CVE Daily Report
Vulnerability Assessment Summary
CVSS Score 기준:
Critical: 9.0 이상
High: 7.0-8.9
Medium: 4.0-6.9
Low: 0.1-3.9
수집일: 2026-01-13 13:54
Total CVEs
2861
Critical
599
High
1047
Medium
1104
Low
102
Endpoints
5
With Incidents
0
Not Enriched
9
Severity Distribution
Score Range Distribution
Top Risky CVEs
| CVE ID | Severity | Score | Hosts |
|---|---|---|---|
| CVE-2025-2857 | CRITICAL | 10.0 | 1 |
| CVE-2021-4140 | CRITICAL | 10.0 | 1 |
| CVE-2021-38503 | CRITICAL | 10.0 | 1 |
| CVE-2019-25136 | CRITICAL | 10.0 | 1 |
| CVE-2019-11708 | CRITICAL | 10.0 | 1 |
| CVE-2018-18505 | CRITICAL | 10.0 | 1 |
| CVE-2016-1931 | CRITICAL | 10.0 | 1 |
| CVE-2015-7221 | CRITICAL | 10.0 | 1 |
| CVE-2015-7220 | CRITICAL | 10.0 | 1 |
| CVE-2015-7205 | CRITICAL | 10.0 | 1 |
All CVEs (2861)
| CVE ID | Severity | Score | Hosts | Published | Description |
|---|---|---|---|---|---|
| CVE-2025-2857 | CRITICAL | 10.0 | 1 | 2025-03-27 | Following the recent Chrome sandbox escape (CVE-2025-2783), various Firefox developers identified a ... |
| CVE-2021-4140 | CRITICAL | 10.0 | 1 | 2022-12-22 | It was possible to construct specific XSLT markup that would be able to bypass an iframe sandbox. Th... |
| CVE-2021-38503 | CRITICAL | 10.0 | 1 | 2021-12-08 | The iframe sandbox rules were not correctly applied to XSLT stylesheets, allowing an iframe to bypas... |
| CVE-2019-25136 | CRITICAL | 10.0 | 1 | 2023-06-19 | A compromised child process could have injected XBL Bindings into privileged CSS rules, resulting in... |
| CVE-2019-11708 | CRITICAL | 10.0 | 1 | 2019-07-23 | Insufficient vetting of parameters passed with the Prompt:Open IPC message between child and parent ... |
| CVE-2018-18505 | CRITICAL | 10.0 | 1 | 2019-02-05 | An earlier fix for an Inter-process Communication (IPC) vulnerability, CVE-2011-3079, added authenti... |
| CVE-2016-1931 | CRITICAL | 10.0 | 1 | 2016-01-31 | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 44.0 allow remo... |
| CVE-2015-7221 | CRITICAL | 10.0 | 1 | 2015-12-16 | Buffer overflow in the nsDeque::GrowCapacity function in xpcom/glue/nsDeque.cpp in Mozilla Firefox b... |
| CVE-2015-7220 | CRITICAL | 10.0 | 1 | 2015-12-16 | Buffer overflow in the XDRBuffer::grow function in js/src/vm/Xdr.cpp in Mozilla Firefox before 43.0 ... |
| CVE-2015-7205 | CRITICAL | 10.0 | 1 | 2015-12-16 | Integer underflow in the RTPReceiverVideo::ParseRtpPacket function in Mozilla Firefox before 43.0 an... |
| CVE-2015-7203 | CRITICAL | 10.0 | 1 | 2015-12-16 | Buffer overflow in the DirectWriteFontInfo::LoadFontFamilyData function in gfx/thebes/gfxDWriteFontL... |
| CVE-2015-7202 | CRITICAL | 10.0 | 1 | 2015-12-16 | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 43.0 allow remo... |
| CVE-2015-7201 | CRITICAL | 10.0 | 1 | 2015-12-16 | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 43.0 and Firefo... |
| CVE-2015-4486 | CRITICAL | 10.0 | 1 | 2015-08-16 | The decrease_ref_count function in libvpx in Mozilla Firefox before 40.0 and Firefox ESR 38.x before... |
| CVE-2015-4485 | CRITICAL | 10.0 | 1 | 2015-08-16 | Heap-based buffer overflow in the resize_context_buffers function in libvpx in Mozilla Firefox befor... |
| CVE-2015-4479 | CRITICAL | 10.0 | 1 | 2015-08-16 | Multiple integer overflows in libstagefright in Mozilla Firefox before 40.0 and Firefox ESR 38.x bef... |
| CVE-2015-4477 | CRITICAL | 10.0 | 1 | 2015-08-16 | Use-after-free vulnerability in the MediaStream playback feature in Mozilla Firefox before 40.0 allo... |
| CVE-2015-4474 | CRITICAL | 10.0 | 1 | 2015-08-16 | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 40.0 allow remo... |
| CVE-2015-4473 | CRITICAL | 10.0 | 1 | 2015-08-16 | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 40.0 and Firefo... |
| CVE-2015-2740 | CRITICAL | 10.0 | 1 | 2015-07-06 | Buffer overflow in the nsXMLHttpRequest::AppendToResponseText function in Mozilla Firefox before 39.... |
| CVE-2015-2739 | CRITICAL | 10.0 | 1 | 2015-07-06 | The ArrayBufferBuilder::append function in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8... |
| CVE-2015-2738 | CRITICAL | 10.0 | 1 | 2015-07-06 | The YCbCrImageDataDeserializer::ToDataSourceSurface function in the YCbCr implementation in Mozilla ... |
| CVE-2015-2737 | CRITICAL | 10.0 | 1 | 2015-07-06 | The rx::d3d11::SetBufferData function in the Direct3D 11 implementation in Mozilla Firefox before 39... |
| CVE-2015-2734 | CRITICAL | 10.0 | 1 | 2015-07-06 | The CairoTextureClientD3D9::BorrowDrawTarget function in the Direct3D 9 implementation in Mozilla Fi... |
| CVE-2015-2733 | CRITICAL | 10.0 | 1 | 2015-07-06 | Use-after-free vulnerability in the CanonicalizeXPCOMParticipant function in Mozilla Firefox before ... |
| CVE-2015-2731 | CRITICAL | 10.0 | 1 | 2015-07-06 | Use-after-free vulnerability in the CSPService::ShouldLoad function in the microtask implementation ... |
| CVE-2015-2726 | CRITICAL | 10.0 | 1 | 2015-07-06 | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 39.0 allow remo... |
| CVE-2015-2725 | CRITICAL | 10.0 | 1 | 2015-07-06 | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 39.0, Firefox E... |
| CVE-2015-2724 | CRITICAL | 10.0 | 1 | 2015-07-06 | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 39.0, Firefox E... |
| CVE-2015-2722 | CRITICAL | 10.0 | 1 | 2015-07-06 | Use-after-free vulnerability in the CanonicalizeXPCOMParticipant function in Mozilla Firefox before ... |
| CVE-2014-1563 | CRITICAL | 10.0 | 1 | 2014-09-03 | Use-after-free vulnerability in the mozilla::DOMSVGLength::GetTearOff function in Mozilla Firefox be... |
| CVE-2014-1562 | CRITICAL | 10.0 | 1 | 2014-09-03 | Unspecified vulnerability in the browser engine in Mozilla Firefox before 32.0, Firefox ESR 24.x bef... |
| CVE-2014-1554 | CRITICAL | 10.0 | 1 | 2014-09-03 | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 32.0 allow remo... |
| CVE-2014-1553 | CRITICAL | 10.0 | 1 | 2014-09-03 | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 32.0, Firefox E... |
| CVE-2014-1550 | CRITICAL | 10.0 | 1 | 2014-07-23 | Use-after-free vulnerability in the MediaInputPort class in Mozilla Firefox before 31.0 and Thunderb... |
| CVE-2014-1548 | CRITICAL | 10.0 | 1 | 2014-07-23 | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 31.0 and Thunde... |
| CVE-2014-1547 | CRITICAL | 10.0 | 1 | 2014-07-23 | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 31.0, Firefox E... |
| CVE-2014-1544 | CRITICAL | 10.0 | 1 | 2014-07-23 | Use-after-free vulnerability in the CERT_DestroyCertificate function in libnss3.so in Mozilla Networ... |
| CVE-2014-1541 | CRITICAL | 10.0 | 1 | 2014-06-11 | Use-after-free vulnerability in the RefreshDriverTimer::TickDriver function in the SMIL Animation Co... |
| CVE-2014-1538 | CRITICAL | 10.0 | 1 | 2014-06-11 | Use-after-free vulnerability in the nsTextEditRules::CreateMozBR function in Mozilla Firefox before ... |
| CVE-2014-1537 | CRITICAL | 10.0 | 1 | 2014-06-11 | Use-after-free vulnerability in the mozilla::dom::workers::WorkerPrivateParent function in Mozilla F... |
| CVE-2014-1536 | CRITICAL | 10.0 | 1 | 2014-06-11 | The PropertyProvider::FindJustificationRange function in Mozilla Firefox before 30.0 allows remote a... |
| CVE-2014-1534 | CRITICAL | 10.0 | 1 | 2014-06-11 | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 30.0 allow remo... |
| CVE-2014-1533 | CRITICAL | 10.0 | 1 | 2014-06-11 | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 30.0, Firefox E... |
| CVE-2014-1512 | CRITICAL | 10.0 | 1 | 2014-03-19 | Use-after-free vulnerability in the TypeObject class in the JavaScript engine in Mozilla Firefox bef... |
| CVE-2014-1488 | CRITICAL | 10.0 | 1 | 2014-02-06 | The Web workers implementation in Mozilla Firefox before 27.0 and SeaMonkey before 2.24 allows remot... |
| CVE-2014-1478 | CRITICAL | 10.0 | 1 | 2014-02-06 | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 27.0 and SeaMon... |
| CVE-2013-5610 | CRITICAL | 10.0 | 1 | 2013-12-11 | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 26.0 and SeaMon... |
| CVE-2013-5603 | CRITICAL | 10.0 | 1 | 2013-10-30 | Use-after-free vulnerability in the nsContentUtils::ContentIsHostIncludingDescendantOf function in M... |
| CVE-2013-5602 | CRITICAL | 10.0 | 1 | 2013-10-30 | The Worker::SetEventListener function in the Web workers implementation in Mozilla Firefox before 25... |
| CVE-2013-5601 | CRITICAL | 10.0 | 1 | 2013-10-30 | Use-after-free vulnerability in the nsEventListenerManager::SetEventHandler function in Mozilla Fire... |
| CVE-2013-5600 | CRITICAL | 10.0 | 1 | 2013-10-30 | Use-after-free vulnerability in the nsIOService::NewChannelFromURIWithProxyFlags function in Mozilla... |
| CVE-2013-5599 | CRITICAL | 10.0 | 1 | 2013-10-30 | Use-after-free vulnerability in the nsIPresShell::GetPresContext function in the PresShell (aka pres... |
| CVE-2013-5597 | CRITICAL | 10.0 | 1 | 2013-10-30 | Use-after-free vulnerability in the nsDocLoader::doStopDocumentLoad function in Mozilla Firefox befo... |
| CVE-2013-5592 | CRITICAL | 10.0 | 1 | 2013-10-30 | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 25.0 allow remo... |
| CVE-2013-5591 | CRITICAL | 10.0 | 1 | 2013-10-30 | Unspecified vulnerability in the browser engine in Mozilla Firefox before 25.0, Firefox ESR 24.x bef... |
| CVE-2013-5590 | CRITICAL | 10.0 | 1 | 2013-10-30 | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 25.0, Firefox E... |
| CVE-2013-1736 | CRITICAL | 10.0 | 1 | 2013-09-18 | The nsGfxScrollFrameInner::IsLTR function in Mozilla Firefox before 24.0, Firefox ESR 17.x before 17... |
| CVE-2013-1719 | CRITICAL | 10.0 | 1 | 2013-09-18 | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 24.0, Thunderbi... |
| CVE-2013-1718 | CRITICAL | 10.0 | 1 | 2013-09-18 | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 24.0, Firefox E... |
| CVE-2013-1710 | CRITICAL | 10.0 | 1 | 2013-08-07 | The crypto.generateCRMFRequest function in Mozilla Firefox before 23.0, Firefox ESR 17.x before 17.0... |
| CVE-2013-1705 | CRITICAL | 10.0 | 1 | 2013-08-07 | Heap-based buffer underflow in the cryptojs_interpret_key_gen_type function in Mozilla Firefox befor... |
| CVE-2013-1702 | CRITICAL | 10.0 | 1 | 2013-08-07 | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 23.0 and SeaMon... |
| CVE-2013-1701 | CRITICAL | 10.0 | 1 | 2013-08-07 | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 23.0, Firefox E... |
| CVE-2013-1686 | CRITICAL | 10.0 | 1 | 2013-06-26 | Use-after-free vulnerability in the mozilla::ResetDir function in Mozilla Firefox before 22.0, Firef... |
| CVE-2013-1683 | CRITICAL | 10.0 | 1 | 2013-06-26 | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 22.0 allow remo... |
| CVE-2013-1682 | CRITICAL | 10.0 | 1 | 2013-06-26 | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 22.0, Firefox E... |
| CVE-2013-1681 | CRITICAL | 10.0 | 1 | 2013-05-16 | Use-after-free vulnerability in the nsContentUtils::RemoveScriptBlocker function in Mozilla Firefox ... |
| CVE-2013-1680 | CRITICAL | 10.0 | 1 | 2013-05-16 | Use-after-free vulnerability in the nsFrameList::FirstChild function in Mozilla Firefox before 21.0,... |
| CVE-2013-1679 | CRITICAL | 10.0 | 1 | 2013-05-16 | Use-after-free vulnerability in the mozilla::plugins::child::_geturlnotify function in Mozilla Firef... |
| CVE-2013-1678 | CRITICAL | 10.0 | 1 | 2013-05-16 | The _cairo_xlib_surface_add_glyph function in Mozilla Firefox before 21.0, Firefox ESR 17.x before 1... |
| CVE-2013-1677 | CRITICAL | 10.0 | 1 | 2013-05-16 | The gfxSkipCharsIterator::SetOffsets function in Mozilla Firefox before 21.0, Firefox ESR 17.x befor... |
| CVE-2013-1676 | CRITICAL | 10.0 | 1 | 2013-05-16 | The SelectionIterator::GetNextSegment function in Mozilla Firefox before 21.0, Firefox ESR 17.x befo... |
| CVE-2013-1669 | CRITICAL | 10.0 | 1 | 2013-05-16 | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 21.0 allow remo... |
| CVE-2013-0801 | CRITICAL | 10.0 | 1 | 2013-05-16 | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 21.0, Firefox E... |
| CVE-2013-0795 | CRITICAL | 10.0 | 1 | 2013-04-03 | The System Only Wrapper (SOW) implementation in Mozilla Firefox before 20.0, Firefox ESR 17.x before... |
| CVE-2013-0790 | CRITICAL | 10.0 | 1 | 2013-04-03 | Unspecified vulnerability in the browser engine in Mozilla Firefox before 20.0 on Android allows rem... |
| CVE-2013-0789 | CRITICAL | 10.0 | 1 | 2013-04-03 | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 20.0 and SeaMon... |
| CVE-2013-0788 | CRITICAL | 10.0 | 1 | 2013-04-03 | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 20.0, Firefox E... |
| CVE-2013-0767 | CRITICAL | 10.0 | 1 | 2013-01-13 | The nsSVGPathElement::GetPathLengthScale function in Mozilla Firefox before 18.0, Firefox ESR 10.x b... |
| CVE-2012-5835 | CRITICAL | 10.0 | 1 | 2012-11-21 | Integer overflow in the WebGL subsystem in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0... |
| CVE-2012-4218 | CRITICAL | 10.0 | 1 | 2012-11-21 | Use-after-free vulnerability in the BuildTextRunsScanner::BreakSink::SetBreaks function in Mozilla F... |
| CVE-2012-4212 | CRITICAL | 10.0 | 1 | 2012-11-21 | Use-after-free vulnerability in the XPCWrappedNative::Mark function in Mozilla Firefox before 17.0, ... |
| CVE-2012-4190 | CRITICAL | 10.0 | 1 | 2012-10-12 | The FT2FontEntry::CreateFontEntry function in FreeType, as used in the Android build of Mozilla Fire... |
| CVE-2012-3983 | CRITICAL | 10.0 | 1 | 2012-10-10 | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 16.0, Thunderbi... |
| CVE-2012-3971 | CRITICAL | 10.0 | 1 | 2012-08-29 | Summer Institute of Linguistics (SIL) Graphite 2, as used in Mozilla Firefox before 15.0, Thunderbir... |
| CVE-2012-3970 | CRITICAL | 10.0 | 1 | 2012-08-29 | Use-after-free vulnerability in the nsTArray_base::Length function in Mozilla Firefox before 15.0, F... |
| CVE-2012-3968 | CRITICAL | 10.0 | 1 | 2012-08-29 | Use-after-free vulnerability in the WebGL implementation in Mozilla Firefox before 15.0, Firefox ESR... |
| CVE-2012-3966 | CRITICAL | 10.0 | 1 | 2012-08-29 | Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ES... |
| CVE-2012-3964 | CRITICAL | 10.0 | 1 | 2012-08-29 | Use-after-free vulnerability in the gfxTextRun::GetUserData function in Mozilla Firefox before 15.0,... |
| CVE-2012-3963 | CRITICAL | 10.0 | 1 | 2012-08-29 | Use-after-free vulnerability in the js::gc::MapAllocToTraceKind function in Mozilla Firefox before 1... |
| CVE-2012-3961 | CRITICAL | 10.0 | 1 | 2012-08-29 | Use-after-free vulnerability in the RangeData implementation in Mozilla Firefox before 15.0, Firefox... |
| CVE-2012-3960 | CRITICAL | 10.0 | 1 | 2012-08-29 | Use-after-free vulnerability in the mozSpellChecker::SetCurrentDictionary function in Mozilla Firefo... |
| CVE-2012-3959 | CRITICAL | 10.0 | 1 | 2012-08-29 | Use-after-free vulnerability in the nsRangeUpdater::SelAdjDeleteNode function in Mozilla Firefox bef... |
| CVE-2012-3958 | CRITICAL | 10.0 | 1 | 2012-08-29 | Use-after-free vulnerability in the nsHTMLEditRules::DeleteNonTableElements function in Mozilla Fire... |
| CVE-2012-3957 | CRITICAL | 10.0 | 1 | 2012-08-29 | Heap-based buffer overflow in the nsBlockFrame::MarkLineDirty function in Mozilla Firefox before 15.... |
| CVE-2012-3956 | CRITICAL | 10.0 | 1 | 2012-08-29 | Use-after-free vulnerability in the MediaStreamGraphThreadRunnable::Run function in Mozilla Firefox ... |
| CVE-2012-1976 | CRITICAL | 10.0 | 1 | 2012-08-29 | Use-after-free vulnerability in the nsHTMLSelectElement::SubmitNamesValues function in Mozilla Firef... |
| CVE-2012-1975 | CRITICAL | 10.0 | 1 | 2012-08-29 | Use-after-free vulnerability in the PresShell::CompleteMove function in Mozilla Firefox before 15.0,... |
| CVE-2012-1974 | CRITICAL | 10.0 | 1 | 2012-08-29 | Use-after-free vulnerability in the gfxTextRun::CanBreakLineBefore function in Mozilla Firefox befor... |
| CVE-2012-1973 | CRITICAL | 10.0 | 1 | 2012-08-29 | Use-after-free vulnerability in the nsObjectLoadingContent::LoadObject function in Mozilla Firefox b... |
| CVE-2012-1972 | CRITICAL | 10.0 | 1 | 2012-08-29 | Use-after-free vulnerability in the nsHTMLEditor::CollapseAdjacentTextNodes function in Mozilla Fire... |
| CVE-2012-1970 | CRITICAL | 10.0 | 1 | 2012-08-29 | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 15.0, Firefox E... |
| CVE-2012-0444 | CRITICAL | 10.0 | 1 | 2012-02-01 | Mozilla Firefox before 3.6.26 and 4.x through 9.0, Thunderbird before 3.1.18 and 5.0 through 9.0, an... |
| CVE-2011-3654 | CRITICAL | 10.0 | 1 | 2011-11-09 | The browser engine in Mozilla Firefox before 8.0 and Thunderbird before 8.0 does not properly handle... |
| CVE-2011-3652 | CRITICAL | 10.0 | 1 | 2011-11-09 | The browser engine in Mozilla Firefox before 8.0 and Thunderbird before 8.0 does not properly alloca... |
| CVE-2011-3079 | CRITICAL | 10.0 | 1 | 2012-05-01 | The Inter-process Communication (IPC) implementation in Google Chrome before 18.0.1025.168, as used ... |
| CVE-2011-3003 | CRITICAL | 10.0 | 1 | 2011-09-29 | Mozilla Firefox before 7.0 and SeaMonkey before 2.4 allow remote attackers to cause a denial of serv... |
| CVE-2011-2984 | CRITICAL | 10.0 | 1 | 2011-08-18 | Mozilla Firefox before 3.6.20, SeaMonkey 2.x, Thunderbird 3.x before 3.1.12, and possibly other prod... |
| CVE-2011-2982 | CRITICAL | 10.0 | 1 | 2011-08-18 | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.6.20, Thunder... |
| CVE-2011-2378 | CRITICAL | 10.0 | 1 | 2011-08-18 | The appendChild function in Mozilla Firefox before 3.6.20, Thunderbird 3.x before 3.1.12, SeaMonkey ... |
| CVE-2011-2376 | CRITICAL | 10.0 | 1 | 2011-06-30 | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.6.18 and Thun... |
| CVE-2011-2375 | CRITICAL | 10.0 | 1 | 2011-06-30 | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 5.0 and Thunder... |
| CVE-2011-2374 | CRITICAL | 10.0 | 1 | 2011-06-30 | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.6.18 and 4.x ... |
| CVE-2011-2371 | CRITICAL | 10.0 | 1 | 2011-06-30 | Integer overflow in the Array.reduceRight method in Mozilla Firefox before 3.6.18 and 4.x through 4.... |
| CVE-2011-2363 | CRITICAL | 10.0 | 1 | 2011-06-30 | Use-after-free vulnerability in the nsSVGPointList::AppendElement function in the implementation of ... |
| CVE-2011-0085 | CRITICAL | 10.0 | 1 | 2011-06-30 | Use-after-free vulnerability in the nsXULCommandDispatcher function in Mozilla Firefox before 3.6.18... |
| CVE-2011-0084 | CRITICAL | 10.0 | 1 | 2011-08-18 | The SVGTextElement.getCharNumAtPosition function in Mozilla Firefox before 3.6.20, and 4.x through 5... |
| CVE-2011-0083 | CRITICAL | 10.0 | 1 | 2011-06-30 | Use-after-free vulnerability in the nsSVGPathSegList::ReplaceItem function in the implementation of ... |
| CVE-2011-0073 | CRITICAL | 10.0 | 1 | 2011-05-07 | Mozilla Firefox before 3.5.19 and 3.6.x before 3.6.17, and SeaMonkey before 2.0.14, does not properl... |
| CVE-2011-0066 | CRITICAL | 10.0 | 1 | 2011-05-07 | Use-after-free vulnerability in Mozilla Firefox before 3.5.19 and 3.6.x before 3.6.17, and SeaMonkey... |
| CVE-2011-0065 | CRITICAL | 10.0 | 1 | 2011-05-07 | Use-after-free vulnerability in Mozilla Firefox before 3.5.19 and 3.6.x before 3.6.17, and SeaMonkey... |
| CVE-2011-0057 | CRITICAL | 10.0 | 1 | 2011-03-02 | Use-after-free vulnerability in the Web Workers implementation in Mozilla Firefox before 3.5.17 and ... |
| CVE-2011-0056 | CRITICAL | 10.0 | 1 | 2011-03-02 | Buffer overflow in the JavaScript engine in Mozilla Firefox before 3.5.17 and 3.6.x before 3.6.14, a... |
| CVE-2011-0055 | CRITICAL | 10.0 | 1 | 2011-03-02 | Use-after-free vulnerability in the JSON.stringify method in js3250.dll in Mozilla Firefox before 3.... |
| CVE-2011-0054 | CRITICAL | 10.0 | 1 | 2011-03-02 | Buffer overflow in the JavaScript engine in Mozilla Firefox before 3.5.17 and 3.6.x before 3.6.14, a... |
| CVE-2011-0053 | CRITICAL | 10.0 | 1 | 2011-03-02 | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.5.17 and 3.6.... |
| CVE-2010-0174 | CRITICAL | 10.0 | 1 | 2010-04-05 | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.0.19, 3.5.x b... |
| CVE-2010-0160 | CRITICAL | 10.0 | 1 | 2010-02-22 | The Web Worker functionality in Mozilla Firefox 3.0.x before 3.0.18 and 3.5.x before 3.5.8, and SeaM... |
| CVE-2009-2662 | CRITICAL | 10.0 | 1 | 2009-08-04 | The browser engine in Mozilla Firefox 3.5.x before 3.5.2 allows remote attackers to cause a denial o... |
| CVE-2009-2466 | CRITICAL | 10.0 | 1 | 2009-07-22 | The JavaScript engine in Mozilla Firefox before 3.0.12 and Thunderbird allows remote attackers to ca... |
| CVE-2009-0775 | CRITICAL | 10.0 | 1 | 2009-03-05 | Double free vulnerability in Mozilla Firefox before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonke... |
| CVE-2009-0773 | CRITICAL | 10.0 | 1 | 2009-03-05 | The JavaScript engine in Mozilla Firefox before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey 1.... |
| CVE-2009-0771 | CRITICAL | 10.0 | 1 | 2009-03-05 | The layout engine in Mozilla Firefox before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey 1.1.15... |
| CVE-2008-4064 | CRITICAL | 10.0 | 1 | 2008-09-24 | Multiple unspecified vulnerabilities in Mozilla Firefox 3.x before 3.0.2 allow remote attackers to c... |
| CVE-2008-4062 | CRITICAL | 10.0 | 1 | 2008-09-24 | Multiple unspecified vulnerabilities in Mozilla Firefox before 2.0.0.17 and 3.x before 3.0.2, Thunde... |
| CVE-2008-4061 | CRITICAL | 10.0 | 1 | 2008-09-24 | Integer overflow in the MathML component in Mozilla Firefox before 2.0.0.17 and 3.x before 3.0.2, Th... |
| CVE-2008-2811 | CRITICAL | 10.0 | 1 | 2008-07-07 | The block reflow implementation in Mozilla Firefox before 2.0.0.15, Thunderbird 2.0.0.14 and earlier... |
| CVE-2008-2799 | CRITICAL | 10.0 | 1 | 2008-07-07 | Multiple unspecified vulnerabilities in Mozilla Firefox before 2.0.0.15, Thunderbird 2.0.0.14 and ea... |
| CVE-2008-2798 | CRITICAL | 10.0 | 1 | 2008-07-07 | Multiple unspecified vulnerabilities in Mozilla Firefox before 2.0.0.15, Thunderbird 2.0.0.14 and ea... |
| CVE-2025-55315 | CRITICAL | 9.9 | 1 | 2025-10-14 | Inconsistent interpretation of http requests ('http request/response smuggling') in ASP.NET Core all... |
| CVE-2024-12084 | CRITICAL | 9.8 | 3 | 2025-01-15 | A heap-based buffer overflow flaw was found in the rsync daemon. This issue is due to improper handl... |
| CVE-2018-13410 | CRITICAL | 9.8 | 2 | 2018-07-06 | Info-ZIP Zip 3.0, when the -T and -TT command-line options are used, allows attackers to cause a den... |
| CVE-2022-48522 | CRITICAL | 9.8 | 1 | 2023-08-22 | In Perl 5.34.0, function S_find_uninit_var in sv.c has a stack-based crash that can lead to remote c... |
| CVE-2022-41903 | CRITICAL | 9.8 | 2 | 2023-01-17 | Git is distributed revision control system. `git log` can display commits in an arbitrary format usi... |
| CVE-2022-3520 | CRITICAL | 9.8 | 1 | 2022-12-02 | Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0765. |
| CVE-2022-3515 | CRITICAL | 9.8 | 1 | 2023-01-12 | A vulnerability was found in the Libksba library due to an integer overflow within the CRL parser. T... |
| CVE-2022-32221 | CRITICAL | 9.8 | 1 | 2022-12-05 | When doing HTTP(S) transfers, libcurl might erroneously use the read callback (`CURLOPT_READFUNCTION... |
| CVE-2022-32207 | CRITICAL | 9.8 | 1 | 2022-07-07 | When curl < 7.84.0 saves cookies, alt-svc and hsts data to local files, it makes the operation atomi... |
| CVE-2022-23521 | CRITICAL | 9.8 | 2 | 2023-01-17 | Git is distributed revision control system. gitattributes are a mechanism to allow defining attribut... |
| CVE-2022-1664 | CRITICAL | 9.8 | 1 | 2022-05-26 | Dpkg::Source::Archive in dpkg, the Debian package management system, before version 1.21.8, 1.20.10,... |
| CVE-2022-0318 | CRITICAL | 9.8 | 1 | 2022-01-21 | Heap-based Buffer Overflow in vim/vim prior to 8.2. |
| CVE-2016-1585 | CRITICAL | 9.8 | 1 | 2019-04-22 | In all versions of AppArmor mount rules are accidentally widened when compiled. |
| CVE-2025-9187 | CRITICAL | 9.8 | 1 | 2025-08-19 | Memory safety bugs present in Firefox 141 and Thunderbird 141. Some of these bugs showed evidence of... |
| CVE-2025-9179 | CRITICAL | 9.8 | 1 | 2025-08-19 | An attacker was able to perform memory corruption in the GMP process which processes encrypted media... |
| CVE-2025-8044 | CRITICAL | 9.8 | 1 | 2025-07-22 | Memory safety bugs present in Firefox 140 and Thunderbird 140. Some of these bugs showed evidence of... |
| CVE-2025-8043 | CRITICAL | 9.8 | 1 | 2025-07-22 | Focus incorrectly truncated URLs towards the beginning instead of around the origin. This vulnerabil... |
| CVE-2025-8038 | CRITICAL | 9.8 | 1 | 2025-07-22 | Thunderbird ignored paths when checking the validity of navigations in a frame. This vulnerability a... |
| CVE-2025-8031 | CRITICAL | 9.8 | 1 | 2025-07-22 | The `username:password` part was not correctly stripped from URLs in CSP reports potentially leaking... |
| CVE-2025-8028 | CRITICAL | 9.8 | 1 | 2025-07-22 | On arm64, a WASM `br_table` instruction with a lot of entries could lead to the label being too far ... |
| CVE-2025-6433 | CRITICAL | 9.8 | 1 | 2025-06-24 | If a user visited a webpage with an invalid TLS certificate, and granted an exception, the webpage w... |
| CVE-2025-6424 | CRITICAL | 9.8 | 1 | 2025-06-24 | A use-after-free in FontFaceSet resulted in a potentially exploitable crash. This vulnerability affe... |
| CVE-2025-55031 | CRITICAL | 9.8 | 1 | 2025-08-19 | Malicious pages could use Firefox for iOS to pass FIDO: links to the OS and trigger the hybrid passk... |
| CVE-2025-54143 | CRITICAL | 9.8 | 1 | 2025-08-19 | Sandboxed iframes on webpages could potentially allow downloads to the device, bypassing the expecte... |
| CVE-2025-49710 | CRITICAL | 9.8 | 1 | 2025-06-11 | An integer overflow was present in `OrderedHashTable` used by the JavaScript engine This vulnerabili... |
| CVE-2025-49709 | CRITICAL | 9.8 | 1 | 2025-06-11 | Certain canvas operations could have lead to memory corruption. This vulnerability affects Firefox <... |
| CVE-2025-4918 | CRITICAL | 9.8 | 1 | 2025-05-17 | An attacker was able to perform an out-of-bounds read or write on a JavaScript `Promise` object. Thi... |
| CVE-2025-27837 | CRITICAL | 9.8 | 1 | 2025-03-25 | An issue was discovered in Artifex Ghostscript before 10.05.0. Access to arbitrary files can occur t... |
| CVE-2025-27836 | CRITICAL | 9.8 | 1 | 2025-03-25 | An issue was discovered in Artifex Ghostscript before 10.05.0. The BJ10V device has a Print buffer o... |
| CVE-2025-27832 | CRITICAL | 9.8 | 1 | 2025-03-25 | An issue was discovered in Artifex Ghostscript before 10.05.0. The NPDL device has a Compression buf... |
| CVE-2025-27831 | CRITICAL | 9.8 | 1 | 2025-03-25 | An issue was discovered in Artifex Ghostscript before 10.05.0. The DOCXWRITE TXTWRITE device has a t... |
| CVE-2025-1942 | CRITICAL | 9.8 | 1 | 2025-03-04 | When String.toUpperCase() caused a string to get longer it was possible for uninitialized memory to ... |
| CVE-2025-14330 | CRITICAL | 9.8 | 1 | 2025-12-09 | JIT miscompilation in the JavaScript Engine: JIT component. This vulnerability affects Firefox < 146... |
| CVE-2025-14326 | CRITICAL | 9.8 | 1 | 2025-12-09 | Use-after-free in the Audio/Video: GMP component. This vulnerability affects Firefox < 146 and Thund... |
| CVE-2025-14324 | CRITICAL | 9.8 | 1 | 2025-12-09 | JIT miscompilation in the JavaScript Engine: JIT component. This vulnerability affects Firefox < 146... |
| CVE-2025-14321 | CRITICAL | 9.8 | 1 | 2025-12-09 | Use-after-free in the WebRTC: Signaling component. This vulnerability affects Firefox < 146, Firefox... |
| CVE-2025-13026 | CRITICAL | 9.8 | 1 | 2025-11-11 | Sandbox escape due to incorrect boundary conditions in the Graphics: WebGPU component. This vulnerab... |
| CVE-2025-13024 | CRITICAL | 9.8 | 1 | 2025-11-11 | JIT miscompilation in the JavaScript Engine: JIT component. This vulnerability affects Firefox < 145... |
| CVE-2025-13023 | CRITICAL | 9.8 | 1 | 2025-11-11 | Sandbox escape due to incorrect boundary conditions in the Graphics: WebGPU component. This vulnerab... |
| CVE-2025-13022 | CRITICAL | 9.8 | 1 | 2025-11-11 | Incorrect boundary conditions in the Graphics: WebGPU component. This vulnerability affects Firefox ... |
| CVE-2025-13021 | CRITICAL | 9.8 | 1 | 2025-11-11 | Incorrect boundary conditions in the Graphics: WebGPU component. This vulnerability affects Firefox ... |
| CVE-2025-11710 | CRITICAL | 9.8 | 1 | 2025-10-14 | A compromised web process using malicious IPC messages could have caused the privileged browser proc... |
| CVE-2025-11709 | CRITICAL | 9.8 | 1 | 2025-10-14 | A compromised web process was able to trigger out of bounds reads and writes in a more privileged pr... |
| CVE-2025-11708 | CRITICAL | 9.8 | 1 | 2025-10-14 | Use-after-free in MediaTrackGraphImpl::GetInstance() This vulnerability affects Firefox < 144, Firef... |
| CVE-2025-1020 | CRITICAL | 9.8 | 1 | 2025-02-04 | Memory safety bugs present in Firefox 134 and Thunderbird 134. Some of these bugs showed evidence of... |
| CVE-2025-1017 | CRITICAL | 9.8 | 1 | 2025-02-04 | Memory safety bugs present in Firefox 134, Thunderbird 134, Firefox ESR 128.6, and Thunderbird 128.6... |
| CVE-2025-1016 | CRITICAL | 9.8 | 1 | 2025-02-04 | Memory safety bugs present in Firefox 134, Thunderbird 134, Firefox ESR 115.19, Firefox ESR 128.6, T... |
| CVE-2025-1009 | CRITICAL | 9.8 | 1 | 2025-02-04 | An attacker could have caused a use-after-free via crafted XSLT data, leading to a potentially explo... |
| CVE-2025-0247 | CRITICAL | 9.8 | 1 | 2025-01-07 | Memory safety bugs present in Firefox 133 and Thunderbird 133. Some of these bugs showed evidence of... |
| CVE-2024-9680 | CRITICAL | 9.8 | 1 | 2024-10-09 | An attacker was able to achieve code execution in the content process by exploiting a use-after-free... |
| CVE-2024-9402 | CRITICAL | 9.8 | 1 | 2024-10-01 | Memory safety bugs present in Firefox 130, Firefox ESR 128.2, and Thunderbird 128.2. Some of these b... |
| CVE-2024-9401 | CRITICAL | 9.8 | 1 | 2024-10-01 | Memory safety bugs present in Firefox 130, Firefox ESR 115.15, Firefox ESR 128.2, and Thunderbird 12... |
| CVE-2024-9392 | CRITICAL | 9.8 | 1 | 2024-10-01 | A compromised content process could have allowed for the arbitrary loading of cross-origin pages. Th... |
| CVE-2024-8385 | CRITICAL | 9.8 | 1 | 2024-09-03 | A difference in the handling of StructFields and ArrayTypes in WASM could be used to trigger an expl... |
| CVE-2024-8384 | CRITICAL | 9.8 | 1 | 2024-09-03 | The JavaScript garbage collector could mis-color cross-compartment objects if OOM conditions were de... |
| CVE-2024-8381 | CRITICAL | 9.8 | 1 | 2024-09-03 | A potentially exploitable type confusion could be triggered when looking up a property name on an ob... |
| CVE-2024-6611 | CRITICAL | 9.8 | 1 | 2024-07-09 | A nested iframe, triggering a cross-site navigation, could send SameSite=Strict or Lax cookies. This... |
| CVE-2024-6602 | CRITICAL | 9.8 | 1 | 2024-07-09 | A mismatch between allocator and deallocator could have led to memory corruption. This vulnerability... |
| CVE-2024-5701 | CRITICAL | 9.8 | 1 | 2024-06-11 | Memory safety bugs present in Firefox 126. Some of these bugs showed evidence of memory corruption a... |
| CVE-2024-5699 | CRITICAL | 9.8 | 1 | 2024-06-11 | In violation of spec, cookie prefixes such as `__Secure` were being ignored if they were not correct... |
| CVE-2024-5695 | CRITICAL | 9.8 | 1 | 2024-06-11 | If an out-of-memory condition occurs at a specific point using allocations in the probabilistic heap... |
| CVE-2024-4778 | CRITICAL | 9.8 | 1 | 2024-05-14 | Memory safety bugs present in Firefox 125. Some of these bugs showed evidence of memory corruption a... |
| CVE-2024-4764 | CRITICAL | 9.8 | 1 | 2024-05-14 | Multiple WebRTC threads could have claimed a newly connected audio input leading to use-after-free. ... |
| CVE-2024-3863 | CRITICAL | 9.8 | 1 | 2024-04-16 | The executable file warning was not presented when downloading .xrm-ms files. *Note: This issue on... |
| CVE-2024-29943 | CRITICAL | 9.8 | 1 | 2024-03-22 | An attacker was able to perform an out-of-bounds read or write on a JavaScript object by fooling ran... |
| CVE-2024-2615 | CRITICAL | 9.8 | 1 | 2024-03-19 | Memory safety bugs present in Firefox 123. Some of these bugs showed evidence of memory corruption a... |
| CVE-2024-1554 | CRITICAL | 9.8 | 1 | 2024-02-20 | The `fetch()` API and navigation incorrectly shared the same cache, as the cache key did not include... |
| CVE-2024-11704 | CRITICAL | 9.8 | 1 | 2024-11-26 | A double-free issue could have occurred in `sec_pkcs7_decoder_start_decrypt()` when handling an erro... |
| CVE-2024-11693 | CRITICAL | 9.8 | 1 | 2024-11-26 | The executable file warning was not presented when downloading .library-ms files. *Note: This issu... |
| CVE-2023-5731 | CRITICAL | 9.8 | 1 | 2023-10-25 | Memory safety bugs present in Firefox 118. Some of these bugs showed evidence of memory corruption a... |
| CVE-2023-5730 | CRITICAL | 9.8 | 1 | 2023-10-25 | Memory safety bugs present in Firefox 118, Firefox ESR 115.3, and Thunderbird 115.3. Some of these b... |
| CVE-2023-5176 | CRITICAL | 9.8 | 1 | 2023-09-27 | Memory safety bugs present in Firefox 117, Firefox ESR 115.2, and Thunderbird 115.2. Some of these b... |
| CVE-2023-5175 | CRITICAL | 9.8 | 1 | 2023-09-27 | During process shutdown, it was possible that an `ImageBitmap` was created that would later be used ... |
| CVE-2023-5172 | CRITICAL | 9.8 | 1 | 2023-09-27 | A hashtable in the Ion Engine could have been mutated while there was a live interior reference, le... |
| CVE-2023-49060 | CRITICAL | 9.8 | 1 | 2023-11-21 | An attacker could have accessed internal pages or data by ex-filtrating a security key from ReaderMo... |
| CVE-2023-4058 | CRITICAL | 9.8 | 1 | 2023-08-01 | Memory safety bugs present in Firefox 115. Some of these bugs showed evidence of memory corruption a... |
| CVE-2023-4057 | CRITICAL | 9.8 | 1 | 2023-08-01 | Memory safety bugs present in Firefox 115, Firefox ESR 115.0, and Thunderbird 115.0. Some of these b... |
| CVE-2023-4056 | CRITICAL | 9.8 | 1 | 2023-08-01 | Memory safety bugs present in Firefox 115, Firefox ESR 115.0, Firefox ESR 102.13, Thunderbird 115.0,... |
| CVE-2023-34417 | CRITICAL | 9.8 | 1 | 2023-06-19 | Memory safety bugs present in Firefox 113. Some of these bugs showed evidence of memory corruption a... |
| CVE-2023-34416 | CRITICAL | 9.8 | 1 | 2023-06-19 | Memory safety bugs present in Firefox 113, Firefox ESR 102.11, and Thunderbird 102.12. Some of these... |
| CVE-2023-32216 | CRITICAL | 9.8 | 1 | 2023-06-19 | Mozilla developers and community members Ronald Crane, Andrew McCreight, Randell Jesup and the Mozil... |
| CVE-2023-25736 | CRITICAL | 9.8 | 1 | 2023-06-19 | An invalid downcast from `nsHTMLDocument` to `nsIContent` could have lead to undefined behavior. Thi... |
| CVE-2022-46882 | CRITICAL | 9.8 | 1 | 2022-12-22 | A use-after-free in WebGL extensions could have led to a potentially exploitable crash. This vulnera... |
| CVE-2022-45406 | CRITICAL | 9.8 | 1 | 2022-12-22 | If an out-of-memory condition occurred when creating a JavaScript global, a JavaScript realm may be ... |
| CVE-2022-36320 | CRITICAL | 9.8 | 1 | 2022-12-22 | Mozilla developers and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 102. ... |
| CVE-2022-34476 | CRITICAL | 9.8 | 1 | 2022-12-22 | ASN.1 parsing of an indefinite SEQUENCE inside an indefinite GROUP could have resulted in the parser... |
| CVE-2022-34470 | CRITICAL | 9.8 | 1 | 2022-12-22 | Session history navigations may have led to a use-after-free and potentially exploitable crash. This... |
| CVE-2022-31748 | CRITICAL | 9.8 | 1 | 2022-12-22 | Mozilla developers Gabriele Svelto, Timothy Nikkel, Randell Jesup, Jon Coppeard, and the Mozilla Fuz... |
| CVE-2022-31747 | CRITICAL | 9.8 | 1 | 2022-12-22 | Mozilla developers Andrew McCreight, Nicolas B. Pierron, and the Mozilla Fuzzing Team reported memor... |
| CVE-2022-31737 | CRITICAL | 9.8 | 1 | 2022-12-22 | A malicious webpage could have caused an out-of-bounds write in WebGL, leading to memory corruption ... |
| CVE-2022-31736 | CRITICAL | 9.8 | 1 | 2022-12-22 | A malicious website could have learned the size of a cross-origin resource that supported Range requ... |
| CVE-2022-29917 | CRITICAL | 9.8 | 1 | 2022-12-22 | Mozilla developers Andrew McCreight, Gabriele Svelto, Tom Ritter and the Mozilla Fuzzing Team report... |
| CVE-2021-4129 | CRITICAL | 9.8 | 1 | 2022-12-22 | Mozilla developers and community members Julian Hector, Randell Jesup, Gabriele Svelto, Tyson Smith,... |
| CVE-2021-29971 | CRITICAL | 9.8 | 1 | 2021-08-05 | If a user had granted a permission to a webpage and saved that grant, any webpage running on the sam... |
| CVE-2020-6831 | CRITICAL | 9.8 | 1 | 2020-05-26 | A buffer overflow could occur when parsing and validating SCTP chunks in WebRTC. This could have led... |
| CVE-2020-6826 | CRITICAL | 9.8 | 1 | 2020-04-24 | Mozilla developers Tyson Smith, Bob Clary, and Alexandru Michis reported memory safety bugs present ... |
| CVE-2020-6825 | CRITICAL | 9.8 | 1 | 2020-04-24 | Mozilla developers and community members Tyson Smith and Christian Holler reported memory safety bug... |
| CVE-2020-6823 | CRITICAL | 9.8 | 1 | 2020-04-24 | A malicious extension could have called <code>browser.identity.launchWebAuthFlow</code>, controlling... |
| CVE-2020-6815 | CRITICAL | 9.8 | 1 | 2020-03-25 | Mozilla developers reported memory safety and script safety bugs present in Firefox 73. Some of thes... |
| CVE-2020-6814 | CRITICAL | 9.8 | 1 | 2020-03-25 | Mozilla developers reported memory safety bugs present in Firefox and Thunderbird 68.5. Some of thes... |
| CVE-2020-26972 | CRITICAL | 9.8 | 1 | 2021-01-07 | The lifecycle of IPC Actors allows managed actors to outlive their manager actors; and the former mu... |
| CVE-2020-15684 | CRITICAL | 9.8 | 1 | 2020-10-22 | Mozilla developers reported memory safety bugs present in Firefox 81. Some of these bugs showed evid... |
| CVE-2020-15683 | CRITICAL | 9.8 | 1 | 2020-10-22 | Mozilla developers and community members reported memory safety bugs present in Firefox 81 and Firef... |
| CVE-2020-12396 | CRITICAL | 9.8 | 1 | 2020-05-26 | Mozilla developers and community members reported memory safety bugs present in Firefox 75. Some of ... |
| CVE-2020-12395 | CRITICAL | 9.8 | 1 | 2020-05-26 | Mozilla developers and community members reported memory safety bugs present in Firefox 75 and Firef... |
| CVE-2020-12390 | CRITICAL | 9.8 | 1 | 2020-05-26 | Incorrect origin serialization of URLs with IPv6 addresses could lead to incorrect security checks. ... |
| CVE-2019-9820 | CRITICAL | 9.8 | 1 | 2019-07-23 | A use-after-free vulnerability can occur in the chrome event handler when it is freed while still in... |
| CVE-2019-9819 | CRITICAL | 9.8 | 1 | 2019-07-23 | A vulnerability where a JavaScript compartment mismatch can occur while working with the fetch API, ... |
| CVE-2019-9814 | CRITICAL | 9.8 | 1 | 2019-07-23 | Mozilla developers and community members reported memory safety bugs present in Firefox 66. Some of ... |
| CVE-2019-9805 | CRITICAL | 9.8 | 1 | 2019-04-26 | A latent vulnerability exists in the Prio library where data may be read from uninitialized memory f... |
| CVE-2019-9800 | CRITICAL | 9.8 | 1 | 2019-07-23 | Mozilla developers and community members reported memory safety bugs present in Firefox 66, Firefox ... |
| CVE-2019-9796 | CRITICAL | 9.8 | 1 | 2019-04-26 | A use-after-free vulnerability can occur when the SMIL animation controller incorrectly registers wi... |
| CVE-2019-9795 | CRITICAL | 9.8 | 1 | 2019-04-26 | A vulnerability where type-confusion in the IonMonkey just-in-time (JIT) compiler could potentially ... |
| CVE-2019-9792 | CRITICAL | 9.8 | 1 | 2019-04-26 | The IonMonkey just-in-time (JIT) compiler can leak an internal JS_OPTIMIZED_OUT magic value to the r... |
| CVE-2019-9791 | CRITICAL | 9.8 | 1 | 2019-04-26 | The type inference system allows the compilation of functions that can cause type confusions between... |
| CVE-2019-9790 | CRITICAL | 9.8 | 1 | 2019-04-26 | A use-after-free vulnerability can occur when a raw pointer to a DOM element on a page is obtained u... |
| CVE-2019-9789 | CRITICAL | 9.8 | 1 | 2019-04-26 | Mozilla developers and community members reported memory safety bugs present in Firefox 65. Some of ... |
| CVE-2019-9788 | CRITICAL | 9.8 | 1 | 2019-04-26 | Mozilla developers and community members reported memory safety bugs present in Firefox 65, Firefox ... |
| CVE-2019-11734 | CRITICAL | 9.8 | 1 | 2019-09-27 | Mozilla developers and community members reported memory safety bugs present in Firefox 68. Some of ... |
| CVE-2019-11733 | CRITICAL | 9.8 | 1 | 2019-09-27 | When a master password is set, it is required to be entered again before stored passwords can be acc... |
| CVE-2019-11714 | CRITICAL | 9.8 | 1 | 2019-07-23 | Necko can access a child on the wrong thread during UDP connections, resulting in a potentially expl... |
| CVE-2019-11713 | CRITICAL | 9.8 | 1 | 2019-07-23 | A use-after-free vulnerability can occur in HTTP/2 when a cached HTTP/2 stream is closed while still... |
| CVE-2019-11710 | CRITICAL | 9.8 | 1 | 2019-07-23 | Mozilla developers and community members reported memory safety bugs present in Firefox 67. Some of ... |
| CVE-2019-11709 | CRITICAL | 9.8 | 1 | 2019-07-23 | Mozilla developers and community members reported memory safety bugs present in Firefox 67 and Firef... |
| CVE-2019-11692 | CRITICAL | 9.8 | 1 | 2019-07-23 | A use-after-free vulnerability can occur when listeners are removed from the event listener manager ... |
| CVE-2019-11691 | CRITICAL | 9.8 | 1 | 2019-07-23 | A use-after-free vulnerability can occur when working with XMLHttpRequest (XHR) in an event loop, ca... |
| CVE-2018-5188 | CRITICAL | 9.8 | 1 | 2018-10-18 | Memory safety bugs present in Firefox 60, Firefox ESR 60, and Firefox ESR 52.8. Some of these bugs s... |
| CVE-2018-5187 | CRITICAL | 9.8 | 1 | 2018-10-18 | Memory safety bugs present in Firefox 60 and Firefox ESR 60. Some of these bugs showed evidence of m... |
| CVE-2018-5186 | CRITICAL | 9.8 | 1 | 2018-10-18 | Memory safety bugs present in Firefox 60. Some of these bugs showed evidence of memory corruption an... |
| CVE-2018-5183 | CRITICAL | 9.8 | 1 | 2018-06-11 | Mozilla developers backported selected changes in the Skia library. These changes correct memory cor... |
| CVE-2018-5159 | CRITICAL | 9.8 | 1 | 2018-06-11 | An integer overflow can occur in the Skia library due to 32-bit integer use in an array without inte... |
| CVE-2018-5156 | CRITICAL | 9.8 | 1 | 2018-10-18 | A vulnerability can occur when capturing a media stream when the media source type is changed as the... |
| CVE-2018-5155 | CRITICAL | 9.8 | 1 | 2018-06-11 | A use-after-free vulnerability can occur while adjusting layout during SVG animations with text path... |
| CVE-2018-5154 | CRITICAL | 9.8 | 1 | 2018-06-11 | A use-after-free vulnerability can occur while enumerating attributes during SVG animations with cli... |
| CVE-2018-5151 | CRITICAL | 9.8 | 1 | 2018-06-11 | Memory safety bugs were reported in Firefox 59. Some of these bugs showed evidence of memory corrupt... |
| CVE-2018-5150 | CRITICAL | 9.8 | 1 | 2018-06-11 | Memory safety bugs were reported in Firefox 59, Firefox ESR 52.7, and Thunderbird 52.7. Some of thes... |
| CVE-2018-5148 | CRITICAL | 9.8 | 1 | 2018-06-11 | A use-after-free vulnerability can occur in the compositor during certain graphics operations when a... |
| CVE-2018-5147 | CRITICAL | 9.8 | 1 | 2018-06-11 | The libtremor library has the same flaw as CVE-2018-5146. This library is used by Firefox in place o... |
| CVE-2018-5145 | CRITICAL | 9.8 | 1 | 2018-06-11 | Memory safety bugs were reported in Firefox ESR 52.6. These bugs showed evidence of memory corruptio... |
| CVE-2018-5128 | CRITICAL | 9.8 | 1 | 2018-06-11 | A use-after-free vulnerability can occur when manipulating elements, events, and selection ranges du... |
| CVE-2018-5126 | CRITICAL | 9.8 | 1 | 2018-06-11 | Memory safety bugs were reported in Firefox 58. Some of these bugs showed evidence of memory corrupt... |
| CVE-2018-5122 | CRITICAL | 9.8 | 1 | 2018-06-11 | A potential integer overflow in the "DoCrypt" function of WebCrypto was identified. If a means was f... |
| CVE-2018-5116 | CRITICAL | 9.8 | 1 | 2018-06-11 | WebExtensions with the "ActiveTab" permission are able to access frames hosted within the active tab... |
| CVE-2018-5104 | CRITICAL | 9.8 | 1 | 2018-06-11 | A use-after-free vulnerability can occur during font face manipulation when a font face is freed whi... |
| CVE-2018-5103 | CRITICAL | 9.8 | 1 | 2018-06-11 | A use-after-free vulnerability can occur during mouse event handling due to issues with multiprocess... |
| CVE-2018-5102 | CRITICAL | 9.8 | 1 | 2018-06-11 | A use-after-free vulnerability can occur when manipulating HTML media elements with media streams, r... |
| CVE-2018-5099 | CRITICAL | 9.8 | 1 | 2018-06-11 | A use-after-free vulnerability can occur when the widget listener is holding strong references to br... |
| CVE-2018-5098 | CRITICAL | 9.8 | 1 | 2018-06-11 | A use-after-free vulnerability can occur when form input elements, focus, and selections are manipul... |
| CVE-2018-5097 | CRITICAL | 9.8 | 1 | 2018-06-11 | A use-after-free vulnerability can occur during XSL transformations when the source document for the... |
| CVE-2018-5096 | CRITICAL | 9.8 | 1 | 2018-06-11 | A use-after-free vulnerability can occur while editing events in form elements on a page, resulting ... |
| CVE-2018-5095 | CRITICAL | 9.8 | 1 | 2018-06-11 | An integer overflow vulnerability in the Skia library when allocating memory for edge builders on so... |
| CVE-2018-5092 | CRITICAL | 9.8 | 1 | 2018-06-11 | A use-after-free vulnerability can occur when the thread for a Web Worker is freed from memory prema... |
| CVE-2018-5091 | CRITICAL | 9.8 | 1 | 2018-06-11 | A use-after-free vulnerability can occur during WebRTC connections when interacting with the DTMF ti... |
| CVE-2018-5090 | CRITICAL | 9.8 | 1 | 2018-06-11 | Memory safety bugs were reported in Firefox 57. Some of these bugs showed evidence of memory corrupt... |
| CVE-2018-5089 | CRITICAL | 9.8 | 1 | 2018-06-11 | Memory safety bugs were reported in Firefox 57 and Firefox ESR 52.5. Some of these bugs showed evide... |
| CVE-2018-18504 | CRITICAL | 9.8 | 1 | 2019-02-05 | A crash and out-of-bounds read can occur when the buffer of a texture client is freed while it is st... |
| CVE-2018-18502 | CRITICAL | 9.8 | 1 | 2019-02-05 | Mozilla developers and community members reported memory safety bugs present in Firefox 64. Some of ... |
| CVE-2018-18501 | CRITICAL | 9.8 | 1 | 2019-02-05 | Mozilla developers and community members reported memory safety bugs present in Firefox 64 and Firef... |
| CVE-2018-18500 | CRITICAL | 9.8 | 1 | 2019-02-05 | A use-after-free vulnerability can occur while parsing an HTML5 stream in concert with custom HTML e... |
| CVE-2018-18498 | CRITICAL | 9.8 | 1 | 2019-02-28 | A potential vulnerability leading to an integer overflow can occur during buffer size calculations f... |
| CVE-2018-18493 | CRITICAL | 9.8 | 1 | 2019-02-28 | A buffer overflow can occur in the Skia library during buffer offset calculations with hardware acce... |
| CVE-2018-18492 | CRITICAL | 9.8 | 1 | 2019-02-28 | A use-after-free vulnerability can occur after deleting a selection element due to a weak reference ... |
| CVE-2018-12407 | CRITICAL | 9.8 | 1 | 2019-02-28 | A buffer overflow occurs when drawing and validating elements with the ANGLE graphics library, used ... |
| CVE-2018-12405 | CRITICAL | 9.8 | 1 | 2019-02-28 | Mozilla developers and community members reported memory safety bugs present in Firefox 63 and Firef... |
| CVE-2018-12392 | CRITICAL | 9.8 | 1 | 2019-02-28 | When manipulating user events in nested loops while opening a document through script, it is possibl... |
| CVE-2018-12390 | CRITICAL | 9.8 | 1 | 2019-02-28 | Mozilla developers and community members reported memory safety bugs present in Firefox 62 and Firef... |
| CVE-2018-12378 | CRITICAL | 9.8 | 1 | 2018-10-18 | A use-after-free vulnerability can occur when an IndexedDB index is deleted while still in use by Ja... |
| CVE-2018-12377 | CRITICAL | 9.8 | 1 | 2018-10-18 | A use-after-free vulnerability can occur when refresh driver timers are refreshed in some circumstan... |
| CVE-2018-12376 | CRITICAL | 9.8 | 1 | 2018-10-18 | Memory safety bugs present in Firefox 61 and Firefox ESR 60.1. Some of these bugs showed evidence of... |
| CVE-2018-12369 | CRITICAL | 9.8 | 1 | 2018-10-18 | WebExtensions bundled with embedded experiments were not correctly checked for proper authorization.... |
| CVE-2017-7828 | CRITICAL | 9.8 | 1 | 2018-06-11 | A use-after-free vulnerability can occur when flushing and resizing layout because the "PressShell" ... |
| CVE-2017-7827 | CRITICAL | 9.8 | 1 | 2018-06-11 | Memory safety bugs were reported in Firefox 56. Some of these bugs showed evidence of memory corrupt... |
| CVE-2017-7826 | CRITICAL | 9.8 | 1 | 2018-06-11 | Memory safety bugs were reported in Firefox 56 and Firefox ESR 52.4. Some of these bugs showed evide... |
| CVE-2017-7824 | CRITICAL | 9.8 | 1 | 2018-06-11 | A buffer overflow occurs when drawing and validating elements with the ANGLE graphics library, used ... |
| CVE-2017-7821 | CRITICAL | 9.8 | 1 | 2018-06-11 | A vulnerability where WebExtensions can download and attempt to open a file of some non-executable f... |
| CVE-2017-7819 | CRITICAL | 9.8 | 1 | 2018-06-11 | A use-after-free vulnerability can occur in design mode when image objects are resized if objects re... |
| CVE-2017-7818 | CRITICAL | 9.8 | 1 | 2018-06-11 | A use-after-free vulnerability can occur when manipulating arrays of Accessible Rich Internet Applic... |
| CVE-2017-7811 | CRITICAL | 9.8 | 1 | 2018-06-11 | Memory safety bugs were reported in Firefox 55. Some of these bugs showed evidence of memory corrupt... |
| CVE-2017-7810 | CRITICAL | 9.8 | 1 | 2018-06-11 | Memory safety bugs were reported in Firefox 55 and Firefox ESR 52.3. Some of these bugs showed evide... |
| CVE-2017-7809 | CRITICAL | 9.8 | 1 | 2018-06-11 | A use-after-free vulnerability can occur when an editor DOM node is deleted prematurely during tree ... |
| CVE-2017-7802 | CRITICAL | 9.8 | 1 | 2018-06-11 | A use-after-free vulnerability can occur when manipulating the DOM during the resize event of an ima... |
| CVE-2017-7801 | CRITICAL | 9.8 | 1 | 2018-06-11 | A use-after-free vulnerability can occur while re-computing layout for a "marquee" element during wi... |
| CVE-2017-7800 | CRITICAL | 9.8 | 1 | 2018-06-11 | A use-after-free vulnerability can occur in WebSockets when the object holding the connection is fre... |
| CVE-2017-7793 | CRITICAL | 9.8 | 1 | 2018-06-11 | A use-after-free vulnerability can occur in the Fetch API when the worker or the associated window a... |
| CVE-2017-7792 | CRITICAL | 9.8 | 1 | 2018-06-11 | A buffer overflow will occur when viewing a certificate in the certificate manager if the certificat... |
| CVE-2017-7788 | CRITICAL | 9.8 | 1 | 2018-06-11 | When an "iframe" has a "sandbox" attribute and its content is specified using "srcdoc", that content... |
| CVE-2017-7786 | CRITICAL | 9.8 | 1 | 2018-06-11 | A buffer overflow can occur when the image renderer attempts to paint non-displayable SVG elements. ... |
| CVE-2017-7785 | CRITICAL | 9.8 | 1 | 2018-06-11 | A buffer overflow can occur when manipulating Accessible Rich Internet Applications (ARIA) attribute... |
| CVE-2017-7784 | CRITICAL | 9.8 | 1 | 2018-06-11 | A use-after-free vulnerability can occur when reading an image observer during frame reconstruction ... |
| CVE-2017-7780 | CRITICAL | 9.8 | 1 | 2018-06-11 | Memory safety bugs were reported in Firefox 54. Some of these bugs showed evidence of memory corrupt... |
| CVE-2017-7779 | CRITICAL | 9.8 | 1 | 2018-06-11 | Memory safety bugs were reported in Firefox 54, Firefox ESR 52.2, and Thunderbird 52.2. Some of thes... |
| CVE-2017-7778 | CRITICAL | 9.8 | 1 | 2018-06-11 | A number of security vulnerabilities in the Graphite 2 library including out-of-bounds reads, buffer... |
| CVE-2017-7757 | CRITICAL | 9.8 | 1 | 2018-06-11 | A use-after-free vulnerability in IndexedDB when one of its objects is destroyed in memory while a m... |
| CVE-2017-7756 | CRITICAL | 9.8 | 1 | 2018-06-11 | A use-after-free and use-after-scope vulnerability when logging errors from headers for XML HTTP Req... |
| CVE-2017-7751 | CRITICAL | 9.8 | 1 | 2018-06-11 | A use-after-free vulnerability with content viewer listeners that results in a potentially exploitab... |
| CVE-2017-7750 | CRITICAL | 9.8 | 1 | 2018-06-11 | A use-after-free vulnerability during video control operations when a "<track>" element holds a refe... |
| CVE-2017-7749 | CRITICAL | 9.8 | 1 | 2018-06-11 | A use-after-free vulnerability when using an incorrect URL during the reloading of a docshell. This ... |
| CVE-2017-5472 | CRITICAL | 9.8 | 1 | 2018-06-11 | A use-after-free vulnerability with the frameloader during tree reconstruction while regenerating CS... |
| CVE-2017-5471 | CRITICAL | 9.8 | 1 | 2018-06-11 | Memory safety bugs were reported in Firefox 53. Some of these bugs showed evidence of memory corrupt... |
| CVE-2017-5470 | CRITICAL | 9.8 | 1 | 2018-06-11 | Memory safety bugs were reported in Firefox 53 and Firefox ESR 52.1. Some of these bugs showed evide... |
| CVE-2017-5469 | CRITICAL | 9.8 | 1 | 2018-06-11 | Fixed potential buffer overflows in generated Firefox code due to CVE-2016-6354 issue in Flex. This ... |
| CVE-2017-5464 | CRITICAL | 9.8 | 1 | 2018-06-11 | During DOM manipulations of the accessibility tree through script, the DOM tree can become out of sy... |
| CVE-2017-5460 | CRITICAL | 9.8 | 1 | 2018-06-11 | A use-after-free vulnerability in frame selection triggered by a combination of malicious script con... |
| CVE-2017-5459 | CRITICAL | 9.8 | 1 | 2018-06-11 | A buffer overflow in WebGL triggerable by web content, resulting in a potentially exploitable crash.... |
| CVE-2017-5456 | CRITICAL | 9.8 | 1 | 2018-06-11 | A mechanism to bypass file system access protections in the sandbox using the file system request co... |
| CVE-2017-5446 | CRITICAL | 9.8 | 1 | 2018-06-11 | An out-of-bounds read when an HTTP/2 connection to a servers sends "DATA" frames with incorrect data... |
| CVE-2017-5443 | CRITICAL | 9.8 | 1 | 2018-06-11 | An out-of-bounds write vulnerability while decoding improperly formed BinHex format archives. This v... |
| CVE-2017-5442 | CRITICAL | 9.8 | 1 | 2018-06-11 | A use-after-free vulnerability during changes in style when manipulating DOM elements. This results ... |
| CVE-2017-5441 | CRITICAL | 9.8 | 1 | 2018-06-11 | A use-after-free vulnerability when holding a selection during scroll events. This results in a pote... |
| CVE-2017-5440 | CRITICAL | 9.8 | 1 | 2018-06-11 | A use-after-free vulnerability during XSLT processing due to a failure to propagate error conditions... |
| CVE-2017-5439 | CRITICAL | 9.8 | 1 | 2018-06-11 | A use-after-free vulnerability during XSLT processing due to poor handling of template parameters. T... |
| CVE-2017-5438 | CRITICAL | 9.8 | 1 | 2018-06-11 | A use-after-free vulnerability during XSLT processing due to the result handler being held by a free... |
| CVE-2017-5435 | CRITICAL | 9.8 | 1 | 2018-06-11 | A use-after-free vulnerability occurs during transaction processing in the editor during design mode... |
| CVE-2017-5434 | CRITICAL | 9.8 | 1 | 2018-06-11 | A use-after-free vulnerability occurs when redirecting focus handling which results in a potentially... |
| CVE-2017-5433 | CRITICAL | 9.8 | 1 | 2018-06-11 | A use-after-free vulnerability in SMIL animation functions occurs when pointers to animation element... |
| CVE-2017-5432 | CRITICAL | 9.8 | 1 | 2018-06-11 | A use-after-free vulnerability occurs during certain text input selection resulting in a potentially... |
| CVE-2017-5430 | CRITICAL | 9.8 | 1 | 2018-06-11 | Memory safety bugs were reported in Firefox 52, Firefox ESR 52, and Thunderbird 52. Some of these bu... |
| CVE-2017-5429 | CRITICAL | 9.8 | 1 | 2018-06-11 | Memory safety bugs were reported in Firefox 52, Firefox ESR 45.8, Firefox ESR 52, and Thunderbird 52... |
| CVE-2017-5428 | CRITICAL | 9.8 | 1 | 2018-06-11 | An integer overflow in "createImageBitmap()" was reported through the Pwn2Own contest. The fix for t... |
| CVE-2017-5413 | CRITICAL | 9.8 | 1 | 2018-06-11 | A segmentation fault can occur during some bidirectional layout operations. This vulnerability affec... |
| CVE-2017-5410 | CRITICAL | 9.8 | 1 | 2018-06-11 | Memory corruption resulting in a potentially exploitable crash during garbage collection of JavaScri... |
| CVE-2017-5404 | CRITICAL | 9.8 | 1 | 2018-06-11 | A use-after-free error can occur when manipulating ranges in selections with one node inside a nativ... |
| CVE-2017-5403 | CRITICAL | 9.8 | 1 | 2018-06-11 | When adding a range to an object in the DOM, it is possible to use "addRange" to add the range to an... |
| CVE-2017-5402 | CRITICAL | 9.8 | 1 | 2018-06-11 | A use-after-free can occur when events are fired for a "FontFace" object after the object has been a... |
| CVE-2017-5401 | CRITICAL | 9.8 | 1 | 2018-06-11 | A crash triggerable by web content in which an "ErrorResult" references unassigned memory due to a l... |
| CVE-2017-5400 | CRITICAL | 9.8 | 1 | 2018-06-11 | JIT-spray targeting asm.js combined with a heap spray allows for a bypass of ASLR and DEP protection... |
| CVE-2017-5399 | CRITICAL | 9.8 | 1 | 2018-06-11 | Memory safety bugs were reported in Firefox 51. Some of these bugs showed evidence of memory corrupt... |
| CVE-2017-5398 | CRITICAL | 9.8 | 1 | 2018-06-11 | Memory safety bugs were reported in Thunderbird 45.7. Some of these bugs showed evidence of memory c... |
| CVE-2017-5397 | CRITICAL | 9.8 | 1 | 2018-06-11 | The cache directory on the local file system is set to be world writable. Firefox defaults to extrac... |
| CVE-2017-5396 | CRITICAL | 9.8 | 1 | 2018-06-11 | A use-after-free vulnerability in the Media Decoder when working with media files when some events a... |
| CVE-2017-5391 | CRITICAL | 9.8 | 1 | 2018-06-11 | Special "about:" pages used by web content, such as RSS feeds, can load privileged "about:" pages in... |
| CVE-2017-5390 | CRITICAL | 9.8 | 1 | 2018-06-11 | The JSON viewer in the Developer Tools uses insecure methods to create a communication channel for c... |
| CVE-2017-5380 | CRITICAL | 9.8 | 1 | 2018-06-11 | A potential use-after-free found through fuzzing during DOM manipulation of SVG content. This vulner... |
| CVE-2017-5377 | CRITICAL | 9.8 | 1 | 2018-06-11 | A memory corruption vulnerability in Skia that can occur when using transforms to make gradients, re... |
| CVE-2017-5376 | CRITICAL | 9.8 | 1 | 2018-06-11 | Use-after-free while manipulating XSL in XSLT documents. This vulnerability affects Thunderbird < 45... |
| CVE-2017-5375 | CRITICAL | 9.8 | 1 | 2018-06-11 | JIT code allocation can allow for a bypass of ASLR and DEP protections leading to potential memory c... |
| CVE-2017-5374 | CRITICAL | 9.8 | 1 | 2018-06-11 | Memory safety bugs were reported in Firefox 50.1. Some of these bugs showed evidence of memory corru... |
| CVE-2017-5373 | CRITICAL | 9.8 | 1 | 2018-06-11 | Memory safety bugs were reported in Firefox 50.1 and Firefox ESR 45.6. Some of these bugs showed evi... |
| CVE-2016-9901 | CRITICAL | 9.8 | 1 | 2018-06-11 | HTML tags received from the Pocket server will be processed without sanitization and any JavaScript ... |
| CVE-2016-9899 | CRITICAL | 9.8 | 1 | 2018-06-11 | Use-after-free while manipulating DOM events and removing audio elements due to errors in the handli... |
| CVE-2016-9898 | CRITICAL | 9.8 | 1 | 2018-06-11 | Use-after-free resulting in potentially exploitable crash when manipulating DOM subtrees in the Edit... |
| CVE-2016-9893 | CRITICAL | 9.8 | 1 | 2018-06-11 | Memory safety bugs were reported in Thunderbird 45.5. Some of these bugs showed evidence of memory c... |
| CVE-2016-9080 | CRITICAL | 9.8 | 1 | 2018-06-11 | Memory safety bugs were reported in Firefox 50.0.2. Some of these bugs showed evidence of memory cor... |
| CVE-2016-9075 | CRITICAL | 9.8 | 1 | 2018-06-11 | An issue where WebExtensions can use the mozAddonManager API to elevate privilege due to privileged ... |
| CVE-2016-9063 | CRITICAL | 9.8 | 1 | 2018-06-11 | An integer overflow during the parsing of XML using the Expat library. This vulnerability affects Fi... |
| CVE-2016-5297 | CRITICAL | 9.8 | 1 | 2018-06-11 | An error in argument length checking in JavaScript, leading to potential integer overflows or other ... |
| CVE-2016-5290 | CRITICAL | 9.8 | 1 | 2018-06-11 | Memory safety bugs were reported in Firefox 49 and Firefox ESR 45.4. Some of these bugs showed evide... |
| CVE-2016-5289 | CRITICAL | 9.8 | 1 | 2018-06-11 | Memory safety bugs were reported in Firefox 49. Some of these bugs showed evidence of memory corrupt... |
| CVE-2016-5287 | CRITICAL | 9.8 | 1 | 2018-06-11 | A potentially exploitable use-after-free crash during actor destruction with service workers. This i... |
| CVE-2016-5281 | CRITICAL | 9.8 | 1 | 2016-09-22 | Use-after-free vulnerability in the DOMSVGLength class in Mozilla Firefox before 49.0, Firefox ESR 4... |
| CVE-2016-5280 | CRITICAL | 9.8 | 1 | 2016-09-22 | Use-after-free vulnerability in the mozilla::nsTextNodeDirectionalityMap::RemoveElementFromMap funct... |
| CVE-2016-5277 | CRITICAL | 9.8 | 1 | 2016-09-22 | Use-after-free vulnerability in the nsRefreshDriver::Tick function in Mozilla Firefox before 49.0, F... |
| CVE-2016-5276 | CRITICAL | 9.8 | 1 | 2016-09-22 | Use-after-free vulnerability in the mozilla::a11y::DocAccessible::ProcessInvalidationList function i... |
| CVE-2016-5274 | CRITICAL | 9.8 | 1 | 2016-09-22 | Use-after-free vulnerability in the nsFrameManager::CaptureFrameState function in Mozilla Firefox be... |
| CVE-2016-5270 | CRITICAL | 9.8 | 1 | 2016-09-22 | Heap-based buffer overflow in the nsCaseTransformTextRunFactory::TransformString function in Mozilla... |
| CVE-2016-5257 | CRITICAL | 9.8 | 1 | 2016-09-22 | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 49.0, Firefox E... |
| CVE-2016-5256 | CRITICAL | 9.8 | 1 | 2016-09-22 | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 49.0 allow remo... |
| CVE-2016-5254 | CRITICAL | 9.8 | 1 | 2016-08-05 | Use-after-free vulnerability in the nsXULPopupManager::KeyDown function in Mozilla Firefox before 48... |
| CVE-2016-1962 | CRITICAL | 9.8 | 1 | 2016-03-13 | Use-after-free vulnerability in the mozilla::DataChannelConnection::Close function in Mozilla Firefo... |
| CVE-2016-1946 | CRITICAL | 9.8 | 1 | 2016-01-31 | The MoofParser::Metadata function in binding/MoofParser.cpp in libstagefright in Mozilla Firefox bef... |
| CVE-2016-1930 | CRITICAL | 9.8 | 1 | 2016-01-31 | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 44.0 and Firefo... |
| CVE-2016-0718 | CRITICAL | 9.8 | 1 | 2016-05-26 | Expat allows context-dependent attackers to cause a denial of service (crash) or possibly execute ar... |
| CVE-2014-1532 | CRITICAL | 9.8 | 1 | 2014-04-30 | Use-after-free vulnerability in the nsHostResolver::ConditionallyRefreshRecord function in libxul.so... |
| CVE-2014-1524 | CRITICAL | 9.8 | 1 | 2014-04-30 | The nsXBLProtoImpl::InstallImplementation function in Mozilla Firefox before 29.0, Firefox ESR 24.x ... |
| CVE-2014-1514 | CRITICAL | 9.8 | 1 | 2014-03-19 | vmtypedarrayobject.cpp in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird bef... |
| CVE-2014-1511 | CRITICAL | 9.8 | 1 | 2014-03-19 | Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey be... |
| CVE-2014-1510 | CRITICAL | 9.8 | 1 | 2014-03-19 | The Web IDL implementation in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird... |
| CVE-2014-1493 | CRITICAL | 9.8 | 1 | 2014-03-19 | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 28.0, Firefox E... |
| CVE-2014-1486 | CRITICAL | 9.8 | 1 | 2014-02-06 | Use-after-free vulnerability in the imgRequestProxy function in Mozilla Firefox before 27.0, Firefox... |
| CVE-2014-1477 | CRITICAL | 9.8 | 1 | 2014-02-06 | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 27.0, Firefox E... |
| CVE-2013-6671 | CRITICAL | 9.8 | 1 | 2013-12-11 | The nsGfxScrollFrameInner::IsLTR function in Mozilla Firefox before 26.0, Firefox ESR 24.x before 24... |
| CVE-2013-5618 | CRITICAL | 9.8 | 1 | 2013-12-11 | Use-after-free vulnerability in the nsNodeUtils::LastRelease function in the table-editing user inte... |
| CVE-2013-5616 | CRITICAL | 9.8 | 1 | 2013-12-11 | Use-after-free vulnerability in the nsEventListenerManager::HandleEventSubType function in Mozilla F... |
| CVE-2013-5615 | CRITICAL | 9.8 | 1 | 2013-12-11 | The JavaScript implementation in Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderb... |
| CVE-2013-5613 | CRITICAL | 9.8 | 1 | 2013-12-11 | Use-after-free vulnerability in the PresShell::DispatchSynthMouseMove function in Mozilla Firefox be... |
| CVE-2013-5609 | CRITICAL | 9.8 | 1 | 2013-12-11 | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 26.0, Firefox E... |
| CVE-2010-1205 | CRITICAL | 9.8 | 1 | 2010-06-30 | Buffer overflow in pngpread.c in libpng before 1.2.44 and 1.4.x before 1.4.3, as used in progressive... |
| CVE-2007-5341 | CRITICAL | 9.8 | 1 | 2017-08-18 | Remote code execution in the Venkman script debugger in Mozilla Firefox before 2.0.0.8. |
| CVE-2024-54534 | CRITICAL | 9.8 | 1 | 2024-12-12 | The issue was addressed with improved memory handling. This issue is fixed in watchOS 11.2, visionOS... |
| CVE-2024-47606 | CRITICAL | 9.8 | 1 | 2024-12-12 | GStreamer is a library for constructing graphs of media-handling components. An integer underflow ha... |
| CVE-2023-32002 | CRITICAL | 9.8 | 1 | 2023-08-21 | The use of `Module._load()` can bypass the policy mechanism and require modules outside of the polic... |
| CVE-2021-3711 | CRITICAL | 9.8 | 1 | 2021-08-24 | In order to decrypt SM2 encrypted data an application is expected to call the API function EVP_PKEY_... |
| CVE-2019-12900 | CRITICAL | 9.8 | 1 | 2019-06-19 | BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many... |
| CVE-2024-7519 | CRITICAL | 9.6 | 1 | 2024-08-06 | Insufficient checks when processing graphics shared memory could have led to memory corruption. This... |
| CVE-2022-26486 | CRITICAL | 9.6 | 1 | 2022-12-22 | An unexpected message in the WebGPU IPC framework could lead to a use-after-free and exploitable san... |
| CVE-2022-26384 | CRITICAL | 9.6 | 1 | 2022-12-22 | If an attacker could control the contents of an iframe sandboxed with <code>allow-popups</code> but ... |
| CVE-2022-22759 | CRITICAL | 9.6 | 1 | 2022-12-22 | If a document created a sandboxed iframe without <code>allow-scripts</code>, and subsequently append... |
| CVE-2025-32463 | CRITICAL | 9.3 | 2 | 2025-06-30 | Sudo before 1.9.17p1 allows local users to obtain root access because /etc/nsswitch.conf from a user... |
| CVE-2019-9812 | CRITICAL | 9.3 | 1 | 2020-01-08 | Given a compromised sandboxed content process due to a separate vulnerability, it is possible to esc... |
| CVE-2015-4516 | CRITICAL | 9.3 | 1 | 2015-09-24 | Mozilla Firefox before 41.0 allows remote attackers to bypass certain ECMAScript 5 (aka ES5) API pro... |
| CVE-2015-4496 | CRITICAL | 9.3 | 1 | 2015-08-16 | Multiple integer overflows in libstagefright in Mozilla Firefox before 38.0 allow remote attackers t... |
| CVE-2015-4493 | CRITICAL | 9.3 | 1 | 2015-08-16 | Heap-based buffer overflow in the stagefright::ESDS::parseESDescriptor function in libstagefright in... |
| CVE-2015-4480 | CRITICAL | 9.3 | 1 | 2015-08-16 | Integer overflow in the stagefright::SampleTable::isValid function in libstagefright in Mozilla Fire... |
| CVE-2015-2736 | CRITICAL | 9.3 | 1 | 2015-07-06 | The nsZipArchive::BuildFileList function in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.... |
| CVE-2015-2735 | CRITICAL | 9.3 | 1 | 2015-07-06 | nsZipArchive.cpp in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, ... |
| CVE-2014-1567 | CRITICAL | 9.3 | 1 | 2014-09-03 | Use-after-free vulnerability in DirectionalityUtils.cpp in Mozilla Firefox before 32.0, Firefox ESR ... |
| CVE-2014-1557 | CRITICAL | 9.3 | 1 | 2014-07-23 | The ConvolveHorizontally function in Skia, as used in Mozilla Firefox before 31.0, Firefox ESR 24.x ... |
| CVE-2014-1556 | CRITICAL | 9.3 | 1 | 2014-07-23 | Mozilla Firefox before 31.0, Firefox ESR 24.x before 24.7, and Thunderbird before 24.7 allow remote ... |
| CVE-2014-1555 | CRITICAL | 9.3 | 1 | 2014-07-23 | Use-after-free vulnerability in the nsDocLoader::OnProgress function in Mozilla Firefox before 31.0,... |
| CVE-2014-1549 | CRITICAL | 9.3 | 1 | 2014-07-23 | The mozilla::dom::AudioBufferSourceNodeEngine::CopyFromInputBuffer function in Mozilla Firefox befor... |
| CVE-2014-1540 | CRITICAL | 9.3 | 1 | 2014-06-11 | Use-after-free vulnerability in the nsEventListenerManager::CompileEventHandlerInternal function in ... |
| CVE-2014-1525 | CRITICAL | 9.3 | 1 | 2014-04-30 | The mozilla::dom::TextTrack::AddCue function in Mozilla Firefox before 29.0 and SeaMonkey before 2.2... |
| CVE-2014-1522 | CRITICAL | 9.3 | 1 | 2014-04-30 | The mozilla::dom::OscillatorNodeEngine::ComputeCustom function in the Web Audio subsystem in Mozilla... |
| CVE-2014-1519 | CRITICAL | 9.3 | 1 | 2014-04-30 | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 29.0 and SeaMon... |
| CVE-2014-1494 | CRITICAL | 9.3 | 1 | 2014-03-19 | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 28.0 and SeaMon... |
| CVE-2014-1490 | CRITICAL | 9.3 | 1 | 2014-02-06 | Race condition in libssl in Mozilla Network Security Services (NSS) before 3.15.4, as used in Mozill... |
| CVE-2013-5604 | CRITICAL | 9.3 | 1 | 2013-10-30 | The txXPathNodeUtils::getBaseURI function in the XSLT processor in Mozilla Firefox before 25.0, Fire... |
| CVE-2013-1738 | CRITICAL | 9.3 | 1 | 2013-09-18 | Use-after-free vulnerability in the JS_GetGlobalForScopeChain function in Mozilla Firefox before 24.... |
| CVE-2013-1735 | CRITICAL | 9.3 | 1 | 2013-09-18 | Use-after-free vulnerability in the mozilla::layout::ScrollbarActivity function in Mozilla Firefox b... |
| CVE-2013-1732 | CRITICAL | 9.3 | 1 | 2013-09-18 | Buffer overflow in the nsFloatManager::GetFlowArea function in Mozilla Firefox before 24.0, Firefox ... |
| CVE-2013-1724 | CRITICAL | 9.3 | 1 | 2013-09-18 | Use-after-free vulnerability in the mozilla::dom::HTMLFormElement::IsDefaultSubmitElement function i... |
| CVE-2013-1722 | CRITICAL | 9.3 | 1 | 2013-09-18 | Use-after-free vulnerability in the nsAnimationManager::BuildAnimations function in the Animation Ma... |
| CVE-2013-1721 | CRITICAL | 9.3 | 1 | 2013-09-18 | Integer overflow in the drawLineLoop function in the libGLESv2 library in Almost Native Graphics Lay... |
| CVE-2013-1704 | CRITICAL | 9.3 | 1 | 2013-08-07 | Use-after-free vulnerability in the nsINode::GetParentNode function in Mozilla Firefox before 23.0 a... |
| CVE-2013-1697 | CRITICAL | 9.3 | 1 | 2013-06-26 | The XrayWrapper implementation in Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thund... |
| CVE-2013-1688 | CRITICAL | 9.3 | 1 | 2013-06-26 | The Profiler implementation in Mozilla Firefox before 22.0 parses untrusted data during UI rendering... |
| CVE-2013-1687 | CRITICAL | 9.3 | 1 | 2013-06-26 | The System Only Wrapper (SOW) and Chrome Object Wrapper (COW) implementations in Mozilla Firefox bef... |
| CVE-2013-1685 | CRITICAL | 9.3 | 1 | 2013-06-26 | Use-after-free vulnerability in the nsIDocument::GetRootElement function in Mozilla Firefox before 2... |
| CVE-2013-1684 | CRITICAL | 9.3 | 1 | 2013-06-26 | Use-after-free vulnerability in the mozilla::dom::HTMLMediaElement::LookupMediaElementURITable funct... |
| CVE-2013-1674 | CRITICAL | 9.3 | 1 | 2013-05-16 | Use-after-free vulnerability in Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunder... |
| CVE-2013-0787 | CRITICAL | 9.3 | 1 | 2013-03-11 | Use-after-free vulnerability in the nsEditor::IsPreformatted function in editor/libeditor/base/nsEdi... |
| CVE-2013-0784 | CRITICAL | 9.3 | 1 | 2013-02-19 | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 19.0, Thunderbi... |
| CVE-2013-0783 | CRITICAL | 9.3 | 1 | 2013-02-19 | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 19.0, Firefox E... |
| CVE-2013-0782 | CRITICAL | 9.3 | 1 | 2013-02-19 | Heap-based buffer overflow in the nsSaveAsCharset::DoCharsetConversion function in Mozilla Firefox b... |
| CVE-2013-0781 | CRITICAL | 9.3 | 1 | 2013-02-19 | Use-after-free vulnerability in the nsPrintEngine::CommonPrint function in Mozilla Firefox before 19... |
| CVE-2013-0780 | CRITICAL | 9.3 | 1 | 2013-02-19 | Use-after-free vulnerability in the nsOverflowContinuationTracker::Finish function in Mozilla Firefo... |
| CVE-2013-0779 | CRITICAL | 9.3 | 1 | 2013-02-19 | The nsCodingStateMachine::NextState function in Mozilla Firefox before 19.0, Thunderbird before 17.0... |
| CVE-2013-0778 | CRITICAL | 9.3 | 1 | 2013-02-19 | The ClusterIterator::NextCluster function in Mozilla Firefox before 19.0, Thunderbird before 17.0.3,... |
| CVE-2013-0777 | CRITICAL | 9.3 | 1 | 2013-02-19 | Use-after-free vulnerability in the nsDisplayBoxShadowOuter::Paint function in Mozilla Firefox befor... |
| CVE-2013-0775 | CRITICAL | 9.3 | 1 | 2013-02-19 | Use-after-free vulnerability in the nsImageLoadingContent::OnStopContainer function in Mozilla Firef... |
| CVE-2013-0773 | CRITICAL | 9.3 | 1 | 2013-02-19 | The Chrome Object Wrapper (COW) and System Only Wrapper (SOW) implementations in Mozilla Firefox bef... |
| CVE-2013-0771 | CRITICAL | 9.3 | 1 | 2013-01-13 | Heap-based buffer overflow in the gfxTextRun::ShrinkToLigatureBoundaries function in Mozilla Firefox... |
| CVE-2013-0770 | CRITICAL | 9.3 | 1 | 2013-01-13 | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 18.0, Thunderbi... |
| CVE-2013-0769 | CRITICAL | 9.3 | 1 | 2013-01-13 | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 18.0, Firefox E... |
| CVE-2013-0768 | CRITICAL | 9.3 | 1 | 2013-01-13 | Stack-based buffer overflow in the Canvas implementation in Mozilla Firefox before 18.0, Firefox ESR... |
| CVE-2013-0766 | CRITICAL | 9.3 | 1 | 2013-01-13 | Use-after-free vulnerability in the ~nsHTMLEditRules implementation in Mozilla Firefox before 18.0, ... |
| CVE-2013-0765 | CRITICAL | 9.3 | 1 | 2013-02-19 | Mozilla Firefox before 19.0, Thunderbird before 17.0.3, and SeaMonkey before 2.16 do not prevent mul... |
| CVE-2013-0764 | CRITICAL | 9.3 | 1 | 2013-01-13 | The nsSOCKSSocketInfo::ConnectToProxy function in Mozilla Firefox before 18.0, Firefox ESR 17.x befo... |
| CVE-2013-0763 | CRITICAL | 9.3 | 1 | 2013-01-13 | Use-after-free vulnerability in Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.1, Thunder... |
| CVE-2013-0762 | CRITICAL | 9.3 | 1 | 2013-01-13 | Use-after-free vulnerability in the imgRequest::OnStopFrame function in Mozilla Firefox before 18.0,... |
| CVE-2013-0761 | CRITICAL | 9.3 | 1 | 2013-01-13 | Use-after-free vulnerability in the mozilla::TrackUnionStream::EndTrack implementation in Mozilla Fi... |
| CVE-2013-0760 | CRITICAL | 9.3 | 1 | 2013-01-13 | Buffer overflow in the CharDistributionAnalysis::HandleOneChar function in Mozilla Firefox before 18... |
| CVE-2013-0758 | CRITICAL | 9.3 | 1 | 2013-01-13 | Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.2, Thunderbird bef... |
| CVE-2013-0757 | CRITICAL | 9.3 | 1 | 2013-01-13 | The Chrome Object Wrapper (COW) implementation in Mozilla Firefox before 18.0, Firefox ESR 17.x befo... |
| CVE-2013-0756 | CRITICAL | 9.3 | 1 | 2013-01-13 | Use-after-free vulnerability in the obj_toSource function in Mozilla Firefox before 18.0, Firefox ES... |
| CVE-2013-0755 | CRITICAL | 9.3 | 1 | 2013-01-13 | Use-after-free vulnerability in the mozVibrate implementation in the Vibrate library in Mozilla Fire... |
| CVE-2013-0754 | CRITICAL | 9.3 | 1 | 2013-01-13 | Use-after-free vulnerability in the ListenerManager implementation in Mozilla Firefox before 18.0, F... |
| CVE-2013-0753 | CRITICAL | 9.3 | 1 | 2013-01-13 | Use-after-free vulnerability in the serializeToStream implementation in the XMLSerializer component ... |
| CVE-2013-0752 | CRITICAL | 9.3 | 1 | 2013-01-13 | Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ... |
| CVE-2013-0750 | CRITICAL | 9.3 | 1 | 2013-01-13 | Integer overflow in the JavaScript implementation in Mozilla Firefox before 18.0, Firefox ESR 10.x b... |
| CVE-2013-0749 | CRITICAL | 9.3 | 1 | 2013-01-13 | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 18.0, Firefox E... |
| CVE-2013-0746 | CRITICAL | 9.3 | 1 | 2013-01-13 | Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.2, Thunderbird bef... |
| CVE-2013-0745 | CRITICAL | 9.3 | 1 | 2013-01-13 | The AutoWrapperChanger class in Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.2, Thunder... |
| CVE-2013-0744 | CRITICAL | 9.3 | 1 | 2013-01-13 | Use-after-free vulnerability in the TableBackgroundPainter::TableBackgroundData::Destroy function in... |
| CVE-2012-5843 | CRITICAL | 9.3 | 1 | 2012-11-21 | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 17.0, Thunderbi... |
| CVE-2012-5842 | CRITICAL | 9.3 | 1 | 2012-11-21 | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 17.0, Firefox E... |
| CVE-2012-5840 | CRITICAL | 9.3 | 1 | 2012-11-21 | Use-after-free vulnerability in the nsTextEditorState::PrepareEditor function in Mozilla Firefox bef... |
| CVE-2012-5839 | CRITICAL | 9.3 | 1 | 2012-11-21 | Heap-based buffer overflow in the gfxShapedWord::CompressedGlyph::IsClusterStart function in Mozilla... |
| CVE-2012-5838 | CRITICAL | 9.3 | 1 | 2012-11-21 | The copyTexImage2D implementation in the WebGL subsystem in Mozilla Firefox before 17.0, Thunderbird... |
| CVE-2012-5833 | CRITICAL | 9.3 | 1 | 2012-11-21 | The texImage2D implementation in the WebGL subsystem in Mozilla Firefox before 17.0, Firefox ESR 10.... |
| CVE-2012-5829 | CRITICAL | 9.3 | 1 | 2012-11-21 | Heap-based buffer overflow in the nsWindow::OnExposeEvent function in Mozilla Firefox before 17.0, F... |
| CVE-2012-4217 | CRITICAL | 9.3 | 1 | 2012-11-21 | Use-after-free vulnerability in the nsViewManager::ProcessPendingUpdates function in Mozilla Firefox... |
| CVE-2012-4216 | CRITICAL | 9.3 | 1 | 2012-11-21 | Use-after-free vulnerability in the gfxFont::GetFontEntry function in Mozilla Firefox before 17.0, F... |
| CVE-2012-4215 | CRITICAL | 9.3 | 1 | 2012-11-21 | Use-after-free vulnerability in the nsPlaintextEditor::FireClipboardEvent function in Mozilla Firefo... |
| CVE-2012-4214 | CRITICAL | 9.3 | 1 | 2012-11-21 | Use-after-free vulnerability in the nsTextEditorState::PrepareEditor function in Mozilla Firefox bef... |
| CVE-2012-4213 | CRITICAL | 9.3 | 1 | 2012-11-21 | Use-after-free vulnerability in the nsEditor::FindNextLeafNode function in Mozilla Firefox before 17... |
| CVE-2012-4210 | CRITICAL | 9.3 | 1 | 2012-11-21 | The Style Inspector in Mozilla Firefox before 17.0 and Firefox ESR 10.x before 10.0.11 does not prop... |
| CVE-2012-4204 | CRITICAL | 9.3 | 1 | 2012-11-21 | The str_unescape function in the JavaScript engine in Mozilla Firefox before 17.0, Thunderbird befor... |
| CVE-2012-4202 | CRITICAL | 9.3 | 1 | 2012-11-21 | Heap-based buffer overflow in the image::RasterImage::DrawFrameTo function in Mozilla Firefox before... |
| CVE-2012-4191 | CRITICAL | 9.3 | 1 | 2012-10-12 | The mozilla::net::FailDelayManager::Lookup function in the WebSockets implementation in Mozilla Fire... |
| CVE-2012-4188 | CRITICAL | 9.3 | 1 | 2012-10-10 | Heap-based buffer overflow in the Convolve3x3 function in Mozilla Firefox before 16.0, Firefox ESR 1... |
| CVE-2012-4187 | CRITICAL | 9.3 | 1 | 2012-10-10 | Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ES... |
| CVE-2012-4186 | CRITICAL | 9.3 | 1 | 2012-10-10 | Heap-based buffer overflow in the nsWaveReader::DecodeAudioData function in Mozilla Firefox before 1... |
| CVE-2012-4185 | CRITICAL | 9.3 | 1 | 2012-10-10 | Buffer overflow in the nsCharTraits::length function in Mozilla Firefox before 16.0, Firefox ESR 10.... |
| CVE-2012-4183 | CRITICAL | 9.3 | 1 | 2012-10-10 | Use-after-free vulnerability in the DOMSVGTests::GetRequiredFeatures function in Mozilla Firefox bef... |
| CVE-2012-4182 | CRITICAL | 9.3 | 1 | 2012-10-10 | Use-after-free vulnerability in the nsTextEditRules::WillInsert function in Mozilla Firefox before 1... |
| CVE-2012-4181 | CRITICAL | 9.3 | 1 | 2012-10-10 | Use-after-free vulnerability in the nsSMILAnimationController::DoSample function in Mozilla Firefox ... |
| CVE-2012-4180 | CRITICAL | 9.3 | 1 | 2012-10-10 | Heap-based buffer overflow in the nsHTMLEditor::IsPrevCharInNodeWhitespace function in Mozilla Firef... |
| CVE-2012-4179 | CRITICAL | 9.3 | 1 | 2012-10-10 | Use-after-free vulnerability in the nsHTMLCSSUtils::CreateCSSPropertyTxn function in Mozilla Firefox... |
| CVE-2012-3995 | CRITICAL | 9.3 | 1 | 2012-10-10 | The IsCSSWordSpacingSpace function in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, T... |
| CVE-2012-3993 | CRITICAL | 9.3 | 1 | 2012-10-10 | The Chrome Object Wrapper (COW) implementation in Mozilla Firefox before 16.0, Firefox ESR 10.x befo... |
| CVE-2012-3991 | CRITICAL | 9.3 | 1 | 2012-10-10 | Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ES... |
| CVE-2012-3990 | CRITICAL | 9.3 | 1 | 2012-10-10 | Use-after-free vulnerability in the IME State Manager implementation in Mozilla Firefox before 16.0,... |
| CVE-2012-3989 | CRITICAL | 9.3 | 1 | 2012-10-10 | Mozilla Firefox before 16.0, Thunderbird before 16.0, and SeaMonkey before 2.13 do not properly perf... |
| CVE-2012-3988 | CRITICAL | 9.3 | 1 | 2012-10-10 | Use-after-free vulnerability in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunder... |
| CVE-2012-3982 | CRITICAL | 9.3 | 1 | 2012-10-10 | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 16.0, Firefox E... |
| CVE-2012-3980 | CRITICAL | 9.3 | 1 | 2012-08-29 | The web console in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 1... |
| CVE-2012-3969 | CRITICAL | 9.3 | 1 | 2012-08-29 | Integer overflow in the nsSVGFEMorphologyElement::Filter function in Mozilla Firefox before 15.0, Fi... |
| CVE-2012-3965 | CRITICAL | 9.3 | 1 | 2012-08-29 | Mozilla Firefox before 15.0 does not properly restrict navigation to the about:newtab page, which al... |
| CVE-2012-3962 | CRITICAL | 9.3 | 1 | 2012-08-29 | Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ES... |
| CVE-2012-1971 | CRITICAL | 9.3 | 1 | 2012-08-29 | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 15.0, Thunderbi... |
| CVE-2012-1938 | CRITICAL | 9.3 | 1 | 2012-06-05 | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 13.0, Thunderbi... |
| CVE-2012-0457 | CRITICAL | 9.3 | 1 | 2012-03-14 | Use-after-free vulnerability in the nsSMILTimeValueSpec::ConvertBetweenTimeContainer function in Moz... |
| CVE-2012-0449 | CRITICAL | 9.3 | 1 | 2012-02-01 | Mozilla Firefox before 3.6.26 and 4.x through 9.0, Thunderbird before 3.1.18 and 5.0 through 9.0, an... |
| CVE-2012-0442 | CRITICAL | 9.3 | 1 | 2012-02-01 | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.6.26 and 4.x ... |
| CVE-2011-3659 | CRITICAL | 9.3 | 1 | 2012-02-01 | Use-after-free vulnerability in Mozilla Firefox before 3.6.26 and 4.x through 9.0, Thunderbird befor... |
| CVE-2011-3650 | CRITICAL | 9.3 | 1 | 2011-11-09 | Mozilla Firefox before 3.6.24 and 4.x through 7.0 and Thunderbird before 3.1.6 and 5.0 through 7.0 d... |
| CVE-2011-3647 | CRITICAL | 9.3 | 1 | 2011-11-09 | The JSSubScriptLoader in Mozilla Firefox before 3.6.24 and Thunderbird before 3.1.6 does not properl... |
| CVE-2011-3002 | CRITICAL | 9.3 | 1 | 2011-09-29 | Almost Native Graphics Layer Engine (ANGLE), as used in Mozilla Firefox before 7.0 and SeaMonkey bef... |
| CVE-2011-2981 | CRITICAL | 9.3 | 1 | 2011-08-18 | The event-management implementation in Mozilla Firefox before 3.6.20, SeaMonkey 2.x, Thunderbird 3.x... |
| CVE-2010-3776 | CRITICAL | 9.3 | 1 | 2010-12-10 | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.5.16 and 3.6.... |
| CVE-2010-3775 | CRITICAL | 9.3 | 1 | 2010-12-10 | Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13, and SeaMonkey before 2.0.11, does not properl... |
| CVE-2010-3772 | CRITICAL | 9.3 | 1 | 2010-12-10 | Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13, and SeaMonkey before 2.0.11, does not properl... |
| CVE-2010-3768 | CRITICAL | 9.3 | 1 | 2010-12-10 | Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13, Thunderbird before 3.0.11 and 3.1.x before 3.... |
| CVE-2010-3767 | CRITICAL | 9.3 | 1 | 2010-12-10 | Integer overflow in the NewIdArray function in Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13... |
| CVE-2010-3766 | CRITICAL | 9.3 | 1 | 2010-12-10 | Use-after-free vulnerability in Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13, and SeaMonkey... |
| CVE-2010-3183 | CRITICAL | 9.3 | 1 | 2010-10-21 | The LookupGetterOrSetter function in js3250.dll in Mozilla Firefox before 3.5.14 and 3.6.x before 3.... |
| CVE-2010-3180 | CRITICAL | 9.3 | 1 | 2010-10-21 | Use-after-free vulnerability in the nsBarProp function in Mozilla Firefox before 3.5.14 and 3.6.x be... |
| CVE-2010-3179 | CRITICAL | 9.3 | 1 | 2010-10-21 | Stack-based buffer overflow in the text-rendering functionality in Mozilla Firefox before 3.5.14 and... |
| CVE-2010-1585 | CRITICAL | 9.3 | 1 | 2010-04-28 | The nsIScriptableUnescapeHTML.parseFragment method in the ParanoidFragmentSink protection mechanism ... |
| CVE-2010-0177 | CRITICAL | 9.3 | 1 | 2010-04-05 | Mozilla Firefox before 3.0.19, 3.5.x before 3.5.9, and 3.6.x before 3.6.2, and SeaMonkey before 2.0.... |
| CVE-2010-0176 | CRITICAL | 9.3 | 1 | 2010-04-05 | Mozilla Firefox before 3.0.19, 3.5.x before 3.5.9, and 3.6.x before 3.6.2; Thunderbird before 3.0.4;... |
| CVE-2010-0175 | CRITICAL | 9.3 | 1 | 2010-04-05 | Use-after-free vulnerability in the nsTreeSelection implementation in Mozilla Firefox before 3.0.19 ... |
| CVE-2010-0173 | CRITICAL | 9.3 | 1 | 2010-04-05 | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.5.9 and 3.6.x... |
| CVE-2009-0774 | CRITICAL | 9.3 | 1 | 2009-03-05 | The layout engine in Mozilla Firefox 2 and 3 before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonke... |
| CVE-2009-0772 | CRITICAL | 9.3 | 1 | 2009-03-05 | The layout engine in Mozilla Firefox 2 and 3 before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonke... |
| CVE-2008-4063 | CRITICAL | 9.3 | 1 | 2008-09-24 | Multiple unspecified vulnerabilities in Mozilla Firefox 3.x before 3.0.2 allow remote attackers to c... |
| CVE-2008-3837 | CRITICAL | 9.3 | 1 | 2008-09-24 | Mozilla Firefox before 2.0.0.17 and 3.x before 3.0.2, and SeaMonkey before 1.1.12, allow user-assist... |
| CVE-2008-2785 | CRITICAL | 9.3 | 1 | 2008-06-19 | Mozilla Firefox before 2.0.0.16 and 3.x before 3.0.1, Thunderbird before 2.0.0.16, and SeaMonkey bef... |
| CVE-2008-1380 | CRITICAL | 9.3 | 1 | 2008-04-17 | The JavaScript engine in Mozilla Firefox before 2.0.0.14, Thunderbird before 2.0.0.14, and SeaMonkey... |
| CVE-2008-1235 | CRITICAL | 9.3 | 1 | 2008-03-27 | Unspecified vulnerability in Mozilla Firefox before 2.0.0.13, Thunderbird before 2.0.0.13, and SeaMo... |
| CVE-2008-0420 | CRITICAL | 9.3 | 1 | 2008-02-12 | modules/libpr0n/decoders/bmp/nsBMPDecoder.cpp in Mozilla Firefox before 2.0.0.12, Thunderbird before... |
| CVE-2008-0419 | CRITICAL | 9.3 | 1 | 2008-02-08 | Mozilla Firefox before 2.0.0.12 and SeaMonkey before 1.1.8 allows remote attackers to steal navigati... |
| CVE-2008-0413 | CRITICAL | 9.3 | 1 | 2008-02-08 | The JavaScript engine in Mozilla Firefox before 2.0.0.12, Thunderbird before 2.0.0.12, and SeaMonkey... |
| CVE-2008-0412 | CRITICAL | 9.3 | 1 | 2008-02-08 | The browser engine in Mozilla Firefox before 2.0.0.12, Thunderbird before 2.0.0.12, and SeaMonkey be... |
| CVE-2007-5959 | CRITICAL | 9.3 | 1 | 2007-11-26 | Multiple unspecified vulnerabilities in Mozilla Firefox before 2.0.0.10 and SeaMonkey before 1.1.7 a... |
| CVE-2007-5338 | CRITICAL | 9.3 | 1 | 2007-10-21 | Mozilla Firefox before 2.0.0.8 and SeaMonkey before 1.1.5 allow remote attackers to execute arbitrar... |
| CVE-2007-5045 | CRITICAL | 9.3 | 1 | 2007-09-24 | Argument injection vulnerability in Apple QuickTime 7.1.5 and earlier, when running on systems with ... |
| CVE-2007-4841 | CRITICAL | 9.3 | 1 | 2007-09-12 | Mozilla Firefox before 2.0.0.8, Thunderbird before 2.0.0.8, and SeaMonkey before 1.1.5 allows remote... |
| CVE-2007-0776 | CRITICAL | 9.3 | 1 | 2007-02-26 | Heap-based buffer overflow in the _cairo_pen_init function in Mozilla Firefox 2.x before 2.0.0.2, Th... |
| CVE-2006-4565 | CRITICAL | 9.3 | 1 | 2006-09-15 | Heap-based buffer overflow in Mozilla Firefox before 1.5.0.7, Thunderbird before 1.5.0.7, and SeaMon... |
| CVE-2006-2780 | CRITICAL | 9.3 | 1 | 2006-06-02 | Integer overflow in Mozilla Firefox and Thunderbird before 1.5.0.4 allows remote attackers to cause ... |
| CVE-2006-1739 | CRITICAL | 9.3 | 1 | 2006-04-14 | The CSS border-rendering code in Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0... |
| CVE-2006-1737 | CRITICAL | 9.3 | 1 | 2006-04-14 | Integer overflow in Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla S... |
| CVE-2006-1735 | CRITICAL | 9.3 | 1 | 2006-04-14 | Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, ... |
| CVE-2006-1730 | CRITICAL | 9.3 | 1 | 2006-04-14 | Integer overflow in Mozilla Firefox and Thunderbird 1.x before 1.5.0.2 and 1.0.x before 1.0.8, Mozil... |
| CVE-2006-1728 | CRITICAL | 9.3 | 1 | 2006-04-14 | Unspecified vulnerability in Mozilla Firefox and Thunderbird 1.x before 1.5.0.2 and 1.0.x before 1.0... |
| CVE-2006-0749 | CRITICAL | 9.3 | 1 | 2006-04-14 | nsHTMLContentSink.cpp in Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozi... |
| CVE-2024-38428 | CRITICAL | 9.1 | 3 | 2024-06-16 | url.c in GNU Wget through 1.24.5 mishandles semicolons in the userinfo subcomponent of a URI, and th... |
| CVE-2022-31321 | CRITICAL | 9.1 | 3 | 2022-08-01 | The foldername parameter in Bolt 5.1.7 was discovered to have incorrect input validation, allowing a... |
| CVE-2023-23914 | CRITICAL | 9.1 | 1 | 2023-02-23 | A cleartext transmission of sensitive information vulnerability exists in curl <v7.88.0 that could c... |
| CVE-2025-8037 | CRITICAL | 9.1 | 1 | 2025-07-22 | Setting a nameless cookie with an equals sign in the value shadowed other cookies. Even if the namel... |
| CVE-2025-6427 | CRITICAL | 9.1 | 1 | 2025-06-24 | An attacker was able to bypass the `connect-src` directive of a Content Security Policy by manipulat... |
| CVE-2025-54145 | CRITICAL | 9.1 | 1 | 2025-08-19 | The QR scanner could allow arbitrary websites to be opened if a user was tricked into scanning a mal... |
| CVE-2025-4083 | CRITICAL | 9.1 | 1 | 2025-04-29 | A process isolation vulnerability in Thunderbird stemmed from improper handling of javascript: URIs,... |
| CVE-2025-1941 | CRITICAL | 9.1 | 1 | 2025-03-04 | Under certain circumstances, a user opt-in setting that Focus should require authentication before u... |
| CVE-2024-11705 | CRITICAL | 9.1 | 1 | 2024-11-26 | `NSC_DeriveKey` inadvertently assumed that the `phKey` parameter is always non-NULL. When it was pas... |
| CVE-2024-10004 | CRITICAL | 9.1 | 1 | 2024-10-15 | Opening an external link to an HTTP website when Firefox iOS was previously closed and had an HTTPS ... |
| CVE-2023-29534 | CRITICAL | 9.1 | 1 | 2023-06-19 | Different techniques existed to obscure the fullscreen notification in Firefox and Focus for Android... |
| CVE-2018-12387 | CRITICAL | 9.1 | 1 | 2018-10-18 | A vulnerability where the JavaScript JIT compiler inlines Array.prototype.push with multiple argumen... |
| CVE-2017-7774 | CRITICAL | 9.1 | 1 | 2019-04-15 | Out-of-bounds read in Graphite2 Library in Firefox before 54 in graphite2::Silf::readGraphite functi... |
| CVE-2017-7758 | CRITICAL | 9.1 | 1 | 2018-06-11 | An out-of-bounds read vulnerability with the Opus encoder when the number of channels in an audio st... |
| CVE-2017-7753 | CRITICAL | 9.1 | 1 | 2018-06-11 | An out-of-bounds read occurs when applying style rules to pseudo-elements, such as ::first-line, usi... |
| CVE-2017-5468 | CRITICAL | 9.1 | 1 | 2018-06-11 | An issue with incorrect ownership model of "privateBrowsing" information exposed through developer t... |
| CVE-2017-5465 | CRITICAL | 9.1 | 1 | 2018-06-11 | An out-of-bounds read while processing SVG content in "ConvolvePixel". This results in a crash and a... |
| CVE-2017-5447 | CRITICAL | 9.1 | 1 | 2018-06-11 | An out-of-bounds read during the processing of glyph widths during text layout. This results in a po... |
| CVE-2014-1508 | CRITICAL | 9.1 | 1 | 2014-03-19 | The libxul.so!gfxContext::Polygon function in Mozilla Firefox before 28.0, Firefox ESR 24.x before 2... |
| CVE-2024-0057 | CRITICAL | 9.1 | 1 | 2024-01-09 | NET, .NET Framework, and Visual Studio Security Feature Bypass Vulnerability |
| CVE-2024-32002 | CRITICAL | 9.0 | 4 | 2024-05-14 | Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, ... |
| CVE-2025-34086 | HIGH | 8.8 | 3 | 2025-07-03 | Bolt CMS versions 3.7.0 and earlier contain a chain of vulnerabilities that together allow an authen... |
| CVE-2024-52005 | HIGH | 8.8 | 3 | 2025-01-15 | Git is a source code management tool. When cloning from a server (or fetching, or pushing), informat... |
| CVE-2022-36882 | HIGH | 8.8 | 3 | 2022-07-27 | A cross-site request forgery (CSRF) vulnerability in Jenkins Git Plugin 4.11.3 and earlier allows at... |
| CVE-2019-9185 | HIGH | 8.8 | 3 | 2019-03-07 | Controller/Async/FilesystemManager.php in the filemanager in Bolt before 3.6.5 allows remote attacke... |
| CVE-2023-27534 | HIGH | 8.8 | 1 | 2023-03-30 | A path traversal vulnerability exists in curl <8.0.0 SFTP implementation causes the tilde (~) charac... |
| CVE-2023-27533 | HIGH | 8.8 | 1 | 2023-03-30 | A vulnerability in input validation exists in curl <8.0 during communication using the TELNET protoc... |
| CVE-2022-1271 | HIGH | 8.8 | 1 | 2022-08-31 | An arbitrary file write vulnerability was found in GNU gzip's zgrep utility. When zgrep is applied o... |
| CVE-2022-0729 | HIGH | 8.8 | 1 | 2022-02-23 | Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior to 8.2.4440. |
| CVE-2025-8040 | HIGH | 8.8 | 1 | 2025-07-22 | Memory safety bugs present in Firefox ESR 140.0, Thunderbird ESR 140.0, Firefox 140 and Thunderbird ... |
| CVE-2025-8035 | HIGH | 8.8 | 1 | 2025-07-22 | Memory safety bugs present in Firefox ESR 128.12, Thunderbird ESR 128.12, Firefox ESR 140.0, Thunder... |
| CVE-2025-8034 | HIGH | 8.8 | 1 | 2025-07-22 | Memory safety bugs present in Firefox ESR 115.25, Firefox ESR 128.12, Thunderbird ESR 128.12, Firefo... |
| CVE-2025-4919 | HIGH | 8.8 | 1 | 2025-05-17 | An attacker was able to perform an out-of-bounds read or write on a JavaScript object by confusing a... |
| CVE-2025-2817 | HIGH | 8.8 | 1 | 2025-04-29 | Thunderbird's update mechanism allowed a medium-integrity user process to interfere with the SYSTEM-... |
| CVE-2025-1930 | HIGH | 8.8 | 1 | 2025-03-04 | On Windows, a compromised content process could use bad StreamData sent over AudioIPC to trigger a u... |
| CVE-2025-14329 | HIGH | 8.8 | 1 | 2025-12-09 | Privilege escalation in the Netmonitor component. This vulnerability affects Firefox < 146, Firefox ... |
| CVE-2025-14328 | HIGH | 8.8 | 1 | 2025-12-09 | Privilege escalation in the Netmonitor component. This vulnerability affects Firefox < 146, Firefox ... |
| CVE-2025-14323 | HIGH | 8.8 | 1 | 2025-12-09 | Privilege escalation in the DOM: Notifications component. This vulnerability affects Firefox < 146, ... |
| CVE-2025-13020 | HIGH | 8.8 | 1 | 2025-11-11 | Use-after-free in the WebRTC: Audio/Video component. This vulnerability affects Firefox < 145, Firef... |
| CVE-2025-13014 | HIGH | 8.8 | 1 | 2025-11-11 | Use-after-free in the Audio/Video component. This vulnerability affects Firefox < 145, Firefox ESR <... |
| CVE-2025-11715 | HIGH | 8.8 | 1 | 2025-10-14 | Memory safety bugs present in Firefox ESR 140.3, Thunderbird ESR 140.3, Firefox 143 and Thunderbird ... |
| CVE-2025-11714 | HIGH | 8.8 | 1 | 2025-10-14 | Memory safety bugs present in Firefox ESR 115.28, Firefox ESR 140.3, Thunderbird ESR 140.3, Firefox ... |
| CVE-2025-10537 | HIGH | 8.8 | 1 | 2025-09-16 | Memory safety bugs present in Firefox ESR 140.2, Thunderbird ESR 140.2, Firefox 142 and Thunderbird ... |
| CVE-2025-10533 | HIGH | 8.8 | 1 | 2025-09-16 | Integer overflow in the SVG component. This vulnerability affects Firefox < 143, Firefox ESR < 115.2... |
| CVE-2025-1014 | HIGH | 8.8 | 1 | 2025-02-04 | Certificate length was not properly checked when added to a certificate store. In practice only trus... |
| CVE-2025-1011 | HIGH | 8.8 | 1 | 2025-02-04 | A bug in WebAssembly code generation could have lead to a crash. It may have been possible for an at... |
| CVE-2025-1010 | HIGH | 8.8 | 1 | 2025-02-04 | An attacker could have caused a use-after-free via the Custom Highlight API, leading to a potentiall... |
| CVE-2024-9400 | HIGH | 8.8 | 1 | 2024-10-01 | A potential memory corruption vulnerability could be triggered if an attacker had the ability to tri... |
| CVE-2024-9396 | HIGH | 8.8 | 1 | 2024-10-01 | It is currently unknown if this issue is exploitable but a condition may arise where the structured ... |
| CVE-2024-8382 | HIGH | 8.8 | 1 | 2024-09-03 | Internal browser event interfaces were exposed to web content when privileged EventHandler listener ... |
| CVE-2024-7530 | HIGH | 8.8 | 1 | 2024-08-06 | Incorrect garbage collection interaction could have led to a use-after-free. This vulnerability affe... |
| CVE-2024-7528 | HIGH | 8.8 | 1 | 2024-08-06 | Incorrect garbage collection interaction in IndexedDB could have led to a use-after-free. This vulne... |
| CVE-2024-7527 | HIGH | 8.8 | 1 | 2024-08-06 | Unexpected marking work at the start of sweeping could have led to a use-after-free. This vulnerabil... |
| CVE-2024-7522 | HIGH | 8.8 | 1 | 2024-08-06 | Editor code failed to check an attribute value. This could have led to an out-of-bounds read. This v... |
| CVE-2024-7521 | HIGH | 8.8 | 1 | 2024-08-06 | Incomplete WebAssembly exception handing could have led to a use-after-free. This vulnerability affe... |
| CVE-2024-7520 | HIGH | 8.8 | 1 | 2024-08-06 | A type confusion bug in WebAssembly could be leveraged by an attacker to potentially achieve code ex... |
| CVE-2024-6615 | HIGH | 8.8 | 1 | 2024-07-09 | Memory safety bugs present in Firefox 127 and Thunderbird 127. Some of these bugs showed evidence of... |
| CVE-2024-6609 | HIGH | 8.8 | 1 | 2024-07-09 | When almost out-of-memory an elliptic curve key which was never allocated could have been freed agai... |
| CVE-2024-6607 | HIGH | 8.8 | 1 | 2024-07-09 | It was possible to prevent a user from exiting pointerlock when pressing escape and to overlay custo... |
| CVE-2024-6605 | HIGH | 8.8 | 1 | 2024-07-09 | Firefox Android allowed immediate interaction with permission prompts. This could be used for tapjac... |
| CVE-2024-4777 | HIGH | 8.8 | 1 | 2024-05-14 | Memory safety bugs present in Firefox 125, Firefox ESR 115.10, and Thunderbird 115.10. Some of these... |
| CVE-2024-4770 | HIGH | 8.8 | 1 | 2024-05-14 | When saving a page to PDF, certain font styles could have led to a potential use-after-free crash. T... |
| CVE-2024-4367 | HIGH | 8.8 | 1 | 2024-05-14 | A type check was missing when handling fonts in PDF.js, which would allow arbitrary JavaScript execu... |
| CVE-2024-3856 | HIGH | 8.8 | 1 | 2024-04-16 | A use-after-free could occur during WASM execution if garbage collection ran during the creation of ... |
| CVE-2024-3854 | HIGH | 8.8 | 1 | 2024-04-16 | In some code patterns the JIT incorrectly optimized switch statements and generated code with out-of... |
| CVE-2024-33871 | HIGH | 8.8 | 1 | 2024-07-03 | An issue was discovered in Artifex Ghostscript before 10.03.1. contrib/opvp/gdevopvp.c allows arbitr... |
| CVE-2024-29509 | HIGH | 8.8 | 1 | 2024-07-03 | Artifex Ghostscript before 10.03.0 has a heap-based overflow when PDFPassword (e.g., for runpdf) has... |
| CVE-2024-29506 | HIGH | 8.8 | 1 | 2024-07-03 | Artifex Ghostscript before 10.03.0 has a stack-based buffer overflow in the pdfi_apply_filter() func... |
| CVE-2024-2614 | HIGH | 8.8 | 1 | 2024-03-19 | Memory safety bugs present in Firefox 123, Firefox ESR 115.8, and Thunderbird 115.8. Some of these b... |
| CVE-2024-11699 | HIGH | 8.8 | 1 | 2024-11-26 | Memory safety bugs present in Firefox 132, Firefox ESR 128.4, and Thunderbird 128.4. Some of these b... |
| CVE-2024-11697 | HIGH | 8.8 | 1 | 2024-11-26 | When handling keypress events, an attacker may have been able to trick a user into bypassing the "Op... |
| CVE-2024-10467 | HIGH | 8.8 | 1 | 2024-10-29 | Memory safety bugs present in Firefox 131, Firefox ESR 128.3, and Thunderbird 128.3. Some of these b... |
| CVE-2024-0755 | HIGH | 8.8 | 1 | 2024-01-23 | Memory safety bugs present in Firefox 121, Firefox ESR 115.6, and Thunderbird 115.6. Some of these b... |
| CVE-2024-0751 | HIGH | 8.8 | 1 | 2024-01-23 | A malicious devtools extension could have been used to escalate privileges. This vulnerability affec... |
| CVE-2024-0750 | HIGH | 8.8 | 1 | 2024-01-23 | A bug in popup notifications delay calculation could have made it possible for an attacker to trick ... |
| CVE-2024-0745 | HIGH | 8.8 | 1 | 2024-01-23 | The WebAudio `OscillatorNode` object was susceptible to a stack buffer overflow. This could have led... |
| CVE-2023-6873 | HIGH | 8.8 | 1 | 2023-12-19 | Memory safety bugs present in Firefox 120. Some of these bugs showed evidence of memory corruption a... |
| CVE-2023-6866 | HIGH | 8.8 | 1 | 2023-12-19 | TypedArrays can be fallible and lacked proper exception handling. This could lead to abuse in other ... |
| CVE-2023-6864 | HIGH | 8.8 | 1 | 2023-12-19 | Memory safety bugs present in Firefox 120, Firefox ESR 115.5, and Thunderbird 115.5. Some of these b... |
| CVE-2023-6863 | HIGH | 8.8 | 1 | 2023-12-19 | The `ShutdownObserver()` was susceptible to potentially undefined behavior due to its reliance on a ... |
| CVE-2023-6861 | HIGH | 8.8 | 1 | 2023-12-19 | The `nsWindow::PickerOpen(void)` method was susceptible to a heap buffer overflow when running in he... |
| CVE-2023-6859 | HIGH | 8.8 | 1 | 2023-12-19 | A use-after-free condition affected TLS socket creation when under memory pressure. This vulnerabili... |
| CVE-2023-6858 | HIGH | 8.8 | 1 | 2023-12-19 | Firefox was susceptible to a heap buffer overflow in `nsTextFragment` due to insufficient OOM handli... |
| CVE-2023-6856 | HIGH | 8.8 | 1 | 2023-12-19 | The WebGL `DrawElementsInstanced` method was susceptible to a heap buffer overflow when used on syst... |
| CVE-2023-6213 | HIGH | 8.8 | 1 | 2023-11-21 | Memory safety bugs present in Firefox 119. Some of these bugs showed evidence of memory corruption a... |
| CVE-2023-6212 | HIGH | 8.8 | 1 | 2023-11-21 | Memory safety bugs present in Firefox 119, Firefox ESR 115.4, and Thunderbird 115.4. Some of these b... |
| CVE-2023-6208 | HIGH | 8.8 | 1 | 2023-11-21 | When using X11, text selected by the page using the Selection API was erroneously copied into the pr... |
| CVE-2023-6207 | HIGH | 8.8 | 1 | 2023-11-21 | Ownership mismanagement led to a use-after-free in ReadableByteStreams This vulnerability affects Fi... |
| CVE-2023-5217 | HIGH | 8.8 | 1 | 2023-09-28 | Heap buffer overflow in vp8 encoding in libvpx in Google Chrome prior to 117.0.5938.132 and libvpx 1... |
| CVE-2023-4863 | HIGH | 8.8 | 1 | 2023-09-12 | Heap buffer overflow in libwebp in Google Chrome prior to 116.0.5845.187 and libwebp 1.3.2 allowed a... |
| CVE-2023-4585 | HIGH | 8.8 | 1 | 2023-09-11 | Memory safety bugs present in Firefox 116, Firefox ESR 115.1, and Thunderbird 115.1. Some of these b... |
| CVE-2023-4584 | HIGH | 8.8 | 1 | 2023-09-11 | Memory safety bugs present in Firefox 116, Firefox ESR 102.14, Firefox ESR 115.1, Thunderbird 102.14... |
| CVE-2023-4047 | HIGH | 8.8 | 1 | 2023-08-01 | A bug in popup notifications delay calculation could have made it possible for an attacker to trick ... |
| CVE-2023-37212 | HIGH | 8.8 | 1 | 2023-07-05 | Memory safety bugs present in Firefox 114. Some of these bugs showed evidence of memory corruption a... |
| CVE-2023-37211 | HIGH | 8.8 | 1 | 2023-07-05 | Memory safety bugs present in Firefox 114, Firefox ESR 102.12, and Thunderbird 102.12. Some of these... |
| CVE-2023-37209 | HIGH | 8.8 | 1 | 2023-07-05 | A use-after-free condition existed in `NotifyOnHistoryReload` where a `LoadingSessionHistoryEntry` o... |
| CVE-2023-37202 | HIGH | 8.8 | 1 | 2023-07-05 | Cross-compartment wrappers wrapping a scripted proxy could have caused objects from other compartmen... |
| CVE-2023-37201 | HIGH | 8.8 | 1 | 2023-07-05 | An attacker could have triggered a use-after-free condition when creating a WebRTC connection over H... |
| CVE-2023-3600 | HIGH | 8.8 | 1 | 2023-07-12 | During the worker lifecycle, a use-after-free condition could have occurred, which could have led to... |
| CVE-2023-32215 | HIGH | 8.8 | 1 | 2023-06-02 | Mozilla developers and community members Gabriele Svelto, Andrew Osmond, Emily McDonough, Sebastian ... |
| CVE-2023-32213 | HIGH | 8.8 | 1 | 2023-06-02 | When reading a file, an uninitialized value could have been used as read limit. This vulnerability a... |
| CVE-2023-32207 | HIGH | 8.8 | 1 | 2023-06-02 | A missing delay in popup notifications could have made it possible for an attacker to trick a user i... |
| CVE-2023-29551 | HIGH | 8.8 | 1 | 2023-06-02 | Memory safety bugs present in Firefox 111. Some of these bugs showed evidence of memory corruption a... |
| CVE-2023-29550 | HIGH | 8.8 | 1 | 2023-06-02 | Memory safety bugs present in Firefox 111 and Firefox ESR 102.9. Some of these bugs showed evidence ... |
| CVE-2023-29543 | HIGH | 8.8 | 1 | 2023-06-02 | An attacker could have caused memory corruption and a potentially exploitable use-after-free of a po... |
| CVE-2023-29541 | HIGH | 8.8 | 1 | 2023-06-02 | Firefox did not properly handle downloads of files ending in <code>.desktop</code>, which can be int... |
| CVE-2023-29539 | HIGH | 8.8 | 1 | 2023-06-02 | When handling the filename directive in the Content-Disposition header, the filename would be trunca... |
| CVE-2023-29536 | HIGH | 8.8 | 1 | 2023-06-02 | An attacker could cause the memory manager to incorrectly free a pointer that addresses attacker-con... |
| CVE-2023-28177 | HIGH | 8.8 | 1 | 2023-06-02 | Memory safety bugs present in Firefox 110. Some of these bugs showed evidence of memory corruption a... |
| CVE-2023-28176 | HIGH | 8.8 | 1 | 2023-06-02 | Memory safety bugs present in Firefox 110 and Firefox ESR 102.8. Some of these bugs showed evidence ... |
| CVE-2023-28162 | HIGH | 8.8 | 1 | 2023-06-02 | While implementing AudioWorklets, some code may have casted one type to another, invalid, dynamic ty... |
| CVE-2023-28161 | HIGH | 8.8 | 1 | 2023-06-02 | If temporary "one-time" permissions, such as the ability to use the Camera, were granted to a docume... |
| CVE-2023-25745 | HIGH | 8.8 | 1 | 2023-06-02 | Memory safety bugs present in Firefox 109. Some of these bugs showed evidence of memory corruption a... |
| CVE-2023-25744 | HIGH | 8.8 | 1 | 2023-06-02 | Mmemory safety bugs present in Firefox 109 and Firefox ESR 102.7. Some of these bugs showed evidence... |
| CVE-2023-25740 | HIGH | 8.8 | 1 | 2023-06-02 | After downloading a Windows <code>.scf</code> script from the local filesystem, an attacker could su... |
| CVE-2023-25739 | HIGH | 8.8 | 1 | 2023-06-02 | Module load requests that failed were not being checked as to whether or not they were cancelled cau... |
| CVE-2023-25737 | HIGH | 8.8 | 1 | 2023-06-02 | An invalid downcast from <code>nsTextNode</code> to <code>SVGElement</code> could have lead to undef... |
| CVE-2023-25735 | HIGH | 8.8 | 1 | 2023-06-02 | Cross-compartment wrappers wrapping a scripted proxy could have caused objects from other compartmen... |
| CVE-2023-25732 | HIGH | 8.8 | 1 | 2023-06-02 | When encoding data from an <code>inputStream</code> in <code>xpcom</code> the size of the input bein... |
| CVE-2023-25731 | HIGH | 8.8 | 1 | 2023-06-02 | Due to URL previews in the network panel of developer tools improperly storing URLs, query parameter... |
| CVE-2023-25729 | HIGH | 8.8 | 1 | 2023-06-02 | Permission prompts for opening external schemes were only shown for <code>ContentPrincipals</code> r... |
| CVE-2023-24805 | HIGH | 8.8 | 1 | 2023-05-17 | cups-filters contains backends, filters, and other software required to get the cups printing servic... |
| CVE-2023-23606 | HIGH | 8.8 | 1 | 2023-06-02 | Mozilla developers and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 108. ... |
| CVE-2023-23605 | HIGH | 8.8 | 1 | 2023-06-02 | Mozilla developers and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 108 a... |
| CVE-2023-0767 | HIGH | 8.8 | 1 | 2023-06-02 | An attacker could construct a PKCS 12 cert bundle in such a way that could allow for arbitrary memor... |
| CVE-2022-46885 | HIGH | 8.8 | 1 | 2022-12-22 | Mozilla developers Timothy Nikkel, Ashley Hale, and the Mozilla Fuzzing Team reported memory safety ... |
| CVE-2022-46884 | HIGH | 8.8 | 1 | 2023-08-24 | A potential use-after-free vulnerability existed in SVG Images if the Refresh Driver was destroyed a... |
| CVE-2022-46883 | HIGH | 8.8 | 1 | 2022-12-22 | Mozilla developers Gabriele Svelto, Yulia Startsev, Andrew McCreight and the Mozilla Fuzzing Team re... |
| CVE-2022-46881 | HIGH | 8.8 | 1 | 2022-12-22 | An optimization in WebGL was incorrect in some cases, and could have led to memory corruption and a ... |
| CVE-2022-46879 | HIGH | 8.8 | 1 | 2022-12-22 | Mozilla developers and community members Lukas Bernhard, Gabriele Svelto, Randell Jesup, and the Moz... |
| CVE-2022-46878 | HIGH | 8.8 | 1 | 2022-12-22 | Mozilla developers Randell Jesup, Valentin Gosu, Olli Pettay, and the Mozilla Fuzzing Team reported ... |
| CVE-2022-46874 | HIGH | 8.8 | 1 | 2022-12-22 | A file with a long filename could have had its filename truncated to remove the valid extension, lea... |
| CVE-2022-46873 | HIGH | 8.8 | 1 | 2022-12-22 | Because Firefox did not implement the <code>unsafe-hashes</code> CSP directive, an attacker who was ... |
| CVE-2022-46871 | HIGH | 8.8 | 1 | 2022-12-22 | An out of date library (libusrsctp) contained vulnerabilities that could potentially be exploited. T... |
| CVE-2022-45421 | HIGH | 8.8 | 1 | 2022-12-22 | Mozilla developers Andrew McCreight and Gabriele Svelto reported memory safety bugs present in Thund... |
| CVE-2022-45409 | HIGH | 8.8 | 1 | 2022-12-22 | The garbage collector could have been aborted in several states and zones and <code>GCRuntime::finis... |
| CVE-2022-42932 | HIGH | 8.8 | 1 | 2022-12-22 | Mozilla developers Ashley Hale and the Mozilla Fuzzing Team reported memory safety bugs present in F... |
| CVE-2022-42928 | HIGH | 8.8 | 1 | 2022-12-22 | Certain types of allocations were missing annotations that, if the Garbage Collector was in a specif... |
| CVE-2022-40962 | HIGH | 8.8 | 1 | 2022-12-22 | Mozilla developers Nika Layzell, Timothy Nikkel, Sebastian Hengst, Andreas Pehrson, and the Mozilla ... |
| CVE-2022-38478 | HIGH | 8.8 | 1 | 2022-12-22 | Members the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 103, Firefox ESR 102... |
| CVE-2022-38477 | HIGH | 8.8 | 1 | 2022-12-22 | Mozilla developer Nika Layzell and the Mozilla Fuzzing Team reported memory safety bugs present in F... |
| CVE-2022-38473 | HIGH | 8.8 | 1 | 2022-12-22 | A cross-origin iframe referencing an XSLT document would inherit the parent domain's permissions (su... |
| CVE-2022-34484 | HIGH | 8.8 | 1 | 2022-12-22 | The Mozilla Fuzzing Team reported potential vulnerabilities present in Thunderbird 91.10. Some of th... |
| CVE-2022-34483 | HIGH | 8.8 | 1 | 2022-12-22 | An attacker who could have convinced a user to drag and drop an image to a filesystem could have man... |
| CVE-2022-34482 | HIGH | 8.8 | 1 | 2022-12-22 | An attacker who could have convinced a user to drag and drop an image to a filesystem could have man... |
| CVE-2022-34481 | HIGH | 8.8 | 1 | 2022-12-22 | In the <code>nsTArray_Impl::ReplaceElementsAt()</code> function, an integer overflow could have occu... |
| CVE-2022-34480 | HIGH | 8.8 | 1 | 2022-12-22 | Within the <code>lg_init()</code> function, if several allocations succeed but then one fails, an un... |
| CVE-2022-34468 | HIGH | 8.8 | 1 | 2022-12-22 | An iframe that was not permitted to run scripts could do so if the user clicked on a <code>javascrip... |
| CVE-2022-31741 | HIGH | 8.8 | 1 | 2022-12-22 | A crafted CMS message could have been processed incorrectly, leading to an invalid memory read, and ... |
| CVE-2022-31740 | HIGH | 8.8 | 1 | 2022-12-22 | On arm64, WASM code could have resulted in incorrect assembly generation leading to a register alloc... |
| CVE-2022-29918 | HIGH | 8.8 | 1 | 2022-12-22 | Mozilla developers Gabriele Svelto, Randell Jesup and the Mozilla Fuzzing Team reported memory safet... |
| CVE-2022-29909 | HIGH | 8.8 | 1 | 2022-12-22 | Documents in deeply-nested cross-origin browsing contexts could have obtained permissions granted to... |
| CVE-2022-28289 | HIGH | 8.8 | 1 | 2022-12-22 | Mozilla developers and community members Nika Layzell, Andrew McCreight, Gabriele Svelto, and the Mo... |
| CVE-2022-28288 | HIGH | 8.8 | 1 | 2022-12-22 | Mozilla developers and community members Randell Jesup, Sebastian Hengst, and the Mozilla Fuzzing Te... |
| CVE-2022-28284 | HIGH | 8.8 | 1 | 2022-12-22 | SVG's <code><use></code> element could have been used to load unexpected content that could ha... |
| CVE-2022-28281 | HIGH | 8.8 | 1 | 2022-12-22 | If a compromised content process sent an unexpected number of WebAuthN Extensions in a Register comm... |
| CVE-2022-26485 | HIGH | 8.8 | 1 | 2022-12-22 | Removing an XSLT parameter during processing could have lead to an exploitable use-after-free. We ha... |
| CVE-2022-26381 | HIGH | 8.8 | 1 | 2022-12-22 | An attacker could have caused a use-after-free by forcing a text reflow in an SVG object leading to ... |
| CVE-2022-2505 | HIGH | 8.8 | 1 | 2022-12-22 | Mozilla developers and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 102. ... |
| CVE-2022-22764 | HIGH | 8.8 | 1 | 2022-12-22 | Mozilla developers Paul Adenot and the Mozilla Fuzzing Team reported memory safety bugs present in F... |
| CVE-2022-22763 | HIGH | 8.8 | 1 | 2022-12-22 | When a worker is shutdown, it was possible to cause script to run late in the lifecycle, at a point ... |
| CVE-2022-22761 | HIGH | 8.8 | 1 | 2022-12-22 | Web-accessible extension pages (pages with a moz-extension:// scheme) were not correctly enforcing t... |
| CVE-2022-22756 | HIGH | 8.8 | 1 | 2022-12-22 | If a user was convinced to drag and drop an image to their desktop or other folder, the resulting ob... |
| CVE-2022-22755 | HIGH | 8.8 | 1 | 2022-12-22 | By using XSL Transforms, a malicious webserver could have served a user an XSL document that would c... |
| CVE-2022-22752 | HIGH | 8.8 | 1 | 2022-12-22 | Mozilla developers Christian Holler and Jason Kratzer reported memory safety bugs present in Firefox... |
| CVE-2022-22751 | HIGH | 8.8 | 1 | 2022-12-22 | Mozilla developers Calixte Denizet, Kershaw Chang, Christian Holler, Jason Kratzer, Gabriele Svelto,... |
| CVE-2022-22740 | HIGH | 8.8 | 1 | 2022-12-22 | Certain network request objects were freed too early when releasing a network request handle. This c... |
| CVE-2022-22738 | HIGH | 8.8 | 1 | 2022-12-22 | Applying a CSS filter effect could have accessed out of bounds memory. This could have lead to a hea... |
| CVE-2022-2200 | HIGH | 8.8 | 1 | 2022-12-22 | If an object prototype was corrupted by an attacker, they would have been able to set undesired attr... |
| CVE-2022-1802 | HIGH | 8.8 | 1 | 2022-12-22 | If an attacker was able to corrupt the methods of an Array object in JavaScript via prototype pollut... |
| CVE-2022-1529 | HIGH | 8.8 | 1 | 2022-12-22 | An attacker could have sent a message to the parent process where the contents were used to double-i... |
| CVE-2022-0843 | HIGH | 8.8 | 1 | 2022-12-22 | Mozilla developers Kershaw Chang, Ryan VanderMeulen, and Randell Jesup reported memory safety bugs p... |
| CVE-2022-0511 | HIGH | 8.8 | 1 | 2022-12-22 | Mozilla developers and community members Gabriele Svelto, Sebastian Hengst, Randell Jesup, Luan Herr... |
| CVE-2021-43539 | HIGH | 8.8 | 1 | 2021-12-08 | Failure to correctly record the location of live pointers across wasm instance calls resulted in a G... |
| CVE-2021-43537 | HIGH | 8.8 | 1 | 2021-12-08 | An incorrect type conversion of sizes from 64bit to 32bit integers allowed an attacker to corrupt me... |
| CVE-2021-43535 | HIGH | 8.8 | 1 | 2021-12-08 | A use-after-free could have occured when an HTTP2 session object was released on a different thread,... |
| CVE-2021-43534 | HIGH | 8.8 | 1 | 2021-12-08 | Mozilla developers and community members reported memory safety bugs present in Firefox 93 and Firef... |
| CVE-2021-38504 | HIGH | 8.8 | 1 | 2021-12-08 | When interacting with an HTML input element's file picker dialog with webkitdirectory set, a use-aft... |
| CVE-2021-38501 | HIGH | 8.8 | 1 | 2021-11-03 | Mozilla developers reported memory safety bugs present in Firefox 92 and Firefox ESR 91.1. Some of t... |
| CVE-2021-38500 | HIGH | 8.8 | 1 | 2021-11-03 | Mozilla developers reported memory safety bugs present in Firefox 92 and Firefox ESR 91.1. Some of t... |
| CVE-2021-38499 | HIGH | 8.8 | 1 | 2021-11-03 | Mozilla developers reported memory safety bugs present in Firefox 92. Some of these bugs showed evid... |
| CVE-2021-38496 | HIGH | 8.8 | 1 | 2021-11-03 | During operations on MessageTasks, a task may have been removed while it was still scheduled, result... |
| CVE-2021-38494 | HIGH | 8.8 | 1 | 2021-11-03 | Mozilla developers reported memory safety bugs present in Firefox 91. Some of these bugs showed evid... |
| CVE-2021-38493 | HIGH | 8.8 | 1 | 2021-11-03 | Mozilla developers reported memory safety bugs present in Firefox 91 and Firefox ESR 78.13. Some of ... |
| CVE-2021-30547 | HIGH | 8.8 | 1 | 2021-06-15 | Out of bounds write in ANGLE in Google Chrome prior to 91.0.4472.101 allowed a remote attacker to po... |
| CVE-2021-29990 | HIGH | 8.8 | 1 | 2021-08-17 | Mozilla developers and community members reported memory safety bugs present in Firefox 90. Some of ... |
| CVE-2021-29989 | HIGH | 8.8 | 1 | 2021-08-17 | Mozilla developers reported memory safety bugs present in Firefox 90 and Firefox ESR 78.12. Some of ... |
| CVE-2021-29988 | HIGH | 8.8 | 1 | 2021-08-17 | Firefox incorrectly treated an inline list-item element as a block element, resulting in an out of b... |
| CVE-2021-29985 | HIGH | 8.8 | 1 | 2021-08-17 | A use-after-free vulnerability in media channels could have led to memory corruption and a potential... |
| CVE-2021-29984 | HIGH | 8.8 | 1 | 2021-08-17 | Instruction reordering resulted in a sequence of instructions that would cause an object to be incor... |
| CVE-2021-29981 | HIGH | 8.8 | 1 | 2021-08-17 | An issue present in lowering/register allocation could have led to obscure but deterministic registe... |
| CVE-2021-29980 | HIGH | 8.8 | 1 | 2021-08-17 | Uninitialized memory in a canvas object could have caused an incorrect free() leading to memory corr... |
| CVE-2021-29977 | HIGH | 8.8 | 1 | 2021-08-05 | Mozilla developers reported memory safety bugs present in Firefox 89. Some of these bugs showed evid... |
| CVE-2021-29976 | HIGH | 8.8 | 1 | 2021-08-05 | Mozilla developers reported memory safety bugs present in code shared between Firefox and Thunderbir... |
| CVE-2021-29973 | HIGH | 8.8 | 1 | 2021-08-05 | Password autofill was enabled without user interaction on insecure websites on Firefox for Android. ... |
| CVE-2021-29972 | HIGH | 8.8 | 1 | 2021-08-05 | A use-after-free vulnerability was found via testing, and traced to an out-of-date Cairo library. Up... |
| CVE-2021-29970 | HIGH | 8.8 | 1 | 2021-08-05 | A malicious webpage could have triggered a use-after-free, memory corruption, and a potentially expl... |
| CVE-2021-29967 | HIGH | 8.8 | 1 | 2021-06-24 | Mozilla developers reported memory safety bugs present in Firefox 88 and Firefox ESR 78.11. Some of ... |
| CVE-2021-29947 | HIGH | 8.8 | 1 | 2021-06-24 | Mozilla developers and community members reported memory safety bugs present in Firefox 87. Some of ... |
| CVE-2021-29946 | HIGH | 8.8 | 1 | 2021-06-24 | Ports that were written as an integer overflow above the bounds of a 16-bit integer could have bypas... |
| CVE-2021-24002 | HIGH | 8.8 | 1 | 2021-06-24 | When a user clicked on an FTP URL containing encoded newline characters (%0A and %0D), the newlines ... |
| CVE-2021-23999 | HIGH | 8.8 | 1 | 2021-06-24 | If a Blob URL was loaded through some unusual user interaction, it could have been loaded by the Sys... |
| CVE-2021-23997 | HIGH | 8.8 | 1 | 2021-06-24 | Due to unexpected data type conversions, a use-after-free could have occurred when interacting with ... |
| CVE-2021-23995 | HIGH | 8.8 | 1 | 2021-06-24 | When Responsive Design Mode was enabled, it used references to objects that were previously freed. W... |
| CVE-2021-23994 | HIGH | 8.8 | 1 | 2021-06-24 | A WebGL framebuffer was not initialized early enough, resulting in memory corruption and an out of b... |
| CVE-2021-23988 | HIGH | 8.8 | 1 | 2021-03-31 | Mozilla developers reported memory safety bugs present in Firefox 86. Some of these bugs showed evid... |
| CVE-2021-23987 | HIGH | 8.8 | 1 | 2021-03-31 | Mozilla developers and community members reported memory safety bugs present in Firefox 86 and Firef... |
| CVE-2021-23979 | HIGH | 8.8 | 1 | 2021-02-26 | Mozilla developers reported memory safety bugs present in Firefox 85. Some of these bugs showed evid... |
| CVE-2021-23978 | HIGH | 8.8 | 1 | 2021-02-26 | Mozilla developers reported memory safety bugs present in Firefox 85 and Firefox ESR 78.7. Some of t... |
| CVE-2021-23972 | HIGH | 8.8 | 1 | 2021-02-26 | One phishing tactic on the web is to provide a link with HTTP Auth. For example 'https://www.phishin... |
| CVE-2021-23965 | HIGH | 8.8 | 1 | 2021-02-26 | Mozilla developers reported memory safety bugs present in Firefox 84. Some of these bugs showed evid... |
| CVE-2021-23964 | HIGH | 8.8 | 1 | 2021-02-26 | Mozilla developers reported memory safety bugs present in Firefox 84 and Firefox ESR 78.6. Some of t... |
| CVE-2021-23962 | HIGH | 8.8 | 1 | 2021-02-26 | Incorrect use of the '<RowCountChanged>' method could have led to a user-after-poison and a potentia... |
| CVE-2021-23960 | HIGH | 8.8 | 1 | 2021-02-26 | Performing garbage collection on re-declared JavaScript variables resulted in a user-after-poison, a... |
| CVE-2021-23954 | HIGH | 8.8 | 1 | 2021-02-26 | Using the new logical assignment operators in a JavaScript switch statement could have caused a type... |
| CVE-2020-6822 | HIGH | 8.8 | 1 | 2020-04-24 | On 32-bit builds, an out of bounds write could have occurred when processing an image larger than 4 ... |
| CVE-2020-6811 | HIGH | 8.8 | 1 | 2020-03-25 | The 'Copy as cURL' feature of Devtools' network tab did not properly escape the HTTP method of a req... |
| CVE-2020-6807 | HIGH | 8.8 | 1 | 2020-03-25 | When a device was changed while a stream was about to be destroyed, the <code>stream-reinit</code> t... |
| CVE-2020-6806 | HIGH | 8.8 | 1 | 2020-03-25 | By carefully crafting promise resolutions, it was possible to cause an out-of-bounds read off the en... |
| CVE-2020-6805 | HIGH | 8.8 | 1 | 2020-03-25 | When removing data about an origin whose tab was recently closed, a use-after-free could occur in th... |
| CVE-2020-6801 | HIGH | 8.8 | 1 | 2020-03-02 | Mozilla developers reported memory safety bugs present in Firefox 72. Some of these bugs showed evid... |
| CVE-2020-6800 | HIGH | 8.8 | 1 | 2020-03-02 | Mozilla developers and community members reported memory safety bugs present in Firefox 72 and Firef... |
| CVE-2020-6796 | HIGH | 8.8 | 1 | 2020-03-02 | A content process could have modified shared memory relating to crash reporting information, crash i... |
| CVE-2020-35114 | HIGH | 8.8 | 1 | 2021-01-07 | Mozilla developers reported memory safety bugs present in Firefox 83. Some of these bugs showed evid... |
| CVE-2020-35113 | HIGH | 8.8 | 1 | 2021-01-07 | Mozilla developers reported memory safety bugs present in Firefox 83 and Firefox ESR 78.5. Some of t... |
| CVE-2020-26974 | HIGH | 8.8 | 1 | 2021-01-07 | When flex-basis was used on a table wrapper, a StyleGenericFlexBasis object could have been incorrec... |
| CVE-2020-26973 | HIGH | 8.8 | 1 | 2021-01-07 | Certain input to the CSS Sanitizer confused it, resulting in incorrect components being removed. Thi... |
| CVE-2020-26971 | HIGH | 8.8 | 1 | 2021-01-07 | Certain blit values provided by the user were not properly constrained leading to a heap buffer over... |
| CVE-2020-26969 | HIGH | 8.8 | 1 | 2020-12-09 | Mozilla developers reported memory safety bugs present in Firefox 82. Some of these bugs showed evid... |
| CVE-2020-26968 | HIGH | 8.8 | 1 | 2020-12-09 | Mozilla developers reported memory safety bugs present in Firefox 82 and Firefox ESR 78.4. Some of t... |
| CVE-2020-26960 | HIGH | 8.8 | 1 | 2020-12-09 | If the Compact() method was called on an nsTArray, the array could have been reallocated without upd... |
| CVE-2020-26959 | HIGH | 8.8 | 1 | 2020-12-09 | During browser shutdown, reference decrementing could have occured on a previously freed object, res... |
| CVE-2020-26952 | HIGH | 8.8 | 1 | 2020-12-09 | Incorrect bookkeeping of functions inlined during JIT compilation could have led to memory corruptio... |
| CVE-2020-26950 | HIGH | 8.8 | 1 | 2020-12-09 | In certain circumstances, the MCallGetProperty opcode can be emitted with unmet assumptions resultin... |
| CVE-2020-15678 | HIGH | 8.8 | 1 | 2020-10-01 | When recursing through graphical layers while scrolling, an iterator may have become invalid, result... |
| CVE-2020-15675 | HIGH | 8.8 | 1 | 2020-10-01 | When processing surfaces, the lifetime may outlive a persistent buffer leading to memory corruption ... |
| CVE-2020-15674 | HIGH | 8.8 | 1 | 2020-10-01 | Mozilla developers reported memory safety bugs present in Firefox 80. Some of these bugs showed evid... |
| CVE-2020-15673 | HIGH | 8.8 | 1 | 2020-10-01 | Mozilla developers reported memory safety bugs present in Firefox 80 and Firefox ESR 78.2. Some of t... |
| CVE-2020-15670 | HIGH | 8.8 | 1 | 2020-10-01 | Mozilla developers reported memory safety bugs present in Firefox for Android 79. Some of these bugs... |
| CVE-2020-15667 | HIGH | 8.8 | 1 | 2020-10-01 | When processing a MAR update file, after the signature has been validated, an invalid name length co... |
| CVE-2020-15663 | HIGH | 8.8 | 1 | 2020-10-01 | If Firefox is installed to a user-writable directory, the Mozilla Maintenance Service would execute ... |
| CVE-2020-15659 | HIGH | 8.8 | 1 | 2020-08-10 | Mozilla developers and community members reported memory safety bugs present in Firefox 78 and Firef... |
| CVE-2020-15656 | HIGH | 8.8 | 1 | 2020-08-10 | JIT optimizations involving the Javascript arguments object could confuse later optimizations. This ... |
| CVE-2020-12426 | HIGH | 8.8 | 1 | 2020-07-09 | Mozilla developers and community members reported memory safety bugs present in Firefox 77. Some of ... |
| CVE-2020-12422 | HIGH | 8.8 | 1 | 2020-07-09 | In non-standard configurations, a JPEG image created by JavaScript could have caused an internal var... |
| CVE-2020-12420 | HIGH | 8.8 | 1 | 2020-07-09 | When trying to connect to a STUN server, a race condition could have caused a use-after-free of a po... |
| CVE-2020-12419 | HIGH | 8.8 | 1 | 2020-07-09 | When processing callbacks that occurred during window flushing in the parent process, the associated... |
| CVE-2020-12417 | HIGH | 8.8 | 1 | 2020-07-09 | Due to confusion about ValueTags on JavaScript Objects, an object may pass through the type barrier,... |
| CVE-2020-12416 | HIGH | 8.8 | 1 | 2020-07-09 | A VideoStreamEncoder may have been freed in a race condition with VideoBroadcaster::AddOrUpdateSink,... |
| CVE-2020-12411 | HIGH | 8.8 | 1 | 2020-07-09 | Mozilla developers reported memory safety bugs present in Firefox 76. Some of these bugs showed evid... |
| CVE-2020-12410 | HIGH | 8.8 | 1 | 2020-07-09 | Mozilla developers reported memory safety bugs present in Firefox 76 and Firefox ESR 68.8. Some of t... |
| CVE-2020-12409 | HIGH | 8.8 | 1 | 2020-07-09 | When using certain blank characters in a URL, they where incorrectly rendered as spaces instead of a... |
| CVE-2020-12406 | HIGH | 8.8 | 1 | 2020-07-09 | Mozilla Developer Iain Ireland discovered a missing type check during unboxed objects removal, resul... |
| CVE-2019-9813 | HIGH | 8.8 | 1 | 2019-04-26 | Incorrect handling of __proto__ mutations may lead to type confusion in IonMonkey JIT code and can b... |
| CVE-2019-9810 | HIGH | 8.8 | 1 | 2019-04-26 | Incorrect alias information in IonMonkey JIT compiler for Array.prototype.slice method may lead to m... |
| CVE-2019-17026 | HIGH | 8.8 | 1 | 2020-03-02 | Incorrect alias information in IonMonkey JIT compiler for setting array elements could lead to a typ... |
| CVE-2019-17025 | HIGH | 8.8 | 1 | 2020-01-08 | Mozilla developers reported memory safety bugs present in Firefox 71. Some of these bugs showed evid... |
| CVE-2019-17024 | HIGH | 8.8 | 1 | 2020-01-08 | Mozilla developers reported memory safety bugs present in Firefox 71 and Firefox ESR 68.3. Some of t... |
| CVE-2019-17017 | HIGH | 8.8 | 1 | 2020-01-08 | Due to a missing case handling object types, a type confusion vulnerability could occur, resulting i... |
| CVE-2019-17013 | HIGH | 8.8 | 1 | 2020-01-08 | Mozilla developers reported memory safety bugs present in Firefox 70. Some of these bugs showed evid... |
| CVE-2019-17012 | HIGH | 8.8 | 1 | 2020-01-08 | Mozilla developers reported memory safety bugs present in Firefox 70 and Firefox ESR 68.2. Some of t... |
| CVE-2019-17008 | HIGH | 8.8 | 1 | 2020-01-08 | When using nested workers, a use-after-free could occur during worker destruction. This resulted in ... |
| CVE-2019-17005 | HIGH | 8.8 | 1 | 2020-01-08 | The plain text serializer used a fixed-size array for the number of <ol> elements it could process; ... |
| CVE-2019-11764 | HIGH | 8.8 | 1 | 2020-01-08 | Mozilla developers and community members reported memory safety bugs present in Firefox 69 and Firef... |
| CVE-2019-11760 | HIGH | 8.8 | 1 | 2020-01-08 | A fixed-size stack buffer could overflow in nrappkit when doing WebRTC signaling. This resulted in a... |
| CVE-2019-11759 | HIGH | 8.8 | 1 | 2020-01-08 | An attacker could have caused 4 bytes of HMAC output to be written past the end of a buffer stored o... |
| CVE-2019-11758 | HIGH | 8.8 | 1 | 2020-01-08 | Mozilla community member Philipp reported a memory safety bug present in Firefox 68 when 360 Total S... |
| CVE-2019-11757 | HIGH | 8.8 | 1 | 2020-01-08 | When following the value's prototype chain, it was possible to retain a reference to a locale, delet... |
| CVE-2019-11756 | HIGH | 8.8 | 1 | 2020-01-08 | Improper refcounting of soft token session objects could cause a use-after-free and crash (likely li... |
| CVE-2019-11752 | HIGH | 8.8 | 1 | 2019-09-27 | It is possible to delete an IndexedDB key value and subsequently try to extract it during conversion... |
| CVE-2019-11746 | HIGH | 8.8 | 1 | 2019-09-27 | A use-after-free vulnerability can occur while manipulating video elements if the body is freed whil... |
| CVE-2019-11745 | HIGH | 8.8 | 1 | 2020-01-08 | When encrypting with a block cipher, if a call to NSC_EncryptUpdate was made with data smaller than ... |
| CVE-2019-11740 | HIGH | 8.8 | 1 | 2019-09-27 | Mozilla developers and community members reported memory safety bugs present in Firefox 68, Firefox ... |
| CVE-2019-11735 | HIGH | 8.8 | 1 | 2019-09-27 | Mozilla developers and community members reported memory safety bugs present in Firefox 68 and Firef... |
| CVE-2019-11712 | HIGH | 8.8 | 1 | 2019-07-23 | POST requests made by NPAPI plugins, such as Flash, that receive a status 308 redirect response can ... |
| CVE-2019-11711 | HIGH | 8.8 | 1 | 2019-07-23 | When an inner window is reused, it does not consider the use of document.domain for cross-origin pro... |
| CVE-2019-11707 | HIGH | 8.8 | 1 | 2019-07-23 | A type confusion vulnerability can occur when manipulating JavaScript objects due to issues in Array... |
| CVE-2018-5158 | HIGH | 8.8 | 1 | 2018-06-11 | The PDF viewer does not sufficiently sanitize PostScript calculator functions, allowing malicious Ja... |
| CVE-2018-5146 | HIGH | 8.8 | 1 | 2018-06-11 | An out of bounds memory write while processing Vorbis audio data was reported through the Pwn2Own co... |
| CVE-2018-5130 | HIGH | 8.8 | 1 | 2018-06-11 | When packets with a mismatched RTP payload type are sent in WebRTC connections, in some circumstance... |
| CVE-2018-5127 | HIGH | 8.8 | 1 | 2018-06-11 | A buffer overflow can occur when manipulating the SVG "animatedPathSegList" through script. This res... |
| CVE-2018-5125 | HIGH | 8.8 | 1 | 2018-06-11 | Memory safety bugs were reported in Firefox 58 and Firefox ESR 52.6. Some of these bugs showed evide... |
| CVE-2018-18503 | HIGH | 8.8 | 1 | 2019-02-05 | When JavaScript is used to create and manipulate an audio buffer, a potentially exploitable crash ma... |
| CVE-2018-12406 | HIGH | 8.8 | 1 | 2019-02-28 | Mozilla developers and community members reported memory safety bugs present in Firefox 63. Some of ... |
| CVE-2018-12389 | HIGH | 8.8 | 1 | 2019-02-28 | Mozilla developers and community members reported memory safety bugs present in Firefox ESR 60.2. So... |
| CVE-2018-12388 | HIGH | 8.8 | 1 | 2019-02-28 | Mozilla developers and community members reported memory safety bugs present in Firefox 62. Some of ... |
| CVE-2018-12375 | HIGH | 8.8 | 1 | 2018-10-18 | Memory safety bugs present in Firefox 61. Some of these bugs showed evidence of memory corruption an... |
| CVE-2018-12371 | HIGH | 8.8 | 1 | 2020-07-09 | An integer overflow vulnerability in the Skia library when allocating memory for edge builders on so... |
| CVE-2018-12370 | HIGH | 8.8 | 1 | 2018-10-18 | In Reader View SameSite cookie protections are not checked on exiting. This allows for a payload to ... |
| CVE-2018-12364 | HIGH | 8.8 | 1 | 2018-10-18 | NPAPI plugins, such as Adobe Flash, can send non-simple cross-origin requests, bypassing CORS by mak... |
| CVE-2018-12363 | HIGH | 8.8 | 1 | 2018-10-18 | A use-after-free vulnerability can occur when script uses mutation events to move DOM nodes between ... |
| CVE-2018-12362 | HIGH | 8.8 | 1 | 2018-10-18 | An integer overflow can occur during graphics operations done by the Supplemental Streaming SIMD Ext... |
| CVE-2018-12361 | HIGH | 8.8 | 1 | 2018-10-18 | An integer overflow can occur in the SwizzleData code while calculating buffer sizes. The overflowed... |
| CVE-2018-12360 | HIGH | 8.8 | 1 | 2018-10-18 | A use-after-free vulnerability can occur when deleting an input element during a mutation event hand... |
| CVE-2018-12359 | HIGH | 8.8 | 1 | 2018-10-18 | A buffer overflow can occur when rendering canvas content while adjusting the height and width of th... |
| CVE-2017-7798 | HIGH | 8.8 | 1 | 2018-06-11 | The Developer Tools feature suffers from a XUL injection vulnerability due to improper sanitization ... |
| CVE-2017-7777 | HIGH | 8.8 | 1 | 2019-04-15 | Use of uninitialized memory in Graphite2 library in Firefox before 54 in graphite2::GlyphCache::Load... |
| CVE-2017-7773 | HIGH | 8.8 | 1 | 2019-04-15 | Heap-based Buffer Overflow write in Graphite2 library in Firefox before 54 in lz4::decompress src/De... |
| CVE-2017-7772 | HIGH | 8.8 | 1 | 2019-04-12 | Heap-based Buffer Overflow in Graphite2 library in Firefox before 54 in lz4::decompress function. |
| CVE-2017-7752 | HIGH | 8.8 | 1 | 2018-06-11 | A use-after-free vulnerability during specific user interactions with the input method editor (IME) ... |
| CVE-2017-5436 | HIGH | 8.8 | 1 | 2018-06-11 | An out-of-bounds write in the Graphite 2 library triggered with a maliciously crafted Graphite font.... |
| CVE-2016-9905 | HIGH | 8.8 | 1 | 2018-06-11 | A potentially exploitable crash in "EnumerateSubDocuments" while adding or removing sub-documents. T... |
| CVE-2016-5283 | HIGH | 8.8 | 1 | 2016-09-22 | Mozilla Firefox before 49.0 allows remote attackers to bypass the Same Origin Policy via a crafted f... |
| CVE-2016-5278 | HIGH | 8.8 | 1 | 2016-09-22 | Heap-based buffer overflow in the nsBMPEncoder::AddImageFrame function in Mozilla Firefox before 49.... |
| CVE-2016-5275 | HIGH | 8.8 | 1 | 2016-09-22 | Buffer overflow in the mozilla::gfx::FilterSupport::ComputeSourceNeededRegions function in Mozilla F... |
| CVE-2016-5273 | HIGH | 8.8 | 1 | 2016-09-22 | The mozilla::a11y::HyperTextAccessible::GetChildOffset function in the accessibility implementation ... |
| CVE-2016-5272 | HIGH | 8.8 | 1 | 2016-09-22 | The nsImageGeometryMixin class in Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4, and Thu... |
| CVE-2016-5264 | HIGH | 8.8 | 1 | 2016-08-05 | Use-after-free vulnerability in the nsNodeUtils::NativeAnonymousChildListChange function in Mozilla ... |
| CVE-2016-5263 | HIGH | 8.8 | 1 | 2016-08-05 | The nsDisplayList::HitTest function in Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 ... |
| CVE-2016-5261 | HIGH | 8.8 | 1 | 2016-08-05 | Integer overflow in the WebSocketChannel class in the WebSockets subsystem in Mozilla Firefox before... |
| CVE-2016-5259 | HIGH | 8.8 | 1 | 2016-08-05 | Use-after-free vulnerability in the CanonicalizeXPCOMParticipant function in Mozilla Firefox before ... |
| CVE-2016-5258 | HIGH | 8.8 | 1 | 2016-08-05 | Use-after-free vulnerability in the WebRTC socket thread in Mozilla Firefox before 48.0 and Firefox ... |
| CVE-2016-5255 | HIGH | 8.8 | 1 | 2016-08-05 | Use-after-free vulnerability in the js::PreliminaryObjectArray::sweep function in Mozilla Firefox be... |
| CVE-2016-5252 | HIGH | 8.8 | 1 | 2016-08-05 | Stack-based buffer underflow in the mozilla::gfx::BasePoint4d function in Mozilla Firefox before 48.... |
| CVE-2016-2838 | HIGH | 8.8 | 1 | 2016-08-05 | Heap-based buffer overflow in the nsBidi::BracketData::AddOpening function in Mozilla Firefox before... |
| CVE-2016-2836 | HIGH | 8.8 | 1 | 2016-08-05 | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 48.0 and Firefo... |
| CVE-2016-2835 | HIGH | 8.8 | 1 | 2016-08-05 | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 48.0 allow remo... |
| CVE-2016-2834 | HIGH | 8.8 | 1 | 2016-06-13 | Mozilla Network Security Services (NSS) before 3.23, as used in Mozilla Firefox before 47.0, allows ... |
| CVE-2016-2831 | HIGH | 8.8 | 1 | 2016-06-13 | Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2 do not ensure that the user approves th... |
| CVE-2016-2828 | HIGH | 8.8 | 1 | 2016-06-13 | Use-after-free vulnerability in Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2 allows ... |
| CVE-2016-2819 | HIGH | 8.8 | 1 | 2016-06-13 | Heap-based buffer overflow in Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2 allows re... |
| CVE-2016-2818 | HIGH | 8.8 | 1 | 2016-06-13 | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 47.0 and Firefo... |
| CVE-2016-2815 | HIGH | 8.8 | 1 | 2016-06-13 | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 47.0 allow remo... |
| CVE-2016-2814 | HIGH | 8.8 | 1 | 2016-04-30 | Heap-based buffer overflow in the stagefright::SampleTable::parseSampleCencInfo function in libstage... |
| CVE-2016-2811 | HIGH | 8.8 | 1 | 2016-04-30 | Use-after-free vulnerability in the ServiceWorkerInfo class in the Service Worker subsystem in Mozil... |
| CVE-2016-2807 | HIGH | 8.8 | 1 | 2016-04-30 | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 46.0, Firefox E... |
| CVE-2016-2806 | HIGH | 8.8 | 1 | 2016-04-30 | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 46.0 and Firefo... |
| CVE-2016-2804 | HIGH | 8.8 | 1 | 2016-04-30 | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 46.0 allow remo... |
| CVE-2016-2802 | HIGH | 8.8 | 1 | 2016-03-13 | The graphite2::TtfUtil::CmapSubtable4NextCodepoint function in Graphite 2 before 1.3.6, as used in M... |
| CVE-2016-2801 | HIGH | 8.8 | 1 | 2016-03-13 | The graphite2::TtfUtil::CmapSubtable12Lookup function in TtfUtil.cpp in Graphite 2 before 1.3.6, as ... |
| CVE-2016-2800 | HIGH | 8.8 | 1 | 2016-03-13 | The graphite2::Slot::getAttr function in Slot.cpp in Graphite 2 before 1.3.6, as used in Mozilla Fir... |
| CVE-2016-2799 | HIGH | 8.8 | 1 | 2016-03-13 | Heap-based buffer overflow in the graphite2::Slot::setAttr function in Graphite 2 before 1.3.6, as u... |
| CVE-2016-2798 | HIGH | 8.8 | 1 | 2016-03-13 | The graphite2::GlyphCache::Loader::Loader function in Graphite 2 before 1.3.6, as used in Mozilla Fi... |
| CVE-2016-2797 | HIGH | 8.8 | 1 | 2016-03-13 | The graphite2::TtfUtil::CmapSubtable12Lookup function in Graphite 2 before 1.3.6, as used in Mozilla... |
| CVE-2016-2796 | HIGH | 8.8 | 1 | 2016-03-13 | Heap-based buffer overflow in the graphite2::vm::Machine::Code::Code function in Graphite 2 before 1... |
| CVE-2016-2795 | HIGH | 8.8 | 1 | 2016-03-13 | The graphite2::FileFace::get_table_fn function in Graphite 2 before 1.3.6, as used in Mozilla Firefo... |
| CVE-2016-2794 | HIGH | 8.8 | 1 | 2016-03-13 | The graphite2::TtfUtil::CmapSubtable12NextCodepoint function in Graphite 2 before 1.3.6, as used in ... |
| CVE-2016-2793 | HIGH | 8.8 | 1 | 2016-03-13 | CachedCmap.cpp in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38... |
| CVE-2016-2792 | HIGH | 8.8 | 1 | 2016-03-13 | The graphite2::Slot::getAttr function in Slot.cpp in Graphite 2 before 1.3.6, as used in Mozilla Fir... |
| CVE-2016-2791 | HIGH | 8.8 | 1 | 2016-03-13 | The graphite2::GlyphCache::glyph function in Graphite 2 before 1.3.6, as used in Mozilla Firefox bef... |
| CVE-2016-2790 | HIGH | 8.8 | 1 | 2016-03-13 | The graphite2::TtfUtil::GetTableInfo function in Graphite 2 before 1.3.6, as used in Mozilla Firefox... |
| CVE-2016-1977 | HIGH | 8.8 | 1 | 2016-03-13 | The Machine::Code::decoder::analysis::set_ref function in Graphite 2 before 1.3.6, as used in Mozill... |
| CVE-2016-1974 | HIGH | 8.8 | 1 | 2016-03-13 | The nsScannerString::AppendUnicodeTo function in Mozilla Firefox before 45.0 and Firefox ESR 38.x be... |
| CVE-2016-1973 | HIGH | 8.8 | 1 | 2016-03-13 | Race condition in the GetStaticInstance function in the WebRTC implementation in Mozilla Firefox bef... |
| CVE-2016-1969 | HIGH | 8.8 | 1 | 2016-03-13 | The setAttr function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ... |
| CVE-2016-1968 | HIGH | 8.8 | 1 | 2016-03-13 | Integer underflow in Brotli, as used in Mozilla Firefox before 45.0, allows remote attackers to exec... |
| CVE-2016-1966 | HIGH | 8.8 | 1 | 2016-03-13 | The nsNPObjWrapper::GetNewOrUsed function in dom/plugins/base/nsJSNPRuntime.cpp in Mozilla Firefox b... |
| CVE-2016-1964 | HIGH | 8.8 | 1 | 2016-03-13 | Use-after-free vulnerability in the AtomicBaseIncDec function in Mozilla Firefox before 45.0 and Fir... |
| CVE-2016-1961 | HIGH | 8.8 | 1 | 2016-03-13 | Use-after-free vulnerability in the nsHTMLDocument::SetBody function in dom/html/nsHTMLDocument.cpp ... |
| CVE-2016-1960 | HIGH | 8.8 | 1 | 2016-03-13 | Integer underflow in the nsHtml5TreeBuilder class in the HTML5 string parser in Mozilla Firefox befo... |
| CVE-2016-1959 | HIGH | 8.8 | 1 | 2016-03-13 | The ServiceWorkerManager class in Mozilla Firefox before 45.0 allows remote attackers to execute arb... |
| CVE-2016-1954 | HIGH | 8.8 | 1 | 2016-03-13 | The nsCSPContext::SendReports function in dom/security/nsCSPContext.cpp in Mozilla Firefox before 45... |
| CVE-2016-1953 | HIGH | 8.8 | 1 | 2016-03-13 | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 45.0 allow remo... |
| CVE-2016-1952 | HIGH | 8.8 | 1 | 2016-03-13 | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 45.0 and Firefo... |
| CVE-2016-1949 | HIGH | 8.8 | 1 | 2016-02-13 | Mozilla Firefox before 44.0.2 does not properly restrict the interaction between Service Workers and... |
| CVE-2016-1935 | HIGH | 8.8 | 1 | 2016-01-31 | Buffer overflow in the BufferSubData function in Mozilla Firefox before 44.0 and Firefox ESR 38.x be... |
| CVE-2016-1521 | HIGH | 8.8 | 1 | 2016-02-13 | The directrun function in directmachine.cpp in Libgraphite in Graphite 2 1.2.4, as used in Mozilla F... |
| CVE-2015-4495 | HIGH | 8.8 | 1 | 2015-08-08 | The PDF reader in Mozilla Firefox before 39.0.3, Firefox ESR 38.x before 38.1.1, and Firefox OS befo... |
| CVE-2014-1531 | HIGH | 8.8 | 1 | 2014-04-30 | Use-after-free vulnerability in the nsGenericHTMLElement::GetWidthHeightForImage function in Mozilla... |
| CVE-2014-1529 | HIGH | 8.8 | 1 | 2014-04-30 | The Web Notification API in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird b... |
| CVE-2014-1518 | HIGH | 8.8 | 1 | 2014-04-30 | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 29.0, Firefox E... |
| CVE-2014-1513 | HIGH | 8.8 | 1 | 2014-03-19 | TypedArrayObject.cpp in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird befor... |
| CVE-2014-1509 | HIGH | 8.8 | 1 | 2014-03-19 | Buffer overflow in the _cairo_truetype_index_to_ucs4 function in cairo, as used in Mozilla Firefox b... |
| CVE-2014-1497 | HIGH | 8.8 | 1 | 2014-03-19 | The mozilla::WaveReader::DecodeAudioData function in Mozilla Firefox before 28.0, Firefox ESR 24.x b... |
| CVE-2014-1482 | HIGH | 8.8 | 1 | 2014-02-06 | RasterImage.cpp in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.... |
| CVE-2013-1690 | HIGH | 8.8 | 1 | 2013-06-26 | Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbird before 17.0.7, and Thunderb... |
| CVE-2011-2668 | HIGH | 8.8 | 1 | 2020-01-21 | Mozilla Firefox through 1.5.0.3 has a vulnerability in processing the content-length header |
| CVE-2025-49739 | HIGH | 8.8 | 2 | 2025-07-08 | Improper link resolution before file access ('link following') in Visual Studio allows an unauthoriz... |
| CVE-2025-21178 | HIGH | 8.8 | 1 | 2025-01-14 | Visual Studio Remote Code Execution Vulnerability |
| CVE-2025-21176 | HIGH | 8.8 | 1 | 2025-01-14 | .NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability |
| CVE-2024-35272 | HIGH | 8.8 | 1 | 2024-07-09 | SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability |
| CVE-2024-29043 | HIGH | 8.8 | 1 | 2024-04-09 | Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability |
| CVE-2024-28943 | HIGH | 8.8 | 1 | 2024-04-09 | Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability |
| CVE-2024-28941 | HIGH | 8.8 | 1 | 2024-04-09 | Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability |
| CVE-2024-28938 | HIGH | 8.8 | 1 | 2024-04-09 | Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability |
| CVE-2024-28937 | HIGH | 8.8 | 1 | 2024-04-09 | Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability |
| CVE-2024-28936 | HIGH | 8.8 | 1 | 2024-04-09 | Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability |
| CVE-2024-28935 | HIGH | 8.8 | 1 | 2024-04-09 | Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability |
| CVE-2024-28934 | HIGH | 8.8 | 1 | 2024-04-09 | Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability |
| CVE-2024-28933 | HIGH | 8.8 | 1 | 2024-04-09 | Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability |
| CVE-2024-28932 | HIGH | 8.8 | 1 | 2024-04-09 | Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability |
| CVE-2024-28931 | HIGH | 8.8 | 1 | 2024-04-09 | Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability |
| CVE-2024-28930 | HIGH | 8.8 | 1 | 2024-04-09 | Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability |
| CVE-2024-28929 | HIGH | 8.8 | 1 | 2024-04-09 | Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability |
| CVE-2023-42950 | HIGH | 8.8 | 1 | 2024-03-28 | A use after free issue was addressed with improved memory management. This issue is fixed in Safari ... |
| CVE-2023-41993 | HIGH | 8.8 | 1 | 2023-09-21 | The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14. Processing web... |
| CVE-2022-35827 | HIGH | 8.8 | 1 | 2022-08-09 | Visual Studio Remote Code Execution Vulnerability |
| CVE-2022-35826 | HIGH | 8.8 | 1 | 2022-08-09 | Visual Studio Remote Code Execution Vulnerability |
| CVE-2022-35825 | HIGH | 8.8 | 1 | 2022-08-09 | Visual Studio Remote Code Execution Vulnerability |
| CVE-2022-35777 | HIGH | 8.8 | 1 | 2022-08-09 | Visual Studio Remote Code Execution Vulnerability |
| CVE-2024-32487 | HIGH | 8.6 | 3 | 2024-04-13 | less through 653 allows OS command execution via a newline character in the name of a file, because ... |
| CVE-2024-2398 | HIGH | 8.6 | 3 | 2024-03-27 | When an application tells libcurl it wants to allow HTTP/2 server push, and the amount of received h... |
| CVE-2020-4040 | HIGH | 8.6 | 3 | 2020-06-08 | Bolt CMS before version 3.7.1 lacked CSRF protection in the preview generating endpoint. Previews ar... |
| CVE-2025-6432 | HIGH | 8.6 | 1 | 2025-06-24 | When Multi-Account Containers was enabled, DNS requests could have bypassed a SOCKS proxy when the d... |
| CVE-2025-11152 | HIGH | 8.6 | 1 | 2025-09-30 | Sandbox escape due to integer overflow in the Graphics: Canvas2D component. This vulnerability affec... |
| CVE-2024-5696 | HIGH | 8.6 | 1 | 2024-06-11 | By manipulating the text in an `<input>` tag, an attacker could have caused corrupt memory lea... |
| CVE-2024-4771 | HIGH | 8.6 | 1 | 2024-05-14 | A memory allocation check was missing which would lead to a use-after-free if the allocation failed.... |
| CVE-2022-46872 | HIGH | 8.6 | 1 | 2022-12-22 | An attacker who compromised a content process could have partially escaped the sandbox to read arbit... |
| CVE-2018-5129 | HIGH | 8.6 | 1 | 2018-06-11 | A lack of parameter validation on IPC messages results in a potential out-of-bounds write through ma... |
| CVE-2017-5448 | HIGH | 8.6 | 1 | 2018-06-11 | An out-of-bounds write in "ClearKeyDecryptor" while decrypting some Clearkey-encrypted media content... |
| CVE-2025-50059 | HIGH | 8.6 | 1 | 2025-07-15 | Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition produ... |
| CVE-2025-46334 | HIGH | 8.6 | 2 | 2025-07-10 | Git GUI allows you to use the Git source control management tools via a GUI. A malicious repository ... |
| CVE-2025-27614 | HIGH | 8.6 | 2 | 2025-07-10 | Gitk is a Tcl/Tk based Git history browser. Starting with 2.41.0, a Git repository can be crafted in... |
| CVE-2023-23618 | HIGH | 8.6 | 1 | 2023-02-14 | Git for Windows is the Windows port of the revision control system Git. Prior to Git for Windows ver... |
| CVE-2022-41953 | HIGH | 8.6 | 1 | 2023-01-17 | Git GUI is a convenient graphical tool that comes with Git for Windows. Its target audience is users... |
| CVE-2022-39260 | HIGH | 8.5 | 1 | 2022-10-19 | Git is an open source, scalable, distributed revision control system. `git shell` is a restricted lo... |
| CVE-2025-46835 | HIGH | 8.5 | 2 | 2025-07-10 | Git GUI allows you to use the Git source control management tools via a GUI. When a user clones an u... |
| CVE-2024-56406 | HIGH | 8.4 | 3 | 2025-04-13 | A heap buffer overflow vulnerability was discovered in Perl. Release branches 5.34, 5.36, 5.38 and... |
| CVE-2024-29944 | HIGH | 8.4 | 1 | 2024-03-22 | An attacker was able to inject an event handler into a privileged object that would allow arbitrary ... |
| CVE-2024-2608 | HIGH | 8.4 | 1 | 2024-03-19 | `AppendEncodedAttributeValue(), ExtraSpaceNeededForAttrEncoding()` and `AppendEncodedCharacters()` c... |
| CVE-2024-1555 | HIGH | 8.3 | 1 | 2024-02-20 | When opening a website using the `firefox://` protocol handler, SameSite cookies were not properly r... |
| CVE-2019-9811 | HIGH | 8.3 | 1 | 2019-07-23 | As part of a winning Pwn2Own entry, a researcher demonstrated a sandbox escape by installing a malic... |
| CVE-2019-11716 | HIGH | 8.3 | 1 | 2019-07-23 | Until explicitly accessed by script, window.globalThis is not enumerable and, as a result, is not vi... |
| CVE-2013-5598 | HIGH | 8.3 | 1 | 2013-10-30 | PDF.js in Mozilla Firefox before 25.0 and Firefox ESR 24.x before 24.1 does not properly handle the ... |
| CVE-2025-6297 | HIGH | 8.2 | 3 | 2025-07-01 | It was discovered that dpkg-deb does not properly sanitize directory permissions when extracting a c... |
| CVE-2021-37701 | HIGH | 8.2 | 3 | 2021-08-31 | The npm package "tar" (aka node-tar) before versions 4.4.16, 5.0.8, and 6.1.7 has an arbitrary file ... |
| CVE-2021-32804 | HIGH | 8.2 | 3 | 2021-08-03 | The npm package "tar" (aka node-tar) before versions 6.1.1, 5.0.6, 4.4.14, and 3.3.2 has a arbitrary... |
| CVE-2021-32803 | HIGH | 8.2 | 3 | 2021-08-03 | The npm package "tar" (aka node-tar) before versions 6.1.2, 5.0.7, 4.4.15, and 3.2.3 has an arbitrar... |
| CVE-2022-31012 | HIGH | 8.2 | 2 | 2022-07-12 | Git for Windows is a fork of Git that contains Windows-specific patches. This vulnerability in versi... |
| CVE-2020-17437 | HIGH | 8.2 | 1 | 2020-12-11 | An issue was discovered in uIP 1.0, as used in Contiki 3.0 and other products. When the Urgent flag ... |
| CVE-2025-1943 | HIGH | 8.2 | 1 | 2025-03-04 | Memory safety bugs present in Firefox 135 and Thunderbird 135. Some of these bugs showed evidence of... |
| CVE-2024-6606 | HIGH | 8.2 | 1 | 2024-07-09 | Clipboard code failed to check the index on an array access. This could have led to an out-of-bounds... |
| CVE-2024-4776 | HIGH | 8.2 | 1 | 2024-05-14 | A file dialog shown while in full-screen mode could have resulted in the window remaining disabled. ... |
| CVE-2018-5141 | HIGH | 8.2 | 1 | 2018-06-11 | A vulnerability in the notifications Push API where notifications can be sent through service worker... |
| CVE-2017-7813 | HIGH | 8.2 | 1 | 2018-06-11 | Inside the JavaScript parser, a cast of an integer to a narrower type can result in data read from o... |
| CVE-2024-53427 | HIGH | 8.1 | 2 | 2025-02-26 | decNumberCopy in decNumber.c in jq through 1.7.1 does not properly consider that NaN is interpreted ... |
| CVE-2024-32004 | HIGH | 8.1 | 4 | 2024-05-14 | Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, ... |
| CVE-2022-49043 | HIGH | 8.1 | 3 | 2025-01-26 | xmlXIncludeAddNode in xinclude.c in libxml2 before 2.11.0 has a use-after-free. |
| CVE-2024-5138 | HIGH | 8.1 | 1 | 2024-05-31 | The snapctl component within snapd allows a confined snap to interact with the snapd daemon to take ... |
| CVE-2023-31484 | HIGH | 8.1 | 1 | 2023-04-29 | CPAN.pm before 2.35 does not verify TLS certificates when downloading distributions over HTTPS. |
| CVE-2022-42915 | HIGH | 8.1 | 1 | 2022-10-29 | curl before 7.86.0 has a double free. If curl is told to use an HTTP proxy for a transfer with a non... |
| CVE-2022-24903 | HIGH | 8.1 | 1 | 2022-05-06 | Rsyslog is a rocket-fast system for log processing. Modules for TCP syslog reception have a potentia... |
| CVE-2022-22576 | HIGH | 8.1 | 1 | 2022-05-26 | An improper authentication vulnerability exists in curl 7.33.0 to and including 7.82.0 which might a... |
| CVE-2021-41072 | HIGH | 8.1 | 1 | 2021-09-14 | squashfs_opendir in unsquash-2.c in Squashfs-Tools 4.5 allows Directory Traversal, a different vulne... |
| CVE-2021-40153 | HIGH | 8.1 | 1 | 2021-08-27 | squashfs_opendir in unsquash-1.c in Squashfs-Tools 4.5 stores the filename in the directory entry; t... |
| CVE-2025-9185 | HIGH | 8.1 | 1 | 2025-08-19 | Memory safety bugs present in Firefox ESR 115.26, Firefox ESR 128.13, Thunderbird ESR 128.13, Firefo... |
| CVE-2025-9184 | HIGH | 8.1 | 1 | 2025-08-19 | Memory safety bugs present in Firefox ESR 140.1, Thunderbird ESR 140.1, Firefox 141 and Thunderbird ... |
| CVE-2025-9180 | HIGH | 8.1 | 1 | 2025-08-19 | Same-origin policy bypass in the Graphics: Canvas2D component. This vulnerability affects Firefox < ... |
| CVE-2025-8039 | HIGH | 8.1 | 1 | 2025-07-22 | In some cases search terms persisted in the URL bar even after navigating away from the search page.... |
| CVE-2025-8036 | HIGH | 8.1 | 1 | 2025-07-22 | Thunderbird cached CORS preflight responses across IP address changes. This allowed circumventing CO... |
| CVE-2025-8032 | HIGH | 8.1 | 1 | 2025-07-22 | XSLT document loading did not correctly propagate the source document which bypassed its CSP. This v... |
| CVE-2025-8030 | HIGH | 8.1 | 1 | 2025-07-22 | Insufficient escaping in the “Copy as cURL” feature could potentially be used to trick a user into e... |
| CVE-2025-8029 | HIGH | 8.1 | 1 | 2025-07-22 | Thunderbird executed `javascript:` URLs when used in `object` and `embed` tags. This vulnerability a... |
| CVE-2025-6436 | HIGH | 8.1 | 1 | 2025-06-24 | Memory safety bugs present in Firefox 139 and Thunderbird 139. Some of these bugs showed evidence of... |
| CVE-2025-6435 | HIGH | 8.1 | 1 | 2025-06-24 | If a user saved a response from the Network tab in Devtools using the Save As context menu option, t... |
| CVE-2025-5269 | HIGH | 8.1 | 1 | 2025-05-27 | Memory safety bug present in Firefox ESR 128.10, and Thunderbird 128.10. This bug showed evidence of... |
| CVE-2025-5268 | HIGH | 8.1 | 1 | 2025-05-27 | Memory safety bugs present in Firefox 138, Thunderbird 138, Firefox ESR 128.10, and Thunderbird 128.... |
| CVE-2025-4093 | HIGH | 8.1 | 1 | 2025-04-29 | Memory safety bug present in Firefox ESR 128.9, and Thunderbird 128.9. This bug showed evidence of m... |
| CVE-2025-4091 | HIGH | 8.1 | 1 | 2025-04-29 | Memory safety bugs present in Firefox 137, Thunderbird 137, Firefox ESR 128.9, and Thunderbird 128.9... |
| CVE-2025-3034 | HIGH | 8.1 | 1 | 2025-04-01 | Memory safety bugs present in Firefox 136 and Thunderbird 136. Some of these bugs showed evidence of... |
| CVE-2025-3030 | HIGH | 8.1 | 1 | 2025-04-01 | Memory safety bugs present in Firefox 136, Thunderbird 136, Firefox ESR 128.8, and Thunderbird 128.8... |
| CVE-2025-14333 | HIGH | 8.1 | 1 | 2025-12-09 | Memory safety bugs present in Firefox ESR 140.5, Thunderbird ESR 140.5, Firefox 145 and Thunderbird ... |
| CVE-2025-13027 | HIGH | 8.1 | 1 | 2025-11-11 | Memory safety bugs present in Firefox 144 and Thunderbird 144. Some of these bugs showed evidence of... |
| CVE-2025-13019 | HIGH | 8.1 | 1 | 2025-11-11 | Same-origin policy bypass in the DOM: Workers component. This vulnerability affects Firefox < 145, F... |
| CVE-2025-13018 | HIGH | 8.1 | 1 | 2025-11-11 | Mitigation bypass in the DOM: Security component. This vulnerability affects Firefox < 145, Firefox ... |
| CVE-2025-13017 | HIGH | 8.1 | 1 | 2025-11-11 | Same-origin policy bypass in the DOM: Notifications component. This vulnerability affects Firefox < ... |
| CVE-2025-11713 | HIGH | 8.1 | 1 | 2025-10-14 | Insufficient escaping in the “Copy as cURL” feature could have been used to trick a user into execut... |
| CVE-2025-10534 | HIGH | 8.1 | 1 | 2025-09-16 | Spoofing issue in the Site Permissions component. This vulnerability affects Firefox < 143 and Thund... |
| CVE-2024-7525 | HIGH | 8.1 | 1 | 2024-08-06 | It was possible for a web extension with minimal permissions to create a `StreamFilter` which could ... |
| CVE-2024-7523 | HIGH | 8.1 | 1 | 2024-08-06 | A select option could partially obscure security prompts. This could be used by a malicious site to ... |
| CVE-2024-5688 | HIGH | 8.1 | 1 | 2024-06-11 | If a garbage collection was triggered at the right time, a use-after-free could have occurred during... |
| CVE-2024-4765 | HIGH | 8.1 | 1 | 2024-05-14 | Web application manifests were stored by using an insecure MD5 hash which allowed for a hash collisi... |
| CVE-2024-3865 | HIGH | 8.1 | 1 | 2024-04-16 | Memory safety bugs present in Firefox 124. Some of these bugs showed evidence of memory corruption a... |
| CVE-2024-3864 | HIGH | 8.1 | 1 | 2024-04-16 | Memory safety bug present in Firefox 124, Firefox ESR 115.9, and Thunderbird 115.9. This bug showed ... |
| CVE-2024-2612 | HIGH | 8.1 | 1 | 2024-03-19 | If an attacker could find a way to trigger a particular code path in `SafeRefPtr`, it could have tri... |
| CVE-2024-2607 | HIGH | 8.1 | 1 | 2024-03-19 | Return registers were overwritten which could have allowed an attacker to execute arbitrary code. *N... |
| CVE-2024-1557 | HIGH | 8.1 | 1 | 2024-02-20 | Memory safety bugs present in Firefox 122. Some of these bugs showed evidence of memory corruption a... |
| CVE-2024-1553 | HIGH | 8.1 | 1 | 2024-02-20 | Memory safety bugs present in Firefox 122, Firefox ESR 115.7, and Thunderbird 115.7. Some of these b... |
| CVE-2024-11700 | HIGH | 8.1 | 1 | 2024-11-26 | Malicious websites may have been able to perform user intent confirmation through tapjacking. This c... |
| CVE-2022-42927 | HIGH | 8.1 | 1 | 2022-12-22 | A same-origin policy violation could have allowed the theft of cross-origin URL entries, leaking the... |
| CVE-2021-29993 | HIGH | 8.1 | 1 | 2021-11-03 | Firefox for Android allowed navigations through the `intent://` protocol, which could be used to cau... |
| CVE-2021-29991 | HIGH | 8.1 | 1 | 2021-11-03 | Firefox incorrectly accepted a newline in a HTTP/3 header, interpretting it as two separate headers.... |
| CVE-2021-23981 | HIGH | 8.1 | 1 | 2021-03-31 | A texture upload of a Pixel Buffer Object could have confused the WebGL code to skip binding the buf... |
| CVE-2021-23976 | HIGH | 8.1 | 1 | 2021-02-26 | When accepting a malicious intent from other installed apps, Firefox for Android accepted manifests ... |
| CVE-2020-6820 | HIGH | 8.1 | 1 | 2020-04-24 | Under certain conditions, when handling a ReadableStream, a race condition can cause a use-after-fre... |
| CVE-2020-6819 | HIGH | 8.1 | 1 | 2020-04-24 | Under certain conditions, when running the nsDocShell destructor, a race condition can cause a use-a... |
| CVE-2020-12387 | HIGH | 8.1 | 1 | 2020-05-26 | A race condition when running shutdown code for Web Worker led to a use-after-free vulnerability. Th... |
| CVE-2019-9821 | HIGH | 8.1 | 1 | 2019-07-23 | A use-after-free vulnerability can occur in AssertWorkerThread due to a race condition with shared w... |
| CVE-2018-5178 | HIGH | 8.1 | 1 | 2018-06-11 | A buffer overflow was found during UTF8 to Unicode string conversion within JavaScript with extremel... |
| CVE-2018-5163 | HIGH | 8.1 | 1 | 2018-06-11 | If a malicious attacker has used another vulnerability to gain full control over a content process, ... |
| CVE-2018-12386 | HIGH | 8.1 | 1 | 2018-10-18 | A vulnerability in register allocation in JavaScript can lead to type confusion, allowing for an arb... |
| CVE-2017-7807 | HIGH | 8.1 | 1 | 2018-06-11 | A mechanism that uses AppCache to hijack a URL in a domain using fallback by serving the files from ... |
| CVE-2017-7776 | HIGH | 8.1 | 1 | 2019-04-15 | Heap-based Buffer Overflow read in Graphite2 library in Firefox before 54 in graphite2::Silf::getCla... |
| CVE-2017-7771 | HIGH | 8.1 | 1 | 2019-04-15 | Out-of-bounds read in Graphite2 Library in Firefox before 54 in graphite2::Pass::readPass function. |
| CVE-2016-9896 | HIGH | 8.1 | 1 | 2018-06-11 | Use-after-free while manipulating the "navigator" object within WebVR. Note: WebVR is not currently ... |
| CVE-2016-5266 | HIGH | 8.1 | 1 | 2016-08-05 | Mozilla Firefox before 48.0 does not properly restrict drag-and-drop (aka dataTransfer) actions for ... |
| CVE-2025-50106 | HIGH | 8.1 | 1 | 2025-07-15 | Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition produ... |
| CVE-2025-30749 | HIGH | 8.1 | 1 | 2025-07-15 | Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition produ... |
| CVE-2023-36897 | HIGH | 8.1 | 1 | 2023-08-08 | Visual Studio Tools for Office Runtime Spoofing Vulnerability |
| CVE-2025-48384 | HIGH | 8.0 | 5 | 2025-07-08 | Git is a fast, scalable, distributed revision control system with an unusually rich command set that... |
| CVE-2025-58060 | HIGH | 8.0 | 1 | 2025-09-11 | OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems.... |
| CVE-2025-14322 | HIGH | 8.0 | 1 | 2025-12-09 | Sandbox escape due to incorrect boundary conditions in the Graphics: CanvasWebGL component. This vul... |
| CVE-2016-9070 | HIGH | 8.0 | 1 | 2018-06-11 | A maliciously crafted page loaded to the sidebar through a bookmark can reference a privileged chrom... |
| CVE-2025-26646 | HIGH | 8.0 | 2 | 2025-05-13 | External control of file name or path in .NET, Visual Studio, and Build Tools for Visual Studio allo... |
| CVE-2025-5601 | HIGH | 7.8 | 1 | 2025-06-04 | Column handling crashes in Wireshark 4.4.0 to 4.4.6 and 4.2.0 to 4.2.12 allows denial of service via... |
| CVE-2025-1492 | HIGH | 7.8 | 1 | 2025-02-20 | Bundle Protocol and CBOR dissector crashes in Wireshark 4.4.0 to 4.4.3 and 4.2.0 to 4.2.10 allows de... |
| CVE-2024-9781 | HIGH | 7.8 | 1 | 2024-10-10 | AppleTalk and RELOAD Framing dissector crash in Wireshark 4.4.0 and 4.2.0 to 4.2.7 allows denial of ... |
| CVE-2024-8250 | HIGH | 7.8 | 1 | 2024-08-29 | NTLMSSP dissector crash in Wireshark 4.2.0 to 4.0.6 and 4.0.0 to 4.0.16 allows denial of service via... |
| CVE-2024-56171 | HIGH | 7.8 | 3 | 2025-02-18 | libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a use-after-free in xmlSchemaIDCFillNodeTables a... |
| CVE-2024-48992 | HIGH | 7.8 | 2 | 2024-11-19 | Qualys discovered that needrestart, before version 3.8, allows local attackers to execute arbitrary ... |
| CVE-2024-48991 | HIGH | 7.8 | 2 | 2024-11-19 | Qualys discovered that needrestart, before version 3.8, allows local attackers to execute arbitrary ... |
| CVE-2024-48990 | HIGH | 7.8 | 2 | 2024-11-19 | Qualys discovered that needrestart, before version 3.8, allows local attackers to execute arbitrary ... |
| CVE-2024-2955 | HIGH | 7.8 | 1 | 2024-03-26 | T.38 dissector crash in Wireshark 4.2.0 to 4.0.3 and 4.0.0 to 4.0.13 allows denial of service via pa... |
| CVE-2024-11596 | HIGH | 7.8 | 1 | 2024-11-21 | ECMP dissector crash in Wireshark 4.4.0 to 4.4.1 and 4.2.0 to 4.2.8 allows denial of service via pac... |
| CVE-2024-11595 | HIGH | 7.8 | 1 | 2024-11-21 | FiveCo RAP dissector infinite loop in Wireshark 4.4.0 to 4.4.1 and 4.2.0 to 4.2.8 allows denial of s... |
| CVE-2024-11003 | HIGH | 7.8 | 2 | 2024-11-19 | Qualys discovered that needrestart, before version 3.8, passes unsanitized data to a library (Module... |
| CVE-2023-33204 | HIGH | 7.8 | 2 | 2023-05-18 | sysstat through 12.7.2 allows a multiplication integer overflow in check_overflow in common.c. NOTE:... |
| CVE-2022-48624 | HIGH | 7.8 | 3 | 2024-02-19 | close_altfile in filename.c in less before 606 omits shell_quote calls for LESSCLOSE. |
| CVE-2022-40304 | HIGH | 7.8 | 3 | 2022-11-23 | An issue was discovered in libxml2 before 2.10.3. Certain invalid XML entity definitions can corrupt... |
| CVE-2019-13638 | HIGH | 7.8 | 3 | 2019-07-26 | GNU patch through 2.7.6 is vulnerable to OS shell command injection that can be exploited by opening... |
| CVE-2018-20969 | HIGH | 7.8 | 3 | 2019-08-16 | do_ed_script in pch.c in GNU patch through 2.7.6 does not block strings beginning with a ! character... |
| CVE-2018-1000156 | HIGH | 7.8 | 3 | 2018-04-06 | GNU Patch version 2.7.6 contains an input validation vulnerability when processing patch files, spec... |
| CVE-2018-1000035 | HIGH | 7.8 | 2 | 2018-02-09 | A heap-based buffer overflow exists in Info-Zip UnZip version <= 6.00 in the processing of password-... |
| CVE-2014-8141 | HIGH | 7.8 | 2 | 2020-01-31 | Heap-based buffer overflow in the getZip64Data function in Info-ZIP UnZip 6.0 and earlier allows rem... |
| CVE-2014-8140 | HIGH | 7.8 | 2 | 2020-01-31 | Heap-based buffer overflow in the test_compr_eb function in Info-ZIP UnZip 6.0 and earlier allows re... |
| CVE-2014-8139 | HIGH | 7.8 | 2 | 2020-01-31 | Heap-based buffer overflow in the CRC32 verification in Info-ZIP UnZip 6.0 and earlier allows remote... |
| CVE-2024-22667 | HIGH | 7.8 | 1 | 2024-02-05 | Vim before 9.0.2142 has a stack-based buffer overflow because did_set_langmap in map.c calls sprintf... |
| CVE-2023-5535 | HIGH | 7.8 | 1 | 2023-10-11 | Use After Free in GitHub repository vim/vim prior to v9.0.2010. |
| CVE-2023-4781 | HIGH | 7.8 | 1 | 2023-09-05 | Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1873. |
| CVE-2023-4752 | HIGH | 7.8 | 1 | 2023-09-04 | Use After Free in GitHub repository vim/vim prior to 9.0.1858. |
| CVE-2023-4751 | HIGH | 7.8 | 1 | 2023-09-03 | Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1331. |
| CVE-2023-4750 | HIGH | 7.8 | 1 | 2023-09-04 | Use After Free in GitHub repository vim/vim prior to 9.0.1857. |
| CVE-2023-4738 | HIGH | 7.8 | 1 | 2023-09-02 | Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1848. |
| CVE-2023-4736 | HIGH | 7.8 | 1 | 2023-09-02 | Untrusted Search Path in GitHub repository vim/vim prior to 9.0.1833. |
| CVE-2023-4735 | HIGH | 7.8 | 1 | 2023-09-02 | Out-of-bounds Write in GitHub repository vim/vim prior to 9.0.1847. |
| CVE-2023-4734 | HIGH | 7.8 | 1 | 2023-09-02 | Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9.0.1846. |
| CVE-2023-4733 | HIGH | 7.8 | 1 | 2023-09-04 | Use After Free in GitHub repository vim/vim prior to 9.0.1840. |
| CVE-2023-2610 | HIGH | 7.8 | 1 | 2023-05-09 | Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9.0.1532. |
| CVE-2023-22809 | HIGH | 7.8 | 1 | 2023-01-18 | In Sudo before 1.9.12p2, the sudoedit (aka -e) feature mishandles extra arguments passed in the user... |
| CVE-2023-1127 | HIGH | 7.8 | 1 | 2023-03-01 | Divide By Zero in GitHub repository vim/vim prior to 9.0.1367. |
| CVE-2023-0512 | HIGH | 7.8 | 1 | 2023-01-30 | Divide By Zero in GitHub repository vim/vim prior to 9.0.1247. |
| CVE-2023-0433 | HIGH | 7.8 | 1 | 2023-01-21 | Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1225. |
| CVE-2023-0288 | HIGH | 7.8 | 1 | 2023-01-13 | Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1189. |
| CVE-2023-0054 | HIGH | 7.8 | 1 | 2023-01-04 | Out-of-bounds Write in GitHub repository vim/vim prior to 9.0.1145. |
| CVE-2023-0051 | HIGH | 7.8 | 1 | 2023-01-04 | Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1144. |
| CVE-2023-0049 | HIGH | 7.8 | 1 | 2023-01-04 | Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.1143. |
| CVE-2022-47696 | HIGH | 7.8 | 1 | 2023-08-22 | An issue was discovered Binutils objdump before 2.39.3 allows attackers to cause a denial of service... |
| CVE-2022-47695 | HIGH | 7.8 | 1 | 2023-08-22 | An issue was discovered Binutils objdump before 2.39.3 allows attackers to cause a denial of service... |
| CVE-2022-47673 | HIGH | 7.8 | 1 | 2023-08-22 | An issue was discovered in Binutils addr2line before 2.39.3, function parse_module contains multiple... |
| CVE-2022-47024 | HIGH | 7.8 | 1 | 2023-01-20 | A null pointer dereference issue was discovered in function gui_x11_create_blank_mouse in gui_x11.c ... |
| CVE-2022-45703 | HIGH | 7.8 | 1 | 2023-08-22 | Heap buffer overflow vulnerability in binutils readelf before 2.40 via function display_debug_sectio... |
| CVE-2022-44840 | HIGH | 7.8 | 1 | 2023-08-22 | Heap buffer overflow vulnerability in binutils readelf before 2.40 via function find_section_in_set ... |
| CVE-2022-4292 | HIGH | 7.8 | 1 | 2022-12-05 | Use After Free in GitHub repository vim/vim prior to 9.0.0882. |
| CVE-2022-41974 | HIGH | 7.8 | 1 | 2022-10-29 | multipath-tools 0.7.0 through 0.9.x before 0.9.2 allows local users to obtain root access, as exploi... |
| CVE-2022-41973 | HIGH | 7.8 | 1 | 2022-10-29 | multipath-tools 0.7.7 through 0.9.x before 0.9.2 allows local users to obtain root access, as exploi... |
| CVE-2022-4141 | HIGH | 7.8 | 1 | 2022-11-25 | Heap based buffer overflow in vim/vim 9.0.0946 and below by allowing an attacker to CTRL-W gf in the... |
| CVE-2022-40284 | HIGH | 7.8 | 1 | 2022-11-06 | A buffer overflow was discovered in NTFS-3G before 2022.10.3. Crafted metadata in an NTFS image can ... |
| CVE-2022-3715 | HIGH | 7.8 | 1 | 2023-01-05 | A flaw was found in the bash package, where a heap-buffer overflow can occur in valid parameter_tran... |
| CVE-2022-3591 | HIGH | 7.8 | 1 | 2022-12-02 | Use After Free in GitHub repository vim/vim prior to 9.0.0789. |
| CVE-2022-3491 | HIGH | 7.8 | 1 | 2022-12-03 | Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0742. |
| CVE-2022-3352 | HIGH | 7.8 | 1 | 2022-09-29 | Use After Free in GitHub repository vim/vim prior to 9.0.0614. |
| CVE-2022-3324 | HIGH | 7.8 | 1 | 2022-09-27 | Stack-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0598. |
| CVE-2022-3297 | HIGH | 7.8 | 1 | 2022-09-25 | Use After Free in GitHub repository vim/vim prior to 9.0.0579. |
| CVE-2022-3296 | HIGH | 7.8 | 1 | 2022-09-25 | Stack-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0577. |
| CVE-2022-3256 | HIGH | 7.8 | 1 | 2022-09-22 | Use After Free in GitHub repository vim/vim prior to 9.0.0530. |
| CVE-2022-3235 | HIGH | 7.8 | 1 | 2022-09-18 | Use After Free in GitHub repository vim/vim prior to 9.0.0490. |
| CVE-2022-3234 | HIGH | 7.8 | 1 | 2022-09-17 | Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0483. |
| CVE-2022-3134 | HIGH | 7.8 | 1 | 2022-09-06 | Use After Free in GitHub repository vim/vim prior to 9.0.0389. |
| CVE-2022-3099 | HIGH | 7.8 | 1 | 2022-09-03 | Use After Free in GitHub repository vim/vim prior to 9.0.0360. |
| CVE-2022-30789 | HIGH | 7.8 | 1 | 2022-05-26 | A crafted NTFS image can cause a heap-based buffer overflow in ntfs_check_log_client_array in NTFS-3... |
| CVE-2022-30788 | HIGH | 7.8 | 1 | 2022-05-26 | A crafted NTFS image can cause a heap-based buffer overflow in ntfs_mft_rec_alloc in NTFS-3G through... |
| CVE-2022-30786 | HIGH | 7.8 | 1 | 2022-05-26 | A crafted NTFS image can cause a heap-based buffer overflow in ntfs_names_full_collate in NTFS-3G th... |
| CVE-2022-30784 | HIGH | 7.8 | 1 | 2022-05-26 | A crafted NTFS image can cause heap exhaustion in ntfs_get_attribute_value in NTFS-3G through 2021.8... |
| CVE-2022-30688 | HIGH | 7.8 | 1 | 2022-05-17 | needrestart 0.8 through 3.5 before 3.6 is prone to local privilege escalation. Regexes to detect the... |
| CVE-2022-3037 | HIGH | 7.8 | 1 | 2022-08-30 | Use After Free in GitHub repository vim/vim prior to 9.0.0322. |
| CVE-2022-3016 | HIGH | 7.8 | 1 | 2022-08-28 | Use After Free in GitHub repository vim/vim prior to 9.0.0286. |
| CVE-2022-2982 | HIGH | 7.8 | 1 | 2022-08-25 | Use After Free in GitHub repository vim/vim prior to 9.0.0260. |
| CVE-2022-2946 | HIGH | 7.8 | 1 | 2022-08-23 | Use After Free in GitHub repository vim/vim prior to 9.0.0246. |
| CVE-2022-2889 | HIGH | 7.8 | 1 | 2022-08-19 | Use After Free in GitHub repository vim/vim prior to 9.0.0225. |
| CVE-2022-28657 | HIGH | 7.8 | 1 | 2024-06-04 | Apport does not disable python crash handler before entering chroot |
| CVE-2022-2862 | HIGH | 7.8 | 1 | 2022-08-17 | Use After Free in GitHub repository vim/vim prior to 9.0.0221. |
| CVE-2022-2849 | HIGH | 7.8 | 1 | 2022-08-17 | Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0220. |
| CVE-2022-2845 | HIGH | 7.8 | 1 | 2022-08-17 | Improper Validation of Specified Quantity in Input in GitHub repository vim/vim prior to 9.0.0218. |
| CVE-2022-2819 | HIGH | 7.8 | 1 | 2022-08-15 | Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0211. |
| CVE-2022-2817 | HIGH | 7.8 | 1 | 2022-08-15 | Use After Free in GitHub repository vim/vim prior to 9.0.0213. |
| CVE-2022-2816 | HIGH | 7.8 | 1 | 2022-08-15 | Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.0212. |
| CVE-2022-2581 | HIGH | 7.8 | 1 | 2022-08-01 | Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.0104. |
| CVE-2022-2580 | HIGH | 7.8 | 1 | 2022-08-01 | Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0102. |
| CVE-2022-2571 | HIGH | 7.8 | 1 | 2022-08-01 | Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0101. |
| CVE-2022-2522 | HIGH | 7.8 | 1 | 2022-07-25 | Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0061. |
| CVE-2022-2345 | HIGH | 7.8 | 1 | 2022-07-08 | Use After Free in GitHub repository vim/vim prior to 9.0.0046. |
| CVE-2022-2344 | HIGH | 7.8 | 1 | 2022-07-08 | Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0045. |
| CVE-2022-2343 | HIGH | 7.8 | 1 | 2022-07-08 | Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0044. |
| CVE-2022-2304 | HIGH | 7.8 | 1 | 2022-07-05 | Stack-based Buffer Overflow in GitHub repository vim/vim prior to 9.0. |
| CVE-2022-2289 | HIGH | 7.8 | 1 | 2022-07-03 | Use After Free in GitHub repository vim/vim prior to 9.0. |
| CVE-2022-2288 | HIGH | 7.8 | 1 | 2022-07-03 | Out-of-bounds Write in GitHub repository vim/vim prior to 9.0. |
| CVE-2022-2286 | HIGH | 7.8 | 1 | 2022-07-02 | Out-of-bounds Read in GitHub repository vim/vim prior to 9.0. |
| CVE-2022-2285 | HIGH | 7.8 | 1 | 2022-07-02 | Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9.0. |
| CVE-2022-2284 | HIGH | 7.8 | 1 | 2022-07-02 | Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0. |
| CVE-2022-2264 | HIGH | 7.8 | 1 | 2022-07-01 | Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0. |
| CVE-2022-2257 | HIGH | 7.8 | 1 | 2022-06-30 | Out-of-bounds Read in GitHub repository vim/vim prior to 9.0. |
| CVE-2022-2210 | HIGH | 7.8 | 1 | 2022-06-27 | Out-of-bounds Write in GitHub repository vim/vim prior to 8.2. |
| CVE-2022-2207 | HIGH | 7.8 | 1 | 2022-06-27 | Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. |
| CVE-2022-2206 | HIGH | 7.8 | 1 | 2022-06-26 | Out-of-bounds Read in GitHub repository vim/vim prior to 8.2. |
| CVE-2022-2183 | HIGH | 7.8 | 1 | 2022-06-23 | Out-of-bounds Read in GitHub repository vim/vim prior to 8.2. |
| CVE-2022-2182 | HIGH | 7.8 | 1 | 2022-06-23 | Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. |
| CVE-2022-2175 | HIGH | 7.8 | 1 | 2022-06-23 | Buffer Over-read in GitHub repository vim/vim prior to 8.2. |
| CVE-2022-2129 | HIGH | 7.8 | 1 | 2022-06-19 | Out-of-bounds Write in GitHub repository vim/vim prior to 8.2. |
| CVE-2022-2126 | HIGH | 7.8 | 1 | 2022-06-19 | Out-of-bounds Read in GitHub repository vim/vim prior to 8.2. |
| CVE-2022-2125 | HIGH | 7.8 | 1 | 2022-06-19 | Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. |
| CVE-2022-2124 | HIGH | 7.8 | 1 | 2022-06-19 | Buffer Over-read in GitHub repository vim/vim prior to 8.2. |
| CVE-2022-2042 | HIGH | 7.8 | 1 | 2022-06-10 | Use After Free in GitHub repository vim/vim prior to 8.2. |
| CVE-2022-2000 | HIGH | 7.8 | 1 | 2022-06-09 | Out-of-bounds Write in GitHub repository vim/vim prior to 8.2. |
| CVE-2022-1968 | HIGH | 7.8 | 1 | 2022-06-02 | Use After Free in GitHub repository vim/vim prior to 8.2. |
| CVE-2022-1942 | HIGH | 7.8 | 1 | 2022-05-31 | Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. |
| CVE-2022-1927 | HIGH | 7.8 | 1 | 2022-05-29 | Buffer Over-read in GitHub repository vim/vim prior to 8.2. |
| CVE-2022-1898 | HIGH | 7.8 | 1 | 2022-05-27 | Use After Free in GitHub repository vim/vim prior to 8.2. |
| CVE-2022-1886 | HIGH | 7.8 | 1 | 2022-05-26 | Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. |
| CVE-2022-1851 | HIGH | 7.8 | 1 | 2022-05-25 | Out-of-bounds Read in GitHub repository vim/vim prior to 8.2. |
| CVE-2022-1796 | HIGH | 7.8 | 1 | 2022-05-19 | Use After Free in GitHub repository vim/vim prior to 8.2.4979. |
| CVE-2022-1785 | HIGH | 7.8 | 1 | 2022-05-19 | Out-of-bounds Write in GitHub repository vim/vim prior to 8.2.4977. |
| CVE-2022-1769 | HIGH | 7.8 | 1 | 2022-05-17 | Buffer Over-read in GitHub repository vim/vim prior to 8.2.4974. |
| CVE-2022-1735 | HIGH | 7.8 | 1 | 2022-05-17 | Classic Buffer Overflow in GitHub repository vim/vim prior to 8.2.4969. |
| CVE-2022-1733 | HIGH | 7.8 | 1 | 2022-05-17 | Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.4968. |
| CVE-2022-1720 | HIGH | 7.8 | 1 | 2022-06-20 | Buffer Over-read in function grab_file_name in GitHub repository vim/vim prior to 8.2.4956. This vul... |
| CVE-2022-1629 | HIGH | 7.8 | 1 | 2022-05-10 | Buffer Over-read in function find_next_quote in GitHub repository vim/vim prior to 8.2.4925. This vu... |
| CVE-2022-1621 | HIGH | 7.8 | 1 | 2022-05-10 | Heap buffer overflow in vim_strncpy find_word in GitHub repository vim/vim prior to 8.2.4919. This v... |
| CVE-2022-1619 | HIGH | 7.8 | 1 | 2022-05-08 | Heap-based Buffer Overflow in function cmdline_erase_chars in GitHub repository vim/vim prior to 8.2... |
| CVE-2022-1616 | HIGH | 7.8 | 1 | 2022-05-07 | Use after free in append_command in GitHub repository vim/vim prior to 8.2.4895. This vulnerability ... |
| CVE-2022-1381 | HIGH | 7.8 | 1 | 2022-04-18 | global heap buffer overflow in skip_range in GitHub repository vim/vim prior to 8.2.4763. This vulne... |
| CVE-2022-1304 | HIGH | 7.8 | 1 | 2022-04-14 | An out-of-bounds read/write vulnerability was found in e2fsprogs 1.46.5. This issue leads to a segme... |
| CVE-2022-1242 | HIGH | 7.8 | 1 | 2024-06-03 | Apport can be tricked into connecting to arbitrary sockets as the root user |
| CVE-2022-1160 | HIGH | 7.8 | 1 | 2022-03-30 | heap buffer overflow in get_one_sourceline in GitHub repository vim/vim prior to 8.2.4647. |
| CVE-2022-1154 | HIGH | 7.8 | 1 | 2022-03-30 | Use after free in utf_ptr2char in GitHub repository vim/vim prior to 8.2.4646. |
| CVE-2022-0943 | HIGH | 7.8 | 1 | 2022-03-14 | Heap-based Buffer Overflow occurs in vim in GitHub repository vim/vim prior to 8.2.4563. |
| CVE-2022-0685 | HIGH | 7.8 | 1 | 2022-02-20 | Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior to 8.2.4418. |
| CVE-2022-0629 | HIGH | 7.8 | 1 | 2022-02-17 | Stack-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. |
| CVE-2022-0572 | HIGH | 7.8 | 1 | 2022-02-14 | Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. |
| CVE-2022-0554 | HIGH | 7.8 | 1 | 2022-02-10 | Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior to 8.2. |
| CVE-2022-0443 | HIGH | 7.8 | 1 | 2022-02-02 | Use After Free in GitHub repository vim/vim prior to 8.2. |
| CVE-2022-0417 | HIGH | 7.8 | 1 | 2022-02-01 | Heap-based Buffer Overflow GitHub repository vim/vim prior to 8.2. |
| CVE-2022-0413 | HIGH | 7.8 | 1 | 2022-01-30 | Use After Free in GitHub repository vim/vim prior to 8.2. |
| CVE-2022-0408 | HIGH | 7.8 | 1 | 2022-01-30 | Stack-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. |
| CVE-2022-0407 | HIGH | 7.8 | 1 | 2022-01-30 | Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. |
| CVE-2022-0392 | HIGH | 7.8 | 1 | 2022-01-28 | Heap-based Buffer Overflow in GitHub repository vim prior to 8.2. |
| CVE-2022-0368 | HIGH | 7.8 | 1 | 2022-01-26 | Out-of-bounds Read in GitHub repository vim/vim prior to 8.2. |
| CVE-2022-0361 | HIGH | 7.8 | 1 | 2022-01-26 | Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. |
| CVE-2022-0359 | HIGH | 7.8 | 1 | 2022-01-26 | Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. |
| CVE-2022-0261 | HIGH | 7.8 | 1 | 2022-01-18 | Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. |
| CVE-2022-0128 | HIGH | 7.8 | 1 | 2022-01-06 | vim is vulnerable to Out-of-bounds Read |
| CVE-2021-46790 | HIGH | 7.8 | 1 | 2022-05-02 | ntfsck in NTFS-3G through 2021.8.22 has a heap-based buffer overflow involving buffer+512*3-2. NOTE:... |
| CVE-2021-3899 | HIGH | 7.8 | 1 | 2024-06-03 | There is a race condition in the 'replaced executable' detection that, with the correct local config... |
| CVE-2021-38185 | HIGH | 7.8 | 1 | 2021-08-08 | GNU cpio through 2.13 allows attackers to execute arbitrary code via a crafted pattern file, because... |
| CVE-2021-35331 | HIGH | 7.8 | 1 | 2021-07-05 | In Tcl 8.6.11, a format string vulnerability in nmakehlp.c might allow code execution via a crafted ... |
| CVE-2025-27835 | HIGH | 7.8 | 1 | 2025-03-25 | An issue was discovered in Artifex Ghostscript before 10.05.0. A buffer overflow occurs when convert... |
| CVE-2025-27834 | HIGH | 7.8 | 1 | 2025-03-25 | An issue was discovered in Artifex Ghostscript before 10.05.0. A buffer overflow occurs via an overs... |
| CVE-2025-27833 | HIGH | 7.8 | 1 | 2025-03-25 | An issue was discovered in Artifex Ghostscript before 10.05.0. A buffer overflow occurs for a long T... |
| CVE-2025-27830 | HIGH | 7.8 | 1 | 2025-03-25 | An issue was discovered in Artifex Ghostscript before 10.05.0. A buffer overflow occurs during seria... |
| CVE-2025-26601 | HIGH | 7.8 | 1 | 2025-02-25 | A use-after-free flaw was found in X.Org and Xwayland. When changing an alarm, the values of the cha... |
| CVE-2025-26600 | HIGH | 7.8 | 1 | 2025-02-25 | A use-after-free flaw was found in X.Org and Xwayland. When a device is removed while still frozen, ... |
| CVE-2025-26599 | HIGH | 7.8 | 1 | 2025-02-25 | An access to an uninitialized pointer flaw was found in X.Org and Xwayland. The function compCheckRe... |
| CVE-2025-26598 | HIGH | 7.8 | 1 | 2025-02-25 | An out-of-bounds write flaw was found in X.Org and Xwayland. The function GetBarrierDevice() searche... |
| CVE-2025-26597 | HIGH | 7.8 | 1 | 2025-02-25 | A buffer overflow flaw was found in X.Org and Xwayland. If XkbChangeTypesOfKey() is called with a 0 ... |
| CVE-2025-26596 | HIGH | 7.8 | 1 | 2025-02-25 | A heap overflow flaw was found in X.Org and Xwayland. The computation of the length in XkbSizeKeySym... |
| CVE-2025-26595 | HIGH | 7.8 | 1 | 2025-02-25 | A buffer overflow flaw was found in X.Org and Xwayland. The code in XkbVModMaskText() allocates a fi... |
| CVE-2025-26594 | HIGH | 7.8 | 1 | 2025-02-25 | A use-after-free flaw was found in X.Org and Xwayland. The root cursor is referenced in the X server... |
| CVE-2024-46956 | HIGH | 7.8 | 1 | 2024-11-10 | An issue was discovered in psi/zfile.c in Artifex Ghostscript before 10.04.0. Out-of-bounds data acc... |
| CVE-2024-46954 | HIGH | 7.8 | 1 | 2024-11-10 | An issue was discovered in decode_utf8 in base/gp_utf8.c in Artifex Ghostscript before 10.04.0. Over... |
| CVE-2024-46953 | HIGH | 7.8 | 1 | 2024-11-10 | An issue was discovered in base/gsdevice.c in Artifex Ghostscript before 10.04.0. An integer overflo... |
| CVE-2024-46952 | HIGH | 7.8 | 1 | 2024-11-10 | An issue was discovered in pdf/pdf_xref.c in Artifex Ghostscript before 10.04.0. There is a buffer o... |
| CVE-2024-46951 | HIGH | 7.8 | 1 | 2024-11-10 | An issue was discovered in psi/zcolor.c in Artifex Ghostscript before 10.04.0. An unchecked Implemen... |
| CVE-2024-3857 | HIGH | 7.8 | 1 | 2024-04-16 | The JIT created incorrect code for arguments in certain cases. This led to potential use-after-free ... |
| CVE-2024-26283 | HIGH | 7.8 | 1 | 2024-02-22 | An attacker could have executed unauthorized scripts on top origin sites using a JavaScript URI when... |
| CVE-2023-37208 | HIGH | 7.8 | 1 | 2023-07-05 | When opening Diagcab files, Firefox did not warn the user that these files may contain malicious cod... |
| CVE-2023-37203 | HIGH | 7.8 | 1 | 2023-07-05 | Insufficient validation in the Drag and Drop API in conjunction with social engineering, may have al... |
| CVE-2022-45415 | HIGH | 7.8 | 1 | 2022-12-22 | When downloading an HTML file, if the title of the page was formatted as a filename with a malicious... |
| CVE-2019-11696 | HIGH | 7.8 | 1 | 2019-07-23 | Files with the .JNLP extension used for "Java web start" applications are not treated as executable ... |
| CVE-2018-5105 | HIGH | 7.8 | 1 | 2018-06-11 | WebExtensions can bypass user prompts to first save and then open an arbitrarily downloaded file. Th... |
| CVE-2018-12379 | HIGH | 7.8 | 1 | 2018-10-18 | When the Mozilla Updater opens a MAR format file which contains a very long item filename, an out-of... |
| CVE-2017-7814 | HIGH | 7.8 | 1 | 2018-06-11 | File downloads encoded with "blob:" and "data:" URL elements bypassed normal file download checks th... |
| CVE-2016-9069 | HIGH | 7.8 | 1 | 2018-10-18 | A use-after-free in nsINode::ReplaceOrInsertBefore during DOM operations resulting in potentially ex... |
| CVE-2008-4068 | HIGH | 7.8 | 1 | 2008-09-24 | Directory traversal vulnerability in Mozilla Firefox before 2.0.0.17 and 3.x before 3.0.2, Thunderbi... |
| CVE-2025-32702 | HIGH | 7.8 | 1 | 2025-05-13 | Improper neutralization of special elements used in a command ('command injection') in Visual Studio... |
| CVE-2025-24855 | HIGH | 7.8 | 1 | 2025-03-14 | numbers.c in libxslt before 1.1.43 has a use-after-free because, in nested XPath evaluations, an XPa... |
| CVE-2024-43590 | HIGH | 7.8 | 1 | 2024-10-08 | Visual C++ Redistributable Installer Elevation of Privilege Vulnerability |
| CVE-2024-20656 | HIGH | 7.8 | 1 | 2024-01-09 | Visual Studio Elevation of Privilege Vulnerability |
| CVE-2023-36796 | HIGH | 7.8 | 1 | 2023-09-12 | Visual Studio Remote Code Execution Vulnerability |
| CVE-2023-36794 | HIGH | 7.8 | 1 | 2023-09-12 | Visual Studio Remote Code Execution Vulnerability |
| CVE-2023-36793 | HIGH | 7.8 | 1 | 2023-09-12 | Visual Studio Remote Code Execution Vulnerability |
| CVE-2023-36792 | HIGH | 7.8 | 1 | 2023-09-12 | Visual Studio Remote Code Execution Vulnerability |
| CVE-2023-32028 | HIGH | 7.8 | 1 | 2023-06-16 | Microsoft SQL OLE DB Remote Code Execution Vulnerability |
| CVE-2023-32027 | HIGH | 7.8 | 1 | 2023-06-16 | Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability |
| CVE-2023-32026 | HIGH | 7.8 | 1 | 2023-06-16 | Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability |
| CVE-2023-32025 | HIGH | 7.8 | 1 | 2023-06-16 | Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability |
| CVE-2023-29356 | HIGH | 7.8 | 1 | 2023-06-16 | Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability |
| CVE-2023-29349 | HIGH | 7.8 | 1 | 2023-06-16 | Microsoft ODBC and OLE DB Remote Code Execution Vulnerability |
| CVE-2023-28296 | HIGH | 7.8 | 1 | 2023-04-11 | Visual Studio Remote Code Execution Vulnerability |
| CVE-2023-28262 | HIGH | 7.8 | 1 | 2023-04-11 | Visual Studio Elevation of Privilege Vulnerability |
| CVE-2023-27911 | HIGH | 7.8 | 1 | 2023-04-17 | A user may be tricked into opening a malicious FBX file that may exploit a heap buffer overflow vuln... |
| CVE-2023-27910 | HIGH | 7.8 | 1 | 2023-04-17 | A user may be tricked into opening a malicious FBX file that may exploit a stack buffer overflow vul... |
| CVE-2023-27909 | HIGH | 7.8 | 1 | 2023-04-17 | An Out-Of-Bounds Write Vulnerability in Autodesk® FBX® SDK version 2020 or prior may lead to code ex... |
| CVE-2023-24897 | HIGH | 7.8 | 1 | 2023-06-14 | .NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability |
| CVE-2023-24895 | HIGH | 7.8 | 1 | 2023-06-14 | .NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability |
| CVE-2023-23381 | HIGH | 7.8 | 1 | 2023-02-14 | Visual Studio Remote Code Execution Vulnerability |
| CVE-2023-21815 | HIGH | 7.8 | 1 | 2023-02-14 | Visual Studio Remote Code Execution Vulnerability |
| CVE-2023-21808 | HIGH | 7.8 | 1 | 2023-02-14 | .NET and Visual Studio Remote Code Execution Vulnerability |
| CVE-2023-21566 | HIGH | 7.8 | 1 | 2023-02-14 | Visual Studio Elevation of Privilege Vulnerability |
| CVE-2022-41119 | HIGH | 7.8 | 1 | 2022-11-09 | Visual Studio Remote Code Execution Vulnerability |
| CVE-2022-41089 | HIGH | 7.8 | 1 | 2022-12-13 | .NET Framework Remote Code Execution Vulnerability |
| CVE-2022-41032 | HIGH | 7.8 | 1 | 2022-10-11 | NuGet Client Elevation of Privilege Vulnerability |
| CVE-2022-29187 | HIGH | 7.8 | 1 | 2022-07-12 | Git is a distributed revision control system. Git prior to versions 2.37.1, 2.36.2, 2.35.4, 2.34.4, ... |
| CVE-2022-24767 | HIGH | 7.8 | 1 | 2022-04-12 | GitHub: Git for Windows' uninstaller vulnerable to DLL hijacking when run under the SYSTEM user acco... |
| CVE-2022-24513 | HIGH | 7.8 | 1 | 2022-04-15 | Visual Studio Elevation of Privilege Vulnerability |
| CVE-2025-53773 | HIGH | 7.8 | 1 | 2025-08-12 | Improper neutralization of special elements used in a command ('command injection') in GitHub Copilo... |
| CVE-2023-1326 | HIGH | 7.7 | 1 | 2023-04-13 | A privilege escalation attack was found in apport-cli 2.26.0 and earlier which is similar to CVE-202... |
| CVE-2025-3033 | HIGH | 7.7 | 1 | 2025-04-01 | After selecting a malicious Windows `.url` shortcut from the local filesystem, an unexpected file co... |
| CVE-2025-0241 | HIGH | 7.7 | 1 | 2025-01-07 | When segmenting specially crafted text, segmentation would corrupt memory leading to a potentially e... |
| CVE-2025-1933 | HIGH | 7.6 | 1 | 2025-03-04 | On 64-bit CPUs, when the JIT compiles WASM i32 return values they can pick up bits from left over me... |
| CVE-2012-3973 | HIGH | 7.6 | 1 | 2012-08-29 | The debugger in the developer-tools subsystem in Mozilla Firefox before 15.0, when remote debugging ... |
| CVE-2011-2373 | HIGH | 7.6 | 1 | 2011-06-30 | Use-after-free vulnerability in Mozilla Firefox before 3.6.18 and 4.x through 4.0.1, Thunderbird bef... |
| CVE-2010-0178 | HIGH | 7.6 | 1 | 2010-04-05 | Mozilla Firefox before 3.0.19, 3.5.x before 3.5.9, and 3.6.x before 3.6.2, and SeaMonkey before 2.0.... |
| CVE-2006-4253 | HIGH | 7.6 | 1 | 2006-08-21 | Concurrency vulnerability in Mozilla Firefox 1.5.0.6 and earlier allows remote attackers to cause a ... |
| CVE-2006-1727 | HIGH | 7.6 | 1 | 2006-04-14 | Unspecified vulnerability in Mozilla Firefox and Thunderbird 1.x before 1.5.0.2 and 1.0.x before 1.0... |
| CVE-2025-6021 | HIGH | 7.5 | 3 | 2025-06-12 | A flaw was found in libxml2's xmlBuildQName function, where integer overflows in buffer size calcula... |
| CVE-2025-48060 | HIGH | 7.5 | 2 | 2025-05-21 | jq is a command-line JSON processor. In versions up to and including 1.7.1, a heap-buffer-overflow i... |
| CVE-2024-6119 | HIGH | 7.5 | 3 | 2024-09-03 | Issue summary: Applications performing certificate name checks (e.g., TLS clients checking server ce... |
| CVE-2024-52006 | HIGH | 7.5 | 3 | 2025-01-14 | Git is a fast, scalable, distributed revision control system with an unusually rich command set that... |
| CVE-2024-34459 | HIGH | 7.5 | 3 | 2024-05-14 | An issue was discovered in xmllint (from libxml2) before 2.11.8 and 2.12.x before 2.12.7. Formatting... |
| CVE-2024-25062 | HIGH | 7.5 | 4 | 2024-02-04 | An issue was discovered in libxml2 before 2.11.7 and 2.12.x before 2.12.5. When using the XML Reader... |
| CVE-2024-12085 | HIGH | 7.5 | 3 | 2025-01-14 | A flaw was found in rsync which could be triggered when rsync compares file checksums. This flaw all... |
| CVE-2022-46663 | HIGH | 7.5 | 3 | 2023-02-07 | In GNU Less before 609, crafted data can result in "less -R" not filtering ANSI escape sequences sen... |
| CVE-2022-40303 | HIGH | 7.5 | 3 | 2022-11-23 | An issue was discovered in libxml2 before 2.10.3. When parsing a multi-gigabyte XML document with th... |
| CVE-2022-36883 | HIGH | 7.5 | 3 | 2022-07-27 | A missing permission check in Jenkins Git Plugin 4.11.3 and earlier allows unauthenticated attackers... |
| CVE-2022-30947 | HIGH | 7.5 | 3 | 2022-05-17 | Jenkins Git Plugin 4.11.1 and earlier allows attackers able to configure pipelines to check out some... |
| CVE-2021-27367 | HIGH | 7.5 | 3 | 2021-02-17 | Controller/Backend/FileEditController.php and Controller/Backend/FilemanagerController.php in Bolt b... |
| CVE-2020-13987 | HIGH | 7.5 | 2 | 2020-12-11 | An issue was discovered in Contiki through 3.0. An Out-of-Bounds Read vulnerability exists in the uI... |
| CVE-2018-6952 | HIGH | 7.5 | 3 | 2018-02-13 | A double free exists in the another_hunk function in pch.c in GNU patch through 2.7.6. |
| CVE-2018-6951 | HIGH | 7.5 | 3 | 2018-02-13 | An issue was discovered in GNU patch through 2.7.6. There is a segmentation fault, associated with a... |
| CVE-2023-5363 | HIGH | 7.5 | 1 | 2023-10-25 | Issue summary: A bug has been identified in the processing of key and initialisation vector (IV) len... |
| CVE-2023-5344 | HIGH | 7.5 | 1 | 2023-10-02 | Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1969. |
| CVE-2023-28319 | HIGH | 7.5 | 1 | 2023-05-26 | A use after free vulnerability exists in curl <v8.1.0 in the way libcurl offers a feature to verify ... |
| CVE-2023-25652 | HIGH | 7.5 | 2 | 2023-04-25 | Git is a revision control system. Prior to versions 2.30.9, 2.31.8, 2.32.7, 2.33.8, 2.34.8, 2.35.8, ... |
| CVE-2023-0401 | HIGH | 7.5 | 1 | 2023-02-08 | A NULL pointer can be dereferenced when signatures are being verified on PKCS7 signed or signedAndEn... |
| CVE-2023-0217 | HIGH | 7.5 | 1 | 2023-02-08 | An invalid pointer dereference on read can be triggered when an application tries to check a malform... |
| CVE-2023-0216 | HIGH | 7.5 | 1 | 2023-02-08 | An invalid pointer dereference on read can be triggered when an application tries to load malformed ... |
| CVE-2022-43551 | HIGH | 7.5 | 1 | 2022-12-23 | A vulnerability exists in curl <7.87.0 HSTS check that could be bypassed to trick it to keep using H... |
| CVE-2022-42916 | HIGH | 7.5 | 1 | 2022-10-29 | In curl before 7.86.0, the HSTS check could be bypassed to trick it into staying with HTTP. Using it... |
| CVE-2022-3996 | HIGH | 7.5 | 1 | 2022-12-13 | If an X.509 certificate contains a malformed policy constraint and policy processing is enabled, the... |
| CVE-2022-3786 | HIGH | 7.5 | 1 | 2022-11-01 | A buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint... |
| CVE-2022-3602 | HIGH | 7.5 | 1 | 2022-11-01 | A buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint... |
| CVE-2022-3358 | HIGH | 7.5 | 1 | 2022-10-11 | OpenSSL supports creating a custom cipher via the legacy EVP_CIPHER_meth_new() function and associat... |
| CVE-2022-28653 | HIGH | 7.5 | 1 | 2025-01-31 | Users can consume unlimited disk space in /var/crash |
| CVE-2022-27782 | HIGH | 7.5 | 1 | 2022-06-02 | libcurl would reuse a previously created connection even when a TLS or SSHrelated option had been ch... |
| CVE-2022-27781 | HIGH | 7.5 | 1 | 2022-06-02 | libcurl provides the `CURLOPT_CERTINFO` option to allow applications torequest details to be returne... |
| CVE-2022-27780 | HIGH | 7.5 | 1 | 2022-06-02 | The curl URL parser wrongly accepts percent-encoded URL separators like '/'when decoding the host na... |
| CVE-2022-27775 | HIGH | 7.5 | 1 | 2022-06-02 | An information disclosure vulnerability exists in curl 7.65.0 to 7.82.0 are vulnerable that by using... |
| CVE-2022-24975 | HIGH | 7.5 | 1 | 2022-02-11 | The --mirror documentation for Git through 2.35.1 does not mention the availability of deleted conte... |
| CVE-2022-1620 | HIGH | 7.5 | 1 | 2022-05-08 | NULL Pointer Dereference in function vim_regexec_string at regexp.c:2729 in GitHub repository vim/vi... |
| CVE-2022-1473 | HIGH | 7.5 | 1 | 2022-05-03 | The OPENSSL_LH_flush() function, which empties a hash table, contains a bug that breaks reuse of the... |
| CVE-2021-46101 | HIGH | 7.5 | 1 | 2022-01-31 | In Git for windows through 2.34.1 when using git pull to update the local warehouse, git.cmd can be ... |
| CVE-2025-9182 | HIGH | 7.5 | 1 | 2025-08-19 | Denial-of-service due to out-of-memory in the Graphics: WebRender component. This vulnerability affe... |
| CVE-2025-55029 | HIGH | 7.5 | 1 | 2025-08-19 | Malicious scripts could bypass the popup blocker to spam new tabs, potentially resulting in denial o... |
| CVE-2025-5270 | HIGH | 7.5 | 1 | 2025-05-27 | In certain cases, SNI could have been sent unencrypted even when encrypted DNS was enabled. This vul... |
| CVE-2025-1937 | HIGH | 7.5 | 1 | 2025-03-04 | Memory safety bugs present in Firefox 135, Thunderbird 135, Firefox ESR 115.20, Firefox ESR 128.7, a... |
| CVE-2025-1931 | HIGH | 7.5 | 1 | 2025-03-04 | It was possible to cause a use-after-free in the content process side of a WebTransport connection, ... |
| CVE-2025-14327 | HIGH | 7.5 | 1 | 2025-12-09 | Spoofing issue in the Downloads Panel component. This vulnerability affects Firefox < 146 and Thunde... |
| CVE-2025-13025 | HIGH | 7.5 | 1 | 2025-11-11 | Incorrect boundary conditions in the Graphics: WebGPU component. This vulnerability affects Firefox ... |
| CVE-2025-13016 | HIGH | 7.5 | 1 | 2025-11-11 | Incorrect boundary conditions in the JavaScript: WebAssembly component. This vulnerability affects F... |
| CVE-2025-13012 | HIGH | 7.5 | 1 | 2025-11-11 | Race condition in the Graphics component. This vulnerability affects Firefox < 145, Firefox ESR < 14... |
| CVE-2025-11153 | HIGH | 7.5 | 1 | 2025-09-30 | JIT miscompilation in the JavaScript Engine: JIT component. This vulnerability affects Firefox < 143... |
| CVE-2025-10535 | HIGH | 7.5 | 1 | 2025-09-16 | Information disclosure, mitigation bypass in the Privacy component in Firefox for Android. This vuln... |
| CVE-2025-1012 | HIGH | 7.5 | 1 | 2025-02-04 | A race during concurrent delazification could have led to a use-after-free. This vulnerability affec... |
| CVE-2024-9399 | HIGH | 7.5 | 1 | 2024-10-01 | A website configured to initiate a specially crafted WebTransport session could crash the Firefox pr... |
| CVE-2024-9394 | HIGH | 7.5 | 1 | 2024-10-01 | An attacker could, via a specially crafted multipart response, execute arbitrary JavaScript under th... |
| CVE-2024-9393 | HIGH | 7.5 | 1 | 2024-10-01 | An attacker could, via a specially crafted multipart response, execute arbitrary JavaScript under th... |
| CVE-2024-8900 | HIGH | 7.5 | 1 | 2024-09-17 | An attacker could write data to the user's clipboard, bypassing the user prompt, during a certain se... |
| CVE-2024-8383 | HIGH | 7.5 | 1 | 2024-09-03 | Firefox normally asks for confirmation before asking the operating system to find an application to ... |
| CVE-2024-7652 | HIGH | 7.5 | 1 | 2024-09-06 | An error in the ECMA-262 specification relating to Async Generators could have resulted in a type co... |
| CVE-2024-6604 | HIGH | 7.5 | 1 | 2024-07-09 | Memory safety bugs present in Firefox 127, Firefox ESR 115.12, and Thunderbird 115.12. Some of these... |
| CVE-2024-5702 | HIGH | 7.5 | 1 | 2024-06-11 | Memory corruption in the networking stack could have led to a potentially exploitable crash. This vu... |
| CVE-2024-5694 | HIGH | 7.5 | 1 | 2024-06-11 | An attacker could have caused a use-after-free in the JavaScript engine to read memory in the JavaSc... |
| CVE-2024-4773 | HIGH | 7.5 | 1 | 2024-05-14 | When a network error occurred during page load, the prior content could have remained in view with a... |
| CVE-2024-3858 | HIGH | 7.5 | 1 | 2024-04-16 | It was possible to mutate a JavaScript object so that the JIT could crash while tracing it. This vul... |
| CVE-2024-3853 | HIGH | 7.5 | 1 | 2024-04-16 | A use-after-free could result if a JavaScript realm was in the process of being initialized when a g... |
| CVE-2024-3852 | HIGH | 7.5 | 1 | 2024-04-16 | GetBoundName could return the wrong version of an object when JIT optimizations were applied. This v... |
| CVE-2024-29511 | HIGH | 7.5 | 1 | 2024-07-03 | Artifex Ghostscript before 10.03.1, when Tesseract is used for OCR, has a directory traversal issue ... |
| CVE-2024-2613 | HIGH | 7.5 | 1 | 2024-03-19 | Data was not properly sanitized when decoding a QUIC ACK frame; this could have led to unrestricted ... |
| CVE-2024-1546 | HIGH | 7.5 | 1 | 2024-02-20 | When storing and re-accessing data on a networking channel, the length of buffers may have been conf... |
| CVE-2024-11702 | HIGH | 7.5 | 1 | 2024-11-26 | Copying sensitive information from Private Browsing tabs on Android, such as passwords, may have ina... |
| CVE-2024-10466 | HIGH | 7.5 | 1 | 2024-10-29 | By sending a specially crafted push message, a remote server could have hung the parent process, cau... |
| CVE-2024-10459 | HIGH | 7.5 | 1 | 2024-10-29 | An attacker could have caused a use-after-free when accessibility was enabled, leading to a potentia... |
| CVE-2024-10458 | HIGH | 7.5 | 1 | 2024-10-29 | A permission leak could have occurred from a trusted site to an untrusted site via `embed` or `objec... |
| CVE-2024-0744 | HIGH | 7.5 | 1 | 2024-01-23 | In some circumstances, JIT compiled code could have dereferenced a wild pointer value. This could ha... |
| CVE-2024-0743 | HIGH | 7.5 | 1 | 2024-01-23 | An unchecked return value in TLS handshake code could have caused a potentially exploitable crash. T... |
| CVE-2023-5728 | HIGH | 7.5 | 1 | 2023-10-25 | During garbage collection extra operations were performed on a object that should not be. This could... |
| CVE-2023-5724 | HIGH | 7.5 | 1 | 2023-10-25 | Drivers are not always robust to extremely large draw calls and in some cases this scenario could ha... |
| CVE-2023-5173 | HIGH | 7.5 | 1 | 2023-09-27 | In a non-standard configuration of Firefox, an integer overflow could have occurred based on network... |
| CVE-2023-4583 | HIGH | 7.5 | 1 | 2023-09-11 | When checking if the Browsing Context had been discarded in `HttpBaseChannel`, if the load group was... |
| CVE-2023-4055 | HIGH | 7.5 | 1 | 2023-08-01 | When the number of cookies per domain was exceeded in `document.cookie`, the actual cookie jar sent ... |
| CVE-2023-4051 | HIGH | 7.5 | 1 | 2023-08-01 | A website could have obscured the full screen notification by using the file open dialog. This could... |
| CVE-2023-4050 | HIGH | 7.5 | 1 | 2023-08-01 | In some cases, an untrusted input stream was copied to a stack buffer without checking its size. Thi... |
| CVE-2023-4048 | HIGH | 7.5 | 1 | 2023-08-01 | An out-of-bounds read could have led to an exploitable crash when parsing HTML with DOMParser in low... |
| CVE-2023-32209 | HIGH | 7.5 | 1 | 2023-06-19 | A maliciously crafted favicon could have led to an out of memory crash. This vulnerability affects F... |
| CVE-2023-29537 | HIGH | 7.5 | 1 | 2023-06-02 | Multiple race conditions in the font initialization could have led to memory corruption and executio... |
| CVE-2023-25747 | HIGH | 7.5 | 1 | 2023-06-19 | A potential use-after-free in libaudio was fixed by disabling the AAudio backend when running on And... |
| CVE-2023-25733 | HIGH | 7.5 | 1 | 2023-06-19 | The return value from `gfx::SourceSurfaceSkia::Map()` wasn't being verified which could have potenti... |
| CVE-2022-45407 | HIGH | 7.5 | 1 | 2022-12-22 | If an attacker loaded a font using <code>FontFace()</code> on a background worker, a use-after-free ... |
| CVE-2022-36319 | HIGH | 7.5 | 1 | 2022-12-22 | When combining CSS properties for overflow and transform, the mouse cursor could interact with diffe... |
| CVE-2022-34477 | HIGH | 7.5 | 1 | 2022-12-22 | The MediaError message property should be consistent to avoid leaking information about cross-origin... |
| CVE-2022-26387 | HIGH | 7.5 | 1 | 2022-12-22 | When installing an add-on, Firefox verified the signature before prompting the user; but while the u... |
| CVE-2022-22741 | HIGH | 7.5 | 1 | 2022-12-22 | When resizing a popup while requesting fullscreen access, the popup would have become unable to leav... |
| CVE-2022-22737 | HIGH | 7.5 | 1 | 2022-12-22 | Constructing audio sinks could have lead to a race condition when playing audio files and closing wi... |
| CVE-2021-38498 | HIGH | 7.5 | 1 | 2021-11-03 | During process shutdown, a document could have caused a use-after-free of a languages service object... |
| CVE-2021-29952 | HIGH | 7.5 | 1 | 2021-06-24 | When Web Render components were destructed, a race condition could have caused undefined behavior, a... |
| CVE-2020-6830 | HIGH | 7.5 | 1 | 2020-05-26 | For native-to-JS bridging, the app requires a unique token to be passed that ensures non-app code ca... |
| CVE-2020-6821 | HIGH | 7.5 | 1 | 2020-04-24 | When reading from areas partially or fully outside the source resource with WebGL's <code>copyTexSub... |
| CVE-2020-6809 | HIGH | 7.5 | 1 | 2020-03-25 | When a Web Extension had the all-urls permission and made a fetch request with a mode set to 'same-o... |
| CVE-2020-27569 | HIGH | 7.5 | 1 | 2021-04-21 | Arbitrary File Write exists in Aviatrix VPN Client 2.8.2 and earlier. The VPN service writes logs to... |
| CVE-2020-15681 | HIGH | 7.5 | 1 | 2020-10-22 | When multiple WASM threads had a reference to a module, and were looking up exported functions, one ... |
| CVE-2020-12391 | HIGH | 7.5 | 1 | 2020-05-26 | Documents formed using data: URLs in an OBJECT element failed to inherit the CSP of the creating con... |
| CVE-2019-9809 | HIGH | 7.5 | 1 | 2019-04-26 | If the source for resources on a page is through an FTP connection, it is possible to trigger a seri... |
| CVE-2019-9806 | HIGH | 7.5 | 1 | 2019-04-26 | A vulnerability exists during authorization prompting for FTP transaction where successive modal pro... |
| CVE-2019-9802 | HIGH | 7.5 | 1 | 2019-04-26 | If a Sandbox content process is compromised, it can initiate an FTP download which will then use a c... |
| CVE-2019-9799 | HIGH | 7.5 | 1 | 2019-04-26 | Insufficient bounds checking of data during inter-process communication might allow a compromised co... |
| CVE-2019-17011 | HIGH | 7.5 | 1 | 2020-01-08 | Under certain conditions, when retrieving a document from a DocShell in the antitracking code, a rac... |
| CVE-2019-17010 | HIGH | 7.5 | 1 | 2020-01-08 | Under certain conditions, when checking the Resist Fingerprinting preference during device orientati... |
| CVE-2019-11729 | HIGH | 7.5 | 1 | 2019-07-23 | Empty or malformed p256-ECDH public keys may trigger a segmentation fault due values being improperl... |
| CVE-2019-11723 | HIGH | 7.5 | 1 | 2019-07-23 | A vulnerability exists during the installation of add-ons where the initial fetch ignored the origin... |
| CVE-2019-11719 | HIGH | 7.5 | 1 | 2019-07-23 | When importing a curve25519 private key in PKCS#8format with leading 0x00 bytes, it is possible to t... |
| CVE-2018-5182 | HIGH | 7.5 | 1 | 2018-06-11 | If a text string that happens to be a filename in the operating system's native format is dragged an... |
| CVE-2018-5181 | HIGH | 7.5 | 1 | 2018-06-11 | If a URL using the "file:" protocol is dragged and dropped onto an open tab that is running in a dif... |
| CVE-2018-5180 | HIGH | 7.5 | 1 | 2018-06-11 | A use-after-free vulnerability can occur during WebGL operations. While this results in a potentiall... |
| CVE-2018-5179 | HIGH | 7.5 | 1 | 2019-04-26 | A service worker can send the activate event on itself periodically which allows it to run perpetual... |
| CVE-2018-5177 | HIGH | 7.5 | 1 | 2018-06-11 | A vulnerability exists in XSLT during number formatting where a negative buffer size may be allocate... |
| CVE-2018-5166 | HIGH | 7.5 | 1 | 2018-06-11 | WebExtensions can use request redirection and a "filterReponseData" filter to bypass host permission... |
| CVE-2018-5160 | HIGH | 7.5 | 1 | 2018-06-11 | WebRTC can use a "WrappedI420Buffer" pixel buffer but the owning image object can be freed while it ... |
| CVE-2018-5157 | HIGH | 7.5 | 1 | 2018-06-11 | Same-origin protections for the PDF viewer can be bypassed, allowing a malicious site to intercept m... |
| CVE-2018-5153 | HIGH | 7.5 | 1 | 2018-06-11 | If websocket data is sent with mixed text and binary in a single message, the binary data can be cor... |
| CVE-2018-5137 | HIGH | 7.5 | 1 | 2018-06-11 | A legacy extension's non-contentaccessible, defined resources can be loaded by an arbitrary web page... |
| CVE-2018-5136 | HIGH | 7.5 | 1 | 2018-06-11 | A shared worker created from a "data:" URL in one tab can be shared by another tab with a different ... |
| CVE-2018-5135 | HIGH | 7.5 | 1 | 2018-06-11 | WebExtensions can bypass normal restrictions in some circumstances and use "browser.tabs.executeScri... |
| CVE-2018-5134 | HIGH | 7.5 | 1 | 2018-06-11 | WebExtensions may use "view-source:" URLs to view local "file:" URL content, as well as content stor... |
| CVE-2018-5115 | HIGH | 7.5 | 1 | 2018-06-11 | If an HTTP authentication prompt is triggered by a background network request from a page or extensi... |
| CVE-2018-5113 | HIGH | 7.5 | 1 | 2018-06-11 | The "browser.identity.launchWebAuthFlow" function of WebExtensions is only allowed to load content o... |
| CVE-2018-5112 | HIGH | 7.5 | 1 | 2018-06-11 | Development Tools panels of an extension are required to load URLs for the panels as relative URLs f... |
| CVE-2018-5101 | HIGH | 7.5 | 1 | 2018-06-11 | A use-after-free vulnerability can occur when manipulating floating "first-letter" style elements, r... |
| CVE-2018-5100 | HIGH | 7.5 | 1 | 2018-06-11 | A use-after-free vulnerability can occur when arguments passed to the "IsPotentiallyScrollable" func... |
| CVE-2018-5094 | HIGH | 7.5 | 1 | 2018-06-11 | A heap buffer overflow vulnerability may occur in WebAssembly when "shrinkElements" is called follow... |
| CVE-2018-5093 | HIGH | 7.5 | 1 | 2018-06-11 | A heap buffer overflow vulnerability may occur in WebAssembly during Memory/Table resizing, resultin... |
| CVE-2018-12401 | HIGH | 7.5 | 1 | 2019-02-28 | Some special resource URIs will cause a non-exploitable crash if loaded with optional parameters fol... |
| CVE-2018-12395 | HIGH | 7.5 | 1 | 2019-02-28 | By rewriting the Host: request headers using the webRequest API, a WebExtension can bypass domain re... |
| CVE-2018-12393 | HIGH | 7.5 | 1 | 2019-02-28 | A potential vulnerability was found in 32-bit builds where an integer overflow during the conversion... |
| CVE-2017-7843 | HIGH | 7.5 | 1 | 2018-06-11 | When Private Browsing mode is used, it is possible for a web worker to write persistent data to Inde... |
| CVE-2017-7806 | HIGH | 7.5 | 1 | 2018-06-11 | A use-after-free vulnerability can occur when the layer manager is freed too early when rendering sp... |
| CVE-2017-7803 | HIGH | 7.5 | 1 | 2018-06-11 | When a page's content security policy (CSP) header contains a "sandbox" directive, other directives ... |
| CVE-2017-7797 | HIGH | 7.5 | 1 | 2018-06-11 | Response header name interning does not have same-origin protections and these headers are stored in... |
| CVE-2017-7787 | HIGH | 7.5 | 1 | 2018-06-11 | Same-origin policy protections can be bypassed on pages with embedded iframes during page reloads, a... |
| CVE-2017-7783 | HIGH | 7.5 | 1 | 2018-06-11 | If a long user name is used in a username/password combination in a site URL (such as " http://UserN... |
| CVE-2017-7762 | HIGH | 7.5 | 1 | 2018-06-11 | When entered directly, Reader Mode did not strip the username and password section of URLs displayed... |
| CVE-2017-7759 | HIGH | 7.5 | 1 | 2018-06-11 | Android intent URLs given to Firefox for Android can be used to navigate from HTTP or HTTPS URLs to ... |
| CVE-2017-7754 | HIGH | 7.5 | 1 | 2018-06-11 | An out-of-bounds read in WebGL with a maliciously crafted "ImageInfo" object during WebGL operations... |
| CVE-2017-5467 | HIGH | 7.5 | 1 | 2018-06-11 | A potential memory corruption and crash when using Skia content when drawing content outside of the ... |
| CVE-2017-5455 | HIGH | 7.5 | 1 | 2018-06-11 | The internal feed reader APIs that crossed the sandbox barrier allowed for a sandbox escape and esca... |
| CVE-2017-5454 | HIGH | 7.5 | 1 | 2018-06-11 | A mechanism to bypass file system access protections in the sandbox to use the file picker to access... |
| CVE-2017-5450 | HIGH | 7.5 | 1 | 2018-06-11 | A mechanism to spoof the Firefox for Android addressbar using a "javascript:" URI. On Firefox for An... |
| CVE-2017-5449 | HIGH | 7.5 | 1 | 2018-06-11 | A possibly exploitable crash triggered during layout and manipulation of bidirectional unicode text ... |
| CVE-2017-5445 | HIGH | 7.5 | 1 | 2018-06-11 | A vulnerability while parsing "application/http-index-format" format content where uninitialized val... |
| CVE-2017-5444 | HIGH | 7.5 | 1 | 2018-06-11 | A buffer overflow vulnerability while parsing "application/http-index-format" format content when th... |
| CVE-2017-5422 | HIGH | 7.5 | 1 | 2018-06-11 | If a malicious site uses the "view-source:" protocol in a series within a single hyperlink, it can t... |
| CVE-2017-5419 | HIGH | 7.5 | 1 | 2018-06-11 | If a malicious site repeatedly triggers a modal authentication prompt, eventually the browser UI wil... |
| CVE-2017-5416 | HIGH | 7.5 | 1 | 2018-06-11 | In certain circumstances a networking event listener can be prematurely released. This appears to re... |
| CVE-2017-5412 | HIGH | 7.5 | 1 | 2018-06-11 | A buffer overflow read during SVG filter color value operations, resulting in data exposure. This vu... |
| CVE-2017-5406 | HIGH | 7.5 | 1 | 2018-06-11 | A segmentation fault can occur in the Skia graphics library during some canvas operations due to iss... |
| CVE-2017-5388 | HIGH | 7.5 | 1 | 2018-06-11 | A STUN server in conjunction with a large number of "webkitRTCPeerConnection" objects can be used to... |
| CVE-2017-5385 | HIGH | 7.5 | 1 | 2018-06-11 | Data sent with in multipart channels, such as the multipart/x-mixed-replace MIME type, will ignore t... |
| CVE-2017-5382 | HIGH | 7.5 | 1 | 2018-06-11 | Feed preview for RSS feeds can be used to capture errors and exceptions generated by privileged cont... |
| CVE-2017-5381 | HIGH | 7.5 | 1 | 2018-06-11 | The "export" function in the Certificate Viewer can force local filesystem navigation when the "comm... |
| CVE-2017-5379 | HIGH | 7.5 | 1 | 2018-06-11 | Use-after-free vulnerability in Web Animations when interacting with cycle collection found through ... |
| CVE-2017-5378 | HIGH | 7.5 | 1 | 2018-06-11 | Hashed codes of JavaScript objects are shared between pages. This allows for pointer leaks because a... |
| CVE-2016-9904 | HIGH | 7.5 | 1 | 2018-06-11 | An attacker could use a JavaScript Map/Set timing attack to determine whether an atom is used by ano... |
| CVE-2016-9902 | HIGH | 7.5 | 1 | 2018-06-11 | The Pocket toolbar button, once activated, listens for events fired from it's own pages but does not... |
| CVE-2016-9900 | HIGH | 7.5 | 1 | 2018-06-11 | External resources that should be blocked when loaded by SVG images can bypass security restrictions... |
| CVE-2016-9897 | HIGH | 7.5 | 1 | 2018-06-11 | Memory corruption resulting in a potentially exploitable crash during WebGL functions using a vector... |
| CVE-2016-9894 | HIGH | 7.5 | 1 | 2018-06-11 | A buffer overflow in SkiaGl caused when a GrGLBuffer is truncated during allocation. Later writers w... |
| CVE-2016-9073 | HIGH | 7.5 | 1 | 2018-06-11 | WebExtensions can bypass security checks to load privileged URLs and potentially escape the WebExten... |
| CVE-2016-9068 | HIGH | 7.5 | 1 | 2018-06-11 | A use-after-free during web animations when working with timelines resulting in a potentially exploi... |
| CVE-2016-9066 | HIGH | 7.5 | 1 | 2018-06-11 | A buffer overflow resulting in a potentially exploitable crash due to memory allocation issues when ... |
| CVE-2016-5296 | HIGH | 7.5 | 1 | 2018-06-11 | A heap-buffer-overflow in Cairo when processing SVG content caused by compiler optimization, resulti... |
| CVE-2016-2821 | HIGH | 7.5 | 1 | 2016-06-13 | Use-after-free vulnerability in the mozilla::dom::Element class in Mozilla Firefox before 47.0 and F... |
| CVE-2016-2812 | HIGH | 7.5 | 1 | 2016-04-30 | Race condition in the get implementation in the ServiceWorkerManager class in the Service Worker sub... |
| CVE-2016-2808 | HIGH | 7.5 | 1 | 2016-04-30 | The watch implementation in the JavaScript engine in Mozilla Firefox before 46.0, Firefox ESR 38.x b... |
| CVE-2016-10196 | HIGH | 7.5 | 1 | 2017-03-15 | Stack-based buffer overflow in the evutil_parse_sockaddr_port function in evutil.c in libevent befor... |
| CVE-2015-7212 | HIGH | 7.5 | 1 | 2015-12-16 | Integer overflow in the mozilla::layers::BufferTextureClient::AllocateForSurface function in Mozilla... |
| CVE-2015-7210 | HIGH | 7.5 | 1 | 2015-12-16 | Use-after-free vulnerability in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.5 allows ... |
| CVE-2015-7200 | HIGH | 7.5 | 1 | 2015-11-05 | The CryptoKey interface implementation in Mozilla Firefox before 42.0 and Firefox ESR 38.x before 38... |
| CVE-2015-7199 | HIGH | 7.5 | 1 | 2015-11-05 | The (1) AddWeightedPathSegLists and (2) SVGPathSegListSMILType::Interpolate functions in Mozilla Fir... |
| CVE-2015-7198 | HIGH | 7.5 | 1 | 2015-11-05 | Buffer overflow in the rx::TextureStorage11 class in ANGLE, as used in Mozilla Firefox before 42.0 a... |
| CVE-2015-7194 | HIGH | 7.5 | 1 | 2015-11-05 | Buffer underflow in libjar in Mozilla Firefox before 42.0 and Firefox ESR 38.x before 38.4 allows re... |
| CVE-2015-7193 | HIGH | 7.5 | 1 | 2015-11-05 | Mozilla Firefox before 42.0 and Firefox ESR 38.x before 38.4 improperly follow the CORS cross-origin... |
| CVE-2015-7188 | HIGH | 7.5 | 1 | 2015-11-05 | Mozilla Firefox before 42.0 and Firefox ESR 38.x before 38.4 allow remote attackers to bypass the Sa... |
| CVE-2015-7183 | HIGH | 7.5 | 1 | 2015-11-05 | Integer overflow in the PL_ARENA_ALLOCATE implementation in Netscape Portable Runtime (NSPR) in Mozi... |
| CVE-2015-7181 | HIGH | 7.5 | 1 | 2015-11-05 | The sec_asn1d_parse_leaf function in Mozilla Network Security Services (NSS) before 3.19.2.1 and 3.2... |
| CVE-2015-7180 | HIGH | 7.5 | 1 | 2015-09-24 | The ReadbackResultWriterD3D11::Run function in Mozilla Firefox before 41.0 and Firefox ESR 38.x befo... |
| CVE-2015-7177 | HIGH | 7.5 | 1 | 2015-09-24 | The InitTextures function in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 might allo... |
| CVE-2015-7176 | HIGH | 7.5 | 1 | 2015-09-24 | The AnimationThread function in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 uses an... |
| CVE-2015-7175 | HIGH | 7.5 | 1 | 2015-09-24 | The XULContentSinkImpl::AddText function in Mozilla Firefox before 41.0 and Firefox ESR 38.x before ... |
| CVE-2015-7174 | HIGH | 7.5 | 1 | 2015-09-24 | The nsAttrAndChildArray::GrowBy function in Mozilla Firefox before 41.0 and Firefox ESR 38.x before ... |
| CVE-2015-4522 | HIGH | 7.5 | 1 | 2015-09-24 | The nsUnicodeToUTF8::GetMaxLength function in Mozilla Firefox before 41.0 and Firefox ESR 38.x befor... |
| CVE-2015-4521 | HIGH | 7.5 | 1 | 2015-09-24 | The ConvertDialogOptions function in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 mi... |
| CVE-2015-4517 | HIGH | 7.5 | 1 | 2015-09-24 | NetworkUtils.cpp in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 might allow remote ... |
| CVE-2015-4514 | HIGH | 7.5 | 1 | 2015-11-05 | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 42.0 allow remo... |
| CVE-2015-4513 | HIGH | 7.5 | 1 | 2015-11-05 | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 42.0 and Firefo... |
| CVE-2015-4509 | HIGH | 7.5 | 1 | 2015-09-24 | Use-after-free vulnerability in the HTMLVideoElement interface in Mozilla Firefox before 41.0 and Fi... |
| CVE-2015-4501 | HIGH | 7.5 | 1 | 2015-09-24 | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 41.0 allow remo... |
| CVE-2015-4500 | HIGH | 7.5 | 1 | 2015-09-24 | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 41.0 and Firefo... |
| CVE-2015-4498 | HIGH | 7.5 | 1 | 2015-08-29 | The add-on installation feature in Mozilla Firefox before 40.0.3 and Firefox ESR 38.x before 38.2.1 ... |
| CVE-2015-4492 | HIGH | 7.5 | 1 | 2015-08-16 | Use-after-free vulnerability in the XMLHttpRequest::Open implementation in Mozilla Firefox before 40... |
| CVE-2015-4489 | HIGH | 7.5 | 1 | 2015-08-16 | The nsTArray_Impl class in Mozilla Firefox before 40.0, Firefox ESR 38.x before 38.2, and Firefox OS... |
| CVE-2015-4488 | HIGH | 7.5 | 1 | 2015-08-16 | Use-after-free vulnerability in the StyleAnimationValue class in Mozilla Firefox before 40.0, Firefo... |
| CVE-2015-4487 | HIGH | 7.5 | 1 | 2015-08-16 | The nsTSubstring::ReplacePrep function in Mozilla Firefox before 40.0, Firefox ESR 38.x before 38.2,... |
| CVE-2015-4475 | HIGH | 7.5 | 1 | 2015-08-16 | The mozilla::AudioSink function in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 mish... |
| CVE-2015-2743 | HIGH | 7.5 | 1 | 2015-07-06 | PDF.js in Mozilla Firefox before 39.0 and Firefox ESR 31.x before 31.8 and 38.x before 38.1 enables ... |
| CVE-2015-2728 | HIGH | 7.5 | 1 | 2015-07-06 | The IndexedDatabaseManager class in the IndexedDB implementation in Mozilla Firefox before 39.0 and ... |
| CVE-2015-2716 | HIGH | 7.5 | 1 | 2015-05-14 | Buffer overflow in the XML parser in Mozilla Firefox before 38.0, Firefox ESR 31.x before 31.7, and ... |
| CVE-2015-2712 | HIGH | 7.5 | 1 | 2015-05-14 | The asm.js implementation in Mozilla Firefox before 38.0 does not properly determine heap lengths du... |
| CVE-2015-2709 | HIGH | 7.5 | 1 | 2015-05-14 | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 38.0 allow remo... |
| CVE-2015-2708 | HIGH | 7.5 | 1 | 2015-05-14 | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 38.0, Firefox E... |
| CVE-2015-0836 | HIGH | 7.5 | 1 | 2015-02-25 | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 36.0, Firefox E... |
| CVE-2015-0835 | HIGH | 7.5 | 1 | 2015-02-25 | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 36.0 allow remo... |
| CVE-2015-0823 | HIGH | 7.5 | 1 | 2015-02-25 | Multiple use-after-free vulnerabilities in OpenType Sanitiser, as used in Mozilla Firefox before 36.... |
| CVE-2015-0818 | HIGH | 7.5 | 1 | 2015-03-24 | Mozilla Firefox before 36.0.4, Firefox ESR 31.x before 31.5.3, and SeaMonkey before 2.33.1 allow rem... |
| CVE-2015-0815 | HIGH | 7.5 | 1 | 2015-04-01 | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 37.0, Firefox E... |
| CVE-2015-0806 | HIGH | 7.5 | 1 | 2015-04-01 | The Off Main Thread Compositing (OMTC) implementation in Mozilla Firefox before 37.0 attempts to use... |
| CVE-2015-0805 | HIGH | 7.5 | 1 | 2015-04-01 | The Off Main Thread Compositing (OMTC) implementation in Mozilla Firefox before 37.0 makes an incorr... |
| CVE-2015-0804 | HIGH | 7.5 | 1 | 2015-04-01 | The HTMLSourceElement::BindToTree function in Mozilla Firefox before 37.0 does not properly constrai... |
| CVE-2015-0803 | HIGH | 7.5 | 1 | 2015-04-01 | The HTMLSourceElement::AfterSetAttr function in Mozilla Firefox before 37.0 does not properly constr... |
| CVE-2015-0801 | HIGH | 7.5 | 1 | 2015-04-01 | Mozilla Firefox before 37.0, Firefox ESR 31.x before 31.6, and Thunderbird before 31.6 allow remote ... |
| CVE-2014-8641 | HIGH | 7.5 | 1 | 2015-01-14 | Use-after-free vulnerability in the WebRTC implementation in Mozilla Firefox before 35.0, Firefox ES... |
| CVE-2014-8636 | HIGH | 7.5 | 1 | 2015-01-14 | The XrayWrapper implementation in Mozilla Firefox before 35.0 and SeaMonkey before 2.32 does not pro... |
| CVE-2014-8635 | HIGH | 7.5 | 1 | 2015-01-14 | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 35.0 and SeaMon... |
| CVE-2014-8634 | HIGH | 7.5 | 1 | 2015-01-14 | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 35.0, Firefox E... |
| CVE-2014-1581 | HIGH | 7.5 | 1 | 2014-10-15 | Use-after-free vulnerability in DirectionalityUtils.cpp in Mozilla Firefox before 33.0, Firefox ESR ... |
| CVE-2014-1578 | HIGH | 7.5 | 1 | 2014-10-15 | The get_tile function in Mozilla Firefox before 33.0, Firefox ESR 31.x before 31.2, and Thunderbird ... |
| CVE-2014-1576 | HIGH | 7.5 | 1 | 2014-10-15 | Heap-based buffer overflow in the nsTransformedTextRun function in Mozilla Firefox before 33.0, Fire... |
| CVE-2014-1575 | HIGH | 7.5 | 1 | 2014-10-15 | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 33.0 allow remo... |
| CVE-2014-1574 | HIGH | 7.5 | 1 | 2014-10-15 | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 33.0, Firefox E... |
| CVE-2014-1543 | HIGH | 7.5 | 1 | 2014-06-11 | Multiple heap-based buffer overflows in the navigator.getGamepads function in the Gamepad API in Moz... |
| CVE-2014-1505 | HIGH | 7.5 | 1 | 2014-03-19 | The SVG filter implementation in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderb... |
| CVE-2014-1487 | HIGH | 7.5 | 1 | 2014-02-06 | The Web workers implementation in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunder... |
| CVE-2014-1485 | HIGH | 7.5 | 1 | 2014-02-06 | The Content Security Policy (CSP) implementation in Mozilla Firefox before 27.0 and SeaMonkey before... |
| CVE-2014-1481 | HIGH | 7.5 | 1 | 2014-02-06 | Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, and SeaMonkey be... |
| CVE-2014-1479 | HIGH | 7.5 | 1 | 2014-02-06 | The System Only Wrapper (SOW) implementation in Mozilla Firefox before 27.0, Firefox ESR 24.x before... |
| CVE-2013-5619 | HIGH | 7.5 | 1 | 2013-12-11 | Multiple integer overflows in the binary-search implementation in SpiderMonkey in Mozilla Firefox be... |
| CVE-2013-5607 | HIGH | 7.5 | 1 | 2013-11-20 | Integer overflow in the PL_ArenaAllocate function in Mozilla Netscape Portable Runtime (NSPR) before... |
| CVE-2013-1694 | HIGH | 7.5 | 1 | 2013-06-26 | The PreserveWrapper implementation in Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, T... |
| CVE-2012-5836 | HIGH | 7.5 | 1 | 2012-11-21 | Mozilla Firefox before 17.0, Thunderbird before 17.0, and SeaMonkey before 2.14 allow remote attacke... |
| CVE-2012-0464 | HIGH | 7.5 | 1 | 2012-03-14 | Use-after-free vulnerability in the browser engine in Mozilla Firefox before 3.6.28 and 4.x through ... |
| CVE-2012-0463 | HIGH | 7.5 | 1 | 2012-03-14 | The nsWindow implementation in the browser engine in Mozilla Firefox before 3.6.28 and 4.x through 1... |
| CVE-2012-0461 | HIGH | 7.5 | 1 | 2012-03-14 | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.6.28 and 4.x ... |
| CVE-2010-3173 | HIGH | 7.5 | 1 | 2010-10-21 | The SSL implementation in Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before ... |
| CVE-2008-5504 | HIGH | 7.5 | 1 | 2008-12-17 | Mozilla Firefox 2.x before 2.0.0.19 allows remote attackers to run arbitrary JavaScript with chrome ... |
| CVE-2008-4058 | HIGH | 7.5 | 1 | 2008-09-24 | The XPConnect component in Mozilla Firefox before 2.0.0.17 and 3.x before 3.0.2, Thunderbird before ... |
| CVE-2008-2802 | HIGH | 7.5 | 1 | 2008-07-07 | Mozilla Firefox before 2.0.0.15, Thunderbird 2.0.0.14 and earlier, and SeaMonkey before 1.1.10 allow... |
| CVE-2008-2801 | HIGH | 7.5 | 1 | 2008-07-07 | Mozilla Firefox before 2.0.0.15 and SeaMonkey before 1.1.10 do not properly implement JAR signing, w... |
| CVE-2006-2777 | HIGH | 7.5 | 1 | 2006-06-02 | Unspecified vulnerability in Mozilla Firefox before 1.5.0.4 and SeaMonkey before 1.0.2 allows remote... |
| CVE-2006-2776 | HIGH | 7.5 | 1 | 2006-06-02 | Certain privileged UI code in Mozilla Firefox and Thunderbird before 1.5.0.4 calls content-defined s... |
| CVE-2006-2775 | HIGH | 7.5 | 1 | 2006-06-02 | Mozilla Firefox and Thunderbird before 1.5.0.4 associates XUL attributes with the wrong URL under ce... |
| CVE-2006-1724 | HIGH | 7.5 | 1 | 2006-04-14 | Unspecified vulnerability in Firefox and Thunderbird before 1.5.0.2, 1.0.x before 1.0.8, Mozilla Sui... |
| CVE-2006-1531 | HIGH | 7.5 | 1 | 2006-04-14 | Unspecified vulnerability in Firefox and Thunderbird before 1.5.0.2, and SeaMonkey before 1.0.1, all... |
| CVE-2006-1530 | HIGH | 7.5 | 1 | 2006-04-14 | Unspecified vulnerability in Firefox and Thunderbird before 1.5.0.2, and SeaMonkey before 1.0.1, all... |
| CVE-2006-0294 | HIGH | 7.5 | 1 | 2006-02-02 | Mozilla Firefox before 1.5.0.1, Thunderbird 1.5 if running Javascript in mail, and SeaMonkey before ... |
| CVE-2006-0292 | HIGH | 7.5 | 1 | 2006-02-02 | The Javascript interpreter (jsinterp.c) in Mozilla and Firefox before 1.5.1 does not properly derefe... |
| CVE-2005-2871 | HIGH | 7.5 | 1 | 2005-09-09 | Buffer overflow in the International Domain Name (IDN) support in Mozilla Firefox 1.0.6 and earlier,... |
| CVE-2005-2705 | HIGH | 7.5 | 1 | 2005-09-23 | Integer overflow in the JavaScript engine in Firefox before 1.0.7 and Mozilla Suite before 1.7.12 mi... |
| CVE-2005-2702 | HIGH | 7.5 | 1 | 2005-09-23 | Firefox before 1.0.7 and Mozilla Suite before 1.7.12 allows remote attackers to cause a denial of se... |
| CVE-2005-2701 | HIGH | 7.5 | 1 | 2005-09-23 | Heap-based buffer overflow in Firefox before 1.0.7 and Mozilla Suite before 1.7.12 allows remote att... |
| CVE-2005-2270 | HIGH | 7.5 | 1 | 2005-07-13 | Firefox before 1.0.5 and Mozilla before 1.7.9 does not properly clone base objects, which allows rem... |
| CVE-2005-2269 | HIGH | 7.5 | 1 | 2005-07-13 | Firefox before 1.0.5, Mozilla before 1.7.9, and Netscape 8.0.2 does not properly verify the associat... |
| CVE-2005-2267 | HIGH | 7.5 | 1 | 2005-07-13 | Firefox before 1.0.5 allows remote attackers to steal information and possibly execute arbitrary cod... |
| CVE-2005-2264 | HIGH | 7.5 | 1 | 2005-07-13 | Firefox before 1.0.5 allows remote attackers to steal sensitive information by opening a malicious l... |
| CVE-2005-2261 | HIGH | 7.5 | 1 | 2005-07-13 | Firefox before 1.0.5, Thunderbird before 1.0.5, Mozilla before 1.7.9, Netscape 8.0.2, and K-Meleon 0... |
| CVE-2005-2260 | HIGH | 7.5 | 1 | 2005-07-13 | The browser user interface in Firefox before 1.0.5, Mozilla before 1.7.9, and Netscape 8.0.2 and 7.2... |
| CVE-2005-1532 | HIGH | 7.5 | 1 | 2005-05-12 | Firefox before 1.0.4 and Mozilla Suite before 1.7.8 do not properly limit privileges of Javascript e... |
| CVE-2005-1531 | HIGH | 7.5 | 1 | 2005-05-12 | Firefox before 1.0.4 and Mozilla Suite before 1.7.8 does not properly implement certain security che... |
| CVE-2005-1159 | HIGH | 7.5 | 1 | 2005-05-02 | The native implementations of InstallTrigger and other functions in Firefox before 1.0.3 and Mozilla... |
| CVE-2005-1157 | HIGH | 7.5 | 1 | 2005-05-02 | Firefox before 1.0.3, Mozilla Suite before 1.7.7, and Netscape 7.2 allows remote attackers to replac... |
| CVE-2005-1156 | HIGH | 7.5 | 1 | 2005-05-02 | Firefox before 1.0.3, Mozilla Suite before 1.7.7, and Netscape 7.2 allows remote attackers to execut... |
| CVE-2005-1155 | HIGH | 7.5 | 1 | 2005-05-02 | The favicon functionality in Firefox before 1.0.3 and Mozilla Suite before 1.7.7 allows remote attac... |
| CVE-2005-1154 | HIGH | 7.5 | 1 | 2005-05-02 | Firefox before 1.0.3 and Mozilla Suite before 1.7.7 allows remote attackers to execute arbitrary scr... |
| CVE-2005-1153 | HIGH | 7.5 | 1 | 2005-05-02 | Firefox before 1.0.3 and Mozilla Suite before 1.7.7, when blocking a popup, allows remote attackers ... |
| CVE-2005-0752 | HIGH | 7.5 | 1 | 2005-04-18 | The Plugin Finder Service (PFS) in Firefox before 1.0.3 allows remote attackers to execute arbitrary... |
| CVE-2005-0592 | HIGH | 7.5 | 1 | 2005-03-25 | Heap-based buffer overflow in the UTF8ToNewUnicode function for Firefox before 1.0.1 and Mozilla bef... |
| CVE-2005-0233 | HIGH | 7.5 | 1 | 2005-02-08 | The International Domain Name (IDN) support in Firefox 1.0, Camino .8.5, and Mozilla before 1.7.6 al... |
| CVE-2025-53066 | HIGH | 7.5 | 1 | 2025-10-21 | Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition produ... |
| CVE-2025-30399 | HIGH | 7.5 | 2 | 2025-06-13 | Untrusted search path in .NET and Visual Studio allows an unauthorized attacker to execute code over... |
| CVE-2025-26682 | HIGH | 7.5 | 2 | 2025-04-08 | Allocation of resources without limits or throttling in ASP.NET Core allows an unauthorized attacker... |
| CVE-2025-21172 | HIGH | 7.5 | 1 | 2025-01-14 | .NET and Visual Studio Remote Code Execution Vulnerability |
| CVE-2023-29331 | HIGH | 7.5 | 1 | 2023-06-14 | .NET, .NET Framework, and Visual Studio Denial of Service Vulnerability |
| CVE-2023-29011 | HIGH | 7.5 | 1 | 2023-04-25 | Git for Windows, the Windows port of Git, ships with an executable called `connect.exe`, which imple... |
| CVE-2023-24936 | HIGH | 7.5 | 1 | 2023-06-14 | .NET, .NET Framework, and Visual Studio Elevation of Privilege Vulnerability |
| CVE-2023-21538 | HIGH | 7.5 | 1 | 2023-01-10 | .NET Denial of Service Vulnerability |
| CVE-2022-38013 | HIGH | 7.5 | 1 | 2022-09-13 | .NET Core and Visual Studio Denial of Service Vulnerability |
| CVE-2022-34169 | HIGH | 7.5 | 1 | 2022-07-19 | The Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing mali... |
| CVE-2022-29145 | HIGH | 7.5 | 1 | 2022-05-10 | .NET and Visual Studio Denial of Service Vulnerability |
| CVE-2022-29117 | HIGH | 7.5 | 1 | 2022-05-10 | .NET and Visual Studio Denial of Service Vulnerability |
| CVE-2022-24464 | HIGH | 7.5 | 1 | 2022-03-09 | .NET and Visual Studio Denial of Service Vulnerability |
| CVE-2022-23267 | HIGH | 7.5 | 1 | 2022-05-10 | .NET and Visual Studio Denial of Service Vulnerability |
| CVE-2022-21986 | HIGH | 7.5 | 1 | 2022-02-09 | .NET Denial of Service Vulnerability |
| CVE-2018-25032 | HIGH | 7.5 | 1 | 2022-03-25 | zlib before 1.2.12 allows memory corruption when deflating (i.e., when compressing) if the input has... |
| CVE-2020-4041 | HIGH | 7.4 | 3 | 2020-06-08 | In Bolt CMS before version 3.7.1, the filename of uploaded files was vulnerable to stored XSS. It is... |
| CVE-2025-3032 | HIGH | 7.4 | 1 | 2025-04-01 | Leaking of file descriptors from the fork server to web content processes could allow for privilege ... |
| CVE-2024-6603 | HIGH | 7.4 | 1 | 2024-07-09 | In an out-of-memory scenario an allocation could fail but free would have been called on the pointer... |
| CVE-2023-5170 | HIGH | 7.4 | 1 | 2023-09-27 | In canvas rendering, a compromised content process could have caused a surface to change unexpectedl... |
| CVE-2022-4055 | HIGH | 7.4 | 1 | 2022-11-19 | When xdg-mail is configured to use thunderbird for mailto URLs, improper parsing of the URL can lead... |
| CVE-2021-23961 | HIGH | 7.4 | 1 | 2021-02-26 | Further techniques that built on the slipstream research combined with a malicious webpage could hav... |
| CVE-2021-23957 | HIGH | 7.4 | 1 | 2021-02-26 | Navigations through the Android-specific `intent` URL scheme could have been misused to escape ifram... |
| CVE-2019-9803 | HIGH | 7.4 | 1 | 2019-04-26 | The Upgrade-Insecure-Requests (UIR) specification states that if UIR is enabled through Content Secu... |
| CVE-2019-17014 | HIGH | 7.4 | 1 | 2020-01-08 | If an image had not loaded correctly (such as when it is not actually an image), it could be dragged... |
| CVE-2016-5284 | HIGH | 7.4 | 1 | 2016-09-22 | Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4, and Thunderbird < 45.4 rely on unintended... |
| CVE-2016-1963 | HIGH | 7.4 | 1 | 2016-03-13 | The FileReader class in Mozilla Firefox before 45.0 allows local users to gain privileges or cause a... |
| CVE-2016-1942 | HIGH | 7.4 | 1 | 2016-01-31 | Mozilla Firefox before 44.0 allows user-assisted remote attackers to spoof a trailing substring in t... |
| CVE-2025-21587 | HIGH | 7.4 | 1 | 2025-04-15 | Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition produ... |
| CVE-2024-21147 | HIGH | 7.4 | 1 | 2024-07-16 | Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition produ... |
| CVE-2024-20952 | HIGH | 7.4 | 1 | 2024-01-16 | Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition produ... |
| CVE-2024-20918 | HIGH | 7.4 | 1 | 2024-01-16 | Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition produ... |
| CVE-2023-21930 | HIGH | 7.4 | 1 | 2023-04-18 | Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (co... |
| CVE-2025-5272 | HIGH | 7.3 | 1 | 2025-05-27 | Memory safety bugs present in Firefox 138 and Thunderbird 138. Some of these bugs showed evidence of... |
| CVE-2025-3029 | HIGH | 7.3 | 1 | 2025-04-01 | A crafted URL containing specific Unicode characters could have hidden the true origin of the page, ... |
| CVE-2025-1936 | HIGH | 7.3 | 1 | 2025-03-04 | jar: URLs retrieve local file content packaged in a ZIP archive. The null and everything after it wa... |
| CVE-2025-14332 | HIGH | 7.3 | 1 | 2025-12-09 | Memory safety bugs present in Firefox 145 and Thunderbird 145. Some of these bugs showed evidence of... |
| CVE-2025-14325 | HIGH | 7.3 | 1 | 2025-12-09 | JIT miscompilation in the JavaScript Engine: JIT component. This vulnerability affects Firefox < 146... |
| CVE-2025-10528 | HIGH | 7.3 | 1 | 2025-09-16 | Sandbox escape due to undefined behavior, invalid pointer in the Graphics: Canvas2D component. This ... |
| CVE-2024-9403 | HIGH | 7.3 | 1 | 2024-10-01 | Memory safety bugs present in Firefox 130. Some of these bugs showed evidence of memory corruption a... |
| CVE-2018-5144 | HIGH | 7.3 | 1 | 2018-06-11 | An integer overflow can occur during conversion of text to some Unicode character sets due to an unc... |
| CVE-2017-7835 | HIGH | 7.3 | 1 | 2018-06-11 | Mixed content blocking of insecure (HTTP) sub-resources in a secure (HTTPS) document was not correct... |
| CVE-2017-5386 | HIGH | 7.3 | 1 | 2018-06-11 | WebExtension scripts can use the "data:" protocol to affect pages loaded by other web extensions usi... |
| CVE-2025-55240 | HIGH | 7.3 | 2 | 2025-10-14 | Improper access control in Visual Studio allows an authorized attacker to elevate privileges locally... |
| CVE-2025-50063 | HIGH | 7.3 | 1 | 2025-07-15 | Vulnerability in Oracle Java SE (component: Install). The supported version that is affected is Or... |
| CVE-2025-29804 | HIGH | 7.3 | 2 | 2025-04-08 | Improper access control in Visual Studio allows an authorized attacker to elevate privileges locally... |
| CVE-2025-29802 | HIGH | 7.3 | 2 | 2025-04-08 | Improper access control in Visual Studio allows an authorized attacker to elevate privileges locally... |
| CVE-2025-25003 | HIGH | 7.3 | 1 | 2025-03-11 | Uncontrolled search path element in Visual Studio allows an authorized attacker to elevate privilege... |
| CVE-2025-24998 | HIGH | 7.3 | 1 | 2025-03-11 | Uncontrolled search path element in Visual Studio allows an authorized attacker to elevate privilege... |
| CVE-2025-21206 | HIGH | 7.3 | 1 | 2025-02-11 | Visual Studio Installer Elevation of Privilege Vulnerability |
| CVE-2025-0509 | HIGH | 7.3 | 1 | 2025-02-04 | A security issue was found in Sparkle before version 2.6.4. An attacker can replace an existing sign... |
| CVE-2024-29187 | HIGH | 7.3 | 1 | 2024-03-24 | WiX toolset lets developers create installers for Windows Installer, the Windows installation engine... |
| CVE-2023-33135 | HIGH | 7.3 | 1 | 2023-06-14 | .NET and Visual Studio Elevation of Privilege Vulnerability |
| CVE-2023-33128 | HIGH | 7.3 | 1 | 2023-06-14 | .NET and Visual Studio Remote Code Execution Vulnerability |
| CVE-2023-33126 | HIGH | 7.3 | 1 | 2023-06-14 | .NET and Visual Studio Remote Code Execution Vulnerability |
| CVE-2025-55247 | HIGH | 7.3 | 1 | 2025-10-14 | Improper link resolution before file access ('link following') in .NET allows an authorized attacker... |
| CVE-2025-29803 | HIGH | 7.3 | 1 | 2025-04-12 | Uncontrolled search path element in Visual Studio Tools for Applications and SQL Server Management S... |
| CVE-2023-27320 | HIGH | 7.2 | 1 | 2023-02-28 | Sudo before 1.9.13p2 has a double free in the per-command chroot feature. |
| CVE-2013-1707 | HIGH | 7.2 | 1 | 2013-08-07 | Stack-based buffer overflow in Mozilla Updater in Mozilla Firefox before 23.0, Firefox ESR 17.x befo... |
| CVE-2013-1706 | HIGH | 7.2 | 1 | 2013-08-07 | Stack-based buffer overflow in maintenanceservice.exe in the Mozilla Maintenance Service in Mozilla ... |
| CVE-2011-2980 | HIGH | 7.2 | 1 | 2011-08-18 | Untrusted search path vulnerability in the ThinkPadSensor::Startup function in Mozilla Firefox befor... |
| CVE-2023-29012 | HIGH | 7.2 | 1 | 2023-04-25 | Git for Windows is the Windows port of Git. Prior to version 2.40.1, any user of Git CMD who starts ... |
| CVE-2023-22743 | HIGH | 7.2 | 1 | 2023-02-14 | Git for Windows is the Windows port of the revision control system Git. Prior to Git for Windows ver... |
| CVE-2023-30630 | HIGH | 7.1 | 1 | 2023-04-13 | Dmidecode before 3.5 allows -dump-bin to overwrite a local file. This has security relevance because... |
| CVE-2022-43995 | HIGH | 7.1 | 1 | 2022-11-02 | Sudo 1.8.0 through 1.9.12, with the crypt() password backend, contains a plugins/sudoers/auth/passwd... |
| CVE-2022-28655 | HIGH | 7.1 | 1 | 2024-06-04 | is_closing_session() allows users to create arbitrary tcp dbus connections |
| CVE-2022-2287 | HIGH | 7.1 | 1 | 2022-07-02 | Out-of-bounds Read in GitHub repository vim/vim prior to 9.0. |
| CVE-2022-0393 | HIGH | 7.1 | 1 | 2022-01-28 | Out-of-bounds Read in GitHub repository vim/vim prior to 8.2. |
| CVE-2025-4085 | HIGH | 7.1 | 1 | 2025-04-29 | An attacker with control over a content process could potentially leverage the privileged UITour act... |
| CVE-2025-1940 | HIGH | 7.1 | 1 | 2025-03-04 | A select option could partially obscure the confirmation prompt shown before launching external apps... |
| CVE-2025-10527 | HIGH | 7.1 | 1 | 2025-09-16 | Sandbox escape due to use-after-free in the Graphics: Canvas2D component. This vulnerability affects... |
| CVE-2024-26282 | HIGH | 7.1 | 1 | 2024-02-22 | Using an AMP url with a canonical element, an attacker could have executed JavaScript from an opened... |
| CVE-2022-42930 | HIGH | 7.1 | 1 | 2022-12-22 | If two Workers were simultaneously initializing their CacheStorage, a data race could have occurred ... |
| CVE-2018-12397 | HIGH | 7.1 | 1 | 2019-02-28 | A WebExtension can request access to local files without the warning prompt stating that the extensi... |
| CVE-2009-0776 | HIGH | 7.1 | 1 | 2009-03-05 | nsIRDFService in Mozilla Firefox before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey before 1.1... |
| CVE-2025-47959 | HIGH | 7.1 | 2 | 2025-06-13 | Improper neutralization of special elements used in a command ('command injection') in Visual Studio... |
| CVE-2023-47038 | HIGH | 7.0 | 1 | 2023-12-18 | A vulnerability was found in perl 5.30.0 through 5.38.0. This issue occurs when a crafted regular ex... |
| CVE-2023-42465 | HIGH | 7.0 | 1 | 2023-12-22 | Sudo before 1.9.15 might allow row hammer attacks (for authentication bypass or privilege escalation... |
| CVE-2023-29007 | HIGH | 7.0 | 2 | 2023-04-25 | Git is a revision control system. Prior to versions 2.30.9, 2.31.8, 2.32.7, 2.33.8, 2.34.8, 2.35.8, ... |
| CVE-2024-5700 | HIGH | 7.0 | 1 | 2024-06-11 | Memory safety bugs present in Firefox 126, Firefox ESR 115.11, and Thunderbird 115.11. Some of these... |
| CVE-2022-22736 | HIGH | 7.0 | 1 | 2022-12-22 | If Firefox was installed to a world-writable directory, a local privilege escalation could occur whe... |
| CVE-2018-12385 | HIGH | 7.0 | 1 | 2018-10-18 | A potentially exploitable crash in TransportSecurityInfo used for SSL can be triggered by data store... |
| CVE-2016-9077 | HIGH | 7.0 | 1 | 2018-06-11 | Canvas allows the use of the "feDisplacementMap" filter on images loaded cross-origin. The rendering... |
| CVE-2025-24070 | HIGH | 7.0 | 2 | 2025-03-11 | Weak authentication in ASP.NET Core & Visual Studio allows an unauthorized attacker to elevate p... |
| CVE-2025-53788 | HIGH | 7.0 | 1 | 2025-08-12 | Time-of-check time-of-use (toctou) race condition in Windows Subsystem for Linux allows an authorize... |
| CVE-2013-0797 | MEDIUM | 6.9 | 1 | 2013-04-03 | Untrusted search path vulnerability in the Mozilla Updater in Mozilla Firefox before 20.0, Firefox E... |
| CVE-2010-3182 | MEDIUM | 6.9 | 1 | 2010-10-21 | A certain application-launch script in Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunde... |
| CVE-2010-3181 | MEDIUM | 6.9 | 1 | 2010-10-21 | Untrusted search path vulnerability in Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunde... |
| CVE-2015-7696 | MEDIUM | 6.8 | 2 | 2015-11-06 | Info-ZIP UnZip 6.0 allows remote attackers to cause a denial of service (heap-based buffer over-read... |
| CVE-2020-26964 | MEDIUM | 6.8 | 1 | 2020-12-09 | If the Remote Debugging via USB feature was enabled in Firefox for Android on an Android version pri... |
| CVE-2015-7222 | MEDIUM | 6.8 | 1 | 2015-12-16 | Integer underflow in the Metadata::setData function in MetaData.cpp in libstagefright in Mozilla Fir... |
| CVE-2015-7213 | MEDIUM | 6.8 | 1 | 2015-12-16 | Integer overflow in the MPEG4Extractor::readMetaData function in MPEG4Extractor.cpp in libstagefrigh... |
| CVE-2015-7204 | MEDIUM | 6.8 | 1 | 2015-12-16 | Mozilla Firefox before 43.0 does not properly store the properties of unboxed objects, which allows ... |
| CVE-2015-7196 | MEDIUM | 6.8 | 1 | 2015-11-05 | Mozilla Firefox before 42.0 and Firefox ESR 38.x before 38.4, when a Java plugin is enabled, allow r... |
| CVE-2015-7189 | MEDIUM | 6.8 | 1 | 2015-11-05 | Race condition in the JPEGEncoder function in Mozilla Firefox before 42.0 and Firefox ESR 38.x befor... |
| CVE-2015-7184 | MEDIUM | 6.8 | 1 | 2015-10-18 | The fetch API implementation in Mozilla Firefox before 41.0.2 does not restrict access to the HTTP r... |
| CVE-2015-4511 | MEDIUM | 6.8 | 1 | 2015-09-24 | Heap-based buffer overflow in the nestegg_track_codec_data function in Mozilla Firefox before 41.0 a... |
| CVE-2015-4510 | MEDIUM | 6.8 | 1 | 2015-09-24 | Race condition in the WorkerPrivate::NotifyFeatures function in Mozilla Firefox before 41.0 allows r... |
| CVE-2015-4506 | MEDIUM | 6.8 | 1 | 2015-09-24 | Buffer overflow in the vp9_init_context_buffers function in libvpx, as used in Mozilla Firefox befor... |
| CVE-2015-2717 | MEDIUM | 6.8 | 1 | 2015-05-14 | Integer overflow in libstagefright in Mozilla Firefox before 38.0 allows remote attackers to execute... |
| CVE-2015-2715 | MEDIUM | 6.8 | 1 | 2015-05-14 | Race condition in the nsThreadManager::RegisterCurrentThread function in Mozilla Firefox before 38.0... |
| CVE-2015-2713 | MEDIUM | 6.8 | 1 | 2015-05-14 | Use-after-free vulnerability in the SetBreaks function in Mozilla Firefox before 38.0, Firefox ESR 3... |
| CVE-2015-2710 | MEDIUM | 6.8 | 1 | 2015-05-14 | Heap-based buffer overflow in the SVGTextFrame class in Mozilla Firefox before 38.0, Firefox ESR 31.... |
| CVE-2015-2706 | MEDIUM | 6.8 | 1 | 2015-04-27 | Race condition in the AsyncPaintWaitEvent::AsyncPaintWaitEvent function in Mozilla Firefox before 37... |
| CVE-2015-0831 | MEDIUM | 6.8 | 1 | 2015-02-25 | Use-after-free vulnerability in the mozilla::dom::IndexedDB::IDBObjectStore::CreateIndex function in... |
| CVE-2015-0829 | MEDIUM | 6.8 | 1 | 2015-02-25 | Buffer overflow in libstagefright in Mozilla Firefox before 36.0 allows remote attackers to execute ... |
| CVE-2015-0828 | MEDIUM | 6.8 | 1 | 2015-02-25 | Double free vulnerability in the nsXMLHttpRequest::GetResponse function in Mozilla Firefox before 36... |
| CVE-2015-0826 | MEDIUM | 6.8 | 1 | 2015-02-25 | The nsTransformedTextRun::SetCapitalization function in Mozilla Firefox before 36.0 allows remote at... |
| CVE-2015-0821 | MEDIUM | 6.8 | 1 | 2015-02-25 | Mozilla Firefox before 36.0 allows user-assisted remote attackers to read arbitrary files or execute... |
| CVE-2015-0817 | MEDIUM | 6.8 | 1 | 2015-03-24 | The asm.js implementation in Mozilla Firefox before 36.0.3, Firefox ESR 31.x before 31.5.2, and SeaM... |
| CVE-2015-0807 | MEDIUM | 6.8 | 1 | 2015-04-01 | The navigator.sendBeacon implementation in Mozilla Firefox before 37.0, Firefox ESR 31.x before 31.6... |
| CVE-2014-8639 | MEDIUM | 6.8 | 1 | 2015-01-14 | Mozilla Firefox before 35.0, Firefox ESR 31.x before 31.4, Thunderbird before 31.4, and SeaMonkey be... |
| CVE-2014-8638 | MEDIUM | 6.8 | 1 | 2015-01-14 | The navigator.sendBeacon implementation in Mozilla Firefox before 35.0, Firefox ESR 31.x before 31.4... |
| CVE-2014-1594 | MEDIUM | 6.8 | 1 | 2014-12-11 | Mozilla Firefox before 34.0, Firefox ESR 31.x before 31.3, Thunderbird before 31.3, and SeaMonkey be... |
| CVE-2014-1593 | MEDIUM | 6.8 | 1 | 2014-12-11 | Stack-based buffer overflow in the mozilla::FileBlockCache::Read function in Mozilla Firefox before ... |
| CVE-2014-1592 | MEDIUM | 6.8 | 1 | 2014-12-11 | Use-after-free vulnerability in the nsHtml5TreeOperation function in xul.dll in Mozilla Firefox befo... |
| CVE-2014-1589 | MEDIUM | 6.8 | 1 | 2014-12-11 | Mozilla Firefox before 34.0 and SeaMonkey before 2.31 provide stylesheets with an incorrect primary ... |
| CVE-2014-1588 | MEDIUM | 6.8 | 1 | 2014-12-11 | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 34.0 and SeaMon... |
| CVE-2014-1587 | MEDIUM | 6.8 | 1 | 2014-12-11 | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 34.0, Firefox E... |
| CVE-2014-1542 | MEDIUM | 6.8 | 1 | 2014-06-11 | Buffer overflow in the Speex resampler in the Web Audio subsystem in Mozilla Firefox before 30.0 all... |
| CVE-2014-1526 | MEDIUM | 6.8 | 1 | 2014-04-30 | The XrayWrapper implementation in Mozilla Firefox before 29.0 and SeaMonkey before 2.26 allows user-... |
| CVE-2014-1502 | MEDIUM | 6.8 | 1 | 2014-03-19 | The (1) WebGL.compressedTexImage2D and (2) WebGL.compressedTexSubImage2D functions in Mozilla Firefo... |
| CVE-2013-6167 | MEDIUM | 6.8 | 1 | 2014-02-15 | Mozilla Firefox through 27 sends HTTP Cookie headers without first validating that they have the req... |
| CVE-2013-5596 | MEDIUM | 6.8 | 1 | 2013-10-30 | The cycle collection (CC) implementation in Mozilla Firefox before 25.0, Firefox ESR 24.x before 24.... |
| CVE-2013-1730 | MEDIUM | 6.8 | 1 | 2013-09-18 | Mozilla Firefox before 24.0, Firefox ESR 17.x before 17.0.9, Thunderbird before 24.0, Thunderbird ES... |
| CVE-2013-1725 | MEDIUM | 6.8 | 1 | 2013-09-18 | Mozilla Firefox before 24.0, Firefox ESR 17.x before 17.0.9, Thunderbird before 24.0, Thunderbird ES... |
| CVE-2013-1720 | MEDIUM | 6.8 | 1 | 2013-09-18 | The nsHtml5TreeBuilder::resetTheInsertionMode function in the HTML5 Tree Builder in Mozilla Firefox ... |
| CVE-2013-0800 | MEDIUM | 6.8 | 1 | 2013-04-03 | Integer signedness error in the pixman_fill_sse2 function in pixman-sse2.c in Pixman, as distributed... |
| CVE-2013-0747 | MEDIUM | 6.8 | 1 | 2013-01-13 | The gPluginHandler.handleEvent function in the plugin handler in Mozilla Firefox before 18.0, Firefo... |
| CVE-2012-5837 | MEDIUM | 6.8 | 1 | 2012-11-21 | The Web Developer Toolbar in Mozilla Firefox before 17.0 executes script with chrome privileges, whi... |
| CVE-2012-5354 | MEDIUM | 6.8 | 1 | 2012-10-10 | Mozilla Firefox before 16.0, Thunderbird before 16.0, and SeaMonkey before 2.13 do not properly hand... |
| CVE-2012-4205 | MEDIUM | 6.8 | 1 | 2012-11-21 | Mozilla Firefox before 17.0, Thunderbird before 17.0, and SeaMonkey before 2.14 assign the system pr... |
| CVE-2012-4203 | MEDIUM | 6.8 | 1 | 2012-11-21 | The New Tab page in Mozilla Firefox before 17.0 uses a privileged context for execution of JavaScrip... |
| CVE-2012-4193 | MEDIUM | 6.8 | 1 | 2012-10-12 | Mozilla Firefox before 16.0.1, Firefox ESR 10.x before 10.0.9, Thunderbird before 16.0.1, Thunderbir... |
| CVE-2012-3984 | MEDIUM | 6.8 | 1 | 2012-10-10 | Mozilla Firefox before 16.0, Thunderbird before 16.0, and SeaMonkey before 2.13 do not properly hand... |
| CVE-2012-3978 | MEDIUM | 6.8 | 1 | 2012-08-29 | The nsLocation::CheckURL function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Th... |
| CVE-2012-0458 | MEDIUM | 6.8 | 1 | 2012-03-14 | Mozilla Firefox before 3.6.28 and 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird befo... |
| CVE-2011-3062 | MEDIUM | 6.8 | 1 | 2012-03-30 | Off-by-one error in the OpenType Sanitizer in Google Chrome before 18.0.1025.142 allows remote attac... |
| CVE-2011-0059 | MEDIUM | 6.8 | 1 | 2011-03-02 | Cross-site request forgery (CSRF) vulnerability in Mozilla Firefox before 3.5.17 and 3.6.x before 3.... |
| CVE-2011-0051 | MEDIUM | 6.8 | 1 | 2011-03-02 | Mozilla Firefox before 3.5.17 and 3.6.x before 3.6.14, and SeaMonkey before 2.0.12, does not properl... |
| CVE-2010-3773 | MEDIUM | 6.8 | 1 | 2010-12-10 | Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13, and SeaMonkey before 2.0.11, when the XMLHttp... |
| CVE-2010-3771 | MEDIUM | 6.8 | 1 | 2010-12-10 | Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13, and SeaMonkey before 2.0.11, does not properl... |
| CVE-2008-2810 | MEDIUM | 6.8 | 1 | 2008-07-07 | Mozilla Firefox before 2.0.0.15 and SeaMonkey before 1.1.10 do not properly identify the context of ... |
| CVE-2008-2803 | MEDIUM | 6.8 | 1 | 2008-07-07 | The mozIJSSubScriptLoader.LoadScript function in Mozilla Firefox before 2.0.0.15, Thunderbird 2.0.0.... |
| CVE-2008-1237 | MEDIUM | 6.8 | 1 | 2008-03-27 | Multiple unspecified vulnerabilities in Mozilla Firefox before 2.0.0.13, Thunderbird before 2.0.0.13... |
| CVE-2008-1236 | MEDIUM | 6.8 | 1 | 2008-03-27 | Multiple unspecified vulnerabilities in Mozilla Firefox before 2.0.0.13, Thunderbird before 2.0.0.13... |
| CVE-2008-1233 | MEDIUM | 6.8 | 1 | 2008-03-27 | Unspecified vulnerability in Mozilla Firefox before 2.0.0.13, Thunderbird before 2.0.0.13, and SeaMo... |
| CVE-2007-3656 | MEDIUM | 6.8 | 1 | 2007-07-10 | Mozilla Firefox before 1.8.0.13 and 1.8.1.x before 1.8.1.5 does not perform a security zone check wh... |
| CVE-2007-1095 | MEDIUM | 6.8 | 1 | 2007-02-26 | Mozilla Firefox before 2.0.0.8 and SeaMonkey before 1.1.5 do not properly implement JavaScript onUnl... |
| CVE-2007-1084 | MEDIUM | 6.8 | 1 | 2007-02-23 | Mozilla Firefox 2.0.0.1 and earlier does not prompt users before saving bookmarklets, which allows r... |
| CVE-2007-0008 | MEDIUM | 6.8 | 1 | 2007-02-26 | Integer underflow in the SSLv2 support in Mozilla Network Security Services (NSS) before 3.11.5, as ... |
| CVE-2006-6497 | MEDIUM | 6.8 | 1 | 2006-12-20 | Multiple unspecified vulnerabilities in the layout engine for Mozilla Firefox 2.x before 2.0.0.1, 1.... |
| CVE-2006-1734 | MEDIUM | 6.8 | 1 | 2006-04-14 | Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, ... |
| CVE-2006-1733 | MEDIUM | 6.8 | 1 | 2006-04-14 | Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, ... |
| CVE-2024-5742 | MEDIUM | 6.7 | 3 | 2024-06-12 | A vulnerability was found in GNU Nano that allows a possible privilege escalation through an insecur... |
| CVE-2022-30787 | MEDIUM | 6.7 | 1 | 2022-05-26 | An integer underflow in fuse_lib_readdir enables arbitrary memory read operations in NTFS-3G through... |
| CVE-2022-30785 | MEDIUM | 6.7 | 1 | 2022-05-26 | A file handle created in fuse_lib_opendir, and later used in fuse_lib_readdir, enables arbitrary mem... |
| CVE-2022-30783 | MEDIUM | 6.7 | 1 | 2022-05-26 | An invalid return code in fuse_kern_mount enables intercepting of libfuse-lite protocol traffic betw... |
| CVE-2024-29060 | MEDIUM | 6.7 | 1 | 2024-06-11 | Visual Studio Elevation of Privilege Vulnerability |
| CVE-2023-36759 | MEDIUM | 6.7 | 1 | 2023-09-12 | Visual Studio Elevation of Privilege Vulnerability |
| CVE-2025-62214 | MEDIUM | 6.7 | 1 | 2025-11-11 | Improper neutralization of special elements used in a command ('command injection') in Visual Studio... |
| CVE-2023-1175 | MEDIUM | 6.6 | 1 | 2023-03-04 | Incorrect Calculation of Buffer Size in GitHub repository vim/vim prior to 9.0.1378. |
| CVE-2023-1170 | MEDIUM | 6.6 | 1 | 2023-03-03 | Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1376. |
| CVE-2024-9681 | MEDIUM | 6.5 | 3 | 2024-11-06 | When curl is asked to use HSTS, the expiry time for a subdomain might overwrite a parent domain's ca... |
| CVE-2024-8096 | MEDIUM | 6.5 | 3 | 2024-09-11 | When curl is told to use the Certificate Status Request TLS extension, often referred to as OCSP sta... |
| CVE-2024-28863 | MEDIUM | 6.5 | 3 | 2024-03-21 | node-tar is a Tar for Node.js. node-tar prior to version 6.2.1 has no limit on the number of sub-fol... |
| CVE-2024-2466 | MEDIUM | 6.5 | 2 | 2024-03-27 | libcurl did not check the server certificate of TLS connections done to a host specified as an IP ad... |
| CVE-2024-21485 | MEDIUM | 6.5 | 3 | 2024-02-02 | Versions of the package dash-core-components before 2.13.0; versions of the package dash-core-compon... |
| CVE-2024-12088 | MEDIUM | 6.5 | 3 | 2025-01-14 | A flaw was found in rsync. When using the `--safe-links` option, the rsync client fails to properly ... |
| CVE-2024-12087 | MEDIUM | 6.5 | 3 | 2025-01-14 | A path traversal vulnerability exists in rsync. It stems from behavior enabled by the `--inc-recursi... |
| CVE-2023-5214 | MEDIUM | 6.5 | 3 | 2023-10-06 | In Puppet Bolt versions prior to 3.27.4, a path to escalate privileges was identified. |
| CVE-2023-45322 | MEDIUM | 6.5 | 3 | 2023-10-06 | libxml2 through 2.11.5 has a use-after-free that can only occur after a certain memory allocation fa... |
| CVE-2023-29469 | MEDIUM | 6.5 | 3 | 2023-04-24 | An issue was discovered in libxml2 before 2.10.4. When hashing empty dict strings in a crafted XML d... |
| CVE-2023-28484 | MEDIUM | 6.5 | 3 | 2023-04-24 | In libxml2 before 2.10.4, parsing of certain invalid XSD schemas can lead to a NULL pointer derefere... |
| CVE-2022-38663 | MEDIUM | 6.5 | 3 | 2022-08-23 | Jenkins Git Plugin 4.11.4 and earlier does not properly mask (i.e., replace with asterisks) credenti... |
| CVE-2015-7309 | MEDIUM | 6.5 | 3 | 2015-09-22 | The theme editor in Bolt before 2.2.5 does not check the file extension when renaming files, which a... |
| CVE-2023-6129 | MEDIUM | 6.5 | 1 | 2024-01-09 | Issue summary: The POLY1305 MAC (message authentication code) implementation contains a bug that mig... |
| CVE-2023-46218 | MEDIUM | 6.5 | 1 | 2023-12-07 | This flaw allows a malicious HTTP server to set "super cookies" in curl that are then passed back to... |
| CVE-2023-34969 | MEDIUM | 6.5 | 1 | 2023-06-08 | D-Bus before 1.15.6 sometimes allows unprivileged users to crash dbus-daemon. If a privileged user w... |
| CVE-2023-24626 | MEDIUM | 6.5 | 1 | 2023-04-08 | socket.c in GNU Screen through 4.9.0, when installed setuid or setgid (the default on platforms such... |
| CVE-2023-23916 | MEDIUM | 6.5 | 1 | 2023-02-23 | An allocation of resources without limits or throttling vulnerability exists in curl <v7.88.0 based ... |
| CVE-2023-23915 | MEDIUM | 6.5 | 1 | 2023-02-23 | A cleartext transmission of sensitive information vulnerability exists in curl <v7.88.0 that could c... |
| CVE-2023-1972 | MEDIUM | 6.5 | 1 | 2023-05-17 | A potential heap based buffer overflow was found in _bfd_elf_slurp_version_tables() in bfd/elf.c. Th... |
| CVE-2022-42012 | MEDIUM | 6.5 | 1 | 2022-10-10 | An issue was discovered in D-Bus before 1.12.24, 1.13.x and 1.14.x before 1.14.4, and 1.15.x before ... |
| CVE-2022-42011 | MEDIUM | 6.5 | 1 | 2022-10-10 | An issue was discovered in D-Bus before 1.12.24, 1.13.x and 1.14.x before 1.14.4, and 1.15.x before ... |
| CVE-2022-42010 | MEDIUM | 6.5 | 1 | 2022-10-10 | An issue was discovered in D-Bus before 1.12.24, 1.13.x and 1.14.x before 1.14.4, and 1.15.x before ... |
| CVE-2022-34903 | MEDIUM | 6.5 | 1 | 2022-07-01 | GnuPG through 2.3.6, in unusual situations where an attacker possesses any secret-key information fr... |
| CVE-2022-3287 | MEDIUM | 6.5 | 1 | 2022-09-28 | When creating an OPERATOR user account on the BMC, the redfish plugin saved the auto-generated passw... |
| CVE-2022-32206 | MEDIUM | 6.5 | 1 | 2022-07-07 | curl < 7.84.0 supports "chained" HTTP compression algorithms, meaning that a serverresponse can be c... |
| CVE-2022-29824 | MEDIUM | 6.5 | 1 | 2022-05-03 | In libxml2 before 2.9.14, several buffer handling functions in buf.c (xmlBuf*) and tree.c (xmlBuffer... |
| CVE-2022-27776 | MEDIUM | 6.5 | 1 | 2022-06-02 | A insufficiently protected credentials vulnerability in fixed in curl 7.83.0 might leak authenticati... |
| CVE-2022-2598 | MEDIUM | 6.5 | 1 | 2022-08-01 | Out-of-bounds Write to API in GitHub repository vim/vim prior to 9.0.0100. |
| CVE-2022-1348 | MEDIUM | 6.5 | 1 | 2022-05-25 | A vulnerability was found in logrotate in how the state file is created. The state file is used to p... |
| CVE-2021-3826 | MEDIUM | 6.5 | 1 | 2022-09-01 | Heap/stack buffer overflow in the dlang_lname function in d-demangle.c in libiberty allows attackers... |
| CVE-2025-9186 | MEDIUM | 6.5 | 1 | 2025-08-19 | Spoofing issue in the Address Bar component of Firefox Focus for Android. This vulnerability affects... |
| CVE-2025-9183 | MEDIUM | 6.5 | 1 | 2025-08-19 | Spoofing issue in the Address Bar component. This vulnerability affects Firefox < 142 and Firefox ES... |
| CVE-2025-9181 | MEDIUM | 6.5 | 1 | 2025-08-19 | Uninitialized memory in the JavaScript Engine component. This vulnerability affects Firefox < 142, F... |
| CVE-2025-8033 | MEDIUM | 6.5 | 1 | 2025-07-22 | The JavaScript engine did not handle closed generators correctly and it was possible to resume them ... |
| CVE-2025-8027 | MEDIUM | 6.5 | 1 | 2025-07-22 | On 64-bit platforms IonMonkey-JIT only wrote 32 bits of the 64-bit return value space on the stack. ... |
| CVE-2025-6429 | MEDIUM | 6.5 | 1 | 2025-06-24 | Firefox could have incorrectly parsed a URL and rewritten it to the youtube.com domain when parsing ... |
| CVE-2025-58364 | MEDIUM | 6.5 | 1 | 2025-09-11 | OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems.... |
| CVE-2025-55028 | MEDIUM | 6.5 | 1 | 2025-08-19 | Malicious scripts utilizing repetitive JavaScript alerts could prevent client user interaction in so... |
| CVE-2025-5271 | MEDIUM | 6.5 | 1 | 2025-05-27 | Previewing a response in Devtools ignored CSP headers, which could have allowed content injection at... |
| CVE-2025-4092 | MEDIUM | 6.5 | 1 | 2025-04-29 | Memory safety bugs present in Firefox 137 and Thunderbird 137. Some of these bugs showed evidence of... |
| CVE-2025-4088 | MEDIUM | 6.5 | 1 | 2025-04-29 | A security vulnerability in Thunderbird allowed malicious sites to use redirects to send credentiale... |
| CVE-2025-4086 | MEDIUM | 6.5 | 1 | 2025-04-29 | A specially crafted filename containing a large number of encoded newline characters could obscure t... |
| CVE-2025-3608 | MEDIUM | 6.5 | 1 | 2025-04-15 | A race condition existed in nsHttpTransaction that could have been exploited to cause memory corrupt... |
| CVE-2025-3031 | MEDIUM | 6.5 | 1 | 2025-04-01 | An attacker could read 32 bits of values spilled onto the stack in a JIT compiled function. This vul... |
| CVE-2025-3028 | MEDIUM | 6.5 | 1 | 2025-04-01 | JavaScript code running while transforming a document with the XSLTProcessor could lead to a use-aft... |
| CVE-2025-23109 | MEDIUM | 6.5 | 1 | 2025-01-11 | Long hostnames in URLs could be leveraged to obscure the actual host of the website or spoof the web... |
| CVE-2025-1938 | MEDIUM | 6.5 | 1 | 2025-03-04 | Memory safety bugs present in Firefox 135, Thunderbird 135, Firefox ESR 128.7, and Thunderbird 128.7... |
| CVE-2025-1934 | MEDIUM | 6.5 | 1 | 2025-03-04 | It was possible to interrupt the processing of a RegExp bailout and run additional JavaScript, poten... |
| CVE-2025-14331 | MEDIUM | 6.5 | 1 | 2025-12-09 | Same-origin policy bypass in the Request Handling component. This vulnerability affects Firefox < 14... |
| CVE-2025-1414 | MEDIUM | 6.5 | 1 | 2025-02-18 | Memory safety bugs present in Firefox 135. Some of these bugs showed evidence of memory corruption a... |
| CVE-2025-11711 | MEDIUM | 6.5 | 1 | 2025-10-14 | There was a way to change the value of JavaScript Object properties that were supposed to be non-wri... |
| CVE-2025-10532 | MEDIUM | 6.5 | 1 | 2025-09-16 | Incorrect boundary conditions in the JavaScript: GC component. This vulnerability affects Firefox < ... |
| CVE-2025-10530 | MEDIUM | 6.5 | 1 | 2025-09-16 | Spoofing issue in the WebAuthn component in Firefox for Android. This vulnerability affects Firefox ... |
| CVE-2025-10529 | MEDIUM | 6.5 | 1 | 2025-09-16 | Same-origin policy bypass in the Layout component. This vulnerability affects Firefox < 143, Firefox... |
| CVE-2025-1013 | MEDIUM | 6.5 | 1 | 2025-02-04 | A race condition could have led to private browsing tabs being opened in normal browsing windows. Th... |
| CVE-2025-0242 | MEDIUM | 6.5 | 1 | 2025-01-07 | Memory safety bugs present in Firefox 133, Thunderbird 133, Firefox ESR 115.18, Firefox ESR 128.5, T... |
| CVE-2024-9936 | MEDIUM | 6.5 | 1 | 2024-10-14 | When manipulating the selection node cache, an attacker may have been able to cause unexpected behav... |
| CVE-2024-9391 | MEDIUM | 6.5 | 1 | 2024-10-01 | A user who enables full-screen mode on a specially crafted web page could potentially be prevented f... |
| CVE-2024-7531 | MEDIUM | 6.5 | 1 | 2024-08-06 | Calling `PK11_Encrypt()` in NSS using CKM_CHACHA20 and the same buffer for input and output can resu... |
| CVE-2024-7529 | MEDIUM | 6.5 | 1 | 2024-08-06 | The date picker could partially obscure security prompts. This could be used by a malicious site to ... |
| CVE-2024-7526 | MEDIUM | 6.5 | 1 | 2024-08-06 | ANGLE failed to initialize parameters which lead to reading from uninitialized memory. This could be... |
| CVE-2024-7518 | MEDIUM | 6.5 | 1 | 2024-08-06 | Select options could obscure the fullscreen notification dialog. This could be used by a malicious s... |
| CVE-2024-4774 | MEDIUM | 6.5 | 1 | 2024-05-14 | The `ShmemCharMapHashEntry()` code was susceptible to potentially undefined behavior by bypassing th... |
| CVE-2024-3855 | MEDIUM | 6.5 | 1 | 2024-04-16 | In certain cases the JIT incorrectly optimized MSubstr operations, which led to out-of-bounds reads.... |
| CVE-2024-38312 | MEDIUM | 6.5 | 1 | 2024-06-13 | When browsing private tabs, some data related to location history or webpage thumbnails could be per... |
| CVE-2024-1556 | MEDIUM | 6.5 | 1 | 2024-02-20 | The incorrect object was checked for NULL in the built-in profiler, potentially leading to invalid m... |
| CVE-2024-1547 | MEDIUM | 6.5 | 1 | 2024-02-20 | Through a series of API calls and redirects, an attacker-controlled alert dialog could have been dis... |
| CVE-2024-11708 | MEDIUM | 6.5 | 1 | 2024-11-26 | Missing thread synchronization primitives could have led to a data race on members of the PlaybackPa... |
| CVE-2024-11706 | MEDIUM | 6.5 | 1 | 2024-11-26 | A null pointer dereference may have inadvertently occurred in `pk12util`, and specifically in the `S... |
| CVE-2024-10941 | MEDIUM | 6.5 | 1 | 2024-11-06 | A malicious website could have included an iframe with an malformed URI resulting in a non-exploitab... |
| CVE-2024-10465 | MEDIUM | 6.5 | 1 | 2024-10-29 | A clipboard "paste" button could persist across tabs which allowed a spoofing attack. This vulnerabi... |
| CVE-2024-10464 | MEDIUM | 6.5 | 1 | 2024-10-29 | Repeated writes to history interface attributes could have been used to cause a Denial of Service co... |
| CVE-2024-10463 | MEDIUM | 6.5 | 1 | 2024-10-29 | Video frames could have been leaked between origins in some situations. This vulnerability affects F... |
| CVE-2024-10462 | MEDIUM | 6.5 | 1 | 2024-10-29 | Truncation of a long URL could have allowed origin spoofing in a permission prompt. This vulnerabili... |
| CVE-2024-0754 | MEDIUM | 6.5 | 1 | 2024-01-23 | Some WASM source files could have caused a crash when loaded in devtools. This vulnerability affects... |
| CVE-2024-0753 | MEDIUM | 6.5 | 1 | 2024-01-23 | In specific HSTS configurations an attacker could have bypassed HSTS on a subdomain. This vulnerabil... |
| CVE-2024-0752 | MEDIUM | 6.5 | 1 | 2024-01-23 | A use-after-free crash could have occurred on macOS if a Firefox update were being applied on a very... |
| CVE-2024-0747 | MEDIUM | 6.5 | 1 | 2024-01-23 | When a parent page loaded a child in an iframe with `unsafe-inline`, the parent Content Security Pol... |
| CVE-2024-0746 | MEDIUM | 6.5 | 1 | 2024-01-23 | A Linux user opening the print preview dialog could have caused the browser to crash. This vulnerabi... |
| CVE-2024-0741 | MEDIUM | 6.5 | 1 | 2024-01-23 | An out of bounds write in ANGLE could have allowed an attacker to corrupt memory leading to a potent... |
| CVE-2023-6872 | MEDIUM | 6.5 | 1 | 2023-12-19 | Browser tab titles were being leaked by GNOME to system logs. This could potentially expose the brow... |
| CVE-2023-6869 | MEDIUM | 6.5 | 1 | 2023-12-19 | A `<dialog>` element could have been manipulated to paint content outside of a sandboxed iframe. ... |
| CVE-2023-6865 | MEDIUM | 6.5 | 1 | 2023-12-19 | `EncryptingOutputStream` was susceptible to exposing uninitialized data. This issue could only be a... |
| CVE-2023-6860 | MEDIUM | 6.5 | 1 | 2023-12-19 | The `VideoBridge` allowed any content process to use textures produced by remote decoders. This cou... |
| CVE-2023-6211 | MEDIUM | 6.5 | 1 | 2023-11-21 | If an attacker needed a user to load an insecure http: page and knew that user had enabled HTTPS-onl... |
| CVE-2023-6210 | MEDIUM | 6.5 | 1 | 2023-11-21 | When an https: web page created a pop-up from a "javascript:" URL, that pop-up was incorrectly allow... |
| CVE-2023-6209 | MEDIUM | 6.5 | 1 | 2023-11-21 | Relative URLs starting with three slashes were incorrectly parsed, and a path-traversal "/../" part ... |
| CVE-2023-6205 | MEDIUM | 6.5 | 1 | 2023-11-21 | It was possible to cause the use of a MessagePort after it had already been freed, which could poten... |
| CVE-2023-6204 | MEDIUM | 6.5 | 1 | 2023-11-21 | On some systems—depending on the graphics settings and drivers—it was possible to force an out-of-bo... |
| CVE-2023-5732 | MEDIUM | 6.5 | 1 | 2023-10-25 | An attacker could have created a malicious link using bidirectional characters to spoof the location... |
| CVE-2023-5388 | MEDIUM | 6.5 | 1 | 2024-03-19 | NSS was susceptible to a timing side-channel attack when performing RSA decryption. This attack coul... |
| CVE-2023-5171 | MEDIUM | 6.5 | 1 | 2023-09-27 | During Ion compilation, a Garbage Collection could have resulted in a use-after-free condition, allo... |
| CVE-2023-5169 | MEDIUM | 6.5 | 1 | 2023-09-27 | A compromised content process could have provided malicious data in a `PathRecording` resulting in a... |
| CVE-2023-4580 | MEDIUM | 6.5 | 1 | 2023-09-11 | Push notifications stored on disk in private browsing mode were not being encrypted potentially allo... |
| CVE-2023-4578 | MEDIUM | 6.5 | 1 | 2023-09-11 | When calling `JS::CheckRegExpSyntax` a Syntax Error could have been set which would end in calling `... |
| CVE-2023-4577 | MEDIUM | 6.5 | 1 | 2023-09-11 | When `UpdateRegExpStatics` attempted to access `initialStringHeap` it could already have been garbag... |
| CVE-2023-4575 | MEDIUM | 6.5 | 1 | 2023-09-11 | When creating a callback over IPC for showing the File Picker window, multiple of the same callbacks... |
| CVE-2023-4574 | MEDIUM | 6.5 | 1 | 2023-09-11 | When creating a callback over IPC for showing the Color Picker window, multiple of the same callback... |
| CVE-2023-4573 | MEDIUM | 6.5 | 1 | 2023-09-11 | When receiving rendering data over IPC `mStream` could have been destroyed when initialized, which c... |
| CVE-2023-4053 | MEDIUM | 6.5 | 1 | 2023-08-01 | A website could have obscured the full screen notification by using a URL with a scheme handled by a... |
| CVE-2023-4052 | MEDIUM | 6.5 | 1 | 2023-08-01 | The Firefox updater created a directory writable by non-privileged users. When uninstalling Firefox,... |
| CVE-2023-37456 | MEDIUM | 6.5 | 1 | 2023-07-12 | The session restore helper crashed whenever there was no parameter sent to the message handler. This... |
| CVE-2023-37210 | MEDIUM | 6.5 | 1 | 2023-07-05 | A website could prevent a user from exiting full-screen mode via alert and prompt calls. This could... |
| CVE-2023-37207 | MEDIUM | 6.5 | 1 | 2023-07-05 | A website could have obscured the fullscreen notification by using a URL with a scheme handled by an... |
| CVE-2023-37206 | MEDIUM | 6.5 | 1 | 2023-07-05 | Uploading files which contain symlinks may have allowed an attacker to trick a user into submitting ... |
| CVE-2023-37205 | MEDIUM | 6.5 | 1 | 2023-07-05 | The use of RTL Arabic characters in the address bar may have allowed for URL spoofing. This vulnerab... |
| CVE-2023-37204 | MEDIUM | 6.5 | 1 | 2023-07-05 | A website could have obscured the fullscreen notification by using an option element by introducing ... |
| CVE-2023-3482 | MEDIUM | 6.5 | 1 | 2023-07-05 | When Firefox is configured to block storage of all cookies, it was still possible to store data in l... |
| CVE-2023-32211 | MEDIUM | 6.5 | 1 | 2023-06-02 | A type checking bug would have led to invalid code being compiled. This vulnerability affects Firefo... |
| CVE-2023-32210 | MEDIUM | 6.5 | 1 | 2023-06-19 | Documents were incorrectly assuming an ordering of principal objects when ensuring we were loading a... |
| CVE-2023-32206 | MEDIUM | 6.5 | 1 | 2023-06-02 | An out-of-bound read could have led to a crash in the RLBox Expat driver. This vulnerability affects... |
| CVE-2023-29549 | MEDIUM | 6.5 | 1 | 2023-06-02 | Under certain circumstances, a call to the <code>bind</code> function may have resulted in the incor... |
| CVE-2023-29548 | MEDIUM | 6.5 | 1 | 2023-06-02 | A wrong lowering instruction in the ARM64 Ion compiler resulted in a wrong optimization result. This... |
| CVE-2023-29547 | MEDIUM | 6.5 | 1 | 2023-06-02 | When a secure cookie existed in the Firefox cookie jar an insecure cookie for the same domain could ... |
| CVE-2023-29546 | MEDIUM | 6.5 | 1 | 2023-06-19 | When recording the screen while in Private Browsing on Firefox for Android the address bar and keybo... |
| CVE-2023-29545 | MEDIUM | 6.5 | 1 | 2023-06-19 | Similar to CVE-2023-28163, this time when choosing 'Save Link As', suggested filenames containing en... |
| CVE-2023-29544 | MEDIUM | 6.5 | 1 | 2023-06-02 | If multiple instances of resource exhaustion occurred at the incorrect time, the garbage collector c... |
| CVE-2023-29535 | MEDIUM | 6.5 | 1 | 2023-06-02 | Following a Garbage Collector compaction, weak maps may have been accessed before they were correctl... |
| CVE-2023-28164 | MEDIUM | 6.5 | 1 | 2023-06-02 | Dragging a URL from a cross-origin iframe that was removed during the drag could have led to user co... |
| CVE-2023-28163 | MEDIUM | 6.5 | 1 | 2023-06-02 | When downloading files through the Save As dialog on Windows with suggested filenames containing env... |
| CVE-2023-28160 | MEDIUM | 6.5 | 1 | 2023-06-02 | When following a redirect to a publicly accessible web extension file, the URL may have been transla... |
| CVE-2023-25752 | MEDIUM | 6.5 | 1 | 2023-06-02 | When accessing throttled streams, the count of available bytes needed to be checked in the calling f... |
| CVE-2023-25751 | MEDIUM | 6.5 | 1 | 2023-06-02 | Sometimes, when invalidating JIT code while following an iterator, the newly generated code could be... |
| CVE-2023-25742 | MEDIUM | 6.5 | 1 | 2023-06-02 | When importing a SPKI RSA public key as ECDSA P-256, the key would be handled incorrectly causing th... |
| CVE-2023-25741 | MEDIUM | 6.5 | 1 | 2023-06-02 | When dragging and dropping an image cross-origin, the image's size could potentially be leaked. This... |
| CVE-2023-25728 | MEDIUM | 6.5 | 1 | 2023-06-02 | The <code>Content-Security-Policy-Report-Only</code> header could allow an attacker to leak a child ... |
| CVE-2023-23604 | MEDIUM | 6.5 | 1 | 2023-06-02 | A duplicate `SystemPrincipal` object could be created when parsing a non-system html document via `D... |
| CVE-2023-23603 | MEDIUM | 6.5 | 1 | 2023-06-02 | Regular expressions used to filter out forbidden properties and values from style directives in call... |
| CVE-2023-23602 | MEDIUM | 6.5 | 1 | 2023-06-02 | A mishandled security check when creating a WebSocket in a WebWorker caused the Content Security Pol... |
| CVE-2023-23601 | MEDIUM | 6.5 | 1 | 2023-06-02 | Navigations were being allowed when dragging a URL from a cross-origin iframe into the same tab whic... |
| CVE-2023-23600 | MEDIUM | 6.5 | 1 | 2023-06-02 | Per origin notification permissions were being stored in a way that didn't take into account what br... |
| CVE-2023-23599 | MEDIUM | 6.5 | 1 | 2023-06-02 | When copying a network request from the developer tools panel as a curl command the output was not b... |
| CVE-2023-23598 | MEDIUM | 6.5 | 1 | 2023-06-02 | Due to the Firefox GTK wrapper code's use of text/plain for drag data and GTK treating all text/plai... |
| CVE-2023-23597 | MEDIUM | 6.5 | 1 | 2023-06-02 | A compromised web child process could disable web security opening restrictions, leading to a new ch... |
| CVE-2022-46880 | MEDIUM | 6.5 | 1 | 2022-12-22 | A missing check related to tex units could have led to a use-after-free and potentially exploitable ... |
| CVE-2022-45420 | MEDIUM | 6.5 | 1 | 2022-12-22 | Use tables inside of an iframe, an attacker could have caused iframe contents to be rendered outside... |
| CVE-2022-45419 | MEDIUM | 6.5 | 1 | 2022-12-22 | If the user added a security exception for an invalid TLS certificate, opened an ongoing TLS connect... |
| CVE-2022-45416 | MEDIUM | 6.5 | 1 | 2022-12-22 | Keyboard events reference strings like "KeyA" that were at fixed, known, and widely-spread addresses... |
| CVE-2022-45410 | MEDIUM | 6.5 | 1 | 2022-12-22 | When a ServiceWorker intercepted a request with <code>FetchEvent</code>, the origin of the request w... |
| CVE-2022-45408 | MEDIUM | 6.5 | 1 | 2022-12-22 | Through a series of popups that reuse windowName, an attacker can cause a window to go fullscreen wi... |
| CVE-2022-45405 | MEDIUM | 6.5 | 1 | 2022-12-22 | Freeing arbitrary <code>nsIInputStream</code>'s on a different thread than creation could have led t... |
| CVE-2022-45404 | MEDIUM | 6.5 | 1 | 2022-12-22 | Through a series of popup and <code>window.print()</code> calls, an attacker can cause a window to g... |
| CVE-2022-45403 | MEDIUM | 6.5 | 1 | 2022-12-22 | Service Workers should not be able to infer information about opaque cross-origin responses; but tim... |
| CVE-2022-42929 | MEDIUM | 6.5 | 1 | 2022-12-22 | If a website called `window.print()` in a particular way, it could cause a denial of service of the ... |
| CVE-2022-40960 | MEDIUM | 6.5 | 1 | 2022-12-22 | Concurrent use of the URL parser with non-UTF-8 data was not thread-safe. This could lead to a use-a... |
| CVE-2022-40959 | MEDIUM | 6.5 | 1 | 2022-12-22 | During iframe navigation, certain pages did not have their FeaturePolicy fully initialized leading t... |
| CVE-2022-40958 | MEDIUM | 6.5 | 1 | 2022-12-22 | By injecting a cookie with certain special characters, an attacker on a shared subdomain which is no... |
| CVE-2022-40957 | MEDIUM | 6.5 | 1 | 2022-12-22 | Inconsistent data in instruction and data cache when creating wasm code could lead to a potentially ... |
| CVE-2022-38475 | MEDIUM | 6.5 | 1 | 2022-12-22 | An attacker could have written a value to the first element in a zero-length JavaScript array. Altho... |
| CVE-2022-38472 | MEDIUM | 6.5 | 1 | 2022-12-22 | An attacker could have abused XSLT error handling to associate attacker-controlled content with anot... |
| CVE-2022-34471 | MEDIUM | 6.5 | 1 | 2022-12-22 | When downloading an update for an addon, the downloaded addon update's version was not verified to m... |
| CVE-2022-31746 | MEDIUM | 6.5 | 1 | 2022-12-22 | Internal URLs are protected by a secret UUID key, which could have been leaked to web page through t... |
| CVE-2022-31744 | MEDIUM | 6.5 | 1 | 2022-12-22 | An attacker could have injected CSS into stylesheets accessible via internal URIs, such as resource:... |
| CVE-2022-31743 | MEDIUM | 6.5 | 1 | 2022-12-22 | Firefox's HTML parser did not correctly interpret HTML comment tags, resulting in an incongruity wit... |
| CVE-2022-31742 | MEDIUM | 6.5 | 1 | 2022-12-22 | An attacker could have exploited a timing attack by sending a large number of allowCredential entrie... |
| CVE-2022-31738 | MEDIUM | 6.5 | 1 | 2022-12-22 | When exiting fullscreen mode, an iframe could have confused the browser about the current state of f... |
| CVE-2022-29916 | MEDIUM | 6.5 | 1 | 2022-12-22 | Firefox behaved slightly differently for already known resources when loading CSS resources involvin... |
| CVE-2022-29914 | MEDIUM | 6.5 | 1 | 2022-12-22 | When reusing existing popups Firefox would have allowed them to cover the fullscreen notification UI... |
| CVE-2022-28287 | MEDIUM | 6.5 | 1 | 2022-12-22 | In unusual circumstances, selecting text could cause text selection caching to behave incorrectly, l... |
| CVE-2022-28285 | MEDIUM | 6.5 | 1 | 2022-12-22 | When generating the assembly code for <code>MLoadTypedArrayElementHole</code>, an incorrect AliasSet... |
| CVE-2022-28283 | MEDIUM | 6.5 | 1 | 2022-12-22 | The sourceMapURL feature in devtools was missing security checks that would have allowed a webpage t... |
| CVE-2022-28282 | MEDIUM | 6.5 | 1 | 2022-12-22 | By using a link with <code>rel="localization"</code> a use-after-free could have been triggered by d... |
| CVE-2022-26385 | MEDIUM | 6.5 | 1 | 2022-12-22 | In unusual circumstances, an individual thread may outlive the thread's manager during shutdown. Thi... |
| CVE-2022-22760 | MEDIUM | 6.5 | 1 | 2022-12-22 | When importing resources using Web Workers, error messages would distinguish the difference between ... |
| CVE-2022-22757 | MEDIUM | 6.5 | 1 | 2022-12-22 | Remote Agent, used in WebDriver, did not validate the Host or Origin headers. This could have allowe... |
| CVE-2022-22754 | MEDIUM | 6.5 | 1 | 2022-12-22 | If a user installed an extension of a particular type, the extension could have auto-updated itself ... |
| CVE-2022-22748 | MEDIUM | 6.5 | 1 | 2022-12-22 | Malicious websites could have confused Firefox into showing the wrong origin when asking to launch a... |
| CVE-2022-22747 | MEDIUM | 6.5 | 1 | 2022-12-22 | After accepting an untrusted certificate, handling an empty pkcs7 sequence as part of the certificat... |
| CVE-2022-22745 | MEDIUM | 6.5 | 1 | 2022-12-22 | Securitypolicyviolation events could have leaked cross-origin information for frame-ancestors violat... |
| CVE-2022-22742 | MEDIUM | 6.5 | 1 | 2022-12-22 | When inserting text while in edit mode, some characters might have lead to out-of-bounds memory acce... |
| CVE-2022-22739 | MEDIUM | 6.5 | 1 | 2022-12-22 | Malicious websites could have tricked users into accepting launching a program to handle an external... |
| CVE-2022-1097 | MEDIUM | 6.5 | 1 | 2022-12-22 | <code>NSSToken</code> objects were referenced via direct points, and could have been accessed in an ... |
| CVE-2021-43545 | MEDIUM | 6.5 | 1 | 2021-12-08 | Using the Location API in a loop could have caused severe application hangs and crashes. This vulner... |
| CVE-2021-43542 | MEDIUM | 6.5 | 1 | 2021-12-08 | Using XMLHttpRequest, an attacker could have identified installed applications by probing error mess... |
| CVE-2021-43541 | MEDIUM | 6.5 | 1 | 2021-12-08 | When invoking protocol handlers for external protocols, a supplied parameter URL containing spaces w... |
| CVE-2021-43540 | MEDIUM | 6.5 | 1 | 2021-12-08 | WebExtensions with the correct permissions were able to create and install ServiceWorkers for third-... |
| CVE-2021-43536 | MEDIUM | 6.5 | 1 | 2021-12-08 | Under certain circumstances, asynchronous functions could have caused a navigation to fail but expos... |
| CVE-2021-38507 | MEDIUM | 6.5 | 1 | 2021-12-08 | The Opportunistic Encryption feature of HTTP2 (RFC 8164) allows a connection to be transparently upg... |
| CVE-2021-38497 | MEDIUM | 6.5 | 1 | 2021-11-03 | Through use of reportValidity() and window.open(), a plain-text validation message could have been o... |
| CVE-2021-38491 | MEDIUM | 6.5 | 1 | 2021-11-03 | Mixed-content checks were unable to analyze opaque origins which led to some mixed content being loa... |
| CVE-2021-29982 | MEDIUM | 6.5 | 1 | 2021-08-17 | Due to incorrect JIT optimization, we incorrectly interpreted data from the wrong type of object, re... |
| CVE-2021-29975 | MEDIUM | 6.5 | 1 | 2021-08-05 | Through a series of DOM manipulations, a message, over which the attacker had control of the text bu... |
| CVE-2021-29945 | MEDIUM | 6.5 | 1 | 2021-06-24 | The WebAssembly JIT could miscalculate the size of a return type, which could lead to a null read an... |
| CVE-2021-23998 | MEDIUM | 6.5 | 1 | 2021-06-24 | Through complicated navigations with new windows, an HTTP page could have inherited a secure lock ic... |
| CVE-2021-23996 | MEDIUM | 6.5 | 1 | 2021-06-24 | By utilizing 3D CSS in conjunction with Javascript, content could have been rendered outside the web... |
| CVE-2021-23986 | MEDIUM | 6.5 | 1 | 2021-03-31 | A malicious extension with the 'search' permission could have installed a new search engine whose fa... |
| CVE-2021-23985 | MEDIUM | 6.5 | 1 | 2021-03-31 | If an attacker is able to alter specific about:config values (for example malware running on the use... |
| CVE-2021-23984 | MEDIUM | 6.5 | 1 | 2021-03-31 | A malicious extension could have opened a popup window lacking an address bar. The title of the popu... |
| CVE-2021-23983 | MEDIUM | 6.5 | 1 | 2021-03-31 | By causing a transition on a parent node by removing a CSS rule, an invalid property for a marker co... |
| CVE-2021-23982 | MEDIUM | 6.5 | 1 | 2021-03-31 | Using techniques that built on the slipstream research, a malicious webpage could have scanned both ... |
| CVE-2021-23975 | MEDIUM | 6.5 | 1 | 2021-02-26 | The developer page about:memory has a Measure function for exploring what object types the browser h... |
| CVE-2021-23973 | MEDIUM | 6.5 | 1 | 2021-02-26 | When trying to load a cross-origin resource in an audio/video context a decoding error may have resu... |
| CVE-2021-23971 | MEDIUM | 6.5 | 1 | 2021-02-26 | When processing a redirect with a conflicting Referrer-Policy, Firefox would have adopted the redire... |
| CVE-2021-23970 | MEDIUM | 6.5 | 1 | 2021-02-26 | Context-specific code was included in a shared jump table; resulting in assertions being triggered i... |
| CVE-2021-23958 | MEDIUM | 6.5 | 1 | 2021-02-26 | The browser could have been confused into transferring a screen sharing state into another tab, whic... |
| CVE-2021-23956 | MEDIUM | 6.5 | 1 | 2021-02-26 | An ambiguous file picker design could have confused users who intended to select and upload a single... |
| CVE-2020-6808 | MEDIUM | 6.5 | 1 | 2020-03-25 | When a JavaScript URL (javascript:) is evaluated and the result is a string, this string is parsed t... |
| CVE-2020-27748 | MEDIUM | 6.5 | 1 | 2021-06-01 | A flaw was found in the xdg-email component of xdg-utils-1.1.0-rc1 and newer. When handling mailto: ... |
| CVE-2020-26977 | MEDIUM | 6.5 | 1 | 2021-01-07 | By attempting to connect a website using an unresponsive port, an attacker could have controlled the... |
| CVE-2020-26976 | MEDIUM | 6.5 | 1 | 2021-01-07 | When a HTTPS pages was embedded in a HTTP page, and there was a service worker registered for the fo... |
| CVE-2020-26975 | MEDIUM | 6.5 | 1 | 2021-01-07 | When a malicious application installed on the user's device broadcast an Intent to Firefox for Andro... |
| CVE-2020-26967 | MEDIUM | 6.5 | 1 | 2020-12-09 | When listening for page changes with a Mutation Observer, a malicious web page could confuse Firefox... |
| CVE-2020-26965 | MEDIUM | 6.5 | 1 | 2020-12-09 | Some websites have a feature "Show Password" where clicking a button will change a password field in... |
| CVE-2020-26961 | MEDIUM | 6.5 | 1 | 2020-12-09 | When DNS over HTTPS is in use, it intentionally filters RFC1918 and related IP ranges from the respo... |
| CVE-2020-26957 | MEDIUM | 6.5 | 1 | 2020-12-09 | OneCRL was non-functional in the new Firefox for Android due to a missing service initialization. Th... |
| CVE-2020-26955 | MEDIUM | 6.5 | 1 | 2020-12-09 | When a user downloaded a file in Firefox for Android, if a cookie is set, it would have been re-sent... |
| CVE-2020-15682 | MEDIUM | 6.5 | 1 | 2020-10-22 | When a link to an external protocol was clicked, a prompt was presented that allowed the user to cho... |
| CVE-2020-15666 | MEDIUM | 6.5 | 1 | 2020-10-01 | When trying to load a non-video in an audio/video context the exact status code (200, 302, 404, 500,... |
| CVE-2020-15664 | MEDIUM | 6.5 | 1 | 2020-10-01 | By holding a reference to the eval() function from an about:blank window, a malicious webpage could ... |
| CVE-2020-15662 | MEDIUM | 6.5 | 1 | 2020-08-10 | A rogue webpage could override the injected WKUserScript used by the download feature, this exploit ... |
| CVE-2020-15661 | MEDIUM | 6.5 | 1 | 2020-08-10 | A rogue webpage could override the injected WKUserScript used by the logins autofill, this exploit c... |
| CVE-2020-15658 | MEDIUM | 6.5 | 1 | 2020-08-10 | The code for downloading files did not properly take care of special characters, which led to an att... |
| CVE-2020-15655 | MEDIUM | 6.5 | 1 | 2020-08-10 | A redirected HTTP request which is observed or modified through a web extension could bypass existin... |
| CVE-2020-15654 | MEDIUM | 6.5 | 1 | 2020-08-10 | When in an endless loop, a website specifying a custom cursor using CSS could make it look like the ... |
| CVE-2020-15653 | MEDIUM | 6.5 | 1 | 2020-08-10 | An iframe sandbox element with the allow-popups flag could be bypassed when using noopener links. Th... |
| CVE-2020-15652 | MEDIUM | 6.5 | 1 | 2020-08-10 | By observing the stack trace for JavaScript errors in web workers, it was possible to leak the resul... |
| CVE-2020-15648 | MEDIUM | 6.5 | 1 | 2020-08-10 | Using object or embed tags, it was possible to frame other websites, even if they disallowed framing... |
| CVE-2020-12425 | MEDIUM | 6.5 | 1 | 2020-07-09 | Due to confusion processing a hyphen character in Date.parse(), a one-byte out of bounds read could ... |
| CVE-2020-12424 | MEDIUM | 6.5 | 1 | 2020-07-09 | When constructing a permission prompt for WebRTC, a URI was supplied from the content process. This ... |
| CVE-2020-12421 | MEDIUM | 6.5 | 1 | 2020-07-09 | When performing add-on updates, certificate chains terminating in non-built-in-roots were rejected (... |
| CVE-2020-12418 | MEDIUM | 6.5 | 1 | 2020-07-09 | Manipulating individual parts of a URL object could have caused an out-of-bounds read, leaking proce... |
| CVE-2020-12415 | MEDIUM | 6.5 | 1 | 2020-07-09 | When "%2F" was present in a manifest URL, Firefox's AppCache behavior may have become confused and a... |
| CVE-2020-12414 | MEDIUM | 6.5 | 1 | 2020-07-09 | IndexedDB should be cleared when leaving private browsing mode and it is not, the API for WKWebViewC... |
| CVE-2020-12408 | MEDIUM | 6.5 | 1 | 2020-07-09 | When browsing a document hosted on an IP address, an attacker could insert certain characters to fli... |
| CVE-2020-12407 | MEDIUM | 6.5 | 1 | 2020-07-09 | Mozilla Developer Nicolas Silva found that when using WebRender, Firefox would under certain conditi... |
| CVE-2019-17023 | MEDIUM | 6.5 | 1 | 2020-01-08 | After a HelloRetryRequest has been sent, the client may negotiate a lower protocol that TLS 1.3, res... |
| CVE-2019-17020 | MEDIUM | 6.5 | 1 | 2020-01-08 | If an XML file is served with a Content Security Policy and the XML file includes an XSL stylesheet,... |
| CVE-2019-11765 | MEDIUM | 6.5 | 1 | 2020-01-08 | A compromised content process could send a message to the parent process that would cause the 'Click... |
| CVE-2019-11750 | MEDIUM | 6.5 | 1 | 2019-09-27 | A type confusion vulnerability exists in Spidermonkey, which results in a non-exploitable crash. Thi... |
| CVE-2019-11748 | MEDIUM | 6.5 | 1 | 2019-09-27 | WebRTC in Firefox will honor persisted permissions given to sites for access to microphone and camer... |
| CVE-2019-11747 | MEDIUM | 6.5 | 1 | 2019-09-27 | The "Forget about this site" feature in the History pane is intended to remove all saved user data t... |
| CVE-2019-11742 | MEDIUM | 6.5 | 1 | 2019-09-27 | A same-origin policy violation occurs allowing the theft of cross-origin images through a combinatio... |
| CVE-2019-11730 | MEDIUM | 6.5 | 1 | 2019-07-23 | A vulnerability exists where if a user opens a locally saved HTML file, this file can use file: URIs... |
| CVE-2019-11725 | MEDIUM | 6.5 | 1 | 2019-07-23 | When a user navigates to site marked as unsafe by the Safebrowsing API, warning messages are display... |
| CVE-2019-11721 | MEDIUM | 6.5 | 1 | 2019-07-23 | The unicode latin 'kra' character can be used to spoof a standard 'k' character in the addressbar. T... |
| CVE-2019-11699 | MEDIUM | 6.5 | 1 | 2019-07-23 | A malicious page can briefly cause the wrong name to be highlighted as the domain name in the addres... |
| CVE-2019-11697 | MEDIUM | 6.5 | 1 | 2019-07-23 | If the ALT and "a" keys are pressed when users receive an extension installation prompt, the extensi... |
| CVE-2018-5169 | MEDIUM | 6.5 | 1 | 2018-06-11 | If manipulated hyperlinked text with "chrome:" URL contained in it is dragged and dropped on the "ho... |
| CVE-2018-5152 | MEDIUM | 6.5 | 1 | 2018-06-11 | WebExtensions with the appropriate permissions can attach content scripts to Mozilla sites such as a... |
| CVE-2018-5133 | MEDIUM | 6.5 | 1 | 2018-06-11 | If the "app.support.baseURL" preference is changed by a malicious local program to contain HTML and ... |
| CVE-2018-5132 | MEDIUM | 6.5 | 1 | 2018-06-11 | The Find API for WebExtensions can search some privileged pages, such as "about:debugging", if these... |
| CVE-2018-5111 | MEDIUM | 6.5 | 1 | 2018-06-11 | When the text of a specially formatted URL is dragged to the addressbar from page content, the displ... |
| CVE-2018-18510 | MEDIUM | 6.5 | 1 | 2019-04-26 | The about:crashcontent and about:crashparent pages can be triggered by web content. These pages are ... |
| CVE-2018-18499 | MEDIUM | 6.5 | 1 | 2019-02-28 | A same-origin policy violation allowing the theft of cross-origin URL entries when using a meta http... |
| CVE-2018-18497 | MEDIUM | 6.5 | 1 | 2019-02-28 | Limitations on the URIs allowed to WebExtensions by the browser.windows.create API can be bypassed w... |
| CVE-2018-18495 | MEDIUM | 6.5 | 1 | 2019-02-28 | WebExtension content scripts can be loaded into about: pages in some circumstances, in violation of ... |
| CVE-2018-18494 | MEDIUM | 6.5 | 1 | 2019-02-28 | A same-origin policy violation allowing the theft of cross-origin URL entries when using the Javascr... |
| CVE-2018-12402 | MEDIUM | 6.5 | 1 | 2019-02-28 | The internal WebBrowserPersist code does not use correct origin context for a resource being saved. ... |
| CVE-2018-12398 | MEDIUM | 6.5 | 1 | 2019-02-28 | By using the reflected URL in some special resource URIs, such as chrome:, it is possible to inject ... |
| CVE-2018-12396 | MEDIUM | 6.5 | 1 | 2019-02-28 | A vulnerability where a WebExtension can run content scripts in disallowed contexts following naviga... |
| CVE-2018-12366 | MEDIUM | 6.5 | 1 | 2018-10-18 | An invalid grid size during QCMS (color profile) transformations can result in the out-of-bounds rea... |
| CVE-2018-12365 | MEDIUM | 6.5 | 1 | 2018-10-18 | A compromised IPC child process can escape the content sandbox and list the names of arbitrary files... |
| CVE-2017-7844 | MEDIUM | 6.5 | 1 | 2018-06-11 | A combination of an external SVG image referenced on a page and the coloring of anchor links stored ... |
| CVE-2017-7830 | MEDIUM | 6.5 | 1 | 2018-06-11 | The Resource Timing API incorrectly revealed navigations in cross-origin iframes. This is a same-ori... |
| CVE-2017-5420 | MEDIUM | 6.5 | 1 | 2018-06-11 | A "javascript:" url loaded by a malicious page can obfuscate its location by blanking the URL displa... |
| CVE-2017-5407 | MEDIUM | 6.5 | 1 | 2018-06-11 | Using SVG filters that don't use the fixed point math implementation on a target iframe, a malicious... |
| CVE-2016-9067 | MEDIUM | 6.5 | 1 | 2018-06-11 | Two use-after-free errors during DOM operations resulting in potentially exploitable crashes. This v... |
| CVE-2016-5292 | MEDIUM | 6.5 | 1 | 2018-06-11 | During URL parsing, a maliciously crafted URL can cause a potentially exploitable crash. This vulner... |
| CVE-2016-5282 | MEDIUM | 6.5 | 1 | 2016-09-22 | Mozilla Firefox before 49.0 does not properly restrict the scheme in favicon requests, which might a... |
| CVE-2016-5271 | MEDIUM | 6.5 | 1 | 2016-09-22 | The PropertyProvider::GetSpacingInternal function in Mozilla Firefox before 49.0 allows remote attac... |
| CVE-2016-5260 | MEDIUM | 6.5 | 1 | 2016-08-05 | Mozilla Firefox before 48.0 mishandles changes from 'INPUT type="password"' to 'INPUT type="text"' w... |
| CVE-2016-2829 | MEDIUM | 6.5 | 1 | 2016-06-13 | Mozilla Firefox before 47.0 allows remote attackers to spoof permission notifications via a crafted ... |
| CVE-2016-2827 | MEDIUM | 6.5 | 1 | 2016-09-22 | The mozilla::net::IsValidReferrerPolicy function in Mozilla Firefox before 49.0 allows remote attack... |
| CVE-2016-2825 | MEDIUM | 6.5 | 1 | 2016-06-13 | Mozilla Firefox before 47.0 allows remote attackers to bypass the Same Origin Policy and modify the ... |
| CVE-2016-2822 | MEDIUM | 6.5 | 1 | 2016-06-13 | Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2 allow remote attackers to spoof the add... |
| CVE-2016-2816 | MEDIUM | 6.5 | 1 | 2016-04-30 | Mozilla Firefox before 46.0 allows remote attackers to bypass the Content Security Policy (CSP) prot... |
| CVE-2016-2813 | MEDIUM | 6.5 | 1 | 2016-04-30 | Mozilla Firefox before 46.0 on Android does not properly restrict JavaScript access to orientation a... |
| CVE-2016-1967 | MEDIUM | 6.5 | 1 | 2016-03-13 | Mozilla Firefox before 45.0 does not properly restrict the availability of IFRAME Resource Timing AP... |
| CVE-2016-1956 | MEDIUM | 6.5 | 1 | 2016-03-13 | Mozilla Firefox before 45.0 on Linux, when an Intel video driver is used, allows remote attackers to... |
| CVE-2016-1933 | MEDIUM | 6.5 | 1 | 2016-01-31 | Integer overflow in the image-deinterlacing functionality in Mozilla Firefox before 44.0 allows remo... |
| CVE-2014-1523 | MEDIUM | 6.5 | 1 | 2014-04-30 | Heap-based buffer overflow in the read_u32 function in Mozilla Firefox before 29.0, Firefox ESR 24.x... |
| CVE-2013-1689 | MEDIUM | 6.5 | 1 | 2019-12-10 | Mozilla Firefox 20.0a1 and earlier allows remote attackers to cause a denial of service (crash), rel... |
| CVE-2013-1675 | MEDIUM | 6.5 | 1 | 2013-05-16 | Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6, and Thunderb... |
| CVE-2011-2669 | MEDIUM | 6.5 | 1 | 2020-01-21 | Mozilla Firefox prior to 3.6 has a DoS vulnerability due to an issue in the validation of certificat... |
| CVE-2005-0587 | MEDIUM | 6.5 | 1 | 2005-03-25 | Firefox before 1.0.1 and Mozilla before 1.7.6 allows remote malicious web sites to overwrite arbitra... |
| CVE-2023-32032 | MEDIUM | 6.5 | 1 | 2023-06-14 | .NET and Visual Studio Elevation of Privilege Vulnerability |
| CVE-2016-3189 | MEDIUM | 6.5 | 1 | 2016-06-30 | Use-after-free vulnerability in bzip2recover in bzip2 1.0.6 allows remote attackers to cause a denia... |
| CVE-2024-4854 | MEDIUM | 6.4 | 1 | 2024-05-14 | MONGO and ZigBee TLV dissector infinite loops in Wireshark 4.2.0 to 4.2.4, 4.0.0 to 4.0.14, and 3.6.... |
| CVE-2018-1000182 | MEDIUM | 6.4 | 3 | 2018-06-05 | A server-side request forgery vulnerability exists in Jenkins Git Plugin 3.9.0 and older in Assembla... |
| CVE-2015-4520 | MEDIUM | 6.4 | 1 | 2015-09-24 | Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 allow remote attackers to bypass CORS p... |
| CVE-2015-4512 | MEDIUM | 6.4 | 1 | 2015-09-24 | gfx/2d/DataSurfaceHelpers.cpp in Mozilla Firefox before 41.0 on Linux improperly attempts to use the... |
| CVE-2015-4504 | MEDIUM | 6.4 | 1 | 2015-09-24 | The lut_inverse_interp16 function in the QCMS library in Mozilla Firefox before 41.0 allows remote a... |
| CVE-2015-0811 | MEDIUM | 6.4 | 1 | 2015-04-01 | The QCMS implementation in Mozilla Firefox before 37.0 allows remote attackers to obtain sensitive i... |
| CVE-2014-1577 | MEDIUM | 6.4 | 1 | 2014-10-15 | The mozilla::dom::OscillatorNodeEngine::ComputeCustom function in the Web Audio subsystem in Mozilla... |
| CVE-2014-1506 | MEDIUM | 6.4 | 1 | 2014-03-19 | Directory traversal vulnerability in Android Crash Reporter in Mozilla Firefox before 28.0 on Androi... |
| CVE-2012-4196 | MEDIUM | 6.4 | 1 | 2012-10-29 | Mozilla Firefox before 16.0.2, Firefox ESR 10.x before 10.0.10, Thunderbird before 16.0.2, Thunderbi... |
| CVE-2005-2706 | MEDIUM | 6.4 | 1 | 2005-09-23 | Firefox before 1.0.7 and Mozilla before Suite 1.7.12 allows remote attackers to execute Javascript w... |
| CVE-2023-25584 | MEDIUM | 6.3 | 1 | 2023-09-14 | An out-of-bounds read flaw was found in the parse_module function in bfd/vms-alpha.c in Binutils. |
| CVE-2024-6600 | MEDIUM | 6.3 | 1 | 2024-07-09 | Due to large allocation checks in Angle for GLSL shaders being too lenient an out-of-bounds access c... |
| CVE-2024-33870 | MEDIUM | 6.3 | 1 | 2024-07-03 | An issue was discovered in Artifex Ghostscript before 10.03.1. There is path traversal (via a crafte... |
| CVE-2024-29510 | MEDIUM | 6.3 | 1 | 2024-07-03 | Artifex Ghostscript before 10.03.1 allows memory corruption, and SAFER sandbox bypass, via format st... |
| CVE-2019-11738 | MEDIUM | 6.3 | 1 | 2019-09-27 | If a Content Security Policy (CSP) directive is defined that uses a hash-based source that takes the... |
| CVE-2016-2837 | MEDIUM | 6.3 | 1 | 2016-08-05 | Heap-based buffer overflow in the ClearKey Content Decryption Module (CDM) in the Encrypted Media Ex... |
| CVE-2016-1975 | MEDIUM | 6.3 | 1 | 2016-03-13 | Multiple race conditions in dom/media/systemservices/CamerasChild.cpp in the WebRTC implementation i... |
| CVE-2025-48386 | MEDIUM | 6.3 | 2 | 2025-07-08 | Git is a fast, scalable, distributed revision control system with an unusually rich command set that... |
| CVE-2022-24512 | MEDIUM | 6.3 | 1 | 2022-03-09 | .NET and Visual Studio Remote Code Execution Vulnerability |
| CVE-2025-9714 | MEDIUM | 6.2 | 3 | 2025-09-10 | Uncontrolled recursion in XPath evaluation in libxml2 up to and including version 2.9.14 allows a lo... |
| CVE-2023-39804 | MEDIUM | 6.2 | 1 | 2024-03-27 | In GNU tar before 1.35, mishandled extension attributes in a PAX archive can lead to an application ... |
| CVE-2023-23946 | MEDIUM | 6.2 | 2 | 2023-02-14 | Git, a revision control system, is vulnerable to path traversal prior to versions 2.39.2, 2.38.4, 2.... |
| CVE-2025-10536 | MEDIUM | 6.2 | 1 | 2025-09-16 | Information disclosure in the Networking: Cache component. This vulnerability affects Firefox < 143,... |
| CVE-2024-3860 | MEDIUM | 6.2 | 1 | 2024-04-16 | An out-of-memory condition during object initialization could result in an empty shape list. If the ... |
| CVE-2013-1726 | MEDIUM | 6.2 | 1 | 2013-09-18 | Mozilla Updater in Mozilla Firefox before 24.0, Firefox ESR 17.x before 17.0.9, Thunderbird before 2... |
| CVE-2023-36042 | MEDIUM | 6.2 | 1 | 2023-11-14 | Visual Studio Denial of Service Vulnerability |
| CVE-2024-12086 | MEDIUM | 6.1 | 3 | 2025-01-14 | A flaw was found in rsync. It could allow a server to enumerate the contents of an arbitrary file fr... |
| CVE-2021-21684 | MEDIUM | 6.1 | 3 | 2021-10-06 | Jenkins Git Plugin 4.8.2 and earlier does not escape the Git SHA-1 checksum parameters provided to c... |
| CVE-2019-15485 | MEDIUM | 6.1 | 3 | 2019-08-23 | Bolt before 3.6.10 has XSS via createFolder or createFile in Controller/Async/FilesystemManager.php. |
| CVE-2019-15484 | MEDIUM | 6.1 | 3 | 2019-08-23 | Bolt before 3.6.10 has XSS via an image's alt or title field. |
| CVE-2019-15483 | MEDIUM | 6.1 | 3 | 2019-08-23 | Bolt before 3.6.10 has XSS via a title that is mishandled in the system log. |
| CVE-2025-6430 | MEDIUM | 6.1 | 1 | 2025-06-24 | When a file download is specified via the `Content-Disposition` header, that directive would be igno... |
| CVE-2025-55030 | MEDIUM | 6.1 | 1 | 2025-08-19 | Firefox for iOS would not respect a Content-Disposition header of type Attachment and would incorrec... |
| CVE-2025-13013 | MEDIUM | 6.1 | 1 | 2025-11-11 | Mitigation bypass in the DOM: Core & HTML component. This vulnerability affects Firefox < 145, Firef... |
| CVE-2025-11712 | MEDIUM | 6.1 | 1 | 2025-10-14 | A malicious page could have used the type attribute of an OBJECT tag to override the default browser... |
| CVE-2024-9397 | MEDIUM | 6.1 | 1 | 2024-10-01 | A missing delay in directory upload UI could have made it possible for an attacker to trick a user i... |
| CVE-2024-8386 | MEDIUM | 6.1 | 1 | 2024-09-03 | If a site had been granted the permission to open popup windows, it could cause Select elements to a... |
| CVE-2024-7524 | MEDIUM | 6.1 | 1 | 2024-08-06 | Firefox adds web-compatibility shims in place of some tracking scripts blocked by Enhanced Tracking ... |
| CVE-2024-5698 | MEDIUM | 6.1 | 1 | 2024-06-11 | By manipulating the fullscreen feature while opening a data-list, an attacker could have overlaid a ... |
| CVE-2024-5693 | MEDIUM | 6.1 | 1 | 2024-06-11 | Offscreen Canvas did not properly track cross-origin tainting, which could be used to access image d... |
| CVE-2024-4768 | MEDIUM | 6.1 | 1 | 2024-05-14 | A bug in popup notifications' interaction with WebAuthn made it easier for an attacker to trick a us... |
| CVE-2024-43113 | MEDIUM | 6.1 | 1 | 2024-08-06 | The contextual menu for links could provide an opportunity for cross-site scripting attacks This vul... |
| CVE-2024-43112 | MEDIUM | 6.1 | 1 | 2024-08-06 | Long pressing on a download link could potentially provide a means for cross-site scripting This vul... |
| CVE-2024-43111 | MEDIUM | 6.1 | 1 | 2024-08-06 | Long pressing on a download link could potentially allow Javascript commands to be executed within t... |
| CVE-2024-2610 | MEDIUM | 6.1 | 1 | 2024-03-19 | Using a markup injection an attacker could have stolen nonce values. This could have been used to by... |
| CVE-2024-2609 | MEDIUM | 6.1 | 1 | 2024-03-19 | The permission prompt input delay could expire while the window is not in focus. This makes it vulne... |
| CVE-2024-1551 | MEDIUM | 6.1 | 1 | 2024-02-20 | Set-Cookie response headers were being incorrectly honored in multipart HTTP responses. If an attack... |
| CVE-2024-1550 | MEDIUM | 6.1 | 1 | 2024-02-20 | A malicious website could have used a combination of exiting fullscreen mode and `requestPointerLock... |
| CVE-2024-1549 | MEDIUM | 6.1 | 1 | 2024-02-20 | If a website set a large custom cursor, portions of the cursor could have overlapped with the permis... |
| CVE-2024-11694 | MEDIUM | 6.1 | 1 | 2024-11-26 | Enhanced Tracking Protection's Strict mode may have inadvertently allowed a CSP `frame-src` bypass a... |
| CVE-2024-10461 | MEDIUM | 6.1 | 1 | 2024-10-29 | In multipart/x-mixed-replace responses, `Content-Disposition: attachment` in the response header was... |
| CVE-2023-6867 | MEDIUM | 6.1 | 1 | 2023-12-19 | The timing of a button click causing a popup to disappear was approximately the same length as the a... |
| CVE-2023-5758 | MEDIUM | 6.1 | 1 | 2023-10-25 | When opening a page in reader mode, the redirect URL could have caused attacker-controlled script to... |
| CVE-2023-49061 | MEDIUM | 6.1 | 1 | 2023-11-21 | An attacker could have performed HTML template injection via Reader Mode and exfiltrated user inform... |
| CVE-2023-34415 | MEDIUM | 6.1 | 1 | 2023-06-19 | When choosing a site-isolated process for a document loaded from a data: URL that was the result of ... |
| CVE-2023-29540 | MEDIUM | 6.1 | 1 | 2023-06-02 | Using a redirect embedded into <code>sourceMappingUrls</code> could allow for navigation to external... |
| CVE-2022-45418 | MEDIUM | 6.1 | 1 | 2022-12-22 | If a custom mouse cursor is specified in CSS, under certain circumstances the cursor could have been... |
| CVE-2022-45411 | MEDIUM | 6.1 | 1 | 2022-12-22 | Cross-Site Tracing occurs when a server will echo a request back via the Trace method, allowing an X... |
| CVE-2022-40956 | MEDIUM | 6.1 | 1 | 2022-12-22 | When injecting an HTML base element, some requests would ignore the CSP's base-uri settings and acce... |
| CVE-2022-36316 | MEDIUM | 6.1 | 1 | 2022-12-22 | When using the Performance API, an attacker was able to notice subtle differences between Performanc... |
| CVE-2022-34475 | MEDIUM | 6.1 | 1 | 2022-12-22 | SVG <code><use></code> tags that referenced a same-origin document could have resulted in scri... |
| CVE-2022-34474 | MEDIUM | 6.1 | 1 | 2022-12-22 | Even when an iframe was sandboxed with <code>allow-top-navigation-by-user-activation</code>, if it r... |
| CVE-2022-34473 | MEDIUM | 6.1 | 1 | 2022-12-22 | The HTML Sanitizer should have sanitized the <code>href</code> attribute of SVG <code><use></c... |
| CVE-2022-29912 | MEDIUM | 6.1 | 1 | 2022-12-22 | Requests initiated through reader mode did not properly omit cookies with a SameSite attribute. This... |
| CVE-2022-29911 | MEDIUM | 6.1 | 1 | 2022-12-22 | An improper implementation of the new iframe sandbox keyword <code>allow-top-navigation-by-user-acti... |
| CVE-2021-43543 | MEDIUM | 6.1 | 1 | 2021-12-08 | Documents loaded with the CSP sandbox directive could have escaped the sandbox's script restriction ... |
| CVE-2021-43532 | MEDIUM | 6.1 | 1 | 2021-12-08 | The 'Copy Image Link' context menu action would copy the final image URL after redirects. By embeddi... |
| CVE-2021-29953 | MEDIUM | 6.1 | 1 | 2021-06-24 | A malicious webpage could have forced a Firefox for Android user into executing attacker-controlled ... |
| CVE-2021-29944 | MEDIUM | 6.1 | 1 | 2021-06-24 | Lack of escaping allowed HTML injection when a webpage was viewed in Reader View. While a Content Se... |
| CVE-2021-23974 | MEDIUM | 6.1 | 1 | 2021-02-26 | The DOMParser API did not properly process '<noscript>' elements for escaping. This could be used as... |
| CVE-2021-23959 | MEDIUM | 6.1 | 1 | 2021-02-26 | An XSS bug in internal error pages could have led to various spoofing attacks, including other error... |
| CVE-2021-23955 | MEDIUM | 6.1 | 1 | 2021-02-26 | The browser could have been confused into transferring a pointer lock state into another tab, which ... |
| CVE-2020-6798 | MEDIUM | 6.1 | 1 | 2020-03-02 | If a template tag was used in a select tag, the parser could be confused and allow JavaScript parsin... |
| CVE-2020-26979 | MEDIUM | 6.1 | 1 | 2021-01-07 | When a user typed a URL in the address bar or the search bar and quickly hit the enter key, a websit... |
| CVE-2020-26978 | MEDIUM | 6.1 | 1 | 2021-01-07 | Using techniques that built on the slipstream research, a malicious webpage could have exposed both ... |
| CVE-2020-26962 | MEDIUM | 6.1 | 1 | 2020-12-09 | Cross-origin iframes that contained a login form could have been recognized by the login autofill se... |
| CVE-2020-26958 | MEDIUM | 6.1 | 1 | 2020-12-09 | Firefox did not block execution of scripts with incorrect MIME types when the response was intercept... |
| CVE-2020-26956 | MEDIUM | 6.1 | 1 | 2020-12-09 | In some cases, removing HTML elements during sanitization would keep existing SVG event handlers and... |
| CVE-2020-26951 | MEDIUM | 6.1 | 1 | 2020-12-09 | A parsing and event loading mismatch in Firefox's SVG code could have allowed load events to fire, e... |
| CVE-2020-15677 | MEDIUM | 6.1 | 1 | 2020-10-01 | By exploiting an Open Redirect vulnerability on a website, an attacker could have spoofed the site d... |
| CVE-2020-15676 | MEDIUM | 6.1 | 1 | 2020-10-01 | Firefox sometimes ran the onload handler for SVG elements that the DOM sanitizer decided to remove, ... |
| CVE-2019-17022 | MEDIUM | 6.1 | 1 | 2020-01-08 | When pasting a <style> tag from the clipboard into a rich text editor, the CSS sanitizer does ... |
| CVE-2019-17016 | MEDIUM | 6.1 | 1 | 2020-01-08 | When pasting a <style> tag from the clipboard into a rich text editor, the CSS sanitizer incor... |
| CVE-2019-17003 | MEDIUM | 6.1 | 1 | 2023-02-16 | Scanning a QR code that contained a javascript: URL would have resulted in the Javascript being exec... |
| CVE-2019-17000 | MEDIUM | 6.1 | 1 | 2020-01-08 | An object tag with a data URI did not correctly inherit the document's Content Security Policy. This... |
| CVE-2019-11763 | MEDIUM | 6.1 | 1 | 2020-01-08 | Failure to correctly handle null bytes when processing HTML entities resulted in Firefox incorrectly... |
| CVE-2019-11762 | MEDIUM | 6.1 | 1 | 2020-01-08 | If two same-origin documents set document.domain differently to become cross-origin, it was possible... |
| CVE-2019-11744 | MEDIUM | 6.1 | 1 | 2019-09-27 | Some HTML elements, such as <title> and <textarea>, can contain literal angle brackets w... |
| CVE-2019-11741 | MEDIUM | 6.1 | 1 | 2019-09-27 | A compromised sandboxed content process can perform a Universal Cross-site Scripting (UXSS) attack o... |
| CVE-2019-11724 | MEDIUM | 6.1 | 1 | 2019-07-23 | Application permissions give additional remote troubleshooting permission to the site input.mozilla.... |
| CVE-2019-11720 | MEDIUM | 6.1 | 1 | 2019-07-23 | Some unicode characters are incorrectly treated as whitespace during the parsing of web content inst... |
| CVE-2019-11715 | MEDIUM | 6.1 | 1 | 2019-07-23 | Due to an error while parsing page content, it is possible for properly sanitized user input to be m... |
| CVE-2019-11701 | MEDIUM | 6.1 | 1 | 2019-07-23 | The default webcal: protocol handler will load a web site vulnerable to cross-site scripting (XSS) a... |
| CVE-2018-5176 | MEDIUM | 6.1 | 1 | 2018-06-11 | The JSON Viewer displays clickable hyperlinks for strings that are parseable as URLs, including "jav... |
| CVE-2018-5175 | MEDIUM | 6.1 | 1 | 2018-06-11 | A mechanism to bypass Content Security Policy (CSP) protections on sites that have a "script-src" po... |
| CVE-2018-5164 | MEDIUM | 6.1 | 1 | 2018-06-11 | Content Security Policy (CSP) is not applied correctly to all parts of multipart content sent with t... |
| CVE-2018-5143 | MEDIUM | 6.1 | 1 | 2018-06-11 | URLs using "javascript:" have the protocol removed when pasted into the addressbar to protect users ... |
| CVE-2018-5124 | MEDIUM | 6.1 | 1 | 2019-04-26 | Unsanitized output in the browser UI leaves HTML tags in place and can result in arbitrary code exec... |
| CVE-2017-7840 | MEDIUM | 6.1 | 1 | 2018-06-11 | JavaScript can be injected into an exported bookmarks file by placing JavaScript code into user-supp... |
| CVE-2017-7839 | MEDIUM | 6.1 | 1 | 2018-06-11 | Control characters prepended before "javascript:" URLs pasted in the addressbar can cause the leadin... |
| CVE-2017-7834 | MEDIUM | 6.1 | 1 | 2018-06-11 | A "data:" URL loaded in a new tab did not inherit the Content Security Policy (CSP) of the original ... |
| CVE-2017-7799 | MEDIUM | 6.1 | 1 | 2018-06-11 | JavaScript in the "about:webrtc" page is not sanitized properly being assigned to "innerHTML". Data ... |
| CVE-2017-5466 | MEDIUM | 6.1 | 1 | 2018-06-11 | If a page is loaded from an original site through a hyperlink and contains a redirect to a "data:tex... |
| CVE-2017-5458 | MEDIUM | 6.1 | 1 | 2018-06-11 | When a "javascript:" URL is drag and dropped by a user into the addressbar, the URL will be processe... |
| CVE-2017-5393 | MEDIUM | 6.1 | 1 | 2018-06-11 | The "mozAddonManager" allows for the installation of extensions from the CDN for addons.mozilla.org,... |
| CVE-2017-5389 | MEDIUM | 6.1 | 1 | 2018-06-11 | WebExtensions could use the "mozAddonManager" API by modifying the CSP headers on sites with the app... |
| CVE-2016-9903 | MEDIUM | 6.1 | 1 | 2018-06-11 | Mozilla's add-ons SDK had a world-accessible resource with an HTML injection vulnerability. If an ad... |
| CVE-2016-9895 | MEDIUM | 6.1 | 1 | 2018-06-11 | Event handlers on "marquee" elements were executed despite a strict Content Security Policy (CSP) th... |
| CVE-2016-5262 | MEDIUM | 6.1 | 1 | 2016-08-05 | Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 process JavaScript event-handler attrib... |
| CVE-2016-2833 | MEDIUM | 6.1 | 1 | 2016-06-13 | Mozilla Firefox before 47.0 ignores Content Security Policy (CSP) directives for cross-domain Java a... |
| CVE-2016-1937 | MEDIUM | 6.1 | 1 | 2016-01-31 | The protocol-handler dialog in Mozilla Firefox before 44.0 allows remote attackers to conduct clickj... |
| CVE-2014-1530 | MEDIUM | 6.1 | 1 | 2014-04-30 | The docshell implementation in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbir... |
| CVE-2011-3656 | MEDIUM | 6.1 | 1 | 2021-06-02 | Cross-site scripting (XSS) vulnerability in Mozilla Firefox before 3.6.24 and 4.x through 7 allows r... |
| CVE-2011-2670 | MEDIUM | 6.1 | 1 | 2020-01-13 | Mozilla Firefox before 3.6 is vulnerable to XSS via the rendering of Cascading Style Sheets |
| CVE-2022-24765 | MEDIUM | 6.0 | 1 | 2022-04-12 | Git for Windows is a fork of Git containing Windows-specific patches. This vulnerability affects use... |
| CVE-2019-13636 | MEDIUM | 5.9 | 3 | 2019-07-17 | In GNU patch through 2.7.6, the following of symlinks is mishandled in certain cases other than inpu... |
| CVE-2023-28321 | MEDIUM | 5.9 | 1 | 2023-05-26 | An improper certificate validation vulnerability exists in curl <v8.1.0 in the way it supports match... |
| CVE-2023-28320 | MEDIUM | 5.9 | 1 | 2023-05-26 | A denial of service vulnerability exists in curl <v8.1.0 in the way libcurl provides several differe... |
| CVE-2023-1255 | MEDIUM | 5.9 | 1 | 2023-04-20 | Issue summary: The AES-XTS cipher decryption implementation for 64 bit ARM platform contains a bug t... |
| CVE-2022-43552 | MEDIUM | 5.9 | 1 | 2023-02-09 | A use after free vulnerability exists in curl <7.87.0. Curl can be asked to *tunnel* virtually all p... |
| CVE-2022-32208 | MEDIUM | 5.9 | 1 | 2022-07-07 | When curl < 7.84.0 does FTP transfers secured by krb5, it handles message verification failures wron... |
| CVE-2022-1434 | MEDIUM | 5.9 | 1 | 2022-05-03 | The OpenSSL 3.0 implementation of the RC4-MD5 ciphersuite incorrectly uses the AAD data as the MAC k... |
| CVE-2025-4082 | MEDIUM | 5.9 | 1 | 2025-04-29 | Modification of specific WebGL shader attributes could trigger an out-of-bounds read, which, when ch... |
| CVE-2024-4775 | MEDIUM | 5.9 | 1 | 2024-05-14 | An iterator stop condition was missing when handling WASM code in the built-in profiler, potentially... |
| CVE-2024-4772 | MEDIUM | 5.9 | 1 | 2024-05-14 | An HTTP digest authentication nonce value was generated using `rand()` which could lead to predictab... |
| CVE-2024-4769 | MEDIUM | 5.9 | 1 | 2024-05-14 | When importing resources using Web Workers, error messages would distinguish the difference between ... |
| CVE-2024-3859 | MEDIUM | 5.9 | 1 | 2024-04-16 | On 32-bit versions there were integer-overflows that led to an out-of-bounds-read that potentially c... |
| CVE-2024-2605 | MEDIUM | 5.9 | 1 | 2024-03-19 | An attacker could have leveraged the Windows Error Reporter to run arbitrary code on the system esca... |
| CVE-2023-4049 | MEDIUM | 5.9 | 1 | 2023-08-01 | Race conditions in reference counting code were found through code inspection. These could have resu... |
| CVE-2020-12413 | MEDIUM | 5.9 | 1 | 2023-02-16 | The Raccoon attack is a timing attack on DHE ciphersuites inherit in the TLS specification. To mitig... |
| CVE-2019-9816 | MEDIUM | 5.9 | 1 | 2019-07-23 | A possible vulnerability exists where type confusion can occur when manipulating JavaScript objects ... |
| CVE-2019-9793 | MEDIUM | 5.9 | 1 | 2019-04-26 | A mechanism was discovered that removes some bounds checking for string, array, or typed array acces... |
| CVE-2018-5131 | MEDIUM | 5.9 | 1 | 2018-06-11 | Under certain circumstances the "fetch()" API can return transient local copies of resources that we... |
| CVE-2018-18506 | MEDIUM | 5.9 | 1 | 2019-02-05 | When proxy auto-detection is enabled, if a web server serves a Proxy Auto-Configuration (PAC) file o... |
| CVE-2017-7781 | MEDIUM | 5.9 | 1 | 2018-06-11 | An error occurs in the elliptic curve point addition algorithm that uses mixed Jacobian-affine coord... |
| CVE-2017-5384 | MEDIUM | 5.9 | 1 | 2018-06-11 | Proxy Auto-Config (PAC) files can specify a JavaScript function called for all URL requests with the... |
| CVE-2016-9076 | MEDIUM | 5.9 | 1 | 2018-06-11 | An issue where a "<select>" dropdown menu can be used to cover location bar content, resulting in po... |
| CVE-2016-9074 | MEDIUM | 5.9 | 1 | 2018-06-11 | An existing mitigation of timing side-channel attacks is insufficient in some circumstances. This is... |
| CVE-2016-9064 | MEDIUM | 5.9 | 1 | 2018-06-11 | Add-on updates failed to verify that the add-on ID inside the signed package matched the ID of the a... |
| CVE-2016-5288 | MEDIUM | 5.9 | 1 | 2018-06-11 | Web content could access information in the HTTP cache if e10s is disabled. This can reveal some vis... |
| CVE-2015-7575 | MEDIUM | 5.9 | 1 | 2016-01-09 | Mozilla Network Security Services (NSS) before 3.20.2, as used in Mozilla Firefox before 43.0.2 and ... |
| CVE-2013-6673 | MEDIUM | 5.9 | 1 | 2013-12-11 | Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey be... |
| CVE-2013-2566 | MEDIUM | 5.9 | 1 | 2013-03-15 | The RC4 algorithm, as used in the TLS protocol and SSL protocol, has many single-byte biases, which ... |
| CVE-2009-2408 | MEDIUM | 5.9 | 1 | 2009-07-30 | Mozilla Network Security Services (NSS) before 3.12.3, Firefox before 3.0.13, Thunderbird before 2.0... |
| CVE-2025-53057 | MEDIUM | 5.9 | 1 | 2025-10-21 | Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition produ... |
| CVE-2025-30761 | MEDIUM | 5.9 | 1 | 2025-07-15 | Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (co... |
| CVE-2024-31497 | MEDIUM | 5.9 | 1 | 2024-04-15 | In PuTTY 0.68 through 0.80 before 0.81, biased ECDSA nonce generation allows an attacker to recover ... |
| CVE-2024-20926 | MEDIUM | 5.9 | 1 | 2024-01-16 | Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition produ... |
| CVE-2024-20921 | MEDIUM | 5.9 | 1 | 2024-02-17 | Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition produ... |
| CVE-2024-20919 | MEDIUM | 5.9 | 1 | 2024-02-17 | Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition produ... |
| CVE-2023-22043 | MEDIUM | 5.9 | 1 | 2023-07-18 | Vulnerability in Oracle Java SE (component: JavaFX). The supported version that is affected is Ora... |
| CVE-2023-21967 | MEDIUM | 5.9 | 1 | 2023-04-18 | Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (co... |
| CVE-2023-21954 | MEDIUM | 5.9 | 1 | 2023-04-18 | Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (co... |
| CVE-2022-34716 | MEDIUM | 5.9 | 1 | 2022-08-09 | .NET Spoofing Vulnerability |
| CVE-2022-21541 | MEDIUM | 5.9 | 1 | 2022-07-19 | Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (co... |
| CVE-2014-1561 | MEDIUM | 5.8 | 1 | 2014-07-23 | Mozilla Firefox before 31.0 does not properly restrict use of drag-and-drop events to spoof customiz... |
| CVE-2014-1552 | MEDIUM | 5.8 | 1 | 2014-07-23 | Mozilla Firefox before 31.0 and Thunderbird before 31.0 do not properly implement the sandbox attrib... |
| CVE-2014-1501 | MEDIUM | 5.8 | 1 | 2014-03-19 | Mozilla Firefox before 28.0 on Android allows remote attackers to bypass the Same Origin Policy and ... |
| CVE-2013-5611 | MEDIUM | 5.8 | 1 | 2013-12-11 | Mozilla Firefox before 26.0 does not properly remove the Application Installation doorhanger, which ... |
| CVE-2013-0794 | MEDIUM | 5.8 | 1 | 2013-04-03 | Mozilla Firefox before 20.0 and SeaMonkey before 2.17 do not prevent origin spoofing of tab-modal di... |
| CVE-2013-0772 | MEDIUM | 5.8 | 1 | 2013-02-19 | The RasterImage::DrawFrameTo function in Mozilla Firefox before 19.0, Thunderbird before 17.0.3, and... |
| CVE-2013-0751 | MEDIUM | 5.8 | 1 | 2013-01-13 | Mozilla Firefox before 18.0 on Android and SeaMonkey before 2.15 do not restrict a touch event to a ... |
| CVE-2010-3178 | MEDIUM | 5.8 | 1 | 2010-10-21 | Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1... |
| CVE-2009-0777 | MEDIUM | 5.8 | 1 | 2009-03-05 | Mozilla Firefox before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey before 1.1.15 decode invisi... |
| CVE-2009-0652 | MEDIUM | 5.8 | 1 | 2009-02-20 | The Internationalized Domain Names (IDN) blacklist in Mozilla Firefox 3.0.6 and other versions befor... |
| CVE-2008-7293 | MEDIUM | 5.8 | 1 | 2011-08-09 | Mozilla Firefox before 4 cannot properly restrict modifications to cookies established in HTTPS sess... |
| CVE-2023-28736 | MEDIUM | 5.7 | 1 | 2023-08-11 | Buffer overflow in some Intel(R) SSD Tools software before version mdadm-4.2-rc2 may allow a privile... |
| CVE-2022-27774 | MEDIUM | 5.7 | 1 | 2022-06-02 | An insufficiently protected credentials vulnerability exists in curl 4.9 to and include curl 7.82.0 ... |
| CVE-2025-4084 | MEDIUM | 5.7 | 1 | 2025-04-29 | Due to insufficient escaping of the special characters in the "copy as cURL" feature, an attacker co... |
| CVE-2024-11703 | MEDIUM | 5.7 | 1 | 2024-11-26 | On Android, Firefox may have inadvertently allowed viewing saved passwords without the required devi... |
| CVE-2025-32414 | MEDIUM | 5.6 | 3 | 2025-04-08 | In libxml2 before 2.13.8 and 2.14.x before 2.14.2, out-of-bounds memory access can occur in the Pyth... |
| CVE-2025-30698 | MEDIUM | 5.6 | 1 | 2025-04-15 | Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition produ... |
| CVE-2023-21567 | MEDIUM | 5.6 | 1 | 2023-02-14 | Visual Studio Denial of Service Vulnerability |
| CVE-2025-11626 | MEDIUM | 5.5 | 1 | 2025-10-10 | MONGO dissector infinite loop in Wireshark 4.4.0 to 4.4.9 and 4.2.0 to 4.2.13 allows denial of servi... |
| CVE-2024-8645 | MEDIUM | 5.5 | 1 | 2024-09-10 | SPRT dissector crash in Wireshark 4.2.0 to 4.0.5 and 4.0.0 to 4.0.15 allows denial of service via pa... |
| CVE-2024-0684 | MEDIUM | 5.5 | 2 | 2024-02-06 | A flaw was found in the GNU coreutils "split" program. A heap overflow with user-controlled data of ... |
| CVE-2022-0530 | MEDIUM | 5.5 | 2 | 2022-02-09 | A flaw was found in Unzip. The vulnerability occurs during the conversion of a wide string to a loca... |
| CVE-2022-0529 | MEDIUM | 5.5 | 2 | 2022-02-09 | A flaw was found in Unzip. The vulnerability occurs during the conversion of a wide string to a loca... |
| CVE-2019-9706 | MEDIUM | 5.5 | 3 | 2019-03-12 | Vixie Cron before the 3.0pl1-133 Debian package allows local users to cause a denial of service (use... |
| CVE-2019-20633 | MEDIUM | 5.5 | 3 | 2020-03-25 | GNU patch through 2.7.6 contains a free(p_line[p_end]) Double Free vulnerability in the function ano... |
| CVE-2018-18384 | MEDIUM | 5.5 | 2 | 2018-10-16 | Info-ZIP UnZip 6.0 has a buffer overflow in list.c, when a ZIP archive has a crafted relationship be... |
| CVE-2023-5441 | MEDIUM | 5.5 | 1 | 2023-10-05 | NULL Pointer Dereference in GitHub repository vim/vim prior to 20d161ace307e28690229b68584f2d84556f8... |
| CVE-2023-2609 | MEDIUM | 5.5 | 1 | 2023-05-09 | NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.1531. |
| CVE-2023-2426 | MEDIUM | 5.5 | 1 | 2023-04-29 | Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior to 9.0.1499. |
| CVE-2023-22490 | MEDIUM | 5.5 | 2 | 2023-02-14 | Git is a revision control system. Using a specially-crafted repository, Git prior to versions 2.39.2... |
| CVE-2023-1355 | MEDIUM | 5.5 | 1 | 2023-03-11 | NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.1402. |
| CVE-2023-1264 | MEDIUM | 5.5 | 1 | 2023-03-07 | NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.1392. |
| CVE-2022-48554 | MEDIUM | 5.5 | 1 | 2023-08-22 | File before 5.43 has an stack-based buffer over-read in file_copystr in funcs.c. NOTE: "File" is the... |
| CVE-2022-48303 | MEDIUM | 5.5 | 1 | 2023-01-30 | GNU Tar through 1.34 has a one-byte out-of-bounds read that results in use of uninitialized memory f... |
| CVE-2022-48065 | MEDIUM | 5.5 | 1 | 2023-08-22 | GNU Binutils before 2.40 was discovered to contain a memory leak vulnerability var the function find... |
| CVE-2022-48064 | MEDIUM | 5.5 | 1 | 2023-08-22 | GNU Binutils before 2.40 was discovered to contain an excessive memory consumption vulnerability via... |
| CVE-2022-48063 | MEDIUM | 5.5 | 1 | 2023-08-22 | GNU Binutils before 2.40 was discovered to contain an excessive memory consumption vulnerability via... |
| CVE-2022-47011 | MEDIUM | 5.5 | 1 | 2023-08-22 | An issue was discovered function parse_stab_struct_fields in stabs.c in Binutils 2.34 thru 2.38, all... |
| CVE-2022-47010 | MEDIUM | 5.5 | 1 | 2023-08-22 | An issue was discovered function pr_function_type in prdbg.c in Binutils 2.34 thru 2.38, allows atta... |
| CVE-2022-47008 | MEDIUM | 5.5 | 1 | 2023-08-22 | An issue was discovered function make_tempdir, and make_tempname in bucomm.c in Binutils 2.34 thru 2... |
| CVE-2022-47007 | MEDIUM | 5.5 | 1 | 2023-08-22 | An issue was discovered function stab_demangle_v3_arg in stabs.c in Binutils 2.34 thru 2.38, allows ... |
| CVE-2022-4415 | MEDIUM | 5.5 | 1 | 2023-01-11 | A vulnerability was found in systemd. This security flaw can cause a local information leak due to s... |
| CVE-2022-4293 | MEDIUM | 5.5 | 1 | 2022-12-05 | Floating Point Comparison with Incorrect Operator in GitHub repository vim/vim prior to 9.0.0804. |
| CVE-2022-39253 | MEDIUM | 5.5 | 2 | 2022-10-19 | Git is an open source, scalable, distributed revision control system. Versions prior to 2.30.6, 2.31... |
| CVE-2022-38533 | MEDIUM | 5.5 | 1 | 2022-08-26 | In GNU Binutils before 2.40, there is a heap-buffer-overflow in the error function bfd_getl32 when c... |
| CVE-2022-3821 | MEDIUM | 5.5 | 1 | 2022-11-08 | An off-by-one Error issue was discovered in Systemd in format_timespan() function of time-util.c. An... |
| CVE-2022-3278 | MEDIUM | 5.5 | 1 | 2022-09-23 | NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.0552. |
| CVE-2022-3153 | MEDIUM | 5.5 | 1 | 2022-09-08 | NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.0404. |
| CVE-2022-2980 | MEDIUM | 5.5 | 1 | 2022-08-25 | NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.0259. |
| CVE-2022-2923 | MEDIUM | 5.5 | 1 | 2022-08-22 | NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.0240. |
| CVE-2022-2874 | MEDIUM | 5.5 | 1 | 2022-08-18 | NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.0224. |
| CVE-2022-28658 | MEDIUM | 5.5 | 1 | 2024-06-04 | Apport argument parsing mishandles filename splitting on older kernels resulting in argument spoofin... |
| CVE-2022-28656 | MEDIUM | 5.5 | 1 | 2024-06-04 | is_closing_session() allows users to consume RAM in the Apport process |
| CVE-2022-28654 | MEDIUM | 5.5 | 1 | 2024-06-04 | is_closing_session() allows users to fill up apport.log |
| CVE-2022-28652 | MEDIUM | 5.5 | 1 | 2024-06-04 | ~/.config/apport/settings parsing is vulnerable to "billion laughs" attack |
| CVE-2022-27943 | MEDIUM | 5.5 | 1 | 2022-03-26 | libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrate... |
| CVE-2022-2231 | MEDIUM | 5.5 | 1 | 2022-06-28 | NULL Pointer Dereference in GitHub repository vim/vim prior to 8.2. |
| CVE-2022-2208 | MEDIUM | 5.5 | 1 | 2022-06-27 | NULL Pointer Dereference in GitHub repository vim/vim prior to 8.2.5163. |
| CVE-2022-1771 | MEDIUM | 5.5 | 1 | 2022-05-18 | Uncontrolled Recursion in GitHub repository vim/vim prior to 8.2.4975. |
| CVE-2022-1725 | MEDIUM | 5.5 | 1 | 2022-09-29 | NULL Pointer Dereference in GitHub repository vim/vim prior to 8.2.4959. |
| CVE-2022-1674 | MEDIUM | 5.5 | 1 | 2022-05-12 | NULL Pointer Dereference in function vim_regexec_string at regexp.c:2733 in GitHub repository vim/vi... |
| CVE-2022-1420 | MEDIUM | 5.5 | 1 | 2022-04-21 | Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior to 8.2.4774. |
| CVE-2022-0714 | MEDIUM | 5.5 | 1 | 2022-02-22 | Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.4436. |
| CVE-2022-0696 | MEDIUM | 5.5 | 1 | 2022-02-21 | NULL Pointer Dereference in GitHub repository vim/vim prior to 8.2.4428. |
| CVE-2022-0563 | MEDIUM | 5.5 | 1 | 2022-02-21 | A flaw was found in the util-linux chfn and chsh utilities when compiled with Readline support. The ... |
| CVE-2022-0156 | MEDIUM | 5.5 | 1 | 2022-01-10 | vim is vulnerable to Use After Free |
| CVE-2021-3997 | MEDIUM | 5.5 | 1 | 2022-08-23 | A flaw was found in systemd. An uncontrolled recursion in systemd-tmpfiles may lead to a denial of s... |
| CVE-2021-3996 | MEDIUM | 5.5 | 1 | 2022-08-23 | A logic error was found in the libmount library of util-linux in the function that allows an unprivi... |
| CVE-2021-3995 | MEDIUM | 5.5 | 1 | 2022-08-23 | A logic error was found in the libmount library of util-linux in the function that allows an unprivi... |
| CVE-2024-6613 | MEDIUM | 5.5 | 1 | 2024-07-09 | The frame iterator could get stuck in a loop when encountering certain wasm frames leading to incorr... |
| CVE-2024-46955 | MEDIUM | 5.5 | 1 | 2024-11-10 | An issue was discovered in psi/zcolor.c in Artifex Ghostscript before 10.04.0. There is an out-of-bo... |
| CVE-2024-2611 | MEDIUM | 5.5 | 1 | 2024-03-19 | A missing delay on when pointer lock was used could have allowed a malicious page to trick a user in... |
| CVE-2023-52722 | MEDIUM | 5.5 | 1 | 2024-04-28 | An issue was discovered in Artifex Ghostscript before 10.03.1. psi/zmisc1.c, when SAFER mode is used... |
| CVE-2022-3266 | MEDIUM | 5.5 | 1 | 2022-12-22 | An out-of-bounds read can occur when decoding H264 video. This results in a potentially exploitable ... |
| CVE-2020-12392 | MEDIUM | 5.5 | 1 | 2020-05-26 | The 'Copy as cURL' feature of Devtools' network tab did not properly escape the HTTP POST data of a ... |
| CVE-2018-12383 | MEDIUM | 5.5 | 1 | 2018-10-18 | If a user saved passwords before Firefox 58 and then later set a master password, an unencrypted cop... |
| CVE-2017-5427 | MEDIUM | 5.5 | 1 | 2018-06-11 | A non-existent chrome.manifest file will attempt to be loaded during startup from the primary instal... |
| CVE-2017-5414 | MEDIUM | 5.5 | 1 | 2018-06-11 | The file picker dialog can choose and display the wrong local default directory when instantiated. O... |
| CVE-2016-5291 | MEDIUM | 5.5 | 1 | 2018-06-11 | A same-origin policy bypass with local shortcut files to load arbitrary local content from disk. Thi... |
| CVE-2016-5265 | MEDIUM | 5.5 | 1 | 2016-08-05 | Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 allow user-assisted remote attackers to... |
| CVE-2014-1496 | MEDIUM | 5.5 | 1 | 2014-03-19 | Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey be... |
| CVE-2025-32703 | MEDIUM | 5.5 | 1 | 2025-05-13 | Insufficient granularity of access control in Visual Studio allows an authorized attacker to disclos... |
| CVE-2024-43603 | MEDIUM | 5.5 | 1 | 2024-10-08 | Visual Studio Collector Service Denial of Service Vulnerability |
| CVE-2023-33139 | MEDIUM | 5.5 | 1 | 2023-06-14 | Visual Studio Information Disclosure Vulnerability |
| CVE-2023-28299 | MEDIUM | 5.5 | 1 | 2023-04-11 | Visual Studio Spoofing Vulnerability |
| CVE-2023-28263 | MEDIUM | 5.5 | 1 | 2023-04-11 | Visual Studio Information Disclosure Vulnerability |
| CVE-2022-30184 | MEDIUM | 5.5 | 1 | 2022-06-15 | .NET and Visual Studio Information Disclosure Vulnerability |
| CVE-2020-2136 | MEDIUM | 5.4 | 3 | 2020-03-09 | Jenkins Git Plugin 4.2.0 and earlier does not escape the error message for the repository URL for Mi... |
| CVE-2025-54144 | MEDIUM | 5.4 | 1 | 2025-08-19 | The URL scheme used by Firefox to facilitate searching of text queries could incorrectly allow attac... |
| CVE-2025-5267 | MEDIUM | 5.4 | 1 | 2025-05-27 | A clickjacking vulnerability could have been used to trick a user into leaking saved payment card de... |
| CVE-2025-10531 | MEDIUM | 5.4 | 1 | 2025-09-16 | Mitigation bypass in the Web Compatibility: Tooling component. This vulnerability affects Firefox < ... |
| CVE-2025-0237 | MEDIUM | 5.4 | 1 | 2025-01-07 | The WebChannel API, which is used to transport various information across processes, did not check t... |
| CVE-2024-53976 | MEDIUM | 5.4 | 1 | 2024-11-26 | Under certain circumstances, navigating to a webpage would result in the address missing from the lo... |
| CVE-2024-53975 | MEDIUM | 5.4 | 1 | 2024-11-26 | Accessing a non-secure HTTP site that uses a non-existent port may cause the SSL padlock icon in the... |
| CVE-2024-29507 | MEDIUM | 5.4 | 1 | 2024-07-03 | Artifex Ghostscript before 10.03.0 sometimes has a stack-based buffer overflow via the CIDFSubstPath... |
| CVE-2024-11696 | MEDIUM | 5.4 | 1 | 2024-11-26 | The application failed to account for exceptions thrown by the `loadManifestFromFile` method during ... |
| CVE-2024-11695 | MEDIUM | 5.4 | 1 | 2024-11-26 | A crafted URL containing Arabic script and whitespace characters could have hidden the true origin o... |
| CVE-2023-6206 | MEDIUM | 5.4 | 1 | 2023-11-21 | The black fade animation when exiting fullscreen is roughly the length of the anti-clickjacking dela... |
| CVE-2023-37455 | MEDIUM | 5.4 | 1 | 2023-07-12 | The permission request prompt from the site in the background tab was overlaid on top of the site in... |
| CVE-2023-25730 | MEDIUM | 5.4 | 1 | 2023-06-02 | A background script invoking <code>requestFullscreen</code> and then blocking the main thread could ... |
| CVE-2022-28286 | MEDIUM | 5.4 | 1 | 2022-12-22 | Due to a layout change, iframe contents could have been rendered outside of its border. This could h... |
| CVE-2019-11761 | MEDIUM | 5.4 | 1 | 2020-01-08 | By using a form with a data URI it was possible to gain access to the privileged JSONView object tha... |
| CVE-2017-7823 | MEDIUM | 5.4 | 1 | 2018-06-11 | The content security policy (CSP) "sandbox" directive did not create a unique origin for the documen... |
| CVE-2016-2817 | MEDIUM | 5.4 | 1 | 2016-04-30 | The WebExtension sandbox feature in browser/components/extensions/ext-tabs.js in Mozilla Firefox bef... |
| CVE-2013-1717 | MEDIUM | 5.4 | 1 | 2013-08-07 | Mozilla Firefox before 23.0, Firefox ESR 17.x before 17.0.8, Thunderbird before 17.0.8, Thunderbird ... |
| CVE-2025-5245 | MEDIUM | 5.3 | 3 | 2025-05-27 | A vulnerability classified as critical has been found in GNU Binutils up to 2.44. This affects the f... |
| CVE-2025-5244 | MEDIUM | 5.3 | 3 | 2025-05-27 | A vulnerability was found in GNU Binutils up to 2.44. It has been rated as critical. Affected by thi... |
| CVE-2024-0853 | MEDIUM | 5.3 | 2 | 2024-02-03 | curl inadvertently kept the SSL session ID for connections in its cache even when the verify status ... |
| CVE-2022-36884 | MEDIUM | 5.3 | 3 | 2022-07-27 | The webhook endpoint in Jenkins Git Plugin 4.11.3 and earlier provide unauthenticated attackers info... |
| CVE-2020-28925 | MEDIUM | 5.3 | 3 | 2020-12-30 | Bolt before 3.7.2 does not restrict filter options in a Request in the Twig context, and is therefor... |
| CVE-2018-1000110 | MEDIUM | 5.3 | 3 | 2018-03-13 | An improper authorization vulnerability exists in Jenkins Git Plugin version 3.7.0 and earlier in Gi... |
| CVE-2017-16754 | MEDIUM | 5.3 | 3 | 2017-11-10 | Bolt before 3.3.6 does not properly restrict access to _profiler routes, related to EventListener/Pr... |
| CVE-2023-2975 | MEDIUM | 5.3 | 1 | 2023-07-14 | Issue summary: The AES-SIV cipher implementation contains a bug that causes it to ignore empty assoc... |
| CVE-2023-28487 | MEDIUM | 5.3 | 1 | 2023-03-16 | Sudo before 1.9.13 does not escape control characters in sudoreplay output. |
| CVE-2023-28486 | MEDIUM | 5.3 | 1 | 2023-03-16 | Sudo before 1.9.13 does not escape control characters in log messages. |
| CVE-2022-1343 | MEDIUM | 5.3 | 1 | 2022-05-03 | The function `OCSP_basic_verify` verifies the signer certificate on an OCSP response. In the case wh... |
| CVE-2025-4090 | MEDIUM | 5.3 | 1 | 2025-04-29 | A vulnerability existed in Thunderbird for Android where potentially sensitive library locations wer... |
| CVE-2025-3035 | MEDIUM | 5.3 | 1 | 2025-04-01 | By first using the AI chatbot in one tab and later activating it in another tab, the document title ... |
| CVE-2025-1018 | MEDIUM | 5.3 | 1 | 2025-02-04 | The fullscreen notification is prematurely hidden when fullscreen is re-requested quickly by the use... |
| CVE-2025-0244 | MEDIUM | 5.3 | 1 | 2025-01-07 | When redirecting to an invalid protocol scheme, an attacker could spoof the address bar. *Note: Thi... |
| CVE-2025-0238 | MEDIUM | 5.3 | 1 | 2025-01-07 | Assuming a controlled failed memory allocation, an attacker could have caused a use-after-free, lead... |
| CVE-2024-9398 | MEDIUM | 5.3 | 1 | 2024-10-01 | By checking the result of calls to `window.open` with specifically set protocol handlers, an attacke... |
| CVE-2024-9395 | MEDIUM | 5.3 | 1 | 2024-10-01 | A specially crafted filename containing a large number of spaces could obscure the file's extension ... |
| CVE-2024-6612 | MEDIUM | 5.3 | 1 | 2024-07-09 | CSP violations generated links in the console tab of the developer tools, pointing to the violating ... |
| CVE-2024-5687 | MEDIUM | 5.3 | 1 | 2024-06-11 | If a specific sequence of actions is performed when opening a new tab, the triggering principal asso... |
| CVE-2024-3862 | MEDIUM | 5.3 | 1 | 2024-04-16 | The MarkStack assignment operator, part of the JavaScript engine, could access uninitialized memory ... |
| CVE-2024-33869 | MEDIUM | 5.3 | 1 | 2024-07-03 | An issue was discovered in Artifex Ghostscript before 10.03.1. Path traversal and command execution ... |
| CVE-2024-10468 | MEDIUM | 5.3 | 1 | 2024-10-29 | Potential race conditions in IndexedDB could have caused memory corruption, leading to a potentially... |
| CVE-2024-10460 | MEDIUM | 5.3 | 1 | 2024-10-29 | The origin of an external protocol handler prompt could have been obscured using a data: URL within ... |
| CVE-2023-5723 | MEDIUM | 5.3 | 1 | 2023-10-25 | An attacker with temporary script access to a site could have set a cookie containing invalid charac... |
| CVE-2023-5722 | MEDIUM | 5.3 | 1 | 2023-10-25 | Using iterative requests an attacker was able to learn the size of an opaque response, as well as th... |
| CVE-2023-4046 | MEDIUM | 5.3 | 1 | 2023-08-01 | In some circumstances, a stale value could have been used for a global variable in WASM JIT analysis... |
| CVE-2023-4045 | MEDIUM | 5.3 | 1 | 2023-08-01 | Offscreen Canvas did not properly track cross-origin tainting, which could have been used to access ... |
| CVE-2023-32208 | MEDIUM | 5.3 | 1 | 2023-06-19 | Service workers could reveal script base URL due to dynamic `import()`. This vulnerability affects F... |
| CVE-2022-36318 | MEDIUM | 5.3 | 1 | 2022-12-22 | When visiting directory listings for `chrome://` URLs as source text, some parameters were reflected... |
| CVE-2021-29965 | MEDIUM | 5.3 | 1 | 2021-06-24 | A malicious website that causes an HTTP Authentication dialog to be spawned could trick the built-in... |
| CVE-2021-29955 | MEDIUM | 5.3 | 1 | 2021-06-24 | A transient execution vulnerability, named Floating Point Value Injection (FPVI) allowed an attacker... |
| CVE-2021-23977 | MEDIUM | 5.3 | 1 | 2021-02-26 | Firefox for Android suffered from a time-of-check-time-of-use vulnerability that allowed a malicious... |
| CVE-2020-6829 | MEDIUM | 5.3 | 1 | 2020-10-28 | When performing EC scalar point multiplication, the wNAF point multiplication algorithm was used; wh... |
| CVE-2020-6813 | MEDIUM | 5.3 | 1 | 2020-03-25 | When protecting CSS blocks with the nonce feature of Content Security Policy, the @import statement ... |
| CVE-2020-6812 | MEDIUM | 5.3 | 1 | 2020-03-25 | The first time AirPods are connected to an iPhone, they become named after the user's name by defaul... |
| CVE-2020-15680 | MEDIUM | 5.3 | 1 | 2020-10-22 | If a valid external protocol handler was referenced in an image tag, the resulting broken image size... |
| CVE-2020-12405 | MEDIUM | 5.3 | 1 | 2020-07-09 | When browsing a malicious page, a race condition in our SharedWorkerService could occur and lead to ... |
| CVE-2019-9817 | MEDIUM | 5.3 | 1 | 2019-07-23 | Images from a different domain can be read using a canvas object in some circumstances. This could b... |
| CVE-2019-9808 | MEDIUM | 5.3 | 1 | 2019-04-26 | If WebRTC permission is requested from documents with data: or blob: URLs, the permission notificati... |
| CVE-2019-9797 | MEDIUM | 5.3 | 1 | 2019-04-26 | Cross-origin images can be read in violation of the same-origin policy by exporting an image after u... |
| CVE-2019-17018 | MEDIUM | 5.3 | 1 | 2020-01-08 | When in Private Browsing Mode on Windows 10, the Windows keyboard may retain word suggestions to imp... |
| CVE-2019-11737 | MEDIUM | 5.3 | 1 | 2019-09-27 | If a wildcard ('*') is specified for the host in Content Security Policy (CSP) directives, any port ... |
| CVE-2019-11727 | MEDIUM | 5.3 | 1 | 2019-07-23 | A vulnerability exists where it possible to force Network Security Services (NSS) to sign Certificat... |
| CVE-2019-11718 | MEDIUM | 5.3 | 1 | 2019-07-23 | Activity Stream can display content from sent from the Snippet Service website. This content is writ... |
| CVE-2019-11717 | MEDIUM | 5.3 | 1 | 2019-07-23 | A vulnerability exists where the caret ("^") character is improperly escaped constructing some URIs ... |
| CVE-2019-11698 | MEDIUM | 5.3 | 1 | 2019-07-23 | If a crafted hyperlink is dragged and dropped to the bookmark bar or sidebar and the resulting bookm... |
| CVE-2018-5173 | MEDIUM | 5.3 | 1 | 2018-06-11 | The filename appearing in the "Downloads" panel improperly renders some Unicode characters, allowing... |
| CVE-2018-5168 | MEDIUM | 5.3 | 1 | 2018-06-11 | Sites can bypass security checks on permissions to install lightweight themes by manipulating the "b... |
| CVE-2018-5165 | MEDIUM | 5.3 | 1 | 2018-06-11 | In 32-bit versions of Firefox, the Adobe Flash plugin setting for "Enable Adobe Flash protected mode... |
| CVE-2018-5142 | MEDIUM | 5.3 | 1 | 2018-06-11 | If Media Capture and Streams API permission is requested from documents with "data:" or "blob:" URLs... |
| CVE-2018-5140 | MEDIUM | 5.3 | 1 | 2018-06-11 | Image for moz-icons can be accessed through the "moz-icon:" protocol through script in web content e... |
| CVE-2018-5119 | MEDIUM | 5.3 | 1 | 2018-06-11 | The reader view will display cross-origin content when CORS headers are set to prohibit the loading ... |
| CVE-2018-5118 | MEDIUM | 5.3 | 1 | 2018-06-11 | The screenshot images displayed in the Activity Stream page displayed when a new tab is opened is cr... |
| CVE-2018-5117 | MEDIUM | 5.3 | 1 | 2018-06-11 | If right-to-left text is used in the addressbar with left-to-right alignment, it is possible in some... |
| CVE-2018-5114 | MEDIUM | 5.3 | 1 | 2018-06-11 | If an existing cookie is changed to be "HttpOnly" while a document is open, the original value remai... |
| CVE-2018-5109 | MEDIUM | 5.3 | 1 | 2018-06-11 | An audio capture session can started under an incorrect origin from the site making the capture requ... |
| CVE-2018-5107 | MEDIUM | 5.3 | 1 | 2018-06-11 | The printing process can bypass local access protections to read files available through symlinks, b... |
| CVE-2018-5106 | MEDIUM | 5.3 | 1 | 2018-06-11 | Style editor traffic in the Developer Tools can be routed through a service worker hosted on a third... |
| CVE-2018-12403 | MEDIUM | 5.3 | 1 | 2019-02-28 | If a site is loaded over a HTTPS connection but loads a favicon resource over HTTP, the mixed conten... |
| CVE-2017-7842 | MEDIUM | 5.3 | 1 | 2018-06-11 | If a document's Referrer Policy attribute is set to "no-referrer" sometimes two network requests are... |
| CVE-2017-7838 | MEDIUM | 5.3 | 1 | 2018-06-11 | Punycode format text will be displayed for entire qualified international domain names in some insta... |
| CVE-2017-7837 | MEDIUM | 5.3 | 1 | 2018-06-11 | SVG loaded through "<img>" tags can use "<meta>" tags within the SVG data to set cookies for that pa... |
| CVE-2017-7833 | MEDIUM | 5.3 | 1 | 2018-06-11 | Some Arabic and Indic vowel marker characters can be combined with Latin characters in a domain name... |
| CVE-2017-7832 | MEDIUM | 5.3 | 1 | 2018-06-11 | The combined, single character, version of the letter 'i' with any of the potential accents in unico... |
| CVE-2017-7831 | MEDIUM | 5.3 | 1 | 2018-06-11 | A vulnerability where the security wrapper does not deny access to some exposed properties using the... |
| CVE-2017-7822 | MEDIUM | 5.3 | 1 | 2018-06-11 | The AES-GCM implementation in WebCrypto API accepts 0-length IV when it should require a length of 1... |
| CVE-2017-7820 | MEDIUM | 5.3 | 1 | 2018-06-11 | The "instanceof" operator can bypass the Xray wrapper mechanism. When called on web content from the... |
| CVE-2017-7817 | MEDIUM | 5.3 | 1 | 2018-06-11 | A spoofing vulnerability can occur when a page switches to fullscreen mode without user notification... |
| CVE-2017-7816 | MEDIUM | 5.3 | 1 | 2018-06-11 | WebExtensions could use popups and panels in the extension UI to load an "about:" privileged URL, vi... |
| CVE-2017-7815 | MEDIUM | 5.3 | 1 | 2018-06-11 | On pages containing an iframe, the "data:" protocol can be used to create a modal dialog through Jav... |
| CVE-2017-7812 | MEDIUM | 5.3 | 1 | 2018-06-11 | If web content on a page is dragged onto portions of the browser UI, such as the tab bar, links can ... |
| CVE-2017-7808 | MEDIUM | 5.3 | 1 | 2018-06-11 | A content security policy (CSP) "frame-ancestors" directive containing origins with paths allows for... |
| CVE-2017-7791 | MEDIUM | 5.3 | 1 | 2018-06-11 | On pages containing an iframe, the "data:" protocol can be used to create a modal alert that will re... |
| CVE-2017-7789 | MEDIUM | 5.3 | 1 | 2018-06-11 | If a server sends two Strict-Transport-Security (STS) headers for a single connection, they will be ... |
| CVE-2017-7764 | MEDIUM | 5.3 | 1 | 2018-06-11 | Characters from the "Canadian Syllabics" unicode block can be mixed with characters from other unico... |
| CVE-2017-5462 | MEDIUM | 5.3 | 1 | 2018-06-11 | A flaw in DRBG number generation within the Network Security Services (NSS) library where the intern... |
| CVE-2017-5418 | MEDIUM | 5.3 | 1 | 2018-06-11 | An out of bounds read error occurs when parsing some HTTP digest authorization responses, resulting ... |
| CVE-2017-5417 | MEDIUM | 5.3 | 1 | 2018-06-11 | When dragging content from the primary browser pane to the addressbar on a malicious site, it is pos... |
| CVE-2017-5415 | MEDIUM | 5.3 | 1 | 2018-06-11 | An attack can use a blob URL and script to spoof an arbitrary addressbar URL prefaced by "blob:" as ... |
| CVE-2017-5408 | MEDIUM | 5.3 | 1 | 2018-06-11 | Video files loaded video captions cross-origin without checking for the presence of CORS headers per... |
| CVE-2017-5405 | MEDIUM | 5.3 | 1 | 2018-06-11 | Certain response codes in FTP connections can result in the use of uninitialized values for ports in... |
| CVE-2017-5383 | MEDIUM | 5.3 | 1 | 2018-06-11 | URLs containing certain unicode glyphs for alternative hyphens and quotes do not properly trigger pu... |
| CVE-2016-9071 | MEDIUM | 5.3 | 1 | 2018-06-11 | Content Security Policy combined with HTTP to HTTPS redirection can be used by malicious server to v... |
| CVE-2016-5267 | MEDIUM | 5.3 | 1 | 2016-08-05 | Mozilla Firefox before 48.0 on Android allows remote attackers to spoof the address bar via left-to-... |
| CVE-2016-1940 | MEDIUM | 5.3 | 1 | 2016-01-31 | Mozilla Firefox before 44.0 on Android allows remote attackers to spoof the address bar via a data: ... |
| CVE-2016-1939 | MEDIUM | 5.3 | 1 | 2016-01-31 | Mozilla Firefox before 44.0 stores cookies with names containing vertical tab characters, which allo... |
| CVE-2025-12084 | MEDIUM | 5.3 | 1 | 2025-12-03 | When building nested elements using xml.dom.minidom methods such as appendChild() that have a depend... |
| CVE-2023-22081 | MEDIUM | 5.3 | 1 | 2023-10-17 | Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition produ... |
| CVE-2023-22067 | MEDIUM | 5.3 | 1 | 2023-10-17 | Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (co... |
| CVE-2023-21939 | MEDIUM | 5.3 | 1 | 2023-04-18 | Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (co... |
| CVE-2023-21830 | MEDIUM | 5.3 | 1 | 2023-01-18 | Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (co... |
| CVE-2022-21628 | MEDIUM | 5.3 | 1 | 2022-10-18 | Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (co... |
| CVE-2022-21626 | MEDIUM | 5.3 | 1 | 2022-10-18 | Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (co... |
| CVE-2022-21540 | MEDIUM | 5.3 | 1 | 2022-07-19 | Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (co... |
| CVE-2020-8927 | MEDIUM | 5.3 | 1 | 2020-09-15 | A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling... |
| CVE-2025-50182 | MEDIUM | 5.3 | 1 | 2025-06-19 | urllib3 is a user-friendly HTTP client library for Python. Starting in version 2.2.0 and prior to 2.... |
| CVE-2025-50181 | MEDIUM | 5.3 | 1 | 2025-06-19 | urllib3 is a user-friendly HTTP client library for Python. Prior to 2.5.0, it is possible to disable... |
| CVE-2025-58436 | MEDIUM | 5.1 | 1 | 2025-11-29 | OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems.... |
| CVE-2025-4089 | MEDIUM | 5.1 | 1 | 2025-04-29 | Due to insufficient escaping of special characters in the "copy as cURL" feature, an attacker could ... |
| CVE-2025-0243 | MEDIUM | 5.1 | 1 | 2025-01-07 | Memory safety bugs present in Firefox 133, Thunderbird 133, Firefox ESR 128.5, and Thunderbird 128.5... |
| CVE-2015-4507 | MEDIUM | 5.1 | 1 | 2015-09-24 | The SavedStacks class in the JavaScript implementation in Mozilla Firefox before 41.0, when the Debu... |
| CVE-2010-0179 | MEDIUM | 5.1 | 1 | 2010-04-05 | Mozilla Firefox before 3.0.19 and 3.5.x before 3.5.8, and SeaMonkey before 2.0.3, when the XMLHttpRe... |
| CVE-2008-5015 | MEDIUM | 5.1 | 1 | 2008-11-13 | Mozilla Firefox 3.x before 3.0.4 assigns chrome privileges to a file: URI when it is accessed in the... |
| CVE-2006-2784 | MEDIUM | 5.1 | 1 | 2006-06-02 | The PLUGINSPAGE functionality in Mozilla Firefox before 1.5.0.4 allows remote user-assisted attacker... |
| CVE-2005-1476 | MEDIUM | 5.1 | 1 | 2005-05-09 | Firefox 1.0.3 allows remote attackers to execute arbitrary Javascript in other domains by using an I... |
| CVE-2005-1160 | MEDIUM | 5.1 | 1 | 2005-05-02 | The privileged "chrome" UI code in Firefox before 1.0.3 and Mozilla Suite before 1.7.7 allows remote... |
| CVE-2005-0527 | MEDIUM | 5.1 | 1 | 2005-05-02 | Firefox 1.0 allows remote attackers to execute arbitrary code via plugins that load "privileged cont... |
| CVE-2005-0401 | MEDIUM | 5.1 | 1 | 2005-05-02 | FireFox 1.0.1 and Mozilla before 1.7.6 do not sufficiently address all attack vectors for loading ch... |
| CVE-2005-0399 | MEDIUM | 5.1 | 1 | 2005-05-02 | Heap-based buffer overflow in GIF2.cpp in Firefox before 1.0.2, Mozilla before to 1.7.6, and Thunder... |
| CVE-2005-0230 | MEDIUM | 5.1 | 1 | 2005-05-02 | Firefox 1.0 does not prevent the user from dragging an executable file to the desktop when it has an... |
| CVE-2023-22041 | MEDIUM | 5.1 | 1 | 2023-07-18 | Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK produ... |
| CVE-2025-0840 | MEDIUM | 5.0 | 3 | 2025-01-29 | A vulnerability, which was classified as problematic, was found in GNU Binutils up to 2.43. This aff... |
| CVE-2014-9636 | MEDIUM | 5.0 | 2 | 2015-02-06 | unzip 6.0 allows remote attackers to cause a denial of service (out-of-bounds read or write and cras... |
| CVE-2022-3705 | MEDIUM | 5.0 | 1 | 2022-10-26 | A vulnerability was found in vim and classified as problematic. Affected by this issue is the functi... |
| CVE-2016-2810 | MEDIUM | 5.0 | 1 | 2016-04-30 | Mozilla Firefox before 46.0 on Android before 5.0 allows attackers to bypass intended Signature acce... |
| CVE-2015-7219 | MEDIUM | 5.0 | 1 | 2015-12-16 | The HTTP/2 implementation in Mozilla Firefox before 43.0 allows remote attackers to cause a denial o... |
| CVE-2015-7218 | MEDIUM | 5.0 | 1 | 2015-12-16 | The HTTP/2 implementation in Mozilla Firefox before 43.0 allows remote attackers to cause a denial o... |
| CVE-2015-7215 | MEDIUM | 5.0 | 1 | 2015-12-16 | The importScripts function in the Web Workers API implementation in Mozilla Firefox before 43.0 allo... |
| CVE-2015-7214 | MEDIUM | 5.0 | 1 | 2015-12-16 | Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.5 allow remote attackers to bypass the Sa... |
| CVE-2015-7211 | MEDIUM | 5.0 | 1 | 2015-12-16 | Mozilla Firefox before 43.0 mishandles the # (number sign) character in a data: URI, which allows re... |
| CVE-2015-7208 | MEDIUM | 5.0 | 1 | 2015-12-16 | Mozilla Firefox before 43.0 stores cookies containing vertical tab characters, which allows remote a... |
| CVE-2015-7207 | MEDIUM | 5.0 | 1 | 2015-12-16 | Mozilla Firefox before 43.0 does not properly restrict the availability of IFRAME Resource Timing AP... |
| CVE-2015-7197 | MEDIUM | 5.0 | 1 | 2015-11-05 | Mozilla Firefox before 42.0 and Firefox ESR 38.x before 38.4 improperly control the ability of a web... |
| CVE-2015-7195 | MEDIUM | 5.0 | 1 | 2015-11-05 | The URL parsing implementation in Mozilla Firefox before 42.0 improperly recognizes escaped characte... |
| CVE-2015-7190 | MEDIUM | 5.0 | 1 | 2015-11-05 | The Search feature in Mozilla Firefox before 42.0 on Android through 4.4 supports search-engine URL ... |
| CVE-2015-4503 | MEDIUM | 5.0 | 1 | 2015-09-24 | The TCP Socket API implementation in Mozilla Firefox before 41.0 mishandles array boundaries that we... |
| CVE-2015-4484 | MEDIUM | 5.0 | 1 | 2015-08-16 | The js::jit::AssemblerX86Shared::lock_addl function in the JavaScript implementation in Mozilla Fire... |
| CVE-2015-4478 | MEDIUM | 5.0 | 1 | 2015-08-16 | Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 do not impose certain ECMAScript 6 requ... |
| CVE-2015-2729 | MEDIUM | 5.0 | 1 | 2015-07-06 | The AudioParamTimeline::AudioNodeInputValue function in the Web Audio implementation in Mozilla Fire... |
| CVE-2015-0832 | MEDIUM | 5.0 | 1 | 2015-02-25 | Mozilla Firefox before 36.0 does not properly recognize the equivalence of domain names with and wit... |
| CVE-2015-0830 | MEDIUM | 5.0 | 1 | 2015-02-25 | The WebGL implementation in Mozilla Firefox before 36.0 does not properly allocate memory for copyin... |
| CVE-2015-0824 | MEDIUM | 5.0 | 1 | 2015-02-25 | The mozilla::layers::BufferTextureClient::AllocateForSurface function in Mozilla Firefox before 36.0... |
| CVE-2015-0816 | MEDIUM | 5.0 | 1 | 2015-04-01 | Mozilla Firefox before 37.0, Firefox ESR 31.x before 31.6, and Thunderbird before 31.6 do not proper... |
| CVE-2015-0808 | MEDIUM | 5.0 | 1 | 2015-04-01 | The webrtc::VPMContentAnalysis::Release function in the WebRTC implementation in Mozilla Firefox bef... |
| CVE-2015-0802 | MEDIUM | 5.0 | 1 | 2015-04-01 | Mozilla Firefox before 37.0 relies on docshell type information instead of page principal informatio... |
| CVE-2015-0800 | MEDIUM | 5.0 | 1 | 2015-04-01 | The PRNG implementation in the DNS resolver in Mozilla Firefox (aka Fennec) before 37.0 on Android d... |
| CVE-2015-0798 | MEDIUM | 5.0 | 1 | 2015-04-08 | The Reader mode feature in Mozilla Firefox before 37.0.1 on Android, and Desktop Firefox pre-release... |
| CVE-2014-8640 | MEDIUM | 5.0 | 1 | 2015-01-14 | The mozilla::dom::AudioParamTimeline::AudioNodeInputValue function in the Web Audio API implementati... |
| CVE-2014-8637 | MEDIUM | 5.0 | 1 | 2015-01-14 | Mozilla Firefox before 35.0 and SeaMonkey before 2.32 do not properly initialize memory for BMP imag... |
| CVE-2014-1586 | MEDIUM | 5.0 | 1 | 2014-10-15 | content/base/src/nsDocument.cpp in Mozilla Firefox before 33.0, Firefox ESR 31.x before 31.2, and Th... |
| CVE-2014-1585 | MEDIUM | 5.0 | 1 | 2014-10-15 | The WebRTC video-sharing feature in dom/media/MediaManager.cpp in Mozilla Firefox before 33.0, Firef... |
| CVE-2014-1583 | MEDIUM | 5.0 | 1 | 2014-10-15 | The Alarm API in Mozilla Firefox before 33.0 and Firefox ESR 31.x before 31.2 does not properly rest... |
| CVE-2014-1580 | MEDIUM | 5.0 | 1 | 2014-10-15 | Mozilla Firefox before 33.0 does not properly initialize memory for GIF images, which allows remote ... |
| CVE-2014-1565 | MEDIUM | 5.0 | 1 | 2014-09-03 | The mozilla::dom::AudioEventTimeline function in the Web Audio API implementation in Mozilla Firefox... |
| CVE-2014-1527 | MEDIUM | 5.0 | 1 | 2014-04-30 | Mozilla Firefox before 29.0 on Android allows remote attackers to spoof the address bar via crafted ... |
| CVE-2014-1516 | MEDIUM | 5.0 | 1 | 2014-03-29 | The saltProfileName function in base/GeckoProfileDirectories.java in Mozilla Firefox through 28.0.1 ... |
| CVE-2014-1500 | MEDIUM | 5.0 | 1 | 2014-03-19 | Mozilla Firefox before 28.0 and SeaMonkey before 2.25 allow remote attackers to cause a denial of se... |
| CVE-2014-1498 | MEDIUM | 5.0 | 1 | 2014-03-19 | The crypto.generateCRMFRequest method in Mozilla Firefox before 28.0 and SeaMonkey before 2.25 does ... |
| CVE-2014-1484 | MEDIUM | 5.0 | 1 | 2014-02-06 | Mozilla Firefox before 27.0 on Android 4.2 and earlier creates system-log entries containing profile... |
| CVE-2014-1483 | MEDIUM | 5.0 | 1 | 2014-02-06 | Mozilla Firefox before 27.0 and SeaMonkey before 2.24 allow remote attackers to bypass the Same Orig... |
| CVE-2013-6629 | MEDIUM | 5.0 | 1 | 2013-11-19 | The get_sos function in jdmarker.c in (1) libjpeg 6b and (2) libjpeg-turbo through 1.3.0, as used in... |
| CVE-2013-1737 | MEDIUM | 5.0 | 1 | 2013-09-18 | Mozilla Firefox before 24.0, Firefox ESR 17.x before 17.0.9, Thunderbird before 24.0, Thunderbird ES... |
| CVE-2013-1699 | MEDIUM | 5.0 | 1 | 2013-06-26 | The Internationalized Domain Name (IDN) display algorithm in Mozilla Firefox before 22.0 does not pr... |
| CVE-2013-1695 | MEDIUM | 5.0 | 1 | 2013-06-26 | Mozilla Firefox before 22.0 does not properly implement certain DocShell inheritance behavior for th... |
| CVE-2013-0791 | MEDIUM | 5.0 | 1 | 2013-04-03 | The CERT_DecodeCertPackage function in Mozilla Network Security Services (NSS), as used in Mozilla F... |
| CVE-2013-0759 | MEDIUM | 5.0 | 1 | 2013-01-13 | Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.2, Thunderbird bef... |
| CVE-2012-3972 | MEDIUM | 5.0 | 1 | 2012-08-29 | The format-number functionality in the XSLT implementation in Mozilla Firefox before 15.0, Firefox E... |
| CVE-2012-0456 | MEDIUM | 5.0 | 1 | 2012-03-14 | The SVG Filters implementation in Mozilla Firefox before 3.6.28 and 4.x through 10.0, Firefox ESR 10... |
| CVE-2011-4688 | MEDIUM | 5.0 | 1 | 2011-12-07 | Mozilla Firefox 8.0.1 and earlier does not prevent capture of data about the times of Same Origin Po... |
| CVE-2011-2377 | MEDIUM | 5.0 | 1 | 2011-06-30 | Mozilla Firefox before 3.6.18 and 4.x through 4.0.1, Thunderbird before 3.1.11, and SeaMonkey throug... |
| CVE-2011-2370 | MEDIUM | 5.0 | 1 | 2011-06-30 | Mozilla Firefox before 5.0 does not properly enforce the whitelist for the xpinstall functionality, ... |
| CVE-2011-2362 | MEDIUM | 5.0 | 1 | 2011-06-30 | Mozilla Firefox before 3.6.18, Thunderbird before 3.1.11, and SeaMonkey through 2.0.14 do not distin... |
| CVE-2011-1187 | MEDIUM | 5.0 | 1 | 2011-03-11 | Google Chrome before 10.0.648.127 allows remote attackers to bypass the Same Origin Policy via unspe... |
| CVE-2011-0067 | MEDIUM | 5.0 | 1 | 2011-05-07 | Mozilla Firefox before 3.5.19 and 3.6.x before 3.6.17, and SeaMonkey before 2.0.14, does not properl... |
| CVE-2010-1990 | MEDIUM | 5.0 | 1 | 2010-05-20 | Mozilla Firefox 3.6.x, 3.5.x, 3.0.19, and earlier, and SeaMonkey, executes a mail application in sit... |
| CVE-2010-0220 | MEDIUM | 5.0 | 1 | 2010-01-07 | The nsObserverList::FillObserverArray function in xpcom/ds/nsObserverList.cpp in Mozilla Firefox bef... |
| CVE-2009-3988 | MEDIUM | 5.0 | 1 | 2010-02-22 | Mozilla Firefox 3.0.x before 3.0.18 and 3.5.x before 3.5.8, and SeaMonkey before 2.0.3, does not pro... |
| CVE-2009-0357 | MEDIUM | 5.0 | 1 | 2009-02-04 | Mozilla Firefox before 3.0.6 and SeaMonkey before 1.1.15 do not properly restrict access from web pa... |
| CVE-2008-7244 | MEDIUM | 5.0 | 1 | 2009-09-18 | Mozilla Firefox 3.0.1 and earlier allows remote attackers to cause a denial of service (browser hang... |
| CVE-2008-5505 | MEDIUM | 5.0 | 1 | 2008-12-17 | Mozilla Firefox 3.x before 3.0.5 allows remote attackers to bypass intended privacy restrictions by ... |
| CVE-2008-5016 | MEDIUM | 5.0 | 1 | 2008-11-13 | The layout engine in Mozilla Firefox 3.x before 3.0.4, Thunderbird 2.x before 2.0.0.18, and SeaMonke... |
| CVE-2008-2807 | MEDIUM | 5.0 | 1 | 2008-07-07 | Mozilla Firefox before 2.0.0.15 and SeaMonkey before 1.1.10 do not properly handle an invalid .prope... |
| CVE-2008-2805 | MEDIUM | 5.0 | 1 | 2008-07-07 | Mozilla Firefox before 2.0.0.15 and SeaMonkey before 1.1.10 allow remote attackers to force the uplo... |
| CVE-2008-1240 | MEDIUM | 5.0 | 1 | 2008-03-28 | LiveConnect in Mozilla Firefox before 2.0.0.13 and SeaMonkey before 1.1.9 does not properly parse th... |
| CVE-2008-1238 | MEDIUM | 5.0 | 1 | 2008-03-27 | Mozilla Firefox before 2.0.0.13 and SeaMonkey before 1.1.9, when generating the HTTP Referer header,... |
| CVE-2008-0594 | MEDIUM | 5.0 | 1 | 2008-02-09 | Mozilla Firefox before 2.0.0.12 does not always display a web forgery warning dialog if the entire c... |
| CVE-2008-0367 | MEDIUM | 5.0 | 1 | 2008-01-19 | Mozilla Firefox 2.0.0.11, 3.0b2, and possibly earlier versions, when prompting for HTTP Basic Authen... |
| CVE-2007-4879 | MEDIUM | 5.0 | 1 | 2007-09-13 | Mozilla Firefox before Firefox 2.0.0.13, and SeaMonkey before 1.1.9, can automatically install TLS c... |
| CVE-2007-4357 | MEDIUM | 5.0 | 1 | 2007-08-15 | Mozilla Firefox 2.0.0.6 and earlier allows remote attackers to spoof the contents of the status bar ... |
| CVE-2006-6077 | MEDIUM | 5.0 | 1 | 2006-11-24 | The (1) Password Manager in Mozilla Firefox 2.0, and 1.5.0.8 and earlier; and the (2) Passcard Manag... |
| CVE-2006-4566 | MEDIUM | 5.0 | 1 | 2006-09-15 | Mozilla Firefox before 1.5.0.7, Thunderbird before 1.5.0.7, and SeaMonkey before 1.0.5 allows remote... |
| CVE-2006-2778 | MEDIUM | 5.0 | 1 | 2006-06-02 | The crypto.signText function in Mozilla Firefox and Thunderbird before 1.5.0.4 allows remote attacke... |
| CVE-2006-1742 | MEDIUM | 5.0 | 1 | 2006-04-14 | The JavaScript engine in Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozi... |
| CVE-2006-1738 | MEDIUM | 5.0 | 1 | 2006-04-14 | Unspecified vulnerability in Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, ... |
| CVE-2006-0296 | MEDIUM | 5.0 | 1 | 2006-02-02 | The XULDocument.persist function in Mozilla, Firefox before 1.5.0.1, and SeaMonkey before 1.0 does n... |
| CVE-2005-2707 | MEDIUM | 5.0 | 1 | 2005-09-23 | Firefox before 1.0.7 and Mozilla Suite before 1.7.12 allows remote attackers to spawn windows withou... |
| CVE-2005-2704 | MEDIUM | 5.0 | 1 | 2005-09-23 | Firefox before 1.0.7 and Mozilla Suite before 1.7.12 allows remote attackers to spoof DOM objects vi... |
| CVE-2005-2703 | MEDIUM | 5.0 | 1 | 2005-09-23 | Firefox before 1.0.7 and Mozilla Suite before 1.7.12 allows remote attackers to modify HTTP headers ... |
| CVE-2005-2266 | MEDIUM | 5.0 | 1 | 2005-07-13 | Firefox before 1.0.5 and Mozilla before 1.7.9 allows a child frame to call top.focus and other metho... |
| CVE-2005-2265 | MEDIUM | 5.0 | 1 | 2005-07-13 | Firefox before 1.0.5, Mozilla before 1.7.9, and Netscape 8.0.2 and 7.2 allows remote attackers to ca... |
| CVE-2005-2263 | MEDIUM | 5.0 | 1 | 2005-07-13 | The InstallTrigger.install method in Firefox before 1.0.5 and Mozilla before 1.7.9 allows remote att... |
| CVE-2005-1575 | MEDIUM | 5.0 | 1 | 2005-05-14 | The file download dialog in Mozilla Firefox 0.10.1 and 1.0 for Windows allows remote attackers to hi... |
| CVE-2005-1158 | MEDIUM | 5.0 | 1 | 2005-05-02 | Multiple "missing security checks" in Firefox before 1.0.3 allow remote attackers to inject arbitrar... |
| CVE-2005-0590 | MEDIUM | 5.0 | 1 | 2005-05-02 | The installation confirmation dialog in Firefox before 1.0.1, Thunderbird before 1.0.1, and Mozilla ... |
| CVE-2005-0589 | MEDIUM | 5.0 | 1 | 2005-05-02 | The Form Fill feature in Firefox before 1.0.1 allows remote attackers to steal potentially sensitive... |
| CVE-2005-0588 | MEDIUM | 5.0 | 1 | 2005-05-02 | Firefox before 1.0.1 and Mozilla before 1.7.6 does not restrict xsl:include and xsl:import tags in X... |
| CVE-2005-0255 | MEDIUM | 5.0 | 1 | 2005-05-02 | String handling functions in Mozilla 1.7.3, Firefox 1.0, and Thunderbird before 1.0.2, such as the n... |
| CVE-2005-0150 | MEDIUM | 5.0 | 1 | 2005-05-26 | Firefox before 1.0 allows the user to store a (1) javascript: or (2) data: URLs as a Livefeed bookma... |
| CVE-2023-7207 | MEDIUM | 4.9 | 1 | 2024-02-29 | Debian's cpio contains a path traversal vulnerability. This issue was introduced by reverting CVE-20... |
| CVE-2022-4203 | MEDIUM | 4.9 | 1 | 2023-02-24 | A read buffer overrun can be triggered in X.509 certificate verification, specifically in name const... |
| CVE-2025-5025 | MEDIUM | 4.8 | 2 | 2025-05-28 | libcurl supports *pinning* of the server certificate public key for HTTPS transfers. Due to an omiss... |
| CVE-2025-5265 | MEDIUM | 4.8 | 1 | 2025-05-27 | Due to insufficient escaping of the ampersand character in the “Copy as cURL” feature, an attacker c... |
| CVE-2025-5264 | MEDIUM | 4.8 | 1 | 2025-05-27 | Due to insufficient escaping of the newline character in the “Copy as cURL” feature, an attacker cou... |
| CVE-2025-4087 | MEDIUM | 4.8 | 1 | 2025-04-29 | A vulnerability was identified in Thunderbird where XPath parsing could trigger undefined behavior d... |
| CVE-2025-55248 | MEDIUM | 4.8 | 2 | 2025-10-14 | Inadequate encryption strength in .NET, .NET Framework, Visual Studio allows an authorized attacker ... |
| CVE-2025-30754 | MEDIUM | 4.8 | 1 | 2025-07-15 | Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition produ... |
| CVE-2025-21502 | MEDIUM | 4.8 | 1 | 2025-01-21 | Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition produ... |
| CVE-2024-21235 | MEDIUM | 4.8 | 1 | 2024-10-15 | Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition produ... |
| CVE-2024-21145 | MEDIUM | 4.8 | 1 | 2024-07-16 | Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition produ... |
| CVE-2024-21140 | MEDIUM | 4.8 | 1 | 2024-07-16 | Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition produ... |
| CVE-2025-5054 | MEDIUM | 4.7 | 3 | 2025-05-30 | Race condition in Canonical apport up to and including 2.32.0 allows a local attacker to leak sensit... |
| CVE-2025-4598 | MEDIUM | 4.7 | 3 | 2025-05-30 | A vulnerability was found in systemd-coredump. This flaw allows an attacker to force a SUID process ... |
| CVE-2024-50349 | MEDIUM | 4.7 | 3 | 2025-01-14 | Git is a fast, scalable, distributed revision control system with an unusually rich command set that... |
| CVE-2024-6601 | MEDIUM | 4.7 | 1 | 2024-07-09 | A race condition could lead to a cross-origin container obtaining permissions of the top-level origi... |
| CVE-2024-5691 | MEDIUM | 4.7 | 1 | 2024-06-11 | By tricking the browser with a `X-Frame-Options` header, a sandboxed iframe could have presented a b... |
| CVE-2024-26281 | MEDIUM | 4.7 | 1 | 2024-02-22 | Upon scanning a JavaScript URI with the QR code scanner, an attacker could have executed unauthorize... |
| CVE-2020-12401 | MEDIUM | 4.7 | 1 | 2020-10-08 | During ECDSA signature generation, padding applied in the nonce designed to ensure constant-time sca... |
| CVE-2020-12400 | MEDIUM | 4.7 | 1 | 2020-10-08 | When converting coordinates from projective to affine, the modular inversion was not performed in co... |
| CVE-2019-11728 | MEDIUM | 4.7 | 1 | 2019-07-23 | The HTTP Alternative Services header, Alt-Svc, can be used by a malicious site to scan all TCP ports... |
| CVE-2016-5253 | MEDIUM | 4.7 | 1 | 2016-08-05 | The Updater in Mozilla Firefox before 48.0 on Windows allows local users to write to arbitrary files... |
| CVE-2025-31257 | MEDIUM | 4.7 | 1 | 2025-05-12 | This issue was addressed with improved memory handling. This issue is fixed in watchOS 11.5, tvOS 18... |
| CVE-2024-30052 | MEDIUM | 4.7 | 1 | 2024-06-11 | Visual Studio Remote Code Execution Vulnerability |
| CVE-2024-20945 | MEDIUM | 4.7 | 1 | 2024-02-17 | Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition produ... |
| CVE-2015-4482 | MEDIUM | 4.6 | 1 | 2015-08-16 | mar_read.c in the Updater in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 allows loc... |
| CVE-2024-43374 | MEDIUM | 4.5 | 3 | 2024-08-16 | The UNIX editor Vim prior to version 9.1.0678 has a use-after-free error in argument list handling. ... |
| CVE-2024-41957 | MEDIUM | 4.5 | 3 | 2024-08-01 | Vim is an open source command line text editor. Vim < v9.1.0647 has double free in src/alloc.c:616. ... |
| CVE-2025-46646 | MEDIUM | 4.5 | 1 | 2025-04-26 | In Artifex Ghostscript before 10.05.0, decode_utf8 in base/gp_utf8.c mishandles overlong UTF-8 encod... |
| CVE-2025-29768 | MEDIUM | 4.4 | 3 | 2025-03-13 | Vim, a text editor, is vulnerable to potential data loss with zip.vim and special crafted zip files ... |
| CVE-2023-4156 | MEDIUM | 4.4 | 1 | 2023-09-25 | A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a ... |
| CVE-2024-35235 | MEDIUM | 4.4 | 1 | 2024-06-11 | OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems.... |
| CVE-2020-12402 | MEDIUM | 4.4 | 1 | 2020-07-09 | During RSA key generation, bignum implementations used a variation of the Binary Extended Euclidean ... |
| CVE-2020-12399 | MEDIUM | 4.4 | 1 | 2020-07-09 | NSS has shown timing differences when performing DSA signatures, which was exploitable and could eve... |
| CVE-2015-2720 | MEDIUM | 4.4 | 1 | 2015-05-14 | The update implementation in Mozilla Firefox before 38.0 on Windows does not ensure that the pathnam... |
| CVE-2025-54132 | MEDIUM | 4.4 | 1 | 2025-08-01 | Cursor is a code editor built for programming with AI. In versions below 1.3, Mermaid (which is used... |
| CVE-2024-23337 | MEDIUM | 4.3 | 2 | 2025-05-21 | jq is a command-line JSON processor. In versions up to and including 1.7.1, an integer overflow aris... |
| CVE-2019-1003010 | MEDIUM | 4.3 | 3 | 2019-02-06 | A cross-site request forgery vulnerability exists in Jenkins Git Plugin 3.9.1 and earlier in src/mai... |
| CVE-2015-7697 | MEDIUM | 4.3 | 2 | 2015-11-06 | Info-ZIP UnZip 6.0 allows remote attackers to cause a denial of service (infinite loop) via empty bz... |
| CVE-2022-32205 | MEDIUM | 4.3 | 1 | 2022-07-07 | A malicious server can serve excessive amounts of `Set-Cookie:` headers in a HTTP response to curl a... |
| CVE-2025-6434 | MEDIUM | 4.3 | 1 | 2025-06-24 | The exception page for the HTTPS-Only feature, displayed when a website is opened via HTTP, lacked a... |
| CVE-2025-6425 | MEDIUM | 4.3 | 1 | 2025-06-24 | An attacker who enumerated resources from the WebCompat extension could have obtained a persistent U... |
| CVE-2025-59800 | MEDIUM | 4.3 | 1 | 2025-09-22 | In Artifex Ghostscript through 10.05.1, ocr_begin_page in devices/gdevpdfocr.c has an integer overfl... |
| CVE-2025-59799 | MEDIUM | 4.3 | 1 | 2025-09-22 | Artifex Ghostscript through 10.05.1 has a stack-based buffer overflow in pdfmark_coerce_dest in devi... |
| CVE-2025-59798 | MEDIUM | 4.3 | 1 | 2025-09-22 | Artifex Ghostscript through 10.05.1 has a stack-based buffer overflow in pdf_write_cmap in devices/v... |
| CVE-2025-5266 | MEDIUM | 4.3 | 1 | 2025-05-27 | Script elements loading cross-origin resources generated load and error events which leaked informat... |
| CVE-2025-5263 | MEDIUM | 4.3 | 1 | 2025-05-27 | Error handling for script execution was incorrectly isolated from web content, which could have allo... |
| CVE-2025-5020 | MEDIUM | 4.3 | 1 | 2025-05-21 | Opening maliciously-crafted URLs in Firefox from other apps such as Safari could have allowed attack... |
| CVE-2025-23108 | MEDIUM | 4.3 | 1 | 2025-01-11 | Opening Javascript links in a new tab via long-press in the Firefox iOS client could result in a mal... |
| CVE-2025-1935 | MEDIUM | 4.3 | 1 | 2025-03-04 | A web page could trick a user into setting that site as the default handler for a custom URL protoco... |
| CVE-2025-1019 | MEDIUM | 4.3 | 1 | 2025-02-04 | The z-order of the browser windows could be manipulated to hide the fullscreen notification. This co... |
| CVE-2024-6614 | MEDIUM | 4.3 | 1 | 2024-07-09 | The frame iterator could get stuck in a loop when encountering certain wasm frames leading to incorr... |
| CVE-2024-6610 | MEDIUM | 4.3 | 1 | 2024-07-09 | Form validation popups could capture escape key presses. Therefore, spamming form validation message... |
| CVE-2024-6608 | MEDIUM | 4.3 | 1 | 2024-07-09 | It was possible to move the cursor using pointerlock from an iframe. This allowed moving the cursor ... |
| CVE-2024-5697 | MEDIUM | 4.3 | 1 | 2024-06-11 | A website was able to detect when a user took a screenshot of a page using the built-in Screenshot f... |
| CVE-2024-5690 | MEDIUM | 4.3 | 1 | 2024-06-11 | By monitoring the time certain operations take, an attacker could have guessed which external protoc... |
| CVE-2024-5689 | MEDIUM | 4.3 | 1 | 2024-06-11 | In addition to detecting when a user was taking a screenshot (XXX), a website was able to overlay th... |
| CVE-2024-4767 | MEDIUM | 4.3 | 1 | 2024-05-14 | If the `browser.privatebrowsing.autostart` preference is enabled, IndexedDB files were not properly ... |
| CVE-2024-38313 | MEDIUM | 4.3 | 1 | 2024-06-13 | In certain scenarios a malicious website could attempt to display a fake location URL bar which coul... |
| CVE-2024-1548 | MEDIUM | 4.3 | 1 | 2024-02-20 | A website could have obscured the fullscreen notification by using a dropdown select input element. ... |
| CVE-2024-11701 | MEDIUM | 4.3 | 1 | 2024-11-26 | The incorrect domain may have been displayed in the address bar during an interrupted navigation att... |
| CVE-2024-11692 | MEDIUM | 4.3 | 1 | 2024-11-26 | An attacker could cause a select dropdown to be shown over another tab; this could have led to user ... |
| CVE-2024-0749 | MEDIUM | 4.3 | 1 | 2024-01-23 | A phishing site could have repurposed an `about:` dialog to show phishing content with an incorrect ... |
| CVE-2024-0748 | MEDIUM | 4.3 | 1 | 2024-01-23 | A compromised content process could have updated the document URI. This could have allowed an attack... |
| CVE-2024-0742 | MEDIUM | 4.3 | 1 | 2024-01-23 | It was possible for certain browser prompts and dialogs to be activated or dismissed unintentionally... |
| CVE-2023-6871 | MEDIUM | 4.3 | 1 | 2023-12-19 | Under certain conditions, Firefox did not display a warning when a user attempted to navigate to a n... |
| CVE-2023-6135 | MEDIUM | 4.3 | 1 | 2023-12-19 | Multiple NSS NIST curves were susceptible to a side-channel attack known as "Minerva". This attack c... |
| CVE-2023-5729 | MEDIUM | 4.3 | 1 | 2023-10-25 | A malicious web site can enter fullscreen mode while simultaneously triggering a WebAuthn prompt. Th... |
| CVE-2023-5725 | MEDIUM | 4.3 | 1 | 2023-10-25 | A malicious installed WebExtension could open arbitrary URLs, which under the right circumstance cou... |
| CVE-2023-5721 | MEDIUM | 4.3 | 1 | 2023-10-25 | It was possible for certain browser prompts and dialogs to be activated or dismissed unintentionally... |
| CVE-2023-4581 | MEDIUM | 4.3 | 1 | 2023-09-11 | Excel `.xll` add-in files did not have a blocklist entry in Firefox's executable blocklist which all... |
| CVE-2023-32212 | MEDIUM | 4.3 | 1 | 2023-06-02 | An attacker could have positioned a `datalist` element to obscure the address bar. This vulnerabilit... |
| CVE-2023-32205 | MEDIUM | 4.3 | 1 | 2023-06-02 | In multiple cases browser prompts could have been obscured by popups controlled by content. These co... |
| CVE-2023-29538 | MEDIUM | 4.3 | 1 | 2023-06-02 | Under specific circumstances a WebExtension may have received a <code>jar:file:///</code> URI instea... |
| CVE-2023-29533 | MEDIUM | 4.3 | 1 | 2023-06-02 | A website could have obscured the fullscreen notification by using a combination of <code>window.ope... |
| CVE-2023-28159 | MEDIUM | 4.3 | 1 | 2023-06-02 | The fullscreen notification could have been hidden on Firefox for Android by using download popups, ... |
| CVE-2023-25750 | MEDIUM | 4.3 | 1 | 2023-06-02 | Under certain circumstances, a ServiceWorker's offline cache may have leaked to the file system when... |
| CVE-2023-25749 | MEDIUM | 4.3 | 1 | 2023-06-02 | Android applications with unpatched vulnerabilities can be launched from a browser using Intents, ex... |
| CVE-2023-25748 | MEDIUM | 4.3 | 1 | 2023-06-02 | By displaying a prompt with a long description, the fullscreen notification could have been hidden, ... |
| CVE-2022-46877 | MEDIUM | 4.3 | 1 | 2022-12-22 | By confusing the browser, the fullscreen notification could have been delayed or suppressed, resulti... |
| CVE-2022-4603 | MEDIUM | 4.3 | 1 | 2022-12-18 | A vulnerability classified as problematic has been found in ppp. Affected is the function dumpppp of... |
| CVE-2022-45417 | MEDIUM | 4.3 | 1 | 2022-12-22 | Service Workers did not detect Private Browsing Mode correctly in all cases, which could have led to... |
| CVE-2022-38474 | MEDIUM | 4.3 | 1 | 2022-12-22 | A website that had permission to access the microphone could record audio without the audio notifica... |
| CVE-2022-36315 | MEDIUM | 4.3 | 1 | 2022-12-22 | When loading a script with Subresource Integrity, attackers with an injection capability could trigg... |
| CVE-2022-34472 | MEDIUM | 4.3 | 1 | 2022-12-22 | If there was a PAC URL set and the server that hosts the PAC was not reachable, OCSP requests would ... |
| CVE-2022-31745 | MEDIUM | 4.3 | 1 | 2022-12-22 | If array shift operations are not used, the Garbage Collector may have become confused about valid o... |
| CVE-2022-29915 | MEDIUM | 4.3 | 1 | 2022-12-22 | The Performance API did not properly hide the fact whether a request cross-origin resource has obser... |
| CVE-2022-26383 | MEDIUM | 4.3 | 1 | 2022-12-22 | When resizing a popup after requesting fullscreen access, the popup would not display the fullscreen... |
| CVE-2022-26382 | MEDIUM | 4.3 | 1 | 2022-12-22 | While the text displayed in Autofill tooltips cannot be directly read by JavaScript, the text was re... |
| CVE-2022-22749 | MEDIUM | 4.3 | 1 | 2022-12-22 | When scanning QR codes, Firefox for Android would have allowed navigation to some URLs that do not p... |
| CVE-2022-22743 | MEDIUM | 4.3 | 1 | 2022-12-22 | When navigating from inside an iframe while requesting fullscreen access, an attacker-controlled tab... |
| CVE-2021-43546 | MEDIUM | 4.3 | 1 | 2021-12-08 | It was possible to recreate previous cursor spoofing attacks against users with a zoomed native curs... |
| CVE-2021-43538 | MEDIUM | 4.3 | 1 | 2021-12-08 | By misusing a race in our notification code, an attacker could have forcefully hidden the notificati... |
| CVE-2021-43533 | MEDIUM | 4.3 | 1 | 2021-12-08 | When parsing internationalized domain names, high bits of the characters in the URLs were sometimes ... |
| CVE-2021-43531 | MEDIUM | 4.3 | 1 | 2021-12-08 | When a user loaded a Web Extensions context menu, the Web Extension could access the post-redirect U... |
| CVE-2021-38509 | MEDIUM | 4.3 | 1 | 2021-12-08 | Due to an unusual sequence of attacker-controlled events, a Javascript alert() dialog with arbitrary... |
| CVE-2021-38508 | MEDIUM | 4.3 | 1 | 2021-12-08 | By displaying a form validity message in the correct location at the same time as a permission promp... |
| CVE-2021-38506 | MEDIUM | 4.3 | 1 | 2021-12-08 | Through a series of navigations, Firefox could have entered fullscreen mode without notification or ... |
| CVE-2021-29974 | MEDIUM | 4.3 | 1 | 2021-08-05 | When network partitioning was enabled, e.g. as a result of Enhanced Tracking Protection settings, a ... |
| CVE-2021-29963 | MEDIUM | 4.3 | 1 | 2021-06-24 | Address bar search suggestions in private browsing mode were re-using session data from normal mode.... |
| CVE-2021-29962 | MEDIUM | 4.3 | 1 | 2021-06-24 | Firefox for Android would become unstable and hard-to-recover when a website opened too many popups.... |
| CVE-2021-29958 | MEDIUM | 4.3 | 1 | 2021-06-24 | When a download was initiated, the client did not check whether it was in normal or private browsing... |
| CVE-2021-24001 | MEDIUM | 4.3 | 1 | 2021-06-24 | A compromised content process could have performed session history manipulations it should not have ... |
| CVE-2021-23969 | MEDIUM | 4.3 | 1 | 2021-02-26 | As specified in the W3C Content Security Policy draft, when creating a violation report, "User agent... |
| CVE-2021-23968 | MEDIUM | 4.3 | 1 | 2021-02-26 | If Content Security Policy blocked frame navigation, the full destination of a redirect served in th... |
| CVE-2021-23963 | MEDIUM | 4.3 | 1 | 2021-02-26 | When sharing geolocation during an active WebRTC share, Firefox could have reset the webRTC sharing ... |
| CVE-2021-23953 | MEDIUM | 4.3 | 1 | 2021-02-26 | If a user clicked into a specifically crafted PDF, the PDF reader could be confused into leaking cro... |
| CVE-2020-6810 | MEDIUM | 4.3 | 1 | 2020-03-25 | After a website had entered fullscreen mode, it could have used a previously opened popup to obscure... |
| CVE-2020-35111 | MEDIUM | 4.3 | 1 | 2021-01-07 | When an extension with the proxy permission registered to receive <all_urls>, the proxy.onRequest ca... |
| CVE-2020-26963 | MEDIUM | 4.3 | 1 | 2020-12-09 | Repeated calls to the history and location interfaces could have been used to hang the browser. This... |
| CVE-2020-26954 | MEDIUM | 4.3 | 1 | 2020-12-09 | When accepting a malicious intent from other installed apps, Firefox for Android accepted manifests ... |
| CVE-2020-26953 | MEDIUM | 4.3 | 1 | 2020-12-09 | It was possible to cause the browser to enter fullscreen mode without displaying the security UI; th... |
| CVE-2020-16012 | MEDIUM | 4.3 | 1 | 2021-01-08 | Side-channel information leakage in graphics in Google Chrome prior to 87.0.4280.66 allowed a remote... |
| CVE-2020-15668 | MEDIUM | 4.3 | 1 | 2020-10-01 | A lock was missing when accessing a data structure and importing certificate information into the tr... |
| CVE-2020-15665 | MEDIUM | 4.3 | 1 | 2020-10-01 | Firefox did not reset the address bar after the beforeunload dialog was shown if the user chose to r... |
| CVE-2020-12412 | MEDIUM | 4.3 | 1 | 2020-07-09 | By navigating a tab using the history API, an attacker could cause the address bar to display the in... |
| CVE-2020-12404 | MEDIUM | 4.3 | 1 | 2020-07-09 | For native-to-JS bridging the app requires a unique token to be passed that ensures non-app code can... |
| CVE-2019-9807 | MEDIUM | 4.3 | 1 | 2019-04-26 | When arbitrary text is sent over an FTP connection and a page reload is initiated, it is possible to... |
| CVE-2019-17002 | MEDIUM | 4.3 | 1 | 2020-01-08 | If upgrade-insecure-requests was specified in the Content Security Policy, and a link was dragged an... |
| CVE-2019-11754 | MEDIUM | 4.3 | 1 | 2019-09-27 | When the pointer lock is enabled by a website though requestPointerLock(), no user notification is g... |
| CVE-2019-11749 | MEDIUM | 4.3 | 1 | 2019-09-27 | A vulnerability exists in WebRTC where malicious web content can use probing techniques on the getUs... |
| CVE-2019-11695 | MEDIUM | 4.3 | 1 | 2019-07-23 | A custom cursor defined by scripting on a site can position itself over the addressbar to spoof the ... |
| CVE-2018-5172 | MEDIUM | 4.3 | 1 | 2018-06-11 | The Live Bookmarks page and the PDF viewer can run injected script content if a user pastes script f... |
| CVE-2018-5167 | MEDIUM | 4.3 | 1 | 2018-06-11 | The web console and JavaScript debugger do not sanitize all output that can be hyperlinked. Both wil... |
| CVE-2018-5108 | MEDIUM | 4.3 | 1 | 2018-06-11 | A Blob URL can violate origin attribute segregation, allowing it to be accessed from a private brows... |
| CVE-2018-12399 | MEDIUM | 4.3 | 1 | 2019-02-28 | When a new protocol handler is registered, the API accepts a title argument which can be used to mis... |
| CVE-2018-12367 | MEDIUM | 4.3 | 1 | 2018-10-18 | In the previous mitigations for Spectre, the resolution or precision of various methods was reduced ... |
| CVE-2018-12358 | MEDIUM | 4.3 | 1 | 2018-10-18 | Service workers can use redirection to avoid the tainting of cross-origin resources in some instance... |
| CVE-2017-5453 | MEDIUM | 4.3 | 1 | 2018-06-11 | A mechanism to inject static HTML into the RSS reader preview page due to a failure to escape charac... |
| CVE-2017-5452 | MEDIUM | 4.3 | 1 | 2018-06-11 | Malicious sites can display a spoofed addressbar on a page when the existing location bar on the new... |
| CVE-2017-5451 | MEDIUM | 4.3 | 1 | 2018-06-11 | A mechanism to spoof the addressbar through the user interaction on the addressbar and the "onblur" ... |
| CVE-2016-5279 | MEDIUM | 4.3 | 1 | 2016-09-22 | Mozilla Firefox before 49.0 allows user-assisted remote attackers to obtain sensitive full-pathname ... |
| CVE-2016-5268 | MEDIUM | 4.3 | 1 | 2016-08-05 | Mozilla Firefox before 48.0 does not properly set the LINKABLE and URI_SAFE_FOR_UNTRUSTED_CONTENT fl... |
| CVE-2016-5251 | MEDIUM | 4.3 | 1 | 2016-08-05 | Mozilla Firefox before 48.0 allows remote attackers to spoof the location bar via crafted characters... |
| CVE-2016-5250 | MEDIUM | 4.3 | 1 | 2016-08-05 | Mozilla Firefox before 48.0, Firefox ESR < 45.4 and Thunderbird < 45.4 allow remote attackers to obt... |
| CVE-2016-2832 | MEDIUM | 4.3 | 1 | 2016-06-13 | Mozilla Firefox before 47.0 allows remote attackers to discover the list of disabled plugins via a f... |
| CVE-2016-2830 | MEDIUM | 4.3 | 1 | 2016-08-05 | Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 preserve the network connection used fo... |
| CVE-2016-2820 | MEDIUM | 4.3 | 1 | 2016-04-30 | The Firefox Health Reports (aka FHR or about:healthreport) feature in Mozilla Firefox before 46.0 do... |
| CVE-2016-1965 | MEDIUM | 4.3 | 1 | 2016-03-13 | Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 mishandle a navigation sequence that re... |
| CVE-2016-1958 | MEDIUM | 4.3 | 1 | 2016-03-13 | browser/base/content/browser.js in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allo... |
| CVE-2016-1957 | MEDIUM | 4.3 | 1 | 2016-03-13 | Memory leak in libstagefright in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allows... |
| CVE-2016-1955 | MEDIUM | 4.3 | 1 | 2016-03-13 | Mozilla Firefox before 45.0 allows remote attackers to bypass the Same Origin Policy and obtain sens... |
| CVE-2015-7327 | MEDIUM | 4.3 | 1 | 2015-09-24 | Mozilla Firefox before 41.0 does not properly restrict the availability of High Resolution Time API ... |
| CVE-2015-7191 | MEDIUM | 4.3 | 1 | 2015-11-05 | Mozilla Firefox before 42.0 on Android improperly restricts URL strings in intents, which allows att... |
| CVE-2015-7187 | MEDIUM | 4.3 | 1 | 2015-11-05 | The Add-on SDK in Mozilla Firefox before 42.0 misinterprets a "script: false" panel setting, which m... |
| CVE-2015-7186 | MEDIUM | 4.3 | 1 | 2015-11-05 | Mozilla Firefox before 42.0 on Android allows user-assisted remote attackers to bypass the Same Orig... |
| CVE-2015-7185 | MEDIUM | 4.3 | 1 | 2015-11-05 | Mozilla Firefox before 42.0 on Android does not ensure that the address bar is restored upon fullscr... |
| CVE-2015-4519 | MEDIUM | 4.3 | 1 | 2015-09-24 | Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 allow user-assisted remote attackers to... |
| CVE-2015-4518 | MEDIUM | 4.3 | 1 | 2015-11-05 | The Reader View implementation in Mozilla Firefox before 42.0 has an improper whitelist, which makes... |
| CVE-2015-4515 | MEDIUM | 4.3 | 1 | 2015-11-05 | Mozilla Firefox before 42.0, when NTLM v1 is enabled for HTTP authentication, allows remote attacker... |
| CVE-2015-4502 | MEDIUM | 4.3 | 1 | 2015-09-24 | js/src/proxy/Proxy.cpp in Mozilla Firefox before 41.0 mishandles certain receiver arguments, which a... |
| CVE-2015-4490 | MEDIUM | 4.3 | 1 | 2015-08-16 | The nsCSPHostSrc::permits function in dom/security/nsCSPUtils.cpp in Mozilla Firefox before 40.0 doe... |
| CVE-2015-4483 | MEDIUM | 4.3 | 1 | 2015-08-16 | Mozilla Firefox before 40.0 allows man-in-the-middle attackers to bypass a mixed-content protection ... |
| CVE-2015-4476 | MEDIUM | 4.3 | 1 | 2015-09-24 | Mozilla Firefox before 41.0 on Android allows user-assisted remote attackers to spoof address-bar at... |
| CVE-2015-2742 | MEDIUM | 4.3 | 1 | 2015-07-06 | Mozilla Firefox before 39.0 on OS X includes native key press information during the logging of cras... |
| CVE-2015-2741 | MEDIUM | 4.3 | 1 | 2015-07-06 | Mozilla Firefox before 39.0, Firefox ESR 38.x before 38.1, and Thunderbird before 38.1 do not enforc... |
| CVE-2015-2718 | MEDIUM | 4.3 | 1 | 2015-05-14 | The WebChannel.jsm module in Mozilla Firefox before 38.0 allows remote attackers to bypass the Same ... |
| CVE-2015-2711 | MEDIUM | 4.3 | 1 | 2015-05-14 | Mozilla Firefox before 38.0 does not recognize a referrer policy delivered by a referrer META elemen... |
| CVE-2015-0834 | MEDIUM | 4.3 | 1 | 2015-02-25 | The WebRTC subsystem in Mozilla Firefox before 36.0 recognizes turns: and stuns: URIs but accesses t... |
| CVE-2015-0827 | MEDIUM | 4.3 | 1 | 2015-02-25 | Heap-based buffer overflow in the mozilla::gfx::CopyRect function in Mozilla Firefox before 36.0, Fi... |
| CVE-2015-0825 | MEDIUM | 4.3 | 1 | 2015-02-25 | Stack-based buffer underflow in the mozilla::MP3FrameParser::ParseBuffer function in Mozilla Firefox... |
| CVE-2015-0822 | MEDIUM | 4.3 | 1 | 2015-02-25 | The Form Autocompletion feature in Mozilla Firefox before 36.0, Firefox ESR 31.x before 31.5, and Th... |
| CVE-2015-0819 | MEDIUM | 4.3 | 1 | 2015-02-25 | The UITour::onPageEvent function in Mozilla Firefox before 36.0 does not ensure that an API call ori... |
| CVE-2015-0799 | MEDIUM | 4.3 | 1 | 2015-04-08 | The HTTP Alternative Services feature in Mozilla Firefox before 37.0.1 allows man-in-the-middle atta... |
| CVE-2014-8642 | MEDIUM | 4.3 | 1 | 2015-01-14 | Mozilla Firefox before 35.0 and SeaMonkey before 2.32 do not consider the id-pkix-ocsp-nocheck exten... |
| CVE-2014-8632 | MEDIUM | 4.3 | 1 | 2014-12-11 | The structured-clone implementation in Mozilla Firefox before 34.0 and SeaMonkey before 2.31 does no... |
| CVE-2014-8631 | MEDIUM | 4.3 | 1 | 2014-12-11 | The Chrome Object Wrapper (COW) implementation in Mozilla Firefox before 34.0 and SeaMonkey before 2... |
| CVE-2014-1590 | MEDIUM | 4.3 | 1 | 2014-12-11 | The XMLHttpRequest.prototype.send method in Mozilla Firefox before 34.0, Firefox ESR 31.x before 31.... |
| CVE-2014-1584 | MEDIUM | 4.3 | 1 | 2014-10-15 | The Public Key Pinning (PKP) implementation in Mozilla Firefox before 33.0 skips pinning checks upon... |
| CVE-2014-1582 | MEDIUM | 4.3 | 1 | 2014-10-15 | The Public Key Pinning (PKP) implementation in Mozilla Firefox before 33.0 does not properly conside... |
| CVE-2014-1564 | MEDIUM | 4.3 | 1 | 2014-09-03 | Mozilla Firefox before 32.0, Firefox ESR 31.x before 31.1, and Thunderbird 31.x before 31.1 do not p... |
| CVE-2014-1560 | MEDIUM | 4.3 | 1 | 2014-07-23 | Mozilla Firefox before 31.0 and Thunderbird before 31.0 allow remote attackers to cause a denial of ... |
| CVE-2014-1559 | MEDIUM | 4.3 | 1 | 2014-07-23 | Mozilla Firefox before 31.0 and Thunderbird before 31.0 allow remote attackers to cause a denial of ... |
| CVE-2014-1558 | MEDIUM | 4.3 | 1 | 2014-07-23 | Mozilla Firefox before 31.0 and Thunderbird before 31.0 allow remote attackers to cause a denial of ... |
| CVE-2014-1499 | MEDIUM | 4.3 | 1 | 2014-03-19 | Mozilla Firefox before 28.0 and SeaMonkey before 2.25 allow remote attackers to spoof the domain nam... |
| CVE-2014-1491 | MEDIUM | 4.3 | 1 | 2014-02-06 | Mozilla Network Security Services (NSS) before 3.15.4, as used in Mozilla Firefox before 27.0, Firef... |
| CVE-2014-1489 | MEDIUM | 4.3 | 1 | 2014-02-06 | Mozilla Firefox before 27.0 does not properly restrict access to about:home buttons by script on oth... |
| CVE-2014-1480 | MEDIUM | 4.3 | 1 | 2014-02-06 | The file-download implementation in Mozilla Firefox before 27.0 and SeaMonkey before 2.24 does not p... |
| CVE-2013-5614 | MEDIUM | 4.3 | 1 | 2013-12-11 | Mozilla Firefox before 26.0 and SeaMonkey before 2.23 do not properly consider the sandbox attribute... |
| CVE-2013-5612 | MEDIUM | 4.3 | 1 | 2013-12-11 | Cross-site scripting (XSS) vulnerability in Mozilla Firefox before 26.0 and SeaMonkey before 2.23 ma... |
| CVE-2013-5595 | MEDIUM | 4.3 | 1 | 2013-10-30 | The JavaScript engine in Mozilla Firefox before 25.0, Firefox ESR 17.x before 17.0.10 and 24.x befor... |
| CVE-2013-5594 | MEDIUM | 4.3 | 1 | 2020-02-18 | Mozilla Firefox before 25 allows modification of anonymous content of pluginProblem.xml binding |
| CVE-2013-5593 | MEDIUM | 4.3 | 1 | 2013-10-30 | The SELECT element implementation in Mozilla Firefox before 25.0, Firefox ESR 24.x before 24.1, Thun... |
| CVE-2013-1728 | MEDIUM | 4.3 | 1 | 2013-09-18 | The IonMonkey JavaScript engine in Mozilla Firefox before 24.0, Thunderbird before 24.0, and SeaMonk... |
| CVE-2013-1723 | MEDIUM | 4.3 | 1 | 2013-09-18 | The NativeKey widget in Mozilla Firefox before 24.0, Thunderbird before 24.0, and SeaMonkey before 2... |
| CVE-2013-1714 | MEDIUM | 4.3 | 1 | 2013-08-07 | The Web Workers implementation in Mozilla Firefox before 23.0, Firefox ESR 17.x before 17.0.8, Thund... |
| CVE-2013-1713 | MEDIUM | 4.3 | 1 | 2013-08-07 | Mozilla Firefox before 23.0, Firefox ESR 17.x before 17.0.8, Thunderbird before 17.0.8, Thunderbird ... |
| CVE-2013-1711 | MEDIUM | 4.3 | 1 | 2013-08-07 | The XrayWrapper implementation in Mozilla Firefox before 23.0 and SeaMonkey before 2.20 does not pro... |
| CVE-2013-1709 | MEDIUM | 4.3 | 1 | 2013-08-07 | Mozilla Firefox before 23.0, Firefox ESR 17.x before 17.0.8, Thunderbird before 17.0.8, Thunderbird ... |
| CVE-2013-1708 | MEDIUM | 4.3 | 1 | 2013-08-07 | Mozilla Firefox before 23.0 and SeaMonkey before 2.20 allow remote attackers to cause a denial of se... |
| CVE-2013-1698 | MEDIUM | 4.3 | 1 | 2013-06-26 | The getUserMedia permission implementation in Mozilla Firefox before 22.0 references the URL of a to... |
| CVE-2013-1693 | MEDIUM | 4.3 | 1 | 2013-06-26 | The SVG filter implementation in Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunde... |
| CVE-2013-1692 | MEDIUM | 4.3 | 1 | 2013-06-26 | Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbird before 17.0.7, and Thunderb... |
| CVE-2013-1671 | MEDIUM | 4.3 | 1 | 2013-05-16 | Mozilla Firefox before 21.0 does not properly implement the INPUT element, which allows remote attac... |
| CVE-2013-1670 | MEDIUM | 4.3 | 1 | 2013-05-16 | The Chrome Object Wrapper (COW) implementation in Mozilla Firefox before 21.0, Firefox ESR 17.x befo... |
| CVE-2013-0793 | MEDIUM | 4.3 | 1 | 2013-04-03 | Mozilla Firefox before 20.0, Firefox ESR 17.x before 17.0.5, Thunderbird before 17.0.5, Thunderbird ... |
| CVE-2013-0792 | MEDIUM | 4.3 | 1 | 2013-04-03 | Mozilla Firefox before 20.0 and SeaMonkey before 2.17, when gfx.color_management.enablev4 is used, d... |
| CVE-2013-0774 | MEDIUM | 4.3 | 1 | 2013-02-19 | Mozilla Firefox before 19.0, Firefox ESR 17.x before 17.0.3, Thunderbird before 17.0.3, Thunderbird ... |
| CVE-2013-0748 | MEDIUM | 4.3 | 1 | 2013-01-13 | The XBL.__proto__.toString implementation in Mozilla Firefox before 18.0, Firefox ESR 10.x before 10... |
| CVE-2012-5841 | MEDIUM | 4.3 | 1 | 2012-11-21 | Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird E... |
| CVE-2012-4209 | MEDIUM | 4.3 | 1 | 2012-11-21 | Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird E... |
| CVE-2012-4208 | MEDIUM | 4.3 | 1 | 2012-11-21 | The XrayWrapper implementation in Mozilla Firefox before 17.0, Thunderbird before 17.0, and SeaMonke... |
| CVE-2012-4207 | MEDIUM | 4.3 | 1 | 2012-11-21 | The HZ-GB-2312 character-set implementation in Mozilla Firefox before 17.0, Firefox ESR 10.x before ... |
| CVE-2012-4201 | MEDIUM | 4.3 | 1 | 2012-11-21 | The evalInSandbox implementation in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Th... |
| CVE-2012-4195 | MEDIUM | 4.3 | 1 | 2012-10-29 | The nsLocation::CheckURL function in Mozilla Firefox before 16.0.2, Firefox ESR 10.x before 10.0.10,... |
| CVE-2012-4194 | MEDIUM | 4.3 | 1 | 2012-10-29 | Mozilla Firefox before 16.0.2, Firefox ESR 10.x before 10.0.10, Thunderbird before 16.0.2, Thunderbi... |
| CVE-2012-4184 | MEDIUM | 4.3 | 1 | 2012-10-10 | The Chrome Object Wrapper (COW) implementation in Mozilla Firefox before 16.0, Firefox ESR 10.x befo... |
| CVE-2012-3994 | MEDIUM | 4.3 | 1 | 2012-10-10 | Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ES... |
| CVE-2012-3992 | MEDIUM | 4.3 | 1 | 2012-10-10 | Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ES... |
| CVE-2012-3986 | MEDIUM | 4.3 | 1 | 2012-10-10 | Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ES... |
| CVE-2012-3985 | MEDIUM | 4.3 | 1 | 2012-10-10 | Mozilla Firefox before 16.0, Thunderbird before 16.0, and SeaMonkey before 2.13 do not properly impl... |
| CVE-2012-3976 | MEDIUM | 4.3 | 1 | 2012-08-29 | Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, and SeaMonkey before 2.12 do not proper... |
| CVE-2012-3975 | MEDIUM | 4.3 | 1 | 2012-08-29 | The DOMParser component in Mozilla Firefox before 15.0, Thunderbird before 15.0, and SeaMonkey befor... |
| CVE-2012-1956 | MEDIUM | 4.3 | 1 | 2012-08-29 | Mozilla Firefox before 15.0, Thunderbird before 15.0, and SeaMonkey before 2.12 do not prevent use o... |
| CVE-2012-0455 | MEDIUM | 4.3 | 1 | 2012-03-14 | Mozilla Firefox before 3.6.28 and 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird befo... |
| CVE-2011-3866 | MEDIUM | 4.3 | 1 | 2011-09-29 | Mozilla Firefox before 7.0 and SeaMonkey before 2.4 do not properly restrict availability of motion ... |
| CVE-2011-3648 | MEDIUM | 4.3 | 1 | 2011-11-09 | Cross-site scripting (XSS) vulnerability in Mozilla Firefox before 3.6.24 and 4.x through 7.0 and Th... |
| CVE-2011-2983 | MEDIUM | 4.3 | 1 | 2011-08-18 | Mozilla Firefox before 3.6.20, Thunderbird 2.x and 3.x before 3.1.12, SeaMonkey 1.x and 2.x, and pos... |
| CVE-2011-2605 | MEDIUM | 4.3 | 1 | 2011-06-30 | CRLF injection vulnerability in the nsCookieService::SetCookieStringInternal function in netwerk/coo... |
| CVE-2011-1712 | MEDIUM | 4.3 | 1 | 2011-04-15 | The txXPathNodeUtils::getXSLTId function in txMozillaXPathTreeWalker.cpp and txStandaloneXPathTreeWa... |
| CVE-2010-3774 | MEDIUM | 4.3 | 1 | 2010-12-10 | The NS_SecurityCompareURIs function in netwerk/base/public/nsNetUtil.h in Mozilla Firefox before 3.5... |
| CVE-2010-3770 | MEDIUM | 4.3 | 1 | 2010-12-10 | Multiple cross-site scripting (XSS) vulnerabilities in the rendering engine in Mozilla Firefox befor... |
| CVE-2010-3177 | MEDIUM | 4.3 | 1 | 2010-10-21 | Multiple cross-site scripting (XSS) vulnerabilities in the Gopher parser in Mozilla Firefox before 3... |
| CVE-2010-3170 | MEDIUM | 4.3 | 1 | 2010-10-21 | Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1... |
| CVE-2010-1210 | MEDIUM | 4.3 | 1 | 2010-07-30 | intl/uconv/util/nsUnicodeDecodeHelper.cpp in Mozilla Firefox before 3.6.7 and Thunderbird before 3.1... |
| CVE-2010-1207 | MEDIUM | 4.3 | 1 | 2010-07-30 | Mozilla Firefox before 3.6.7 and Thunderbird before 3.1.1 do not properly implement read restriction... |
| CVE-2010-0648 | MEDIUM | 4.3 | 1 | 2010-02-18 | Mozilla Firefox, possibly before 3.6, allows remote attackers to discover a redirect's target URL, f... |
| CVE-2010-0182 | MEDIUM | 4.3 | 1 | 2010-04-05 | The XMLDocument::load function in Mozilla Firefox before 3.5.9 and 3.6.x before 3.6.2, Thunderbird b... |
| CVE-2010-0181 | MEDIUM | 4.3 | 1 | 2010-04-05 | Mozilla Firefox before 3.5.9 and 3.6.x before 3.6.2, and SeaMonkey before 2.0.4, executes a mail app... |
| CVE-2009-5017 | MEDIUM | 4.3 | 1 | 2010-11-12 | Mozilla Firefox before 3.6 Beta 3 does not properly handle overlong UTF-8 encoding, which makes it e... |
| CVE-2009-3978 | MEDIUM | 4.3 | 1 | 2009-11-19 | The nsGIFDecoder2::GifWrite function in decoders/gif/nsGIFDecoder2.cpp in libpr0n in Mozilla Firefox... |
| CVE-2009-3014 | MEDIUM | 4.3 | 1 | 2009-08-31 | Mozilla Firefox 3.0.13 and earlier, 3.5, 3.6 a1 pre, and 3.7 a1 pre; SeaMonkey 1.1.17; and Mozilla 1... |
| CVE-2009-3012 | MEDIUM | 4.3 | 1 | 2009-08-31 | Mozilla Firefox 3.0.13 and earlier, 3.5, 3.6 a1 pre, and 3.7 a1 pre does not properly block data: UR... |
| CVE-2009-3010 | MEDIUM | 4.3 | 1 | 2009-08-31 | Mozilla Firefox 3.0.13 and earlier, 3.5, 3.6 a1 pre, and 3.7 a1 pre; SeaMonkey 1.1.17; and Mozilla 1... |
| CVE-2009-2472 | MEDIUM | 4.3 | 1 | 2009-07-22 | Mozilla Firefox before 3.0.12 does not always use XPCCrossOriginWrapper when required during object ... |
| CVE-2008-4065 | MEDIUM | 4.3 | 1 | 2008-09-24 | Mozilla Firefox before 2.0.0.17 and 3.x before 3.0.2, Thunderbird before 2.0.0.17, and SeaMonkey bef... |
| CVE-2008-2800 | MEDIUM | 4.3 | 1 | 2008-07-07 | Mozilla Firefox before 2.0.0.15 and SeaMonkey before 1.1.10 allow remote attackers to bypass the Sam... |
| CVE-2008-1241 | MEDIUM | 4.3 | 1 | 2008-03-27 | GUI overlay vulnerability in Mozilla Firefox before 2.0.0.13 and SeaMonkey before 1.1.9 allows remot... |
| CVE-2008-1234 | MEDIUM | 4.3 | 1 | 2008-03-27 | Cross-site scripting (XSS) vulnerability in Mozilla Firefox before 2.0.0.13, Thunderbird before 2.0.... |
| CVE-2008-0593 | MEDIUM | 4.3 | 1 | 2008-02-09 | Gecko-based browsers, including Mozilla Firefox before 2.0.0.12 and SeaMonkey before 1.1.8, modify t... |
| CVE-2008-0592 | MEDIUM | 4.3 | 1 | 2008-02-09 | Mozilla Firefox before 2.0.0.12 and SeaMonkey before 1.1.8 allows user-assisted remote attackers to ... |
| CVE-2008-0591 | MEDIUM | 4.3 | 1 | 2008-02-09 | Mozilla Firefox before 2.0.0.12 and Thunderbird before 2.0.0.12 does not properly manage a delay tim... |
| CVE-2008-0418 | MEDIUM | 4.3 | 1 | 2008-02-08 | Directory traversal vulnerability in Mozilla Firefox before 2.0.0.12, Thunderbird before 2.0.0.12, a... |
| CVE-2008-0417 | MEDIUM | 4.3 | 1 | 2008-02-08 | CRLF injection vulnerability in Mozilla Firefox before 2.0.0.12 allows remote user-assisted web site... |
| CVE-2008-0416 | MEDIUM | 4.3 | 1 | 2008-02-12 | Multiple cross-site scripting (XSS) vulnerabilities in Mozilla Firefox before 2.0.0.12, Thunderbird... |
| CVE-2008-0415 | MEDIUM | 4.3 | 1 | 2008-02-08 | Mozilla Firefox before 2.0.0.12, Thunderbird before 2.0.0.12, and SeaMonkey before 1.1.8 allows remo... |
| CVE-2008-0414 | MEDIUM | 4.3 | 1 | 2008-02-08 | Mozilla Firefox before 2.0.0.12 and SeaMonkey before 1.1.8 allows user-assisted remote attackers to ... |
| CVE-2007-6589 | MEDIUM | 4.3 | 1 | 2007-12-28 | The jar protocol handler in Mozilla Firefox before 2.0.0.10 and SeaMonkey before 1.1.7 does not upda... |
| CVE-2007-5960 | MEDIUM | 4.3 | 1 | 2007-11-26 | Mozilla Firefox before 2.0.0.10 and SeaMonkey before 1.1.7 sets the Referer header to the window or ... |
| CVE-2007-5947 | MEDIUM | 4.3 | 1 | 2007-11-14 | The jar protocol handler in Mozilla Firefox before 2.0.0.10 and SeaMonkey before 1.1.7 retrieves the... |
| CVE-2007-5340 | MEDIUM | 4.3 | 1 | 2007-10-21 | Multiple vulnerabilities in the Javascript engine in Mozilla Firefox before 2.0.0.8, Thunderbird bef... |
| CVE-2007-5339 | MEDIUM | 4.3 | 1 | 2007-10-21 | Multiple vulnerabilities in Mozilla Firefox before 2.0.0.8, Thunderbird before 2.0.0.8, and SeaMonke... |
| CVE-2007-5335 | MEDIUM | 4.3 | 1 | 2007-10-24 | Mozilla Firefox 2.0 before 2.0.0.8 allows remote attackers to obtain sensitive system information by... |
| CVE-2007-5334 | MEDIUM | 4.3 | 1 | 2007-10-21 | Mozilla Firefox before 2.0.0.8 and SeaMonkey before 1.1.5 can hide the window's titlebar when displa... |
| CVE-2007-4038 | MEDIUM | 4.3 | 1 | 2007-07-27 | Argument injection vulnerability in Mozilla Firefox before 2.0.0.5, when running on systems with Thu... |
| CVE-2007-3511 | MEDIUM | 4.3 | 1 | 2007-07-03 | The focus handling for the onkeydown event in Mozilla Firefox 1.5.0.12, 2.0.0.4 and other versions b... |
| CVE-2007-3089 | MEDIUM | 4.3 | 1 | 2007-06-06 | Mozilla Firefox before 2.0.0.5 does not prevent use of document.write to replace an IFRAME (1) durin... |
| CVE-2007-2292 | MEDIUM | 4.3 | 1 | 2007-04-26 | CRLF injection vulnerability in the Digest Authentication support for Mozilla Firefox before 2.0.0.8... |
| CVE-2006-4568 | MEDIUM | 4.3 | 1 | 2006-09-15 | Mozilla Firefox before 1.5.0.7 and SeaMonkey before 1.0.5 allows remote attackers to bypass the secu... |
| CVE-2006-2785 | MEDIUM | 4.3 | 1 | 2006-06-02 | Cross-site scripting (XSS) vulnerability in Mozilla Firefox before 1.5.0.4 allows user-assisted remo... |
| CVE-2006-2783 | MEDIUM | 4.3 | 1 | 2006-06-02 | Mozilla Firefox and Thunderbird before 1.5.0.4 strip the Unicode Byte-order-Mark (BOM) from a UTF-8 ... |
| CVE-2006-2782 | MEDIUM | 4.3 | 1 | 2006-06-02 | Firefox 1.5.0.2 does not fix all test cases associated with CVE-2006-1729, which allows remote attac... |
| CVE-2006-1741 | MEDIUM | 4.3 | 1 | 2006-04-14 | Mozilla Firefox 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey be... |
| CVE-2006-1732 | MEDIUM | 4.3 | 1 | 2006-04-14 | Unspecified vulnerability in Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, ... |
| CVE-2006-1731 | MEDIUM | 4.3 | 1 | 2006-04-14 | Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, ... |
| CVE-2006-1729 | MEDIUM | 4.3 | 1 | 2006-04-14 | Mozilla Firefox 1.x before 1.5.0.2 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonke... |
| CVE-2006-0496 | MEDIUM | 4.3 | 1 | 2006-02-01 | Cross-site scripting (XSS) vulnerability in Mozilla 1.7.12 and possibly earlier, Mozilla Firefox 1.0... |
| CVE-2025-26603 | MEDIUM | 4.2 | 3 | 2025-02-18 | Vim is a greatly improved version of the good old UNIX editor Vi. Vim allows to redirect screen mess... |
| CVE-2025-24014 | MEDIUM | 4.2 | 3 | 2025-01-20 | Vim is an open source, command line text editor. A segmentation fault was found in Vim before 9.1.10... |
| CVE-2025-22134 | MEDIUM | 4.2 | 3 | 2025-01-13 | When switching to other buffers using the :all command and visual mode still being active, this may ... |
| CVE-2024-41965 | MEDIUM | 4.2 | 3 | 2024-08-01 | Vim is an open source command line text editor. double-free in dialog_changed() in Vim < v9.1.0648. ... |
| CVE-2025-53906 | MEDIUM | 4.1 | 3 | 2025-07-15 | Vim is an open source, command line text editor. Prior to version 9.1.1551, a path traversal issue i... |
| CVE-2025-53905 | MEDIUM | 4.1 | 3 | 2025-07-15 | Vim is an open source, command line text editor. Prior to version 9.1.1552, a path traversal issue i... |
| CVE-2025-45582 | MEDIUM | 4.1 | 1 | 2025-07-11 | GNU Tar through 1.35 allows file overwrite via directory traversal in crafted TAR archives, with a c... |
| CVE-2016-9844 | MEDIUM | 4.0 | 2 | 2017-01-18 | Buffer overflow in the zi_short function in zipinfo.c in Info-Zip UnZip 6.0 allows remote attackers ... |
| CVE-2014-9913 | MEDIUM | 4.0 | 2 | 2017-01-18 | Buffer overflow in the list_files function in list.c in Info-Zip UnZip 6.0 allows remote attackers t... |
| CVE-2023-46246 | MEDIUM | 4.0 | 1 | 2023-10-27 | Vim is an improved version of the good old UNIX editor Vi. Heap-use-after-free in memory allocated i... |
| CVE-2025-48708 | MEDIUM | 4.0 | 1 | 2025-05-23 | gs_lib_ctx_stash_sanitized_arg in base/gslibctx.c in Artifex Ghostscript before 10.05.1 lacks argume... |
| CVE-2025-10859 | MEDIUM | 4.0 | 1 | 2025-09-30 | Cookie storage for non-HTML temporary documents was being shared incorrectly with normal browsing co... |
| CVE-2025-0240 | MEDIUM | 4.0 | 1 | 2025-01-07 | Parsing a JavaScript module as JSON could, under some circumstances, cause cross-compartment access,... |
| CVE-2025-0239 | MEDIUM | 4.0 | 1 | 2025-01-07 | When using Alt-Svc, ALPN did not properly validate certificates when the original server is redirect... |
| CVE-2024-3861 | MEDIUM | 4.0 | 1 | 2024-04-16 | If an AlignedBuffer were assigned to itself, the subsequent self-move could result in an incorrect r... |
| CVE-2020-15703 | MEDIUM | 4.0 | 1 | 2020-10-31 | There is no input validation on the Locale property in an apt transaction. An unprivileged user can ... |
| CVE-2015-7223 | MEDIUM | 4.0 | 1 | 2015-12-16 | The WebExtension APIs in Mozilla Firefox before 43.0 allow remote attackers to gain privileges, and ... |
| CVE-2013-1696 | MEDIUM | 4.0 | 1 | 2013-06-26 | Mozilla Firefox before 22.0 does not properly enforce the X-Frame-Options protection mechanism, whic... |
| CVE-2013-0776 | MEDIUM | 4.0 | 1 | 2013-02-19 | Mozilla Firefox before 19.0, Firefox ESR 17.x before 17.0.3, Thunderbird before 17.0.3, Thunderbird ... |
| CVE-2012-3987 | MEDIUM | 4.0 | 1 | 2012-10-10 | Mozilla Firefox before 16.0 on Android assigns chrome privileges to Reader Mode pages, which allows ... |
| CVE-2006-4340 | MEDIUM | 4.0 | 1 | 2006-09-15 | Mozilla Network Security Service (NSS) library before 3.11.3, as used in Mozilla Firefox before 1.5.... |
| CVE-2006-2894 | MEDIUM | 4.0 | 1 | 2006-06-07 | Mozilla Firefox 1.5.0.4, 2.0.x before 2.0.0.8, Mozilla Suite 1.7.13, Mozilla SeaMonkey 1.0.2 and oth... |
| CVE-2024-47814 | LOW | 3.9 | 3 | 2024-10-07 | Vim is an open source, command line text editor. A use-after-free was found in Vim < 9.1.0764. When ... |
| CVE-2023-48232 | LOW | 3.9 | 1 | 2023-11-16 | Vim is an open source command line text editor. A floating point exception may occur when calculatin... |
| CVE-2023-48231 | LOW | 3.9 | 1 | 2023-11-16 | Vim is an open source command line text editor. When closing a window, vim may try to access already... |
| CVE-2025-1939 | LOW | 3.9 | 1 | 2025-03-04 | Android apps can load web pages using the Custom Tabs feature. This feature supports a transition an... |
| CVE-2024-7883 | LOW | 3.7 | 1 | 2024-10-31 | When using Arm Cortex-M Security Extensions (CMSE), Secure stack contents can be leaked to Non-secu... |
| CVE-2023-28322 | LOW | 3.7 | 1 | 2023-05-26 | An information disclosure vulnerability exists in curl <v8.1.0 when doing HTTP(S) transfers, libcurl... |
| CVE-2022-35252 | LOW | 3.7 | 1 | 2022-09-23 | When curl is used to retrieve and parse cookies from a HTTP(S) server, itaccepts cookies using contr... |
| CVE-2024-3302 | LOW | 3.7 | 1 | 2024-04-16 | There was no limit to the number of HTTP/2 CONTINUATION frames that would be processed. A server cou... |
| CVE-2024-2606 | LOW | 3.7 | 1 | 2024-03-19 | Passing invalid data could have led to invalid wasm values being created, such as arbitrary integers... |
| CVE-2019-11743 | LOW | 3.7 | 1 | 2019-09-27 | Navigation events were not fully adhering to the W3C's "Navigation-Timing Level 2" draft specificati... |
| CVE-2007-0775 | LOW | 3.7 | 1 | 2007-02-26 | Multiple unspecified vulnerabilities in the layout engine in Mozilla Firefox before 1.5.0.10 and 2.x... |
| CVE-2024-21217 | LOW | 3.7 | 1 | 2024-10-15 | Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition produ... |
| CVE-2024-21210 | LOW | 3.7 | 1 | 2024-10-15 | Vulnerability in Oracle Java SE (component: Hotspot). Supported versions that are affected are Orac... |
| CVE-2024-21208 | LOW | 3.7 | 1 | 2024-10-15 | Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition produ... |
| CVE-2024-21144 | LOW | 3.7 | 1 | 2024-07-16 | Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (co... |
| CVE-2024-21138 | LOW | 3.7 | 1 | 2024-07-16 | Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition produ... |
| CVE-2024-21131 | LOW | 3.7 | 1 | 2024-07-16 | Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition produ... |
| CVE-2024-21094 | LOW | 3.7 | 1 | 2024-04-16 | Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition produ... |
| CVE-2024-21085 | LOW | 3.7 | 1 | 2024-04-16 | Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (co... |
| CVE-2024-21068 | LOW | 3.7 | 1 | 2024-04-16 | Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition produ... |
| CVE-2024-21011 | LOW | 3.7 | 1 | 2024-04-16 | Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition produ... |
| CVE-2023-22049 | LOW | 3.7 | 1 | 2023-07-18 | Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK produ... |
| CVE-2023-22045 | LOW | 3.7 | 1 | 2023-07-18 | Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK produ... |
| CVE-2023-22044 | LOW | 3.7 | 1 | 2023-07-18 | Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK produ... |
| CVE-2023-22025 | LOW | 3.7 | 1 | 2023-10-17 | Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition, prod... |
| CVE-2023-21968 | LOW | 3.7 | 1 | 2023-04-18 | Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (co... |
| CVE-2023-21938 | LOW | 3.7 | 1 | 2023-04-18 | Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (co... |
| CVE-2023-21937 | LOW | 3.7 | 1 | 2023-04-18 | Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (co... |
| CVE-2023-21843 | LOW | 3.7 | 1 | 2023-01-18 | Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (co... |
| CVE-2022-21624 | LOW | 3.7 | 1 | 2022-10-18 | Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (co... |
| CVE-2022-21619 | LOW | 3.7 | 1 | 2022-10-18 | Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (co... |
| CVE-2024-4855 | LOW | 3.6 | 1 | 2024-05-14 | Use after free issue in editcap could cause denial of service via crafted capture file |
| CVE-2024-4853 | LOW | 3.6 | 1 | 2024-05-14 | Memory handling issue in editcap could cause denial of service via crafted capture file |
| CVE-2023-48706 | LOW | 3.6 | 1 | 2023-11-22 | Vim is a UNIX editor that, prior to version 9.0.2121, has a heap-use-after-free vulnerability. When ... |
| CVE-2025-27613 | LOW | 3.6 | 2 | 2025-07-10 | Gitk is a Tcl/Tk based Git history browser. Starting with 1.7.0, when a user clones an untrusted rep... |
| CVE-2024-2004 | LOW | 3.5 | 2 | 2024-03-27 | When a protocol selection parameter option disables all protocols without adding any then the defaul... |
| CVE-2025-0167 | LOW | 3.4 | 3 | 2025-02-05 | When asked to use a `.netrc` file for credentials **and** to follow HTTP redirects, curl could leak ... |
| CVE-2024-11053 | LOW | 3.4 | 3 | 2024-12-11 | When asked to both use a `.netrc` file for credentials and to follow HTTP redirects, curl could leak... |
| CVE-2023-28938 | LOW | 3.4 | 1 | 2023-08-11 | Uncontrolled resource consumption in some Intel(R) SSD Tools software before version mdadm-4.2-rc2 m... |
| CVE-2025-13015 | LOW | 3.4 | 1 | 2025-11-11 | Spoofing issue in Firefox. This vulnerability affects Firefox < 145, Firefox ESR < 140.5, Firefox ES... |
| CVE-2024-28085 | LOW | 3.3 | 3 | 2024-03-27 | wall in util-linux through 2.40, often installed with setgid tty permissions, allows escape sequence... |
| CVE-2021-4217 | LOW | 3.3 | 2 | 2022-08-24 | A flaw was found in unzip. The vulnerability occurs due to improper handling of Unicode strings, whi... |
| CVE-2019-13232 | LOW | 3.3 | 2 | 2019-07-04 | Info-ZIP UnZip 6.0 mishandles the overlapping of files inside a ZIP container, leading to denial of ... |
| CVE-2024-0217 | LOW | 3.3 | 1 | 2024-01-03 | A use-after-free flaw was found in PackageKitd. In some conditions, the order of cleanup mechanics f... |
| CVE-2022-0158 | LOW | 3.3 | 1 | 2022-01-10 | vim is vulnerable to Heap-based Buffer Overflow |
| CVE-2025-64524 | LOW | 3.3 | 1 | 2025-11-20 | cups-filters contains backends, filters, and other software required to get the cups printing servic... |
| CVE-2025-0245 | LOW | 3.3 | 1 | 2025-01-07 | Under certain circumstances, a user opt-in setting that Focus should require authentication before u... |
| CVE-2024-29508 | LOW | 3.3 | 1 | 2024-07-03 | Artifex Ghostscript before 10.03.0 has a heap-based pointer disclosure (observable in a constructed ... |
| CVE-2022-42931 | LOW | 3.3 | 1 | 2022-12-22 | Logins saved by Firefox should be managed by the Password Manager component which uses encryption to... |
| CVE-2020-12394 | LOW | 3.3 | 1 | 2020-05-26 | A logic flaw in our location bar implementation could have allowed a local attacker to spoof the cur... |
| CVE-2017-5387 | LOW | 3.3 | 1 | 2018-06-11 | The existence of a specifically requested local file can be found due to the double firing of the "o... |
| CVE-2023-25815 | LOW | 3.3 | 1 | 2023-04-25 | In Git for Windows, the Windows port of Git, no localized messages are shipped with the installer. A... |
| CVE-2023-4579 | LOW | 3.1 | 1 | 2023-09-11 | Search queries in the default search engine could appear to have been the currently navigated URL if... |
| CVE-2023-34414 | LOW | 3.1 | 1 | 2023-06-19 | The error page for sites with invalid TLS certificates was missing the activation-delay Firefox uses... |
| CVE-2021-24000 | LOW | 3.1 | 1 | 2021-06-24 | A race condition with requestPointerLock() and setTimeout() could have resulted in a user interactin... |
| CVE-2020-15671 | LOW | 3.1 | 1 | 2020-10-01 | When typing in a password under certain conditions, a race may have occured where the InputContext w... |
| CVE-2024-21005 | LOW | 3.1 | 1 | 2024-04-16 | Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (co... |
| CVE-2024-21003 | LOW | 3.1 | 1 | 2024-04-16 | Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (co... |
| CVE-2024-20925 | LOW | 3.1 | 1 | 2024-02-17 | Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (co... |
| CVE-2024-20923 | LOW | 3.1 | 1 | 2024-02-17 | Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (co... |
| CVE-2025-32415 | LOW | 2.9 | 3 | 2025-04-17 | In libxml2 before 2.13.8 and 2.14.x before 2.14.2, xmlSchemaIDCFillNodeTables in xmlschemas.c has a ... |
| CVE-2025-27113 | LOW | 2.9 | 4 | 2025-02-18 | libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a NULL pointer dereference in xmlPatMatch in pat... |
| CVE-2025-32462 | LOW | 2.8 | 3 | 2025-06-30 | Sudo before 1.9.17p1, when used with a sudoers file that specifies a host that is neither the curren... |
| CVE-2025-1215 | LOW | 2.8 | 3 | 2025-02-12 | A vulnerability classified as problematic was found in vim up to 9.1.1096. This vulnerability affect... |
| CVE-2023-48237 | LOW | 2.8 | 1 | 2023-11-16 | Vim is an open source command line text editor. In affected versions when shifting lines in operator... |
| CVE-2023-48236 | LOW | 2.8 | 1 | 2023-11-16 | Vim is an open source command line text editor. When using the z= command, the user may overflow the... |
| CVE-2023-48235 | LOW | 2.8 | 1 | 2023-11-16 | Vim is an open source command line text editor. When parsing relative ex addresses one may unintenti... |
| CVE-2023-48234 | LOW | 2.8 | 1 | 2023-11-16 | Vim is an open source command line text editor. When getting the count for a normal mode z command, ... |
| CVE-2023-48233 | LOW | 2.8 | 1 | 2023-11-16 | Vim is an open source command line text editor. If the count after the :s command is larger than wha... |
| CVE-2020-6824 | LOW | 2.8 | 1 | 2020-04-24 | Initially, a user opens a Private Browsing Window and generates a password for a site, then closes t... |
| CVE-2025-30258 | LOW | 2.7 | 3 | 2025-03-19 | In GnuPG before 2.5.5, if a user chooses to import a certificate with certain crafted subkey data th... |
| CVE-2024-2616 | LOW | 2.7 | 1 | 2024-03-19 | To harden ICU against exploitation, the behavior for out-of-memory conditions was changed to crash i... |
| CVE-2015-2987 | LOW | 2.6 | 3 | 2015-08-28 | Type74 ED before 4.0 misuses 128-bit ECB encryption for small files, which makes it easier for attac... |
| CVE-2015-4508 | LOW | 2.6 | 1 | 2015-09-24 | Mozilla Firefox before 41.0, when reader mode is enabled, allows remote attackers to spoof the relat... |
| CVE-2015-0820 | LOW | 2.6 | 1 | 2015-02-25 | Mozilla Firefox before 36.0 does not properly restrict transitions of JavaScript objects from a non-... |
| CVE-2014-1504 | LOW | 2.6 | 1 | 2014-03-19 | The session-restore feature in Mozilla Firefox before 28.0 and SeaMonkey before 2.25 does not consid... |
| CVE-2008-5503 | LOW | 2.6 | 1 | 2008-12-17 | The loadBindingDocument function in Mozilla Firefox 2.x before 2.0.0.19, Thunderbird 2.x before 2.0.... |
| CVE-2007-5414 | LOW | 2.6 | 1 | 2007-10-12 | Cross-site scripting (XSS) vulnerability in Mozilla Firefox before 2.0, when UTF-7 document content ... |
| CVE-2006-4569 | LOW | 2.6 | 1 | 2006-09-15 | The popup blocker in Mozilla Firefox before 1.5.0.7 opens the "blocked popups" display in the contex... |
| CVE-2006-4567 | LOW | 2.6 | 1 | 2006-09-15 | Mozilla Firefox before 1.5.0.7 and Thunderbird before 1.5.0.7 makes it easy for users to accept self... |
| CVE-2006-2786 | LOW | 2.6 | 1 | 2006-06-02 | HTTP response smuggling vulnerability in Mozilla Firefox and Thunderbird before 1.5.0.4, when used w... |
| CVE-2006-1740 | LOW | 2.6 | 1 | 2006-04-14 | Mozilla Firefox 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey be... |
| CVE-2006-1736 | LOW | 2.6 | 1 | 2006-04-14 | Mozilla Firefox 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey be... |
| CVE-2005-3089 | LOW | 2.6 | 1 | 2005-09-28 | Firefox 1.0.6 allows attackers to cause a denial of service (crash) via a Proxy Auto-Config (PAC) sc... |
| CVE-2005-2268 | LOW | 2.6 | 1 | 2005-07-13 | Firefox before 1.0.5 and Mozilla before 1.7.9 does not clearly associate a Javascript dialog box wit... |
| CVE-2005-1576 | LOW | 2.6 | 1 | 2005-05-12 | The file download dialog in Mozilla Firefox 0.10.1 and 1.0 for Windows uses the Content-Type HTTP he... |
| CVE-2005-0593 | LOW | 2.6 | 1 | 2005-03-04 | Firefox before 1.0.1 and Mozilla before 1.7.6 allows remote attackers to spoof the SSL "secure site"... |
| CVE-2005-0591 | LOW | 2.6 | 1 | 2005-05-02 | Firefox before 1.0.1 allows remote attackers to spoof the (1) security and (2) download modal dialog... |
| CVE-2005-0586 | LOW | 2.6 | 1 | 2005-05-02 | Firefox before 1.0.1 and Mozilla before 1.7.6 allows remote malicious web sites to spoof the extensi... |
| CVE-2005-0585 | LOW | 2.6 | 1 | 2005-03-25 | Firefox before 1.0.1 and Mozilla before 1.7.6 truncates long sub-domains or paths for display, which... |
| CVE-2005-0584 | LOW | 2.6 | 1 | 2005-05-02 | Firefox before 1.0.1 and Mozilla before 1.7.6, when displaying the HTTP Authentication dialog, do no... |
| CVE-2005-0402 | LOW | 2.6 | 1 | 2005-05-02 | Firefox before 1.0.2 allows remote attackers to execute arbitrary code by tricking a user into savin... |
| CVE-2005-0232 | LOW | 2.6 | 1 | 2005-05-02 | Firefox 1.0 allows remote attackers to modify Boolean configuration parameters for the about:config ... |
| CVE-2005-0231 | LOW | 2.6 | 1 | 2005-02-07 | Firefox 1.0 does not invoke the Javascript Security Manager when a user drags a javascript: or data:... |
| CVE-2005-0145 | LOW | 2.6 | 1 | 2005-01-24 | Firefox before 1.0 does not properly distinguish between user-generated and synthetic click events, ... |
| CVE-2023-4016 | LOW | 2.5 | 1 | 2023-08-02 | Under some circumstances, this weakness allows a user who has access to run the “ps” utility on a ma... |
| CVE-2024-21004 | LOW | 2.5 | 1 | 2024-04-16 | Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (co... |
| CVE-2024-21002 | LOW | 2.5 | 1 | 2024-04-16 | Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (co... |
| CVE-2024-20922 | LOW | 2.5 | 1 | 2024-01-16 | Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (co... |
| CVE-2015-2714 | LOW | 2.1 | 1 | 2015-05-14 | Mozilla Firefox before 38.0 on Android does not properly restrict writing URL data to the Android lo... |
| CVE-2005-0578 | LOW | 2.1 | 1 | 2005-05-02 | Firefox before 1.0.1 and Mozilla Suite before 1.7.6 use a predictable filename for the plugin tempor... |
| CVE-2014-1515 | LOW | 1.9 | 1 | 2014-03-25 | Mozilla Firefox before 28.0.1 on Android processes a file: URL by copying a local file onto the SD c... |
| CVE-2025-68973 | - | - | 3 | - | |
| CVE-2025-68972 | - | - | 3 | - | |
| CVE-2024-32465 | - | - | 3 | - | |
| CVE-2024-32021 | - | - | 3 | - | |
| CVE-2024-32020 | - | - | 3 | - | |
| CVE-2023-47100 | - | - | 1 | 2023-12-02 | Rejected reason: DO NOT USE THIS CVE RECORD. ConsultIDs: CVE-2023-47038. Reason: This record is a du... |
| CVE-2025-14861 | - | - | 1 | - | |
| CVE-2025-14860 | - | - | 1 | - | |
| CVE-2025-14744 | - | - | 1 | - |