← Back

Mozilla

mozilla

3,612 CVEs • 44 products

Products (44)

Click to collapse
Toggle
Firefox
firefox
3,177 CVEs
Thunderbird
thunderbird
1,771 CVEs
Seamonkey
seamonkey
704 CVEs
Firefox Esr
firefox_esr
488 CVEs
Thunderbird Esr
thunderbird_esr
228 CVEs
Bugzilla
bugzilla
145 CVEs
Mozilla
mozilla
108 CVEs
Network Security Services
network_security_services
50 CVEs
Mozilla Suite
mozilla_suite
27 CVEs
Firefox Mobile
firefox_mobile
22 CVEs
Firefox Focus
firefox_focus
20 CVEs
Focus
focus
16 CVEs
Firefox Os
firefox_os
14 CVEs
Nss
nss
6 CVEs
Bleach
bleach
5 CVEs
Bonsai
bonsai
4 CVEs
Camino
camino
4 CVEs
Vpn
vpn
4 CVEs
Netscape Portable Runtime
netscape_portable_runtime
3 CVEs
Convict
convict
3 CVEs
Nunjucks
nunjucks
2 CVEs
Mozjpeg
mozjpeg
2 CVEs
Webthings Gateway
webthings_gateway
2 CVEs
Pollbot
pollbot
2 CVEs
Geckodriver
geckodriver
2 CVEs
Gecko
gecko
1 CVE
Durian Web Application Server
durian_web_application_server
1 CVE
Geckb
geckb
1 CVE
Libxul
libxul
1 CVE
Zamboni
zamboni
1 CVE
Firefoxos
firefoxos
1 CVE
Persona
persona
1 CVE
Hubs Cloud Reticulum
hubs_cloud_reticulum
1 CVE
Hubs Cloud
hubs_cloud
1 CVE
Mozilla Vpn
mozilla_vpn
1 CVE
Nss Esr
nss_esr
1 CVE
Hawk
hawk
1 CVE
Common Voice
common_voice
1 CVE
Sccache
sccache
1 CVE
Neqo
neqo
1 CVE
Rhino
rhino
1 CVE
0din Scanner
0din_scanner
1 CVE
Thin Vec
thin-vec
1 CVE
Klar
klar
1 CVE

CVEs (3,612)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2024-6615
1Mozilla
2Firefox
Thunderbird
Jun 17, 2026
Jul 9, 2024
N/A· v4
8.8 HIGH· v3
N/A· v2
Memory safety bugs present in Firefox 127 and Thunderbird 127. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code....Show more
Memory safety bugs present in Firefox 127 and Thunderbird 127. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 128 and Thunderbird < 128.Show less
CVE-2024-6614
1Mozilla
2Firefox
Thunderbird
Jun 17, 2026
Jul 9, 2024
N/A· v4
4.3 MEDIUM· v3
N/A· v2
The frame iterator could get stuck in a loop when encountering certain wasm frames leading to incorrect stack traces. This vulnerability affects Firefox < 128 and Thunderbird < 128.
CVE-2024-6613
1Mozilla
2Firefox
Thunderbird
Jun 17, 2026
Jul 9, 2024
N/A· v4
5.5 MEDIUM· v3
N/A· v2
The frame iterator could get stuck in a loop when encountering certain wasm frames leading to incorrect stack traces. This vulnerability affects Firefox < 128 and Thunderbird < 128.
CVE-2024-6612
1Mozilla
2Firefox
Thunderbird
Jun 17, 2026
Jul 9, 2024
N/A· v4
5.3 MEDIUM· v3
N/A· v2
CSP violations generated links in the console tab of the developer tools, pointing to the violating resource. This caused a DNS prefetch which leaked that a CSP violation happened. This vulnerability affects Firefox < 12...Show more
CSP violations generated links in the console tab of the developer tools, pointing to the violating resource. This caused a DNS prefetch which leaked that a CSP violation happened. This vulnerability affects Firefox < 128 and Thunderbird < 128.Show less
CVE-2024-6611
1Mozilla
2Firefox
Thunderbird
Jun 17, 2026
Jul 9, 2024
N/A· v4
9.8 CRITICAL· v3
N/A· v2
A nested iframe, triggering a cross-site navigation, could send SameSite=Strict or Lax cookies. This vulnerability affects Firefox < 128 and Thunderbird < 128.
CVE-2024-6610
1Mozilla
2Firefox
Thunderbird
Jun 17, 2026
Jul 9, 2024
N/A· v4
4.3 MEDIUM· v3
N/A· v2
Form validation popups could capture escape key presses. Therefore, spamming form validation messages could be used to prevent users from exiting full-screen mode. This vulnerability affects Firefox < 128 and Thunderbird...Show more
Form validation popups could capture escape key presses. Therefore, spamming form validation messages could be used to prevent users from exiting full-screen mode. This vulnerability affects Firefox < 128 and Thunderbird < 128.Show less
CVE-2024-6609
1Mozilla
2Firefox
Thunderbird
Jun 17, 2026
Jul 9, 2024
N/A· v4
8.8 HIGH· v3
N/A· v2
When almost out-of-memory an elliptic curve key which was never allocated could have been freed again. This vulnerability affects Firefox < 128 and Thunderbird < 128.
CVE-2024-6608
1Mozilla
2Firefox
Thunderbird
Jun 17, 2026
Jul 9, 2024
N/A· v4
4.3 MEDIUM· v3
N/A· v2
It was possible to move the cursor using pointerlock from an iframe. This allowed moving the cursor outside of the viewport and the Firefox window. This vulnerability affects Firefox < 128 and Thunderbird < 128.
CVE-2024-6607
1Mozilla
2Firefox
Thunderbird
Jun 17, 2026
Jul 9, 2024
N/A· v4
8.8 HIGH· v3
N/A· v2
It was possible to prevent a user from exiting pointerlock when pressing escape and to overlay customValidity notifications from a `&lt;select&gt;` element over certain permission prompts. This could be used to confuse a...Show more
It was possible to prevent a user from exiting pointerlock when pressing escape and to overlay customValidity notifications from a `&lt;select&gt;` element over certain permission prompts. This could be used to confuse a user into giving a site unintended permissions. This vulnerability affects Firefox < 128 and Thunderbird < 128.Show less
CVE-2024-6606
1Mozilla
2Firefox
Thunderbird
Jun 17, 2026
Jul 9, 2024
N/A· v4
8.2 HIGH· v3
N/A· v2
Clipboard code failed to check the index on an array access. This could have led to an out-of-bounds read. This vulnerability affects Firefox < 128 and Thunderbird < 128.
CVE-2024-6605
1Mozilla
1Firefox
Jun 17, 2026
Jul 9, 2024
N/A· v4
8.8 HIGH· v3
N/A· v2
Firefox Android allowed immediate interaction with permission prompts. This could be used for tapjacking. This vulnerability affects Firefox < 128.
CVE-2024-6604
1Mozilla
2Firefox
Thunderbird
Jun 17, 2026
Jul 9, 2024
N/A· v4
7.5 HIGH· v3
N/A· v2
Memory safety bugs present in Firefox 127, Firefox ESR 115.12, and Thunderbird 115.12. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploite...Show more
Memory safety bugs present in Firefox 127, Firefox ESR 115.12, and Thunderbird 115.12. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 128, Firefox ESR < 115.13, Thunderbird < 115.13, and Thunderbird < 128.Show less
CVE-2024-6603
1Mozilla
2Firefox
Thunderbird
Jun 17, 2026
Jul 9, 2024
N/A· v4
7.4 HIGH· v3
N/A· v2
In an out-of-memory scenario an allocation could fail but free would have been called on the pointer afterwards leading to memory corruption. This vulnerability affects Firefox < 128, Firefox ESR < 115.13, Thunderbird <...Show more
In an out-of-memory scenario an allocation could fail but free would have been called on the pointer afterwards leading to memory corruption. This vulnerability affects Firefox < 128, Firefox ESR < 115.13, Thunderbird < 115.13, and Thunderbird < 128.Show less
CVE-2024-6602
1Mozilla
2Firefox
Thunderbird
Jun 17, 2026
Jul 9, 2024
N/A· v4
9.8 CRITICAL· v3
N/A· v2
A mismatch between allocator and deallocator could have led to memory corruption. This vulnerability affects Firefox < 128, Firefox ESR < 115.13, Thunderbird < 115.13, and Thunderbird < 128.
CVE-2024-6601
1Mozilla
2Firefox
Thunderbird
Jun 17, 2026
Jul 9, 2024
N/A· v4
4.7 MEDIUM· v3
N/A· v2
A race condition could lead to a cross-origin container obtaining permissions of the top-level origin. This vulnerability affects Firefox < 128, Firefox ESR < 115.13, Thunderbird < 115.13, and Thunderbird < 128.
CVE-2024-6600
1Mozilla
2Firefox
Thunderbird
Jun 17, 2026
Jul 9, 2024
N/A· v4
6.3 MEDIUM· v3
N/A· v2
Due to large allocation checks in Angle for GLSL shaders being too lenient an out-of-bounds access could occur when allocating more than 8192 ints in private shader memory on macOS. This vulnerability affects Firefox < 1...Show more
Due to large allocation checks in Angle for GLSL shaders being too lenient an out-of-bounds access could occur when allocating more than 8192 ints in private shader memory on macOS. This vulnerability affects Firefox < 128, Firefox ESR < 115.13, Thunderbird < 115.13, and Thunderbird < 128.Show less
CVE-2024-38313
1Mozilla
1Firefox
Jun 17, 2026
Jun 13, 2024
N/A· v4
4.3 MEDIUM· v3
N/A· v2
In certain scenarios a malicious website could attempt to display a fake location URL bar which could mislead users as to the actual website address This vulnerability affects Firefox for iOS < 127.
CVE-2024-38312
1Mozilla
1Firefox
Jun 17, 2026
Jun 13, 2024
N/A· v4
6.5 MEDIUM· v3
N/A· v2
When browsing private tabs, some data related to location history or webpage thumbnails could be persisted incorrectly within the sandboxed app bundle after app termination This vulnerability affects Firefox for iOS < 12...Show more
When browsing private tabs, some data related to location history or webpage thumbnails could be persisted incorrectly within the sandboxed app bundle after app termination This vulnerability affects Firefox for iOS < 127.Show less
CVE-2024-5702
1Mozilla
2Firefox
Thunderbird
Jun 17, 2026
Jun 11, 2024
N/A· v4
7.5 HIGH· v3
N/A· v2
Memory corruption in the networking stack could have led to a potentially exploitable crash. This vulnerability affects Firefox < 125, Firefox ESR < 115.12, and Thunderbird < 115.12.
CVE-2024-5701
1Mozilla
1Firefox
Jun 17, 2026
Jun 11, 2024
N/A· v4
9.8 CRITICAL· v3
N/A· v2
Memory safety bugs present in Firefox 126. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability...Show more
Memory safety bugs present in Firefox 126. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 127.Show less