Total
2941 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-11753 | 2 Microsoft, Mozilla | 3 Windows, Firefox, Firefox Esr | 2025-11-25 | 4.6 MEDIUM | 7.8 HIGH |
| The Firefox installer allows Firefox to be installed to a custom user writable location, leaving it unprotected from manipulation by unprivileged users or malware. If the Mozilla Maintenance Service is manipulated to update this unprotected location and the updated maintenance service in the unprotected location has been altered, the altered maintenance service can run with elevated privileges during the update process due to a lack of integrity checks. This allows for privilege escalation if the executable has been replaced locally. <br>*Note: This attack requires local system access and only affects Windows. Other operating systems are not affected.*. This vulnerability affects Firefox < 69, Firefox ESR < 60.9, and Firefox ESR < 68.1. | |||||
| CVE-2017-7804 | 2 Microsoft, Mozilla | 3 Windows, Firefox, Thunderbird | 2025-11-25 | 5.0 MEDIUM | 7.5 HIGH |
| The destructor function for the "WindowsDllDetourPatcher" class can be re-purposed by malicious code in concert with another vulnerability to write arbitrary data to an attacker controlled location in memory. This can be used to bypass existing memory protections in this situation. Note: This attack only affects Windows operating systems. Other operating systems are not affected. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55. | |||||
| CVE-2019-9796 | 1 Mozilla | 2 Firefox, Thunderbird | 2025-11-25 | 7.5 HIGH | 9.8 CRITICAL |
| A use-after-free vulnerability can occur when the SMIL animation controller incorrectly registers with the refresh driver twice when only a single registration is expected. When a registration is later freed with the removal of the animation controller element, the refresh driver incorrectly leaves a dangling pointer to the driver's observer array. This vulnerability affects Thunderbird < 60.6, Firefox ESR < 60.6, and Firefox < 66. | |||||
| CVE-2018-12367 | 3 Canonical, Debian, Mozilla | 4 Ubuntu Linux, Debian Linux, Firefox and 1 more | 2025-11-25 | 4.3 MEDIUM | 4.3 MEDIUM |
| In the previous mitigations for Spectre, the resolution or precision of various methods was reduced to counteract the ability to measure precise time intervals. In that work PerformanceNavigationTiming was not adjusted but it was found that it could be used as a precision timer. This vulnerability affects Thunderbird < 60, Firefox ESR < 60.1, and Firefox < 61. | |||||
| CVE-2018-5157 | 4 Canonical, Debian, Mozilla and 1 more | 9 Ubuntu Linux, Debian Linux, Firefox and 6 more | 2025-11-25 | 5.0 MEDIUM | 7.5 HIGH |
| Same-origin protections for the PDF viewer can be bypassed, allowing a malicious site to intercept messages meant for the viewer. This could allow the site to retrieve PDF files restricted to viewing by an authenticated user on a third-party website. This vulnerability affects Firefox ESR < 52.8 and Firefox < 60. | |||||
| CVE-2017-5376 | 3 Debian, Mozilla, Redhat | 9 Debian Linux, Firefox, Thunderbird and 6 more | 2025-11-25 | 7.5 HIGH | 9.8 CRITICAL |
| Use-after-free while manipulating XSL in XSLT documents. This vulnerability affects Thunderbird < 45.7, Firefox ESR < 45.7, and Firefox < 51. | |||||
| CVE-2025-13016 | 1 Mozilla | 1 Firefox | 2025-11-25 | N/A | 7.5 HIGH |
| Incorrect boundary conditions in the JavaScript: WebAssembly component. This vulnerability affects Firefox < 145, Firefox ESR < 140.5, Thunderbird < 145, and Thunderbird < 140.5. | |||||
| CVE-2025-13027 | 1 Mozilla | 1 Firefox | 2025-11-19 | N/A | 8.1 HIGH |
| Memory safety bugs present in Firefox 144 and Thunderbird 144. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 145 and Thunderbird < 145. | |||||
| CVE-2025-13026 | 1 Mozilla | 1 Firefox | 2025-11-19 | N/A | 9.8 CRITICAL |
| Sandbox escape due to incorrect boundary conditions in the Graphics: WebGPU component. This vulnerability affects Firefox < 145 and Thunderbird < 145. | |||||
| CVE-2025-13025 | 1 Mozilla | 1 Firefox | 2025-11-19 | N/A | 7.5 HIGH |
| Incorrect boundary conditions in the Graphics: WebGPU component. This vulnerability affects Firefox < 145 and Thunderbird < 145. | |||||
| CVE-2025-13024 | 1 Mozilla | 1 Firefox | 2025-11-19 | N/A | 9.8 CRITICAL |
| JIT miscompilation in the JavaScript Engine: JIT component. This vulnerability affects Firefox < 145 and Thunderbird < 145. | |||||
| CVE-2025-13023 | 1 Mozilla | 1 Firefox | 2025-11-19 | N/A | 9.8 CRITICAL |
| Sandbox escape due to incorrect boundary conditions in the Graphics: WebGPU component. This vulnerability affects Firefox < 145 and Thunderbird < 145. | |||||
| CVE-2025-13022 | 1 Mozilla | 1 Firefox | 2025-11-19 | N/A | 9.8 CRITICAL |
| Incorrect boundary conditions in the Graphics: WebGPU component. This vulnerability affects Firefox < 145 and Thunderbird < 145. | |||||
| CVE-2025-13021 | 1 Mozilla | 1 Firefox | 2025-11-19 | N/A | 9.8 CRITICAL |
| Incorrect boundary conditions in the Graphics: WebGPU component. This vulnerability affects Firefox < 145 and Thunderbird < 145. | |||||
| CVE-2025-13020 | 1 Mozilla | 1 Firefox | 2025-11-19 | N/A | 8.8 HIGH |
| Use-after-free in the WebRTC: Audio/Video component. This vulnerability affects Firefox < 145, Firefox ESR < 140.5, Thunderbird < 145, and Thunderbird < 140.5. | |||||
| CVE-2025-13019 | 1 Mozilla | 1 Firefox | 2025-11-19 | N/A | 8.1 HIGH |
| Same-origin policy bypass in the DOM: Workers component. This vulnerability affects Firefox < 145, Firefox ESR < 140.5, Thunderbird < 145, and Thunderbird < 140.5. | |||||
| CVE-2025-13018 | 1 Mozilla | 1 Firefox | 2025-11-19 | N/A | 8.1 HIGH |
| Mitigation bypass in the DOM: Security component. This vulnerability affects Firefox < 145, Firefox ESR < 140.5, Thunderbird < 145, and Thunderbird < 140.5. | |||||
| CVE-2025-13017 | 1 Mozilla | 1 Firefox | 2025-11-19 | N/A | 8.1 HIGH |
| Same-origin policy bypass in the DOM: Notifications component. This vulnerability affects Firefox < 145, Firefox ESR < 140.5, Thunderbird < 145, and Thunderbird < 140.5. | |||||
| CVE-2025-13015 | 1 Mozilla | 1 Firefox | 2025-11-19 | N/A | 3.4 LOW |
| Spoofing issue in Firefox. This vulnerability affects Firefox < 145, Firefox ESR < 140.5, Firefox ESR < 115.30, Thunderbird < 145, and Thunderbird < 140.5. | |||||
| CVE-2025-13014 | 1 Mozilla | 1 Firefox | 2025-11-19 | N/A | 8.8 HIGH |
| Use-after-free in the Audio/Video component. This vulnerability affects Firefox < 145, Firefox ESR < 140.5, Firefox ESR < 115.30, Thunderbird < 145, and Thunderbird < 140.5. | |||||