← Back

Mozilla

mozilla

3,581 CVEs • 43 products

Products (43)

Click to collapse
Toggle
Firefox
firefox
3,149 CVEs
Thunderbird
thunderbird
1,743 CVEs
Seamonkey
seamonkey
704 CVEs
Firefox Esr
firefox_esr
488 CVEs
Thunderbird Esr
thunderbird_esr
228 CVEs
Bugzilla
bugzilla
145 CVEs
Mozilla
mozilla
108 CVEs
Network Security Services
network_security_services
50 CVEs
Mozilla Suite
mozilla_suite
27 CVEs
Firefox Mobile
firefox_mobile
20 CVEs
Firefox Focus
firefox_focus
20 CVEs
Focus
focus
15 CVEs
Firefox Os
firefox_os
14 CVEs
Nss
nss
6 CVEs
Bleach
bleach
5 CVEs
Bonsai
bonsai
4 CVEs
Camino
camino
4 CVEs
Vpn
vpn
4 CVEs
Netscape Portable Runtime
netscape_portable_runtime
3 CVEs
Convict
convict
3 CVEs
Nunjucks
nunjucks
2 CVEs
Mozjpeg
mozjpeg
2 CVEs
Webthings Gateway
webthings_gateway
2 CVEs
Pollbot
pollbot
2 CVEs
Geckodriver
geckodriver
2 CVEs
Gecko
gecko
1 CVE
Durian Web Application Server
durian_web_application_server
1 CVE
Geckb
geckb
1 CVE
Libxul
libxul
1 CVE
Zamboni
zamboni
1 CVE
Firefoxos
firefoxos
1 CVE
Persona
persona
1 CVE
Hubs Cloud Reticulum
hubs_cloud_reticulum
1 CVE
Hubs Cloud
hubs_cloud
1 CVE
Mozilla Vpn
mozilla_vpn
1 CVE
Nss Esr
nss_esr
1 CVE
Hawk
hawk
1 CVE
Common Voice
common_voice
1 CVE
Sccache
sccache
1 CVE
Neqo
neqo
1 CVE
Rhino
rhino
1 CVE
0din Scanner
0din_scanner
1 CVE
Thin Vec
thin-vec
1 CVE

CVEs (3,581)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2018-5163
2Canonical
Mozilla
2Firefox
Ubuntu Linux
Nov 21, 2024
Jun 11, 2018
N/A· v4
8.1 HIGH· v3
5.1 MEDIUM· v2
If a malicious attacker has used another vulnerability to gain full control over a content process, they may be able to replace the alternate data resources stored in the JavaScript Start-up Bytecode Cache (JSBC) for oth...Show more
If a malicious attacker has used another vulnerability to gain full control over a content process, they may be able to replace the alternate data resources stored in the JavaScript Start-up Bytecode Cache (JSBC) for other JavaScript code. If the parent process then runs this replaced code, the executed script would be run with the parent process' privileges, escaping the sandbox on content processes. This vulnerability affects Firefox < 60.Show less
CVE-2018-5162
4Canonical
DebianMozilla+1 more
10Debian Linux
Enterprise Linux DesktopEnterprise Linux Server+7 more
Nov 21, 2024
Jun 11, 2018
N/A· v4
7.5 HIGH· v3
5.0 MEDIUM· v2
Plaintext of decrypted emails can leak through the src attribute of remote images, or links. This vulnerability affects Thunderbird ESR < 52.8 and Thunderbird < 52.8.
CVE-2018-5161
4Canonical
DebianMozilla+1 more
10Debian Linux
Enterprise Linux DesktopEnterprise Linux Server+7 more
Nov 21, 2024
Jun 11, 2018
N/A· v4
4.3 MEDIUM· v3
4.3 MEDIUM· v2
Crafted message headers can cause a Thunderbird process to hang on receiving the message. This vulnerability affects Thunderbird ESR < 52.8 and Thunderbird < 52.8.
CVE-2018-5160
2Canonical
Mozilla
2Firefox
Ubuntu Linux
Nov 21, 2024
Jun 11, 2018
N/A· v4
7.5 HIGH· v3
5.0 MEDIUM· v2
WebRTC can use a "WrappedI420Buffer" pixel buffer but the owning image object can be freed while it is still in use. This can result in the WebRTC encoder using uninitialized memory, leading to a potentially exploitable...Show more
WebRTC can use a "WrappedI420Buffer" pixel buffer but the owning image object can be freed while it is still in use. This can result in the WebRTC encoder using uninitialized memory, leading to a potentially exploitable crash. This vulnerability affects Firefox < 60.Show less
CVE-2018-5159
4Canonical
DebianMozilla+1 more
11Debian Linux
Enterprise Linux DesktopEnterprise Linux Server+8 more
Nov 25, 2025
Jun 11, 2018
N/A· v4
9.8 CRITICAL· v3
7.5 HIGH· v2
An integer overflow can occur in the Skia library due to 32-bit integer use in an array without integer overflow checks, resulting in possible out-of-bounds writes. This could lead to a potentially exploitable crash trig...Show more
An integer overflow can occur in the Skia library due to 32-bit integer use in an array without integer overflow checks, resulting in possible out-of-bounds writes. This could lead to a potentially exploitable crash triggerable by web content. This vulnerability affects Thunderbird < 52.8, Thunderbird ESR < 52.8, Firefox < 60, and Firefox ESR < 52.8.Show less
CVE-2018-5158
4Canonical
DebianMozilla+1 more
9Debian Linux
Enterprise Linux DesktopEnterprise Linux Server+6 more
Nov 25, 2025
Jun 11, 2018
N/A· v4
8.8 HIGH· v3
6.8 MEDIUM· v2
The PDF viewer does not sufficiently sanitize PostScript calculator functions, allowing malicious JavaScript to be injected through a crafted PDF file. This JavaScript can then be run with the permissions of the PDF view...Show more
The PDF viewer does not sufficiently sanitize PostScript calculator functions, allowing malicious JavaScript to be injected through a crafted PDF file. This JavaScript can then be run with the permissions of the PDF viewer by its worker. This vulnerability affects Firefox ESR < 52.8 and Firefox < 60.Show less
CVE-2018-5157
4Canonical
DebianMozilla+1 more
9Debian Linux
Enterprise Linux DesktopEnterprise Linux Server+6 more
Nov 25, 2025
Jun 11, 2018
N/A· v4
7.5 HIGH· v3
5.0 MEDIUM· v2
Same-origin protections for the PDF viewer can be bypassed, allowing a malicious site to intercept messages meant for the viewer. This could allow the site to retrieve PDF files restricted to viewing by an authenticated...Show more
Same-origin protections for the PDF viewer can be bypassed, allowing a malicious site to intercept messages meant for the viewer. This could allow the site to retrieve PDF files restricted to viewing by an authenticated user on a third-party website. This vulnerability affects Firefox ESR < 52.8 and Firefox < 60.Show less
CVE-2018-5155
4Canonical
DebianMozilla+1 more
11Debian Linux
Enterprise Linux DesktopEnterprise Linux Server+8 more
Nov 25, 2025
Jun 11, 2018
N/A· v4
9.8 CRITICAL· v3
7.5 HIGH· v2
A use-after-free vulnerability can occur while adjusting layout during SVG animations with text paths. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.8, Thunderbird ESR < 52....Show more
A use-after-free vulnerability can occur while adjusting layout during SVG animations with text paths. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.8, Thunderbird ESR < 52.8, Firefox < 60, and Firefox ESR < 52.8.Show less
CVE-2018-5154
4Canonical
DebianMozilla+1 more
11Debian Linux
Enterprise Linux DesktopEnterprise Linux Server+8 more
Nov 25, 2025
Jun 11, 2018
N/A· v4
9.8 CRITICAL· v3
7.5 HIGH· v2
A use-after-free vulnerability can occur while enumerating attributes during SVG animations with clip paths. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.8, Thunderbird ESR...Show more
A use-after-free vulnerability can occur while enumerating attributes during SVG animations with clip paths. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.8, Thunderbird ESR < 52.8, Firefox < 60, and Firefox ESR < 52.8.Show less
CVE-2018-5153
2Canonical
Mozilla
2Firefox
Ubuntu Linux
Nov 21, 2024
Jun 11, 2018
N/A· v4
7.5 HIGH· v3
5.0 MEDIUM· v2
If websocket data is sent with mixed text and binary in a single message, the binary data can be corrupted. This can result in an out-of-bounds read with the read memory sent to the originating server in response. This v...Show more
If websocket data is sent with mixed text and binary in a single message, the binary data can be corrupted. This can result in an out-of-bounds read with the read memory sent to the originating server in response. This vulnerability affects Firefox < 60.Show less
CVE-2018-5152
2Canonical
Mozilla
2Firefox
Ubuntu Linux
Nov 21, 2024
Jun 11, 2018
N/A· v4
6.5 MEDIUM· v3
4.3 MEDIUM· v2
WebExtensions with the appropriate permissions can attach content scripts to Mozilla sites such as accounts.firefox.com and listen to network traffic to the site through the "webRequest" API. For example, this allows for...Show more
WebExtensions with the appropriate permissions can attach content scripts to Mozilla sites such as accounts.firefox.com and listen to network traffic to the site through the "webRequest" API. For example, this allows for the interception of username and an encrypted password during login to Firefox Accounts. This issue does not expose synchronization traffic directly and is limited to the process of user login to the website and the data displayed to the user once logged in. This vulnerability affects Firefox < 60.Show less
CVE-2018-5151
2Canonical
Mozilla
2Firefox
Ubuntu Linux
Nov 21, 2024
Jun 11, 2018
N/A· v4
9.8 CRITICAL· v3
10.0 HIGH· v2
Memory safety bugs were reported in Firefox 59. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerabili...Show more
Memory safety bugs were reported in Firefox 59. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 60.Show less
CVE-2018-5150
4Canonical
DebianMozilla+1 more
11Debian Linux
Enterprise Linux DesktopEnterprise Linux Server+8 more
Nov 25, 2025
Jun 11, 2018
N/A· v4
9.8 CRITICAL· v3
7.5 HIGH· v2
Memory safety bugs were reported in Firefox 59, Firefox ESR 52.7, and Thunderbird 52.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited...Show more
Memory safety bugs were reported in Firefox 59, Firefox ESR 52.7, and Thunderbird 52.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 52.8, Thunderbird ESR < 52.8, Firefox < 60, and Firefox ESR < 52.8.Show less
CVE-2018-5148
4Canonical
DebianMozilla+1 more
7Debian Linux
Enterprise Linux DesktopEnterprise Linux Server+4 more
Nov 25, 2025
Jun 11, 2018
N/A· v4
9.8 CRITICAL· v3
7.5 HIGH· v2
A use-after-free vulnerability can occur in the compositor during certain graphics operations when a raw pointer is used instead of a reference counted one. This results in a potentially exploitable crash. This vulnerabi...Show more
A use-after-free vulnerability can occur in the compositor during certain graphics operations when a raw pointer is used instead of a reference counted one. This results in a potentially exploitable crash. This vulnerability affects Firefox ESR < 52.7.3 and Firefox < 59.0.2.Show less
CVE-2018-5147
2Debian
Mozilla
2Debian Linux
Firefox
Nov 25, 2025
Jun 11, 2018
N/A· v4
9.8 CRITICAL· v3
7.5 HIGH· v2
The libtremor library has the same flaw as CVE-2018-5146. This library is used by Firefox in place of libvorbis on Android and ARM platforms. This vulnerability affects Firefox ESR < 52.7.2 and Firefox < 59.0.1.
CVE-2018-5146
4Canonical
DebianMozilla+1 more
10Debian Linux
Enterprise Linux DesktopEnterprise Linux Server+7 more
Nov 25, 2025
Jun 11, 2018
N/A· v4
8.8 HIGH· v3
6.8 MEDIUM· v2
An out of bounds memory write while processing Vorbis audio data was reported through the Pwn2Own contest. This vulnerability affects Firefox < 59.0.1, Firefox ESR < 52.7.2, and Thunderbird < 52.7.
CVE-2018-5145
4Canonical
DebianMozilla+1 more
10Debian Linux
Enterprise Linux DesktopEnterprise Linux Server+7 more
Nov 25, 2025
Jun 11, 2018
N/A· v4
9.8 CRITICAL· v3
7.5 HIGH· v2
Memory safety bugs were reported in Firefox ESR 52.6. These bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability...Show more
Memory safety bugs were reported in Firefox ESR 52.6. These bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox ESR < 52.7 and Thunderbird < 52.7.Show less
CVE-2018-5144
4Canonical
DebianMozilla+1 more
9Debian Linux
Enterprise Linux DesktopEnterprise Linux Server+6 more
Nov 25, 2025
Jun 11, 2018
N/A· v4
7.3 HIGH· v3
7.5 HIGH· v2
An integer overflow can occur during conversion of text to some Unicode character sets due to an unchecked length parameter. This vulnerability affects Firefox ESR < 52.7 and Thunderbird < 52.7.
CVE-2018-5143
2Canonical
Mozilla
2Firefox
Ubuntu Linux
Nov 21, 2024
Jun 11, 2018
N/A· v4
6.1 MEDIUM· v3
4.3 MEDIUM· v2
URLs using "javascript:" have the protocol removed when pasted into the addressbar to protect users from cross-site scripting (XSS) attacks, but if a tab character is embedded in the "javascript:" URL the protocol is not...Show more
URLs using "javascript:" have the protocol removed when pasted into the addressbar to protect users from cross-site scripting (XSS) attacks, but if a tab character is embedded in the "javascript:" URL the protocol is not removed and the script will execute. This could allow users to be socially engineered to run an XSS attack against themselves. This vulnerability affects Firefox < 59.Show less
CVE-2018-5142
2Canonical
Mozilla
2Firefox
Ubuntu Linux
Nov 21, 2024
Jun 11, 2018
N/A· v4
5.3 MEDIUM· v3
5.0 MEDIUM· v2
If Media Capture and Streams API permission is requested from documents with "data:" or "blob:" URLs, the permission notifications do not properly display the originating domain. The notification states "Unknown protocol...Show more
If Media Capture and Streams API permission is requested from documents with "data:" or "blob:" URLs, the permission notifications do not properly display the originating domain. The notification states "Unknown protocol" as the requestee, leading to user confusion about which site is asking for this permission. This vulnerability affects Firefox < 59.Show less