Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Mozilla Subscribe
Total 2782 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2019-17012 3 Canonical, Mozilla, Opensuse 5 Ubuntu Linux, Firefox, Firefox Esr and 2 more 2022-04-08 6.8 MEDIUM 8.8 HIGH
Mozilla developers reported memory safety bugs present in Firefox 70 and Firefox ESR 68.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird < 68.3, Firefox ESR < 68.3, and Firefox < 71.
CVE-2019-17011 3 Canonical, Mozilla, Opensuse 5 Ubuntu Linux, Firefox, Firefox Esr and 2 more 2022-04-08 5.1 MEDIUM 7.5 HIGH
Under certain conditions, when retrieving a document from a DocShell in the antitracking code, a race condition could cause a use-after-free condition and a potentially exploitable crash. This vulnerability affects Thunderbird < 68.3, Firefox ESR < 68.3, and Firefox < 71.
CVE-2019-17010 3 Canonical, Mozilla, Opensuse 5 Ubuntu Linux, Firefox, Firefox Esr and 2 more 2022-04-08 5.1 MEDIUM 7.5 HIGH
Under certain conditions, when checking the Resist Fingerprinting preference during device orientation checks, a race condition could have caused a use-after-free and a potentially exploitable crash. This vulnerability affects Thunderbird < 68.3, Firefox ESR < 68.3, and Firefox < 71.
CVE-2019-17005 3 Canonical, Mozilla, Opensuse 5 Ubuntu Linux, Firefox, Firefox Esr and 2 more 2022-04-08 6.8 MEDIUM 8.8 HIGH
The plain text serializer used a fixed-size array for the number of <ol> elements it could process; however it was possible to overflow the static-sized array leading to memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird < 68.3, Firefox ESR < 68.3, and Firefox < 71.
CVE-2020-26950 1 Mozilla 3 Firefox, Firefox Esr, Thunderbird 2022-04-08 9.3 HIGH 8.8 HIGH
In certain circumstances, the MCallGetProperty opcode can be emitted with unmet assumptions resulting in an exploitable use-after-free condition. This vulnerability affects Firefox < 82.0.3, Firefox ESR < 78.4.1, and Thunderbird < 78.4.2.
CVE-2019-11735 2 Mozilla, Opensuse 3 Firefox, Firefox Esr, Leap 2022-03-31 6.8 MEDIUM 8.8 HIGH
Mozilla developers and community members reported memory safety bugs present in Firefox 68 and Firefox ESR 68. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 69 and Firefox ESR < 68.1.
CVE-2019-11738 2 Mozilla, Opensuse 3 Firefox, Firefox Esr, Leap 2022-03-31 6.8 MEDIUM 6.3 MEDIUM
If a Content Security Policy (CSP) directive is defined that uses a hash-based source that takes the empty string as input, execution of any javascript: URIs will be allowed. This could allow for malicious JavaScript content to be run, bypassing CSP permissions. This vulnerability affects Firefox < 69 and Firefox ESR < 68.1.
CVE-2019-11740 3 Canonical, Mozilla, Opensuse 5 Ubuntu Linux, Firefox, Firefox Esr and 2 more 2022-03-31 6.8 MEDIUM 8.8 HIGH
Mozilla developers and community members reported memory safety bugs present in Firefox 68, Firefox ESR 68, and Firefox 60.8. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 69, Thunderbird < 68.1, Thunderbird < 60.9, Firefox ESR < 60.9, and Firefox ESR < 68.1.
CVE-2019-9792 2 Mozilla, Redhat 7 Firefox, Firefox Esr, Thunderbird and 4 more 2022-03-30 7.5 HIGH 9.8 CRITICAL
The IonMonkey just-in-time (JIT) compiler can leak an internal JS_OPTIMIZED_OUT magic value to the running script during a bailout. This magic value can then be used by JavaScript to achieve memory corruption, which results in a potentially exploitable crash. This vulnerability affects Thunderbird < 60.6, Firefox ESR < 60.6, and Firefox < 66.
CVE-2019-9791 2 Mozilla, Redhat 7 Firefox, Firefox Esr, Thunderbird and 4 more 2022-03-30 7.5 HIGH 9.8 CRITICAL
The type inference system allows the compilation of functions that can cause type confusions between arbitrary objects when compiled through the IonMonkey just-in-time (JIT) compiler and when the constructor function is entered through on-stack replacement (OSR). This allows for possible arbitrary reading and writing of objects during an exploitable crash. This vulnerability affects Thunderbird < 60.6, Firefox ESR < 60.6, and Firefox < 66.
CVE-2019-9788 2 Mozilla, Redhat 7 Firefox, Firefox Esr, Thunderbird and 4 more 2022-03-30 7.5 HIGH 9.8 CRITICAL
Mozilla developers and community members reported memory safety bugs present in Firefox 65, Firefox ESR 60.5, and Thunderbird 60.5. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 60.6, Firefox ESR < 60.6, and Firefox < 66.
CVE-2019-9810 2 Mozilla, Redhat 7 Firefox, Firefox Esr, Thunderbird and 4 more 2022-03-30 6.8 MEDIUM 8.8 HIGH
Incorrect alias information in IonMonkey JIT compiler for Array.prototype.slice method may lead to missing bounds check and a buffer overflow. This vulnerability affects Firefox < 66.0.1, Firefox ESR < 60.6.1, and Thunderbird < 60.6.1.
CVE-2021-29972 1 Mozilla 1 Firefox 2022-03-25 6.8 MEDIUM 8.8 HIGH
A use-after-free vulnerability was found via testing, and traced to an out-of-date Cairo library. Updating the library resolved the issue, and may have remediated other, unknown security vulnerabilities as well. This vulnerability affects Firefox < 90.
CVE-2021-43535 2 Debian, Mozilla 4 Debian Linux, Firefox, Firefox Esr and 1 more 2022-03-17 6.8 MEDIUM 8.8 HIGH
A use-after-free could have occured when an HTTP2 session object was released on a different thread, leading to memory corruption and a potentially exploitable crash. This vulnerability affects Firefox < 93, Thunderbird < 91.3, and Firefox ESR < 91.3.
CVE-2021-43534 2 Debian, Mozilla 4 Debian Linux, Firefox, Firefox Esr and 1 more 2022-03-17 6.8 MEDIUM 8.8 HIGH
Mozilla developers and community members reported memory safety bugs present in Firefox 93 and Firefox ESR 91.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 94, Thunderbird < 91.3, and Firefox ESR < 91.3.
CVE-2021-38500 2 Debian, Mozilla 4 Debian Linux, Firefox, Firefox Esr and 1 more 2022-03-17 6.8 MEDIUM 8.8 HIGH
Mozilla developers reported memory safety bugs present in Firefox 92 and Firefox ESR 91.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird < 78.15, Thunderbird < 91.2, Firefox ESR < 91.2, Firefox ESR < 78.15, and Firefox < 93.
CVE-2021-38496 2 Debian, Mozilla 4 Debian Linux, Firefox, Firefox Esr and 1 more 2022-03-17 6.8 MEDIUM 8.8 HIGH
During operations on MessageTasks, a task may have been removed while it was still scheduled, resulting in memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird < 78.15, Thunderbird < 91.2, Firefox ESR < 91.2, Firefox ESR < 78.15, and Firefox < 93.
CVE-2021-38491 1 Mozilla 1 Firefox 2022-03-16 4.3 MEDIUM 6.5 MEDIUM
Mixed-content checks were unable to analyze opaque origins which led to some mixed content being loaded. This vulnerability affects Firefox < 92.
CVE-2021-29987 2 Linux, Mozilla 3 Linux Kernel, Firefox, Thunderbird 2022-03-16 4.3 MEDIUM 6.5 MEDIUM
After requesting multiple permissions, and closing the first permission panel, subsequent permission panels will be displayed in a different position but still record a click in the default location, making it possible to trick a user into accepting a permission they did not want to. *This bug only affects Firefox on Linux. Other operating systems are unaffected.*. This vulnerability affects Firefox < 91 and Thunderbird < 91.
CVE-2021-29982 1 Mozilla 2 Firefox, Thunderbird 2022-03-16 4.3 MEDIUM 6.5 MEDIUM
Due to incorrect JIT optimization, we incorrectly interpreted data from the wrong type of object, resulting in the potential leak of a single bit of memory. This vulnerability affects Firefox < 91 and Thunderbird < 91.