Filtered by vendor Mozilla
Subscriptions
Filtered by product Firefox
Subscriptions
Total
2584 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-23971 | 1 Mozilla | 1 Firefox | 2022-05-27 | 6.5 Medium |
| When processing a redirect with a conflicting Referrer-Policy, Firefox would have adopted the redirect's Referrer-Policy. This would have potentially resulted in more information than intended by the original origin being provided to the destination of the redirect. This vulnerability affects Firefox < 86. | ||||
| CVE-2021-23970 | 1 Mozilla | 1 Firefox | 2022-05-27 | 6.5 Medium |
| Context-specific code was included in a shared jump table; resulting in assertions being triggered in multithreaded wasm code. This vulnerability affects Firefox < 86. | ||||
| CVE-2021-23968 | 2 Debian, Mozilla | 4 Debian Linux, Firefox, Firefox Esr and 1 more | 2022-05-27 | 4.3 Medium |
| If Content Security Policy blocked frame navigation, the full destination of a redirect served in the frame was reported in the violation report; as opposed to the original frame URI. This could be used to leak sensitive information contained in such URIs. This vulnerability affects Firefox < 86, Thunderbird < 78.8, and Firefox ESR < 78.8. | ||||
| CVE-2021-23972 | 1 Mozilla | 1 Firefox | 2022-05-23 | 8.8 High |
| One phishing tactic on the web is to provide a link with HTTP Auth. For example 'https://www.phishingtarget.com@evil.com'. To mitigate this type of attack, Firefox will display a warning dialog; however, this warning dialog would not have been displayed if evil.com used a redirect that was cached by the browser. This vulnerability affects Firefox < 86. | ||||
| CVE-2021-23974 | 1 Mozilla | 1 Firefox | 2022-05-23 | 6.1 Medium |
| The DOMParser API did not properly process '<noscript>' elements for escaping. This could be used as an mXSS vector to bypass an HTML Sanitizer. This vulnerability affects Firefox < 86. | ||||
| CVE-2014-0387 | 2 Mozilla, Oracle | 3 Firefox, Jdk, Jre | 2022-05-13 | N/A |
| Unspecified vulnerability in Oracle Java SE 6u65 and Java SE 7u45, when running on Firefox, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment. | ||||
| CVE-2014-6492 | 2 Mozilla, Oracle | 3 Firefox, Jdk, Jre | 2022-05-13 | N/A |
| Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20, when running on Firefox, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment. | ||||
| CVE-2021-23987 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2022-05-03 | 8.8 High |
| Mozilla developers and community members reported memory safety bugs present in Firefox 86 and Firefox ESR 78.8. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR < 78.9, Firefox < 87, and Thunderbird < 78.9. | ||||
| CVE-2021-23988 | 1 Mozilla | 1 Firefox | 2022-05-03 | 8.8 High |
| Mozilla developers reported memory safety bugs present in Firefox 86. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 87. | ||||
| CVE-2021-23983 | 1 Mozilla | 1 Firefox | 2022-05-03 | 6.5 Medium |
| By causing a transition on a parent node by removing a CSS rule, an invalid property for a marker could have been applied, resulting in memory corruption and a potentially exploitable crash. This vulnerability affects Firefox < 87. | ||||
| CVE-2021-23979 | 1 Mozilla | 1 Firefox | 2022-05-03 | 8.8 High |
| Mozilla developers reported memory safety bugs present in Firefox 85. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 86. | ||||
| CVE-2021-23981 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2022-05-03 | 8.1 High |
| A texture upload of a Pixel Buffer Object could have confused the WebGL code to skip binding the buffer used to unpack it, resulting in memory corruption and a potentially exploitable information leak or crash. This vulnerability affects Firefox ESR < 78.9, Firefox < 87, and Thunderbird < 78.9. | ||||
| CVE-2021-38494 | 1 Mozilla | 1 Firefox | 2022-05-03 | 8.8 High |
| Mozilla developers reported memory safety bugs present in Firefox 91. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 92. | ||||
| CVE-2021-38499 | 1 Mozilla | 1 Firefox | 2022-05-03 | 8.8 High |
| Mozilla developers reported memory safety bugs present in Firefox 92. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 93. | ||||
| CVE-2021-29966 | 1 Mozilla | 1 Firefox | 2022-05-03 | 8.8 High |
| Mozilla developers reported memory safety bugs present in Firefox 88. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 89. | ||||
| CVE-2021-29990 | 1 Mozilla | 1 Firefox | 2022-05-03 | 8.8 High |
| Mozilla developers and community members reported memory safety bugs present in Firefox 90. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 91. | ||||
| CVE-2021-23965 | 1 Mozilla | 1 Firefox | 2022-05-03 | 8.8 High |
| Mozilla developers reported memory safety bugs present in Firefox 84. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 85. | ||||
| CVE-2021-23964 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2022-05-03 | 8.8 High |
| Mozilla developers reported memory safety bugs present in Firefox 84 and Firefox ESR 78.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 85, Thunderbird < 78.7, and Firefox ESR < 78.7. | ||||
| CVE-2021-29947 | 1 Mozilla | 1 Firefox | 2022-05-03 | 8.8 High |
| Mozilla developers and community members reported memory safety bugs present in Firefox 87. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 88. | ||||
| CVE-2020-12405 | 2 Canonical, Mozilla | 4 Ubuntu Linux, Firefox, Firefox Esr and 1 more | 2022-05-03 | 5.3 Medium |
| When browsing a malicious page, a race condition in our SharedWorkerService could occur and lead to a potentially exploitable crash. This vulnerability affects Thunderbird < 68.9.0, Firefox < 77, and Firefox ESR < 68.9. | ||||