Vulnerabilities in mozilla
1,863 resultsCVE-2023-29543HIGHAn attacker could have caused memory corruption and a potentially exploitable use-after-free of a pointer in a global object's debugger vectEPSS 0.5%CVE-2022-0511HIGHMozilla developers and community members Gabriele Svelto, Sebastian Hengst, Randell Jesup, Luan Herrera, Lars T Hansen, and the Mozilla FuzzEPSS 0.5%CVE-2022-29918HIGHMozilla developers Gabriele Svelto, Randell Jesup and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 99. Some of thEPSS 0.5%CVE-2022-28288HIGHMozilla developers and community members Randell Jesup, Sebastian Hengst, and the Mozilla Fuzzing Team reported memory safety bugs present iEPSS 0.5%CVE-2025-1937HIGHMemory safety bugs fixed in Firefox 136, Thunderbird 136, Firefox ESR 115.21, Firefox ESR 128.8, and Thunderbird 128.8EPSS 0.5%CVE-2026-6785HIGHMemory safety bugs fixed in Firefox ESR 115.35, Firefox ESR 140.10, Thunderbird ESR 140.10, Firefox 150 and Thunderbird 150EPSS 0.5%CVE-2021-43544—When receiving a URL through a SEND intent, Firefox would have searched for the text, but subsequent usages of the address bar might have caEPSS 0.5%CVE-2023-28160MEDIUMWhen following a redirect to a publicly accessible web extension file, the URL may have been translated to the actual local path, leaking poEPSS 0.5%CVE-2022-46885HIGHMozilla developers Timothy Nikkel, Ashley Hale, and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 105. Some of theEPSS 0.5%CVE-2018-5123—A third party website can access information available to a user with access to a restricted bug entry using the image generation in report.EPSS 0.5%CVE-2025-1020CRITICALMemory safety bugs fixed in Firefox 135 and Thunderbird 135EPSS 0.5%CVE-2024-2613HIGHData was not properly sanitized when decoding a QUIC ACK frame; this could have led to unrestricted memory consumption and a crash. This vulEPSS 0.5%CVE-2026-6786HIGHMemory safety bugs fixed in Firefox ESR 140.10, Thunderbird ESR 140.10, Firefox 150 and Thunderbird 150EPSS 0.5%CVE-2025-14321CRITICALUse-after-free in the WebRTC: Signaling componentEPSS 0.5%CVE-2024-9399HIGHA website configured to initiate a specially crafted WebTransport session could crash the Firefox process leading to a denial of service conEPSS 0.5%CVE-2024-9394MEDIUMAn attacker could, via a specially crafted multipart response, execute arbitrary JavaScript under the `resource://devtools` origin. This coEPSS 0.5%CVE-2025-1931HIGHUse-after-free in WebTransportChildEPSS 0.5%CVE-2023-37209—A use-after-free condition existed in `NotifyOnHistoryReload` where a `LoadingSessionHistoryEntry` object was freed and a reference to that EPSS 0.5%CVE-2024-6612MEDIUMCSP violation leakage when using devtoolsEPSS 0.5%CVE-2023-4581—XLL file extensions were downloadable without warningsEPSS 0.5%