CWE-416
7,493 CVEs • Abstraction: Variant • Likelihood of Exploit: High
Use After Free
The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.
CVEs (7,493)
CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS |
|---|
1Mozilla 3Firefox Firefox EsrThunderbirdJun 17, 2026 Dec 22, 2022 N/A· v4 6.5 MEDIUM· v3 N/A· v2 Concurrent use of the URL parser with non-UTF-8 data was not thread-safe. This could lead to a use-after-free causing a potentially exploitable crash. This vulnerability affects Firefox ESR < 102.3, Thunderbird < 102.3,...Show more |
A data race could occur in the <code>PK11_ChangePW</code> function, potentially leading to a use-after-free vulnerability. In Firefox, this lock protected the data when a user changed their master password. This vulnerab...Show more |
1Mozilla 3Firefox Firefox EsrThunderbirdJun 17, 2026 Dec 22, 2022 N/A· v4 8.8 HIGH· v3 N/A· v2 The Mozilla Fuzzing Team reported potential vulnerabilities present in Thunderbird 91.10. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been explo...Show more |
1Mozilla 3Firefox Firefox EsrThunderbirdJun 17, 2026 Dec 22, 2022 N/A· v4 9.8 CRITICAL· v3 N/A· v2 Session history navigations may have led to a use-after-free and potentially exploitable crash. This vulnerability affects Firefox < 102, Firefox ESR < 91.11, Thunderbird < 102, and Thunderbird < 91.11. |
1Mozilla 3Firefox Firefox EsrThunderbirdJun 17, 2026 Dec 22, 2022 N/A· v4 9.8 CRITICAL· v3 N/A· v2 Mozilla developers Andrew McCreight, Nicolas B. Pierron, and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 100 and Firefox ESR 91.9. Some of these bugs showed evidence of memory corruption and w...Show more |
1Mozilla 3Firefox Firefox EsrThunderbirdJun 17, 2026 Dec 22, 2022 N/A· v4 6.5 MEDIUM· v3 N/A· v2 By using a link with <code>rel="localization"</code> a use-after-free could have been triggered by destroying an object during JavaScript execution and then referencing the object through a freed pointer, leading to a po...Show more |
1Mozilla 3Firefox Firefox FocusThunderbirdJun 17, 2026 Dec 22, 2022 N/A· v4 9.6 CRITICAL· v3 N/A· v2 An unexpected message in the WebGPU IPC framework could lead to a use-after-free and exploitable sandbox escape. We have had reports of attacks in the wild abusing this flaw. This vulnerability affects Firefox < 97.0.2,...Show more |
1Mozilla 3Firefox Firefox FocusThunderbirdJun 17, 2026 Dec 22, 2022 N/A· v4 8.8 HIGH· v3 N/A· v2 Removing an XSLT parameter during processing could have lead to an exploitable use-after-free. We have had reports of attacks in the wild abusing this flaw. This vulnerability affects Firefox < 97.0.2, Firefox ESR < 91.6...Show more |
In unusual circumstances, an individual thread may outlive the thread's manager during shutdown. This could have led to a use-after-free causing a potentially exploitable crash. This vulnerability affects Firefox < 98. |
1Mozilla 3Firefox Firefox EsrThunderbirdJun 17, 2026 Dec 22, 2022 N/A· v4 8.8 HIGH· v3 N/A· v2 An attacker could have caused a use-after-free by forcing a text reflow in an SVG object leading to a potentially exploitable crash. This vulnerability affects Firefox < 98, Firefox ESR < 91.7, and Thunderbird < 91.7. |
1Mozilla 3Firefox Firefox EsrThunderbirdJun 17, 2026 Dec 22, 2022 N/A· v4 8.8 HIGH· v3 N/A· v2 Certain network request objects were freed too early when releasing a network request handle. This could have lead to a use-after-free causing a potentially exploitable crash. This vulnerability affects Firefox ESR < 91....Show more |
After a VR Process is destroyed, a reference to it may have been retained and used, leading to a use-after-free and potentially exploitable crash. This vulnerability affects Thunderbird < 91.8 and Firefox ESR < 91.8. |
1Mozilla 3Firefox Firefox EsrThunderbirdJun 17, 2026 Dec 22, 2022 N/A· v4 6.5 MEDIUM· v3 N/A· v2 <code>NSSToken</code> objects were referenced via direct points, and could have been accessed in an unsafe way on different threads, leading to a use-after-free and potentially exploitable crash. This vulnerability affec...Show more |
When transitioning in and out of fullscreen mode, a graphics object was not correctly protected; resulting in memory corruption and a potentially exploitable crash.<br>*This bug only affects Firefox on MacOS. Other opera...Show more |
Use after free vulnerability in CX-Drive V3.00 and earlier allows a local attacker to execute arbitrary code by having a user to open a specially crafted file, |
The contacts component has a free (undefined) provider vulnerability. Successful exploitation of this vulnerability may affect data integrity. |
2Fedoraproject Openatom2Fedora OpeneulerJun 17, 2026 Dec 19, 2022 N/A· v4 9.8 CRITICAL· v3 N/A· v2 After tar_close(), libtar.c releases the memory pointed to by pointer t. After tar_close() is called in the list() function, it continues to use pointer t: free_longlink_longname(t->th_buf) . As a result, the released me...Show more |
In ServiceInterface::HandleRequest of serviceinterface.cpp, there is a possible use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for...Show more |
In the Pixel camera driver, there is a possible use after free due to a logic error in the code. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed fo...Show more |
In extract_metadata of dm-android-verity.c, there is a possible way to corrupt kernel memory due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interac...Show more |