Total
1554 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-11702 | 1 Mozilla | 2 Firefox, Thunderbird | 2025-04-05 | N/A | 7.5 HIGH |
| Copying sensitive information from Private Browsing tabs on Android, such as passwords, may have inadvertently stored data in the cloud-based clipboard history if enabled. This vulnerability affects Firefox < 133 and Thunderbird < 133. | |||||
| CVE-2024-11701 | 1 Mozilla | 2 Firefox, Thunderbird | 2025-04-05 | N/A | 4.3 MEDIUM |
| The incorrect domain may have been displayed in the address bar during an interrupted navigation attempt. This could have led to user confusion and possible spoofing attacks. This vulnerability affects Firefox < 133 and Thunderbird < 133. | |||||
| CVE-2024-5688 | 1 Mozilla | 2 Firefox, Thunderbird | 2025-04-04 | N/A | 8.1 HIGH |
| If a garbage collection was triggered at the right time, a use-after-free could have occurred during object transplant. This vulnerability affects Firefox < 127, Firefox ESR < 115.12, and Thunderbird < 115.12. | |||||
| CVE-2024-11708 | 1 Mozilla | 2 Firefox, Thunderbird | 2025-04-04 | N/A | 6.5 MEDIUM |
| Missing thread synchronization primitives could have led to a data race on members of the PlaybackParams structure. This vulnerability affects Firefox < 133 and Thunderbird < 133. | |||||
| CVE-2025-1930 | 1 Mozilla | 2 Firefox, Thunderbird | 2025-04-04 | N/A | 8.8 HIGH |
| On Windows, a compromised content process could use bad StreamData sent over AudioIPC to trigger a use-after-free in the Browser process. This could have led to a sandbox escape. This vulnerability affects Firefox < 136, Firefox ESR < 115.21, Firefox ESR < 128.8, Thunderbird < 136, and Thunderbird < 128.8. | |||||
| CVE-2024-6601 | 1 Mozilla | 2 Firefox, Thunderbird | 2025-04-04 | N/A | 4.7 MEDIUM |
| A race condition could lead to a cross-origin container obtaining permissions of the top-level origin. This vulnerability affects Firefox < 128, Firefox ESR < 115.13, Thunderbird < 115.13, and Thunderbird < 128. | |||||
| CVE-2024-6603 | 1 Mozilla | 2 Firefox, Thunderbird | 2025-04-04 | N/A | 7.4 HIGH |
| In an out-of-memory scenario an allocation could fail but free would have been called on the pointer afterwards leading to memory corruption. This vulnerability affects Firefox < 128, Firefox ESR < 115.13, Thunderbird < 115.13, and Thunderbird < 128. | |||||
| CVE-2024-6604 | 1 Mozilla | 2 Firefox, Thunderbird | 2025-04-04 | N/A | 7.5 HIGH |
| Memory safety bugs present in Firefox 127, Firefox ESR 115.12, and Thunderbird 115.12. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 128, Firefox ESR < 115.13, Thunderbird < 115.13, and Thunderbird < 128. | |||||
| CVE-2024-6606 | 1 Mozilla | 2 Firefox, Thunderbird | 2025-04-04 | N/A | 8.2 HIGH |
| Clipboard code failed to check the index on an array access. This could have led to an out-of-bounds read. This vulnerability affects Firefox < 128 and Thunderbird < 128. | |||||
| CVE-2024-6611 | 1 Mozilla | 2 Firefox, Thunderbird | 2025-04-04 | N/A | 9.8 CRITICAL |
| A nested iframe, triggering a cross-site navigation, could send SameSite=Strict or Lax cookies. This vulnerability affects Firefox < 128 and Thunderbird < 128. | |||||
| CVE-2024-6612 | 1 Mozilla | 2 Firefox, Thunderbird | 2025-04-04 | N/A | 5.3 MEDIUM |
| CSP violations generated links in the console tab of the developer tools, pointing to the violating resource. This caused a DNS prefetch which leaked that a CSP violation happened. This vulnerability affects Firefox < 128 and Thunderbird < 128. | |||||
| CVE-2024-6613 | 1 Mozilla | 2 Firefox, Thunderbird | 2025-04-04 | N/A | 5.5 MEDIUM |
| The frame iterator could get stuck in a loop when encountering certain wasm frames leading to incorrect stack traces. This vulnerability affects Firefox < 128 and Thunderbird < 128. | |||||
| CVE-2024-6614 | 1 Mozilla | 2 Firefox, Thunderbird | 2025-04-04 | N/A | 4.3 MEDIUM |
| The frame iterator could get stuck in a loop when encountering certain wasm frames leading to incorrect stack traces. This vulnerability affects Firefox < 128 and Thunderbird < 128. | |||||
| CVE-2024-6615 | 1 Mozilla | 2 Firefox, Thunderbird | 2025-04-04 | N/A | 8.8 HIGH |
| Memory safety bugs present in Firefox 127 and Thunderbird 127. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 128 and Thunderbird < 128. | |||||
| CVE-2024-5702 | 1 Mozilla | 2 Firefox, Thunderbird | 2025-04-04 | N/A | 7.5 HIGH |
| Memory corruption in the networking stack could have led to a potentially exploitable crash. This vulnerability affects Firefox < 125, Firefox ESR < 115.12, and Thunderbird < 115.12. | |||||
| CVE-2024-5700 | 1 Mozilla | 2 Firefox, Thunderbird | 2025-04-04 | N/A | 7.0 HIGH |
| Memory safety bugs present in Firefox 126, Firefox ESR 115.11, and Thunderbird 115.11. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 127, Firefox ESR < 115.12, and Thunderbird < 115.12. | |||||
| CVE-2024-9396 | 1 Mozilla | 2 Firefox, Thunderbird | 2025-04-04 | N/A | 8.8 HIGH |
| It is currently unknown if this issue is exploitable but a condition may arise where the structured clone of certain objects could lead to memory corruption. This vulnerability affects Firefox < 131, Firefox ESR < 128.3, Thunderbird < 128.3, and Thunderbird < 131. | |||||
| CVE-2024-9400 | 1 Mozilla | 2 Firefox, Thunderbird | 2025-04-04 | N/A | 8.8 HIGH |
| A potential memory corruption vulnerability could be triggered if an attacker had the ability to trigger an OOM at a specific moment during JIT compilation. This vulnerability affects Firefox < 131, Firefox ESR < 128.3, Thunderbird < 128.3, and Thunderbird < 131. | |||||
| CVE-2024-9402 | 1 Mozilla | 2 Firefox, Thunderbird | 2025-04-04 | N/A | 9.8 CRITICAL |
| Memory safety bugs present in Firefox 130, Firefox ESR 128.2, and Thunderbird 128.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 131, Firefox ESR < 128.3, Thunderbird < 128.3, and Thunderbird < 131. | |||||
| CVE-2024-7652 | 1 Mozilla | 2 Firefox, Thunderbird | 2025-04-04 | N/A | 7.5 HIGH |
| An error in the ECMA-262 specification relating to Async Generators could have resulted in a type confusion, potentially leading to memory corruption and an exploitable crash. This vulnerability affects Firefox < 128, Firefox ESR < 115.13, Thunderbird < 115.13, and Thunderbird < 128. | |||||