← Back

Mozilla

mozilla

3,581 CVEs • 43 products

Products (43)

Click to collapse
Toggle
Firefox
firefox
3,149 CVEs
Thunderbird
thunderbird
1,743 CVEs
Seamonkey
seamonkey
704 CVEs
Firefox Esr
firefox_esr
488 CVEs
Thunderbird Esr
thunderbird_esr
228 CVEs
Bugzilla
bugzilla
145 CVEs
Mozilla
mozilla
108 CVEs
Network Security Services
network_security_services
50 CVEs
Mozilla Suite
mozilla_suite
27 CVEs
Firefox Mobile
firefox_mobile
20 CVEs
Firefox Focus
firefox_focus
20 CVEs
Focus
focus
15 CVEs
Firefox Os
firefox_os
14 CVEs
Nss
nss
6 CVEs
Bleach
bleach
5 CVEs
Bonsai
bonsai
4 CVEs
Camino
camino
4 CVEs
Vpn
vpn
4 CVEs
Netscape Portable Runtime
netscape_portable_runtime
3 CVEs
Convict
convict
3 CVEs
Nunjucks
nunjucks
2 CVEs
Mozjpeg
mozjpeg
2 CVEs
Webthings Gateway
webthings_gateway
2 CVEs
Pollbot
pollbot
2 CVEs
Geckodriver
geckodriver
2 CVEs
Gecko
gecko
1 CVE
Durian Web Application Server
durian_web_application_server
1 CVE
Geckb
geckb
1 CVE
Libxul
libxul
1 CVE
Zamboni
zamboni
1 CVE
Firefoxos
firefoxos
1 CVE
Persona
persona
1 CVE
Hubs Cloud Reticulum
hubs_cloud_reticulum
1 CVE
Hubs Cloud
hubs_cloud
1 CVE
Mozilla Vpn
mozilla_vpn
1 CVE
Nss Esr
nss_esr
1 CVE
Hawk
hawk
1 CVE
Common Voice
common_voice
1 CVE
Sccache
sccache
1 CVE
Neqo
neqo
1 CVE
Rhino
rhino
1 CVE
0din Scanner
0din_scanner
1 CVE
Thin Vec
thin-vec
1 CVE

CVEs (3,581)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2016-5261
1Mozilla
1Firefox
May 6, 2026
Aug 5, 2016
N/A· v4
8.8 HIGH· v3
7.5 HIGH· v2
Integer overflow in the WebSocketChannel class in the WebSockets subsystem in Mozilla Firefox before 48.0 and Firefox ESR < 45.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corr...Show more
Integer overflow in the WebSocketChannel class in the WebSockets subsystem in Mozilla Firefox before 48.0 and Firefox ESR < 45.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted packets that trigger incorrect buffer-resize operations during buffering.Show less
CVE-2016-5260
1Mozilla
1Firefox
May 6, 2026
Aug 5, 2016
N/A· v4
6.5 MEDIUM· v3
4.3 MEDIUM· v2
Mozilla Firefox before 48.0 mishandles changes from 'INPUT type="password"' to 'INPUT type="text"' within a single Session Manager session, which might allow attackers to discover cleartext passwords by reading a session...Show more
Mozilla Firefox before 48.0 mishandles changes from 'INPUT type="password"' to 'INPUT type="text"' within a single Session Manager session, which might allow attackers to discover cleartext passwords by reading a session restoration file.Show less
CVE-2016-5259
2Mozilla
Oracle
2Firefox
Linux
May 6, 2026
Aug 5, 2016
N/A· v4
8.8 HIGH· v3
6.8 MEDIUM· v2
Use-after-free vulnerability in the CanonicalizeXPCOMParticipant function in Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 allows remote attackers to execute arbitrary code via a script that closes its own...Show more
Use-after-free vulnerability in the CanonicalizeXPCOMParticipant function in Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 allows remote attackers to execute arbitrary code via a script that closes its own Service Worker within a nested sync event loop.Show less
CVE-2016-5258
2Mozilla
Oracle
2Firefox
Linux
May 6, 2026
Aug 5, 2016
N/A· v4
8.8 HIGH· v3
6.8 MEDIUM· v2
Use-after-free vulnerability in the WebRTC socket thread in Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 allows remote attackers to execute arbitrary code by leveraging incorrect free operations on DTLS o...Show more
Use-after-free vulnerability in the WebRTC socket thread in Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 allows remote attackers to execute arbitrary code by leveraging incorrect free operations on DTLS objects during the shutdown of a WebRTC session.Show less
CVE-2016-5255
1Mozilla
1Firefox
May 6, 2026
Aug 5, 2016
N/A· v4
8.8 HIGH· v3
6.8 MEDIUM· v2
Use-after-free vulnerability in the js::PreliminaryObjectArray::sweep function in Mozilla Firefox before 48.0 allows remote attackers to execute arbitrary code via crafted JavaScript that is mishandled during incremental...Show more
Use-after-free vulnerability in the js::PreliminaryObjectArray::sweep function in Mozilla Firefox before 48.0 allows remote attackers to execute arbitrary code via crafted JavaScript that is mishandled during incremental garbage collection.Show less
CVE-2016-5254
2Mozilla
Oracle
2Firefox
Linux
May 6, 2026
Aug 5, 2016
N/A· v4
9.8 CRITICAL· v3
7.5 HIGH· v2
Use-after-free vulnerability in the nsXULPopupManager::KeyDown function in Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 allows attackers to execute arbitrary code or cause a denial of service (heap memory...Show more
Use-after-free vulnerability in the nsXULPopupManager::KeyDown function in Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 allows attackers to execute arbitrary code or cause a denial of service (heap memory corruption and application crash) by leveraging keyboard access to use the Alt key during selection of top-level menu items.Show less
CVE-2016-5253
1Mozilla
1Firefox
May 6, 2026
Aug 5, 2016
N/A· v4
4.7 MEDIUM· v3
4.7 MEDIUM· v2
The Updater in Mozilla Firefox before 48.0 on Windows allows local users to write to arbitrary files via vectors involving the callback application-path parameter and a hard link.
CVE-2016-5252
2Mozilla
Oracle
2Firefox
Linux
May 6, 2026
Aug 5, 2016
N/A· v4
8.8 HIGH· v3
6.8 MEDIUM· v2
Stack-based buffer underflow in the mozilla::gfx::BasePoint4d function in Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 allows remote attackers to execute arbitrary code via crafted two-dimensional graphic...Show more
Stack-based buffer underflow in the mozilla::gfx::BasePoint4d function in Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 allows remote attackers to execute arbitrary code via crafted two-dimensional graphics data that is mishandled during clipping-region calculations.Show less
CVE-2016-5251
1Mozilla
1Firefox
May 6, 2026
Aug 5, 2016
N/A· v4
4.3 MEDIUM· v3
4.3 MEDIUM· v2
Mozilla Firefox before 48.0 allows remote attackers to spoof the location bar via crafted characters in the media type of a data: URL.
CVE-2016-5250
1Mozilla
1Firefox
May 6, 2026
Aug 5, 2016
N/A· v4
4.3 MEDIUM· v3
5.0 MEDIUM· v2
Mozilla Firefox before 48.0, Firefox ESR < 45.4 and Thunderbird < 45.4 allow remote attackers to obtain sensitive information about the previously retrieved page via Resource Timing API calls.
CVE-2016-2839
1Mozilla
1Firefox
May 6, 2026
Aug 5, 2016
N/A· v4
6.5 MEDIUM· v3
4.3 MEDIUM· v2
Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 on Linux make cairo _cairo_surface_get_extents calls that do not properly interact with libav header allocation in FFmpeg 0.10, which allows remote attackers t...Show more
Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 on Linux make cairo _cairo_surface_get_extents calls that do not properly interact with libav header allocation in FFmpeg 0.10, which allows remote attackers to cause a denial of service (application crash) via a crafted video.Show less
CVE-2016-2838
1Mozilla
1Firefox
May 6, 2026
Aug 5, 2016
N/A· v4
8.8 HIGH· v3
6.8 MEDIUM· v2
Heap-based buffer overflow in the nsBidi::BracketData::AddOpening function in Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 allows remote attackers to execute arbitrary code via directional content in an S...Show more
Heap-based buffer overflow in the nsBidi::BracketData::AddOpening function in Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 allows remote attackers to execute arbitrary code via directional content in an SVG document.Show less
CVE-2016-2837
2Mozilla
Oracle
2Firefox
Linux
May 6, 2026
Aug 5, 2016
N/A· v4
6.3 MEDIUM· v3
6.8 MEDIUM· v2
Heap-based buffer overflow in the ClearKey Content Decryption Module (CDM) in the Encrypted Media Extensions (EME) API in Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 might allow remote attackers to execu...Show more
Heap-based buffer overflow in the ClearKey Content Decryption Module (CDM) in the Encrypted Media Extensions (EME) API in Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 might allow remote attackers to execute arbitrary code by providing a malformed video and leveraging a Gecko Media Plugin (GMP) sandbox bypass.Show less
CVE-2016-2836
1Mozilla
1Firefox
May 6, 2026
Aug 5, 2016
N/A· v4
8.8 HIGH· v3
6.8 MEDIUM· v2
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 allow remote attackers to cause a denial of service (memory corruption and application crash) or...Show more
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to Http2Session::Shutdown and SpdySession31::Shutdown, and other vectors.Show less
CVE-2016-2835
1Mozilla
1Firefox
May 6, 2026
Aug 5, 2016
N/A· v4
8.8 HIGH· v3
6.8 MEDIUM· v2
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 48.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code v...Show more
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 48.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.Show less
CVE-2016-2830
1Mozilla
1Firefox
May 6, 2026
Aug 5, 2016
N/A· v4
4.3 MEDIUM· v3
4.3 MEDIUM· v2
Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 preserve the network connection used for favicon resource retrieval after the associated browser window is closed, which makes it easier for remote web servers...Show more
Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 preserve the network connection used for favicon resource retrieval after the associated browser window is closed, which makes it easier for remote web servers to track users by observing network traffic from multiple IP addresses.Show less
CVE-2016-2834
4Canonical
MozillaNovell+1 more
8Firefox
LeapNetwork Security Services+5 more
May 6, 2026
Jun 13, 2016
N/A· v4
8.8 HIGH· v3
9.3 HIGH· v2
Mozilla Network Security Services (NSS) before 3.23, as used in Mozilla Firefox before 47.0, allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified oth...Show more
Mozilla Network Security Services (NSS) before 3.23, as used in Mozilla Firefox before 47.0, allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via unknown vectors.Show less
CVE-2016-2833
3Canonical
MozillaOpensuse
4Firefox
LeapOpensuse+1 more
May 6, 2026
Jun 13, 2016
N/A· v4
6.1 MEDIUM· v3
4.3 MEDIUM· v2
Mozilla Firefox before 47.0 ignores Content Security Policy (CSP) directives for cross-domain Java applets, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via a crafted applet.
CVE-2016-2832
3Canonical
MozillaOpensuse
4Firefox
LeapOpensuse+1 more
May 6, 2026
Jun 13, 2016
N/A· v4
4.3 MEDIUM· v3
4.3 MEDIUM· v2
Mozilla Firefox before 47.0 allows remote attackers to discover the list of disabled plugins via a fingerprinting attack involving Cascading Style Sheets (CSS) pseudo-classes.
CVE-2016-2831
4Canonical
DebianMozilla+1 more
5Debian Linux
FirefoxLeap+2 more
May 6, 2026
Jun 13, 2016
N/A· v4
8.8 HIGH· v3
5.8 MEDIUM· v2
Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2 do not ensure that the user approves the fullscreen and pointerlock settings, which allows remote attackers to cause a denial of service (UI outage), or conduc...Show more
Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2 do not ensure that the user approves the fullscreen and pointerlock settings, which allows remote attackers to cause a denial of service (UI outage), or conduct clickjacking or spoofing attacks, via a crafted web site.Show less