary code. |
CVE-2016-9895
|
| VCID-5ept-fu7g-8kes | Privilege escalation in the Netmonitor component. This vulnerability affects Firefox < 148, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8. |
CVE-2026-2780
|
| VCID-5f8u-kf14-tkah | Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could result in the arbitrary execution of code. |
CVE-2022-31738
|
| VCID-5fnn-ru3z-f3dt | Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could result in the arbitrary execution of code. |
CVE-2019-11712
|
| VCID-5hzf-gdbj-8ud8 | Double Free There exists a use after free/double free in libwebp. An attacker can use the ApplyFiltersAndEncode() function and loop through to free best.bw and assign best = trial pointer. The second loop will then return 0 because of an Out of memory error in VP8 encoder, the pointer is still assigned to trial and the AddressSanitizer will attempt a double free. |
CVE-2023-1999
|
| VCID-5j6z-g7gt-qyea | Multiple vulnerabilities have been discovered in Mozilla Firefox, the worst of which can lead to arbitrary code execution. |
CVE-2024-11694
|
| VCID-5kwn-x8e4-ukgq | Memory safety bugs present in Firefox ESR 140.5, Thunderbird ESR 140.5, Firefox 145 and Thunderbird 145. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. |
CVE-2025-14333
|
| VCID-5n3q-eby7-67de | Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could lead to the execution of arbitrary code. |
CVE-2017-5373
|
| VCID-5p2x-6brd-xfad | Default fonts on OS X display some Tibetan characters as whitespace. When used in the addressbar as part of an IDN this can be used for domain name spoofing attacks. *Note: This attack only affects OS X operating systems. Other operating systems are unaffected.* |
CVE-2017-7763
|
| VCID-5pf4-9k7e-hbee | Multiple vulnerabilities have been found in Mozilla Firefox and Mozilla Thunderbird, the worst of which could result in the arbitrary execution of code. |
CVE-2020-16042
|
| VCID-5qap-6r9b-6qbv | Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could result in the arbitrary execution of code. |
CVE-2021-38493
|
| VCID-5qf5-d44c-t7gu | Multiple vulnerabilities have been discovered in Mozilla Thunderbird, the worst of which could lead to remote code execution. |
CVE-2023-6862
|
| VCID-5rhb-8wbf-kyfu | Multiple vulnerabilities have been found in Mozilla Firefox, the worst of which could result in the arbitrary execution of code. |
CVE-2020-6822
|
| VCID-5srb-q1nd-1qfh | A buffer overflow occurs when drawing and validating elements using Direct 3D 9 with the ANGLE graphics library, used for WebGL content. This is due to an incorrect value being passed within the library during checks and results in a potentially exploitable crash. *Note: This attack only affects Windows operating systems. Other operating systems are unaffected.* |
CVE-2017-7845
|
| VCID-5utj-ddpa-17gq | Multiple vulnerabilities have been found in Mozilla Firefox and Mozilla Thunderbird, the worst of which could result in the arbitrary execution of code. |
CVE-2020-26974
|
| VCID-5wqt-2dtu-8qa4 | Multiple vulnerabilities have been found in Firefox, Thunderbird, Network Security Services (NSS), and NetScape Portable Runtime (NSPR) with the worst of which may allow remote execution of arbitrary code. |
CVE-2016-1950
|
| VCID-5zmj-5xkc-zkgc | A vulnerability exists in the Windows sandbox where an uninitialized value in memory can be leaked to a renderer from a broker when making a call to access an otherwise unavailable file. This results in the potential leaking of information stored at that memory location. *Note: this issue only occurs on Windows. Other operating systems are unaffected.* |
CVE-2019-11694
|
| VCID-622g-5uav-bbgd | Multiple vulnerabilities have been found in Mozilla Firefox, the worst of which may allow execution of arbitrary code. |
CVE-2017-7764
|
| VCID-646f-ndeq-5bee | Sandbox escape due to incorrect boundary conditions in the Telemetry component. This vulnerability affects Firefox < 149, Firefox ESR < 115.34, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9. |
CVE-2026-4687
|
| VCID-65mp-nvc7-6kff | Multiple vulnerabilities have been found in Mozilla Thunderbird and Firefox, the worst of which could lead to the execution of arbitrary code. |
CVE-2018-18356
|
| VCID-667g-8khd-kkhm | Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could lead to the execution of arbitrary code. |
CVE-2017-5407
|
| VCID-66dg-7sm8-vbgx | Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could result in the arbitrary execution of code. |
CVE-2021-29970
|
| VCID-66z1-8zeg-9qh1 | Sandbox escape due to undefined behavior, invalid pointer in the Graphics: Canvas2D component. This vulnerability affects Firefox < 143, Firefox ESR < 140.3, Thunderbird < 143, and Thunderbird < 140.3. |
CVE-2025-10528
|
| VCID-675n-7uzz-pqdj | Sandbox escape due to use-after-free in the Disability Access APIs component. This vulnerability affects Firefox < 149, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9. |
CVE-2026-4688
|
| VCID-67my-umrg-wkgm | Multiple vulnerabilities have been found in Graphite, the worst of which could lead to the remote execution of arbitrary code. |
CVE-2016-2802
|
| VCID-697p-cpq8-1qax | Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could lead to remote code execution. |
CVE-2023-32205
|
| VCID-6atn-q8xc-6fdr | Multiple vulnerabilities have been found in Mozilla Firefox, the worst of which could result in the arbitrary execution of code. |
CVE-2021-23978
|
| VCID-6b6h-x2km-u7fb | Multiple vulnerabilities have been discovered in Mozilla Thunderbird, the worst of which could lead to remote code execution. |
CVE-2024-1549
|
| VCID-6bbw-b3rx-a7hj | Multiple vulnerabilities have been discovered in Mozilla Thunderbird, the worst of which could lead to remote code execution. |
CVE-2024-10462
|
| VCID-6cde-35h4-vqaj | An issue where WebExtensions can use the mozAddonManager API to elevate privilege due to privileged pages being allowed in the permissions list. This allows a malicious extension to then install additional extensions without explicit user permission. |
CVE-2016-9075
|
| VCID-6cx1-8t9m-u3av | Incorrect boundary conditions in the Graphics component. This vulnerability affects Firefox < 147, Firefox ESR < 115.32, Firefox ESR < 140.7, Thunderbird < 147, and Thunderbird < 140.7. |
CVE-2026-0886
|
| VCID-6f7n-yr9x-8fbw | Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could result in the arbitrary execution of code. |
CVE-2022-22751
|
| VCID-6fkp-5fzu-fydp | Mozilla developers and community members Andreas Pehrson and Christian Holler reported memory safety bugs present in Thunderbird 91.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. |
CVE-2021-38500
|
| VCID-6fsa-bnes-tkff | Use-after-free in the JavaScript Engine component. This vulnerability affects Firefox < 148, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8. |
CVE-2026-2765
|
| VCID-6j2f-jjzf-tbdd | Multiple vulnerabilities have been found in Mozilla Firefox, the worst of which could result in the arbitrary execution of code. |
CVE-2020-6820
|
| VCID-6jw1-pere-ruee | Memory safety bugs present in Firefox ESR 140.3, Thunderbird ESR 140.3, Firefox 143 and Thunderbird 143. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. |
CVE-2025-11715
|
| VCID-6nhk-apgd-h7gh | Multiple vulnerabilities have been found in Mozilla Firefox, the worst of which may allow execution of arbitrary code. |
CVE-2018-18498
|
| VCID-6p3q-f7f6-mygv | Mozilla developers and community members Christian Holler, Jon Coppeard, Milan Sreckovic, Tyson Smith, Ronald Crane, Randell Jesup, Philipp, Tooru Fujisawa, and Kan-Ru Chen reported memory safety bugs present in Firefox 52 and Firefox ESR 52. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. |
CVE-2017-5430
|
| VCID-6pk2-g77j-h3b2 | An integer overflow during the parsing of XML using the Expat library. |
CVE-2016-9063
|
| VCID-6rpt-16pv-yfar | The Firefox installer on Windows can be made to load malicious DLL files stored in the same directory as the installer when it is run. This allows privileged execution if the installer is run with elevated privileges. *Note: This attack only affects Windows operating systems. Other operating systems are unaffected.* |
CVE-2017-7755
|
| VCID-6s88-vfr8-u3hj | Multiple vulnerabilities have been discovered in Mozilla Thunderbird, the worst of which could lead to remote code execution. |
CVE-2023-4585
|
| VCID-6sun-2gu6-jqh7 | Multiple vulnerabilities have been found in Mozilla Firefox, the worst of which may allow execution of arbitrary code. |
CVE-2017-5434
|
| VCID-6tm9-1vsh-1qa3 | Multiple vulnerabilities have been discovered in Mozilla Thunderbird, the worst of which could lead to remote code execution. |
CVE-2023-4047
|
| VCID-6uth-8k3d-7qdj | Multiple vulnerabilities have been found in Mozilla Firefox, the worst of which may allow execution of arbitrary code. |
CVE-2018-12381
|
| VCID-6xgq-h4jf-sya9 | Multiple vulnerabilities have been found in Mozilla Firefox and Thunderbird the worst of which could lead to the execution of arbitrary code. |
CVE-2016-2808
|
| VCID-6z7n-s34h-nbed | Mozilla developers and community members Mikhail Gavrilov, Tyson Smith, Marcia Knous, Tom Ritter, Philipp, and Bob Owens reported memory safety bugs present in Firefox 68 and Firefox ESR 68. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. |
CVE-2019-11735
|
| VCID-6zjy-1agk-nbd9 | Multiple vulnerabilities have been discovered in Mozilla Thunderbird, the worst of which could lead to remote code execution. |
CVE-2023-5174
|
| VCID-72hn-2x6h-tbde | Multiple vulnerabilities have been found in Mozilla Firefox, the worst of which could result in the arbitrary execution of code. |
CVE-2020-12421
|
| VCID-73wu-d7y3-7bge | Multiple vulnerabilities have been discovered in Mozilla Thunderbird, the worst of which could result in arbitrary code execution. |
CVE-2023-1945
|
| VCID-7458-uqdr-5fg7 | Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could result in the arbitrary execution of code. |
CVE-2021-43541
|
| VCID-754j-7erb-z7ae | Mozilla Firefox's update mechanism allowed a medium-integrity user process to interfere with the SYSTEM-level updater by manipulating the file-locking behavior. By injecting code into the user-privileged process, an attacker could bypass intended access controls, allowing SYSTEM-level file operations on paths controlled by a non-privileged user and enabling privilege escalation. |
CVE-2025-2817
|
| VCID-75fd-w925-4qh4 | Multiple vulnerabilities have been found in Mozilla Firefox and Mozilla Thunderbird, the worst of which could result in the arbitrary execution of code. |
CVE-2020-15676
|
| VCID-75sb-xb3r-3fa8 | Multiple vulnerabilities have been discovered in Mozilla Thunderbird, the worst of which could lead to remote code execution. |
CVE-2023-4573
|
| VCID-77u8-v9gs-sfca | Multiple vulnerabilities have been discovered in Mozilla Thunderbird, the worst of which could result in arbitrary code execution. |
CVE-2023-25728
|
| VCID-77xm-mea8-n3ec | Multiple vulnerabilities have been found in Mozilla Firefox, the worst of which may allow execution of arbitrary code. |
CVE-2018-12393
|
| VCID-77xw-dvy5-5uch | Multiple vulnerabilities have been found in Mozilla Firefox, the worst of which may allow execution of arbitrary code. |
CVE-2017-5445
|
| VCID-77y6-jskt-qucb | libexpat in Expat before 2.7.2 allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing. |
CVE-2025-59375
|
| VCID-782n-nc6m-13ec | Multiple vulnerabilities have been discovered in Mozilla Thunderbird, the worst of which could lead to remote code execution. |
CVE-2024-1551
|
| VCID-7939-5qcd-tqgg | Modification of specific WebGL shader attributes could trigger an out-of-bounds read, which, when chained with other vulnerabilities, could be used to escalate privileges.*This bug only affects Firefox for macOS. Other versions of Firefox are unaffected.* |
CVE-2025-4082
|
| VCID-79kw-syxy-n7a1 | Multiple vulnerabilities have been found in Mozilla Firefox, the worst of which may allow execution of arbitrary code. |
CVE-2017-5447
|
| VCID-7acy-1dnk-pkcq | Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could result in the arbitrary execution of code. |
CVE-2022-31747
|
| VCID-7b8k-mgs3-cud5 | Multiple vulnerabilities have been discovered in Mozilla Thunderbird, the worst of which could result in arbitrary code execution. |
CVE-2023-29550
|
| VCID-7ej9-whhw-97hn | A vulnerability where a JavaScript compartment mismatch can occur while working with the fetch API, resulting in a potentially exploitable crash. |
CVE-2019-9819
|
| VCID-7eu3-hxbk-8fd7 | Multiple vulnerabilities have been discovered in Mozilla Firefox, the worst of which can lead to arbitrary code execution. |
CVE-2025-1935
|
| VCID-7fvy-7hpe-kbej | Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could result in the arbitrary execution of code. |
CVE-2021-38492
|
| VCID-7hkk-2k6p-vyc7 | Multiple vulnerabilities have been found in Mozilla Firefox, the worst of which may allow execution of arbitrary code. |
CVE-2019-17024
|
| VCID-7hu9-yxju-9bae | Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could lead to the execution of arbitrary code. |
CVE-2018-5099
|
| VCID-7kf6-5a92-hfhk | Multiple vulnerabilities have been found in Mozilla Firefox and Thunderbird the worst of which could lead to the execution of arbitrary code. |
CVE-2016-5252
|
| VCID-7krh-czjm-4ufx | Multiple vulnerabilities have been found in Mozilla Firefox and Mozilla Thunderbird, the worst of which could result in the arbitrary execution of code. |
CVE-2020-26978
|
| VCID-7ksf-b6g3-ukcc | Multiple vulnerabilities have been found in Mozilla Firefox, the worst of which may allow execution of arbitrary code. |
CVE-2018-5155
|
| VCID-7mvz-mr2e-hyfx | Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could lead to the execution of arbitrary code. |
CVE-2017-7787
|
| VCID-7p9y-82kb-r7h3 | Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could result in the arbitrary execution of code. |
CVE-2022-34472
|
| VCID-7q66-66b2-kucc | Script elements loading cross-origin resources generated load and error events which leaked information enabling XS-Leaks attacks. |
CVE-2025-5266
|
| VCID-7sbd-1n7f-ryed | Multiple vulnerabilities have been discovered in Mozilla Thunderbird, the worst of which could lead to remote code execution. |
CVE-2023-4057
|
| VCID-7t2x-pksm-ubgy | Multiple vulnerabilities have been discovered in Mozilla Thunderbird, the worst of which could result in arbitrary code execution. |
CVE-2022-45416
|
| VCID-7u5b-uzd5-7kdc | Certain WebGL operations on Apple silicon M series devices could have lead to an out-of-bounds write and memory corruption due to a flaw in Apple's GPU driver. *This bug only affected the application on Apple M series hardware. Other platforms were unaffected.* |
CVE-2024-11691
|
| VCID-7v6j-9uuc-qkc8 | An attacker was able to perform an out-of-bounds read or write on a JavaScript object by confusing array index sizes. |
CVE-2025-4919
|
| VCID-7vfx-u76f-ubet | By tricking the browser with a X-Frame-Options header, a sandboxed iframe could have presented a button that, if clicked by a user, would bypass restrictions to open a new window. |
CVE-2024-5691
|
| VCID-7vk4-9vwa-pbe9 | Multiple vulnerabilities have been discovered in Mozilla Thunderbird, the worst of which could result in arbitrary code execution. |
CVE-2022-45418
|
| VCID-7wac-zu58-5kgj | Multiple vulnerabilities have been found in Mozilla Firefox, the worst of which could result in the arbitrary execution of code. |
CVE-2020-6825
|
| VCID-7wmw-hpfw-vuaa | Sandbox escape in the Graphics: WebRender component. This vulnerability affects Firefox < 148, Firefox ESR < 115.33, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8. |
CVE-2026-2761
|
| VCID-7wvh-upas-2bgh | An attacker could, via a specially crafted multipart response, execute arbitrary JavaScript under the `resource://devtools` origin. This could allow them to access cross-origin JSON content. This access is limited to "same site" documents by the Site Isolation feature on desktop clients, but full cross-origin access is possible on Android versions. |
CVE-2024-9394
|
| VCID-7x5h-kej1-e3ef | Multiple vulnerabilities have been discovered in Mozilla Firefox, the worst of which could result in arbitrary code execution. |
CVE-2024-0751
|
| VCID-7yw2-2r4n-rugg | Multiple vulnerabilities have been found in Mozilla Thunderbird and Firefox, the worst of which could lead to the execution of arbitrary code. |
CVE-2019-9790
|
| VCID-7zqn-1txc-r3d2 | When saving a page to PDF, certain font styles could have led to a potential use-after-free crash. |
CVE-2024-4770
|
| VCID-83xt-ng2x-zugv | Multiple vulnerabilities have been found in Mozilla Firefox, the worst of which could result in the arbitrary execution of code. |
CVE-2020-26953
|
| VCID-84jf-84jx-3fgj | Privilege escalation in the DOM: Notifications component. This vulnerability affects Firefox < 146, Firefox ESR < 115.31, Firefox ESR < 140.6, Thunderbird < 146, and Thunderbird < 140.6. |
CVE-2025-14323
|
| VCID-84kk-wfxx-t3c8 | Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could lead to the execution of arbitrary code. |
CVE-2017-5380
|
| VCID-86q8-2yv7-efez | Multiple vulnerabilities have been found in Graphite, the worst of which could lead to the remote execution of arbitrary code. |
CVE-2016-2790
|
| VCID-878b-mn4w-wkg4 | Multiple vulnerabilities have been discovered in Mozilla Thunderbird, the worst of which could lead to remote code execution. |
CVE-2023-4049
|
| VCID-87mf-fznn-m3gy | Multiple vulnerabilities have been discovered in Mozilla Thunderbird, the worst of which could lead to remote code execution. |
CVE-2023-6205
|
| VCID-89es-k3ja-1be1 | PDF.js vulnerable to arbitrary JavaScript execution upon opening a malicious PDF ### Impact If pdf.js is used to load a malicious PDF, and PDF.js is configured with `isEvalSupported` set to `true` (which is the default value), unrestricted attacker-controlled JavaScript will be executed in the context of the hosting domain. ### Patches The patch removes the use of `eval`: https://github.com/mozilla/pdf.js/pull/18015 ### Workarounds Set the option `isEvalSupported` to `false`. ### References https://bugzilla.mozilla.org/show_bug.cgi?id=1893645 |
CVE-2024-4367
GHSA-wgrm-67xf-hhpq |
| VCID-89kx-fdvr-73cs | Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could result in the arbitrary execution of code. |
CVE-2022-22754
|
| VCID-89t2-wzrw-nycq | Multiple vulnerabilities have been found in Mozilla Firefox, the worst of which may allow execution of arbitrary code. |
CVE-2018-12362
|
| VCID-8bvd-y3qe-8qfk | The Mozilla Maintenance Service does not guard against files being hardlinked to another file in the updates directory, allowing for the replacement of local files, including the Maintenance Service executable, which is run with privileged access. Additionally, there was a race condition during checks for junctions and symbolic links by the Maintenance Service, allowing for potential local file and directory manipulation to be undetected in some circumstances. This allows for potential privilege escalation by a user with unprivileged local access. *Note: These attacks requires local system access and only affects Windows. Other operating systems are not affected.* |
CVE-2019-11736
|
| VCID-8cv4-kvfj-4uek | Mozilla community member Philipp reported a memory safety bug present in Firefox 68 when 360 Total Security was installed. This bug showed evidence of memory corruption in the accessibility engine and we presume that with enough effort that it could be exploited to run arbitrary code. |
CVE-2019-11758
|
| VCID-8dgu-ppan-9ub2 | Multiple vulnerabilities have been discovered in Mozilla Thunderbird, the worst of which could lead to remote code execution. |
CVE-2023-4048
|
| VCID-8dmy-qa26-rbha | Multiple vulnerabilities have been found in Mozilla Firefox and Thunderbird the worst of which could lead to the execution of arbitrary code. |
CVE-2016-5258
|
| VCID-8enx-7aa9-cqd3 | Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could result in the arbitrary execution of code. |
CVE-2022-22737
|
| VCID-8fny-dsut-7ba3 | Multiple vulnerabilities have been discovered in Mozilla Thunderbird, the worst of which could lead to remote code execution. |
CVE-2023-5171
|
| VCID-8frm-8p43-pyh8 | Multiple vulnerabilities have been found in Mozilla Firefox, the worst of which may allow execution of arbitrary code. |
CVE-2017-5442
|
| VCID-8fu2-5gxg-ekhy | Multiple vulnerabilities have been found in Mozilla Firefox, the worst of which could result in the arbitrary execution of code. |
CVE-2021-23961
|
| VCID-8hgj-7cb6-fbbp | A race condition is present in the crash generation server used to generate data for the crash reporter. This issue can lead to a use-after-free in the main process, resulting in a potentially exploitable crash and a sandbox escape. *Note: this vulnerability only affects Windows. Other operating systems are unaffected.* |
CVE-2019-9818
|
| VCID-8hm6-nz5h-yfcm | An attacker was able to perform an out-of-bounds read or write on a JavaScript `Promise` object. |
CVE-2025-4918
|
| VCID-8hqw-tgvq-pucf | Multiple vulnerabilities have been found in Mozilla Firefox, the worst of which could result in the arbitrary execution of code. |
CVE-2020-12392
|
| VCID-8jzn-g96u-tudw | Multiple vulnerabilities have been found in Mozilla Firefox, the worst of which could result in the arbitrary execution of code. |
CVE-2020-26956
|
| VCID-8k1r-9djq-h3bh | Multiple vulnerabilities have been found in Mozilla Firefox, the worst of which may allow execution of arbitrary code. |
CVE-2018-12390
|
| VCID-8k4z-rq29-mqg5 | Multiple vulnerabilities have been discovered in Mozilla Firefox, the worst of which can lead to arbitrary code execution. |
CVE-2024-11697
|
| VCID-8kgq-qhy6-e3c2 | Multiple vulnerabilities have been discovered in Mozilla Firefox, the worst of which could result in arbitrary code execution. |
CVE-2022-38476
|
| VCID-8m89-ma2u-5fgu | Multiple vulnerabilities have been discovered in Mozilla Thunderbird, the worst of which could lead to remote code execution. |
CVE-2023-5730
|
| VCID-8q1b-fdq4-aqha | Multiple vulnerabilities have been discovered in Mozilla Thunderbird, the worst of which could result in arbitrary code execution. |
CVE-2022-45405
|
| VCID-8qtg-h4km-bfg2 | Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could result in the arbitrary execution of code. |
CVE-2019-11719
|
| VCID-8qyy-e4jt-rbc4 | Incorrect boundary conditions in the Audio/Video: Web Codecs component. This vulnerability affects Firefox < 149, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9. |
CVE-2026-4695
|
| VCID-8rq6-26hu-m3gz | Multiple vulnerabilities have been found in Mozilla Thunderbird and Firefox, the worst of which could lead to the execution of arbitrary code. |
CVE-2019-9813
|
| VCID-8s22-tw1u-7kbw | Multiple vulnerabilities have been discovered in Mozilla Thunderbird, the worst of which could result in arbitrary code execution. |
CVE-2022-45411
|
| VCID-8san-ze3j-dqdx | Multiple vulnerabilities have been discovered in Mozilla Firefox, the worst of which can lead to arbitrary code execution. |
CVE-2025-3030
|
| VCID-8sba-dejt-vqfp | Multiple vulnerabilities have been discovered in Mozilla Thunderbird, the worst of which could lead to remote code execution. |
CVE-2024-3861
|
| VCID-8tmx-53k3-pbfj | Multiple vulnerabilities have been found in Mozilla Firefox, the worst of which could result in the arbitrary execution of code. |
CVE-2020-26961
|
| VCID-8u4y-zrhv-8fe9 | Clickjacking issue, information disclosure in the PDF Viewer component. This vulnerability affects Firefox < 147, Firefox ESR < 140.7, Thunderbird < 147, and Thunderbird < 140.7. |
CVE-2026-0887
|
| VCID-8v6z-1ktm-jygr | Multiple vulnerabilities have been discovered in Mozilla Thunderbird, the worst of which could result in arbitrary code execution. |
CVE-2023-23602
|
| VCID-8vka-qus2-tbhj | Heap buffer overflow in libvpx. This vulnerability affects Firefox < 147.0.4, Firefox ESR < 140.7.1, Firefox ESR < 115.32.1, Thunderbird < 140.7.2, and Thunderbird < 147.0.2. |
CVE-2026-2447
|
| VCID-8wgm-j522-4yac | An out-of-bounds write in Graphite might allow remote attackers to execute arbitrary code. |
CVE-2017-5436
|
| VCID-8xek-k5y2-6bfp | Sandbox escape due to incorrect boundary conditions, integer overflow in the XPCOM component. This vulnerability affects Firefox < 149, Firefox ESR < 115.34, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9. |
CVE-2026-4689
|
| VCID-8xz8-qent-zkav | Multiple vulnerabilities have been found in Mozilla Firefox and Thunderbird the worst of which could lead to the execution of arbitrary code. |
CVE-2016-5260
|
| VCID-8y7u-dhmg-j3ch | Multiple vulnerabilities have been found in Mozilla Firefox and Thunderbird the worst of which could lead to the execution of arbitrary code. |
CVE-2016-2838
|
| VCID-8ztk-5sbf-6kez | Multiple vulnerabilities have been found in Mozilla Firefox and Mozilla Thunderbird, the worst of which could result in the arbitrary execution of code. |
CVE-2020-15673
|
| VCID-8zy6-g8kn-hbdc | Mitigation bypass in the DOM: HTML Parser component. This vulnerability affects Firefox < 148, Firefox ESR < 115.33, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8. |
CVE-2026-2775
|
| VCID-92j3-c6tu-tkc9 | Multiple vulnerabilities have been found in Firefox, Thunderbird, Network Security Services (NSS), and NetScape Portable Runtime (NSPR) with the worst of which may allow remote execution of arbitrary code. |
CVE-2016-1955
|
| VCID-92qb-fqpr-27hm | A use-after-free vulnerability can occur in the chrome event handler when it is freed while still in use. This results in a potentially exploitable crash. |
CVE-2019-9820
|
| VCID-935y-sfuq-qqgh | Multiple vulnerabilities have been found in Mozilla Firefox and Thunderbird the worst of which could lead to the execution of arbitrary code. |
CVE-2016-5263
|
| VCID-93au-w2zh-3yhg | Integer overflow in the SVG component. This vulnerability affects Firefox < 143, Firefox ESR < 115.28, Firefox ESR < 140.3, Thunderbird < 143, and Thunderbird < 140.3. |
CVE-2025-10533
|
| VCID-94py-4f6r-gbf9 | Multiple vulnerabilities have been found in Firefox, Thunderbird, Network Security Services (NSS), and NetScape Portable Runtime (NSPR) with the worst of which may allow remote execution of arbitrary code. |
CVE-2016-1952
|
| VCID-957q-jagj-9kg7 | Multiple vulnerabilities have been discovered in Mozilla Thunderbird, the worst of which could lead to remote code execution. |
CVE-2024-7527
|
| VCID-95vw-esba-23a2 | Multiple vulnerabilities have been discovered in Mozilla Firefox, the worst of which can lead to arbitrary code execution. |
CVE-2025-1937
|
| VCID-962a-dwqf-3ycg | Incorrect boundary conditions in the JavaScript: WebAssembly component. This vulnerability affects Firefox < 145, Firefox ESR < 140.5, Thunderbird < 145, and Thunderbird < 140.5. |
CVE-2025-13016
|
| VCID-98mt-7srw-qfh4 | A vulnerability has been discovered in libvpx, which could lead to execution of arbitrary code. |
CVE-2025-5283
|
| VCID-9ag7-z86d-nba9 | Memory safety bugs present in Firefox ESR 140.9.0, Thunderbird ESR 140.9.0, Firefox 149.0.1 and Thunderbird 149.0.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. |
CVE-2026-5734
|
| VCID-9dpt-xfu6-cuh5 | Multiple vulnerabilities have been discovered in Mozilla Thunderbird, the worst of which could lead to remote code execution. |
CVE-2023-4580
|
| VCID-9e85-bdkj-zyf3 | Multiple vulnerabilities have been discovered in Mozilla Thunderbird, the worst of which could result in arbitrary code execution. |
CVE-2023-25751
|
| VCID-9fsb-vzuc-efc5 | A buffer overflow in SkiaGl caused when a GrGLBuffer is truncated during allocation. Later writers will overflow the buffer, resulting in a potentially exploitable crash. |
CVE-2016-9894
|
| VCID-9fxa-6w88-y3h4 | Multiple vulnerabilities have been found in Mozilla Firefox and Thunderbird the worst of which could lead to the execution of arbitrary code. |
CVE-2016-5268
|
| VCID-9gcq-8grt-vfhc | A maliciously crafted page loaded to the sidebar through a bookmark can reference a privileged chrome window and engage in limited JavaScript operations violating cross-origin protections. |
CVE-2016-9070
|
| VCID-9hep-yqmw-8bg4 | When a new Firefox profile is created on 64-bit Windows installations, the sandbox for 64-bit NPAPI plugins is not enabled by default. *Note: This issue only affects 64-bit Windows. 32-bit Windows and other operating systems are unaffected.* |
CVE-2016-9072
|
| VCID-9k9g-4cxt-3faj | Multiple vulnerabilities have been found in Mozilla Firefox, the worst of which may allow execution of arbitrary code. |
CVE-2017-7754
|
| VCID-9rm3-u7dy-zuhu | Same-origin policy bypass in the Graphics: Canvas2D component. |
CVE-2025-9180
|
| VCID-9saf-1zax-5ycy | Multiple vulnerabilities have been found in Mozilla Firefox, the worst of which could lead to remote code execution. |
CVE-2023-6865
|
| VCID-9tdt-84zg-3fd7 | Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could result in the arbitrary execution of code. |
CVE-2022-31742
|
| VCID-9the-k9nt-4bdg | Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could lead to remote code execution. |
CVE-2023-34416
|
| VCID-9tkb-9fch-67bc | Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could result in the arbitrary execution of code. |
CVE-2022-1802
|
| VCID-9tnj-j5xv-43cm | Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could result in the arbitrary execution of code. |
CVE-2022-36318
|
| VCID-9tnr-m8mg-3ffw | Due to insufficient escaping of the ampersand character in the “Copy as cURL” feature, an attacker could trick a user into using this command, potentially leading to local code execution on the user's system.*This bug only affects Firefox for Windows. Other versions of Firefox are unaffected.* |
CVE-2025-5265
|
| VCID-9y48-sjn7-rqeu | Mozilla developers and community members Kevin Brosnan, Mihai Alexandru Michis, and Christian Holler reported memory safety bugs present in Thunderbird 91.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. |
CVE-2021-38501
|
| VCID-9ym2-agp7-budj | Multiple vulnerabilities have been discovered in Mozilla Thunderbird, the worst of which could result in arbitrary code execution. |
CVE-2023-23601
|
| VCID-9z3s-qfbc-vbdc | Multiple vulnerabilities have been discovered in Mozilla Thunderbird, the worst of which could lead to remote code execution. |
CVE-2023-6859
|
| VCID-9zxb-j4ep-n7g9 | Mitigation bypass in the Networking: Cache component. This vulnerability affects Firefox < 148, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8. |
CVE-2026-2791
|
| VCID-a2as-nfu2-ykax | Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could lead to remote code execution. |
CVE-2023-32214
|
| VCID-a2k9-85qx-u7cy | Multiple vulnerabilities have been found in Mozilla Thunderbird and Firefox, the worst of which could lead to the execution of arbitrary code. |
CVE-2019-9788
|
| VCID-a2nq-ss2f-bqac | Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could result in the arbitrary execution of code. |
CVE-2022-29917
|
| VCID-a2x3-x693-gqdf | Multiple vulnerabilities have been found in Mozilla Firefox, the worst of which could result in the arbitrary execution of code. |
CVE-2021-23984
|
| VCID-a659-299u-byfb | Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could result in the arbitrary execution of code. |
CVE-2021-29986
|
| VCID-a68p-hcz6-jffj | The Firefox content processes did not sufficiently lockdown access control which could result in a sandbox escape.*Note: this issue only affects Firefox on Windows operating systems.* |
CVE-2020-12388
|
| VCID-a6wm-rraf-gbh9 | Multiple vulnerabilities have been found in Mozilla Firefox, the worst of which could result in the arbitrary execution of code. |
CVE-2020-6831
|
| VCID-a79m-8sp3-v3dh | Multiple vulnerabilities have been found in Mozilla Firefox, the worst of which may allow execution of arbitrary code. |
CVE-2018-12360
|
| VCID-a8gt-y9j7-zuhs | Multiple vulnerabilities have been discovered in Mozilla Thunderbird, the worst of which could result in arbitrary code execution. |
CVE-2023-29548
|
| VCID-a8vw-n16x-duee | Due to insufficient escaping of the newline character in the “Copy as cURL” feature, an attacker could trick a user into using this command, potentially leading to local code execution on the user's system. |
CVE-2025-5264
|
| VCID-a98z-hwzc-wkcj | Use-after-free in the IPC component. This vulnerability affects Firefox < 147, Firefox ESR < 115.32, Firefox ESR < 140.7, Thunderbird < 147, and Thunderbird < 140.7. |
CVE-2026-0882
|
| VCID-abt2-6a7f-pfba | Multiple vulnerabilities have been discovered in Mozilla Thunderbird, the worst of which could lead to remote code execution. |
CVE-2024-3864
|
| VCID-adfd-zkn8-3fgd | Multiple vulnerabilities have been found in Mozilla Firefox, the worst of which may allow execution of arbitrary code. |
CVE-2018-5156
|
| VCID-aemu-emvp-hkfh | Multiple vulnerabilities have been discovered in Mozilla Thunderbird, the worst of which could lead to remote code execution. |
CVE-2024-10460
|
| VCID-af5n-5ye1-s3fd | Mozilla Firefox before 3.6 is vulnerable to XSS via the rendering of Cascading Style Sheets |
CVE-2011-2670
|
| VCID-af6b-4jqc-fugx | The mozAddonManager allows for the installation of extensions from the CDN for addons.mozilla.org, a publicly accessible site. This could allow malicious extensions to install additional extensions from the CDN in combination with an XSS attack on Mozilla AMO sites. |
CVE-2017-5393
|
| VCID-ag5p-n7es-v7gh | Multiple vulnerabilities have been discovered in Mozilla Thunderbird, the worst of which could result in arbitrary code execution. |
CVE-2023-28176
|
| VCID-ag97-q79a-xbgb | Multiple vulnerabilities have been discovered in Mozilla Thunderbird, the worst of which could result in arbitrary code execution. |
CVE-2023-23605
|
| VCID-ahzj-vepp-r3f4 | Multiple vulnerabilities have been found in Mozilla Firefox, the worst of which could result in the arbitrary execution of code. |
CVE-2022-31744
|
| VCID-ahzr-nr7g-5ue2 | A STUN server in conjunction with a large number of webkitRTCPeerConnection objects can be used to send large STUN packets in a short period of time due to a lack of rate limiting being applied on e10s systems, allowing for a denial of service attack. |
CVE-2017-5388
|
| VCID-ajzf-jj8y-3ue3 | Multiple vulnerabilities have been discovered in Mozilla Thunderbird, the worst of which could result in arbitrary code execution. |
CVE-2023-25729
|
| VCID-ak2m-xsvt-eqbs | Multiple vulnerabilities have been found in Mozilla Firefox, the worst of which could result in the arbitrary execution of code. |
CVE-2020-15652
|
| VCID-akwm-tx92-bqfs | Mozilla Firefox through 1.5.0.3 has a vulnerability in processing the content-length header |
CVE-2011-2668
|
| VCID-an3w-wb6n-zuee | Multiple vulnerabilities have been discovered in Mozilla Thunderbird, the worst of which could result in arbitrary code execution. |
CVE-2022-45410
|
| VCID-ap6c-9pta-wbdz | security update |
CVE-2016-1951
|
| VCID-apes-5sa9-w7gd | Multiple vulnerabilities have been discovered in Mozilla Firefox, the worst of which could result in arbitrary code execution. |
CVE-2024-0755
|
| VCID-aquh-9cjg-wyey | Multiple vulnerabilities have been discovered in Mozilla Thunderbird, the worst of which could result in arbitrary code execution. |
CVE-2022-46877
|
| VCID-as4y-nhw6-akfx | A vulnerability was identified in Thunderbird where XPath parsing could trigger undefined behavior due to missing null checks during attribute access. This could lead to out-of-bounds read access and potentially, memory corruption. |
CVE-2025-4087
|
| VCID-as8g-vnyj-u7hk | Multiple vulnerabilities have been discovered in Mozilla Thunderbird, the worst of which could result in arbitrary code execution. |
CVE-2023-29539
|
| VCID-aufc-f7tk-h7hj | Multiple vulnerabilities have been discovered in Mozilla Thunderbird, the worst of which could result in arbitrary code execution. |
CVE-2023-25746
|
| VCID-avgs-nz9j-gqg8 | On Windows, a compromised content process could use bad StreamData sent over AudioIPC to trigger a use-after-free in the Browser process. This could have led to a sandbox escape. |
CVE-2025-1930
|
| VCID-avw6-7aqv-hbaa | Multiple vulnerabilities have been found in Mozilla SeaMonkey, the worst of which could lead to the remote execution of arbitrary code. |
CVE-2016-9079
|
| VCID-awue-n9ua-hfej | Multiple vulnerabilities have been found in Mozilla Firefox, the worst of which may allow execution of arbitrary code. |
CVE-2017-7757
|
| VCID-ax8a-z9s4-e3dk | A vulnerability was discovered where specific command line arguments are not properly discarded during Firefox invocation as a shell handler for URLs. This could be used to retrieve and execute files whose location is supplied through these command line arguments if Firefox is configured as the default URI handler for a given URI scheme in third party applications and these applications insufficiently sanitize URL data. *Note: This issue only affects Windows operating systems. Other operating systems are unaffected.* |
CVE-2019-9794
|
| VCID-axtu-gujv-rfgk | Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could result in the arbitrary execution of code. |
CVE-2020-12410
|
| VCID-azdd-vdn3-kffy | Use-after-free in the JavaScript: GC component. This vulnerability affects Firefox < 148, Firefox ESR < 115.33, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8. |
CVE-2026-2758
|
| VCID-b28z-4pwb-buc2 | When following a link that opened an intent://-schemed URL, causing a custom tab to be opened, Firefox for Android could be tricked into displaying the incorrect URI. *Note: This issue only affects Firefox for Android. Other operating systems are unaffected.* |
CVE-2020-6827
|
| VCID-b3jt-7h5q-vqgd | Multiple vulnerabilities have been discovered in Mozilla Thunderbird, the worst of which could lead to remote code execution. |
CVE-2024-1546
|
| VCID-b3rg-quvp-2uha | A process isolation vulnerability in Firefox stemmed from improper handling of javascript: URIs, which could allow content to execute in the top-level document's process instead of the intended frame, potentially enabling a sandbox escape. |
CVE-2025-4083
|
| VCID-b3uc-t8zd-2kbs | Multiple vulnerabilities have been found in Firefox, Thunderbird, Network Security Services (NSS), and NetScape Portable Runtime (NSPR) with the worst of which may allow remote execution of arbitrary code. |
CVE-2016-1949
|
| VCID-b3zg-y242-xybq | If the browser.privatebrowsing.autostart preference is enabled, IndexedDB files were not properly deleted when the window was closed. This preference is disabled by default in Firefox. |
CVE-2024-4767
|
| VCID-b4bq-q3ga-3ff1 | Incorrect boundary conditions in the Graphics: Canvas2D component. This vulnerability affects Firefox < 149, Firefox ESR < 115.34, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9. |
CVE-2026-4707
|
| VCID-b4dv-raac-tkf1 | Multiple vulnerabilities have been found in Mozilla Firefox and Thunderbird the worst of which could lead to the execution of arbitrary code. |
CVE-2016-5259
|
| VCID-b4fq-m97e-eybr | Multiple vulnerabilities have been found in Mozilla Firefox, the worst of which could result in the arbitrary execution of code. |
CVE-2020-12418
|
| VCID-b5jm-57h2-2qcs | JIT miscompilation, use-after-free in the JavaScript Engine: JIT component. This vulnerability affects Firefox < 148, Firefox ESR < 115.33, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8. |
CVE-2026-2764
|
| VCID-b5y9-qmw5-nkbv | If an attacker could find a way to trigger a particular code path in SafeRefPtr, it could have triggered a crash or potentially be leveraged to achieve code execution. |
CVE-2024-2612
|
| VCID-b65s-fwk5-gkbs | Multiple vulnerabilities have been found in Mozilla Firefox and Thunderbird the worst of which could lead to the execution of arbitrary code. |
CVE-2016-2827
|
| VCID-b67z-91x3-sug1 | Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could result in the arbitrary execution of code. |
CVE-2019-11764
|
| VCID-b6sf-z5tm-4uau | Use-after-free in the Layout: Text and Fonts component. This vulnerability affects Firefox < 149, Firefox ESR < 115.34, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9. |
CVE-2026-4696
|
| VCID-b8c2-qrxm-sybt | Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could result in the arbitrary execution of code. |
CVE-2021-38508
|
| VCID-b8dx-232z-qbbc | Incorrect boundary conditions in the Networking: JAR component. This vulnerability affects Firefox < 148, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8. |
CVE-2026-2779
|
| VCID-b8qk-zbj4-yfg2 | When setting a thread name on Windows in WebRTC, an incorrect number of arguments could have been supplied, leading to stack corruption and a potentially exploitable crash. *Note: this issue only occurs on Windows. Other operating systems are unaffected.* |
CVE-2019-13722
|
| VCID-b911-qnc2-x3aj | Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could result in the arbitrary execution of code. |
CVE-2021-38509
|
| VCID-b9aw-u5wp-6uhk | Multiple vulnerabilities have been discovered in Mozilla Thunderbird, the worst of which could lead to remote code execution. |
CVE-2024-5693
|
| VCID-bae9-9f51-wqac | Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could result in the arbitrary execution of code. |
CVE-2019-11760
|
| VCID-bapg-hzuc-ykby | Multiple vulnerabilities have been discovered in Mozilla Thunderbird, the worst of which could lead to remote code execution. |
CVE-2023-4575
|
| VCID-baq3-sm51-3qae | An error in the WindowsDllDetourPatcher where a RWX ("Read/Write/Execute") 4k block is allocated but never protected, violating DEP protections. *Note: This attack only affects Windows operating systems. Other operating systems are not affected.* |
CVE-2017-7782
|
| VCID-bb61-y349-fqgx | Multiple vulnerabilities have been found in Mozilla Firefox and Thunderbird the worst of which could lead to the execution of arbitrary code. |
CVE-2016-5266
|
| VCID-bbsb-t7kv-4bbw | Mozilla developers and community members reported several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. |
CVE-2016-2815
|
| VCID-bc7q-srps-sfd7 | Multiple vulnerabilities have been discovered in Mozilla Thunderbird, the worst of which could result in arbitrary code execution. |
CVE-2023-29541
|
| VCID-bccq-jn4j-8qd8 | Multiple vulnerabilities have been found in Mozilla Firefox, the worst of which may allow execution of arbitrary code. |
CVE-2017-16541
|
| VCID-bd3j-r1wt-dyf4 | Security researcher sushi Anton Larsson reported that when paired fullscreen and pointerlock requests are done in combination with closing windows, a pointerlock can be created within a fullscreen window without user permission. This pointerlock cannot then be cancelled without terminating the browser, resulting in a persistent denial of service attack. This can also be used for spoofing and clickjacking attacks against the browser UI. |
CVE-2016-2831
|
| VCID-bd6g-ev4d-kyf6 | Multiple vulnerabilities have been found in Mozilla Thunderbird and Firefox, the worst of which could lead to the execution of arbitrary code. |
CVE-2018-18335
|
| VCID-bfdm-fkfv-nfch | Multiple vulnerabilities have been found in Mozilla Firefox, the worst of which may allow execution of arbitrary code. |
CVE-2018-12365
|
| VCID-bjny-apx2-8ba1 | Multiple vulnerabilities have been discovered in Mozilla Firefox, the worst of which can lead to arbitrary code execution. |
CVE-2024-11695
|
| VCID-bjyq-1zfk-eugq | Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could lead to the execution of arbitrary code. |
CVE-2017-5383
|
| VCID-bm8j-1dxt-q3a8 | Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could lead to the execution of arbitrary code. |
CVE-2018-5103
|
| VCID-bp6q-cu6s-2ke7 | Mozilla developers and community members reported several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. |
CVE-2016-2818
|
| VCID-bpsj-5ap7-zuhq | Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could lead to the execution of arbitrary code. |
CVE-2018-5097
|
| VCID-bqyj-qnak-eydy | Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could result in the arbitrary execution of code. |
CVE-2021-43543
|
| VCID-bshu-jxhj-27b8 | Multiple vulnerabilities have been discovered in Mozilla Thunderbird, the worst of which could lead to remote code execution. |
CVE-2024-5700
|
| VCID-bw96-5g6y-j3c4 | Multiple vulnerabilities have been discovered in Mozilla Thunderbird, the worst of which could lead to remote code execution. |
CVE-2023-6860
|
| VCID-bwk4-hqx8-97dy | Multiple vulnerabilities have been discovered in Mozilla Thunderbird, the worst of which could lead to remote code execution. |
CVE-2024-10459
|
| VCID-bwm1-yauc-xudu | Multiple vulnerabilities have been found in Graphite, the worst of which could lead to the remote execution of arbitrary code. |
CVE-2016-2801
|
| VCID-bxdr-5t7k-rbdn | The libtremor library has the same flaw as CVE-2018-5146. This library is used by Firefox in place of libvorbis on Android and ARM platforms.*Update: The 52.7.2 source release accidentally did not include this patch (the Mozilla-produced 52.7.2 binaries are fine). Anyone building 52.7.2 on ARM should use revision 5cd5586a2f48424a9031a3fa4c782954a9df9a52 instead of the released source. |
CVE-2018-5147
|
| VCID-bxrh-7kwf-p3at | Multiple vulnerabilities have been found in Mozilla Thunderbird, the world of which could result in arbitrary code execution. |
CVE-2022-40956
|
| VCID-bzgb-mdsk-yua6 | An attacker could have caused a use-after-free via crafted XSLT data, leading to a potentially exploitable crash. |
CVE-2025-1009
|
| VCID-c2kz-qw3v-eqbz | Multiple vulnerabilities have been found in Mozilla Firefox and Thunderbird the worst of which could lead to the execution of arbitrary code. |
CVE-2016-5262
|
| VCID-c33s-zggk-qkaz | Multiple vulnerabilities have been reported in Mozilla Firefox. |
CVE-2006-5462
|
| VCID-c3ex-zw8a-6bcy | Multiple vulnerabilities have been found in Mozilla Firefox and Thunderbird the worst of which could lead to the execution of arbitrary code. |
CVE-2016-5257
|
| VCID-c4pj-vwxp-tfb8 | Multiple vulnerabilities have been reported in Mozilla Thunderbird, some of which may allow the remote execution of arbitrary code. |
CVE-2006-6503
|
| VCID-c4qs-a9kw-p3hc | Multiple vulnerabilities have been found in Mozilla Firefox, the worst of which may allow execution of arbitrary code. |
CVE-2019-17017
|
| VCID-c51s-yenc-4yab | Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could result in the arbitrary execution of code. |
CVE-2021-38504
|
| VCID-c52k-tg8d-sbeg | Multiple vulnerabilities have been discovered in Mozilla Thunderbird, the worst of which could result in arbitrary code execution. |
CVE-2023-23599
|
| VCID-c5b5-beuj-z3gh | Multiple vulnerabilities have been found in Mozilla Thunderbird, the world of which could result in arbitrary code execution. |
CVE-2022-40959
|
| VCID-c6jc-3917-x7dx | Security researcher Tim McCormack reported that when a page requests a series of permissions in a short timespan, the resulting permission notifications can show the icon for the wrong permission request. This can lead to user confusion and inadvertent consent given when a user is prompted by web content to give permissions, such as for geolocation or microphone access. |
CVE-2016-2829
|
| VCID-c6rx-p235-9bdz | Memory safety bugs present in Firefox ESR 140.2, Thunderbird ESR 140.2, Firefox 142 and Thunderbird 142. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. |
CVE-2025-10537
|
| VCID-c7sb-zust-e7f9 | Tor Browser through 8.5.3 has an information exposure vulnerability. It allows remote attackers to detect the browser's language via vectors involving an IFRAME element, because text in that language is included in the title attribute of a LINK element for a non-HTML page. This is related to a behavior of Firefox before 68. |
CVE-2019-13075
|
| VCID-c83b-ttr4-83em | Multiple vulnerabilities have been found in Graphite, the worst of which could lead to the remote execution of arbitrary code. |
CVE-2016-2797
|
| VCID-c8p3-ef58-wudt | Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could lead to the execution of arbitrary code. |
CVE-2017-5376
|
| VCID-ccbk-bcjn-9ygr | Multiple vulnerabilities have been found in Mozilla Firefox, the worst of which could result in the arbitrary execution of code. |
CVE-2019-11740
|
| VCID-ce3x-bw1m-jyf4 | Multiple vulnerabilities have been found in Mozilla Thunderbird and Firefox, the worst of which could lead to the execution of arbitrary code. |
CVE-2018-18506
|
| VCID-cfqv-7r6b-g3e9 | Multiple vulnerabilities have been discovered in Mozilla Thunderbird, the worst of which could lead to remote code execution. |
CVE-2023-4576
|
| VCID-cfy8-73k1-jkdj | The Mozilla Maintenance Service helper.exe application creates a temporary directory writable by non-privileged users. When this is combined with creation of a junction (a form of symbolic link), protected files in the target directory of the junction can be deleted by the Mozilla Maintenance Service, which has privileged access. *Note: This attack requires local system access and only affects Windows. Other operating systems are not affected.* |
CVE-2017-7761
|
| VCID-cgvg-aj53-kkbp | Multiple vulnerabilities have been discovered in Mozilla Thunderbird, the worst of which could result in arbitrary code execution. |
CVE-2023-0767
|
| VCID-ch3v-nq5w-3fg4 | Multiple vulnerabilities have been discovered in Mozilla Thunderbird, the worst of which could lead to remote code execution. |
CVE-2023-37202
|
| VCID-cj16-a2tv-cqd7 | Multiple vulnerabilities have been discovered in Mozilla Thunderbird, the worst of which could lead to remote code execution. |
CVE-2023-4574
|
| VCID-cmnc-fyxb-rfd4 | An attacker could have caused an out of bounds memory access using WebGL APIs, leading to memory corruption and a potentially exploitable crash.*This bug only affects Firefox for macOS. Other operating systems are unaffected.* |
CVE-2023-29531
|
| VCID-cmr4-6stm-jfe9 | Multiple vulnerabilities have been discovered in Mozilla Thunderbird, the worst of which could lead to remote code execution. |
CVE-2024-7524
|
| VCID-cpez-x3zd-p7bu | Invalid pointer in the JavaScript Engine component. This vulnerability affects Firefox < 148, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8. |
CVE-2026-2785
|
| VCID-cpra-u2v5-3qg5 | An attack using manipulation of updater.ini contents, used by the Mozilla Windows Updater, and privilege escalation through the Mozilla Maintenance Service to allow for arbitrary file execution and deletion by the Maintenance Service, which has privileged access. *Note: This attack requires local system access and only affects Windows. Other operating systems are not affected.* |
CVE-2017-7766
|
| VCID-cqpd-wav4-pubn | Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could result in the arbitrary execution of code. |
CVE-2022-26381
|
| VCID-cqtb-7t8w-rug2 | A potentially exploitable use-after-free crash during actor destruction with service workers. This issue does not affect releases earlier than Firefox 49. |
CVE-2016-5287
|
| VCID-csm4-qspw-83da | Multiple vulnerabilities have been found in Mozilla Firefox, the worst of which may allow execution of arbitrary code. |
CVE-2018-5188
|
| VCID-ctgf-rds5-4fda | Multiple vulnerabilities have been found in Mozilla Firefox, the worst of which may allow execution of arbitrary code. |
CVE-2018-12396
|
| VCID-cupx-f8h2-dbfw | WebRTC in Firefox will honor persisted permissions given to sites for access to microphone and camera resources even when in a third-party context. In light of recent high profile vulnerabilities in other software, a decision was made to no longer persist these permissions. This avoids the possibility of trusted WebRTC resources being invisibly embedded in web content and abusing permissions previously given by users. Users will now be prompted for permissions on each use. |
CVE-2019-11748
|
| VCID-cx4p-6ywa-hbec | Multiple vulnerabilities have been found in Mozilla Firefox, the worst of which may allow execution of arbitrary code. |
CVE-2018-12389
|
| VCID-cypj-1jsu-cbh5 | Memory safety bugs present in Firefox 134, Thunderbird 134, Firefox ESR 115.19, Firefox ESR 128.6, Thunderbird 115.19, and Thunderbird 128.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. |
CVE-2025-1016
|
| VCID-d194-2uh4-pug1 | Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could result in the arbitrary execution of code. |
CVE-2022-22743
|
| VCID-d4bx-x9pb-8kfx | Multiple vulnerabilities have been found in Mozilla Firefox, the worst of which may allow execution of arbitrary code. |
CVE-2018-5150
|
| VCID-d5hs-m1zz-kybj | The destructor function for the WindowsDllDetourPatcher class can be re-purposed by malicious code in concert with another vulnerability to write arbitrary data to an attacker controlled location in memory. This can be used to bypass existing memory protections in this situation. *Note: This attack only affects Windows operating systems. Other operating systems are not affected.* |
CVE-2017-7804
|
| VCID-d7jf-wx4p-cuek | Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could lead to the execution of arbitrary code. |
CVE-2017-7807
|
| VCID-d9dm-aww1-pfbm | Multiple vulnerabilities have been found in Mozilla Firefox and Thunderbird the worst of which could lead to the execution of arbitrary code. |
CVE-2016-5253
|
| VCID-d9vf-maye-6ff7 | Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could result in the arbitrary execution of code. |
CVE-2022-22745
|
| VCID-d9z7-npfz-53a8 | Multiple vulnerabilities have been found in Mozilla Firefox and Thunderbird the worst of which could lead to the execution of arbitrary code. |
CVE-2016-2837
|
| VCID-db28-rbyf-1qf4 | Privilege escalation in the Netmonitor component. This vulnerability affects Firefox < 146, Firefox ESR < 140.6, Thunderbird < 146, and Thunderbird < 140.6. |
CVE-2025-14329
|
| VCID-dcjm-7xcr-ayew | Memory safety bugs present in Firefox 138, Thunderbird 138, Firefox ESR 128.10, and Thunderbird 128.10. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. |
CVE-2025-5268
|
| VCID-dck1-2x3v-1ygr | Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could lead to the execution of arbitrary code. |
CVE-2017-7792
|
| VCID-ddem-1dt1-uff7 | Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could result in the arbitrary execution of code. |
CVE-2021-38503
|
| VCID-ddwf-z514-hbbj | Information disclosure in the Networking: Cache component. This vulnerability affects Firefox < 143, Firefox ESR < 140.3, Thunderbird < 143, and Thunderbird < 140.3. |
CVE-2025-10536
|
| VCID-de4g-6sjv-6ugg | Multiple vulnerabilities have been found in Mozilla Firefox and Thunderbird the worst of which could lead to the execution of arbitrary code. |
CVE-2016-2820
|
| VCID-dedv-96fb-vyhp | Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could result in the arbitrary execution of code. |
CVE-2021-29967
|
| VCID-deth-9krh-kufj | Spoofing issue in the DOM: Copy & Paste and Drag & Drop component. This vulnerability affects Firefox < 147, Firefox ESR < 140.7, Thunderbird < 147, and Thunderbird < 140.7. |
CVE-2026-0890
|
| VCID-dg61-9h8j-tkfj | Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could result in the arbitrary execution of code. |
CVE-2022-29916
|
| VCID-dgwm-n1zx-qkbq | Race condition in the Graphics component. This vulnerability affects Firefox < 145, Firefox ESR < 140.5, Firefox ESR < 115.30, Thunderbird < 145, and Thunderbird < 140.5. |
CVE-2025-13012
|
| VCID-dh3c-g3k3-zkb7 | Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could lead to the execution of arbitrary code. |
CVE-2017-7805
|
| VCID-dh5k-q87q-4qfs | Multiple vulnerabilities have been discovered in Mozilla Firefox, the worst of which can lead to arbitrary code execution. |
CVE-2024-11696
|
| VCID-dhed-rfz6-ffe9 | Multiple vulnerabilities have been found in Mozilla Firefox, the worst of which could result in the arbitrary execution of code. |
CVE-2020-26951
|
| VCID-dhy3-wnzu-x7dw | Unspecified versions of Mozilla Firefox allow remote attackers to cause a denial of service (crash) via a web page that contains a large number of nested marquee tags. NOTE: a followup post indicated that the initial report could not be verified. |
CVE-2006-2723
|
| VCID-dk4z-1j37-aucx | Multiple vulnerabilities have been found in Firefox, Thunderbird, Network Security Services (NSS), and NetScape Portable Runtime (NSPR) with the worst of which may allow remote execution of arbitrary code. |
CVE-2016-1979
|
| VCID-dp5j-4mzw-pqer | Memory safety bug present in Firefox ESR 128.9, and Thunderbird 128.9. This bug showed evidence of memory corruption and we presume that with enough effort this could have been exploited to run arbitrary code. |
CVE-2025-4093
|
| VCID-dqhd-ay8b-wfam | Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could result in the arbitrary execution of code. |
CVE-2022-31740
|
| VCID-drcd-xhd2-27hn | Multiple vulnerabilities have been found in Mozilla Thunderbird and Firefox, the worst of which could lead to the execution of arbitrary code. |
CVE-2019-9793
|
| VCID-ds2y-kn7q-vuct | Multiple vulnerabilities have been discovered in Mozilla Thunderbird, the worst of which could lead to remote code execution. |
CVE-2024-10464
|
| VCID-dsaw-xa6k-4yfw | Multiple vulnerabilities have been found in Mozilla Firefox, the worst of which could result in the arbitrary execution of code. |
CVE-2020-26968
|
| VCID-dsuj-fmtr-cbft | Multiple vulnerabilities have been found in Mozilla Firefox, the worst of which may allow execution of arbitrary code. |
CVE-2017-5432
|
| VCID-du2f-xvxg-4bbf | Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could result in the arbitrary execution of code. |
CVE-2019-11709
|
| VCID-dv2d-9a59-xkaq | Proxy Auto-Config (PAC) files can specify a JavaScript function called for all URL requests with the full URL path which exposes more information than would be sent to the proxy itself in the case of HTTPS. Normally the Proxy Auto-Config file is specified by the user or machine owner and presumed to be non-malicious, but if a user has enabled Web Proxy Auto Detect (WPAD) this file can be served remotely. |
CVE-2017-5384
|
| VCID-dvcv-fgk6-buet | Multiple vulnerabilities have been found in Mozilla Firefox and Thunderbird the worst of which could lead to the execution of arbitrary code. |
CVE-2016-5277
|
| VCID-dveb-sthz-bkgu | Multiple vulnerabilities have been discovered in Mozilla Thunderbird, the worst of which could result in arbitrary code execution. |
CVE-2023-25738
|
| VCID-dxr7-qubc-tyb7 | Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could lead to the execution of arbitrary code. |
CVE-2017-5401
|
| VCID-dxwp-5jfs-nuew | Sandbox escape due to incorrect boundary conditions in the DOM: Core & HTML component. This vulnerability affects Firefox < 148, Firefox ESR < 115.33, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8. |
CVE-2026-2778
|
| VCID-dy9a-9mc6-hfbc | A transient execution vulnerability, named Floating Point Value Injection (FPVI) allowed an attacker to leak arbitrary memory addresses and may have also enabled JIT type confusion attacks. (A related vulnerability, Speculative Code Store Bypass (SCSB), did not affect Firefox.) |
CVE-2021-29955
|
| VCID-dydk-9hwf-4ka4 | Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could lead to the execution of arbitrary code. |
CVE-2017-7793
|
| VCID-dyn7-63ve-37at | Multiple vulnerabilities have been found in Mozilla Firefox and Thunderbird the worst of which could lead to the execution of arbitrary code. |
CVE-2016-2813
|
| VCID-e2k8-m9sm-8uek | Incorrect boundary conditions in the Layout: Text and Fonts component. This vulnerability affects Firefox < 149, Firefox ESR < 115.34, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9. |
CVE-2026-4699
|
| VCID-e2ww-ngam-cugq | The "export" function in the Certificate Viewer can force local filesystem navigation when the "common name" in a certificate contains slashes, allowing certificate content to be saved in unsafe locations with an arbitrary filename. |
CVE-2017-5381
|
| VCID-e36h-6n36-puht | Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could lead to the execution of arbitrary code. |
CVE-2017-7814
|
| VCID-e38r-grgp-rfbn | Multiple vulnerabilities have been found in Mozilla Firefox, the worst of which could result in the arbitrary execution of code. |
CVE-2021-23998
|
| VCID-e4mx-ww79-1bau | Multiple vulnerabilities have been found in Mozilla Firefox and Thunderbird the worst of which could lead to the execution of arbitrary code. |
CVE-2016-5274
|
| VCID-e4nx-qfam-cfaj | Multiple vulnerabilities have been discovered in Mozilla Thunderbird, the worst of which could result in arbitrary code execution. |
CVE-2022-46872
|
| VCID-e6bs-vk6j-h3e6 | Multiple vulnerabilities have been discovered in Mozilla Thunderbird, the worst of which could lead to remote code execution. |
CVE-2023-6206
|
| VCID-e7jk-vs8y-fyhr | Use-after-free in the WebRTC: Audio/Video component. This vulnerability affects Firefox < 145, Firefox ESR < 140.5, Thunderbird < 145, and Thunderbird < 140.5. |
CVE-2025-13020
|
| VCID-e7p8-zrwx-5ug6 | A flaw in handling fullscreen transitions may have inadvertently caused the application to become stuck in fullscreen mode when a modal dialog was opened during the transition. This issue left users unable to exit fullscreen mode using standard actions like pressing "Esc" or accessing right-click menus, resulting in a disrupted browsing experience until the browser is restarted. *This bug only affects the application when running on macOS. Other operating systems are unaffected.* |
CVE-2024-11698
|
| VCID-eauw-p8kn-yqdt | Multiple vulnerabilities have been reported in the SeaMonkey project, some of which may allow the remote execution of arbitrary code. |
CVE-2006-6504
|
| VCID-ebhp-kzkz-euhu | Similar to CVE-2023-28163, this time when choosing 'Save Link As', suggested filenames containing environment variable names would have resolved those in the context of the current user. *This bug only affects Firefox on Windows. Other versions of Firefox are unaffected.* |
CVE-2023-29545
|
| VCID-ebzs-h9p8-tbb4 | Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could lead to the execution of arbitrary code. |
CVE-2017-7830
|
| VCID-ecm1-2298-mkfm | Multiple vulnerabilities have been found in Graphite, the worst of which could lead to the remote execution of arbitrary code. |
CVE-2016-2799
|
| VCID-efvs-1tuf-guf4 | Information disclosure in the Widget: Cocoa component. This vulnerability affects Firefox < 149, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9. |
CVE-2026-4712
|
| VCID-eget-cyhz-xbhr | Multiple vulnerabilities have been found in Chromium and Google Chrome, the worst of which could result in the arbitrary execution of code. |
CVE-2020-16044
|
| VCID-eh1p-amew-hydf | Multiple vulnerabilities have been found in Mozilla Firefox and Thunderbird the worst of which could lead to the execution of arbitrary code. |
CVE-2016-5264
|
| VCID-ekxy-vaed-u7cg | Multiple vulnerabilities have been found in Mozilla Firefox and Thunderbird the worst of which could lead to the execution of arbitrary code. |
CVE-2016-9074
|
| VCID-emmz-dq8m-sfct | Multiple vulnerabilities have been found in Mozilla Firefox and Thunderbird the worst of which could lead to the execution of arbitrary code. |
CVE-2016-5261
|
| VCID-esw4-827s-u3f1 | When importing resources using Web Workers, error messages would distinguish the difference between application/javascript responses and non-script responses. This could have been abused to learn information cross-origin. |
CVE-2024-4769
|
| VCID-ev18-anej-zbap | Security researcher Jordi Chancel reported a method to spoof the contents of the addressbar. This uses a persistent menu within a <select> element, which acts as a container for HTML content and can be placed in an arbitrary location. When placed over the addressbar, this can mask the true site URL, allowing for spoofing by a malicious site. |
CVE-2016-2822
|
| VCID-ewet-6xtr-sqdn | Mozilla Firefox prior to 3.6 has a DoS vulnerability due to an issue in the validation of certificates. |
CVE-2011-2669
|
| VCID-ewqm-puf8-hkbv | Multiple vulnerabilities have been found in Mozilla Firefox, the worst of which may allow execution of arbitrary code. |
CVE-2018-5168
|
| VCID-ex1b-2rdy-7qhw | Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could result in the arbitrary execution of code. |
CVE-2019-17005
|
| VCID-eyaw-nzuh-8ue2 | Multiple vulnerabilities have been found in Mozilla Firefox, the worst of which may allow execution of arbitrary code. |
CVE-2018-5130
|
| VCID-eyf6-1map-zbdz | Multiple vulnerabilities have been found in Mozilla Firefox, the worst of which may allow execution of arbitrary code. |
CVE-2018-12395
|
| VCID-eyrw-5dmv-pqfe | Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could result in the arbitrary execution of code. |
CVE-2022-22764
|
| VCID-f1bq-hn88-fkbz | Multiple vulnerabilities have been found in Mozilla Firefox, the worst of which may allow execution of arbitrary code. |
CVE-2017-7843
|
| VCID-f1zm-g4es-vfbz | Multiple vulnerabilities have been discovered in Mozilla Firefox, the worst of which can lead to arbitrary code execution. |
CVE-2025-0239
|
| VCID-f2tn-1hq4-uffa | An attacker was able to perform memory corruption in the GMP process which processes encrypted media. This process is also heavily sandboxed, but represents slightly different privileges from the content process. |
CVE-2025-9179
|
| VCID-f3ws-d8fh-9ucz | Multiple vulnerabilities have been found in Mozilla Firefox, the worst of which could result in the arbitrary execution of code. |
CVE-2020-26959
|
| VCID-f4ja-2ydw-cufu | The executable file warning was not presented when downloading .library-ms files. *Note: This issue only affected Windows operating systems. Other operating systems are unaffected.* |
CVE-2024-11693
|
| VCID-f4pn-vjxk-ybfx | Multiple vulnerabilities have been found in Mozilla Firefox, the worst of which may allow execution of arbitrary code. |
CVE-2018-12379
|
| VCID-f4xy-kftc-mug2 | Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could lead to remote code execution. |
CVE-2023-32207
|
| VCID-f5dh-8kx7-vbfq | Multiple vulnerabilities have been found in Mozilla Firefox, the worst of which may allow execution of arbitrary code. |
CVE-2017-5441
|
| VCID-f5w8-j656-akf4 | Memory safety bugs present in Firefox 134, Thunderbird 134, Firefox ESR 128.6, and Thunderbird 128.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. |
CVE-2025-1017
|
| VCID-f6qv-znt2-2bd5 | Multiple vulnerabilities have been discovered in Mozilla Thunderbird, the worst of which could lead to remote code execution. |
CVE-2023-6863
|
| VCID-f7zd-nx3e-tba1 | Multiple vulnerabilities have been found in Graphite, the worst of which could lead to the remote execution of arbitrary code. |
CVE-2017-7771
|
| VCID-f81v-9fv8-93cd | Out-of-bounds Write Heap buffer overflow in vp8 encoding in libvpx in Google Chrome prior to 117.0.5938.132 and libvpx 1.13.1 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) |
CVE-2023-5217
GHSA-qqvq-6xgj-jw8g |
| VCID-f8c7-p8nz-bbap | A local attacker can trick the Mozilla Maintenance Service into applying an unsigned update file by pointing the service at an update file on a malicious SMB server. The update file can be replaced after the signature check, before the use, because the write-lock requested by the service does not work on a SMB server.*Note: This attack requires local system access and only affects Windows. Other operating systems are not affected.* |
CVE-2023-29532
|
| VCID-f8fw-f3kt-8feb | Multiple vulnerabilities have been found in Chromium and Google Chrome, the worst of which could result in the arbitrary execution of code. |
CVE-2020-6514
|
| VCID-f8wd-xgwu-8kgm | Canvas allows the use of the feDisplacementMap filter on images loaded cross-origin. The rendering by the filter is variable depending on the input pixel, allowing for timing attacks when the images are loaded from third party locations. |
CVE-2016-9077
|
| VCID-fa1y-hpcb-27gj | Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could result in the arbitrary execution of code. |
CVE-2022-22760
|
| VCID-fcvd-rpmu-1ygk | Multiple vulnerabilities have been found in Mozilla Firefox, the worst of which may allow execution of arbitrary code. |
CVE-2018-5131
|
| VCID-fdue-dg92-13cp | Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could lead to the execution of arbitrary code. |
CVE-2018-5146
|
| VCID-ffd7-y29n-6fan | XSLT document loading did not correctly propagate the source document which bypassed its CSP. |
CVE-2025-8032
|
| VCID-fgnu-kh7z-xuau | Multiple vulnerabilities have been found in Mozilla Firefox and Thunderbird the worst of which could lead to the execution of arbitrary code. |
CVE-2016-9902
|
| VCID-fjam-jfc1-pkbv | Multiple vulnerabilities have been found in Graphite, the worst of which could lead to the remote execution of arbitrary code. |
CVE-2016-2795
|
| VCID-fmub-ph5x-pbdu | Redirection from an HTTP connection to a data: URL assigns the referring site's origin to the data: URL in some circumstances. This can result in same-origin violations against a domain if it loads resources from malicious sites. Cross-origin setting of cookies has been demonstrated without the ability to read them. *Note: This issue only affects Firefox 49 and 50.* |
CVE-2016-9078
|
| VCID-fpw1-j3wb-xfd5 | Multiple vulnerabilities have been discovered in Mozilla Thunderbird, the worst of which could result in arbitrary code execution. |
CVE-2022-45408
|
| VCID-fqmm-499j-nyc3 | Multiple vulnerabilities have been found in Mozilla Firefox and Thunderbird the worst of which could lead to the execution of arbitrary code. |
CVE-2016-2830
|
| VCID-fr2x-ad9j-jyej | If a Content Security Policy (CSP) directive is defined that uses a hash-based source that takes the empty string as input, execution of any javascript: URIs will be allowed. This could allow for malicious JavaScript content to be run, bypassing CSP permissions. |
CVE-2019-11738
|
| VCID-frvc-mqhd-eydh | Multiple vulnerabilities have been discovered in Mozilla Thunderbird, the worst of which could lead to remote code execution. |
CVE-2024-6601
|
| VCID-fsvy-jfhn-1ydz | Multiple vulnerabilities have been found in Mozilla Firefox, the worst of which could result in the arbitrary execution of code. |
CVE-2020-12419
|
| VCID-ft6u-geds-fua9 | JIT miscompilation in the JavaScript Engine component. This vulnerability affects Firefox < 149, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9. |
CVE-2026-4702
|
| VCID-fvp8-grcg-27d3 | Multiple vulnerabilities have been found in Mozilla Firefox and Thunderbird the worst of which could lead to the execution of arbitrary code. |
CVE-2016-2812
|
| VCID-fwr3-cgq1-a3b4 | Multiple vulnerabilities have been discovered in Mozilla Thunderbird, the worst of which could lead to remote code execution. |
CVE-2023-6204
|
| VCID-fx8t-41tv-hkdu | Use After Free png_image_free in png.c in libpng has a use-after-free because png_image_free_function is called under png_safe_execute. |
CVE-2019-7317
|
| VCID-fxnj-rr7h-ryb5 | Multiple vulnerabilities have been discovered in Mozilla Thunderbird, the worst of which could result in arbitrary code execution. |
CVE-2022-46880
|
| VCID-g1af-pkh5-xygt | Multiple vulnerabilities have been discovered in Mozilla Thunderbird, the worst of which could result in arbitrary code execution. |
CVE-2023-25742
|
| VCID-g24d-23zk-6fgn | AppendEncodedAttributeValue(), ExtraSpaceNeededForAttrEncoding() and AppendEncodedCharacters() could have experienced integer overflows, causing underallocation of an output buffer leading to an out of bounds write. |
CVE-2024-2608
|
| VCID-g2et-bnvt-9fem | During the initialization of a new content process, a race condition occurs that can allow a content process to disclose heap addresses from the parent process. *Note: this issue only occurs on Windows. Other operating systems are unaffected.* |
CVE-2019-17021
|
| VCID-g2jp-fq7y-kkcn | Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could result in the arbitrary execution of code. |
CVE-2019-11730
|
| VCID-g3n8-mvdt-cqdj | Multiple vulnerabilities have been discovered in Mozilla Firefox, the worst of which can lead to arbitrary code execution. |
CVE-2025-3029
|
| VCID-g3nf-qnz2-h7gg | Images from a different domain can be read using a canvas object in some circumstances. This could be used to steal image data from a different site in violation of same-origin policy. |
CVE-2019-9817
|
| VCID-g5z1-9an3-aubs | Multiple vulnerabilities have been discovered in Mozilla Thunderbird, the worst of which could lead to remote code execution. |
CVE-2023-5732
|
| VCID-gbgr-rxhx-jkae | Multiple vulnerabilities have been found in Firefox, Thunderbird, Network Security Services (NSS), and NetScape Portable Runtime (NSPR) with the worst of which may allow remote execution of arbitrary code. |
CVE-2016-1965
|
| VCID-gbsw-gmc4-uqad | Multiple vulnerabilities have been found in Mozilla Firefox and Thunderbird the worst of which could lead to the execution of arbitrary code. |
CVE-2016-2811
|
| VCID-gcen-3yba-a3ht | Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could lead to the execution of arbitrary code. |
CVE-2017-5375
|
| VCID-gcnq-avax-aqcv | Sandbox escape due to incorrect boundary conditions in the Telemetry component in External Software. This vulnerability affects Firefox < 148, Firefox ESR < 115.33, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8. |
CVE-2026-2776
|
| VCID-gfdf-pxta-xbg1 | Multiple vulnerabilities have been found in Mozilla Firefox, the worst of which could result in the arbitrary execution of code. |
CVE-2020-12387
|
| VCID-gfj6-dsud-g3fh | Multiple vulnerabilities have been found in NSS, the worst of which may allow execution of arbitrary code. |
CVE-2017-5462
|
| VCID-gfve-nzmn-dbbd | Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could result in the arbitrary execution of code. |
CVE-2022-29914
|
| VCID-ghhu-atxz-8ya9 | Multiple vulnerabilities have been found in Mozilla Firefox, the worst of which could result in the arbitrary execution of code. |
CVE-2019-11708
|
| VCID-ghqe-gsw9-c3e4 | Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could lead to remote code execution. |
CVE-2023-32211
|
| VCID-gjvm-8v8y-d7c5 | Multiple vulnerabilities have been found in Mozilla Firefox, the worst of which could result in the arbitrary execution of code. |
CVE-2021-23982
|
| VCID-gkva-6cu9-7keg | Sandbox escape in the Responsive Design Mode component. This vulnerability affects Firefox < 149, Firefox ESR < 115.34, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9. |
CVE-2026-4692
|
| VCID-gne2-jk48-juhs | Multiple vulnerabilities have been found in Mozilla Firefox, the worst of which could result in the arbitrary execution of code. |
CVE-2019-11707
|
| VCID-gph4-xa9p-73fr | Memory safety bugs present in Firefox 137, Thunderbird 137, Firefox ESR 128.9, and Thunderbird 128.9. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. |
CVE-2025-4091
|
| VCID-gpjz-649k-f3he | Multiple vulnerabilities have been discovered in Mozilla Thunderbird, the worst of which could lead to remote code execution. |
CVE-2024-5696
|
| VCID-gqbc-wbhs-4bbx | Multiple vulnerabilities have been found in Mozilla Firefox and Thunderbird the worst of which could lead to the execution of arbitrary code. |
CVE-2016-5256
|
| VCID-gqhc-h5p7-dyh1 | Mozilla's add-ons SDK had a world-accessible resource with an HTML injection vulnerability. If an additional vulnerability allowed this resource to be loaded as a document it could allow injecting content and script into an add-on's context. |
CVE-2016-9903
|
| VCID-gr1m-pdaw-a3h1 | Multiple vulnerabilities have been found in Mozilla Firefox, the worst of which may allow execution of arbitrary code. |
CVE-2018-12377
|
| VCID-gr47-gb4n-87an | Multiple vulnerabilities have been found in Mozilla Firefox, the worst of which may allow execution of arbitrary code. |
CVE-2018-5144
|
| VCID-gr9t-39mj-2bbe | Multiple vulnerabilities have been reported in Mozilla Thunderbird, some of which may allow the remote execution of arbitrary code. |
CVE-2006-6502
|
| VCID-gret-hn3p-5kbk | Multiple vulnerabilities have been discovered in Mozilla Thunderbird, the worst of which could lead to remote code execution. |
CVE-2024-7531
|
| VCID-grjt-j4at-pqbp | Multiple vulnerabilities have been discovered in Mozilla Firefox, the worst of which can lead to arbitrary code execution. |
CVE-2024-11692
|
| VCID-gs3s-s4zk-fyh4 | Multiple vulnerabilities have been discovered in Mozilla Thunderbird, the worst of which could lead to remote code execution. |
CVE-2023-37201
|
| VCID-gu5n-35b2-a3am | Multiple vulnerabilities have been found in Mozilla Firefox and Thunderbird the worst of which could lead to the execution of arbitrary code. |
CVE-2016-2839
|
| VCID-gxfx-4gxp-3kdw | Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could result in the arbitrary execution of code. |
CVE-2022-34481
|
| VCID-gyf5-px5b-67dc | Multiple vulnerabilities have been reported in SeaMonkey, some of which may allow user-assisted arbitrary remote code execution. |
CVE-2007-0801
|
| VCID-h2gc-zk2a-1fg6 | Use-after-free in the JavaScript Engine component. This vulnerability affects Firefox < 147, Firefox ESR < 140.7, Thunderbird < 147, and Thunderbird < 140.7. |
CVE-2026-0884
|
| VCID-h2zq-ubdu-sqc8 | Multiple vulnerabilities have been found in Mozilla Firefox, the worst of which may allow execution of arbitrary code. |
CVE-2017-5443
|
| VCID-h5ub-djvf-nffv | Multiple vulnerabilities have been discovered in Mozilla Thunderbird, the worst of which could lead to remote code execution. |
CVE-2024-3302
|
| VCID-h63e-ngr6-zqee | Multiple vulnerabilities have been found in Graphite, the worst of which could lead to the remote execution of arbitrary code. |
CVE-2017-7772
|
| VCID-h6yb-xsc5-7yck | Multiple vulnerabilities have been found in Firefox, Thunderbird, Network Security Services (NSS), and NetScape Portable Runtime (NSPR) with the worst of which may allow remote execution of arbitrary code. |
CVE-2016-1959
|
| VCID-h9em-p9se-rucn | Use-after-free in the WebRTC: Signaling component. This vulnerability affects Firefox < 146, Firefox ESR < 140.6, Thunderbird < 146, and Thunderbird < 140.6. |
CVE-2025-14321
|
| VCID-hay5-714d-u7fd | Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could result in the arbitrary execution of code. |
CVE-2020-12405
|
| VCID-hb7d-bejp-eueu | Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could result in the arbitrary execution of code. |
CVE-2019-11711
|
| VCID-hccf-ueut-vugw | Sandbox escape due to incorrect boundary conditions in the Graphics: CanvasWebGL component. This vulnerability affects Firefox < 146, Firefox ESR < 115.31, Firefox ESR < 140.6, Thunderbird < 146, and Thunderbird < 140.6. |
CVE-2025-14322
|
| VCID-he63-5fub-yydv | Multiple vulnerabilities have been reported in Mozilla Firefox. |
CVE-2006-5463
|
| VCID-hetc-sghb-1fcx | Multiple vulnerabilities have been discovered in Mozilla Thunderbird, the worst of which could lead to remote code execution. |
CVE-2024-8384
|
| VCID-hfp7-jaxc-2khq | Uninitialized memory in the JavaScript Engine component. |
CVE-2025-9181
|
| VCID-hfx8-7x82-zqfk | Multiple vulnerabilities have been discovered in Mozilla Thunderbird, the worst of which could lead to remote code execution. |
CVE-2024-10466
|
| VCID-hgy1-3pbq-s3ch | Multiple vulnerabilities have been found in Mozilla Firefox, the worst of which could result in arbitrary code execution. |
CVE-2022-42932
|
| VCID-hhtb-ha1v-tffj | A memory corruption vulnerability in Skia that can occur when using transforms to make gradients, resulting in a potentially exploitable crash. |
CVE-2017-5377
|
| VCID-hhu1-cgcx-nfev | During process shutdown, a document could have caused a use-after-free of a languages service object, leading to memory corruption and a potentially exploitable crash. |
CVE-2021-38498
|
| VCID-hk7b-ckyd-7qg2 | Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could lead to the execution of arbitrary code. |
CVE-2017-7803
|
| VCID-hn17-6nvj-9qfw | Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could result in the arbitrary execution of code. |
CVE-2022-22738
|
| VCID-hnb1-5t4z-ubhj | Multiple vulnerabilities have been found in Firefox, Thunderbird, Network Security Services (NSS), and NetScape Portable Runtime (NSPR) with the worst of which may allow remote execution of arbitrary code. |
CVE-2016-1963
|
| VCID-hp32-swmr-qqdy | Multiple vulnerabilities have been discovered in Mozilla Thunderbird, the worst of which could result in arbitrary code execution. |
CVE-2022-46878
|
| VCID-hpnv-s73g-8yhp | Multiple vulnerabilities have been found in Mozilla Firefox, the worst of which could result in the arbitrary execution of code. |
CVE-2019-9812
|
| VCID-hs5f-21nx-gfeb | Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could result in the arbitrary execution of code. |
CVE-2019-11729
|
| VCID-hsc9-up4x-nbgs | Integer overflow in the JavaScript: Standard Library component. This vulnerability affects Firefox < 148, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8. |
CVE-2026-2762
|
| VCID-hshc-4xnc-gug4 | Denial-of-service in the WebRTC: Signaling component. This vulnerability affects Firefox < 149, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9. |
CVE-2026-4704
|
| VCID-hsr3-c152-nucq | Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could result in the arbitrary execution of code. |
CVE-2022-28286
|
| VCID-hstd-23qm-bqdg | Privilege escalation in the Netmonitor component. This vulnerability affects Firefox < 149, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9. |
CVE-2026-4717
|
| VCID-hsy2-jvn8-s3gs | Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could lead to the execution of arbitrary code. |
CVE-2018-5089
|
| VCID-hthe-t85x-13gz | Multiple vulnerabilities have been found in Mozilla Firefox, the worst of which may allow execution of arbitrary code. |
CVE-2017-5465
|
| VCID-htpg-t39z-nbex | Use-after-free vulnerability in Web Animations when interacting with cycle collection found through fuzzing. |
CVE-2017-5379
|
| VCID-htrf-wxeh-cyha | Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could lead to the execution of arbitrary code. |
CVE-2018-5098
|
| VCID-husj-kjf4-ufeq | Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could result in the arbitrary execution of code. |
CVE-2022-34479
|
| VCID-hw2h-w5r2-7qhv | Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could lead to the execution of arbitrary code. |
CVE-2017-7753
|
| VCID-hyhc-qud7-6uax | Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could lead to the execution of arbitrary code. |
CVE-2017-5396
|
| VCID-j1hb-8jjy-tqgq | Incorrect boundary conditions in the Audio/Video: Playback component. This vulnerability affects Firefox < 149, Firefox ESR < 115.34, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9. |
CVE-2026-4693
|
| VCID-j1yh-f1np-wbcv | Multiple vulnerabilities have been discovered in Mozilla Thunderbird, the worst of which could lead to remote code execution. |
CVE-2023-4584
|
| VCID-j1zj-1dr1-8yhc | Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could result in the arbitrary execution of code. |
CVE-2022-29912
|
| VCID-j2ax-jb2h-byeu | Multiple vulnerabilities have been discovered in Mozilla Thunderbird, the worst of which could lead to remote code execution. |
CVE-2023-4052
|
| VCID-j2ga-ggcd-fkg1 | Multiple vulnerabilities have been found in Mozilla Firefox and Thunderbird the worst of which could lead to the execution of arbitrary code. |
CVE-2016-2805
|
| VCID-j2qd-ebuh-8be5 | Multiple vulnerabilities have been found in Mozilla Firefox, the worst of which could result in the arbitrary execution of code. |
CVE-2020-6819
|
| VCID-j56s-gf2k-zqdx | Multiple vulnerabilities have been found in Graphite, the worst of which could lead to the remote execution of arbitrary code. |
CVE-2017-7774
|
| VCID-j5k8-ztxb-uffb | Multiple vulnerabilities have been discovered in Mozilla Firefox, the worst of which can lead to arbitrary code execution. |
CVE-2025-0238
|
| VCID-j64y-ejt3-tbe3 | Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could result in the arbitrary execution of code. |
CVE-2019-11757
|
| VCID-j6w1-yhc3-uqfw | An attacker who enumerated resources from the WebCompat extension could have obtained a persistent UUID that identified the browser, and persisted between containers and normal/private browsing mode, but not profiles. |
CVE-2025-6425
|
| VCID-j6x8-vnns-1yfg | Multiple vulnerabilities have been found in Graphite, the worst of which could lead to the remote execution of arbitrary code. |
CVE-2016-2791
|
| VCID-j7j8-g9du-mqfz | Multiple vulnerabilities have been found in Mozilla Firefox, the worst of which may allow execution of arbitrary code. |
CVE-2018-12366
|
| VCID-j7wt-w5x2-nye4 | Multiple vulnerabilities have been found in Graphite, the worst of which could lead to the remote execution of arbitrary code. |
CVE-2016-2800
|
| VCID-j9mh-ug68-jkfm | Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could lead to the execution of arbitrary code. |
CVE-2018-5096
|
| VCID-jajw-gyuh-v3dj | Multiple vulnerabilities have been found in Mozilla Firefox, the worst of which could result in the arbitrary execution of code. |
CVE-2020-12395
|
| VCID-javq-3r82-73fq | Multiple vulnerabilities have been found in Mozilla Firefox, the worst of which may allow execution of arbitrary code. |
CVE-2019-17022
|
| VCID-jfw1-18np-47b8 | Multiple vulnerabilities have been found in Firefox, Thunderbird, Network Security Services (NSS), and NetScape Portable Runtime (NSPR) with the worst of which may allow remote execution of arbitrary code. |
CVE-2016-1961
|
| VCID-jg37-y3r7-8fcq | Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could result in the arbitrary execution of code. |
CVE-2022-34484
|
| VCID-jj6t-1q5f-uyez | Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could result in the arbitrary execution of code. |
CVE-2022-22763
|
| VCID-jjs1-hz7p-fke6 | Multiple vulnerabilities have been found in Mozilla Firefox, the worst of which may allow execution of arbitrary code. |
CVE-2018-12387
|
| VCID-jm7w-hqzq-tqde | Thunderbird executed javascript: URLs when used in object and embed tags. |
CVE-2025-8029
|
| VCID-jr81-ed7a-aqcp | Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could result in the arbitrary execution of code. |
CVE-2020-6811
|
| VCID-js15-jev6-6fbs | Multiple vulnerabilities have been found in Firefox, Thunderbird, Network Security Services (NSS), and NetScape Portable Runtime (NSPR) with the worst of which may allow remote execution of arbitrary code. |
CVE-2016-1960
|
| VCID-jt6f-rpfx-7kbj | Multiple vulnerabilities have been discovered in Mozilla Thunderbird, the worst of which could lead to remote code execution. |
CVE-2024-8383
|
| VCID-jtrv-jyme-sybh | Multiple vulnerabilities have been found in Mozilla Firefox, the worst of which may allow execution of arbitrary code. |
CVE-2018-5159
|
| VCID-jtsz-m5jr-ebdc | Multiple vulnerabilities have been found in Mozilla Firefox and Mozilla Thunderbird, the worst of which could result in the arbitrary execution of code. |
CVE-2020-15664
|
| VCID-jtyr-jd5m-87c3 | Multiple vulnerabilities have been found in Mozilla Firefox, the worst of which could result in the arbitrary execution of code. |
CVE-2020-15659
|
| VCID-jvy8-w1m2-ayaw | A use-after-free during web animations when working with timelines resulting in a potentially exploitable crash. |
CVE-2016-9068
|
| VCID-jwnz-gnjs-1uaa | Multiple vulnerabilities have been found in Mozilla Firefox, the worst of which may allow execution of arbitrary code. |
CVE-2017-7751
|
| VCID-jwze-7mfw-r3ax | Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could lead to the execution of arbitrary code. |
CVE-2017-5404
|
| VCID-jxq3-3gzd-yycp | Multiple vulnerabilities have been found in Mozilla Firefox and Thunderbird the worst of which could lead to the execution of arbitrary code. |
CVE-2016-5294
|
| VCID-jy6e-d578-nkcg | Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could result in the arbitrary execution of code. |
CVE-2021-38507
|
| VCID-jybh-8px4-pqau | Use-after-free in the JavaScript: GC component. This vulnerability affects Firefox < 147, Firefox ESR < 140.7, Thunderbird < 147, and Thunderbird < 140.7. |
CVE-2026-0885
|
| VCID-jyur-q447-t7hr | Multiple vulnerabilities have been found in Mozilla Firefox and Mozilla Thunderbird, the worst of which could result in the arbitrary execution of code. |
CVE-2020-26973
|
| VCID-jzb7-dve8-jygb | Multiple vulnerabilities have been found in Mozilla Firefox, the worst of which may allow execution of arbitrary code. |
CVE-2017-5438
|
| VCID-jzte-jqk6-7ya6 | Multiple vulnerabilities have been discovered in Mozilla Thunderbird, the worst of which could lead to remote code execution. |
CVE-2023-5169
|
| VCID-k131-mfqm-dka9 | Multiple vulnerabilities have been found in Graphite, the worst of which could lead to the remote execution of arbitrary code. |
CVE-2016-1977
|
| VCID-k1u4-hqjh-zbc8 | Multiple vulnerabilities have been found in Mozilla Firefox and Thunderbird the worst of which could lead to the execution of arbitrary code. |
CVE-2016-5251
|
| VCID-k2s2-zkua-8ydy | NSS has an information disclosure vulnerability when handling DSA keys. |
CVE-2020-12399
|
| VCID-k321-r7qq-gbb9 | A use-after-free vulnerability can occur when working with XMLHttpRequest (XHR) in an event loop, causing the XHR main thread to be called after it has been freed. This results in a potentially exploitable crash. |
CVE-2019-11691
|
| VCID-k4e4-363e-xyff | Mozilla developers and community members Christian Holler, Valentin Gosu, and Andrew McCreight reported memory safety bugs present in Firefox 93 and Firefox ESR 91.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. |
CVE-2021-43534
|
| VCID-k5hu-n47k-wffm | Multiple vulnerabilities have been found in Graphite, the worst of which could lead to the remote execution of arbitrary code. |
CVE-2016-2792
|
| VCID-k79j-1yvn-qfd2 | Multiple vulnerabilities have been found in Graphite, the worst of which could lead to the remote execution of arbitrary code. |
CVE-2017-7776
|
| VCID-k813-qahc-ubf4 | Security researcher Aral reported an out-of-bounds write when using the ANGLE graphics library, which is used for WebGL content on Windows systems. This crash occurs due to improper size checking while writing to an array during some WebGL shader operations. The ANGLE graphics library is only used on Windows. Linux, OS X, and Android operating systems are not affected by this vulnerability. |
CVE-2016-2824
|
| VCID-k8nw-bn74-6qe5 | Multiple vulnerabilities have been found in Chromium, the worst of which could result in the remote execution of code. |
CVE-2019-5798
|
| VCID-ka9e-ps8e-ryc8 | Multiple vulnerabilities have been discovered in Mozilla Thunderbird, the worst of which could lead to remote code execution. |
CVE-2024-9392
|
| VCID-ka9x-22be-p7aw | Multiple vulnerabilities have been found in Chromium and Google Chrome, the worst of which allows remote attackers to execute arbitrary code. |
CVE-2018-17466
|
| VCID-kat5-hy8e-skah | Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could result in the arbitrary execution of code. |
CVE-2021-29989
|
| VCID-kbqr-p81f-k3ch | Multiple vulnerabilities have been found in Mozilla Firefox, the worst of which may allow execution of arbitrary code. |
CVE-2018-12383
|
| VCID-kdwy-7p45-hbcs | Spoofing issue in Firefox. This vulnerability affects Firefox < 145, Firefox ESR < 140.5, Firefox ESR < 115.30, Thunderbird < 145, and Thunderbird < 140.5. |
CVE-2025-13015
|
| VCID-kf1h-zg32-1yh4 | Multiple vulnerabilities have been found in Mozilla Thunderbird, the world of which could result in arbitrary code execution. |
CVE-2022-40960
|
| VCID-kfxp-azcd-2yej | Multiple vulnerabilities have been discovered in Mozilla Thunderbird, the worst of which could result in arbitrary code execution. |
CVE-2022-46871
|
| VCID-khsw-jwtm-8faq | A use-after-free could have occurred when an HTTP2 session object was released on a different thread, leading to memory corruption and a potentially exploitable crash. |
CVE-2021-43535
|
| VCID-kk2m-2mxz-sbex | Spoofing issue in the Downloads Panel component. This vulnerability affects Firefox < 146, Thunderbird < 146, Firefox ESR < 140.7, and Thunderbird < 140.7. |
CVE-2025-14327
|
| VCID-kk9k-mpvr-7kh9 | Multiple vulnerabilities have been found in Mozilla Firefox, the worst of which could result in the arbitrary execution of code. |
CVE-2021-23981
|
| VCID-kkgh-a9hg-fud8 | A compromised web process using malicious IPC messages could have caused the privileged browser process to reveal blocks of its memory to the compromised process. |
CVE-2025-11710
|
| VCID-kkp5-vwqy-abbc | Multiple vulnerabilities have been found in Mozilla Firefox and Thunderbird the worst of which could lead to the execution of arbitrary code. |
CVE-2016-5284
|
| VCID-kpk1-e652-nkfa | Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could result in the arbitrary execution of code. |
CVE-2022-22761
|
| VCID-kr94-y6hg-d3hp | Multiple vulnerabilities have been found in Mozilla Firefox, the worst of which may allow execution of arbitrary code. |
CVE-2020-6799
|
| VCID-krg2-d4vy-z7fu | During the initialization of a new content process, a pointer offset can be manipulated leading to memory corruption and a potentially exploitable crash in the parent process. *Note: this issue only occurs on Windows. Other operating systems are unaffected.* |
CVE-2019-17015
|
| VCID-krq5-4j17-vfg9 | Multiple vulnerabilities have been discovered in Mozilla Thunderbird, the worst of which could result in arbitrary code execution. |
CVE-2023-28164
|
| VCID-kskc-agaw-8bcr | Multiple vulnerabilities have been discovered in Mozilla Thunderbird, the worst of which could lead to remote code execution. |
CVE-2023-6857
|
| VCID-ktmy-hj42-5kdc | Firefox 1.5.0.7 and 2.0, and Seamonkey 1.1b, allows remote attackers to cause a denial of service (crash) by creating a range object using createRange, calling selectNode on a DocType node (DOCUMENT_TYPE_NODE), then calling createContextualFragment on the range, which triggers a null dereference. NOTE: the original Bugtraq post mentioned that code execution was possible, but followup analysis has shown that it is only a null dereference. |
CVE-2006-5633
|
| VCID-ku26-71r1-vfem | Multiple vulnerabilities have been discovered in Mozilla Thunderbird, the worst of which could lead to remote code execution. |
CVE-2024-3854
|
| VCID-kuwd-6tcg-fuha | Incorrect boundary conditions in the Graphics component. This vulnerability affects Firefox < 149, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9. |
CVE-2026-4713
|
| VCID-kvkh-dxw4-rfde | Security researcher firehack reported a buffer overflow when parsing HTML5 fragments in a foreign context such as under an <svg> node. This results in a potentially exploitable crash when inserting an HTML fragment into an existing document. |
CVE-2016-2819
|
| VCID-kx3j-abfc-qfh2 | An attacker could, via a specially crafted multipart response, execute arbitrary JavaScript under the `resource://pdf.js` origin. This could allow them to access cross-origin PDF content. This access is limited to "same site" documents by the Site Isolation feature on desktop clients, but full cross-origin access is possible on Android versions. |
CVE-2024-9393
|
| VCID-kxvg-qw8v-vydv | Multiple vulnerabilities have been found in NSS, the worst of which may allow execution of arbitrary code. |
CVE-2017-5461
|
| VCID-m26q-fgjn-yugu | Multiple vulnerabilities have been discovered in Mozilla Thunderbird, the worst of which could result in arbitrary code execution. |
CVE-2023-25730
|
| VCID-m2cy-38ne-87dy | Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could lead to the execution of arbitrary code. |
CVE-2018-5117
|
| VCID-m2sr-re2h-3baq | Multiple vulnerabilities have been discovered in Mozilla Thunderbird, the worst of which could lead to remote code execution. |
CVE-2023-4050
|
| VCID-m2vr-a1ee-j7gv | Multiple vulnerabilities have been found in Mozilla Firefox and Thunderbird the worst of which could lead to the execution of arbitrary code. |
CVE-2016-5255
|
| VCID-m3mp-su9k-sfhs | Use-after-free in the JavaScript Engine component. This vulnerability affects Firefox < 148, Firefox ESR < 115.33, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8. |
CVE-2026-2763
|
| VCID-m52b-kam2-syg4 | Multiple vulnerabilities have been found in Mozilla Firefox and Thunderbird the worst of which could lead to the execution of arbitrary code. |
CVE-2016-5280
|
| VCID-m59v-ygc2-qucg | Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could lead to the execution of arbitrary code. |
CVE-2017-5378
|
| VCID-m5h6-y3tw-eue6 | Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could result in the arbitrary execution of code. |
CVE-2019-20503
|
| VCID-m5pb-75ag-tfep | Use-after-free while manipulating the navigator object within WebVR. *Note: WebVR is not currently enabled by default.* |
CVE-2016-9896
|
| VCID-m6uv-91wz-xfdv | Mitigation bypass in the Networking: HTTP component. This vulnerability affects Firefox < 149, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9. |
CVE-2026-4700
|
| VCID-m92a-91pv-dffv | If a user downloaded a file lacking an extension on Windows, and then "Open"-ed it from the downloads panel, if there was an executable file in the downloads directory with the same name but with an executable extension (such as .bat or .exe) that executable would have been launched instead.*Note: This issue only affected Windows operating systems. Other operating systems are unaffected.* |
CVE-2020-35112
|
| VCID-m93r-91y4-xyaz | An attacker could have caused a use-after-free via the Custom Highlight API, leading to a potentially exploitable crash. |
CVE-2025-1010
|
| VCID-m9h1-aw7r-jqb2 | An error in the ECMA-262 specification relating to Async Generators could have resulted in a type confusion, potentially leading to memory corruption and an exploitable crash. |
CVE-2024-7652
|
| VCID-mc6m-8uzs-pkgu | Multiple vulnerabilities have been discovered in Mozilla Thunderbird, the worst of which could result in arbitrary code execution. |
CVE-2023-25744
|
| VCID-mdpv-kcbb-9ubj | Content Security Policy combined with HTTP to HTTPS redirection can be used by malicious server to verify whether a known site is within a user's browser history. |
CVE-2016-9071
|
| VCID-menq-g5ce-1yd8 | Memory safety bugs present in Firefox ESR 115.32, Firefox ESR 140.7, Thunderbird ESR 140.7, Firefox 147 and Thunderbird 147. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. |
CVE-2026-2793
|
| VCID-mfs8-2vzs-pybf | Multiple vulnerabilities have been discovered in Mozilla Thunderbird, the worst of which could lead to remote code execution. |
CVE-2024-3859
|
| VCID-mfwc-dm4n-vbey | Code injection The PDF viewer does not sufficiently sanitize PostScript calculator functions, allowing malicious JavaScript to be injected through a crafted PDF file. This JavaScript can then be run with the permissions of the PDF viewer by its worker. |
CVE-2018-5158
GHSA-7jg2-jgv3-fmr4 |
| VCID-mh92-65bz-43ds | Multiple vulnerabilities have been discovered in Mozilla Thunderbird, the worst of which could lead to remote code execution. |
CVE-2023-5721
|
| VCID-mj7n-8hf6-2qar | Multiple vulnerabilities have been discovered in Mozilla Thunderbird, the worst of which could lead to remote code execution. |
CVE-2023-5724
|
| VCID-mm6w-kpe8-4kg3 | Race condition, use-after-free in the Graphics: WebRender component. This vulnerability affects Firefox < 149, Firefox ESR < 115.34, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9. |
CVE-2026-4684
|
| VCID-mm7x-rfzg-uqfc | Multiple vulnerabilities have been discovered in Mozilla Thunderbird, the worst of which could result in arbitrary code execution. |
CVE-2022-45404
|
| VCID-mmvb-w19n-97a3 | Multiple vulnerabilities have been found in Mozilla Firefox, the worst of which could result in the arbitrary execution of code. |
CVE-2020-12420
|
| VCID-mn6j-2wd1-ukfb | Integer overflow in the Audio/Video component. This vulnerability affects Firefox < 148, Firefox ESR < 115.33, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8. |
CVE-2026-2774
|
| VCID-mnar-hq2z-q7dc | Multiple vulnerabilities have been found in Mozilla Firefox and Thunderbird the worst of which could lead to the execution of arbitrary code. |
CVE-2016-5265
|
| VCID-mnt3-q341-j7gj | Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could result in the arbitrary execution of code. |
CVE-2019-11763
|
| VCID-mp4n-ez8p-63ek | Multiple vulnerabilities have been discovered in Mozilla Thunderbird, the worst of which could result in arbitrary code execution. |
CVE-2023-28163
|
| VCID-mqte-f1hw-2ya5 | Multiple vulnerabilities have been found in Mozilla Firefox, the worst of which could result in the arbitrary execution of code. |
CVE-2022-22753
|
| VCID-mrb2-hz9y-4ufp | When a file download is specified via the Content-Disposition header, that directive would be ignored if the file was included via a <embed> or <object> tag, potentially making a website vulnerable to a cross-site scripting attack. |
CVE-2025-6430
|
| VCID-ms9h-982a-pkdu | Certificate length was not properly checked when added to a certificate store. In practice only trusted data was processed. |
CVE-2025-1014
|
| VCID-mtkx-1vvb-3yhp | In the Angle graphics library, depth pitch computations did not take into account the block size and simply multiplied the row pitch with the pixel height. This caused the load functions to use a very high depth pitch, reading past the end of the user-supplied buffer.*Note: This issue only affected Windows operating systems. Other operating systems are unaffected.* |
CVE-2020-16048
|
| VCID-mupu-c1j2-xkgs | Multiple vulnerabilities have been found in Mozilla Firefox and Thunderbird the worst of which could lead to the execution of arbitrary code. |
CVE-2016-2806
|
| VCID-mv4d-eqtc-kkgw | Multiple vulnerabilities have been found in Mozilla Firefox, the worst of which could result in the arbitrary execution of code. |
CVE-2021-23968
|
| VCID-mw96-qtnz-gqdx | Multiple vulnerabilities have been discovered in Mozilla Thunderbird, the worst of which could lead to remote code execution. |
CVE-2024-10465
|
| VCID-mw9j-h66p-k7as | Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could result in the arbitrary execution of code. |
CVE-2022-28289
|
| VCID-mwd4-pgxg-zkha | Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could result in the arbitrary execution of code. |
CVE-2022-26485
|
| VCID-mwj3-wa1g-buay | Multiple vulnerabilities have been discovered in Mozilla Thunderbird, the worst of which could lead to remote code execution. |
CVE-2023-37207
|
| VCID-mwrr-ashj-bfg3 | Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could lead to the execution of arbitrary code. |
CVE-2017-7825
|
| VCID-myv9-89b8-w7dm | In the Windows 10 April 2018 Update, Windows Defender SmartScreen honors the SEE_MASK_FLAG_NO_UI flag associated with downloaded files and will not show any UI. Files that are unknown and potentially dangerous will be allowed to run because SmartScreen will not prompt the user for a decision, and if the user is offline all files will be allowed to be opened because Windows won’t prompt the user to ask what to do. Firefox incorrectly sets this flag when downloading files, leading to less secure behavior from SmartScreen. *Note: this issue only affects Windows 10 users running the April 2018 update or later. It does not affect other Windows users or other operating systems.* |
CVE-2018-5174
|
| VCID-mzbp-5r6m-27cm | Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could result in the arbitrary execution of code. |
CVE-2022-22740
|
| VCID-mznp-sxav-xfhn | Multiple vulnerabilities have been reported in Mozilla Firefox. |
CVE-2006-5748
|
| VCID-n1uk-fcmx-yuee | Multiple vulnerabilities have been discovered in Mozilla Firefox, the worst of which could result in arbitrary code execution. |
CVE-2022-38478
|
| VCID-n1v6-q6wt-ebaj | Multiple vulnerabilities have been found in Mozilla Firefox, the worst of which may allow execution of arbitrary code. |
CVE-2018-18494
|
| VCID-n2hq-1ck4-ayhp | Error handling for script execution was incorrectly isolated from web content, which could have allowed cross-origin leak attacks. |
CVE-2025-5263
|
| VCID-n4hu-b1t6-xkay | Multiple vulnerabilities have been discovered in Mozilla Thunderbird, the worst of which could lead to remote code execution. |
CVE-2024-10458
|
| VCID-n4kc-y37w-qkdk | Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could result in the arbitrary execution of code. |
CVE-2021-38506
|
| VCID-n796-xf5e-pucq | Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could result in the arbitrary execution of code. |
CVE-2021-4140
|
| VCID-n8gb-hpjb-v7a5 | Return registers were overwritten which could have allowed an attacker to execute arbitrary code. *Note:* This issue only affected Armv7-A systems. Other operating systems are unaffected. |
CVE-2024-2607
|
| VCID-n8hk-44ah-bugr | Due to insufficient escaping of the ampersand character in the "copy as cURL" feature, an attacker could trick a user into using this command, potentially leading to local code execution on the user's system.*This bug only affects Firefox for Windows. Other versions of Firefox are unaffected.* |
CVE-2025-4084
|
| VCID-nbvc-j1zu-v7d8 | Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could result in the arbitrary execution of code. |
CVE-2019-11762
|
| VCID-ndd4-kd1y-z7ep | Sandbox escape due to incorrect boundary conditions in the Graphics: CanvasWebGL component. This vulnerability affects Firefox < 147, Firefox ESR < 140.7, Thunderbird < 147, and Thunderbird < 140.7. |
CVE-2026-0878
|
| VCID-ne9e-2jg4-mbd5 | Multiple vulnerabilities have been reported in Mozilla Thunderbird, some of which may allow the remote execution of arbitrary code. |
CVE-2006-6497
|
| VCID-ngdr-hetx-kbf8 | Multiple vulnerabilities have been found in Firefox, Thunderbird, Network Security Services (NSS), and NetScape Portable Runtime (NSPR) with the worst of which may allow remote execution of arbitrary code. |
CVE-2016-1956
|
| VCID-ngja-2eff-h7hk | Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could lead to remote code execution. |
CVE-2023-34414
|
| VCID-ngw4-xb6d-gqfm | An integer overflow in createImageBitmap() was reported through the Pwn2Own contest. The fix for this vulnerability disables the experimental extensions to the createImageBitmap API. This function runs in the content sandbox, requiring a second vulnerability to compromise a user's computer. |
CVE-2017-5428
|
| VCID-nhsr-4zux-2bck | Use-after-free in the Storage: IndexedDB component. This vulnerability affects Firefox < 148, Firefox ESR < 115.33, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8. |
CVE-2026-2769
|
| VCID-nkpq-9gd6-nuc4 | Memory safety bugs present in Firefox ESR 140.6, Thunderbird ESR 140.6, Firefox 146 and Thunderbird 146. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. |
CVE-2026-0891
|
| VCID-nmh4-zpeh-4bcr | Multiple vulnerabilities have been found in Expat, the worst of which could result in a Denial of Service condition. |
CVE-2019-15903
|
| VCID-nmws-nx6k-5qbe | Multiple vulnerabilities have been found in Mozilla Firefox, the worst of which may allow execution of arbitrary code. |
CVE-2017-7798
|
| VCID-npyt-d8qr-wqdj | Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could lead to the execution of arbitrary code. |
CVE-2017-5402
|
| VCID-nr84-88hy-6fah | Multiple vulnerabilities have been found in Graphite, the worst of which could lead to the remote execution of arbitrary code. |
CVE-2016-2796
|
| VCID-ntqr-ptmu-yuen | Use-after-free in the JavaScript: WebAssembly component. This vulnerability affects Firefox < 148, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8. |
CVE-2026-2767
|
| VCID-nvsz-9s3r-nbhq | Undefined behavior in the WebRTC: Signaling component. This vulnerability affects Firefox < 149, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9. |
CVE-2026-4718
|
| VCID-nyhm-tguf-gkat | Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could lead to the execution of arbitrary code. |
CVE-2018-5104
|
| VCID-nyn2-zf8c-67cb | Multiple vulnerabilities have been found in Mozilla Firefox, the worst of which may allow execution of arbitrary code. |
CVE-2017-7750
|
| VCID-nzcd-dk9q-puh1 | Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could result in the arbitrary execution of code. |
CVE-2020-26976
|
| VCID-p365-j5gq-4uct | Multiple vulnerabilities have been found in Mozilla Firefox and Thunderbird the worst of which could lead to the execution of arbitrary code. |
CVE-2016-2816
|
| VCID-p595-z1gu-6fgf | Mozilla Firefox before 25 allows modification of anonymous content of pluginProblem.xml binding |
CVE-2013-5594
|
| VCID-p9zh-7wyj-hffm | Undefined behavior in the DOM: Core & HTML component. This vulnerability affects Firefox < 148, Firefox ESR < 115.33, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8. |
CVE-2026-2771
|
| VCID-pber-bzw2-r3gw | The Mozilla Maintenance Service can be invoked by an unprivileged user to read 32 bytes of any arbitrary file on the local system by convincing the service that it is reading a status file provided by the Mozilla Windows Updater. The Mozilla Maintenance Service executes with privileged access, bypassing system protections against unprivileged users. *Note: This attack requires local system access and only affects Windows. Other operating systems are not affected.* |
CVE-2017-7768
|
| VCID-pbrt-gcqj-kycv | Multiple vulnerabilities have been found in Mozilla Firefox and Thunderbird the worst of which could lead to the execution of arbitrary code. |
CVE-2016-9900
|
| VCID-pcgf-xtfq-6ugb | JIT miscompilation in the JavaScript Engine: JIT component. This vulnerability affects Firefox < 146, Firefox ESR < 140.6, Thunderbird < 146, and Thunderbird < 140.6. |
CVE-2025-14330
|
| VCID-pcrz-f3nj-kybr | Multiple vulnerabilities have been discovered in Mozilla Firefox, the worst of which can lead to arbitrary code execution. |
CVE-2025-1938
|
| VCID-pdgz-dsbq-67hq | Multiple vulnerabilities have been found in Firefox, Thunderbird, Network Security Services (NSS), and NetScape Portable Runtime (NSPR) with the worst of which may allow remote execution of arbitrary code. |
CVE-2016-1967
|
| VCID-pemg-ndu8-wbbc | Sandbox escape due to incorrect boundary conditions in the Graphics component. This vulnerability affects Firefox < 147, Firefox ESR < 115.32, Firefox ESR < 140.7, Thunderbird < 147, and Thunderbird < 140.7. |
CVE-2026-0879
|
| VCID-pepm-1t68-uuf1 | Multiple vulnerabilities have been discovered in Mozilla Thunderbird, the worst of which could lead to remote code execution. |
CVE-2023-6864
|
| VCID-pj4h-ff45-e3ez | A race condition could have led to private browsing tabs being opened in normal browsing windows. This could have resulted in a potential privacy leak. |
CVE-2025-1013
|
| VCID-pmwj-2v2k-nfcb | Multiple vulnerabilities have been found in Mozilla Firefox, the worst of which may allow execution of arbitrary code. |
CVE-2017-7758
|
| VCID-pn68-e9g7-qbf1 | The executable file warning did not warn users before opening files with the terminal extension. *This bug only affects Thunderbird for macOS. Other versions of Thunderbird are unaffected.* |
CVE-2025-6426
|
| VCID-pryc-r9jn-9bds | Multiple vulnerabilities have been found in Mozilla Firefox, the worst of which may allow execution of arbitrary code. |
CVE-2018-12378
|
| VCID-ps9s-3kuv-1yh1 | Multiple vulnerabilities have been found in Mozilla Firefox and Mozilla Thunderbird, the worst of which could result in the arbitrary execution of code. |
CVE-2020-15677
|
| VCID-psc3-4ssv-wyb5 | On 64-bit platforms IonMonkey-JIT only wrote 32 bits of the 64-bit return value space on the stack. Baseline-JIT, however, read the entire 64 bits. |
CVE-2025-8027
|
| VCID-pse8-xnc7-gkbv | Using a markup injection an attacker could have stolen nonce values. This could have been used to bypass strict content security policies. |
CVE-2024-2610
|
| VCID-pt8y-85gt-8kge | A vulnerability exists in WebRTC where malicious web content can use probing techniques on the getUserMedia API using constraints to reveal device properties of cameras on the system without triggering a user prompt or notification. This allows for the potential fingerprinting of users. |
CVE-2019-11749
|
| VCID-pv9q-fcta-ffbq | Multiple vulnerabilities have been discovered in Mozilla Thunderbird, the worst of which could lead to remote code execution. |
CVE-2023-4577
|
| VCID-pvvt-h3mh-33eb | Multiple vulnerabilities have been discovered in Mozilla Firefox, the worst of which could result in arbitrary code execution. |
CVE-2024-0741
|
| VCID-pws7-8qmm-hfes | Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could result in the arbitrary execution of code. |
CVE-2019-17008
|
| VCID-pww9-m9d4-euew | Multiple vulnerabilities have been found in Mozilla Firefox, the worst of which may allow execution of arbitrary code. |
CVE-2017-7752
|
| VCID-pybb-2ny2-quas | Multiple vulnerabilities have been discovered in Mozilla Thunderbird, the worst of which could lead to remote code execution. |
CVE-2023-6209
|
| VCID-pybp-xzy7-q3a8 | Two use-after-free errors during DOM operations resulting in potentially exploitable crashes. |
CVE-2016-9067
|
| VCID-pzf5-v82a-hkb9 | Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could result in the arbitrary execution of code. |
CVE-2022-26486
|
| VCID-q1pv-avug-juef | Privilege escalation in the Messaging System component. This vulnerability affects Firefox < 148, Firefox ESR < 115.33, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8. |
CVE-2026-2777
|
| VCID-q38n-z9wb-qufk | Multiple vulnerabilities have been found in Mozilla Firefox and Thunderbird the worst of which could lead to the execution of arbitrary code. |
CVE-2016-5283
|
| VCID-q494-zvyn-quge | Multiple vulnerabilities have been discovered in Mozilla Thunderbird, the worst of which could result in arbitrary code execution. |
CVE-2022-46881
|
| VCID-q4bf-vh36-kye9 | Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could result in the arbitrary execution of code. |
CVE-2022-22756
|
| VCID-q4x5-dz5r-jqgr | Multiple vulnerabilities have been found in Mozilla Firefox and Thunderbird the worst of which could lead to the execution of arbitrary code. |
CVE-2016-9905
|
| VCID-q72b-g1hz-23fs | Multiple vulnerabilities have been found in Mozilla Firefox, the worst of which may allow execution of arbitrary code. |
CVE-2017-5429
|
| VCID-q77k-hc9g-9fhm | The Mozilla Maintenance Service granted SERVICE_START access to BUILTIN|Users which, in a domain network, grants normal remote users access to start or stop the service. This could be used to prevent the browser update service from operating (if an attacker spammed the 'Stop' command); but also exposed attack surface in the maintenance service.*Note: This issue only affected Windows operating systems older than Win 10 build 1709. Other operating systems are unaffected.* |
CVE-2021-29951
|
| VCID-q7jk-b69d-bbav | Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could lead to the execution of arbitrary code. |
CVE-2017-7785
|
| VCID-q9f4-zumy-wbfy | Memory safety bugs present in Firefox ESR 115.25, Firefox ESR 128.12, Thunderbird ESR 128.12, Firefox ESR 140.0, Thunderbird ESR 140.0, Firefox 140 and Thunderbird 140. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. |
CVE-2025-8034
|
| VCID-qa9c-xyvd-kygu | Mozilla developer John Schoenick reported that CSS pseudo-classes can be used by web content to leak information on plugins that are installed but disabled. This can be used for information disclosure through a fingerprinting attack that lists all of the plugins installed by a user on a system, even when they are disabled. |
CVE-2016-2832
|
| VCID-qbzp-euvv-q7c7 |
CVE-2026-5732
|
|
| VCID-qd4e-g5zv-1ucf | Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could result in the arbitrary execution of code. |
CVE-2021-43539
|
| VCID-qdqj-rhcr-wbca | Multiple vulnerabilities have been discovered in Mozilla Thunderbird, the worst of which could lead to remote code execution. |
CVE-2023-6856
|
| VCID-qeh2-jn2v-9ug7 | A compromised web process was able to trigger out of bounds reads and writes in a more privileged process using manipulated WebGL textures. |
CVE-2025-11709
|
| VCID-qetw-2ah7-5ba4 | Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could lead to the execution of arbitrary code. |
CVE-2017-7809
|
| VCID-qgvp-4eea-bkgm | Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could result in the arbitrary execution of code. |
CVE-2022-22748
|
| VCID-qgvy-hzsx-hkge | Use-after-free in the Audio/Video component. This vulnerability affects Firefox < 145, Firefox ESR < 140.5, Firefox ESR < 115.30, Thunderbird < 145, and Thunderbird < 140.5. |
CVE-2025-13014
|
| VCID-qh1k-c7ct-efg8 | Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could lead to the execution of arbitrary code. |
CVE-2017-7786
|
| VCID-qh4a-bn9p-a7hh | Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could result in the arbitrary execution of code. |
CVE-2022-26387
|
| VCID-qhes-9dcx-tbb5 | Multiple vulnerabilities have been found in Graphite, the worst of which could lead to the remote execution of arbitrary code. |
CVE-2017-7777
|
| VCID-qjs9-h3tt-qucf | Special about: pages used by web content, such as RSS feeds, can load privileged about: pages in an iframe. If a content-injection bug were found in one of those pages this could allow for potential privilege escalation. |
CVE-2017-5391
|
| VCID-qkks-24cp-gqg2 | Incorrect boundary conditions in the Graphics: Canvas2D component. This vulnerability affects Firefox < 149, Firefox ESR < 115.34, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9. |
CVE-2026-4706
|
| VCID-qm8f-f8nr-qba9 | Sandbox escape due to integer overflow in the Graphics component. This vulnerability affects Firefox < 147, Firefox ESR < 115.32, Firefox ESR < 140.7, Thunderbird < 147, and Thunderbird < 140.7. |
CVE-2026-0880
|
| VCID-qne4-76n5-4yf3 | Multiple vulnerabilities have been found in Mozilla Firefox and Thunderbird the worst of which could lead to the execution of arbitrary code. |
CVE-2016-5250
|
| VCID-qptm-f15t-57gj | Multiple vulnerabilities have been found in Mozilla Firefox and Thunderbird the worst of which could lead to the execution of arbitrary code. |
CVE-2016-5290
|
| VCID-qq5h-5k45-rycm | Multiple vulnerabilities have been found in Mozilla Firefox, the worst of which could result in the arbitrary execution of code. |
CVE-2021-23995
|
| VCID-qq7q-7j4q-h7dz | Multiple vulnerabilities have been found in Mozilla Firefox, the worst of which may allow execution of arbitrary code. |
CVE-2018-12397
|
| VCID-qrbp-3x9q-q3g2 | Multiple vulnerabilities have been found in Mozilla Firefox and Thunderbird the worst of which could lead to the execution of arbitrary code. |
CVE-2016-5273
|
| VCID-qrqw-p9v1-zfb2 | Multiple vulnerabilities have been found in Mozilla Firefox and Thunderbird the worst of which could lead to the execution of arbitrary code. |
CVE-2016-5282
|
| VCID-qrva-vbms-sug2 | Multiple vulnerabilities have been found in Firefox, Thunderbird, Network Security Services (NSS), and NetScape Portable Runtime (NSPR) with the worst of which may allow remote execution of arbitrary code. |
CVE-2016-1969
|
| VCID-qta2-8rnt-k7d1 | Incorrect boundary conditions in the Audio/Video: GMP component. This vulnerability affects Firefox < 148, Firefox ESR < 115.33, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8. |
CVE-2026-2788
|
| VCID-qtcm-9z3v-dydn | Multiple vulnerabilities have been discovered in Mozilla Firefox, the worst of which can lead to arbitrary code execution. |
CVE-2025-0241
|
| VCID-qtp4-ada6-tydd | Multiple vulnerabilities have been found in Firefox, Thunderbird, Network Security Services (NSS), and NetScape Portable Runtime (NSPR) with the worst of which may allow remote execution of arbitrary code. |
CVE-2016-1974
|
| VCID-qu91-vc1p-dyb1 | Multiple vulnerabilities have been found in Mozilla Firefox and Thunderbird the worst of which could lead to the execution of arbitrary code. |
CVE-2016-9899
|
| VCID-qu9b-rst3-v7fa | Security researcher Frédéric Hoguin reported a mechanism where the Mozilla Windows updater could be used to overwrite arbitrary files. He found that files extracted by the updater from a MAR archive are not locked for writing and can be overwritten by other processes while the updater is running. A malicious local program could invoke the updater and then interfere with the extracted files, replacing them with its own. This vulnerability could be used for privilege escalation if these overwritten files were later invoked by other Windows components that had higher privileges. This issue does not affect non-Windows operating systems. |
CVE-2016-2826
|
| VCID-qv74-f7ax-83cp | Multiple vulnerabilities have been discovered in Mozilla Firefox, the worst of which could result in arbitrary code execution. |
CVE-2022-38473
|
| VCID-qv7a-3c41-x3cr | Multiple vulnerabilities have been discovered in Mozilla Firefox, the worst of which could result in arbitrary code execution. |
CVE-2022-38477
|
| VCID-qv8f-9y37-bbdk | Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could result in the arbitrary execution of code. |
CVE-2021-29985
|
| VCID-qvqm-n242-vyea | Multiple vulnerabilities have been found in Mozilla Firefox, the worst of which may allow execution of arbitrary code. |
CVE-2018-12405
|
| VCID-qw5k-tgdz-vkcw | The Mozilla Windows updater can be called by a non-privileged user to delete an arbitrary local file by passing a special path to the callback parameter through the Mozilla Maintenance Service, which has privileged access. *Note: This attack requires local system access and only affects Windows. Other operating systems are not affected.* |
CVE-2017-5409
|
| VCID-qwc9-da7w-4kdr | Multiple vulnerabilities have been found in Mozilla Firefox and Thunderbird the worst of which could lead to the execution of arbitrary code. |
CVE-2016-2804
|
| VCID-qy44-ubss-x7et | Multiple vulnerabilities have been found in Mozilla Thunderbird, the world of which could result in arbitrary code execution. |
CVE-2022-40962
|
| VCID-qz95-5z9e-7qb7 | The JavaScript engine did not handle closed generators correctly and it was possible to resume them leading to a nullptr deref. |
CVE-2025-8033
|
| VCID-qzrz-4abn-q7f2 | Security researcher Armin Ebert reported that the location.host property can be set to an arbitrary string after creating an invalid data: URI. This allows for a bypass of some same-origin policy protections. This issue is mitigated by the data: URI in use and any same-origin checks for http: or https: are still enforced correctly. As a result cookie stealing and other common same-origin bypass attacks are not possible. |
CVE-2016-2825
|
| VCID-r29z-4m4j-8kft | A use-after-free in FontFaceSet resulted in a potentially exploitable crash. |
CVE-2025-6424
|
| VCID-r34s-64j2-dfff | Feed preview for RSS feeds can be used to capture errors and exceptions generated by privileged content, allowing for the exposure of internal information not meant to be seen by web content. |
CVE-2017-5382
|
| VCID-r4th-1n98-aqc6 | A use-after-free in Mozilla Firefox might allow remote attacker(s) to execute arbitrary code. |
CVE-2020-26950
|
| VCID-r587-gyj4-5kee | Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could result in the arbitrary execution of code. |
CVE-2022-29911
|
| VCID-r631-9h74-sygv | Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could result in the arbitrary execution of code. |
CVE-2022-28282
|
| VCID-r7ss-g876-c7fg | Multiple vulnerabilities have been discovered in Mozilla Firefox, the worst of which can lead to arbitrary code execution. |
CVE-2025-0237
|
| VCID-r7te-y4n3-1uhj | Data sent with in multipart channels, such as the multipart/x-mixed-replace MIME type, will ignore the referrer-policy response header, leading to potential information disclosure for sites using this header. |
CVE-2017-5385
|
| VCID-r7vt-w149-9bfn | Incorrect boundary conditions in the Web Audio component. This vulnerability affects Firefox < 148, Firefox ESR < 115.33, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8. |
CVE-2026-2773
|
| VCID-r7vv-451v-nbag | Multiple vulnerabilities have been found in Mozilla Firefox, the worst of which may allow execution of arbitrary code. |
CVE-2018-12392
|
| VCID-r8en-yg26-w3a1 | Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could lead to the execution of arbitrary code. |
CVE-2017-5398
|
| VCID-r8jw-hvmm-pkhs | Multiple vulnerabilities have been found in Mozilla Firefox and Thunderbird the worst of which could lead to the execution of arbitrary code. |
CVE-2016-2835
|
| VCID-rafq-49c4-u7g6 | Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could lead to remote code execution. |
CVE-2023-32215
|
| VCID-rakk-h5vn-kbaw | Given an installed malicious file picker application, an attacker was able to steal and upload local files of their choosing, regardless of the actually files picked. *Note: This issue only affected Firefox for Android. Other operating systems are unaffected.* |
CVE-2020-15649
|
| VCID-rarq-q7qa-nud7 | Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could lead to remote code execution. |
CVE-2023-32213
|
| VCID-rbna-kkn2-2baj | Multiple vulnerabilities have been discovered in Mozilla Thunderbird, the worst of which could lead to remote code execution. |
CVE-2023-5176
|
| VCID-rbuu-mph9-7uay | Multiple vulnerabilities have been discovered in Mozilla Thunderbird, the worst of which could lead to remote code execution. |
CVE-2024-1550
|
| VCID-rcg4-7hjg-v7du | Multiple vulnerabilities have been discovered in Mozilla Thunderbird, the worst of which could lead to remote code execution. |
CVE-2024-10463
|
| VCID-rev7-13wx-kqew | Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could result in the arbitrary execution of code. |
CVE-2019-11715
|
| VCID-rg63-avu7-2bdc | Sandbox escape due to use-after-free in the Graphics: Canvas2D component. This vulnerability affects Firefox < 143, Firefox ESR < 140.3, Thunderbird < 143, and Thunderbird < 140.3. |
CVE-2025-10527
|
| VCID-rhdv-jxvv-5yb2 | A same-origin policy violation allowing the theft of cross-origin URL entries when using a <meta> meta http-equiv="refresh" on a page to cause a redirection to another site using performance.getEntries(). This is a same-origin policy violation and could allow for data theft. |
CVE-2018-18499
|
| VCID-rhzx-ha7x-dfew | Multiple vulnerabilities have been found in Mozilla Thunderbird and Firefox, the worst of which could lead to the execution of arbitrary code. |
CVE-2019-9791
|
| VCID-rkj9-dd18-xka9 | A clickjacking vulnerability could have been used to trick a user into leaking saved payment card details to a malicious page. |
CVE-2025-5267
|
| VCID-rp5h-ym8y-skbw | Use-after-free in the JavaScript Engine component. This vulnerability affects Firefox < 149, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9. |
CVE-2026-4701
|
| VCID-rq11-qm9e-7ubk | Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could result in the arbitrary execution of code. |
CVE-2021-43545
|
| VCID-rqkq-q1x2-6fgq | Multiple vulnerabilities have been found in Mozilla Firefox and Thunderbird the worst of which could lead to the execution of arbitrary code. |
CVE-2016-5281
|
| VCID-rsda-j27d-8bdc | Multiple vulnerabilities have been found in Firefox, Thunderbird, Network Security Services (NSS), and NetScape Portable Runtime (NSPR) with the worst of which may allow remote execution of arbitrary code. |
CVE-2016-1954
|
| VCID-rsqj-18a5-23gd | Multiple vulnerabilities have been found in Mozilla Firefox, the worst of which may allow execution of arbitrary code. |
CVE-2017-5470
|
| VCID-rsy6-acfe-ffb5 | The constructed curl command from the "Copy as curl" feature in DevTools was not properly escaped for PowerShell. This could have lead to command injection if pasted into a Powershell prompt.*This bug only affects Firefox for Windows. Other operating systems are unaffected.* |
CVE-2022-22744
|
| VCID-rszh-1c16-47ah | Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could result in the arbitrary execution of code. |
CVE-2020-6798
|
| VCID-ru7n-21qs-eyfx | Multiple vulnerabilities have been found in Mozilla Firefox, the worst of which may allow execution of arbitrary code. |
CVE-2017-5469
|
| VCID-ruc1-kmaz-fkbb | Incorrect boundary conditions in the JavaScript: GC component. This vulnerability affects Firefox < 143, Firefox ESR < 140.3, Thunderbird < 143, and Thunderbird < 140.3. |
CVE-2025-10532
|
| VCID-rw3y-swwt-2kef | Multiple vulnerabilities have been found in Mozilla Firefox, the worst of which may allow execution of arbitrary code. |
CVE-2018-5091
|
| VCID-rz6b-kepf-cfg9 | Mozilla developers and community members Christian Holler, Andrew McCreight, Dan Minor, Tyson Smith, Jon Coppeard, Jan-Ivar Bruaroey, Jesse Ruderman, and Markus Stange reported memory safety bugs present in Firefox 49. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. |
CVE-2016-5289
|
| VCID-s326-zdyp-67ev | Multiple vulnerabilities have been found in Mozilla Firefox, the worst of which could result in the arbitrary execution of code. |
CVE-2019-11742
|
| VCID-s3kc-mhdz-nkeh | Multiple vulnerabilities have been discovered in Mozilla Thunderbird, the worst of which could result in arbitrary code execution. |
CVE-2023-25743
|
| VCID-s556-eg79-77gu | Multiple vulnerabilities have been discovered in Mozilla Thunderbird, the worst of which could lead to remote code execution. |
CVE-2024-7522
|
| VCID-s558-4jac-47ft | Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could lead to the execution of arbitrary code. |
CVE-2017-7791
|
| VCID-s89g-7f5f-5qd2 | Thunderbird could have incorrectly parsed a URL and rewritten it to the youtube.com domain when parsing the URL specified in an embed tag. This could have bypassed website security checks that restricted which domains users were allowed to embed. |
CVE-2025-6429
|
| VCID-s95f-9g8b-s3es | By monitoring the time certain operations take, an attacker could have guessed which external protocol handlers were functional on a user's system. |
CVE-2024-5690
|
| VCID-saht-cs9w-h7h7 | Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could lead to the execution of arbitrary code. |
CVE-2018-5095
|
| VCID-sb4d-y4bp-k3h9 | Multiple vulnerabilities have been found in Mozilla Firefox, the worst of which could result in the arbitrary execution of code. |
CVE-2020-26958
|
| VCID-scqu-uppe-w3h3 | Multiple vulnerabilities have been found in Mozilla Firefox, the worst of which could result in the arbitrary execution of code. |
CVE-2019-11744
|
| VCID-sfyj-m6xa-8bbc | Multiple vulnerabilities have been discovered in Mozilla Thunderbird, the worst of which could lead to remote code execution. |
CVE-2023-4581
|
| VCID-sg2y-gfue-6qam | Multiple vulnerabilities have been discovered in Mozilla Thunderbird, the worst of which could lead to remote code execution. |
CVE-2024-10461
|
| VCID-sg3s-971c-c3fy | Multiple vulnerabilities have been found in Mozilla Firefox and Thunderbird the worst of which could lead to the execution of arbitrary code. |
CVE-2016-5254
|
| VCID-sgwe-9xfj-6kav | Information disclosure due to JIT miscompilation in the JavaScript Engine: JIT component. This vulnerability affects Firefox < 148, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8. |
CVE-2026-2783
|
| VCID-sh7r-dftz-kyhn | Multiple vulnerabilities have been discovered in Mozilla Thunderbird, the worst of which could lead to remote code execution. |
CVE-2023-4045
|
| VCID-sjy7-cp3x-nfh2 | Multiple vulnerabilities have been found in Mozilla Firefox, the worst of which may allow execution of arbitrary code. |
CVE-2018-12368
|
| VCID-sk9f-516d-xqh7 | Multiple vulnerabilities have been found in Mozilla Thunderbird and Firefox, the worst of which could lead to the execution of arbitrary code. |
CVE-2019-9810
|
| VCID-skbg-e4em-bkaw | Multiple vulnerabilities have been found in Mozilla Firefox, the worst of which may allow execution of arbitrary code. |
CVE-2018-18492
|
| VCID-sknm-65ff-4uck | Cross-origin images can be read from a canvas element in violation of the same-origin policy using the transferFromImageBitmap method. |
CVE-2018-18511
|
| VCID-sm2q-bg6f-4qag | Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could result in the arbitrary execution of code. |
CVE-2022-34468
|
| VCID-snbc-j4e3-uff1 | Multiple vulnerabilities have been discovered in Mozilla Thunderbird, the worst of which could lead to remote code execution. |
CVE-2023-4582
|
| VCID-sncj-cwvy-ckdf | Multiple vulnerabilities have been found in Graphite, the worst of which could lead to the remote execution of arbitrary code. |
CVE-2017-7778
|
| VCID-sncs-nk53-jbap | Multiple vulnerabilities have been found in Mozilla Firefox and Thunderbird the worst of which could lead to the execution of arbitrary code. |
CVE-2016-5279
|
| VCID-sp11-eqxh-t3gw | Multiple vulnerabilities have been found in Mozilla Firefox and Thunderbird the worst of which could lead to the execution of arbitrary code. |
CVE-2016-2817
|
| VCID-sq1u-5jfc-dyh1 | A possible vulnerability exists where type confusion can occur when manipulating JavaScript objects in object groups, allowing for the bypassing of security checks within these groups. *Note: this vulnerability has only been demonstrated with UnboxedObjects, which are disabled by default on all supported releases.* |
CVE-2019-9816
|
| VCID-sr45-86k8-8ybs | Multiple vulnerabilities have been found in Mozilla Firefox, the worst of which may allow execution of arbitrary code. |
CVE-2018-12364
|
| VCID-sr99-hhmv-xkhq | Security researcher firehack used the Address Sanitizer tool to discover a use-after-free in contenteditable mode. This occurs when deleting document object model (DOM) table elements created within the editor and results in a potentially exploitable crash. |
CVE-2016-2821
|
| VCID-srf6-8n4s-uyb6 | The Mozilla Maintenance Service can be invoked by an unprivileged user to overwrite arbitrary files with junk data using the Mozilla Windows Updater, which runs with the Maintenance Service's privileged access. *Note: This attack requires local system access and only affects Windows. Other operating systems are not affected.* |
CVE-2017-7767
|
| VCID-ss1w-euua-83gz | Multiple vulnerabilities have been discovered in Mozilla Thunderbird, the worst of which could lead to remote code execution. |
CVE-2024-1552
|
| VCID-ss9j-7jd7-nbf1 | Use-after-free in the DOM: Bindings (WebIDL) component. This vulnerability affects Firefox < 148, Firefox ESR < 115.33, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8. |
CVE-2026-2770
|
| VCID-su89-u51g-z3hs | Multiple vulnerabilities have been discovered in Mozilla Thunderbird, the worst of which could result in arbitrary code execution. |
CVE-2023-23598
|
| VCID-svqy-5b6h-7yfj | Multiple vulnerabilities have been discovered in Mozilla Thunderbird, the worst of which could lead to remote code execution. |
CVE-2024-6603
|
| VCID-swgj-zee2-x3hv | Multiple vulnerabilities have been found in Mozilla Firefox, the worst of which may allow execution of arbitrary code. |
CVE-2018-5183
|
| VCID-swmb-24y4-1kau | Multiple vulnerabilities have been found in Mozilla Firefox and Thunderbird the worst of which could lead to the execution of arbitrary code. |
CVE-2016-9064
|
| VCID-t2c3-smqc-zkba | Mitigation bypass in the DOM: Security component. This vulnerability affects Firefox < 147, Firefox ESR < 115.32, Firefox ESR < 140.7, Thunderbird < 147, and Thunderbird < 140.7. |
CVE-2026-0877
|
| VCID-t4bj-qz9s-s7eb | Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could lead to the execution of arbitrary code. |
CVE-2017-5405
|
| VCID-t4eb-c363-u7hc | Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could result in the arbitrary execution of code. |
CVE-2020-6805
|
| VCID-t4rc-yuj8-n7au | Multiple vulnerabilities have been discovered in Mozilla Firefox, the worst of which could result in arbitrary code execution. |
CVE-2024-0746
|
| VCID-t4t3-5pt5-ayds | Incorrect boundary conditions in the Graphics: Canvas2D component. This vulnerability affects Firefox < 149, Firefox ESR < 115.34, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9. |
CVE-2026-4685
|
| VCID-t52p-7rr7-57ax | Multiple vulnerabilities have been discovered in Mozilla Thunderbird, the worst of which could lead to remote code execution. |
CVE-2024-6604
|
| VCID-t769-2t1u-57b6 | Microsoft introduced a new feature in Windows 10 known as Cloud Clipboard which, if enabled, will record data copied to the clipboard to the cloud, and make it available on other computers in certain scenarios. Applications that wish to prevent copied data from being recorded in Cloud History must use specific clipboard formats; and Firefox before versions 94 and ESR 91.3 did not implement them. This could have caused sensitive data to be recorded to a user's Microsoft account.*This bug only affects Firefox for Windows 10+ with Cloud Clipboard enabled. Other operating systems are unaffected.* |
CVE-2021-38505
|
| VCID-t8gg-ptc1-qfdw | Multiple vulnerabilities have been discovered in Mozilla Thunderbird, the worst of which could lead to remote code execution. |
CVE-2023-4056
|
| VCID-t8mb-cdc3-6ydq | Due to large allocation checks in Angle for GLSL shaders being too lenient an out-of-bounds access could occur when allocating more than 8192 ints in private shader memory on mac OS. |
CVE-2024-6600
|
| VCID-t98b-d1uu-pkan | Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could result in the arbitrary execution of code. |
CVE-2022-1196
|
| VCID-t9cw-yjar-ckfd | A malicious page could have used the type attribute of an OBJECT tag to override the default browser behavior when encountering a web resource served without a content-type. This could have contributed to an XSS on a site that unsafely serves files without a content-type header. |
CVE-2025-11712
|
| VCID-tb9n-zfut-ubht | Multiple vulnerabilities have been found in Firefox, Thunderbird, Network Security Services (NSS), and NetScape Portable Runtime (NSPR) with the worst of which may allow remote execution of arbitrary code. |
CVE-2016-1962
|
| VCID-tbu1-adxe-sudv | Multiple vulnerabilities have been found in Mozilla Thunderbird and Firefox, the worst of which could lead to the execution of arbitrary code. |
CVE-2018-18501
|
| VCID-tce3-s87t-2qh8 | Multiple vulnerabilities have been discovered in Mozilla Thunderbird, the worst of which could result in arbitrary code execution. |
CVE-2023-25737
|
| VCID-te1e-sjsk-bfd8 | Sandbox escape in the Storage: IndexedDB component. This vulnerability affects Firefox < 148, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8. |
CVE-2026-2768
|
| VCID-tec1-8t8s-zqgb | Multiple vulnerabilities have been found in Mozilla Thunderbird and Firefox, the worst of which could lead to the execution of arbitrary code. |
CVE-2018-18500
|
| VCID-tegn-2y58-t3de | Multiple vulnerabilities have been discovered in Mozilla Thunderbird, the worst of which could lead to remote code execution. |
CVE-2024-7521
|
| VCID-teh4-fmg6-53ab | Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could result in the arbitrary execution of code. |
CVE-2021-30547
|
| VCID-tfa3-jx19-h7bz | Multiple vulnerabilities have been found in Mozilla Firefox, the worst of which could result in the arbitrary execution of code. |
CVE-2019-11746
|
| VCID-tff1-6wkz-jyar | Cross-origin images can be read in violation of the same-origin policy by exporting an image after using createImageBitmap to read the image and then rendering the resulting bitmap image within a canvas element. |
CVE-2019-9797
|
| VCID-tfny-yt17-mffx | Multiple vulnerabilities have been discovered in Mozilla Thunderbird, the worst of which could lead to remote code execution. |
CVE-2023-4054
|
| VCID-tfry-ch3y-fyb1 | Mozilla developers and community members Olli Pettay, Bogdan Tara, Jan de Mooij, Jason Kratzer, Jan Varga, Gary Kwong, Tim Guan-tin Chien, Tyson Smith, Ronald Crane, and Ted Campbell reported memory safety bugs present in Firefox 66 and Firefox ESR 60.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. |
CVE-2019-9800
|
| VCID-tgpf-32kg-rqc2 | Multiple vulnerabilities have been discovered in Mozilla Firefox, the worst of which can lead to arbitrary code execution. |
CVE-2025-0240
|
| VCID-tgsj-hp8b-27f9 | There was a way to change the value of JavaScript Object properties that were supposed to be non-writeable. |
CVE-2025-11711
|
| VCID-tgya-wnfn-t7eb | Multiple vulnerabilities have been found in Mozilla Firefox and Thunderbird the worst of which could lead to the execution of arbitrary code. |
CVE-2016-9066
|
| VCID-tjjd-y1pq-ckf4 | Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could lead to the execution of arbitrary code. |
CVE-2017-5390
|
| VCID-tjkj-zeeh-xqcy | Multiple vulnerabilities have been found in Mozilla Firefox, the worst of which could result in the arbitrary execution of code. |
CVE-2019-11752
|
| VCID-tjp3-ck7p-5qg3 | An attacker could have leveraged the Windows Error Reporter to run arbitrary code on the system escaping the sandbox. *Note:* This issue only affected Windows operating systems. Other operating systems are unaffected. |
CVE-2024-2605
|
| VCID-tjtk-gghp-1kdf | Multiple vulnerabilities have been found in Mozilla Firefox, the worst of which could result in the arbitrary execution of code. |
CVE-2021-23999
|
| VCID-tkzd-c11q-3qaf | Same-origin policy bypass in the Request Handling component. This vulnerability affects Firefox < 146, Firefox ESR < 115.31, Firefox ESR < 140.6, Thunderbird < 146, and Thunderbird < 140.6. |
CVE-2025-14331
|
| VCID-tnxh-tgsm-tuex | A race condition could have allowed bypassing the fullscreen notification which could have lead to a fullscreen window spoof being unnoticed.*This bug only affects Firefox for Windows. Other operating systems are unaffected.* |
CVE-2022-22746
|
| VCID-tpk8-jte1-37ap | Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could result in the arbitrary execution of code. |
CVE-2019-9811
|
| VCID-tpp7-z9eb-bqh4 | Multiple vulnerabilities have been found in Firefox, Thunderbird, Network Security Services (NSS), and NetScape Portable Runtime (NSPR) with the worst of which may allow remote execution of arbitrary code. |
CVE-2016-1973
|
| VCID-tps4-kxe2-5ugb | Multiple vulnerabilities have been discovered in Mozilla Thunderbird, the worst of which could lead to remote code execution. |
CVE-2023-6858
|
| VCID-tq43-rx5u-eybv | Multiple vulnerabilities have been discovered in Mozilla Thunderbird, the worst of which could lead to remote code execution. |
CVE-2023-4583
|
| VCID-tre6-ytkj-k7c4 | Multiple vulnerabilities have been found in Mozilla Firefox, the worst of which could result in the arbitrary execution of code. |
CVE-2020-6821
|
| VCID-tsse-jnma-mbgw | Multiple vulnerabilities have been found in Mozilla Firefox and Thunderbird the worst of which could lead to the execution of arbitrary code. |
CVE-2016-5278
|
| VCID-tutg-2zzk-4uam | Multiple vulnerabilities have been discovered in Mozilla Thunderbird, the worst of which could lead to remote code execution. |
CVE-2023-6207
|
| VCID-tvsp-tsfk-v7eg | Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could result in the arbitrary execution of code. |
CVE-2019-11759
|
| VCID-u1nc-fgsw-mkhc | Mozilla developers and community members Gary Kwong, Olli Pettay, Tooru Fujisawa, Carsten Book, Andrew McCreight, Chris Pearce, Ronald Crane, Jan de Mooij, Julian Seward, Nicolas Pierron, Randell Jesup, Esther Monchari, Honza Bambas, and Philipp reported memory safety bugs present in Firefox 50.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. |
CVE-2017-5374
|
| VCID-u23v-7afk-qben | Multiple vulnerabilities have been found in Mozilla Firefox, the worst of which may allow execution of arbitrary code. |
CVE-2018-12363
|
| VCID-u3j3-fc4f-7ff7 | Incorrect boundary conditions in the Graphics: Canvas2D component. This vulnerability affects Firefox < 149, Firefox ESR < 115.34, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9. |
CVE-2026-4686
|
| VCID-u584-a1yu-jqcf | Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could lead to the execution of arbitrary code. |
CVE-2017-7824
|
| VCID-u5n5-6h82-tqhw | Multiple vulnerabilities have been discovered in Mozilla Thunderbird, the worst of which could result in arbitrary code execution. |
CVE-2023-25734
|
| VCID-u8sk-mm4g-ffem | Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could lead to the execution of arbitrary code. |
CVE-2017-7823
|
| VCID-u9pc-4b61-gkeg | Multiple vulnerabilities have been discovered in Mozilla Firefox, the worst of which could lead to remote code execution. |
CVE-2024-5702
|
| VCID-ud33-vgxh-8khj | Use-after-free in the JavaScript Engine: JIT component. This vulnerability affects Firefox < 148, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8. |
CVE-2026-2766
|
| VCID-ugjs-4tca-d3dk | The bufferdata function in WebGL is vulnerable to a buffer overflow with specific graphics drivers on Linux. This could result in malicious content freezing a tab or triggering a potentially exploitable crash. *Note: this issue only occurs on Linux. Other operating systems are unaffected.* |
CVE-2019-11693
|
| VCID-uh95-a456-7kbx | Multiple vulnerabilities have been discovered in Mozilla Firefox, the worst of which could result in arbitrary code execution. |
CVE-2024-0747
|
| VCID-uhct-zkhb-k3ca | Multiple vulnerabilities have been found in Mozilla Firefox and Thunderbird the worst of which could lead to the execution of arbitrary code. |
CVE-2016-5275
|
| VCID-uhde-5x3s-u7fk | Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could result in the arbitrary execution of code. |
CVE-2021-23954
|
| VCID-ukf2-qcjg-u7bg | Multiple vulnerabilities have been discovered in Mozilla Firefox, the worst of which can lead to arbitrary code execution. |
CVE-2025-0243
|
| VCID-uktd-53fe-xbgj | Multiple vulnerabilities have been reported in Mozilla Firefox. |
CVE-2006-5747
|
| VCID-ukut-zyjx-93gq | Mitigation bypass in the DOM: Core & HTML component. This vulnerability affects Firefox < 145, Firefox ESR < 140.5, Firefox ESR < 115.30, Thunderbird < 145, and Thunderbird < 140.5. |
CVE-2025-13013
|
| VCID-umhx-zswu-kkbt | Multiple vulnerabilities have been found in Mozilla Firefox and Thunderbird the worst of which could lead to the execution of arbitrary code. |
CVE-2016-5293
|
| VCID-upvn-56py-8ud7 | Multiple vulnerabilities have been discovered in Mozilla Firefox, the worst of which can lead to arbitrary code execution. |
CVE-2025-1933
|
| VCID-urpr-qse2-7kcf | Searching for a single word from the address bar caused an mDNS request to be sent on the local network searching for a hostname consisting of that string; resulting in an information leak.*Note: This issue only affected Windows operating systems. Other operating systems are unaffected.* |
CVE-2020-26966
|
| VCID-urxv-nzfr-sfhb | Multiple vulnerabilities have been found in Firefox, Thunderbird, Network Security Services (NSS), and NetScape Portable Runtime (NSPR) with the worst of which may allow remote execution of arbitrary code. |
CVE-2016-1953
|
| VCID-ushb-eq8b-x3az | Multiple vulnerabilities have been found in Mozilla Thunderbird and Firefox, the worst of which could lead to the execution of arbitrary code. |
CVE-2019-5785
|
| VCID-ut8d-5w7x-4qg2 | Multiple vulnerabilities have been found in Firefox, Thunderbird, Network Security Services (NSS), and NetScape Portable Runtime (NSPR) with the worst of which may allow remote execution of arbitrary code. |
CVE-2016-1964
|
| VCID-utn7-mdgr-z7em | Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could result in the arbitrary execution of code. |
CVE-2021-43538
|
| VCID-uuc6-a3xx-6khk | Firefox will accept any registered Program ID as an external protocol handler and offer to launch this local application when given a matching URL on Windows operating systems. This should only happen if the program has specifically registered itself as a "URL Handler" in the Windows registry. *Note: This issue only affects Windows operating systems. Other operating systems are unaffected.* |
CVE-2019-9801
|
| VCID-uuxf-cyfq-p3e2 | Multiple vulnerabilities have been discovered in Mozilla Thunderbird, the worst of which could result in arbitrary code execution. |
CVE-2022-45412
|
| VCID-uv8b-n94e-budc | Multiple vulnerabilities have been found in Mozilla Firefox, the worst of which could result in the arbitrary execution of code. |
CVE-2021-23987
|
| VCID-uvzd-dxhu-hydg | An out-of-bounds read can occur when decoding H264 video. This results in a potentially exploitable crash. |
CVE-2022-3266
|
| VCID-uwzy-pbnf-kkfw | Multiple vulnerabilities have been found in Mozilla Firefox and Mozilla Thunderbird, the worst of which could result in the arbitrary execution of code. |
CVE-2020-15969
|
| VCID-ux24-3d83-23c6 | Multiple vulnerabilities have been discovered in Mozilla Thunderbird, the worst of which could lead to remote code execution. |
CVE-2024-8381
|
| VCID-v28j-cvrw-p3c7 | WebExtensions can bypass security checks to load privileged URLs and potentially escape the WebExtension sandbox. |
CVE-2016-9073
|
| VCID-v5vy-j784-r3bj | Multiple vulnerabilities have been found in Mozilla Firefox and Mozilla Thunderbird, the worst of which could result in the arbitrary execution of code. |
CVE-2020-26971
|
| VCID-v789-nhyw-wugk | If a garbage collection was triggered at the right time, a use-after-free could have occurred during object transplant. |
CVE-2024-5688
|
| VCID-v865-5aar-sueu | Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could result in the arbitrary execution of code. |
CVE-2022-34470
|
| VCID-v9ua-1tey-cyaa | Multiple vulnerabilities have been discovered in Mozilla Thunderbird, the worst of which could result in arbitrary code execution. |
CVE-2022-46875
|
| VCID-va34-kurf-uycj | Multiple vulnerabilities have been found in Graphite, the worst of which could lead to the remote execution of arbitrary code. |
CVE-2016-2793
|
| VCID-va3j-erp3-3ugy | Multiple vulnerabilities have been found in Mozilla Firefox and Thunderbird the worst of which could lead to the execution of arbitrary code. |
CVE-2016-2807
|
| VCID-vc9x-hjtc-q3f1 | Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could result in the arbitrary execution of code. |
CVE-2021-43536
|
| VCID-vcf2-b7mj-tfg4 | To harden ICU against exploitation, the behavior for out-of-memory conditions was changed to crash instead of attempt to continue. |
CVE-2024-2616
|
| VCID-vcnn-u8k9-8ubs | Memory safety bugs present in Firefox ESR 128.12, Thunderbird ESR 128.12, Firefox ESR 140.0, Thunderbird ESR 140.0, Firefox 140 and Thunderbird 140. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. |
CVE-2025-8035
|
| VCID-vd6g-ywvd-gfhf | Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could result in the arbitrary execution of code. |
CVE-2022-29909
|
| VCID-vdpy-f9d9-pfac | Multiple vulnerabilities have been discovered in Mozilla Thunderbird, the worst of which could lead to remote code execution. |
CVE-2024-10467
|
| VCID-vdvy-zc8w-6kbf | Multiple vulnerabilities have been found in Mozilla Firefox and Thunderbird the worst of which could lead to the execution of arbitrary code. |
CVE-2016-5271
|
| VCID-vdzj-kqfy-d3b7 | libwebp: OOB write in BuildHuffmanTable Heap buffer overflow in libwebp allow a remote attacker to perform an out of bounds memory write via a crafted HTML page. |
CVE-2023-4863
GHSA-j7hp-h8jx-5ppr |
| VCID-vg6v-8pv2-mfhf | Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could result in the arbitrary execution of code. |
CVE-2022-31736
|
| VCID-vgqa-e7yg-wygj | Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could result in the arbitrary execution of code. |
CVE-2022-36319
|
| VCID-vgwu-jbjv-xyd1 | Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could lead to the execution of arbitrary code. |
CVE-2017-7802
|
| VCID-vhy3-sx9u-budr | Multiple vulnerabilities have been found in Mozilla Firefox, the worst of which may allow execution of arbitrary code. |
CVE-2018-5127
|
| VCID-vjw1-g5kk-zuda | Multiple vulnerabilities have been discovered in Mozilla Thunderbird, the worst of which could lead to remote code execution. |
CVE-2023-4046
|
| VCID-vma9-r6uy-p7c1 | Multiple vulnerabilities have been discovered in Mozilla Thunderbird, the worst of which could lead to remote code execution. |
CVE-2023-6208
|
| VCID-vmm4-dq3p-kqhu | Multiple vulnerabilities have been discovered in Mozilla Thunderbird, the worst of which could lead to remote code execution. |
CVE-2023-37211
|
| VCID-vnh1-1r8e-efcd | Multiple vulnerabilities have been found in Mozilla Firefox and Thunderbird the worst of which could lead to the execution of arbitrary code. |
CVE-2016-2814
|
| VCID-vnuz-wp96-pqgt | WebExtensions could use the mozAddonManager API by modifying the CSP headers on sites with the appropriate permissions and then using host requests to redirect script loads to a malicious site. This allows a malicious extension to then install additional extensions without explicit user permission. |
CVE-2017-5389
|
| VCID-vpd3-v3fr-hkdm | Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could result in the arbitrary execution of code. |
CVE-2022-28285
|
| VCID-vqn8-j5bn-zqbr | Multiple vulnerabilities have been reported in Mozilla Thunderbird, some of which may allow the remote execution of arbitrary code. |
CVE-2006-6501
|
| VCID-vrvn-krwb-d3dr | Multiple vulnerabilities have been found in Mozilla Thunderbird and Firefox, the worst of which could lead to the execution of arbitrary code. |
CVE-2019-9795
|
| VCID-vszp-vyxy-f7g7 | Integer overflow in the Libraries component in NSS. This vulnerability affects Firefox < 148, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8. |
CVE-2026-2781
|
| VCID-vt2f-abwe-4ba2 | Multiple vulnerabilities have been found in Mozilla Firefox, the worst of which could result in the arbitrary execution of code. |
CVE-2021-24002
|
| VCID-vtjf-sufh-p3h4 | crossbeam-deque Data Race before v0.7.4 and v0.8.1 ### Impact In the affected version of this crate, the result of the race condition is that one or more tasks in the worker queue can be popped twice instead of other tasks that are forgotten and never popped. If tasks are allocated on the heap, this can cause double free and a memory leak. If not, this still can cause a logical bug. Crates using `Stealer::steal`, `Stealer::steal_batch`, or `Stealer::steal_batch_and_pop` are affected by this issue. ### Patches This has been fixed in crossbeam-deque 0.8.1 and 0.7.4. ### Credits This issue was reported and fixed by Maor Kleinberger. ### License This advisory is in the public domain. |
CVE-2021-32810
GHSA-pqqp-xmhj-wgcw |
| VCID-vtmx-swps-zyat | Multiple vulnerabilities have been discovered in Mozilla Firefox, the worst of which could result in arbitrary code execution. |
CVE-2022-38472
|
| VCID-vtwg-jhr9-nydc | Multiple vulnerabilities have been found in Mozilla Firefox, the worst of which may allow execution of arbitrary code. |
CVE-2017-5386
|
| VCID-vtwu-x1vt-x3bq | Multiple vulnerabilities have been found in Mozilla Firefox, the worst of which could result in the arbitrary execution of code. |
CVE-2021-29945
|
| VCID-vun4-z8ju-gbbc | If Firefox is installed to a user-writable directory, the Mozilla Maintenance Service would execute updater.exe from the install location with administrative privileges. Although the Mozilla Maintenance Service does ensure that updater.exe is signed by Mozilla, the version could have been rolled back to a previous version which would have allowed exploitation of an older bug and arbitrary code execution with system privileges.*Note: This issue only affected Windows operating systems. Other operating systems are unaffected.* |
CVE-2020-15663
|
| VCID-vvpm-3zhz-77dm | A use-after-free vulnerability can occur when listeners are removed from the event listener manager while still in use, resulting in a potentially exploitable crash. |
CVE-2019-11692
|
| VCID-vw4n-4r41-ukbp | Multiple vulnerabilities have been discovered in Mozilla Thunderbird, the worst of which could lead to remote code execution. |
CVE-2023-5727
|
| VCID-vwkf-9gfp-d3cy | Multiple vulnerabilities have been discovered in Mozilla Firefox, the worst of which could result in arbitrary code execution. |
CVE-2024-0749
|
| VCID-vz6w-wghm-nqaq | Memory safety bugs present in Firefox ESR 115.26, Firefox ESR 128.13, Thunderbird ESR 128.13, Firefox ESR 140.1, Thunderbird ESR 140.1, Firefox 141 and Thunderbird 141. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. |
CVE-2025-9185
|
| VCID-vzg5-b77s-g3ft | Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could result in the arbitrary execution of code. |
CVE-2022-34478
|
| VCID-vzkp-7dsz-kbee | Multiple vulnerabilities have been found in Mozilla Firefox and Thunderbird the worst of which could lead to the execution of arbitrary code. |
CVE-2016-2810
|
| VCID-vzwe-r2ms-m7bv | Mozilla engineer Matt Wobensmith reported that Content Security Policy (CSP) does not block the loading of cross-domain Java applets when specified by policy. This is because the Java applet is loaded by the Java plugin, which then mediates all network requests without checking against CSP. This could allow a malicious site to manipulate content through a Java applet to bypass CSP protections, allowing for possible cross-site scripting (XSS) attacks. |
CVE-2016-2833
|
| VCID-w1cg-up6a-7ycg | Multiple vulnerabilities have been discovered in Mozilla Thunderbird, the worst of which could result in arbitrary code execution. |
CVE-2023-28162
|
| VCID-w2xw-eupp-cqgf | Multiple vulnerabilities have been discovered in Mozilla Thunderbird, the worst of which could result in arbitrary code execution. |
CVE-2023-25739
|
| VCID-w3wj-w2gp-kqh4 | Multiple vulnerabilities have been found in Mozilla Firefox, the worst of which may allow execution of arbitrary code. |
CVE-2018-5157
|
| VCID-w44w-qwmk-mbbd | Multiple vulnerabilities have been found in Mozilla Firefox, the worst of which may allow execution of arbitrary code. |
CVE-2018-5154
|
| VCID-w4u8-25rz-gqeq | Privilege escalation in the Netmonitor component. This vulnerability affects Firefox < 148, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8. |
CVE-2026-2782
|
| VCID-w5hu-w7mu-b3g3 | If a crafted hyperlink is dragged and dropped to the bookmark bar or sidebar and the resulting bookmark is subsequently dragged and dropped into the web content area, an arbitrary query of a user's browser history can be run and transmitted to the content page via drop event data. This allows for the theft of browser history by a malicious site. |
CVE-2019-11698
|
| VCID-w68x-99b7-7qgs | Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could result in the arbitrary execution of code. |
CVE-2021-29984
|
| VCID-w6j3-6a6j-uqf1 | Multiple vulnerabilities have been discovered in Mozilla Firefox, the worst of which can lead to arbitrary code execution. |
CVE-2025-1931
|
| VCID-w794-gqex-83du | Multiple vulnerabilities have been discovered in Mozilla Thunderbird, the worst of which could lead to remote code execution. |
CVE-2024-6602
|
| VCID-w7gj-shrq-3fcz | Multiple vulnerabilities have been discovered in Mozilla Firefox, the worst of which can lead to arbitrary code execution. |
CVE-2024-11699
|
| VCID-w7rm-rw2c-wuas | Multiple vulnerabilities have been found in Mozilla Firefox and Mozilla Thunderbird, the worst of which could result in the arbitrary execution of code. |
CVE-2020-15678
|
| VCID-w814-2cmz-ruhz | Multiple vulnerabilities have been discovered in Mozilla Thunderbird, the worst of which could result in arbitrary code execution. |
CVE-2023-29535
|
| VCID-w89k-tvfx-cbez | Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could result in the arbitrary execution of code. |
CVE-2020-12406
|
| VCID-wagm-cq36-k7g3 | Sandbox escape due to incorrect boundary conditions in the Graphics: WebRender component. This vulnerability affects Firefox < 148, Firefox ESR < 115.33, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8. |
CVE-2026-2760
|
| VCID-wcfk-t1kd-2kgv | Multiple vulnerabilities have been discovered in Mozilla Thunderbird, the worst of which could result in arbitrary code execution. |
CVE-2023-25752
|
| VCID-wd3w-em5q-y7cj | A type confusion vulnerability exists in Spidermonkey, which results in a non-exploitable crash. |
CVE-2019-11750
|
| VCID-wffz-7y83-qkbm | Mozilla developers and community members Kan-Ru Chen, Christian Holler, and Tyson Smith reported memory safety bugs present in Firefox 50.0.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. |
CVE-2016-9080
|
| VCID-wfkr-weku-fudt | Logging-related command line parameters are not properly sanitized when Firefox is launched by another program, such as when a user clicks on malicious links in a chat application. This can be used to write a log file to an arbitrary location such as the Windows 'Startup' folder. *Note: this issue only affects Firefox on Windows operating systems.* |
CVE-2019-11751
|
| VCID-wfn6-c2ap-y3g4 | Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could lead to the execution of arbitrary code. |
CVE-2017-7810
|
| VCID-wfqy-u76t-ybgb | Following the recent Chrome sandbox escape (CVE-2025-2783), various Firefox developers identified a similar pattern in our IPC code. A compromised child process could cause the parent process to return an unintentionally powerful handle, leading to a sandbox escape. The original vulnerability was being exploited in the wild. *This only affects Firefox on Windows. Other operating systems are unaffected.* |
CVE-2025-2857
|
| VCID-wgxa-54sd-rqd6 | Multiple vulnerabilities have been found in Mozilla Firefox and Thunderbird the worst of which could lead to the execution of arbitrary code. |
CVE-2016-2836
|
| VCID-wj3c-xpra-vffj | Multiple vulnerabilities have been found in Mozilla Firefox, the worst of which may allow execution of arbitrary code. |
CVE-2018-12376
|
| VCID-wmyy-2cg3-wyhc | Incorrect boundary conditions in the Audio/Video: Web Codecs component. This vulnerability affects Firefox < 149, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9. |
CVE-2026-4697
|
| VCID-wpm1-y59u-zkgu | Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could result in the arbitrary execution of code. |
CVE-2020-6807
|
| VCID-wpvp-c7aw-qfhw | Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could result in the arbitrary execution of code. |
CVE-2019-11761
|
| VCID-wqb6-fpwk-ekgy | Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could result in the arbitrary execution of code. |
CVE-2022-26386
|
| VCID-wqpr-2514-u7d4 | Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could result in the arbitrary execution of code. |
CVE-2019-11713
|
| VCID-wqw2-gjvu-6qbu | Sandbox escape due to incorrect boundary conditions, integer overflow in the XPCOM component. This vulnerability affects Firefox < 149, Firefox ESR < 115.34, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9. |
CVE-2026-4690
|
| VCID-wsdd-t7d2-gbda | Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could result in the arbitrary execution of code. |
CVE-2022-24713
GHSA-m5pq-gvj9-9vr8 |
| VCID-wvx2-pba2-sqha | Incorrect boundary conditions in the Graphics component. This vulnerability affects Firefox < 149, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9. |
CVE-2026-4708
|
| VCID-ww34-5gw7-cfa6 | Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could lead to the execution of arbitrary code. |
CVE-2018-5145
|
| VCID-wwck-cpa8-y3c5 | Multiple vulnerabilities have been found in Mozilla Thunderbird and Firefox, the worst of which could lead to the execution of arbitrary code. |
CVE-2019-9792
|
| VCID-wwdh-xmux-3qdq | Incorrect boundary conditions in the Graphics: ImageLib component. This vulnerability affects Firefox < 148, Firefox ESR < 115.33, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8. |
CVE-2026-2759
|
| VCID-wwgd-pew4-zkf5 | Multiple vulnerabilities have been found in Mozilla Thunderbird and Firefox, the worst of which could lead to the execution of arbitrary code. |
CVE-2018-18505
|
| VCID-wwjw-cqjk-8qe2 | Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could lead to the execution of arbitrary code. |
CVE-2017-7828
|
| VCID-wwkc-4c69-cbea | Mitigation bypass in the DOM: Security component. This vulnerability affects Firefox < 148, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8. |
CVE-2026-2784
|
| VCID-wz6r-xzm9-m7hp | Same-origin policy bypass in the DOM: Notifications component. This vulnerability affects Firefox < 145, Firefox ESR < 140.5, Thunderbird < 145, and Thunderbird < 140.5. |
CVE-2025-13017
|
| VCID-wzxk-316c-xqcg | When downloading files on Windows, the % character was not escaped, which could have lead to a download incorrectly being saved to attacker-influenced paths that used variables such as %HOMEPATH% or %APPDATA%.*This bug only affects Firefox for Windows. Other operating systems are unaffected.* |
CVE-2022-31739
|
| VCID-x12h-hqf2-37cc | Multiple vulnerabilities have been found in Mozilla Firefox, the worst of which may allow execution of arbitrary code. |
CVE-2019-17016
|
| VCID-x4sm-zyc1-ffd4 | Multiple vulnerabilities have been found in Mozilla Thunderbird and Firefox, the worst of which could lead to the execution of arbitrary code. |
CVE-2019-9796
|
| VCID-x4vq-y6b6-dqf6 | Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could result in the arbitrary execution of code. |
CVE-2020-6806
|
| VCID-x5gg-np6m-s7c9 | Multiple vulnerabilities have been reported in the SeaMonkey project, some of which may allow the remote execution of arbitrary code. |
CVE-2006-6498
|
| VCID-xan8-8fq6-yfgd | Multiple vulnerabilities have been discovered in Mozilla Firefox, the worst of which could result in arbitrary code execution. |
CVE-2024-0742
|
| VCID-xcbn-tkgg-4ben | Use-after-free in the Audio/Video: Playback component. This vulnerability affects Firefox < 148, Firefox ESR < 115.33, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8. |
CVE-2026-2772
|
| VCID-xevc-xbcg-1yct | Multiple vulnerabilities have been discovered in Mozilla Thunderbird, the worst of which could lead to remote code execution. |
CVE-2024-7526
|
| VCID-xg25-xm9t-cfb8 | Multiple vulnerabilities have been discovered in Mozilla Firefox, the worst of which could result in arbitrary code execution. |
CVE-2024-0750
|
| VCID-xghm-4ygw-tkb2 | JIT miscompilation in the JavaScript Engine: JIT component. This vulnerability affects Firefox < 146, Firefox ESR < 115.31, Firefox ESR < 140.6, Thunderbird < 146, and Thunderbird < 140.6. |
CVE-2025-14324
|
| VCID-xp3b-fyfq-xbbq | Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could result in the arbitrary execution of code. |
CVE-2022-22741
|
| VCID-xrg1-azru-5qf1 | Multiple vulnerabilities have been discovered in Mozilla Thunderbird, the worst of which could lead to remote code execution. |
CVE-2023-4051
|
| VCID-xspq-dfwk-27gq | Mozilla developer Johann Hofmann reported that unsanitized output in the browser UI can lead to arbitrary code execution. This issue did not affect Firefox for Android or Firefox 52 ESR. |
CVE-2018-5124
|
| VCID-xt5q-bfq6-73bn | Multiple vulnerabilities have been found in Mozilla Firefox, the worst of which could result in the arbitrary execution of code. |
CVE-2019-11743
|
| VCID-xud3-4s7g-rkcv | Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could result in the arbitrary execution of code. |
CVE-2021-43537
|
| VCID-xyqa-esey-73e1 | Multiple vulnerabilities have been discovered in Mozilla Thunderbird, the worst of which could lead to remote code execution. |
CVE-2024-7525
|
| VCID-xztj-hyqy-gug6 | Multiple vulnerabilities have been found in Mozilla Firefox, the worst of which may allow execution of arbitrary code. |
CVE-2017-5472
|
| VCID-xzxb-5pq8-9bfd | Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could lead to the execution of arbitrary code. |
CVE-2017-7801
|
| VCID-y12a-2bn1-vkdz | Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could result in the arbitrary execution of code. |
CVE-2022-22759
|
| VCID-y14s-zt8p-syby | Multiple vulnerabilities have been found in Mozilla Firefox, the worst of which may allow execution of arbitrary code. |
CVE-2018-5125
|
| VCID-y2dd-vp7y-5ka1 | Multiple vulnerabilities have been found in Mozilla Firefox, the worst of which may allow execution of arbitrary code. |
CVE-2017-5444
|
| VCID-y3v2-cyyc-yyep | Multiple vulnerabilities have been discovered in Mozilla Thunderbird, the worst of which could result in arbitrary code execution. |
CVE-2022-45403
|
| VCID-y43f-tmvr-hqas | Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could result in the arbitrary execution of code. |
CVE-2022-22747
|
| VCID-y45y-r8h7-6yez | Memory safety bug present in Firefox ESR 128.10, and Thunderbird 128.10. This bug showed evidence of memory corruption and we presume that with enough effort this could have been exploited to run arbitrary code. |
CVE-2025-5269
|
| VCID-y7rn-wb1d-vbdg | The "Mark of the Web" was not correctly saved on Windows when files with very long names were downloaded from the Internet. Without the Mark of the Web data, the security warning that Windows displays before running executables downloaded from the Internet is not shown. *Note: This attack only affects Windows operating systems. Other operating systems are unaffected.* |
CVE-2017-7765
|
| VCID-y7sk-dmau-4fam | Multiple vulnerabilities have been discovered in Mozilla Firefox, the worst of which can lead to arbitrary code execution. |
CVE-2025-1936
|
| VCID-y7u2-9qe6-17g4 | Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could result in the arbitrary execution of code. |
CVE-2021-23960
|
| VCID-y7wn-9j43-jba3 | Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could result in the arbitrary execution of code. |
CVE-2022-22742
|
| VCID-y8vr-48q8-a3aj | Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could result in the arbitrary execution of code. |
CVE-2020-6800
|
| VCID-y8xv-ss2c-4bhk | Multiple vulnerabilities have been discovered in Mozilla Firefox, the worst of which could result in arbitrary code execution. |
CVE-2024-0753
|
| VCID-yaew-dtry-pkfv | Multiple vulnerabilities have been found in Mozilla Firefox, the worst of which may allow execution of arbitrary code. |
CVE-2017-5433
|
| VCID-yaz5-6485-u7c1 | Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could lead to the execution of arbitrary code. |
CVE-2017-7818
|
| VCID-yb18-qe5e-dbck | Memory safety bugs present in Firefox 125, Firefox ESR 115.10, and Thunderbird 115.10. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. |
CVE-2024-4777
|
| VCID-yc74-5kag-2bdn | Multiple vulnerabilities have been discovered in Mozilla Thunderbird, the worst of which could result in arbitrary code execution. |
CVE-2022-45409
|
| VCID-ycua-7k2y-rqfr | Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could result in the arbitrary execution of code. |
CVE-2021-23953
|
| VCID-yd2q-assr-v3er | Multiple vulnerabilities have been discovered in Mozilla Thunderbird, the worst of which could lead to remote code execution. |
CVE-2023-6212
|
| VCID-ydz6-761h-jbeq | Multiple vulnerabilities have been discovered in Mozilla Thunderbird, the worst of which could result in arbitrary code execution. |
CVE-2022-45421
|
| VCID-ye9r-gnzm-sqe2 | Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could result in the arbitrary execution of code. |
CVE-2022-2200
|
| VCID-yegk-sgdn-z3ae | Multiple vulnerabilities have been found in Mozilla Firefox and Thunderbird the worst of which could lead to the execution of arbitrary code. |
CVE-2016-5296
|
| VCID-yfmg-82tr-gfec | The executable file warning was not presented when downloading .inetloc files, which, due to a flaw in Mac OS, can run commands on a user's computer.*Note: This issue only affected Mac OS operating systems. Other operating systems are unaffected.* |
CVE-2021-38510
|
| VCID-yfwd-x224-3qe6 | Insufficient escaping in the “Copy as cURL” feature could potentially be used to trick a user into executing unexpected code. |
CVE-2025-8030
|
| VCID-yg7c-ar4c-w3fn | Multiple vulnerabilities have been found in Mozilla Firefox, the worst of which could result in the arbitrary execution of code. |
CVE-2020-16012
|
| VCID-ygrd-4scr-wkau | Multiple vulnerabilities have been discovered in Mozilla Thunderbird, the worst of which could lead to remote code execution. |
CVE-2023-4053
|
| VCID-yhj1-h62u-mud5 | Multiple vulnerabilities have been discovered in Mozilla Thunderbird, the worst of which could result in arbitrary code execution. |
CVE-2023-29533
|
| VCID-yjc2-2whn-uug5 | Incorrect boundary conditions, integer overflow in the Graphics component. This vulnerability affects Firefox < 149, Firefox ESR < 115.34, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9. |
CVE-2026-4694
|
| VCID-yjyu-u73t-u7bh | Multiple vulnerabilities have been discovered in Mozilla Thunderbird, the worst of which could result in arbitrary code execution. |
CVE-2023-29536
|
| VCID-yk2z-f6vu-93fb | Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could lead to the execution of arbitrary code. |
CVE-2017-7800
|
| VCID-ykzd-mar6-r3c5 | Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could lead to the execution of arbitrary code. |
CVE-2017-7819
|
| VCID-ym7a-e9b5-5ygm | Multiple vulnerabilities have been found in Mozilla Firefox, the worst of which may allow execution of arbitrary code. |
CVE-2018-12359
|
| VCID-ymak-rv52-h7a5 | Incorrect boundary conditions in the Audio/Video component. This vulnerability affects Firefox < 149, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9. |
CVE-2026-4710
|
| VCID-ymu8-mjph-f7a4 | A race during concurrent delazification could have led to a use-after-free. |
CVE-2025-1012
|
| VCID-ynpp-5b2m-bues | A use-after-free vulnerability can occur in the compositor during certain graphics operations when a raw pointer is used instead of a reference counted one. This results in a potentially exploitable crash. |
CVE-2018-5148
|
| VCID-yp2g-rueg-4bcv | Multiple vulnerabilities have been found in Mozilla Firefox, the worst of which could result in the arbitrary execution of code. |
CVE-2021-23973
|
| VCID-yq6p-sv1g-m3bj | Multiple vulnerabilities have been found in Mozilla Firefox, the worst of which may allow execution of arbitrary code. |
CVE-2018-18493
|
| VCID-yr3c-1cqv-n3bw | Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could result in the arbitrary execution of code. |
CVE-2020-6812
|
| VCID-ysg5-wc3n-fbgw | Multiple vulnerabilities have been found in Mozilla Firefox and Thunderbird the worst of which could lead to the execution of arbitrary code. |
CVE-2016-9893
|
| VCID-yuex-f2ae-ffft | Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could result in the arbitrary execution of code. |
CVE-2021-43542
|
| VCID-yuhg-jeet-cffp | Multiple vulnerabilities have been discovered in Mozilla Thunderbird, the worst of which could result in arbitrary code execution. |
CVE-2022-45420
|
| VCID-yust-3g8v-muas | The executable file warning was not presented when downloading .xrm-ms files. *Note: This issue only affected Windows operating systems. Other operating systems are unaffected.* |
CVE-2024-3863
|
| VCID-ywys-vj5p-ubbe | Multiple vulnerabilities have been found in Firefox, Thunderbird, Network Security Services (NSS), and NetScape Portable Runtime (NSPR) with the worst of which may allow remote execution of arbitrary code. |
CVE-2016-1968
|
| VCID-yxdd-fgbw-rug1 | Multiple vulnerabilities have been discovered in Mozilla Thunderbird, the worst of which could result in arbitrary code execution. |
CVE-2023-23603
|
| VCID-yxy6-s185-myc9 | Multiple vulnerabilities have been discovered in Mozilla Thunderbird, the worst of which could result in arbitrary code execution. |
CVE-2022-46874
|
| VCID-yy4z-p3f1-qbbc | An issue where a <select> dropdown menu can be used to cover location bar content, resulting in potential spoofing attacks. This attack requires e10s to be enabled in order to function. |
CVE-2016-9076
|
| VCID-yzys-pzzg-a7dk | Multiple vulnerabilities have been found in Mozilla Firefox, the worst of which may allow execution of arbitrary code. |
CVE-2018-5178
|
| VCID-z19z-zu3b-5khe | Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could result in the arbitrary execution of code. |
CVE-2021-4129
|
| VCID-z2t7-sc17-abfs | Multiple vulnerabilities have been found in Mozilla Firefox, the worst of which could result in arbitrary code execution. |
CVE-2022-42929
|
| VCID-z3r1-zkkw-8fhq | Multiple vulnerabilities have been found in Mozilla Firefox, the worst of which may allow execution of arbitrary code. |
CVE-2017-7756
|
| VCID-z4ad-5vm8-t3g2 | Multiple vulnerabilities have been found in Firefox, Thunderbird, Network Security Services (NSS), and NetScape Portable Runtime (NSPR) with the worst of which may allow remote execution of arbitrary code. |
CVE-2016-1966
|
| VCID-z4hp-wpp1-17bu | Multiple vulnerabilities have been found in Mozilla Firefox, the worst of which may allow execution of arbitrary code. |
CVE-2017-5460
|
| VCID-z52c-v64a-nyhb | Multiple vulnerabilities have been discovered in Mozilla Thunderbird, the worst of which could lead to remote code execution. |
CVE-2024-1548
|
| VCID-z5ts-p4r1-bkh6 | Multiple vulnerabilities have been discovered in Mozilla Thunderbird, the worst of which could lead to remote code execution. |
CVE-2024-1547
|
| VCID-z6kw-szww-7feq | Multiple vulnerabilities have been discovered in Mozilla Thunderbird, the worst of which could lead to remote code execution. |
CVE-2024-7529
|
| VCID-z6yt-va55-s3ey | Multiple vulnerabilities have been discovered in Mozilla Thunderbird, the worst of which could lead to remote code execution. |
CVE-2024-9401
|
| VCID-z7sd-q1rk-jqa7 | Multiple vulnerabilities have been found in Graphite, the worst of which could lead to the remote execution of arbitrary code. |
CVE-2017-7773
|
| VCID-z86r-71n4-p7aj | Multiple vulnerabilities have been found in Mozilla Firefox and Thunderbird the worst of which could lead to the execution of arbitrary code. |
CVE-2016-5267
|
| VCID-z8cr-rten-qqg2 | Multiple vulnerabilities have been discovered in Mozilla Firefox, the worst of which can lead to arbitrary code execution. |
CVE-2025-1932
|
| VCID-z8f3-t842-8bfc | Multiple vulnerabilities have been found in Mozilla Firefox and Thunderbird the worst of which could lead to the execution of arbitrary code. |
CVE-2016-5270
|
| VCID-zbpq-qcww-6yg1 | Multiple vulnerabilities have been found in Mozilla Firefox, the worst of which may allow execution of arbitrary code. |
CVE-2019-17026
|
| VCID-zdbt-zhtq-xfhj | Insufficient escaping in the “Copy as cURL” feature could have been used to trick a user into executing unexpected code on Windows. This did not affect Firefox running on other operating systems. |
CVE-2025-11713
|
| VCID-zdxh-fp2e-47dd | Information disclosure in the Networking component. This vulnerability affects Firefox < 147, Firefox ESR < 140.7, Thunderbird < 147, and Thunderbird < 140.7. |
CVE-2026-0883
|
| VCID-zefw-etrb-z3fu | Multiple vulnerabilities have been discovered in Mozilla Firefox, the worst of which can lead to arbitrary code execution. |
CVE-2024-43097
|
| VCID-zh2m-qyw5-dkgn | Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could result in the arbitrary execution of code. |
CVE-2019-17011
|
| VCID-zh6f-rvv2-sbfu | Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could lead to the execution of arbitrary code. |
CVE-2018-5102
|
| VCID-zhu4-sy56-1yea | Multiple vulnerabilities have been discovered in Mozilla Thunderbird, the worst of which could lead to remote code execution. |
CVE-2023-6861
|
| VCID-zjn8-79ab-tqd3 | Multiple vulnerabilities have been discovered in Mozilla Thunderbird, the worst of which could lead to remote code execution. |
CVE-2023-5726
|
| VCID-zpx3-dck3-6bfy | Multiple vulnerabilities have been found in Mozilla Firefox, the worst of which may allow execution of arbitrary code. |
CVE-2018-6126
|
| VCID-zqpe-9hvc-vkbp | Multiple vulnerabilities have been discovered in Mozilla Thunderbird, the worst of which could lead to remote code execution. |
CVE-2023-5725
|
| VCID-zr38-6kvs-ckdh | Multiple vulnerabilities have been found in Mozilla Firefox, the worst of which may allow execution of arbitrary code. |
CVE-2017-5440
|
| VCID-zstj-sux9-ubdd | Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could result in the arbitrary execution of code. |
CVE-2019-17010
|
| VCID-ztmj-vavn-8kdf | Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could result in the arbitrary execution of code. |
CVE-2022-26383
|
| VCID-zycf-ufab-8yfb | The Firefox installer allows Firefox to be installed to a custom user writable location, leaving it unprotected from manipulation by unprivileged users or malware. If the Mozilla Maintenance Service is manipulated to update this unprotected location and the updated maintenance service in the unprotected location has been altered, the altered maintenance service can run with elevated privileges during the update process due to a lack of integrity checks. This allows for privilege escalation if the executable has been replaced locally. *Note: This attack requires local system access and only affects Windows. Other operating systems are not affected.* |
CVE-2019-11753
|
| VCID-zyxf-mxw2-4yc1 | Multiple vulnerabilities have been found in Mozilla Firefox, the worst of which may allow execution of arbitrary code. |
CVE-2017-5439
|