← Back

Mozilla

mozilla

3,581 CVEs • 43 products

Products (43)

Click to collapse
Toggle
Firefox
firefox
3,149 CVEs
Thunderbird
thunderbird
1,743 CVEs
Seamonkey
seamonkey
704 CVEs
Firefox Esr
firefox_esr
488 CVEs
Thunderbird Esr
thunderbird_esr
228 CVEs
Bugzilla
bugzilla
145 CVEs
Mozilla
mozilla
108 CVEs
Network Security Services
network_security_services
50 CVEs
Mozilla Suite
mozilla_suite
27 CVEs
Firefox Mobile
firefox_mobile
20 CVEs
Firefox Focus
firefox_focus
20 CVEs
Focus
focus
15 CVEs
Firefox Os
firefox_os
14 CVEs
Nss
nss
6 CVEs
Bleach
bleach
5 CVEs
Bonsai
bonsai
4 CVEs
Camino
camino
4 CVEs
Vpn
vpn
4 CVEs
Netscape Portable Runtime
netscape_portable_runtime
3 CVEs
Convict
convict
3 CVEs
Nunjucks
nunjucks
2 CVEs
Mozjpeg
mozjpeg
2 CVEs
Webthings Gateway
webthings_gateway
2 CVEs
Pollbot
pollbot
2 CVEs
Geckodriver
geckodriver
2 CVEs
Gecko
gecko
1 CVE
Durian Web Application Server
durian_web_application_server
1 CVE
Geckb
geckb
1 CVE
Libxul
libxul
1 CVE
Zamboni
zamboni
1 CVE
Firefoxos
firefoxos
1 CVE
Persona
persona
1 CVE
Hubs Cloud Reticulum
hubs_cloud_reticulum
1 CVE
Hubs Cloud
hubs_cloud
1 CVE
Mozilla Vpn
mozilla_vpn
1 CVE
Nss Esr
nss_esr
1 CVE
Hawk
hawk
1 CVE
Common Voice
common_voice
1 CVE
Sccache
sccache
1 CVE
Neqo
neqo
1 CVE
Rhino
rhino
1 CVE
0din Scanner
0din_scanner
1 CVE
Thin Vec
thin-vec
1 CVE

CVEs (3,581)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2016-9065
1Mozilla
1Firefox
Nov 21, 2024
Jun 11, 2018
N/A· v4
7.5 HIGH· v3
5.0 MEDIUM· v2
The location bar in Firefox for Android can be spoofed by forcing a user into fullscreen mode, blocking its exiting, and creating of a fake location bar without any user notification. Note: This issue only affects Firefo...Show more
The location bar in Firefox for Android can be spoofed by forcing a user into fullscreen mode, blocking its exiting, and creating of a fake location bar without any user notification. Note: This issue only affects Firefox for Android. Other versions and operating systems are unaffected. This vulnerability affects Firefox < 50.Show less
CVE-2016-9064
1Mozilla
1Firefox
Nov 25, 2025
Jun 11, 2018
N/A· v4
5.9 MEDIUM· v3
4.3 MEDIUM· v2
Add-on updates failed to verify that the add-on ID inside the signed package matched the ID of the add-on being updated. An attacker who could perform a man-in-the-middle attack on the user's connection to the update ser...Show more
Add-on updates failed to verify that the add-on ID inside the signed package matched the ID of the add-on being updated. An attacker who could perform a man-in-the-middle attack on the user's connection to the update server and defeat the certificate pinning protection could provide a malicious signed add-on instead of a valid update. This vulnerability affects Firefox ESR < 45.5 and Firefox < 50.Show less
CVE-2016-9063
3Debian
MozillaPython
3Debian Linux
FirefoxPython
Nov 21, 2024
Jun 11, 2018
N/A· v4
9.8 CRITICAL· v3
7.5 HIGH· v2
An integer overflow during the parsing of XML using the Expat library. This vulnerability affects Firefox < 50.
CVE-2016-9062
1Mozilla
1Firefox
Nov 21, 2024
Jun 11, 2018
N/A· v4
3.3 LOW· v3
2.1 LOW· v2
Private browsing mode leaves metadata information, such as URLs, for sites visited in "browser.db" and "browser.db-wal" files within the Firefox profile after the mode is exited. Note: This issue only affects Firefox for...Show more
Private browsing mode leaves metadata information, such as URLs, for sites visited in "browser.db" and "browser.db-wal" files within the Firefox profile after the mode is exited. Note: This issue only affects Firefox for Android. Other versions and operating systems are unaffected. This vulnerability affects Firefox < 50.Show less
CVE-2016-9061
1Mozilla
1Firefox
Nov 21, 2024
Jun 11, 2018
N/A· v4
7.5 HIGH· v3
5.0 MEDIUM· v2
A previously installed malicious Android application which defines a specific signature-level permissions used by Firefox can access API keys meant for Firefox only. Note: This issue only affects Firefox for Android. Oth...Show more
A previously installed malicious Android application which defines a specific signature-level permissions used by Firefox can access API keys meant for Firefox only. Note: This issue only affects Firefox for Android. Other versions and operating systems are unaffected. This vulnerability affects Firefox < 50.Show less
CVE-2016-5299
1Mozilla
1Firefox
Nov 21, 2024
Jun 11, 2018
N/A· v4
7.5 HIGH· v3
5.0 MEDIUM· v2
A previously installed malicious Android application with same signature-level permissions as Firefox can intercept AuthTokens meant for Firefox only. Note: This issue only affects Firefox for Android. Other versions and...Show more
A previously installed malicious Android application with same signature-level permissions as Firefox can intercept AuthTokens meant for Firefox only. Note: This issue only affects Firefox for Android. Other versions and operating systems are unaffected. This vulnerability affects Firefox < 50.Show less
CVE-2016-5298
1Mozilla
1Firefox
Nov 21, 2024
Jun 11, 2018
N/A· v4
6.5 MEDIUM· v3
4.3 MEDIUM· v2
A mechanism where disruption of the loading of a new web page can cause the previous page's favicon and SSL indicator to not be reset when the new page is loaded. Note: this issue only affects Firefox for Android. Deskto...Show more
A mechanism where disruption of the loading of a new web page can cause the previous page's favicon and SSL indicator to not be reset when the new page is loaded. Note: this issue only affects Firefox for Android. Desktop Firefox is unaffected. This vulnerability affects Firefox < 50.Show less
CVE-2016-5297
2Debian
Mozilla
3Debian Linux
FirefoxThunderbird
Nov 25, 2025
Jun 11, 2018
N/A· v4
9.8 CRITICAL· v3
7.5 HIGH· v2
An error in argument length checking in JavaScript, leading to potential integer overflows or other bounds checking issues. This vulnerability affects Thunderbird < 45.5, Firefox ESR < 45.5, and Firefox < 50.
CVE-2016-5296
2Debian
Mozilla
3Debian Linux
FirefoxThunderbird
Nov 25, 2025
Jun 11, 2018
N/A· v4
7.5 HIGH· v3
5.0 MEDIUM· v2
A heap-buffer-overflow in Cairo when processing SVG content caused by compiler optimization, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird < 45.5, Firefox ESR < 45.5, and Firefox <...Show more
A heap-buffer-overflow in Cairo when processing SVG content caused by compiler optimization, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird < 45.5, Firefox ESR < 45.5, and Firefox < 50.Show less
CVE-2016-5295
1Mozilla
1Firefox
Nov 21, 2024
Jun 11, 2018
N/A· v4
7.8 HIGH· v3
4.6 MEDIUM· v2
This vulnerability allows an attacker to use the Mozilla Maintenance Service to escalate privilege by having the Maintenance Service invoke the Mozilla Updater to run malicious local files. This vulnerability requires lo...Show more
This vulnerability allows an attacker to use the Mozilla Maintenance Service to escalate privilege by having the Maintenance Service invoke the Mozilla Updater to run malicious local files. This vulnerability requires local system access and is a variant of MFSA2013-44. Note: this issue only affects Windows operating systems. This vulnerability affects Firefox < 50.Show less
CVE-2016-5294
1Mozilla
2Firefox
Thunderbird
Nov 25, 2025
Jun 11, 2018
N/A· v4
5.5 MEDIUM· v3
2.1 LOW· v2
The Mozilla Updater can be made to choose an arbitrary target working directory for output files resulting from the update process. This vulnerability requires local system access. Note: this issue only affects Windows o...Show more
The Mozilla Updater can be made to choose an arbitrary target working directory for output files resulting from the update process. This vulnerability requires local system access. Note: this issue only affects Windows operating systems. This vulnerability affects Thunderbird < 45.5, Firefox ESR < 45.5, and Firefox < 50.Show less
CVE-2016-5293
2Debian
Mozilla
2Debian Linux
Firefox
Nov 25, 2025
Jun 11, 2018
N/A· v4
5.5 MEDIUM· v3
2.1 LOW· v2
When the Mozilla Updater is run, if the Updater's log file in the working directory points to a hardlink, data can be appended to an arbitrary local file. This vulnerability requires local system access. Note: this issue...Show more
When the Mozilla Updater is run, if the Updater's log file in the working directory points to a hardlink, data can be appended to an arbitrary local file. This vulnerability requires local system access. Note: this issue only affects Windows operating systems. This vulnerability affects Firefox ESR < 45.5 and Firefox < 50.Show less
CVE-2016-5292
1Mozilla
1Firefox
Nov 21, 2024
Jun 11, 2018
N/A· v4
6.5 MEDIUM· v3
4.3 MEDIUM· v2
During URL parsing, a maliciously crafted URL can cause a potentially exploitable crash. This vulnerability affects Firefox < 50.
CVE-2016-5291
2Debian
Mozilla
3Debian Linux
FirefoxThunderbird
Nov 25, 2025
Jun 11, 2018
N/A· v4
5.5 MEDIUM· v3
4.9 MEDIUM· v2
A same-origin policy bypass with local shortcut files to load arbitrary local content from disk. This vulnerability affects Thunderbird < 45.5, Firefox ESR < 45.5, and Firefox < 50.
CVE-2016-5290
2Debian
Mozilla
3Debian Linux
FirefoxThunderbird
Nov 25, 2025
Jun 11, 2018
N/A· v4
9.8 CRITICAL· v3
7.5 HIGH· v2
Memory safety bugs were reported in Firefox 49 and Firefox ESR 45.4. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary c...Show more
Memory safety bugs were reported in Firefox 49 and Firefox ESR 45.4. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 45.5, Firefox ESR < 45.5, and Firefox < 50.Show less
CVE-2016-5289
1Mozilla
1Firefox
Nov 21, 2024
Jun 11, 2018
N/A· v4
9.8 CRITICAL· v3
7.5 HIGH· v2
Memory safety bugs were reported in Firefox 49. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerabili...Show more
Memory safety bugs were reported in Firefox 49. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 50.Show less
CVE-2016-5288
1Mozilla
1Firefox
Nov 21, 2024
Jun 11, 2018
N/A· v4
5.9 MEDIUM· v3
4.3 MEDIUM· v2
Web content could access information in the HTTP cache if e10s is disabled. This can reveal some visited URLs and the contents of those pages. This issue affects Firefox 48 and 49. This vulnerability affects Firefox < 49...Show more
Web content could access information in the HTTP cache if e10s is disabled. This can reveal some visited URLs and the contents of those pages. This issue affects Firefox 48 and 49. This vulnerability affects Firefox < 49.0.2.Show less
CVE-2016-5287
1Mozilla
1Firefox
Nov 21, 2024
Jun 11, 2018
N/A· v4
9.8 CRITICAL· v3
7.5 HIGH· v2
A potentially exploitable use-after-free crash during actor destruction with service workers. This issue does not affect releases earlier than Firefox 49. This vulnerability affects Firefox < 49.0.2.
CVE-2016-10547
1Mozilla
1Nunjucks
Nov 21, 2024
May 31, 2018
N/A· v4
6.1 MEDIUM· v3
4.3 MEDIUM· v2
Nunjucks is a full featured templating engine for JavaScript. Versions 2.4.2 and lower have a cross site scripting (XSS) vulnerability in autoescape mode. In autoescape mode, all template vars should automatically be esc...Show more
Nunjucks is a full featured templating engine for JavaScript. Versions 2.4.2 and lower have a cross site scripting (XSS) vulnerability in autoescape mode. In autoescape mode, all template vars should automatically be escaped. By using an array for the keys, such as `name[]=<script>alert(1)</script>`, it is possible to bypass autoescaping and inject content into the DOM.Show less
CVE-2017-17689
169folders
AppleBloop+13 more
17Airmail
EmclientEvolution+14 more
Nov 21, 2024
May 16, 2018
N/A· v4
5.9 MEDIUM· v3
4.3 MEDIUM· v2
The S/MIME specification allows a Cipher Block Chaining (CBC) malleability-gadget attack that can indirectly lead to plaintext exfiltration, aka EFAIL.