Total
2387 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-22737 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2022-12-29 | N/A | 7.5 HIGH |
| Constructing audio sinks could have lead to a race condition when playing audio files and closing windows. This could have lead to a use-after-free causing a potentially exploitable crash. This vulnerability affects Firefox ESR < 91.5, Firefox < 96, and Thunderbird < 91.5. | |||||
| CVE-2022-22738 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2022-12-29 | N/A | 8.8 HIGH |
| Applying a CSS filter effect could have accessed out of bounds memory. This could have lead to a heap-buffer-overflow causing a potentially exploitable crash. This vulnerability affects Firefox ESR < 91.5, Firefox < 96, and Thunderbird < 91.5. | |||||
| CVE-2022-22739 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2022-12-29 | N/A | 6.5 MEDIUM |
| Malicious websites could have tricked users into accepting launching a program to handle an external URL protocol. This vulnerability affects Firefox ESR < 91.5, Firefox < 96, and Thunderbird < 91.5. | |||||
| CVE-2022-22740 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2022-12-29 | N/A | 8.8 HIGH |
| Certain network request objects were freed too early when releasing a network request handle. This could have lead to a use-after-free causing a potentially exploitable crash. This vulnerability affects Firefox ESR < 91.5, Firefox < 96, and Thunderbird < 91.5. | |||||
| CVE-2022-1887 | 2 Apple, Mozilla | 2 Iphone Os, Firefox | 2022-12-23 | N/A | 9.8 CRITICAL |
| The search term could have been specified externally to trigger SQL injection. This vulnerability affects Firefox for iOS < 101. | |||||
| CVE-2021-4221 | 2 Google, Mozilla | 2 Android, Firefox | 2022-12-23 | N/A | 4.3 MEDIUM |
| If a domain name contained a RTL character, it would cause the domain to be rendered to the right of the path. This could lead to user confusion and spoofing attacks. <br>*This bug only affects Firefox for Android. Other operating systems are unaffected.*<br>*Note*: Due to a clerical error this advisory was not included in the original announcement, and was added in Feburary 2022. This vulnerability affects Firefox < 92. | |||||
| CVE-2013-0791 | 4 Canonical, Mozilla, Oracle and 1 more | 13 Ubuntu Linux, Firefox, Firefox Esr and 10 more | 2022-12-21 | 5.0 MEDIUM | N/A |
| The CERT_DecodeCertPackage function in Mozilla Network Security Services (NSS), as used in Mozilla Firefox before 20.0, Firefox ESR 17.x before 17.0.5, Thunderbird before 17.0.5, Thunderbird ESR 17.x before 17.0.5, SeaMonkey before 2.17, and other products, allows remote attackers to cause a denial of service (out-of-bounds read and memory corruption) via a crafted certificate. | |||||
| CVE-2021-43546 | 2 Debian, Mozilla | 4 Debian Linux, Firefox, Firefox Esr and 1 more | 2022-12-09 | 4.3 MEDIUM | 4.3 MEDIUM |
| It was possible to recreate previous cursor spoofing attacks against users with a zoomed native cursor. This vulnerability affects Thunderbird < 91.4.0, Firefox ESR < 91.4.0, and Firefox < 95. | |||||
| CVE-2021-38493 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2022-12-09 | 6.8 MEDIUM | 8.8 HIGH |
| Mozilla developers reported memory safety bugs present in Firefox 91 and Firefox ESR 78.13. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR < 78.14, Thunderbird < 78.14, and Firefox < 92. | |||||
| CVE-2021-38492 | 2 Microsoft, Mozilla | 4 Windows, Firefox, Firefox Esr and 1 more | 2022-12-09 | 4.3 MEDIUM | 6.5 MEDIUM |
| When delegating navigations to the operating system, Firefox would accept the `mk` scheme which might allow attackers to launch pages and execute scripts in Internet Explorer in unprivileged mode. *This bug only affects Firefox for Windows. Other operating systems are unaffected.*. This vulnerability affects Firefox < 92, Thunderbird < 91.1, Thunderbird < 78.14, Firefox ESR < 78.14, and Firefox ESR < 91.1. | |||||
| CVE-2021-29989 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2022-12-09 | 6.8 MEDIUM | 8.8 HIGH |
| Mozilla developers reported memory safety bugs present in Firefox 90 and Firefox ESR 78.12. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird < 78.13, Firefox ESR < 78.13, and Firefox < 91. | |||||
| CVE-2021-29986 | 2 Linux, Mozilla | 4 Linux Kernel, Firefox, Firefox Esr and 1 more | 2022-12-09 | 6.8 MEDIUM | 8.1 HIGH |
| A suspected race condition when calling getaddrinfo led to memory corruption and a potentially exploitable crash. *Note: This issue only affected Linux operating systems. Other operating systems are unaffected.* This vulnerability affects Thunderbird < 78.13, Thunderbird < 91, Firefox ESR < 78.13, and Firefox < 91. | |||||
| CVE-2021-29988 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2022-12-09 | 6.8 MEDIUM | 8.8 HIGH |
| Firefox incorrectly treated an inline list-item element as a block element, resulting in an out of bounds read or memory corruption, and a potentially exploitable crash. This vulnerability affects Thunderbird < 78.13, Thunderbird < 91, Firefox ESR < 78.13, and Firefox < 91. | |||||
| CVE-2021-29985 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2022-12-09 | 6.8 MEDIUM | 8.8 HIGH |
| A use-after-free vulnerability in media channels could have led to memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird < 78.13, Thunderbird < 91, Firefox ESR < 78.13, and Firefox < 91. | |||||
| CVE-2021-29984 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2022-12-09 | 6.8 MEDIUM | 8.8 HIGH |
| Instruction reordering resulted in a sequence of instructions that would cause an object to be incorrectly considered during garbage collection. This led to memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird < 78.13, Thunderbird < 91, Firefox ESR < 78.13, and Firefox < 91. | |||||
| CVE-2021-29980 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2022-12-09 | 6.8 MEDIUM | 8.8 HIGH |
| Uninitialized memory in a canvas object could have caused an incorrect free() leading to memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird < 78.13, Thunderbird < 91, Firefox ESR < 78.13, and Firefox < 91. | |||||
| CVE-2021-29976 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2022-12-09 | 6.8 MEDIUM | 8.8 HIGH |
| Mozilla developers reported memory safety bugs present in code shared between Firefox and Thunderbird. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird < 78.12, Firefox ESR < 78.12, and Firefox < 90. | |||||
| CVE-2021-29970 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2022-12-09 | 5.1 MEDIUM | 8.8 HIGH |
| A malicious webpage could have triggered a use-after-free, memory corruption, and a potentially exploitable crash. *This bug could only be triggered when accessibility was enabled.*. This vulnerability affects Thunderbird < 78.12, Firefox ESR < 78.12, and Firefox < 90. | |||||
| CVE-2021-29967 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2022-12-09 | 6.8 MEDIUM | 8.8 HIGH |
| Mozilla developers reported memory safety bugs present in Firefox 88 and Firefox ESR 78.11. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird < 78.11, Firefox < 89, and Firefox ESR < 78.11. | |||||
| CVE-2021-30547 | 4 Debian, Fedoraproject, Google and 1 more | 4 Debian Linux, Fedora, Chrome and 1 more | 2022-12-09 | 6.8 MEDIUM | 8.8 HIGH |
| Out of bounds write in ANGLE in Google Chrome prior to 91.0.4472.101 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. | |||||