CVEs (1,891)
CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS |
|---|
4Canonical DebianMozilla+1 more9Debian Linux Enterprise Linux DesktopEnterprise Linux Server+6 moreNov 25, 2025 Jun 11, 2018 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 A use-after-free vulnerability can occur during font face manipulation when a font face is freed while still in use, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.6, Firefox ES...Show more |
4Canonical DebianMozilla+1 more9Debian Linux Enterprise Linux DesktopEnterprise Linux Server+6 moreNov 25, 2025 Jun 11, 2018 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 A use-after-free vulnerability can occur during mouse event handling due to issues with multiprocess support. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.6, Firefox ESR <...Show more |
4Canonical DebianMozilla+1 more9Debian Linux Enterprise Linux DesktopEnterprise Linux Server+6 moreNov 25, 2025 Jun 11, 2018 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 A use-after-free vulnerability can occur when manipulating HTML media elements with media streams, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.6, Firefox ESR < 52.6, and Fire...Show more |
4Canonical DebianMozilla+1 more9Debian Linux Enterprise Linux DesktopEnterprise Linux Server+6 moreNov 25, 2025 Jun 11, 2018 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 A use-after-free vulnerability can occur when the widget listener is holding strong references to browser objects that have previously been freed, resulting in a potentially exploitable crash when these references are us...Show more |
4Canonical DebianMozilla+1 more9Debian Linux Enterprise Linux DesktopEnterprise Linux Server+6 moreNov 25, 2025 Jun 11, 2018 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 A use-after-free vulnerability can occur when form input elements, focus, and selections are manipulated by script content. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.6,...Show more |
4Canonical DebianMozilla+1 more9Debian Linux Enterprise Linux DesktopEnterprise Linux Server+6 moreNov 25, 2025 Jun 11, 2018 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 A use-after-free vulnerability can occur during XSL transformations when the source document for the transformation is manipulated by script content during the transformation. This results in a potentially exploitable cr...Show more |
3Debian MozillaRedhat9Debian Linux Enterprise LinuxEnterprise Linux Desktop+6 moreNov 25, 2025 Jun 11, 2018 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 A use-after-free vulnerability can occur while editing events in form elements on a page, resulting in a potentially exploitable crash. This vulnerability affects Firefox ESR < 52.6 and Thunderbird < 52.6. |
4Canonical DebianMozilla+1 more10Debian Linux Enterprise LinuxEnterprise Linux Desktop+7 moreNov 25, 2025 Jun 11, 2018 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 An integer overflow vulnerability in the Skia library when allocating memory for edge builders on some systems with at least 8 GB of RAM. This results in the use of uninitialized memory, resulting in a potentially exploi...Show more |
4Canonical DebianMozilla+1 more9Debian Linux Enterprise LinuxEnterprise Linux Desktop+6 moreNov 25, 2025 Jun 11, 2018 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 A use-after-free vulnerability can occur during WebRTC connections when interacting with the DTMF timers. This results in a potentially exploitable crash. This vulnerability affects Firefox ESR < 52.6 and Firefox < 58. |
4Canonical DebianMozilla+1 more7Debian Linux Enterprise Linux DesktopEnterprise Linux Server+4 moreNov 25, 2025 Jun 11, 2018 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 Memory safety bugs were reported in Firefox 57 and Firefox ESR 52.5. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary c...Show more |
3Debian MozillaRedhat8Debian Linux Enterprise LinuxEnterprise Linux Desktop+5 moreNov 21, 2024 Jun 11, 2018 N/A· v4 5.3 MEDIUM· v3 5.0 MEDIUM· v2 RSS fields can inject new lines into the created email structure, modifying the message body. This vulnerability affects Thunderbird < 52.5.2. |
3Debian MozillaRedhat7Debian Linux Enterprise Linux AusEnterprise Linux Desktop+4 moreNov 21, 2024 Jun 11, 2018 N/A· v4 4.3 MEDIUM· v3 4.3 MEDIUM· v2 Crafted CSS in an RSS feed can leak and reveal local path strings, which may contain user name. This vulnerability affects Thunderbird < 52.5.2. |
3Debian MozillaRedhat7Debian Linux Enterprise Linux DesktopEnterprise Linux Server+4 moreNov 21, 2024 Jun 11, 2018 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 It is possible to execute JavaScript in the parsed RSS feed when RSS feed is viewed as a website, e.g. via "View -> Feed article -> Website" or in the standard format of "View -> Feed article -> default format". This vul...Show more |
3Debian MozillaRedhat7Debian Linux Enterprise Linux DesktopEnterprise Linux Server+4 moreNov 25, 2025 Jun 11, 2018 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 When Private Browsing mode is used, it is possible for a web worker to write persistent data to IndexedDB and fingerprint a user uniquely. IndexedDB should not be available in Private Browsing mode and this stored data w...Show more |
3Debian MozillaRedhat8Debian Linux Enterprise Linux DesktopEnterprise Linux Server+5 moreNov 25, 2025 Jun 11, 2018 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 The Resource Timing API incorrectly revealed navigations in cross-origin iframes. This is a same-origin policy violation and could allow for data theft of URLs loaded by users. This vulnerability affects Firefox < 57, Fi...Show more |
4Canonical DebianMozilla+1 more8Debian Linux Enterprise Linux AusEnterprise Linux Desktop+5 moreNov 21, 2024 Jun 11, 2018 N/A· v4 5.3 MEDIUM· v3 5.0 MEDIUM· v2 It is possible to spoof the sender's email address and display an arbitrary sender address to the email recipient. The real sender's address is not displayed if preceded by a null character in the display string. This vu...Show more |
3Debian MozillaRedhat8Debian Linux Enterprise Linux DesktopEnterprise Linux Server+5 moreNov 25, 2025 Jun 11, 2018 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 A use-after-free vulnerability can occur when flushing and resizing layout because the "PressShell" object has been freed while still in use. This results in a potentially exploitable crash during these operations. This...Show more |
4Canonical DebianMozilla+1 more9Debian Linux Enterprise Linux DesktopEnterprise Linux Server+6 moreNov 25, 2025 Jun 11, 2018 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 Memory safety bugs were reported in Firefox 56 and Firefox ESR 52.4. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary c...Show more |
3Debian MozillaRedhat8Debian Linux Enterprise Linux AusEnterprise Linux Desktop+5 moreNov 25, 2025 Jun 11, 2018 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 A buffer overflow occurs when drawing and validating elements with the ANGLE graphics library, used for WebGL content. This is due to an incorrect value being passed within the library during checks and results in a pote...Show more |
3Debian MozillaRedhat8Debian Linux Enterprise Linux DesktopEnterprise Linux Server+5 moreNov 25, 2025 Jun 11, 2018 N/A· v4 5.4 MEDIUM· v3 4.3 MEDIUM· v2 The content security policy (CSP) "sandbox" directive did not create a unique origin for the document, causing it to behave as if the "allow-same-origin" keyword were always specified. This could allow a Cross-Site Scrip...Show more |