← Back

Mozilla

mozilla

3,612 CVEs • 44 products

Products (44)

Click to collapse
Toggle
Firefox
firefox
3,177 CVEs
Thunderbird
thunderbird
1,771 CVEs
Seamonkey
seamonkey
704 CVEs
Firefox Esr
firefox_esr
488 CVEs
Thunderbird Esr
thunderbird_esr
228 CVEs
Bugzilla
bugzilla
145 CVEs
Mozilla
mozilla
108 CVEs
Network Security Services
network_security_services
50 CVEs
Mozilla Suite
mozilla_suite
27 CVEs
Firefox Mobile
firefox_mobile
22 CVEs
Firefox Focus
firefox_focus
20 CVEs
Focus
focus
16 CVEs
Firefox Os
firefox_os
14 CVEs
Nss
nss
6 CVEs
Bleach
bleach
5 CVEs
Bonsai
bonsai
4 CVEs
Camino
camino
4 CVEs
Vpn
vpn
4 CVEs
Netscape Portable Runtime
netscape_portable_runtime
3 CVEs
Convict
convict
3 CVEs
Nunjucks
nunjucks
2 CVEs
Mozjpeg
mozjpeg
2 CVEs
Webthings Gateway
webthings_gateway
2 CVEs
Pollbot
pollbot
2 CVEs
Geckodriver
geckodriver
2 CVEs
Gecko
gecko
1 CVE
Durian Web Application Server
durian_web_application_server
1 CVE
Geckb
geckb
1 CVE
Libxul
libxul
1 CVE
Zamboni
zamboni
1 CVE
Firefoxos
firefoxos
1 CVE
Persona
persona
1 CVE
Hubs Cloud Reticulum
hubs_cloud_reticulum
1 CVE
Hubs Cloud
hubs_cloud
1 CVE
Mozilla Vpn
mozilla_vpn
1 CVE
Nss Esr
nss_esr
1 CVE
Hawk
hawk
1 CVE
Common Voice
common_voice
1 CVE
Sccache
sccache
1 CVE
Neqo
neqo
1 CVE
Rhino
rhino
1 CVE
0din Scanner
0din_scanner
1 CVE
Thin Vec
thin-vec
1 CVE
Klar
klar
1 CVE

CVEs (3,612)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2024-3856
1Mozilla
1Firefox
Jun 17, 2026
Apr 16, 2024
N/A· v4
8.8 HIGH· v3
N/A· v2
A use-after-free could occur during WASM execution if garbage collection ran during the creation of an array. This vulnerability affects Firefox < 125.
CVE-2024-3855
1Mozilla
1Firefox
Jun 17, 2026
Apr 16, 2024
N/A· v4
6.5 MEDIUM· v3
N/A· v2
In certain cases the JIT incorrectly optimized MSubstr operations, which led to out-of-bounds reads. This vulnerability affects Firefox < 125.
CVE-2024-3854
1Mozilla
2Firefox
Thunderbird
Jun 17, 2026
Apr 16, 2024
N/A· v4
8.8 HIGH· v3
N/A· v2
In some code patterns the JIT incorrectly optimized switch statements and generated code with out-of-bounds-reads. This vulnerability affects Firefox < 125, Firefox ESR < 115.10, and Thunderbird < 115.10.
CVE-2024-3853
1Mozilla
1Firefox
Jun 17, 2026
Apr 16, 2024
N/A· v4
7.5 HIGH· v3
N/A· v2
A use-after-free could result if a JavaScript realm was in the process of being initialized when a garbage collection started. This vulnerability affects Firefox < 125.
CVE-2024-3852
1Mozilla
2Firefox
Thunderbird
Jun 17, 2026
Apr 16, 2024
N/A· v4
7.5 HIGH· v3
N/A· v2
GetBoundName could return the wrong version of an object when JIT optimizations were applied. This vulnerability affects Firefox < 125, Firefox ESR < 115.10, and Thunderbird < 115.10.
CVE-2024-3302
1Mozilla
2Firefox
Thunderbird
Jun 17, 2026
Apr 16, 2024
N/A· v4
3.7 LOW· v3
N/A· v2
There was no limit to the number of HTTP/2 CONTINUATION frames that would be processed. A server could abuse this to create an Out of Memory condition in the browser. This vulnerability affects Firefox < 125, Firefox ESR...Show more
There was no limit to the number of HTTP/2 CONTINUATION frames that would be processed. A server could abuse this to create an Out of Memory condition in the browser. This vulnerability affects Firefox < 125, Firefox ESR < 115.10, and Thunderbird < 115.10.Show less
CVE-2024-31393
1Mozilla
1Firefox
Jun 17, 2026
Apr 3, 2024
N/A· v4
4.3 MEDIUM· v3
N/A· v2
Dragging Javascript URLs to the address bar could cause them to be loaded, bypassing restrictions and security protections This vulnerability affects Firefox for iOS < 124.
CVE-2024-31392
1Mozilla
1Firefox
Jun 17, 2026
Apr 3, 2024
N/A· v4
7.5 HIGH· v3
N/A· v2
If an insecure element was added to a page after a delay, Firefox would not replace the secure icon with a mixed content security status This vulnerability affects Firefox for iOS < 124.
CVE-2024-29944
2Debian
Mozilla
2Debian Linux
Firefox
Jun 17, 2026
Mar 22, 2024
N/A· v4
8.4 HIGH· v3
N/A· v2
An attacker was able to inject an event handler into a privileged object that would allow arbitrary JavaScript execution in the parent process. Note: This vulnerability affects Desktop Firefox only, it does not affect mo...Show more
An attacker was able to inject an event handler into a privileged object that would allow arbitrary JavaScript execution in the parent process. Note: This vulnerability affects Desktop Firefox only, it does not affect mobile versions of Firefox. This vulnerability affects Firefox < 124.0.1 and Firefox ESR < 115.9.1.Show less
CVE-2024-29943
1Mozilla
1Firefox
Jun 17, 2026
Mar 22, 2024
N/A· v4
9.8 CRITICAL· v3
N/A· v2
An attacker was able to perform an out-of-bounds read or write on a JavaScript object by fooling range-based bounds check elimination. This vulnerability affects Firefox < 124.0.1.
CVE-2024-2616
1Mozilla
2Firefox
Thunderbird
Jun 17, 2026
Mar 19, 2024
N/A· v4
2.7 LOW· v3
N/A· v2
To harden ICU against exploitation, the behavior for out-of-memory conditions was changed to crash instead of attempt to continue. This vulnerability affects Firefox ESR < 115.9 and Thunderbird < 115.9.
CVE-2024-2615
1Mozilla
1Firefox
Jun 17, 2026
Mar 19, 2024
N/A· v4
9.8 CRITICAL· v3
N/A· v2
Memory safety bugs present in Firefox 123. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability...Show more
Memory safety bugs present in Firefox 123. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 124.Show less
CVE-2024-2614
2Debian
Mozilla
3Debian Linux
FirefoxThunderbird
Jun 17, 2026
Mar 19, 2024
N/A· v4
8.8 HIGH· v3
N/A· v2
Memory safety bugs present in Firefox 123, Firefox ESR 115.8, and Thunderbird 115.8. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited...Show more
Memory safety bugs present in Firefox 123, Firefox ESR 115.8, and Thunderbird 115.8. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 124, Firefox ESR < 115.9, and Thunderbird < 115.9.Show less
CVE-2024-2613
1Mozilla
1Firefox
Jun 17, 2026
Mar 19, 2024
N/A· v4
7.5 HIGH· v3
N/A· v2
Data was not properly sanitized when decoding a QUIC ACK frame; this could have led to unrestricted memory consumption and a crash. This vulnerability affects Firefox < 124.
CVE-2024-2612
1Mozilla
2Firefox
Thunderbird
Jun 17, 2026
Mar 19, 2024
N/A· v4
8.1 HIGH· v3
N/A· v2
If an attacker could find a way to trigger a particular code path in `SafeRefPtr`, it could have triggered a crash or potentially be leveraged to achieve code execution. This vulnerability affects Firefox < 124, Firefox...Show more
If an attacker could find a way to trigger a particular code path in `SafeRefPtr`, it could have triggered a crash or potentially be leveraged to achieve code execution. This vulnerability affects Firefox < 124, Firefox ESR < 115.9, and Thunderbird < 115.9.Show less
CVE-2024-2611
2Debian
Mozilla
3Debian Linux
FirefoxThunderbird
Jun 17, 2026
Mar 19, 2024
N/A· v4
5.5 MEDIUM· v3
N/A· v2
A missing delay on when pointer lock was used could have allowed a malicious page to trick a user into granting permissions. This vulnerability affects Firefox < 124, Firefox ESR < 115.9, and Thunderbird < 115.9.
CVE-2024-2610
1Mozilla
2Firefox
Thunderbird
Jun 17, 2026
Mar 19, 2024
N/A· v4
6.1 MEDIUM· v3
N/A· v2
Using a markup injection an attacker could have stolen nonce values. This could have been used to bypass strict content security policies. This vulnerability affects Firefox < 124, Firefox ESR < 115.9, and Thunderbird <...Show more
Using a markup injection an attacker could have stolen nonce values. This could have been used to bypass strict content security policies. This vulnerability affects Firefox < 124, Firefox ESR < 115.9, and Thunderbird < 115.9.Show less
CVE-2024-2609
2Debian
Mozilla
3Debian Linux
FirefoxThunderbird
Jun 17, 2026
Mar 19, 2024
N/A· v4
6.1 MEDIUM· v3
N/A· v2
The permission prompt input delay could expire while the window is not in focus. This makes it vulnerable to clickjacking by malicious websites. This vulnerability affects Firefox < 124, Firefox ESR < 115.10, and Thunder...Show more
The permission prompt input delay could expire while the window is not in focus. This makes it vulnerable to clickjacking by malicious websites. This vulnerability affects Firefox < 124, Firefox ESR < 115.10, and Thunderbird < 115.10.Show less
CVE-2024-2608
2Debian
Mozilla
3Debian Linux
FirefoxThunderbird
Jun 17, 2026
Mar 19, 2024
N/A· v4
8.4 HIGH· v3
N/A· v2
`AppendEncodedAttributeValue(), ExtraSpaceNeededForAttrEncoding()` and `AppendEncodedCharacters()` could have experienced integer overflows, causing underallocation of an output buffer leading to an out of bounds write....Show more
`AppendEncodedAttributeValue(), ExtraSpaceNeededForAttrEncoding()` and `AppendEncodedCharacters()` could have experienced integer overflows, causing underallocation of an output buffer leading to an out of bounds write. This vulnerability affects Firefox < 124, Firefox ESR < 115.9, and Thunderbird < 115.9.Show less
CVE-2024-2607
2Debian
Mozilla
3Debian Linux
FirefoxThunderbird
Jun 17, 2026
Mar 19, 2024
N/A· v4
8.1 HIGH· v3
N/A· v2
Return registers were overwritten which could have allowed an attacker to execute arbitrary code. *Note:* This issue only affected Armv7-A systems. Other operating systems are unaffected. This vulnerability affects Firef...Show more
Return registers were overwritten which could have allowed an attacker to execute arbitrary code. *Note:* This issue only affected Armv7-A systems. Other operating systems are unaffected. This vulnerability affects Firefox < 124, Firefox ESR < 115.9, and Thunderbird < 115.9.Show less