Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Mozilla Subscribe
Filtered by product Firefox
Total 2387 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2021-29945 1 Mozilla 3 Firefox, Firefox Esr, Thunderbird 2021-06-30 4.3 MEDIUM 6.5 MEDIUM
The WebAssembly JIT could miscalculate the size of a return type, which could lead to a null read and result in a crash. *Note: This issue only affected x86-32 platforms. Other platforms are unaffected.*. This vulnerability affects Firefox ESR < 78.10, Thunderbird < 78.10, and Firefox < 88.
CVE-2021-29953 1 Mozilla 1 Firefox 2021-06-30 4.3 MEDIUM 6.1 MEDIUM
A malicious webpage could have forced a Firefox for Android user into executing attacker-controlled JavaScript in the context of another domain, resulting in a Universal Cross-Site Scripting vulnerability. *Note: This issue only affected Firefox for Android. Other operating systems are unaffected. Further details are being temporarily withheld to allow users an opportunity to update.*. This vulnerability affects Firefox < 88.0.1 and Firefox for Android < 88.1.3.
CVE-2021-29955 1 Mozilla 2 Firefox, Firefox Esr 2021-06-30 2.6 LOW 5.3 MEDIUM
A transient execution vulnerability, named Floating Point Value Injection (FPVI) allowed an attacker to leak arbitrary memory addresses and may have also enabled JIT type confusion attacks. (A related vulnerability, Speculative Code Store Bypass (SCSB), did not affect Firefox.). This vulnerability affects Firefox ESR < 78.9 and Firefox < 87.
CVE-2021-29952 1 Mozilla 1 Firefox 2021-06-25 5.1 MEDIUM 7.5 HIGH
When Web Render components were destructed, a race condition could have caused undefined behavior, and we presume that with enough effort may have been exploitable to run arbitrary code. This vulnerability affects Firefox < 88.0.1 and Firefox for Android < 88.1.3.
CVE-2021-29946 1 Mozilla 3 Firefox, Firefox Esr, Thunderbird 2021-06-25 6.8 MEDIUM 8.8 HIGH
Ports that were written as an integer overflow above the bounds of a 16-bit integer could have bypassed port blocking restrictions when used in the Alt-Svc header. This vulnerability affects Firefox ESR < 78.10, Thunderbird < 78.10, and Firefox < 88.
CVE-2021-29968 2 Microsoft, Mozilla 2 Windows, Firefox 2021-06-25 5.8 MEDIUM 8.1 HIGH
When drawing text onto a canvas with WebRender disabled, an out of bounds read could occur. *This bug only affects Firefox on Windows. Other operating systems are unaffected.*. This vulnerability affects Firefox < 89.0.1.
CVE-2021-29962 1 Mozilla 1 Firefox 2021-06-25 4.3 MEDIUM 4.3 MEDIUM
Firefox for Android would become unstable and hard-to-recover when a website opened too many popups. *This bug only affects Firefox for Android. Other operating systems are unaffected.*. This vulnerability affects Firefox < 89.
CVE-2011-3656 1 Mozilla 1 Firefox 2021-06-10 4.3 MEDIUM 6.1 MEDIUM
Cross-site scripting (XSS) vulnerability in Mozilla Firefox before 3.6.24 and 4.x through 7 allows remote attackers to inject arbitrary web script or HTML via vectors involving HTTP 0.9 errors, non-default ports, and content-sniffing.
CVE-2007-5967 1 Mozilla 1 Firefox 2021-05-26 4.3 MEDIUM 6.5 MEDIUM
A flaw in Mozilla's embedded certificate code might allow web sites to install root certificates on devices without user approval.
CVE-2019-17026 1 Mozilla 3 Firefox, Firefox Esr, Thunderbird 2021-05-13 6.8 MEDIUM 8.8 HIGH
Incorrect alias information in IonMonkey JIT compiler for setting array elements could lead to a type confusion. We are aware of targeted attacks in the wild abusing this flaw. This vulnerability affects Firefox ESR < 68.4.1, Thunderbird < 68.4.1, and Firefox < 72.0.1.
CVE-2021-20628 2 Cybozu, Mozilla 2 Office, Firefox 2021-03-23 4.3 MEDIUM 6.1 MEDIUM
Cross-site scripting vulnerability in Address Book of Cybozu Office 10.0.0 to 10.8.4 allows remote attackers to inject an arbitrary script via unspecified vectors. Note that this vulnerability occurs only when using Mozilla Firefox.
CVE-2014-1520 3 Fedoraproject, Microsoft, Mozilla 4 Fedora, Windows, Firefox and 1 more 2021-03-17 6.9 MEDIUM N/A
maintenservice_installer.exe in the Maintenance Service Installer in Mozilla Firefox before 29.0 and Firefox ESR 24.x before 24.5 on Windows allows local users to gain privileges by placing a Trojan horse DLL file into a temporary directory at an unspecified point in the update process.
CVE-2013-0800 5 Canonical, Debian, Mozilla and 2 more 11 Ubuntu Linux, Debian Linux, Firefox and 8 more 2021-03-11 6.8 MEDIUM N/A
Integer signedness error in the pixman_fill_sse2 function in pixman-sse2.c in Pixman, as distributed with Cairo and used in Mozilla Firefox before 20.0, Firefox ESR 17.x before 17.0.5, Thunderbird before 17.0.5, Thunderbird ESR 17.x before 17.0.5, SeaMonkey before 2.17, and other products, allows remote attackers to execute arbitrary code via crafted values that trigger attempted use of a (1) negative box boundary or (2) negative box size, leading to an out-of-bounds write operation.
CVE-2021-23953 1 Mozilla 3 Firefox, Firefox Esr, Thunderbird 2021-03-03 4.3 MEDIUM 4.3 MEDIUM
If a user clicked into a specifically crafted PDF, the PDF reader could be confused into leaking cross-origin information, when said information is served as chunked data. This vulnerability affects Firefox < 85, Thunderbird < 78.7, and Firefox ESR < 78.7.
CVE-2021-23954 1 Mozilla 3 Firefox, Firefox Esr, Thunderbird 2021-03-03 6.8 MEDIUM 8.8 HIGH
Using the new logical assignment operators in a JavaScript switch statement could have caused a type confusion, leading to a memory corruption and a potentially exploitable crash. This vulnerability affects Firefox < 85, Thunderbird < 78.7, and Firefox ESR < 78.7.
CVE-2021-23960 1 Mozilla 3 Firefox, Firefox Esr, Thunderbird 2021-03-03 6.8 MEDIUM 8.8 HIGH
Performing garbage collection on re-declared JavaScript variables resulted in a user-after-poison, and a potentially exploitable crash. This vulnerability affects Firefox < 85, Thunderbird < 78.7, and Firefox ESR < 78.7.
CVE-2021-23962 1 Mozilla 1 Firefox 2021-03-03 6.8 MEDIUM 8.8 HIGH
Incorrect use of the '<RowCountChanged>' method could have led to a user-after-poison and a potentially exploitable crash. This vulnerability affects Firefox < 85.
CVE-2021-23958 1 Mozilla 1 Firefox 2021-03-03 4.3 MEDIUM 6.5 MEDIUM
The browser could have been confused into transferring a screen sharing state into another tab, which would leak unintended information. This vulnerability affects Firefox < 85.
CVE-2021-23956 1 Mozilla 1 Firefox 2021-03-03 4.3 MEDIUM 6.5 MEDIUM
An ambiguous file picker design could have confused users who intended to select and upload a single file into uploading a whole directory. This was addressed by adding a new prompt. This vulnerability affects Firefox < 85.
CVE-2021-23963 1 Mozilla 1 Firefox 2021-03-03 4.3 MEDIUM 4.3 MEDIUM
When sharing geolocation during an active WebRTC share, Firefox could have reset the webRTC sharing state in the user interface, leading to loss of control over the currently granted permission. This vulnerability affects Firefox < 85.