Filtered by vendor Mozilla Subscriptions
Filtered by product Firefox Subscriptions
Total 2660 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2021-23953 2 Mozilla, Redhat 5 Firefox, Firefox Esr, Thunderbird and 2 more 2024-08-03 4.3 Medium
If a user clicked into a specifically crafted PDF, the PDF reader could be confused into leaking cross-origin information, when said information is served as chunked data. This vulnerability affects Firefox < 85, Thunderbird < 78.7, and Firefox ESR < 78.7.
CVE-2021-23959 1 Mozilla 1 Firefox 2024-08-03 6.1 Medium
An XSS bug in internal error pages could have led to various spoofing attacks, including other error pages and the address bar. Note: This issue only affected Firefox for Android. Other operating systems are unaffected. This vulnerability affects Firefox < 85.
CVE-2021-20628 2 Cybozu, Mozilla 2 Office, Firefox 2024-08-03 6.1 Medium
Cross-site scripting vulnerability in Address Book of Cybozu Office 10.0.0 to 10.8.4 allows remote attackers to inject an arbitrary script via unspecified vectors. Note that this vulnerability occurs only when using Mozilla Firefox.
CVE-2021-4221 2 Google, Mozilla 2 Android, Firefox 2024-08-03 4.3 Medium
If a domain name contained a RTL character, it would cause the domain to be rendered to the right of the path. This could lead to user confusion and spoofing attacks. <br>*This bug only affects Firefox for Android. Other operating systems are unaffected.*<br>*Note*: Due to a clerical error this advisory was not included in the original announcement, and was added in Feburary 2022. This vulnerability affects Firefox < 92.
CVE-2021-4128 2 Apple, Mozilla 2 Macos, Firefox 2024-08-03 6.5 Medium
When transitioning in and out of fullscreen mode, a graphics object was not correctly protected; resulting in memory corruption and a potentially exploitable crash.<br>*This bug only affects Firefox on MacOS. Other operating systems are unaffected.*. This vulnerability affects Firefox < 95.
CVE-2021-4129 2 Mozilla, Redhat 6 Firefox, Firefox Esr, Thunderbird and 3 more 2024-08-03 9.8 Critical
Mozilla developers and community members Julian Hector, Randell Jesup, Gabriele Svelto, Tyson Smith, Christian Holler, and Masayuki Nakano reported memory safety bugs present in Firefox 94. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 95, Firefox ESR < 91.4.0, and Thunderbird < 91.4.0.
CVE-2021-4140 2 Mozilla, Redhat 6 Firefox, Firefox Esr, Thunderbird and 3 more 2024-08-03 10.0 Critical
It was possible to construct specific XSLT markup that would be able to bypass an iframe sandbox. This vulnerability affects Firefox ESR < 91.5, Firefox < 96, and Thunderbird < 91.5.
CVE-2022-46882 2 Mozilla, Redhat 8 Firefox, Firefox Esr, Thunderbird and 5 more 2024-08-03 9.8 Critical
A use-after-free in WebGL extensions could have led to a potentially exploitable crash. This vulnerability affects Firefox < 107, Firefox ESR < 102.6, and Thunderbird < 102.6.
CVE-2022-46885 1 Mozilla 1 Firefox 2024-08-03 8.8 High
Mozilla developers Timothy Nikkel, Ashley Hale, and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 105. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 106.
CVE-2022-46872 3 Linux, Mozilla, Redhat 9 Linux Kernel, Firefox, Firefox Esr and 6 more 2024-08-03 8.6 High
An attacker who compromised a content process could have partially escaped the sandbox to read arbitrary files via clipboard-related IPC messages.<br>*This bug only affects Thunderbird for Linux. Other operating systems are unaffected.*. This vulnerability affects Firefox < 108, Firefox ESR < 102.6, and Thunderbird < 102.6.
CVE-2022-46878 2 Mozilla, Redhat 8 Firefox, Firefox Esr, Thunderbird and 5 more 2024-08-03 8.8 High
Mozilla developers Randell Jesup, Valentin Gosu, Olli Pettay, and the Mozilla Fuzzing Team reported memory safety bugs present in Thunderbird 102.5. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 108, Firefox ESR < 102.6, and Thunderbird < 102.6.
CVE-2022-46879 1 Mozilla 1 Firefox 2024-08-03 8.8 High
Mozilla developers and community members Lukas Bernhard, Gabriele Svelto, Randell Jesup, and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 107. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 108.
CVE-2022-46874 2 Mozilla, Redhat 8 Firefox, Firefox Esr, Thunderbird and 5 more 2024-08-03 8.8 High
A file with a long filename could have had its filename truncated to remove the valid extension, leaving a malicious extension in its place. This could potentially led to user confusion and the execution of malicious code.<br/>*Note*: This issue was originally included in the advisories for Thunderbird 102.6, but a patch (specific to Thunderbird) was omitted, resulting in it actually being fixed in Thunderbird 102.6.1. This vulnerability affects Firefox < 108, Thunderbird < 102.6.1, Thunderbird < 102.6, and Firefox ESR < 102.6.
CVE-2022-46877 3 Debian, Mozilla, Redhat 7 Debian Linux, Firefox, Enterprise Linux and 4 more 2024-08-03 4.3 Medium
By confusing the browser, the fullscreen notification could have been delayed or suppressed, resulting in potential user confusion or spoofing attacks. This vulnerability affects Firefox < 108.
CVE-2022-46875 2 Apple, Mozilla 4 Macos, Firefox, Firefox Esr and 1 more 2024-08-03 6.5 Medium
The executable file warning was not presented when downloading .atloc and .ftploc files, which can run commands on a user's computer. <br>*Note: This issue only affected Mac OS operating systems. Other operating systems are unaffected.*. This vulnerability affects Firefox < 108, Firefox ESR < 102.6, and Thunderbird < 102.6.
CVE-2022-46881 2 Mozilla, Redhat 8 Firefox, Firefox Esr, Thunderbird and 5 more 2024-08-03 8.8 High
An optimization in WebGL was incorrect in some cases, and could have led to memory corruption and a potentially exploitable crash. *Note*: This advisory was added on December 13th, 2022 after we better understood the impact of the issue. The fix was included in the original release of Firefox 106. This vulnerability affects Firefox < 106, Firefox ESR < 102.6, and Thunderbird < 102.6.
CVE-2022-46883 1 Mozilla 1 Firefox 2024-08-03 8.8 High
Mozilla developers Gabriele Svelto, Yulia Startsev, Andrew McCreight and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 106. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.<br />*Note*: This advisory was added on December 13th, 2022 after discovering it was inadvertently left out of the original advisory. The fix was included in the original release of Firefox 107. This vulnerability affects Firefox < 107.
CVE-2022-46873 1 Mozilla 1 Firefox 2024-08-03 8.8 High
Because Firefox did not implement the <code>unsafe-hashes</code> CSP directive, an attacker who was able to inject markup into a page otherwise protected by a Content Security Policy may have been able to inject executable script. This would be severely constrained by the specified Content Security Policy of the document. This vulnerability affects Firefox < 108.
CVE-2022-46880 2 Mozilla, Redhat 8 Firefox, Firefox Esr, Thunderbird and 5 more 2024-08-03 6.5 Medium
A missing check related to tex units could have led to a use-after-free and potentially exploitable crash.<br />*Note*: This advisory was added on December 13th, 2022 after we better understood the impact of the issue. The fix was included in the original release of Firefox 105. This vulnerability affects Firefox ESR < 102.6, Firefox < 105, and Thunderbird < 102.6.
CVE-2022-46871 3 Debian, Mozilla, Redhat 7 Debian Linux, Firefox, Enterprise Linux and 4 more 2024-08-03 8.8 High
An out of date library (libusrsctp) contained vulnerabilities that could potentially be exploited. This vulnerability affects Firefox < 108.