← Back

Mozilla

mozilla

3,612 CVEs • 44 products

Products (44)

Click to collapse
Toggle
Firefox
firefox
3,177 CVEs
Thunderbird
thunderbird
1,771 CVEs
Seamonkey
seamonkey
704 CVEs
Firefox Esr
firefox_esr
488 CVEs
Thunderbird Esr
thunderbird_esr
228 CVEs
Bugzilla
bugzilla
145 CVEs
Mozilla
mozilla
108 CVEs
Network Security Services
network_security_services
50 CVEs
Mozilla Suite
mozilla_suite
27 CVEs
Firefox Mobile
firefox_mobile
22 CVEs
Firefox Focus
firefox_focus
20 CVEs
Focus
focus
16 CVEs
Firefox Os
firefox_os
14 CVEs
Nss
nss
6 CVEs
Bleach
bleach
5 CVEs
Bonsai
bonsai
4 CVEs
Camino
camino
4 CVEs
Vpn
vpn
4 CVEs
Netscape Portable Runtime
netscape_portable_runtime
3 CVEs
Convict
convict
3 CVEs
Nunjucks
nunjucks
2 CVEs
Mozjpeg
mozjpeg
2 CVEs
Webthings Gateway
webthings_gateway
2 CVEs
Pollbot
pollbot
2 CVEs
Geckodriver
geckodriver
2 CVEs
Gecko
gecko
1 CVE
Durian Web Application Server
durian_web_application_server
1 CVE
Geckb
geckb
1 CVE
Libxul
libxul
1 CVE
Zamboni
zamboni
1 CVE
Firefoxos
firefoxos
1 CVE
Persona
persona
1 CVE
Hubs Cloud Reticulum
hubs_cloud_reticulum
1 CVE
Hubs Cloud
hubs_cloud
1 CVE
Mozilla Vpn
mozilla_vpn
1 CVE
Nss Esr
nss_esr
1 CVE
Hawk
hawk
1 CVE
Common Voice
common_voice
1 CVE
Sccache
sccache
1 CVE
Neqo
neqo
1 CVE
Rhino
rhino
1 CVE
0din Scanner
0din_scanner
1 CVE
Thin Vec
thin-vec
1 CVE
Klar
klar
1 CVE

CVEs (3,612)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2024-5700
1Mozilla
2Firefox
Thunderbird
Jun 17, 2026
Jun 11, 2024
N/A· v4
7.0 HIGH· v3
N/A· v2
Memory safety bugs present in Firefox 126, Firefox ESR 115.11, and Thunderbird 115.11. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploite...Show more
Memory safety bugs present in Firefox 126, Firefox ESR 115.11, and Thunderbird 115.11. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 127, Firefox ESR < 115.12, and Thunderbird < 115.12.Show less
CVE-2024-5699
1Mozilla
1Firefox
Jun 17, 2026
Jun 11, 2024
N/A· v4
9.8 CRITICAL· v3
N/A· v2
In violation of spec, cookie prefixes such as `__Secure` were being ignored if they were not correctly capitalized - by spec they should be checked with a case-insensitive comparison. This could have resulted in the brow...Show more
In violation of spec, cookie prefixes such as `__Secure` were being ignored if they were not correctly capitalized - by spec they should be checked with a case-insensitive comparison. This could have resulted in the browser not correctly honoring the behaviors specified by the prefix. This vulnerability affects Firefox < 127.Show less
CVE-2024-5698
1Mozilla
1Firefox
Jun 17, 2026
Jun 11, 2024
N/A· v4
6.1 MEDIUM· v3
N/A· v2
By manipulating the fullscreen feature while opening a data-list, an attacker could have overlaid a text box over the address bar. This could have led to user confusion and possible spoofing attacks. This vulnerability a...Show more
By manipulating the fullscreen feature while opening a data-list, an attacker could have overlaid a text box over the address bar. This could have led to user confusion and possible spoofing attacks. This vulnerability affects Firefox < 127.Show less
CVE-2024-5697
1Mozilla
1Firefox
Jun 17, 2026
Jun 11, 2024
N/A· v4
4.3 MEDIUM· v3
N/A· v2
A website was able to detect when a user took a screenshot of a page using the built-in Screenshot functionality in Firefox. This vulnerability affects Firefox < 127.
CVE-2024-5696
2Debian
Mozilla
3Debian Linux
FirefoxThunderbird
Jun 17, 2026
Jun 11, 2024
N/A· v4
8.6 HIGH· v3
N/A· v2
By manipulating the text in an `&lt;input&gt;` tag, an attacker could have caused corrupt memory leading to a potentially exploitable crash. This vulnerability affects Firefox < 127, Firefox ESR < 115.12, and Thunderbird...Show more
By manipulating the text in an `&lt;input&gt;` tag, an attacker could have caused corrupt memory leading to a potentially exploitable crash. This vulnerability affects Firefox < 127, Firefox ESR < 115.12, and Thunderbird < 115.12.Show less
CVE-2024-5695
1Mozilla
1Firefox
Jun 17, 2026
Jun 11, 2024
N/A· v4
9.8 CRITICAL· v3
N/A· v2
If an out-of-memory condition occurs at a specific point using allocations in the probabilistic heap checker, an assertion could have been triggered, and in rarer situations, memory corruption could have occurred. This v...Show more
If an out-of-memory condition occurs at a specific point using allocations in the probabilistic heap checker, an assertion could have been triggered, and in rarer situations, memory corruption could have occurred. This vulnerability affects Firefox < 127.Show less
CVE-2024-5694
1Mozilla
1Firefox
Jun 17, 2026
Jun 11, 2024
N/A· v4
7.5 HIGH· v3
N/A· v2
An attacker could have caused a use-after-free in the JavaScript engine to read memory in the JavaScript string section of the heap. This vulnerability affects Firefox < 127.
CVE-2024-5693
1Mozilla
2Firefox
Thunderbird
Jun 17, 2026
Jun 11, 2024
N/A· v4
6.1 MEDIUM· v3
N/A· v2
Offscreen Canvas did not properly track cross-origin tainting, which could be used to access image data from another site in violation of same-origin policy. This vulnerability affects Firefox < 127, Firefox ESR < 115.12...Show more
Offscreen Canvas did not properly track cross-origin tainting, which could be used to access image data from another site in violation of same-origin policy. This vulnerability affects Firefox < 127, Firefox ESR < 115.12, and Thunderbird < 115.12.Show less
CVE-2024-5692
1Mozilla
2Firefox
Thunderbird
Jun 17, 2026
Jun 11, 2024
N/A· v4
6.5 MEDIUM· v3
N/A· v2
On Windows 10, when using the 'Save As' functionality, an attacker could have tricked the browser into saving the file with a disallowed extension such as `.url` by including an invalid character in the extension. *Note:...Show more
On Windows 10, when using the 'Save As' functionality, an attacker could have tricked the browser into saving the file with a disallowed extension such as `.url` by including an invalid character in the extension. *Note:* This issue only affected Windows operating systems. Other operating systems are unaffected. This vulnerability affects Firefox < 127, Firefox ESR < 115.12, and Thunderbird < 115.12.Show less
CVE-2024-5691
1Mozilla
3Firefox
Firefox EsrThunderbird
Jun 17, 2026
Jun 11, 2024
N/A· v4
4.7 MEDIUM· v3
N/A· v2
By tricking the browser with a `X-Frame-Options` header, a sandboxed iframe could have presented a button that, if clicked by a user, would bypass restrictions to open a new window. This vulnerability affects Firefox < 1...Show more
By tricking the browser with a `X-Frame-Options` header, a sandboxed iframe could have presented a button that, if clicked by a user, would bypass restrictions to open a new window. This vulnerability affects Firefox < 127, Firefox ESR < 115.12, and Thunderbird < 115.12.Show less
CVE-2024-5690
2Debian
Mozilla
4Debian Linux
FirefoxFirefox Esr+1 more
Jun 17, 2026
Jun 11, 2024
N/A· v4
4.3 MEDIUM· v3
N/A· v2
By monitoring the time certain operations take, an attacker could have guessed which external protocol handlers were functional on a user's system. This vulnerability affects Firefox < 127, Firefox ESR < 115.12, and Thun...Show more
By monitoring the time certain operations take, an attacker could have guessed which external protocol handlers were functional on a user's system. This vulnerability affects Firefox < 127, Firefox ESR < 115.12, and Thunderbird < 115.12.Show less
CVE-2024-5689
1Mozilla
1Firefox
Jun 17, 2026
Jun 11, 2024
N/A· v4
4.3 MEDIUM· v3
N/A· v2
In addition to detecting when a user was taking a screenshot (XXX), a website was able to overlay the 'My Shots' button that appeared, and direct the user to a replica Firefox Screenshots page that could be used for phis...Show more
In addition to detecting when a user was taking a screenshot (XXX), a website was able to overlay the 'My Shots' button that appeared, and direct the user to a replica Firefox Screenshots page that could be used for phishing. This vulnerability affects Firefox < 127.Show less
CVE-2024-5688
1Mozilla
2Firefox
Thunderbird
Jun 17, 2026
Jun 11, 2024
N/A· v4
8.1 HIGH· v3
N/A· v2
If a garbage collection was triggered at the right time, a use-after-free could have occurred during object transplant. This vulnerability affects Firefox < 127, Firefox ESR < 115.12, and Thunderbird < 115.12.
CVE-2024-5687
1Mozilla
1Firefox
Jun 17, 2026
Jun 11, 2024
N/A· v4
5.3 MEDIUM· v3
N/A· v2
If a specific sequence of actions is performed when opening a new tab, the triggering principal associated with the new tab may have been incorrect. The triggering principal is used to calculate many values, including th...Show more
If a specific sequence of actions is performed when opening a new tab, the triggering principal associated with the new tab may have been incorrect. The triggering principal is used to calculate many values, including the `Referer` and `Sec-*` headers, meaning there is the potential for incorrect security checks within the browser in addition to incorrect or misleading information sent to remote websites. *This bug only affects Firefox for Android. Other versions of Firefox are unaffected.* This vulnerability affects Firefox < 127.Show less
CVE-2024-5022
1Mozilla
1Firefox Focus
Jun 17, 2026
May 17, 2024
N/A· v4
4.4 MEDIUM· v3
N/A· v2
The file scheme of URLs would be hidden, resulting in potential spoofing of a website's address in the location bar This vulnerability affects Focus for iOS < 126.
CVE-2024-4778
1Mozilla
1Firefox
Jun 17, 2026
May 14, 2024
N/A· v4
9.8 CRITICAL· v3
N/A· v2
Memory safety bugs present in Firefox 125. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability...Show more
Memory safety bugs present in Firefox 125. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 126.Show less
CVE-2024-4777
2Debian
Mozilla
3Debian Linux
FirefoxThunderbird
Jun 17, 2026
May 14, 2024
N/A· v4
8.8 HIGH· v3
N/A· v2
Memory safety bugs present in Firefox 125, Firefox ESR 115.10, and Thunderbird 115.10. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploite...Show more
Memory safety bugs present in Firefox 125, Firefox ESR 115.10, and Thunderbird 115.10. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 126, Firefox ESR < 115.11, and Thunderbird < 115.11.Show less
CVE-2024-4776
1Mozilla
1Firefox
Jun 17, 2026
May 14, 2024
N/A· v4
8.2 HIGH· v3
N/A· v2
A file dialog shown while in full-screen mode could have resulted in the window remaining disabled. This vulnerability affects Firefox < 126.
CVE-2024-4775
1Mozilla
1Firefox
Jun 17, 2026
May 14, 2024
N/A· v4
5.9 MEDIUM· v3
N/A· v2
An iterator stop condition was missing when handling WASM code in the built-in profiler, potentially leading to invalid memory access and undefined behavior. *Note:* This issue only affects the application when the profi...Show more
An iterator stop condition was missing when handling WASM code in the built-in profiler, potentially leading to invalid memory access and undefined behavior. *Note:* This issue only affects the application when the profiler is running. This vulnerability affects Firefox < 126.Show less
CVE-2024-4774
1Mozilla
1Firefox
Jun 17, 2026
May 14, 2024
N/A· v4
6.5 MEDIUM· v3
N/A· v2
The `ShmemCharMapHashEntry()` code was susceptible to potentially undefined behavior by bypassing the move semantics for one of its data members. This vulnerability affects Firefox < 126.