Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Mozilla Subscribe
Total 2782 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2022-1529 2 Google, Mozilla 4 Android, Firefox, Firefox Esr and 1 more 2022-12-29 N/A 8.8 HIGH
An attacker could have sent a message to the parent process where the contents were used to double-index into a JavaScript object, leading to prototype pollution and ultimately attacker-controlled JavaScript executing in the privileged parent process. This vulnerability affects Firefox ESR < 91.9.1, Firefox < 100.0.2, Firefox for Android < 100.3.0, and Thunderbird < 91.9.1.
CVE-2022-1197 1 Mozilla 1 Thunderbird 2022-12-29 N/A 5.4 MEDIUM
When importing a revoked key that specified key compromise as the revocation reason, Thunderbird did not update the existing copy of the key that was not yet revoked, and the existing key was kept as non-revoked. Revocation statements that used another revocation reason, or that didn't specify a revocation reason, were unaffected. This vulnerability affects Thunderbird < 91.8.
CVE-2022-1520 1 Mozilla 1 Thunderbird 2022-12-29 N/A 4.3 MEDIUM
When viewing an email message A, which contains an attached message B, where B is encrypted or digitally signed or both, Thunderbird may show an incorrect encryption or signature status. After opening and viewing the attached message B, when returning to the display of message A, the message A might be shown with the security status of message B. This vulnerability affects Thunderbird < 91.9.
CVE-2022-1802 2 Google, Mozilla 4 Android, Firefox, Firefox Esr and 1 more 2022-12-29 N/A 8.8 HIGH
If an attacker was able to corrupt the methods of an Array object in JavaScript via prototype pollution, they could have achieved execution of attacker-controlled JavaScript code in a privileged context. This vulnerability affects Firefox ESR < 91.9.1, Firefox < 100.0.2, Firefox for Android < 100.3.0, and Thunderbird < 91.9.1.
CVE-2022-1834 1 Mozilla 1 Thunderbird 2022-12-29 N/A 6.5 MEDIUM
When displaying the sender of an email, and the sender name contained the Braille Pattern Blank space character multiple times, Thunderbird would have displayed all the spaces. This could have been used by an attacker to send an email message with the attacker's digital signature, that was shown with an arbitrary sender email address chosen by the attacker. If the sender name started with a false email address, followed by many Braille space characters, the attacker's email address was not visible. Because Thunderbird compared the invisible sender address with the signature's email address, if the signing key or certificate was accepted by Thunderbird, the email was shown as having a valid digital signature. This vulnerability affects Thunderbird < 91.10.
CVE-2022-22736 1 Mozilla 1 Firefox 2022-12-29 N/A 7.0 HIGH
If Firefox was installed to a world-writable directory, a local privilege escalation could occur when Firefox searched the current directory for system libraries. However the install directory is not world-writable by default.<br>*This bug only affects Firefox for Windows in a non-default installation. Other operating systems are unaffected.*. This vulnerability affects Firefox < 96.
CVE-2022-22737 1 Mozilla 3 Firefox, Firefox Esr, Thunderbird 2022-12-29 N/A 7.5 HIGH
Constructing audio sinks could have lead to a race condition when playing audio files and closing windows. This could have lead to a use-after-free causing a potentially exploitable crash. This vulnerability affects Firefox ESR < 91.5, Firefox < 96, and Thunderbird < 91.5.
CVE-2022-22738 1 Mozilla 3 Firefox, Firefox Esr, Thunderbird 2022-12-29 N/A 8.8 HIGH
Applying a CSS filter effect could have accessed out of bounds memory. This could have lead to a heap-buffer-overflow causing a potentially exploitable crash. This vulnerability affects Firefox ESR < 91.5, Firefox < 96, and Thunderbird < 91.5.
CVE-2022-22739 1 Mozilla 3 Firefox, Firefox Esr, Thunderbird 2022-12-29 N/A 6.5 MEDIUM
Malicious websites could have tricked users into accepting launching a program to handle an external URL protocol. This vulnerability affects Firefox ESR < 91.5, Firefox < 96, and Thunderbird < 91.5.
CVE-2022-22740 1 Mozilla 3 Firefox, Firefox Esr, Thunderbird 2022-12-29 N/A 8.8 HIGH
Certain network request objects were freed too early when releasing a network request handle. This could have lead to a use-after-free causing a potentially exploitable crash. This vulnerability affects Firefox ESR < 91.5, Firefox < 96, and Thunderbird < 91.5.
CVE-2022-1887 2 Apple, Mozilla 2 Iphone Os, Firefox 2022-12-23 N/A 9.8 CRITICAL
The search term could have been specified externally to trigger SQL injection. This vulnerability affects Firefox for iOS < 101.
CVE-2021-4221 2 Google, Mozilla 2 Android, Firefox 2022-12-23 N/A 4.3 MEDIUM
If a domain name contained a RTL character, it would cause the domain to be rendered to the right of the path. This could lead to user confusion and spoofing attacks. <br>*This bug only affects Firefox for Android. Other operating systems are unaffected.*<br>*Note*: Due to a clerical error this advisory was not included in the original announcement, and was added in Feburary 2022. This vulnerability affects Firefox < 92.
CVE-2013-1620 4 Canonical, Mozilla, Oracle and 1 more 15 Ubuntu Linux, Network Security Services, Enterprise Manager Ops Center and 12 more 2022-12-21 4.3 MEDIUM N/A
The TLS implementation in Mozilla Network Security Services (NSS) does not properly consider timing side-channel attacks on a noncompliant MAC check operation during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, a related issue to CVE-2013-0169.
CVE-2013-0791 4 Canonical, Mozilla, Oracle and 1 more 13 Ubuntu Linux, Firefox, Firefox Esr and 10 more 2022-12-21 5.0 MEDIUM N/A
The CERT_DecodeCertPackage function in Mozilla Network Security Services (NSS), as used in Mozilla Firefox before 20.0, Firefox ESR 17.x before 17.0.5, Thunderbird before 17.0.5, Thunderbird ESR 17.x before 17.0.5, SeaMonkey before 2.17, and other products, allows remote attackers to cause a denial of service (out-of-bounds read and memory corruption) via a crafted certificate.
CVE-2021-43546 2 Debian, Mozilla 4 Debian Linux, Firefox, Firefox Esr and 1 more 2022-12-09 4.3 MEDIUM 4.3 MEDIUM
It was possible to recreate previous cursor spoofing attacks against users with a zoomed native cursor. This vulnerability affects Thunderbird < 91.4.0, Firefox ESR < 91.4.0, and Firefox < 95.
CVE-2021-38495 1 Mozilla 2 Firefox Esr, Thunderbird 2022-12-09 6.8 MEDIUM 8.8 HIGH
Mozilla developers reported memory safety bugs present in Thunderbird 78.13.0. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird < 91.1 and Firefox ESR < 91.1.
CVE-2021-38493 1 Mozilla 3 Firefox, Firefox Esr, Thunderbird 2022-12-09 6.8 MEDIUM 8.8 HIGH
Mozilla developers reported memory safety bugs present in Firefox 91 and Firefox ESR 78.13. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR < 78.14, Thunderbird < 78.14, and Firefox < 92.
CVE-2021-38492 2 Microsoft, Mozilla 4 Windows, Firefox, Firefox Esr and 1 more 2022-12-09 4.3 MEDIUM 6.5 MEDIUM
When delegating navigations to the operating system, Firefox would accept the `mk` scheme which might allow attackers to launch pages and execute scripts in Internet Explorer in unprivileged mode. *This bug only affects Firefox for Windows. Other operating systems are unaffected.*. This vulnerability affects Firefox < 92, Thunderbird < 91.1, Thunderbird < 78.14, Firefox ESR < 78.14, and Firefox ESR < 91.1.
CVE-2021-29989 1 Mozilla 3 Firefox, Firefox Esr, Thunderbird 2022-12-09 6.8 MEDIUM 8.8 HIGH
Mozilla developers reported memory safety bugs present in Firefox 90 and Firefox ESR 78.12. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird < 78.13, Firefox ESR < 78.13, and Firefox < 91.
CVE-2021-29986 2 Linux, Mozilla 4 Linux Kernel, Firefox, Firefox Esr and 1 more 2022-12-09 6.8 MEDIUM 8.1 HIGH
A suspected race condition when calling getaddrinfo led to memory corruption and a potentially exploitable crash. *Note: This issue only affected Linux operating systems. Other operating systems are unaffected.* This vulnerability affects Thunderbird < 78.13, Thunderbird < 91, Firefox ESR < 78.13, and Firefox < 91.