firefox-x11 (AlmaLinux:9) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the AlmaLinux:9 package firefox-x11, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (200)
CVE-2026-2768 — CVSS 10.0 (critical): Sandbox escape in the Storage: IndexedDB component. This vulnerability was fixed in Firefox 148, Firefox ESR 140.8, Thunderbird 148, and…
CVE-2026-2776 — CVSS 10.0 (critical): Sandbox escape due to incorrect boundary conditions in the Telemetry component in External Software. This vulnerability was fixed in…
CVE-2026-2778 — CVSS 10.0 (critical): Sandbox escape due to incorrect boundary conditions in the DOM: Core & HTML component. This vulnerability was fixed in Firefox 148, Firefox…
CVE-2026-4688 — CVSS 10.0 (critical): Sandbox escape due to use-after-free in the Disability Access APIs component. This vulnerability was fixed in Firefox 149, Firefox ESR…
CVE-2026-4689 — CVSS 10.0 (critical): Sandbox escape due to incorrect boundary conditions, integer overflow in the XPCOM component. This vulnerability was fixed in Firefox 149…
CVE-2026-2760 — CVSS 10.0 (critical): Sandbox escape due to incorrect boundary conditions in the Graphics: WebRender component. This vulnerability was fixed in Firefox 148…
CVE-2026-4692 — CVSS 10.0 (critical): Sandbox escape in the Responsive Design Mode component. This vulnerability was fixed in Firefox 149, Firefox ESR 115.34, Firefox ESR 140.9…
CVE-2026-2761 — CVSS 10.0 (critical): Sandbox escape in the Graphics: WebRender component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8…
CVE-2025-9179 — CVSS 9.8 (critical): An attacker was able to perform memory corruption in the GMP process which processes encrypted media. This process is also heavily…
CVE-2026-4702 — CVSS 9.8 (critical): JIT miscompilation in the JavaScript Engine component. This vulnerability was fixed in Firefox 149, Firefox ESR 140.9, Thunderbird 149, and…
CVE-2026-4701 — CVSS 9.8 (critical): Use-after-free in the JavaScript Engine component. This vulnerability was fixed in Firefox 149, Firefox ESR 140.9, Thunderbird 149, and…
CVE-2025-8031 — CVSS 9.8 (critical): The `username:password` part was not correctly stripped from URLs in CSP reports potentially leaking HTTP Basic Authentication credentials…
CVE-2025-8028 — CVSS 9.8 (critical): On arm64, a WASM `br_table` instruction with a lot of entries could lead to the label being too far from the instruction causing truncation…
CVE-2025-6424 — CVSS 9.8 (critical): A use-after-free in FontFaceSet resulted in a potentially exploitable crash. This vulnerability was fixed in Firefox 140, Firefox ESR…
CVE-2025-4918 — CVSS 9.8 (critical): An attacker was able to perform an out-of-bounds read or write on a JavaScript `Promise` object. This vulnerability was fixed in Firefox…
CVE-2026-4705 — CVSS 9.8 (critical): Undefined behavior in the WebRTC: Signaling component. This vulnerability was fixed in Firefox 149, Firefox ESR 140.9, Thunderbird 149, and…
CVE-2026-2759 — CVSS 9.8 (critical): Incorrect boundary conditions in the Graphics: ImageLib component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox…
CVE-2026-2758 — CVSS 9.8 (critical): Use-after-free in the JavaScript: GC component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8…
CVE-2026-2757 — CVSS 9.8 (critical): Incorrect boundary conditions in the WebRTC: Audio/Video component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33…
CVE-2026-8094 — CVSS 9.8 (critical): Other issue in the WebRTC component. This vulnerability was fixed in Firefox ESR 140.10.2 and Thunderbird 140.10.2.
CVE-2026-0884 — CVSS 9.8 (critical): Use-after-free in the JavaScript Engine component. This vulnerability was fixed in Firefox 147, Firefox ESR 140.7, Thunderbird 147, and…
CVE-2026-0879 — CVSS 9.8 (critical): Sandbox escape due to incorrect boundary conditions in the Graphics component. This vulnerability was fixed in Firefox 147, Firefox ESR…
CVE-2026-2771 — CVSS 9.8 (critical): Undefined behavior in the DOM: Core & HTML component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8…
CVE-2026-4711 — CVSS 9.8 (critical): Use-after-free in the Widget: Cocoa component. This vulnerability was fixed in Firefox 149, Firefox ESR 140.9, Thunderbird 149, and…
CVE-2023-34416 — CVSS 9.8 (critical): Memory safety bugs present in Firefox 113, Firefox ESR 102.11, and Thunderbird 102.12. Some of these bugs showed evidence of memory…
CVE-2026-8401 — CVSS 9.8 (critical): Sandbox escape in the Profile Backup component. This vulnerability was fixed in Firefox 150.0.3, Firefox ESR 115.36, Firefox ESR 140.11…
CVE-2026-5734 — CVSS 9.8 (critical): Memory safety bugs present in Firefox ESR 140.9.0, Thunderbird ESR 140.9.0, Firefox 149.0.1 and Thunderbird 149.0.1. Some of these bugs…
CVE-2026-2770 — CVSS 9.8 (critical): Use-after-free in the DOM: Bindings (WebIDL) component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8…
CVE-2026-2767 — CVSS 9.8 (critical): Use-after-free in the JavaScript: WebAssembly component. This vulnerability was fixed in Firefox 148, Firefox ESR 140.8, Thunderbird 148…
CVE-2026-2766 — CVSS 9.8 (critical): Use-after-free in the JavaScript Engine: JIT component. This vulnerability was fixed in Firefox 148, Firefox ESR 140.8, Thunderbird 148…
CVE-2026-2765 — CVSS 9.8 (critical): Use-after-free in the JavaScript Engine component. This vulnerability was fixed in Firefox 148, Firefox ESR 140.8, Thunderbird 148, and…
CVE-2026-2764 — CVSS 9.8 (critical): JIT miscompilation, use-after-free in the JavaScript Engine: JIT component. This vulnerability was fixed in Firefox 148, Firefox ESR…
CVE-2026-2763 — CVSS 9.8 (critical): Use-after-free in the JavaScript Engine component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8…
CVE-2026-2762 — CVSS 9.8 (critical): Integer overflow in the JavaScript: Standard Library component. This vulnerability was fixed in Firefox 148, Firefox ESR 140.8, Thunderbird…
CVE-2026-4710 — CVSS 9.8 (critical): Incorrect boundary conditions in the Audio/Video component. This vulnerability was fixed in Firefox 149, Firefox ESR 140.9, Thunderbird…
CVE-2025-14330 — CVSS 9.8 (critical): JIT miscompilation in the JavaScript Engine: JIT component. This vulnerability was fixed in Firefox 146, Firefox ESR 140.6, Thunderbird…
CVE-2025-14324 — CVSS 9.8 (critical): JIT miscompilation in the JavaScript Engine: JIT component. This vulnerability was fixed in Firefox 146, Firefox ESR 115.31, Firefox ESR…
CVE-2025-14321 — CVSS 9.8 (critical): Use-after-free in the WebRTC: Signaling component. This vulnerability was fixed in Firefox 146, Firefox ESR 140.6, Thunderbird 146, and…
CVE-2025-11710 — CVSS 9.8 (critical): A compromised web process using malicious IPC messages could have caused the privileged browser process to reveal blocks of its memory to…
CVE-2025-11709 — CVSS 9.8 (critical): A compromised web process was able to trigger out of bounds reads and writes in a more privileged process using manipulated WebGL textures…
CVE-2025-11708 — CVSS 9.8 (critical): Use-after-free in MediaTrackGraphImpl::GetInstance(). This vulnerability was fixed in Firefox 144, Firefox ESR 140.4, Thunderbird 144, and…
CVE-2025-1017 — CVSS 9.8 (critical): Memory safety bugs present in Firefox 134, Thunderbird 134, Firefox ESR 128.6, and Thunderbird 128.6. Some of these bugs showed evidence of…
CVE-2025-1009 — CVSS 9.8 (critical): An attacker could have caused a use-after-free via crafted XSLT data, leading to a potentially exploitable crash. This vulnerability was…
CVE-2026-8956 — CVSS 9.8 (critical): Integer overflow in the Networking: JAR component. This vulnerability was fixed in Firefox 151, Firefox ESR 140.11, Thunderbird 151, and…
CVE-2024-9402 — CVSS 9.8 (critical): Memory safety bugs present in Firefox 130, Firefox ESR 128.2, and Thunderbird 128.2. Some of these bugs showed evidence of memory…
CVE-2024-9401 — CVSS 9.8 (critical): Memory safety bugs present in Firefox 130, Firefox ESR 115.15, Firefox ESR 128.2, and Thunderbird 128.2. Some of these bugs showed evidence…
CVE-2026-4700 — CVSS 9.8 (critical): Mitigation bypass in the Networking: HTTP component. This vulnerability was fixed in Firefox 149, Firefox ESR 140.9, Thunderbird 149, and…
CVE-2024-9392 — CVSS 9.8 (critical): A compromised content process could have allowed for the arbitrary loading of cross-origin pages. This vulnerability affects Firefox < 131…
CVE-2024-8387 — CVSS 9.8 (critical): Memory safety bugs present in Firefox 129, Firefox ESR 128.1, and Thunderbird 128.1. Some of these bugs showed evidence of memory…
CVE-2024-8385 — CVSS 9.8 (critical): A difference in the handling of StructFields and ArrayTypes in WASM could be used to trigger an exploitable type confusion vulnerability…
CVE-2024-8384 — CVSS 9.8 (critical): The JavaScript garbage collector could mis-color cross-compartment objects if OOM conditions were detected at the right point between two…
CVE-2026-4698 — CVSS 9.8 (critical): JIT miscompilation in the JavaScript Engine: JIT component. This vulnerability was fixed in Firefox 149, Firefox ESR 115.34, Firefox ESR…
CVE-2024-8381 — CVSS 9.8 (critical): A potentially exploitable type confusion could be triggered when looking up a property name on an object being used as the `with`…
CVE-2026-4696 — CVSS 9.8 (critical): Use-after-free in the Layout: Text and Fonts component. This vulnerability was fixed in Firefox 149, Firefox ESR 115.34, Firefox ESR 140.9…
CVE-2026-4691 — CVSS 9.8 (critical): Use-after-free in the CSS Parsing and Computation component. This vulnerability was fixed in Firefox 149, Firefox ESR 115.34, Firefox ESR…
CVE-2023-4056 — CVSS 9.8 (critical): Memory safety bugs present in Firefox 115, Firefox ESR 115.0, Firefox ESR 102.13, Thunderbird 115.0, and Thunderbird 102.13. Some of these…
CVE-2023-4057 — CVSS 9.8 (critical): Memory safety bugs present in Firefox 115, Firefox ESR 115.0, and Thunderbird 115.0. Some of these bugs showed evidence of memory…
CVE-2026-2793 — CVSS 9.8 (critical): Memory safety bugs present in Firefox ESR 115.32, Firefox ESR 140.7, Thunderbird ESR 140.7, Firefox 147 and Thunderbird 147. Some of these…
CVE-2026-2792 — CVSS 9.8 (critical): Memory safety bugs present in Firefox ESR 140.7, Thunderbird ESR 140.7, Firefox 147 and Thunderbird 147. Some of these bugs showed evidence…
CVE-2026-2791 — CVSS 9.8 (critical): Mitigation bypass in the Networking: Cache component. This vulnerability was fixed in Firefox 148, Firefox ESR 140.8, Thunderbird 148, and…
CVE-2026-2790 — CVSS 9.8 (critical): Same-origin policy bypass in the Networking: JAR component. This vulnerability was fixed in Firefox 148, Firefox ESR 140.8, Thunderbird…
CVE-2026-2789 — CVSS 9.8 (critical): Use-after-free in the Graphics: ImageLib component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8…
CVE-2026-2788 — CVSS 9.8 (critical): Incorrect boundary conditions in the Audio/Video: GMP component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox…
CVE-2026-2787 — CVSS 9.8 (critical): Use-after-free in the DOM: Window and Location component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR…
CVE-2026-2786 — CVSS 9.8 (critical): Use-after-free in the JavaScript Engine component. This vulnerability was fixed in Firefox 148, Firefox ESR 140.8, Thunderbird 148, and…
CVE-2026-4721 — CVSS 9.8 (critical): Memory safety bugs present in Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird ESR 140.8, Firefox 148 and Thunderbird 148. Some of these…
CVE-2026-2785 — CVSS 9.8 (critical): Invalid pointer in the JavaScript Engine component. This vulnerability was fixed in Firefox 148, Firefox ESR 140.8, Thunderbird 148, and…
CVE-2026-2784 — CVSS 9.8 (critical): Mitigation bypass in the DOM: Security component. This vulnerability was fixed in Firefox 148, Firefox ESR 140.8, Thunderbird 148, and…
CVE-2023-5176 — CVSS 9.8 (critical): Memory safety bugs present in Firefox 117, Firefox ESR 115.2, and Thunderbird 115.2. Some of these bugs showed evidence of memory…
CVE-2026-4720 — CVSS 9.8 (critical): Memory safety bugs present in Firefox ESR 140.8, Thunderbird ESR 140.8, Firefox 148 and Thunderbird 148. Some of these bugs showed evidence…
CVE-2026-2782 — CVSS 9.8 (critical): Privilege escalation in the Netmonitor component. This vulnerability was fixed in Firefox 148, Firefox ESR 140.8, Thunderbird 148, and…
CVE-2026-2781 — CVSS 9.8 (critical): Integer overflow in the Libraries component in NSS. This vulnerability was fixed in Firefox 148, Firefox ESR 140.8, Thunderbird 148…
CVE-2026-2780 — CVSS 9.8 (critical): Privilege escalation in the Netmonitor component. This vulnerability was fixed in Firefox 148, Firefox ESR 140.8, Thunderbird 148, and…
CVE-2026-2779 — CVSS 9.8 (critical): Incorrect boundary conditions in the Networking: JAR component. This vulnerability was fixed in Firefox 148, Firefox ESR 140.8, Thunderbird…
CVE-2023-5730 — CVSS 9.8 (critical): Memory safety bugs present in Firefox 118, Firefox ESR 115.3, and Thunderbird 115.3. Some of these bugs showed evidence of memory…
CVE-2026-2777 — CVSS 9.8 (critical): Privilege escalation in the Messaging System component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8…
CVE-2026-2775 — CVSS 9.8 (critical): Mitigation bypass in the DOM: HTML Parser component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8…
CVE-2026-2774 — CVSS 9.8 (critical): Integer overflow in the Audio/Video component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8…
CVE-2026-4717 — CVSS 9.8 (critical): Privilege escalation in the Netmonitor component. This vulnerability was fixed in Firefox 149, Firefox ESR 140.9, Thunderbird 149, and…
CVE-2026-6771 — CVSS 9.8 (critical): Mitigation bypass in the DOM: Security component. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150, and…
CVE-2026-2773 — CVSS 9.8 (critical): Incorrect boundary conditions in the Web Audio component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR…
CVE-2026-2772 — CVSS 9.8 (critical): Use-after-free in the Audio/Video: Playback component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8…
CVE-2026-6748 — CVSS 9.8 (critical): Uninitialized memory in the Audio/Video: Web Codecs component. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird…
CVE-2026-7321 — CVSS 9.6 (critical): Sandbox escape due to incorrect boundary conditions in the WebRTC: Networking component. This vulnerability was fixed in Firefox 150…
CVE-2024-7519 — CVSS 9.6 (critical): Insufficient checks when processing graphics shared memory could have led to memory corruption. This could be leveraged by an attacker to…
CVE-2026-12296 — CVSS 9.6 (critical): Sandbox escape in the Security: Process Sandboxing component. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Thunderbird…
CVE-2026-12294 — CVSS 9.6 (critical): Sandbox escape in the DOM: Workers component. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Firefox ESR 115.37…
CVE-2026-12297 — CVSS 9.6 (critical): Sandbox escape due to incorrect boundary conditions in the Networking component. This vulnerability was fixed in Firefox 152, Firefox ESR…
CVE-2026-8953 — CVSS 9.6 (critical): Sandbox escape due to use-after-free in the Disability Access APIs component. This vulnerability was fixed in Firefox 151, Firefox ESR…
CVE-2026-12295 — CVSS 9.6 (critical): Sandbox escape in the DOM: Navigation component. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Firefox ESR 115.37…
CVE-2026-8950 — CVSS 9.3 (critical): Same-origin policy bypass in the Networking: HTTP component. This vulnerability was fixed in Firefox 151, Firefox ESR 140.11, Thunderbird…
CVE-2026-12304 — CVSS 9.1 (critical): Same-origin policy bypass in the Networking: Cookies component. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12…
CVE-2026-4715 — CVSS 9.1 (critical): Uninitialized memory in the Graphics: Canvas2D component. This vulnerability was fixed in Firefox 149, Firefox ESR 140.9, Thunderbird 149…
CVE-2026-12315 — CVSS 9.1 (critical): Mitigation bypass in the DOM: Security component. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Thunderbird 152, and…
CVE-2025-4083 — CVSS 9.1 (critical): A process isolation vulnerability in Thunderbird stemmed from improper handling of javascript: URIs, which could allow content to execute…
CVE-2026-4716 — CVSS 9.1 (critical): Incorrect boundary conditions, uninitialized memory in the JavaScript Engine component. This vulnerability was fixed in Firefox 149…
CVE-2026-8975 — CVSS 8.8 (high): Memory safety bugs present in Firefox ESR 115.35, Firefox ESR 140.10 and Firefox 150. Some of these bugs showed evidence of memory…
CVE-2023-25729 — CVSS 8.8 (high): Permission prompts for opening external schemes were only shown for <code>ContentPrincipals</code> resulting in extensions being able to…
CVE-2023-25732 — CVSS 8.8 (high): When encoding data from an <code>inputStream</code> in <code>xpcom</code> the size of the input being encoded was not correctly calculated…
CVE-2023-25735 — CVSS 8.8 (high): Cross-compartment wrappers wrapping a scripted proxy could have caused objects from other compartments to be stored in the main compartment…
CVE-2023-25737 — CVSS 8.8 (high): An invalid downcast from <code>nsTextNode</code> to <code>SVGElement</code> could have lead to undefined behavior. This vulnerability…
CVE-2023-25739 — CVSS 8.8 (high): Module load requests that failed were not being checked as to whether or not they were cancelled causing a use-after-free in…
CVE-2023-25744 — CVSS 8.8 (high): Mmemory safety bugs present in Firefox 109 and Firefox ESR 102.7. Some of these bugs showed evidence of memory corruption and we presume…
CVE-2023-25746 — CVSS 8.8 (high): Memory safety bugs present in Firefox ESR 102.7. Some of these bugs showed evidence of memory corruption and we presume that with enough…
CVE-2023-28162 — CVSS 8.8 (high): While implementing AudioWorklets, some code may have casted one type to another, invalid, dynamic type. This could have led to a…
CVE-2023-28176 — CVSS 8.8 (high): Memory safety bugs present in Firefox 110 and Firefox ESR 102.8. Some of these bugs showed evidence of memory corruption and we presume…
CVE-2023-29536 — CVSS 8.8 (high): An attacker could cause the memory manager to incorrectly free a pointer that addresses attacker-controlled memory, resulting in an…
CVE-2023-29539 — CVSS 8.8 (high): When handling the filename directive in the Content-Disposition header, the filename would be truncated if the filename contained a NULL…
CVE-2023-29541 — CVSS 8.8 (high): Firefox did not properly handle downloads of files ending in <code>.desktop</code>, which can be interpreted to run attacker-controlled…
CVE-2023-29550 — CVSS 8.8 (high): Memory safety bugs present in Firefox 111 and Firefox ESR 102.9. Some of these bugs showed evidence of memory corruption and we presume…
CVE-2023-32207 — CVSS 8.8 (high): A missing delay in popup notifications could have made it possible for an attacker to trick a user into granting permissions. This…
CVE-2023-32213 — CVSS 8.8 (high): When reading a file, an uninitialized value could have been used as read limit. This vulnerability affects Firefox < 113, Firefox ESR <…
CVE-2023-32215 — CVSS 8.8 (high): Mozilla developers and community members Gabriele Svelto, Andrew Osmond, Emily McDonough, Sebastian Hengst, Andrew McCreight and the…
CVE-2023-3600 — CVSS 8.8 (high): During the worker lifecycle, a use-after-free condition could have occurred, which could have led to a potentially exploitable crash. This…
CVE-2023-37201 — CVSS 8.8 (high): An attacker could have triggered a use-after-free condition when creating a WebRTC connection over HTTPS. This vulnerability affects…
CVE-2023-37202 — CVSS 8.8 (high): Cross-compartment wrappers wrapping a scripted proxy could have caused objects from other compartments to be stored in the main compartment…
CVE-2023-37211 — CVSS 8.8 (high): Memory safety bugs present in Firefox 114, Firefox ESR 102.12, and Thunderbird 102.12. Some of these bugs showed evidence of memory…
CVE-2023-4047 — CVSS 8.8 (high): A bug in popup notifications delay calculation could have made it possible for an attacker to trick a user into granting permissions. This…
CVE-2023-4584 — CVSS 8.8 (high): Memory safety bugs present in Firefox 116, Firefox ESR 102.14, Firefox ESR 115.1, Thunderbird 102.14, and Thunderbird 115.1. Some of these…
CVE-2023-4585 — CVSS 8.8 (high): Memory safety bugs present in Firefox 116, Firefox ESR 115.1, and Thunderbird 115.1. Some of these bugs showed evidence of memory…
CVE-2023-6207 — CVSS 8.8 (high): Ownership mismanagement led to a use-after-free in ReadableByteStreams This vulnerability affects Firefox < 120, Firefox ESR < 115.5.0, and…
CVE-2023-6208 — CVSS 8.8 (high): When using X11, text selected by the page using the Selection API was erroneously copied into the primary selection, a temporary storage…
CVE-2023-6212 — CVSS 8.8 (high): Memory safety bugs present in Firefox 119, Firefox ESR 115.4, and Thunderbird 115.4. Some of these bugs showed evidence of memory…
CVE-2023-6856 — CVSS 8.8 (high): The WebGL `DrawElementsInstanced` method was susceptible to a heap buffer overflow when used on systems with the Mesa VM driver. This issue…
CVE-2023-6858 — CVSS 8.8 (high): Firefox was susceptible to a heap buffer overflow in `nsTextFragment` due to insufficient OOM handling. This vulnerability affects Firefox…
CVE-2023-6859 — CVSS 8.8 (high): A use-after-free condition affected TLS socket creation when under memory pressure. This vulnerability affects Firefox ESR < 115.6…
CVE-2023-6861 — CVSS 8.8 (high): The `nsWindow::PickerOpen(void)` method was susceptible to a heap buffer overflow when running in headless mode. This vulnerability affects…
CVE-2023-6862 — CVSS 8.8 (high): A use-after-free was identified in the `nsDNSService::Init`. This issue appears to manifest rarely during start-up. This vulnerability…
CVE-2023-6863 — CVSS 8.8 (high): The `ShutdownObserver()` was susceptible to potentially undefined behavior due to its reliance on a dynamic type that lacked a virtual…
CVE-2023-6864 — CVSS 8.8 (high): Memory safety bugs present in Firefox 120, Firefox ESR 115.5, and Thunderbird 115.5. Some of these bugs showed evidence of memory…
CVE-2024-0750 — CVSS 8.8 (high): A bug in popup notifications delay calculation could have made it possible for an attacker to trick a user into granting permissions. This…
CVE-2024-0751 — CVSS 8.8 (high): A malicious devtools extension could have been used to escalate privileges. This vulnerability affects Firefox < 122, Firefox ESR < 115.7…
CVE-2024-0755 — CVSS 8.8 (high): Memory safety bugs present in Firefox 121, Firefox ESR 115.6, and Thunderbird 115.6. Some of these bugs showed evidence of memory…
CVE-2024-10467 — CVSS 8.8 (high): Memory safety bugs present in Firefox 131, Firefox ESR 128.3, and Thunderbird 128.3. Some of these bugs showed evidence of memory…
CVE-2024-11697 — CVSS 8.8 (high): When handling keypress events, an attacker may have been able to trick a user into bypassing the "Open Executable File?" confirmation…
CVE-2024-11699 — CVSS 8.8 (high): Memory safety bugs present in Firefox 132, Firefox ESR 128.4, and Thunderbird 128.4. Some of these bugs showed evidence of memory…
CVE-2024-2614 — CVSS 8.8 (high): Memory safety bugs present in Firefox 123, Firefox ESR 115.8, and Thunderbird 115.8. Some of these bugs showed evidence of memory…
CVE-2024-3854 — CVSS 8.8 (high): In some code patterns the JIT incorrectly optimized switch statements and generated code with out-of-bounds-reads. This vulnerability…
CVE-2024-4367 — CVSS 8.8 (high): A type check was missing when handling fonts in PDF.js, which would allow arbitrary JavaScript execution in the PDF.js context. This…
CVE-2024-4770 — CVSS 8.8 (high): When saving a page to PDF, certain font styles could have led to a potential use-after-free crash. This vulnerability affects Firefox <…
CVE-2024-4777 — CVSS 8.8 (high): Memory safety bugs present in Firefox 125, Firefox ESR 115.10, and Thunderbird 115.10. Some of these bugs showed evidence of memory…
CVE-2024-7520 — CVSS 8.8 (high): A type confusion bug in WebAssembly could be leveraged by an attacker to potentially achieve code execution. This vulnerability affects…
CVE-2024-7521 — CVSS 8.8 (high): Incomplete WebAssembly exception handing could have led to a use-after-free. This vulnerability affects Firefox < 129, Firefox ESR <…
CVE-2024-7522 — CVSS 8.8 (high): Editor code failed to check an attribute value. This could have led to an out-of-bounds read. This vulnerability affects Firefox < 129…
CVE-2024-7527 — CVSS 8.8 (high): Unexpected marking work at the start of sweeping could have led to a use-after-free. This vulnerability affects Firefox < 129, Firefox ESR…
CVE-2024-7528 — CVSS 8.8 (high): Incorrect garbage collection interaction in IndexedDB could have led to a use-after-free. This vulnerability affects Firefox < 129, Firefox…
CVE-2024-8382 — CVSS 8.8 (high): Internal browser event interfaces were exposed to web content when privileged EventHandler listener callbacks ran for those events. Web…
CVE-2025-1010 — CVSS 8.8 (high): An attacker could have caused a use-after-free via the Custom Highlight API, leading to a potentially exploitable crash. This vulnerability…
CVE-2025-1011 — CVSS 8.8 (high): A bug in WebAssembly code generation could have lead to a crash. It may have been possible for an attacker to leverage this to achieve code…
CVE-2025-1014 — CVSS 8.8 (high): Certificate length was not properly checked when added to a certificate store. In practice only trusted data was processed. This…
CVE-2025-10533 — CVSS 8.8 (high): Integer overflow in the SVG component. This vulnerability was fixed in Firefox 143, Firefox ESR 115.28, Firefox ESR 140.3, Thunderbird 143…
CVE-2025-10537 — CVSS 8.8 (high): Memory safety bugs present in Firefox ESR 140.2, Thunderbird ESR 140.2, Firefox 142 and Thunderbird 142. Some of these bugs showed evidence…
CVE-2025-11714 — CVSS 8.8 (high): Memory safety bugs present in Firefox ESR 115.28, Firefox ESR 140.3, Thunderbird ESR 140.3, Firefox 143 and Thunderbird 143. Some of these…
CVE-2025-11715 — CVSS 8.8 (high): Memory safety bugs present in Firefox ESR 140.3, Thunderbird ESR 140.3, Firefox 143 and Thunderbird 143. Some of these bugs showed evidence…
CVE-2025-13014 — CVSS 8.8 (high): Use-after-free in the Audio/Video component. This vulnerability was fixed in Firefox 145, Firefox ESR 140.5, Firefox ESR 115.30…
CVE-2025-13020 — CVSS 8.8 (high): Use-after-free in the WebRTC: Audio/Video component. This vulnerability was fixed in Firefox 145, Firefox ESR 140.5, Thunderbird 145, and…
CVE-2025-14323 — CVSS 8.8 (high): Privilege escalation in the DOM: Notifications component. This vulnerability was fixed in Firefox 146, Firefox ESR 115.31, Firefox ESR…
CVE-2025-14328 — CVSS 8.8 (high): Privilege escalation in the Netmonitor component. This vulnerability was fixed in Firefox 146, Firefox ESR 140.6, Thunderbird 146, and…
CVE-2025-14329 — CVSS 8.8 (high): Privilege escalation in the Netmonitor component. This vulnerability was fixed in Firefox 146, Firefox ESR 140.6, Thunderbird 146, and…
CVE-2025-1930 — CVSS 8.8 (high): On Windows, a compromised content process could use bad StreamData sent over AudioIPC to trigger a use-after-free in the Browser process…
CVE-2025-2817 — CVSS 8.8 (high): Thunderbird's update mechanism allowed a medium-integrity user process to interfere with the SYSTEM-level updater by manipulating the…
CVE-2025-4919 — CVSS 8.8 (high): An attacker was able to perform an out-of-bounds read or write on a JavaScript object by confusing array index sizes. This vulnerability…
CVE-2026-0880 — CVSS 8.8 (high): Sandbox escape due to integer overflow in the Graphics component. This vulnerability was fixed in Firefox 147, Firefox ESR 115.32, Firefox…
CVE-2026-0882 — CVSS 8.8 (high): Use-after-free in the IPC component. This vulnerability was fixed in Firefox 147, Firefox ESR 115.32, Firefox ESR 140.7, Thunderbird 147…
CVE-2026-12289 — CVSS 8.8 (high): Privilege escalation in the Graphics: WebRender component. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Firefox ESR…
CVE-2026-12291 — CVSS 8.8 (high): Use-after-free in the Networking: HTTP component. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Firefox ESR 115.37…
CVE-2026-2447 — CVSS 8.8 (high): Heap buffer overflow in libvpx. This vulnerability was fixed in Firefox 147.0.4, Firefox ESR 140.7.1, Firefox ESR 115.32.1, Thunderbird…
CVE-2026-2769 — CVSS 8.8 (high): Use-after-free in the Storage: IndexedDB component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8…
CVE-2026-5732 — CVSS 8.8 (high): Incorrect boundary conditions, integer overflow in the Graphics: Text component. This vulnerability was fixed in Firefox 149.0.2, Firefox…
CVE-2026-6750 — CVSS 8.8 (high): Privilege escalation in the Graphics: WebRender component. This vulnerability was fixed in Firefox 150, Firefox ESR 115.35, Firefox ESR…
CVE-2026-6761 — CVSS 8.8 (high): Privilege escalation in the Networking component. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150, and…
CVE-2026-6769 — CVSS 8.8 (high): Privilege escalation in the Debugger component. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150, and…
CVE-2026-8955 — CVSS 8.8 (high): Privilege escalation in the DOM: Workers component. This vulnerability was fixed in Firefox 151, Firefox ESR 140.11, Thunderbird 151, and…
CVE-2026-8957 — CVSS 8.8 (high): Privilege escalation in the Enterprise Policies component. This vulnerability was fixed in Firefox 151, Firefox ESR 140.11, Thunderbird…
CVE-2026-8970 — CVSS 8.8 (high): Privilege escalation in the Security component. This vulnerability was fixed in Firefox 151, Firefox ESR 140.11, Thunderbird 151, and…
CVE-2026-8974 — CVSS 8.8 (high): Memory safety bugs present in Firefox ESR 140.10 and Firefox 150. Some of these bugs showed evidence of memory corruption and we presume…
CVE-2023-0767 — CVSS 8.8 (high): An attacker could construct a PKCS 12 cert bundle in such a way that could allow for arbitrary memory writes via PKCS 12 Safe Bag…
CVE-2026-4687 — CVSS 8.6 (high): Sandbox escape due to incorrect boundary conditions in the Telemetry component. This vulnerability was fixed in Firefox 149, Firefox ESR…
CVE-2026-8958 — CVSS 8.6 (high): Information disclosure, sandbox escape in the Security: Process Sandboxing component. This vulnerability was fixed in Firefox 151, Firefox…
CVE-2026-4690 — CVSS 8.6 (high): Sandbox escape due to incorrect boundary conditions, integer overflow in the XPCOM component. This vulnerability was fixed in Firefox 149…
CVE-2024-5696 — CVSS 8.6 (high): By manipulating the text in an `<input>` tag, an attacker could have caused corrupt memory leading to a potentially exploitable…
CVE-2024-2608 — CVSS 8.4 (high): `AppendEncodedAttributeValue(), ExtraSpaceNeededForAttrEncoding()` and `AppendEncodedCharacters()` could have experienced integer…
CVE-2024-29944 — CVSS 8.4 (high): An attacker was able to inject an event handler into a privileged object that would allow arbitrary JavaScript execution in the parent…
CVE-2024-2612 — CVSS 8.1 (high): If an attacker could find a way to trigger a particular code path in `SafeRefPtr`, it could have triggered a crash or potentially be…
CVE-2026-4718 — CVSS 8.1 (high): Undefined behavior in the WebRTC: Signaling component. This vulnerability was fixed in Firefox 149, Firefox ESR 140.9, Thunderbird 149, and…
CVE-2025-14333 — CVSS 8.1 (high): Memory safety bugs present in Firefox ESR 140.5, Thunderbird ESR 140.5, Firefox 145 and Thunderbird 145. Some of these bugs showed evidence…
CVE-2026-8092 — CVSS 8.1 (high): Memory safety bugs present in Firefox ESR 115.35.1, Firefox ESR 140.10.1 and Firefox 150.0.1. Some of these bugs showed evidence of memory…
CVE-2025-8029 — CVSS 8.1 (high): Thunderbird executed `javascript:` URLs when used in `object` and `embed` tags. This vulnerability was fixed in Firefox 141, Firefox ESR…
CVE-2025-8030 — CVSS 8.1 (high): Insufficient escaping in the “Copy as cURL” feature could potentially be used to trick a user into executing unexpected code. This…
CVE-2026-12327 — CVSS 8.1 (high): Memory safety bugs present in Firefox ESR 140.11, Thunderbird ESR 140.11, Firefox 151 and Thunderbird 151. Some of these bugs showed…
CVE-2025-8032 — CVSS 8.1 (high): XSLT document loading did not correctly propagate the source document which bypassed its CSP. This vulnerability was fixed in Firefox 141…
CVE-2025-1932 — CVSS 8.1 (high): An inconsistent comparator in xslt/txNodeSorter could have resulted in potentially exploitable out-of-bounds access. Only affected version…
CVE-2026-8962 — CVSS 8.1 (high): Mitigation bypass in the DOM: Security component. This vulnerability was fixed in Firefox 151, Firefox ESR 140.11, Thunderbird 151, and…