Search for packages
| purl | pkg:deb/debian/firefox@0?distro=sid |
| Vulnerability | Summary | Fixed by |
|---|---|---|
| This package is not known to be affected by vulnerabilities. | ||
| Vulnerability | Summary | Aliases |
|---|---|---|
| VCID-15mn-5hnv-w7f4 | The Firefox content processes did not sufficiently lockdown access control which could result in a sandbox escape.*Note: this issue only affects Firefox on Windows operating systems.* |
CVE-2020-12389
|
| VCID-184j-aaaw-pbed | If a domain name contained a RTL character, it would cause the domain to be rendered to the right of the path. This could lead to user confusion and spoofing attacks. *This bug only affects Firefox for Android. Other operating systems are unaffected.**Note*: Due to a clerical error this advisory was not included in the original announcement, and was added in February 2022. |
CVE-2021-4221
|
| VCID-1dkk-86db-s3ch | Multiple vulnerabilities have been discovered in Mozilla Thunderbird, the worst of which could lead to remote code execution. |
CVE-2023-5168
|
| VCID-1fjz-wwfj-63fd | A vulnerability existed in Thunderbird for Android where potentially sensitive library locations were logged via Logcat. |
CVE-2025-4090
|
| VCID-1kc3-8bh6-jbc7 | Android intent URLs given to Firefox for Android can be used to navigate from HTTP or HTTPS URLs to local file: URLs, allowing for the reading of local data through a violation of same-origin policy. *Note: This attack only affects Firefox for Android. Other operating systems are not affected.* |
CVE-2017-7759
|
| VCID-1kfj-m46a-bkd9 | A malicious website that causes an HTTP Authentication dialog to be spawned could trick the built-in password manager to suggest passwords for the currently active website instead of the website that triggered the dialog. *This bug only affects Firefox for Android. Other operating systems are unaffected.* |
CVE-2021-29965
|
| VCID-1r1r-3q6z-bbej | The search term could have been specified externally to trigger SQL injection. |
CVE-2022-1887
|
| VCID-1w8j-w2rh-hqdf | Multiple vulnerabilities have been found in Mozilla Firefox and Thunderbird the worst of which could lead to the execution of arbitrary code. |
CVE-2016-2809
|
| VCID-1xy1-1vks-1ugu | A rogue webpage could override the injected WKUserScript used by the download feature, this exploit could result in the user downloading an unintended file. |
CVE-2020-15662
|
| VCID-24j1-4jbd-abft | When recording the screen while in Private Browsing on Firefox for Android the address bar and keyboard were not hidden, potentially leaking sensitive information. *This bug only affects Firefox for Android. Other operating systems are unaffected.* |
CVE-2023-29546
|
| VCID-28ad-d2hr-r3e7 | Accessing a non-secure HTTP site that uses a non-existent port may cause the SSL padlock icon in the location URL bar to, misleadingly, appear secure. |
CVE-2024-53975
|
| VCID-2a5d-8cac-mkft | A newline in a filename could have been used to bypass the file extension security mechanisms that replace malicious file extensions such as .lnk with .download. This could have led to accidental execution of malicious code.*This bug only affects Firefox on Windows. Other versions of Firefox are unaffected.* |
CVE-2023-29542
|
| VCID-2bwb-r8fr-sua8 | Under certain conditions, an attacker with the ability to redirect users to a malicious site via an open redirect on a trusted site, may be able to spoof the address bar contents. This can lead to a malicious site to appear to have the same URL as the trusted site.*This bug only affects Firefox for Android. Other versions of Firefox are unaffected.* |
CVE-2024-8897
|
| VCID-2c6t-jrux-37d9 | Multiple unspecified vulnerabilities in Mozilla Firefox have unspecified vectors and impact, as claimed during ToorCon 2006. NOTE: the vendor and original researchers have released a follow-up comment disputing this issue, in which one researcher states that "I have no undisclosed Firefox vulnerabilities. The person who was speaking with me made this claim, and I honestly have no idea if he has them or not. |
CVE-2006-5160
|
| VCID-2kcw-vt7h-1ya1 | A hyperlink using protocols associated with Internet Explorer, such as IE.HTTP:, can be used to open local files at a known location with Internet Explorer if a user approves execution when prompted. *Note: this issue only occurs on Windows. Other operating systems are unaffected.* |
CVE-2019-11702
|
| VCID-2q2t-rh3t-5qgy | Multiple vulnerabilities have been discovered in Mozilla Firefox, the worst of which could result in arbitrary code execution. |
CVE-2023-25748
|
| VCID-2vdu-1jvt-5uf3 | Lack of escaping allowed HTML injection when a webpage was viewed in Reader View. While a Content Security Policy prevents direct code execution, HTML injection is still possible.*Note: This issue only affected Firefox for Android. Other operating systems are unaffected.* |
CVE-2021-29944
|
| VCID-2xvy-5r3e-eqfd | Unicode RTLO characters could allow malicious websites to spoof filenames in the downloads UI for Firefox for iOS, potentially tricking users into saving files of an unexpected file type. |
CVE-2025-14744
|
| VCID-2yeg-q5hq-wud1 | A mechanism where when a new tab is loaded through JavaScript events, if fullscreen mode is then entered, the addressbar will not be rendered. This would allow a malicious site to displayed a spoofed addressbar, showing the location of an arbitrary website instead of the one loaded. *Note: this issue only affects Firefox for Android. Desktop Firefox is unaffected.* |
CVE-2017-7770
|
| VCID-2z7p-2uj3-2qfb | If hyperthreading is not disabled, a timing attack vulnerability exists, similar to previous Spectre attacks. Apple has shipped macOS 10.14.5 with an option to disable hyperthreading in applications running untrusted code in a thread through a new sysctl. Firefox now makes use of it on the main thread and any worker threads. *Note: users need to update to macOS 10.14.5 in order to take advantage of this change.* |
CVE-2019-9815
|
| VCID-33n8-tvfg-2qg9 | Opening maliciously-crafted URLs in Firefox from other apps such as Safari could have allowed attackers to spoof website addresses if the URLs utilized non-HTTP schemes used internally by the Firefox iOS client |
CVE-2025-5020
|
| VCID-3w3b-gzvg-87ag | If a user had granted a permission to a webpage and saved that grant, any webpage running on the same host - irrespective of scheme or port - would be granted that permission.*This bug only affects Firefox for Android. Other operating systems are unaffected.* |
CVE-2021-29971
|
| VCID-44zf-meps-6fey | Given an installed malicious file picker application, an attacker was able to overwrite local files and thus overwrite Firefox settings (but not access the previous profile). *Note: This issue only affected Firefox for Android. Other operating systems are unaffected.* |
CVE-2020-15650
|
| VCID-4c3c-ygt3-kbg5 | Multiple vulnerabilities have been found in Mozilla Firefox, the worst of which may allow execution of arbitrary code. |
CVE-2020-6797
|
| VCID-4c57-5fbn-8bdy | Malicious websites utilizing a server-side redirect to an internal error page could result in a spoofed website URL |
CVE-2025-27426
|
| VCID-4jfr-pz41-gfbz | Multiple vulnerabilities have been discovered in Mozilla Thunderbird, the worst of which could lead to remote code execution. |
CVE-2024-7523
|
| VCID-4jtc-q2de-nqfz | When receiving a URL through a SEND intent, Firefox would have searched for the text, but subsequent usages of the address bar might have caused the URL to load unintentionally, which could lead to XSS and spoofing attacks.*This bug only affects Firefox for Android. Other operating systems are unaffected.* |
CVE-2021-43544
|
| VCID-4r8e-64b6-bbbu | Use-after-free in the Widget: Cocoa component. This vulnerability affects Firefox < 149, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9. |
CVE-2026-4711
|
| VCID-4rpa-nwnh-b3h3 | The Mozilla Windows updater modifies some files to be updated by reading the original file and applying changes to it. The location of the original file can be altered by a malicious user by passing a special path to the callback parameter through the Mozilla Maintenance Service, allowing the manipulation of files in the installation directory and privilege escalation by manipulating the Mozilla Maintenance Service, which has privileged access. *Note: This attack requires local system access and only affects Windows. Other operating systems are not affected.* |
CVE-2017-7760
|
| VCID-4sv2-j8zg-xkhf | When running, the updater service wrote status and log files to an unrestricted location; potentially allowing an unprivileged process to locate and exploit a vulnerability in file handling in the updater service. *Note: This attack requires local system access and only affects Windows. Other operating systems are not affected.* |
CVE-2019-17009
|
| VCID-4urd-zjpu-47ed | Multiple vulnerabilities have been found in Mozilla Firefox, the worst of which could lead to remote code execution. |
CVE-2023-6870
|
| VCID-4vps-3cxv-xyd5 | On Windows 10, when using the 'Save As' functionality, an attacker could have tricked the browser into saving the file with a disallowed extension such as .url by including an invalid character in the extension. *Note:* This issue only affected Windows operating systems. Other operating systems are unaffected. |
CVE-2024-5692
|
| VCID-4w3q-eb6t-huam | When browsing private tabs, some data related to location history or webpage thumbnails could be persisted incorrectly within the sandboxed app bundle after app termination |
CVE-2024-38312
|
| VCID-511n-z57u-dqhb | Multiple vulnerabilities have been discovered in Mozilla Firefox, the worst of which can lead to arbitrary code execution. |
CVE-2025-1941
|
| VCID-528r-jfhc-abdc | Upon scanning a JavaScript URI with the QR code scanner, an attacker could have executed unauthorized scripts on the current top origin sites in the URL bar. |
CVE-2024-26281
|
| VCID-5666-pp89-aqc2 | The 'Copy as cURL' feature of Devtools' network tab did not properly escape the HTTP method of a request, which can be controlled by the website. If a user used the 'Copy as cURL' feature and pasted the command into a terminal, it could have resulted in command injection and arbitrary command execution.*Note: this issue only affects Firefox on Windows operating systems.* |
CVE-2020-12393
|
| VCID-566b-z61f-5kda | After selecting a malicious Windows .url shortcut from the local filesystem, an unexpected file could be uploaded. *This bug only affects Firefox on Windows. Other operating systems are unaffected.* |
CVE-2025-3033
|
| VCID-57dt-91vn-pyfn | Multiple prompts and panels from both Firefox and the Android OS could be used to obscure the notification announcing the transition to fullscreen mode after the fix for CVE-2023-6870 in Firefox 121. This could lead to spoofing the browser UI if the sudden appearance of the prompt distracted the user from noticing the visual transition happening behind the prompt. These notifications now use the Android Toast feature. *This bug only affects Firefox on Android. Other operating systems are unaffected.* |
CVE-2024-8388
|
| VCID-5aga-y5nk-5fha | A locally-installed hostile program could send `WM_COPYDATA` messages that Firefox would processing incorrectly, leading to an out-of-bounds read. *This bug only affects Firefox on Windows. Other operating systems are unaffected.* |
CVE-2021-29964
|
| VCID-5c1p-6gjw-wkgx | Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could lead to the execution of arbitrary code. |
CVE-2018-12391
|
| VCID-5kuc-8g2u-8baq | When a link can be opened in an external application, Firefox for Android will, by default, prompt the user before doing so. An attacker could have bypassed this prompt, potentially exposing the user to security vulnerabilities or privacy leaks in external applications. *This bug only affects Firefox for Android. Other versions of Firefox are unaffected.* |
CVE-2025-6431
|
| VCID-5p2x-6brd-xfad | Default fonts on OS X display some Tibetan characters as whitespace. When used in the addressbar as part of an IDN this can be used for domain name spoofing attacks. *Note: This attack only affects OS X operating systems. Other operating systems are unaffected.* |
CVE-2017-7763
|
| VCID-5srb-q1nd-1qfh | A buffer overflow occurs when drawing and validating elements using Direct 3D 9 with the ANGLE graphics library, used for WebGL content. This is due to an incorrect value being passed within the library during checks and results in a potentially exploitable crash. *Note: This attack only affects Windows operating systems. Other operating systems are unaffected.* |
CVE-2017-7845
|
| VCID-5vfr-zqvb-ykdv | Links in a sandboxed iframe could open an external app on Android without the required "allow-" permission. |
CVE-2025-11716
|
| VCID-5wtc-metc-wfb1 | If an insecure element was added to a page after a delay, Firefox would not replace the secure icon with a mixed content security status |
CVE-2024-31392
|
| VCID-5zmj-5xkc-zkgc | A vulnerability exists in the Windows sandbox where an uninitialized value in memory can be leaked to a renderer from a broker when making a call to access an otherwise unavailable file. This results in the potential leaking of information stored at that memory location. *Note: this issue only occurs on Windows. Other operating systems are unaffected.* |
CVE-2019-11694
|
| VCID-65u4-c84h-qqa1 | Multiple vulnerabilities have been discovered in Mozilla Firefox, the worst of which could lead to remote code execution. |
CVE-2024-4766
|
| VCID-6rpt-16pv-yfar | The Firefox installer on Windows can be made to load malicious DLL files stored in the same directory as the installer when it is run. This allows privileged execution if the installer is run with elevated privileges. *Note: This attack only affects Windows operating systems. Other operating systems are unaffected.* |
CVE-2017-7755
|
| VCID-6uth-8k3d-7qdj | Multiple vulnerabilities have been found in Mozilla Firefox, the worst of which may allow execution of arbitrary code. |
CVE-2018-12381
|
| VCID-6zjy-1agk-nbd9 | Multiple vulnerabilities have been discovered in Mozilla Thunderbird, the worst of which could lead to remote code execution. |
CVE-2023-5174
|
| VCID-754j-7erb-z7ae | Mozilla Firefox's update mechanism allowed a medium-integrity user process to interfere with the SYSTEM-level updater by manipulating the file-locking behavior. By injecting code into the user-privileged process, an attacker could bypass intended access controls, allowing SYSTEM-level file operations on paths controlled by a non-privileged user and enabling privilege escalation. |
CVE-2025-2817
|
| VCID-7939-5qcd-tqgg | Modification of specific WebGL shader attributes could trigger an out-of-bounds read, which, when chained with other vulnerabilities, could be used to escalate privileges.*This bug only affects Firefox for macOS. Other versions of Firefox are unaffected.* |
CVE-2025-4082
|
| VCID-7ej3-csq2-9ycp | When a user downloaded a file in Firefox for Android, if a cookie is set, it would have been re-sent during a subsequent file download operation on the same domain, regardless of whether the original and subsequent request were in private and non-private browsing modes.*Note: This issue only affected Firefox for Android. Other operating systems are unaffected.* |
CVE-2020-26955
|
| VCID-7fvy-7hpe-kbej | Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could result in the arbitrary execution of code. |
CVE-2021-38492
|
| VCID-7jjr-g2uj-wqdr | An attacker could have executed unauthorized scripts on top origin sites using a JavaScript URI when opening an external URL with a custom Firefox scheme. |
CVE-2024-26283
|
| VCID-7taq-vg8p-f3dj | Android intents can be used to launch Firefox for Android in reader mode with a user specified URL. This allows an attacker to spoof the contents of the addressbar as displayed to users. *Note: This attack only affects Firefox for Android. Other operating systems are not affected.* |
CVE-2017-5463
|
| VCID-7u5b-uzd5-7kdc | Certain WebGL operations on Apple silicon M series devices could have lead to an out-of-bounds write and memory corruption due to a flaw in Apple's GPU driver. *This bug only affected the application on Apple M series hardware. Other platforms were unaffected.* |
CVE-2024-11691
|
| VCID-7zbd-n414-43b7 | If cursor visibility is toggled by script using from 'none' to an image and back through script, the cursor will be rendered temporarily invisible within Firefox. *Note: This vulnerability only affects OS X. Other operating systems are not affected.* |
CVE-2018-5110
|
| VCID-84nu-ma7v-efd1 | When scanning QR codes, Firefox for Android would have allowed navigation to some URLs that do not point to web content.*This bug only affects Firefox for Android. Other operating systems are unaffected.* |
CVE-2022-22749
|
| VCID-89nm-zgtp-cqc1 | The Gecko Media Plugin sandbox allows access to local files that match specific regular expressions. On OS OX, this matching allows access to some data in subdirectories of /private/var that could expose personal or temporary data. This has been updated to not allow access to /private/var and its subdirectories. *Note: this issue only affects OS X. Other operating systems are not affected.* |
CVE-2017-5425
|
| VCID-8b6h-ptgc-3yfs | Malicious scripts that interrupt new tab page loading could cause desynchronization between the address bar and page content, allowing the attacker to spoof arbitrary HTML under a trusted domain. |
CVE-2026-2032
|
| VCID-8bvd-y3qe-8qfk | The Mozilla Maintenance Service does not guard against files being hardlinked to another file in the updates directory, allowing for the replacement of local files, including the Maintenance Service executable, which is run with privileged access. Additionally, there was a race condition during checks for junctions and symbolic links by the Maintenance Service, allowing for potential local file and directory manipulation to be undetected in some circumstances. This allows for potential privilege escalation by a user with unprivileged local access. *Note: These attacks requires local system access and only affects Windows. Other operating systems are not affected.* |
CVE-2019-11736
|
| VCID-8gzb-8g1n-yqfw | If a specific sequence of actions is performed when opening a new tab, the triggering principal associated with the new tab may have been incorrect. The triggering principal is used to calculate many values, including the Referer and Sec-* headers, meaning there is the potential for incorrect security checks within the browser in addition to incorrect or misleading information sent to remote websites.*This bug only affects Firefox for Android. Other versions of Firefox are unaffected.* |
CVE-2024-5687
|
| VCID-8hgj-7cb6-fbbp | A race condition is present in the crash generation server used to generate data for the crash reporter. This issue can lead to a use-after-free in the main process, resulting in a potentially exploitable crash and a sandbox escape. *Note: this vulnerability only affects Windows. Other operating systems are unaffected.* |
CVE-2019-9818
|
| VCID-8wa6-ce1p-fbh8 | In private browsing mode on Firefox for Android, favicons are cached in the cache/icons folder as they are in non-private mode. This allows information leakage of sites visited during private browsing sessions. *Note: this issue only affects Firefox for Android. Desktop versions of Firefox are unaffected.* |
CVE-2018-12400
|
| VCID-8x12-urec-77e2 | When transitioning in and out of fullscreen mode, a graphics object was not correctly protected; resulting in memory corruption and a potentially exploitable crash.*This bug only affects Firefox on MacOS. Other operating systems are unaffected.* |
CVE-2021-4128
|
| VCID-92b6-64g1-3kbn | When redirecting to an invalid protocol scheme, an attacker could spoof the address bar. *Note: This issue only affected Android operating systems. Other operating systems are unaffected.* |
CVE-2025-0244
|
| VCID-942z-zc2a-n3cc | Multiple vulnerabilities have been discovered in Mozilla Firefox, the worst of which could result in arbitrary code execution. |
CVE-2022-45413
|
| VCID-96tr-zf8q-gkfu | An attacker could have performed HTML template injection via Reader Mode and exfiltrated user information. |
CVE-2023-49061
|
| VCID-9bth-c8sa-mkdk | An attacker could have accessed internal pages or data by ex-filtrating a security key from ReaderMode via the referrerpolicy attribute. |
CVE-2023-49060
|
| VCID-9h1s-hhn8-9ydy | Using an AMP url with a canonical element, an attacker could have executed JavaScript from an opened bookmarked page. |
CVE-2024-26282
|
| VCID-9hep-yqmw-8bg4 | When a new Firefox profile is created on 64-bit Windows installations, the sandbox for 64-bit NPAPI plugins is not enabled by default. *Note: This issue only affects 64-bit Windows. 32-bit Windows and other operating systems are unaffected.* |
CVE-2016-9072
|
| VCID-9tnr-m8mg-3ffw | Due to insufficient escaping of the ampersand character in the “Copy as cURL” feature, an attacker could trick a user into using this command, potentially leading to local code execution on the user's system.*This bug only affects Firefox for Windows. Other versions of Firefox are unaffected.* |
CVE-2025-5265
|
| VCID-a2as-nfu2-ykax | Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could lead to remote code execution. |
CVE-2023-32214
|
| VCID-a68p-hcz6-jffj | The Firefox content processes did not sufficiently lockdown access control which could result in a sandbox escape.*Note: this issue only affects Firefox on Windows operating systems.* |
CVE-2020-12388
|
| VCID-a9j8-ync3-jfgy | Multiple vulnerabilities have been found in Mozilla Firefox, the worst of which could lead to remote code execution. |
CVE-2023-5758
|
| VCID-aby2-r7bt-vybb | Multiple vulnerabilities have been found in Mozilla Firefox, the worst of which could result in the arbitrary execution of code. |
CVE-2021-23977
|
| VCID-af5n-5ye1-s3fd | Mozilla Firefox before 3.6 is vulnerable to XSS via the rendering of Cascading Style Sheets |
CVE-2011-2670
|
| VCID-akhr-nck5-sfh2 | When opening a Windows shortcut from the local filesystem, an attacker could supply a remote path that would lead to unexpected network requests from the operating system.This bug only affects Thunderbird for Windows. Other operating systems are unaffected.* |
CVE-2022-36314
|
| VCID-akwm-tx92-bqfs | Mozilla Firefox through 1.5.0.3 has a vulnerability in processing the content-length header |
CVE-2011-2668
|
| VCID-avgs-nz9j-gqg8 | On Windows, a compromised content process could use bad StreamData sent over AudioIPC to trigger a use-after-free in the Browser process. This could have led to a sandbox escape. |
CVE-2025-1930
|
| VCID-aw1p-efnf-57e1 | Websites redirecting to a non-HTTP scheme URL could allow a website address to be spoofed for a malicious page |
CVE-2025-27424
|
| VCID-ax8a-z9s4-e3dk | A vulnerability was discovered where specific command line arguments are not properly discarded during Firefox invocation as a shell handler for URLs. This could be used to retrieve and execute files whose location is supplied through these command line arguments if Firefox is configured as the default URI handler for a given URI scheme in third party applications and these applications insufficiently sanitize URL data. *Note: This issue only affects Windows operating systems. Other operating systems are unaffected.* |
CVE-2019-9794
|
| VCID-b7sc-ty24-k7gj | Multiple vulnerabilities have been discovered in Mozilla Firefox, the worst of which could lead to remote code execution. |
CVE-2024-4765
|
| VCID-b8qk-zbj4-yfg2 | When setting a thread name on Windows in WebRTC, an incorrect number of arguments could have been supplied, leading to stack corruption and a potentially exploitable crash. *Note: this issue only occurs on Windows. Other operating systems are unaffected.* |
CVE-2019-13722
|
| VCID-baq3-sm51-3qae | An error in the WindowsDllDetourPatcher where a RWX ("Read/Write/Execute") 4k block is allocated but never protected, violating DEP protections. *Note: This attack only affects Windows operating systems. Other operating systems are not affected.* |
CVE-2017-7782
|
| VCID-bva6-xgue-q3dh | In Firefox Developer Tools it is possible that pasting the result of the 'Copy as cURL' command into a command shell on macOS will cause the execution of unintended additional bash script commands if the URL was maliciously crafted. This is the result of an issue with the native version of Bash on macOS. *Note: This issue only affects macOS. Other operating systems are unaffected.* |
CVE-2019-9804
|
| VCID-c52k-tg8d-sbeg | Multiple vulnerabilities have been discovered in Mozilla Thunderbird, the worst of which could result in arbitrary code execution. |
CVE-2023-23599
|
| VCID-c9pz-t1b3-ykf2 | Firefox for Android allowed a sandboxed iframe without the allow-downloads attribute to start downloads. |
CVE-2025-8042
|
| VCID-cfqv-7r6b-g3e9 | Multiple vulnerabilities have been discovered in Mozilla Thunderbird, the worst of which could lead to remote code execution. |
CVE-2023-4576
|
| VCID-cfy8-73k1-jkdj | The Mozilla Maintenance Service helper.exe application creates a temporary directory writable by non-privileged users. When this is combined with creation of a junction (a form of symbolic link), protected files in the target directory of the junction can be deleted by the Mozilla Maintenance Service, which has privileged access. *Note: This attack requires local system access and only affects Windows. Other operating systems are not affected.* |
CVE-2017-7761
|
| VCID-cmnc-fyxb-rfd4 | An attacker could have caused an out of bounds memory access using WebGL APIs, leading to memory corruption and a potentially exploitable crash.*This bug only affects Firefox for macOS. Other operating systems are unaffected.* |
CVE-2023-29531
|
| VCID-cpra-u2v5-3qg5 | An attack using manipulation of updater.ini contents, used by the Mozilla Windows Updater, and privilege escalation through the Mozilla Maintenance Service to allow for arbitrary file execution and deletion by the Maintenance Service, which has privileged access. *Note: This attack requires local system access and only affects Windows. Other operating systems are not affected.* |
CVE-2017-7766
|
| VCID-cver-m3d6-rkhp | If the Remote Debugging via USB feature was enabled in Firefox for Android on an Android version prior to Android 6.0, untrusted apps could have connected to the feature and operated with the privileges of the browser to read and interact with web content. The feature was implemented as a unix domain socket, protected by the Android SELinux policy; however, SELinux was not enforced for versions prior to 6.0. This was fixed by removing the Remote Debugging via USB feature from affected devices.*Note: This issue only affected Firefox for Android. Other operating systems are unaffected.* |
CVE-2020-26964
|
| VCID-d25k-36fw-67af | Focus was incorrectly allowing internal links to utilize the app scheme used for deeplinking, which could result in links potentially circumventing some URL safety checks |
CVE-2024-10474
|
| VCID-d3n9-h8yh-r3ds | Mozilla Firefox 1.0.1 and possibly other versions, including Mozilla and Thunderbird, allows remote attackers to spoof the URL in the Status Bar via an A HREF tag that contains a TABLE tag that contains another A tag. |
CVE-2005-4809
|
| VCID-d5hs-m1zz-kybj | The destructor function for the WindowsDllDetourPatcher class can be re-purposed by malicious code in concert with another vulnerability to write arbitrary data to an attacker controlled location in memory. This can be used to bypass existing memory protections in this situation. *Note: This attack only affects Windows operating systems. Other operating systems are not affected.* |
CVE-2017-7804
|
| VCID-d9dm-aww1-pfbm | Multiple vulnerabilities have been found in Mozilla Firefox and Thunderbird the worst of which could lead to the execution of arbitrary code. |
CVE-2016-5253
|
| VCID-daaa-zra4-w7hz | Multiple vulnerabilities have been discovered in Mozilla Firefox, the worst of which could result in arbitrary code execution. |
CVE-2023-23600
|
| VCID-ddhz-4wa1-zke9 | A Content Provider in Firefox for Android allowed local files accessible by the browser to be read by a remote webpage, leading to sensitive data disclosure, including cookies for other origins. |
CVE-2020-15647
|
| VCID-de9v-k2u9-tbhk | The contextual menu for links could provide an opportunity for cross-site scripting attacks |
CVE-2024-43113
|
| VCID-dher-5g6m-yuev | Navigations through the Android-specific `intent` URL scheme could have been misused to escape iframe sandbox.*Note: This issue only affected Firefox for Android. Other operating systems are unaffected.* |
CVE-2021-23957
|
| VCID-dhsg-zyny-5ybq | The displayed addressbar URL can be spoofed on Firefox for Android using a javascript: URI in concert with JavaScript to insert text before the loaded domain name, scrolling the loaded domain out of view to the right. This can lead to user confusion. *This vulnerability only affects Firefox for Android.* |
CVE-2018-12382
|
| VCID-dmnj-pt27-3bge | Multiple vulnerabilities have been discovered in Mozilla Thunderbird, the worst of which could lead to remote code execution. |
CVE-2024-9391
|
| VCID-dq19-byye-fuag | Multiple vulnerabilities have been found in Mozilla Firefox, the worst of which could result in the arbitrary execution of code. |
CVE-2022-34469
|
| VCID-dsqp-sd8u-97et | Multiple vulnerabilities have been reported in Mozilla Thunderbird, some of which may allow the remote execution of arbitrary code. |
CVE-2006-6500
|
| VCID-dukt-jk3k-wqht | When using an invalid protocol scheme, an attacker could spoof the address bar. *Note: This issue only affected Android operating systems. Other operating systems are unaffected.**Note: This issue is a different issue from CVE-2025-0244. |
CVE-2025-0246
|
| VCID-dveb-sthz-bkgu | Multiple vulnerabilities have been discovered in Mozilla Thunderbird, the worst of which could result in arbitrary code execution. |
CVE-2023-25738
|
| VCID-dxaw-2u95-nfbs | Multiple vulnerabilities have been discovered in Mozilla Firefox, the worst of which could result in arbitrary code execution. |
CVE-2022-38474
|
| VCID-dyn7-63ve-37at | Multiple vulnerabilities have been found in Mozilla Firefox and Thunderbird the worst of which could lead to the execution of arbitrary code. |
CVE-2016-2813
|
| VCID-e7p8-zrwx-5ug6 | A flaw in handling fullscreen transitions may have inadvertently caused the application to become stuck in fullscreen mode when a modal dialog was opened during the transition. This issue left users unable to exit fullscreen mode using standard actions like pressing "Esc" or accessing right-click menus, resulting in a disrupted browsing experience until the browser is restarted. *This bug only affects the application when running on macOS. Other operating systems are unaffected.* |
CVE-2024-11698
|
| VCID-ebhp-kzkz-euhu | Similar to CVE-2023-28163, this time when choosing 'Save Link As', suggested filenames containing environment variable names would have resolved those in the context of the current user. *This bug only affects Firefox on Windows. Other versions of Firefox are unaffected.* |
CVE-2023-29545
|
| VCID-eccp-16z6-9ug3 | Long pressing on a download link could potentially provide a means for cross-site scripting |
CVE-2024-43112
|
| VCID-efvs-1tuf-guf4 | Information disclosure in the Widget: Cocoa component. This vulnerability affects Firefox < 149, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9. |
CVE-2026-4712
|
| VCID-er9k-vh29-tyed | Private browsing mode leaves metadata information, such as URLs, for sites visited in browser.db and browser.db-wal files within the Firefox profile after the mode is exited. *Note: This issue only affects Firefox for Android. Other versions and operating systems are unaffected.* |
CVE-2016-9062
|
| VCID-ewet-6xtr-sqdn | Mozilla Firefox prior to 3.6 has a DoS vulnerability due to an issue in the validation of certificates. |
CVE-2011-2669
|
| VCID-f4ja-2ydw-cufu | The executable file warning was not presented when downloading .library-ms files. *Note: This issue only affected Windows operating systems. Other operating systems are unaffected.* |
CVE-2024-11693
|
| VCID-f8c7-p8nz-bbap | A local attacker can trick the Mozilla Maintenance Service into applying an unsigned update file by pointing the service at an update file on a malicious SMB server. The update file can be replaced after the signature check, before the use, because the write-lock requested by the service does not work on a SMB server.*Note: This attack requires local system access and only affects Windows. Other operating systems are not affected.* |
CVE-2023-29532
|
| VCID-f9yy-d81z-1fgz | Starting in Firefox 143, the use of the native messaging API by web extensions on Windows could lead to crashes caused by use-after-free memory corruption. |
CVE-2025-11719
|
| VCID-fgk1-cfpw-pfdn | When typing in a password under certain conditions, a race may have occurred where the InputContext was not being correctly set for the input field, resulting in the typed passwod being saved to the keyboard dictionary. |
CVE-2020-15671
|
| VCID-frbm-3qry-eygz | IndexedDB should be cleared when leaving private browsing mode and it is not, the API for WKWebViewConfiguration was being used incorrectly and requires the private instance of this object be deleted when leaving private mode. |
CVE-2020-12414
|
| VCID-ftv9-7sum-17hm | For native-to-JS bridging the app requires a unique token to be passed that ensures non-app code can't call the bridging functions. That token could leak when used for downloading files. |
CVE-2020-12404
|
| VCID-g2et-bnvt-9fem | During the initialization of a new content process, a race condition occurs that can allow a content process to disclose heap addresses from the parent process. *Note: this issue only occurs on Windows. Other operating systems are unaffected.* |
CVE-2019-17021
|
| VCID-g4m8-vzbp-cqgq | A previously installed malicious Android application which defines a specific signature-level permissions used by Firefox can access API keys meant for Firefox only. *Note: This issue only affects Firefox for Android. Other versions and operating systems are unaffected.* |
CVE-2016-9061
|
| VCID-g6zv-3s2h-67ee | When switching between Android apps using the card carousel Firefox shows a black screen as its card image when a password-related screen was the last one being used. Prior to Firefox 144 the password edit screen was visible. |
CVE-2025-11717
|
| VCID-g99d-51ht-kbhn | The Firefox and Firefox Focus UI for the Android custom tab feature only showed the "site" that was loaded, not the full hostname. User supplied content hosted on a subdomain of a site could have been used to fool a user into thinking it was content from a different subdomain of that site. |
CVE-2025-11720
|
| VCID-gdkx-hymn-qfbh | When Python was installed on Windows, a python file being served with the MIME type of text/plain could be executed by Python instead of being opened as a text file when the Open option was selected upon download. *Note: this issue only occurs on Windows. Other operating systems are unaffected.* |
CVE-2019-17019
|
| VCID-gu5n-35b2-a3am | Multiple vulnerabilities have been found in Mozilla Firefox and Thunderbird the worst of which could lead to the execution of arbitrary code. |
CVE-2016-2839
|
| VCID-gxza-vbmf-tke7 | Multiple vulnerabilities have been discovered in Mozilla Firefox, the worst of which could result in arbitrary code execution. |
CVE-2023-25749
|
| VCID-h1bz-r5pa-9fbw | Under certain circumstances, a user opt-in setting that Focus should require authentication before use could have been be bypassed. |
CVE-2025-0245
|
| VCID-hgx7-ubwk-wkdj | Mozilla Firefox 1.5.0.1, and possibly other versions, preserves some records of user activity even after uninstalling, which allows local users who share a Windows profile to view the records after a new installation of Firefox, as reported for the list of Passwords Never Saved web sites. NOTE: The vendor has disputed this issue, stating that "The uninstaller is primarily there to uninstall the application. It is not there to uninstall user data. For the moment I will stick by my module-owner decision. |
CVE-2004-2657
|
| VCID-hhad-uy4u-xkak | When the RSS Feed preview about:feeds page is framed within another page, it can be used in concert with scripted content for a clickjacking attack that confuses users into downloading and executing an executable file from a temporary directory. *Note: This issue only affects Windows operating systems. Other operating systems are not affected.* |
CVE-2018-18496
|
| VCID-hmtb-36h7-3uaj | A select option could partially obscure the confirmation prompt shown before launching external apps. This could be used to trick a user in to launching an external app unexpectedly. *This issue only affects Android versions of Firefox.* |
CVE-2025-1940
|
| VCID-hr2p-k95n-pbg3 | The session restore helper crashed whenever there was no parameter sent to the message handler. |
CVE-2023-37456
|
| VCID-hs7f-4tav-dfcv | When a malicious application installed on the user's device broadcast an Intent to Firefox for Android, arbitrary headers could have been specified, leading to attacks such as abusing ambient authority or session fixation. This was resolved by only allowing certain safe-listed headers.*Note: This issue only affected Firefox for Android. Other operating systems are unaffected.* |
CVE-2020-26975
|
| VCID-hu6v-g43k-9uep | Multiple vulnerabilities have been discovered in Mozilla Thunderbird, the worst of which could lead to remote code execution. |
CVE-2024-9395
|
| VCID-hwdb-ww2n-fqdq | A spoofing vulnerability can occur when a page switches to fullscreen mode without user notification, allowing a fake address bar to be displayed. This allows an attacker to spoof which page is actually loaded and in use. *Note: This attack only affects Firefox for Android. Other operating systems are not affected.* |
CVE-2017-7817
|
| VCID-j2ax-jb2h-byeu | Multiple vulnerabilities have been discovered in Mozilla Thunderbird, the worst of which could lead to remote code execution. |
CVE-2023-4052
|
| VCID-j2ga-ggcd-fkg1 | Multiple vulnerabilities have been found in Mozilla Firefox and Thunderbird the worst of which could lead to the execution of arbitrary code. |
CVE-2016-2805
|
| VCID-j921-2uvd-kked | Dragging Javascript URLs to the address bar could cause them to be loaded, bypassing restrictions and security protections |
CVE-2024-31393
|
| VCID-jeja-pgsz-2uaq | Multiple vulnerabilities have been found in Mozilla Firefox, the worst of which could result in the arbitrary execution of code. |
CVE-2021-23976
|
| VCID-jf6r-vdhm-tyfr | An XSS bug in internal error pages could have led to various spoofing attacks, including other error pages and the address bar.*Note: This issue only affected Firefox for Android. Other operating systems are unaffected.* |
CVE-2021-23959
|
| VCID-jjqk-qjcz-sudp | A use-after-free can occur during buffer storage operations within the ANGLE graphics library, used for WebGL content. The buffer storage can be freed while still in use in some circumstances, leading to a potentially exploitable crash. *Note: This issue is in libGLES, which is only in use on Windows. Other operating systems are not affected.* |
CVE-2017-5411
|
| VCID-jxq3-3gzd-yycp | Multiple vulnerabilities have been found in Mozilla Firefox and Thunderbird the worst of which could lead to the execution of arbitrary code. |
CVE-2016-5294
|
| VCID-jxwt-d17p-1fgk | When visiting a website with an overly long URL, the user interface would start to hang. Due to session restore, this could lead to a permanent Denial of Service.*This bug only affects Firefox for Android. Other operating systems are unaffected.* |
CVE-2022-36317
|
| VCID-jz16-4ywn-u7h3 | Long pressing on a download link could potentially allow Javascript commands to be executed within the browser |
CVE-2024-43111
|
| VCID-k813-qahc-ubf4 | Security researcher Aral reported an out-of-bounds write when using the ANGLE graphics library, which is used for WebGL content on Windows systems. This crash occurs due to improper size checking while writing to an array during some WebGL shader operations. The ANGLE graphics library is only used on Windows. Linux, OS X, and Android operating systems are not affected by this vulnerability. |
CVE-2016-2824
|
| VCID-keec-2paa-qqe6 | The location bar in Firefox for Android can be spoofed by forcing a user into fullscreen mode, blocking its exiting, and creating of a fake location bar without any user notification. *Note: This issue only affects Firefox for Android. Other versions and operating systems are unaffected.* |
CVE-2016-9065
|
| VCID-khm6-vuzx-zfeg | A potential use-after-free in libaudio was fixed by disabling the AAudio backend when running on Android API below version 30.*This bug only affects Firefox for Android. Other versions of Firefox are unaffected.* |
CVE-2023-25747
|
| VCID-kr94-y6hg-d3hp | Multiple vulnerabilities have been found in Mozilla Firefox, the worst of which may allow execution of arbitrary code. |
CVE-2020-6799
|
| VCID-krg2-d4vy-z7fu | During the initialization of a new content process, a pointer offset can be manipulated leading to memory corruption and a potentially exploitable crash in the parent process. *Note: this issue only occurs on Windows. Other operating systems are unaffected.* |
CVE-2019-17015
|
| VCID-m4hs-41n2-8bbz | Malicious pages could use Firefox for Android to pass FIDO: links to the OS and trigger the "hybrid" passkey transport. An attacker within Bluetooth range could have used this to trick the user into using their passkey to log the attacker's computer into the target account. |
CVE-2024-9956
|
| VCID-m92a-91pv-dffv | If a user downloaded a file lacking an extension on Windows, and then "Open"-ed it from the downloads panel, if there was an executable file in the downloads directory with the same name but with an executable extension (such as .bat or .exe) that executable would have been launched instead.*Note: This issue only affected Windows operating systems. Other operating systems are unaffected.* |
CVE-2020-35112
|
| VCID-mj2t-phst-v7f8 | Firefox for Android allowed navigations through the `intent://` protocol, which could be used to cause crashes and UI spoofs. *This bug only affects Firefox for Android. Other operating systems are unaffected.* |
CVE-2021-29993
|
| VCID-mp4n-ez8p-63ek | Multiple vulnerabilities have been discovered in Mozilla Thunderbird, the worst of which could result in arbitrary code execution. |
CVE-2023-28163
|
| VCID-mpx9-1b8x-qkaj | A mechanism where disruption of the loading of a new web page can cause the previous page's favicon and SSL indicator to not be reset when the new page is loaded. *Note: this issue only affects Firefox for Android. Desktop Firefox is unaffected.* |
CVE-2016-5298
|
| VCID-mqte-f1hw-2ya5 | Multiple vulnerabilities have been found in Mozilla Firefox, the worst of which could result in the arbitrary execution of code. |
CVE-2022-22753
|
| VCID-mqyc-vuqn-tfdg | Scanning certain QR codes that included text with a website URL could allow the URL to be opened without presenting the user with a confirmation alert first |
CVE-2025-27425
|
| VCID-mtkx-1vvb-3yhp | In the Angle graphics library, depth pitch computations did not take into account the block size and simply multiplied the row pitch with the pixel height. This caused the load functions to use a very high depth pitch, reading past the end of the user-supplied buffer.*Note: This issue only affected Windows operating systems. Other operating systems are unaffected.* |
CVE-2020-16048
|
| VCID-mvg3-6cbk-xyb6 | Multiple vulnerabilities have been discovered in Mozilla Thunderbird, the worst of which could result in arbitrary code execution. |
CVE-2023-25740
|
| VCID-mwrr-ashj-bfg3 | Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could lead to the execution of arbitrary code. |
CVE-2017-7825
|
| VCID-myaj-sqb7-27dq | For native-to-JS bridging, the app requires a unique token to be passed that ensures non-app code can't call the bridging functions. That token was being used for JS-to-native also, but it isn't needed in this case, and its usage was also leaking this token. |
CVE-2020-6830
|
| VCID-myv9-89b8-w7dm | In the Windows 10 April 2018 Update, Windows Defender SmartScreen honors the SEE_MASK_FLAG_NO_UI flag associated with downloaded files and will not show any UI. Files that are unknown and potentially dangerous will be allowed to run because SmartScreen will not prompt the user for a decision, and if the user is offline all files will be allowed to be opened because Windows won’t prompt the user to ask what to do. Firefox incorrectly sets this flag when downloading files, leading to less secure behavior from SmartScreen. *Note: this issue only affects Windows 10 users running the April 2018 update or later. It does not affect other Windows users or other operating systems.* |
CVE-2018-5174
|
| VCID-n4g2-4hj3-vkb9 | Malicious scripts could cause desynchronization between the address bar and web content before a response is received in Firefox iOS, allowing attacker-controlled pages to be presented under spoofed domains. |
CVE-2026-2634
|
| VCID-n7fp-17uy-eqe7 | Spoofing issue in the Address Bar component of Firefox Focus for Android. |
CVE-2025-9186
|
| VCID-nexj-aaak-u7aq | Low descenders on some Tibetan characters in several fonts on OS X are clipped when rendered in the addressbar. When used as part of an Internationalized Domain Name (IDN) this can be used for domain name spoofing attacks. *Note: This attack only affects OS X operating systems. Other operating systems are unaffected.* |
CVE-2018-5121
|
| VCID-p1tr-p6je-dybj | This vulnerability allows an attacker to use the Mozilla Maintenance Service to escalate privilege by having the Maintenance Service invoke the Mozilla Updater to run malicious local files. This vulnerability requires local system access and is a variant of MFSA2013-44. *Note: this issue only affects Windows operating systems.* |
CVE-2016-5295
|
| VCID-p4kh-nd6b-jubh | When drawing text onto a canvas with WebRender disabled, an out of bounds read could occur. *This bug only affects Firefox on Windows. Other operating systems are unaffected.* |
CVE-2021-29968
|
| VCID-pber-bzw2-r3gw | The Mozilla Maintenance Service can be invoked by an unprivileged user to read 32 bytes of any arbitrary file on the local system by convincing the service that it is reading a status file provided by the Mozilla Windows Updater. The Mozilla Maintenance Service executes with privileged access, bypassing system protections against unprivileged users. *Note: This attack requires local system access and only affects Windows. Other operating systems are not affected.* |
CVE-2017-7768
|
| VCID-phf8-uzdb-vber | Multiple vulnerabilities have been found in Mozilla Firefox, the worst of which could result in the arbitrary execution of code. |
CVE-2022-29910
|
| VCID-pn68-e9g7-qbf1 | The executable file warning did not warn users before opening files with the terminal extension. *This bug only affects Thunderbird for macOS. Other versions of Thunderbird are unaffected.* |
CVE-2025-6426
|
| VCID-prum-nfkw-a3gp | When in Private Browsing Mode on Windows 10, the Windows keyboard may retain word suggestions to improve the accuracy of the keyboard. |
CVE-2019-17018
|
| VCID-q2t7-31ux-cyc6 | On Windows systems, the logger run by the Windows updater deletes the file "update.log" before it runs in order to write a new log of that name. The path to this file is supplied at the command line to the updater and could be used in concert with another local exploit to delete a different file named "update.log" instead of the one intended. *Note: This attack only affects Windows operating systems. Other operating systems are not affected.* |
CVE-2017-7796
|
| VCID-q4x5-dz5r-jqgr | Multiple vulnerabilities have been found in Mozilla Firefox and Thunderbird the worst of which could lead to the execution of arbitrary code. |
CVE-2016-9905
|
| VCID-qb3k-wy5x-buh4 | Long hostnames in URLs could be leveraged to obscure the actual host of the website or spoof the website address |
CVE-2025-23109
|
| VCID-qewm-wn6h-b3f3 | OneCRL was non-functional in the new Firefox for Android due to a missing service initialization. This could result in a failure to enforce some certificate revocations.*Note: This issue only affected Firefox for Android. Other operating systems are unaffected.* |
CVE-2020-26957
|
| VCID-qm3n-zmh9-afgy | By triggering multiple pop-up prompts containing javascript: URLs, a malicious webpage could have forced a Firefox for Android user into executing attacker-controlled JavaScript in the context of another domain, resulting in a Universal Cross-Site Scripting vulnerability.*Note: This issue only affected Firefox for Android. Other operating systems are unaffected.* |
CVE-2021-29953
|
| VCID-qnk9-a332-dbfg | A crafted URL using a blob: URI could have hidden the true origin of the page, resulting in a potential spoofing attack.*Note: This issue only affected Android operating systems. Other operating systems are unaffected.* |
CVE-2025-8364
|
| VCID-qqxg-94u9-m7cm | The cache directory on the local file system is set to be world writable. Firefox defaults to extracting libraries from this cache. This allows for the possibility of an installed malicious application or tools with write access to the file system to replace files used by Firefox with their own versions. |
CVE-2017-5397
|
| VCID-qrsj-pbnc-a7bt | A spoofing vulnerability can occur when a malicious site with an extremely long domain name is opened in an Android Custom Tab (a browser panel inside another app) and the default browser is Firefox for Android. This could allow an attacker to spoof which page is actually loaded and in use. *Note: this issue only affects Firefox for Android. Other versions and operating systems are unaffected.* |
CVE-2018-5138
|
| VCID-qu3v-meay-f3dh | Android apps can load web pages using the Custom Tabs feature. This feature supports a transition animation that could have been used to trick a user into granting sensitive permissions by hiding what the user was actually clicking. |
CVE-2025-1939
|
| VCID-qu9b-rst3-v7fa | Security researcher Frédéric Hoguin reported a mechanism where the Mozilla Windows updater could be used to overwrite arbitrary files. He found that files extracted by the updater from a MAR archive are not locked for writing and can be overwritten by other processes while the updater is running. A malicious local program could invoke the updater and then interfere with the extracted files, replacing them with its own. This vulnerability could be used for privilege escalation if these overwritten files were later invoked by other Windows components that had higher privileges. This issue does not affect non-Windows operating systems. |
CVE-2016-2826
|
| VCID-qw5k-tgdz-vkcw | The Mozilla Windows updater can be called by a non-privileged user to delete an arbitrary local file by passing a special path to the callback parameter through the Mozilla Maintenance Service, which has privileged access. *Note: This attack requires local system access and only affects Windows. Other operating systems are not affected.* |
CVE-2017-5409
|
| VCID-r5rm-yv4h-4kc3 | Information disclosure due to uninitialized memory in Firefox and Firefox Focus for Android. This vulnerability affects Firefox < 148. |
CVE-2026-2794
|
| VCID-rakk-h5vn-kbaw | Given an installed malicious file picker application, an attacker was able to steal and upload local files of their choosing, regardless of the actually files picked. *Note: This issue only affected Firefox for Android. Other operating systems are unaffected.* |
CVE-2020-15649
|
| VCID-rpu7-by29-4fc5 | Under certain circumstances, navigating to a webpage would result in the address missing from the location URL bar, making it unclear what the URL was for the loaded webpage. |
CVE-2024-53976
|
| VCID-rr5w-77jr-uygh | During startup, a graphics driver with an unexpected name could lead to a stack-buffer overflow causing a potentially exploitable crash.*This issue only affects Firefox for Android. Other operating systems are not affected.* |
CVE-2022-40961
|
| VCID-rsy6-acfe-ffb5 | The constructed curl command from the "Copy as curl" feature in DevTools was not properly escaped for PowerShell. This could have lead to command injection if pasted into a Powershell prompt.*This bug only affects Firefox for Windows. Other operating systems are unaffected.* |
CVE-2022-22744
|
| VCID-rwu8-zz41-1kav | Weak proxy objects have weak references on multiple threads when they should only have them on one, resulting in incorrect memory usage and corruption, which leads to potentially exploitable crashes. *Note: This issue only affects Firefox for Android. Other operating systems are not affected.* |
CVE-2017-5392
|
| VCID-s3kc-mhdz-nkeh | Multiple vulnerabilities have been discovered in Mozilla Thunderbird, the worst of which could result in arbitrary code execution. |
CVE-2023-25743
|
| VCID-s7rc-xagh-w3av | Multiple vulnerabilities have been discovered in Mozilla Firefox, the worst of which could result in arbitrary code execution. |
CVE-2023-28159
|
| VCID-s9ss-vz54-j3ha | Address bar search suggestions in private browsing mode were re-using session data from normal mode. *This bug only affects Firefox for Android. Other operating systems are unaffected.* |
CVE-2021-29963
|
| VCID-sbyn-4c25-h7gz | Firefox for Android would become unstable and hard-to-recover when a website opened too many popups. *This bug only affects Firefox for Android. Other operating systems are unaffected.* |
CVE-2021-29962
|
| VCID-scws-6fhd-3fg7 | Spoofing issue in the WebAuthn component in Firefox for Android. This vulnerability affects Firefox < 143 and Thunderbird < 143. |
CVE-2025-10530
|
| VCID-sjy7-cp3x-nfh2 | Multiple vulnerabilities have been found in Mozilla Firefox, the worst of which may allow execution of arbitrary code. |
CVE-2018-12368
|
| VCID-snbc-j4e3-uff1 | Multiple vulnerabilities have been discovered in Mozilla Thunderbird, the worst of which could lead to remote code execution. |
CVE-2023-4582
|
| VCID-srf6-8n4s-uyb6 | The Mozilla Maintenance Service can be invoked by an unprivileged user to overwrite arbitrary files with junk data using the Mozilla Windows Updater, which runs with the Maintenance Service's privileged access. *Note: This attack requires local system access and only affects Windows. Other operating systems are not affected.* |
CVE-2017-7767
|
| VCID-stk9-md62-w7b6 | Information disclosure, mitigation bypass in the Privacy component in Firefox for Android. This vulnerability affects Firefox < 143. |
CVE-2025-10535
|
| VCID-suv6-qrt5-wugc | On Android systems, Firefox can load a library from APITRACE_LIB, which is writable by all users and applications. This could allow malicious third party applications to execute a man-in-the-middle attack if a malicious code was written to that location and loaded. *Note: This issue only affects Android. Other operating systems are unaffected.* |
CVE-2019-9798
|
| VCID-sx7g-4pjb-r7ac | If Firefox was installed to a world-writable directory, a local privilege escalation could occur when Firefox searched the current directory for system libraries. However the install directory is not world-writable by default.*This bug only affects Firefox for Windows in a non-default installation. Other operating systems are unaffected.* |
CVE-2022-22736
|
| VCID-szte-x7pv-7ydn | By generally accepting and passing resource handles across processes, a compromised content process might have confused higher privileged processes to interact with handles that the unprivileged process should not have access to.*This bug only affects Firefox for Windows and MacOS. Other operating systems are unaffected.* |
CVE-2022-22750
|
| VCID-t1h9-93b5-73b9 | Malicious sites can display a spoofed location bar on a subsequently loaded page when the existing location bar on the new page is scrolled out of view if navigations between pages can be timed correctly. *Note: This issue only affects Firefox for Android. Other operating systems are not affected.* |
CVE-2017-5395
|
| VCID-t52g-d7e2-zkd4 | By attempting to connect a website using an unresponsive port, an attacker could have controlled the content of a tab while the URL bar displayed the original domain. *Note: This issue only affects Firefox for Android. Other operating systems are unaffected.* |
CVE-2020-26977
|
| VCID-t769-2t1u-57b6 | Microsoft introduced a new feature in Windows 10 known as Cloud Clipboard which, if enabled, will record data copied to the clipboard to the cloud, and make it available on other computers in certain scenarios. Applications that wish to prevent copied data from being recorded in Cloud History must use specific clipboard formats; and Firefox before versions 94 and ESR 91.3 did not implement them. This could have caused sensitive data to be recorded to a user's Microsoft account.*This bug only affects Firefox for Windows 10+ with Cloud Clipboard enabled. Other operating systems are unaffected.* |
CVE-2021-38505
|
| VCID-t8mb-cdc3-6ydq | Due to large allocation checks in Angle for GLSL shaders being too lenient an out-of-bounds access could occur when allocating more than 8192 ints in private shader memory on mac OS. |
CVE-2024-6600
|
| VCID-tfny-yt17-mffx | Multiple vulnerabilities have been discovered in Mozilla Thunderbird, the worst of which could lead to remote code execution. |
CVE-2023-4054
|
| VCID-tjp3-ck7p-5qg3 | An attacker could have leveraged the Windows Error Reporter to run arbitrary code on the system escaping the sandbox. *Note:* This issue only affected Windows operating systems. Other operating systems are unaffected. |
CVE-2024-2605
|
| VCID-tnxh-tgsm-tuex | A race condition could have allowed bypassing the fullscreen notification which could have lead to a fullscreen window spoof being unnoticed.*This bug only affects Firefox for Windows. Other operating systems are unaffected.* |
CVE-2022-22746
|
| VCID-tqw3-3sw6-zqd3 | When the Windows DLL "webauthn.dll" was missing from the Operating System, and a malicious one was placed in a folder in the user's %PATH%, Firefox may have loaded the DLL, leading to arbitrary code execution. *Note: This issue only affects the Windows operating system; other operating systems are unaffected.* |
CVE-2020-12423
|
| VCID-tsw2-ujgt-t7g2 | Multiple vulnerabilities have been discovered in Mozilla Firefox, the worst of which could result in arbitrary code execution. |
CVE-2024-0752
|
| VCID-tuk6-1zg4-aqeb | Malicious sites can display a spoofed addressbar on a page when the existing location bar on the new page is scrolled out of view if an HTML editable page element is user selected. *Note: This attack only affects Firefox for Android. Other operating systems are not affected.* |
CVE-2017-5452
|
| VCID-tyzw-dhhz-yqer | Opening an external link to an HTTP website when Firefox iOS was previously closed and had an HTTPS tab open could in some cases result in the padlock icon showing an HTTPS indicator incorrectly |
CVE-2024-10004
|
| VCID-u5n5-6h82-tqhw | Multiple vulnerabilities have been discovered in Mozilla Thunderbird, the worst of which could result in arbitrary code execution. |
CVE-2023-25734
|
| VCID-ubmh-fmpu-fuff | Password autofill was enabled without user interaction on insecure websites on Firefox for Android. This was corrected to require user interaction with the page before a user's password would be entered by the browser's autofill functionality.*This bug only affects Firefox for Android. Other operating systems are unaffected.* |
CVE-2021-29973
|
| VCID-umhx-zswu-kkbt | Multiple vulnerabilities have been found in Mozilla Firefox and Thunderbird the worst of which could lead to the execution of arbitrary code. |
CVE-2016-5293
|
| VCID-umpr-e6yd-nqcd | A previously installed malicious Android application with same signature-level permissions as Firefox can intercept AuthTokens meant for Firefox only. *Note: This issue only affects Firefox for Android. Other versions and operating systems are unaffected.* |
CVE-2016-5299
|
| VCID-up2q-hqdu-u3a7 | Different techniques existed to obscure the fullscreen notification in Firefox and Focus for Android. These could have led to potential user confusion and spoofing attacks.*This bug only affects Firefox and Focus for Android. Other versions of Firefox are unaffected.* |
CVE-2023-29534
|
| VCID-urpr-qse2-7kcf | Searching for a single word from the address bar caused an mDNS request to be sent on the local network searching for a hostname consisting of that string; resulting in an information leak.*Note: This issue only affected Windows operating systems. Other operating systems are unaffected.* |
CVE-2020-26966
|
| VCID-usy5-jp7x-f7cv | Heap buffer overflow in the Audio/Video: Playback component in Firefox for Android. This vulnerability affects Firefox < 148.0.2. |
CVE-2026-3845
|
| VCID-uuc6-a3xx-6khk | Firefox will accept any registered Program ID as an external protocol handler and offer to launch this local application when given a matching URL on Windows operating systems. This should only happen if the program has specifically registered itself as a "URL Handler" in the Windows registry. *Note: This issue only affects Windows operating systems. Other operating systems are unaffected.* |
CVE-2019-9801
|
| VCID-uwae-2tu5-syb5 | A specially crafted filename containing a large number of encoded newline characters could obscure the file's extension when displayed in the download dialog.*This bug only affects Thunderbird for Android. Other versions of Thunderbird are unaffected.* |
CVE-2025-4086
|
| VCID-v5s1-ev2g-4ue1 | When a user scans a QR Code with the QR Code Scanner feature, the user is not prompted before being navigated to the page specified in the code. This may surprise the user and potentially direct them to unwanted content. |
CVE-2024-0953
|
| VCID-v9ua-1tey-cyaa | Multiple vulnerabilities have been discovered in Mozilla Thunderbird, the worst of which could result in arbitrary code execution. |
CVE-2022-46875
|
| VCID-vpku-cgw2-gubt | Firefox Android allowed immediate interaction with permission prompts. This could be used for tapjacking. |
CVE-2024-6605
|
| VCID-vrps-vpn4-nkbf | A hyperlink using the res: protocol can be used to open local files at a known location in Internet Explorer if a user approves execution when prompted. *Note: this issue only occurs on Windows. Other operating systems are unaffected.* |
CVE-2019-11700
|
| VCID-vsyy-wtk7-cbbt | Firefox for Android could get stuck in fullscreen mode and not exit it even after normal interactions that should cause it to exit. *Note: This issue only affected Firefox for Android. Other operating systems are unaffected.* |
CVE-2021-29983
|
| VCID-vun4-z8ju-gbbc | If Firefox is installed to a user-writable directory, the Mozilla Maintenance Service would execute updater.exe from the install location with administrative privileges. Although the Mozilla Maintenance Service does ensure that updater.exe is signed by Mozilla, the version could have been rolled back to a previous version which would have allowed exploitation of an older bug and arbitrary code execution with system privileges.*Note: This issue only affected Windows operating systems. Other operating systems are unaffected.* |
CVE-2020-15663
|
| VCID-vw4n-4r41-ukbp | Multiple vulnerabilities have been discovered in Mozilla Thunderbird, the worst of which could lead to remote code execution. |
CVE-2023-5727
|
| VCID-vy64-w5qh-duhp | Multiple vulnerabilities have been found in Mozilla Firefox, the worst of which could result in the arbitrary execution of code. |
CVE-2022-22762
|
| VCID-vzg5-b77s-g3ft | Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could result in the arbitrary execution of code. |
CVE-2022-34478
|
| VCID-vzkp-7dsz-kbee | Multiple vulnerabilities have been found in Mozilla Firefox and Thunderbird the worst of which could lead to the execution of arbitrary code. |
CVE-2016-2810
|
| VCID-w74w-gxyf-4kg3 | When a download was initiated, the client did not check whether it was in normal or private browsing mode, which led to private mode cookies being shared in normal browsing mode. |
CVE-2021-29958
|
| VCID-wa6g-22qn-j3g2 | In the address bar, Firefox for Android truncated the display of URLs from the end instead of prioritizing the origin. |
CVE-2025-8041
|
| VCID-waz9-711c-u3a6 | Opening Javascript links in a new tab via long-press in the Firefox iOS client could result in a malicious script spoofing the URL of the new tab. |
CVE-2025-23108
|
| VCID-wfkr-weku-fudt | Logging-related command line parameters are not properly sanitized when Firefox is launched by another program, such as when a user clicks on malicious links in a chat application. This can be used to write a log file to an arbitrary location such as the Windows 'Startup' folder. *Note: this issue only affects Firefox on Windows operating systems.* |
CVE-2019-11751
|
| VCID-wfqy-u76t-ybgb | Following the recent Chrome sandbox escape (CVE-2025-2783), various Firefox developers identified a similar pattern in our IPC code. A compromised child process could cause the parent process to return an unintentionally powerful handle, leading to a sandbox escape. The original vulnerability was being exploited in the wild. *This only affects Firefox on Windows. Other operating systems are unaffected.* |
CVE-2025-2857
|
| VCID-wk26-kc1d-9qcy | Firefox could be made to load attacker-supplied DLL files from the installation directory. This required an attacker that is already capable of placing files in the installation directory. *Note: This issue only affected Windows operating systems. Other operating systems are unaffected.* |
CVE-2020-15657
|
| VCID-wxt9-u43n-2qhs | When accepting a malicious intent from other installed apps, Firefox for Android accepted manifests from arbitrary file paths and allowed declaring webapp manifests for other origins. This could be used to gain fullscreen access for UI spoofing and could also lead to cross-origin attacks on targeted websites.*Note: This issue only affected Firefox for Android. Other operating systems are unaffected.* |
CVE-2020-26954
|
| VCID-wxx1-uk1t-8khg | When a URL was provided in a link querystring parameter, Firefox for Android would follow that URL instead of the correct URL, potentially leading to phishing attacks.*This bug only affects Firefox for Android. Other versions of Firefox are unaffected.* |
CVE-2025-6428
|
| VCID-wzxk-316c-xqcg | When downloading files on Windows, the % character was not escaped, which could have lead to a download incorrectly being saved to attacker-influenced paths that used variables such as %HOMEPATH% or %APPDATA%.*This bug only affects Firefox for Windows. Other operating systems are unaffected.* |
CVE-2022-31739
|
| VCID-x4v4-7y4q-mfbs | Multiple vulnerabilities have been found in Mozilla Firefox, the worst of which could lead to remote code execution. |
CVE-2023-6868
|
| VCID-x4zd-xhwx-hqg3 | A rogue webpage could override the injected WKUserScript used by the logins autofill, this exploit could result in leaking a password for the current domain. |
CVE-2020-15661
|
| VCID-x6h2-249d-nugj | In certain scenarios a malicious website could attempt to display a fake location URL bar which could mislead users as to the actual website address |
CVE-2024-38313
|
| VCID-xa7t-851a-efey | Multiple vulnerabilities have been found in Mozilla Firefox, the worst of which could result in the arbitrary execution of code. |
CVE-2022-22758
|
| VCID-xmnb-bf3j-hkgp | A location bar spoofing attack where the location bar of loaded page will be shown over the content of another tab due to a series of JavaScript events combined with fullscreen mode. *Note: This issue only affects Firefox for Android. Other operating systems are not affected.* |
CVE-2017-5394
|
| VCID-xxhb-q6ax-bbga | The permission request prompt from the site in the background tab was overlaid on top of the site in the foreground tab. |
CVE-2023-37455
|
| VCID-y7rn-wb1d-vbdg | The "Mark of the Web" was not correctly saved on Windows when files with very long names were downloaded from the Internet. Without the Mark of the Web data, the security warning that Windows displays before running executables downloaded from the Internet is not shown. *Note: This attack only affects Windows operating systems. Other operating systems are unaffected.* |
CVE-2017-7765
|
| VCID-yfmg-82tr-gfec | The executable file warning was not presented when downloading .inetloc files, which, due to a flaw in Mac OS, can run commands on a user's computer.*Note: This issue only affected Mac OS operating systems. Other operating systems are unaffected.* |
CVE-2021-38510
|
| VCID-yust-3g8v-muas | The executable file warning was not presented when downloading .xrm-ms files. *Note: This issue only affected Windows operating systems. Other operating systems are unaffected.* |
CVE-2024-3863
|
| VCID-z86r-71n4-p7aj | Multiple vulnerabilities have been found in Mozilla Firefox and Thunderbird the worst of which could lead to the execution of arbitrary code. |
CVE-2016-5267
|
| VCID-zb8g-djya-63hr | Spoofing issue in the WebAuthn component in Firefox for Android. This vulnerability affects Firefox < 148 and Thunderbird < 148. |
CVE-2026-2800
|
| VCID-zdbt-zhtq-xfhj | Insufficient escaping in the “Copy as cURL” feature could have been used to trick a user into executing unexpected code on Windows. This did not affect Firefox running on other operating systems. |
CVE-2025-11713
|
| VCID-zgdf-pv3w-vqeb | A unicode RTL order character in the downloaded file name can be used to change the file's name during the download UI flow to change the file extension. |
CVE-2020-15651
|
| VCID-zjn8-79ab-tqd3 | Multiple vulnerabilities have been discovered in Mozilla Thunderbird, the worst of which could lead to remote code execution. |
CVE-2023-5726
|
| VCID-zkss-5b75-e3c2 | Cookie storage for non-HTML temporary documents was being shared incorrectly with normal browsing content, allowing information from private tabs to escape Incognito mode even after the user closed all tabs |
CVE-2025-10859
|
| VCID-zv7m-qhq6-v3aw | On Windows systems, if non-null-terminated strings are copied into the crash reporter for some specific registry keys, stack memory data can be copied until a null is found. This can potentially contain private data from the local system. *Note: This attack only affects Windows operating systems. Other operating systems are not affected.* |
CVE-2017-7790
|
| VCID-zvtk-5z63-k3dt | Internal URLs are protected by a secret UUID key, which could have been leaked to web page through the Referrer header. |
CVE-2022-31746
|
| VCID-zycf-ufab-8yfb | The Firefox installer allows Firefox to be installed to a custom user writable location, leaving it unprotected from manipulation by unprivileged users or malware. If the Mozilla Maintenance Service is manipulated to update this unprotected location and the updated maintenance service in the unprotected location has been altered, the altered maintenance service can run with elevated privileges during the update process due to a lack of integrity checks. This allows for privilege escalation if the executable has been replaced locally. *Note: This attack requires local system access and only affects Windows. Other operating systems are not affected.* |
CVE-2019-11753
|