MozillaFirefox (SUSE:Linux Enterprise Server for SAP Applications 12 SP4) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the SUSE:Linux Enterprise Server for SAP Applications 12 SP4 package MozillaFirefox, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (200)
CVE-2020-12389 — CVSS 10.0 (critical): The Firefox content processes did not sufficiently lockdown access control which could result in a sandbox escape. *Note: this issue only…
CVE-2021-38503 — CVSS 10.0 (critical): The iframe sandbox rules were not correctly applied to XSLT stylesheets, allowing an iframe to bypass restrictions such as executing…
CVE-2020-12388 — CVSS 10.0 (critical): The Firefox content processes did not sufficiently lockdown access control which could result in a sandbox escape. *Note: this issue only…
CVE-2018-18505 — CVSS 10.0 (critical): An earlier fix for an Inter-process Communication (IPC) vulnerability, CVE-2011-3079, added authentication to communication between IPC…
CVE-2021-4140 — CVSS 10.0 (critical): It was possible to construct specific XSLT markup that would be able to bypass an iframe sandbox. This vulnerability affects Firefox ESR <…
CVE-2020-6831 — CVSS 9.8 (critical): A buffer overflow could occur when parsing and validating SCTP chunks in WebRTC. This could have led to memory corruption and a potentially…
CVE-2019-11733 — CVSS 9.8 (critical): When a master password is set, it is required to be entered again before stored passwords can be accessed in the 'Saved Logins' dialog. It…
CVE-2023-29542 — CVSS 9.8 (critical): A newline in a filename could have been used to bypass the file extension security mechanisms that replace malicious file extensions such…
CVE-2020-6814 — CVSS 9.8 (critical): Mozilla developers reported memory safety bugs present in Firefox and Thunderbird 68.5. Some of these bugs showed evidence of memory…
CVE-2018-12405 — CVSS 9.8 (critical): Mozilla developers and community members reported memory safety bugs present in Firefox 63 and Firefox ESR 60.3. Some of these bugs showed…
CVE-2022-45406 — CVSS 9.8 (critical): If an out-of-memory condition occurred when creating a JavaScript global, a JavaScript realm may be deleted while references to it lived on…
CVE-2021-32810 — CVSS 9.8 (critical): crossbeam-deque is a package of work-stealing deques for building task schedulers when programming in Rust. In versions prior to 0.7.4 and…
CVE-2018-12390 — CVSS 9.8 (critical): Mozilla developers and community members reported memory safety bugs present in Firefox 62 and Firefox ESR 60.2. Some of these bugs showed…
CVE-2018-18492 — CVSS 9.8 (critical): A use-after-free vulnerability can occur after deleting a selection element due to a weak reference to the select element in the options…
CVE-2018-18493 — CVSS 9.8 (critical): A buffer overflow can occur in the Skia library during buffer offset calculations with hardware accelerated canvas 2D actions due to the…
CVE-2022-31737 — CVSS 9.8 (critical): A malicious webpage could have caused an out-of-bounds write in WebGL, leading to memory corruption and a potentially exploitable crash…
CVE-2016-9075 — CVSS 9.8 (critical): An issue where WebExtensions can use the mozAddonManager API to elevate privilege due to privileged pages being allowed in the permissions…
CVE-2018-12392 — CVSS 9.8 (critical): When manipulating user events in nested loops while opening a document through script, it is possible to trigger a potentially exploitable…
CVE-2018-18498 — CVSS 9.8 (critical): A potential vulnerability leading to an integer overflow can occur during buffer size calculations for images when a raw value is used…
CVE-2020-12395 — CVSS 9.8 (critical): Mozilla developers and community members reported memory safety bugs present in Firefox 75 and Firefox ESR 68.7. Some of these bugs showed…
CVE-2020-15683 — CVSS 9.8 (critical): Mozilla developers and community members reported memory safety bugs present in Firefox 81 and Firefox ESR 78.3. Some of these bugs showed…
CVE-2018-18500 — CVSS 9.8 (critical): A use-after-free vulnerability can occur while parsing an HTML5 stream in concert with custom HTML elements. This results in the stream…
CVE-2018-18501 — CVSS 9.8 (critical): Mozilla developers and community members reported memory safety bugs present in Firefox 64 and Firefox ESR 60.4. Some of these bugs showed…
CVE-2018-5183 — CVSS 9.8 (critical): Mozilla developers backported selected changes in the Skia library. These changes correct memory corruption issues including invalid buffer…
CVE-2022-34485 — CVSS 9.8 (critical): Mozilla developers Bryce Seager van Dyk and the Mozilla Fuzzing Team reported potential vulnerabilities present in Firefox 101. Some of…
CVE-2019-11691 — CVSS 9.8 (critical): A use-after-free vulnerability can occur when working with XMLHttpRequest (XHR) in an event loop, causing the XHR main thread to be called…
CVE-2019-11692 — CVSS 9.8 (critical): A use-after-free vulnerability can occur when listeners are removed from the event listener manager while still in use, resulting in a…
CVE-2023-34416 — CVSS 9.8 (critical): Memory safety bugs present in Firefox 113, Firefox ESR 102.11, and Thunderbird 102.12. Some of these bugs showed evidence of memory…
CVE-2019-11693 — CVSS 9.8 (critical): The bufferdata function in WebGL is vulnerable to a buffer overflow with specific graphics drivers on Linux. This could result in malicious…
CVE-2018-12376 — CVSS 9.8 (critical): Memory safety bugs present in Firefox 61 and Firefox ESR 60.1. Some of these bugs showed evidence of memory corruption and we presume that…
CVE-2018-5155 — CVSS 9.8 (critical): A use-after-free vulnerability can occur while adjusting layout during SVG animations with text paths. This results in a potentially…
CVE-2018-12378 — CVSS 9.8 (critical): A use-after-free vulnerability can occur when an IndexedDB index is deleted while still in use by JavaScript code that is providing payload…
CVE-2020-6825 — CVSS 9.8 (critical): Mozilla developers and community members Tyson Smith and Christian Holler reported memory safety bugs present in Firefox 74 and Firefox ESR…
CVE-2018-5159 — CVSS 9.8 (critical): An integer overflow can occur in the Skia library due to 32-bit integer use in an array without integer overflow checks, resulting in…
CVE-2022-29917 — CVSS 9.8 (critical): Mozilla developers Andrew McCreight, Gabriele Svelto, Tom Ritter and the Mozilla Fuzzing Team reported memory safety bugs present in…
CVE-2022-31736 — CVSS 9.8 (critical): A malicious website could have learned the size of a cross-origin resource that supported Range requests. This vulnerability affects…
CVE-2018-5154 — CVSS 9.8 (critical): A use-after-free vulnerability can occur while enumerating attributes during SVG animations with clip paths. This results in a potentially…
CVE-2019-9820 — CVSS 9.8 (critical): A use-after-free vulnerability can occur in the chrome event handler when it is freed while still in use. This results in a potentially…
CVE-2018-12377 — CVSS 9.8 (critical): A use-after-free vulnerability can occur when refresh driver timers are refreshed in some circumstances during shutdown when the timer is…
CVE-2019-9819 — CVSS 9.8 (critical): A vulnerability where a JavaScript compartment mismatch can occur while working with the fetch API, resulting in a potentially exploitable…
CVE-2022-31747 — CVSS 9.8 (critical): Mozilla developers Andrew McCreight, Nicolas B. Pierron, and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 100…
CVE-2022-46882 — CVSS 9.8 (critical): A use-after-free in WebGL extensions could have led to a potentially exploitable crash. This vulnerability affects Firefox < 107, Firefox…
CVE-2016-9063 — CVSS 9.8 (critical): An integer overflow during the parsing of XML using the Expat library. This vulnerability affects Firefox < 50.
CVE-2019-11709 — CVSS 9.8 (critical): Mozilla developers and community members reported memory safety bugs present in Firefox 67 and Firefox ESR 60.7. Some of these bugs showed…
CVE-2019-11710 — CVSS 9.8 (critical): Mozilla developers and community members reported memory safety bugs present in Firefox 67. Some of these bugs showed evidence of memory…
CVE-2018-5150 — CVSS 9.8 (critical): Memory safety bugs were reported in Firefox 59, Firefox ESR 52.7, and Thunderbird 52.7. Some of these bugs showed evidence of memory…
CVE-2018-5151 — CVSS 9.8 (critical): Memory safety bugs were reported in Firefox 59. Some of these bugs showed evidence of memory corruption and we presume that with enough…
CVE-2019-11713 — CVSS 9.8 (critical): A use-after-free vulnerability can occur in HTTP/2 when a cached HTTP/2 stream is closed while still in use, resulting in a potentially…
CVE-2019-11714 — CVSS 9.8 (critical): Necko can access a child on the wrong thread during UDP connections, resulting in a potentially exploitable crash in some instances. This…
CVE-2023-29531 — CVSS 9.8 (critical): An attacker could have caused an out of bounds memory access using WebGL APIs, leading to memory corruption and a potentially exploitable…
CVE-2022-34476 — CVSS 9.8 (critical): ASN.1 parsing of an indefinite SEQUENCE inside an indefinite GROUP could have resulted in the parser accepting malformed ASN.1. This…
CVE-2022-34470 — CVSS 9.8 (critical): Session history navigations may have led to a use-after-free and potentially exploitable crash. This vulnerability affects Firefox < 102…
CVE-2019-9788 — CVSS 9.8 (critical): Mozilla developers and community members reported memory safety bugs present in Firefox 65, Firefox ESR 60.5, and Thunderbird 60.5. Some of…
CVE-2019-9790 — CVSS 9.8 (critical): A use-after-free vulnerability can occur when a raw pointer to a DOM element on a page is obtained using JavaScript and the element is then…
CVE-2019-9791 — CVSS 9.8 (critical): The type inference system allows the compilation of functions that can cause type confusions between arbitrary objects when compiled…
CVE-2019-9792 — CVSS 9.8 (critical): The IonMonkey just-in-time (JIT) compiler can leak an internal JS_OPTIMIZED_OUT magic value to the running script during a bailout. This…
CVE-2019-9794 — CVSS 9.8 (critical): A vulnerability was discovered where specific command line arguments are not properly discarded during Firefox invocation as a shell…
CVE-2019-9795 — CVSS 9.8 (critical): A vulnerability where type-confusion in the IonMonkey just-in-time (JIT) compiler could potentially be used by malicious JavaScript to…
CVE-2019-9796 — CVSS 9.8 (critical): A use-after-free vulnerability can occur when the SMIL animation controller incorrectly registers with the refresh driver twice when only a…
CVE-2019-9800 — CVSS 9.8 (critical): Mozilla developers and community members reported memory safety bugs present in Firefox 66, Firefox ESR 60.6, and Thunderbird 60.6. Some of…
CVE-2016-5289 — CVSS 9.8 (critical): Memory safety bugs were reported in Firefox 49. Some of these bugs showed evidence of memory corruption and we presume that with enough…
CVE-2022-26384 — CVSS 9.6 (critical): If an attacker could control the contents of an iframe sandboxed with <code>allow-popups</code> but not <code>allow-scripts</code>, they…
CVE-2022-22759 — CVSS 9.6 (critical): If a document created a sandboxed iframe without <code>allow-scripts</code>, and subsequently appended an element to the iframe's document…
CVE-2019-9812 — CVSS 9.3 (critical): Given a compromised sandboxed content process due to a separate vulnerability, it is possible to escape that sandbox by loading…
CVE-2018-12387 — CVSS 9.1 (critical): A vulnerability where the JavaScript JIT compiler inlines Array.prototype.push with multiple arguments that results in the stack pointer…
CVE-2019-11757 — CVSS 8.8 (high): When following the value's prototype chain, it was possible to retain a reference to a locale, delete it, and subsequently reference it…
CVE-2019-11758 — CVSS 8.8 (high): Mozilla community member Philipp reported a memory safety bug present in Firefox 68 when 360 Total Security was installed. This bug showed…
CVE-2019-11759 — CVSS 8.8 (high): An attacker could have caused 4 bytes of HMAC output to be written past the end of a buffer stored on the stack. This could be used by an…
CVE-2019-11760 — CVSS 8.8 (high): A fixed-size stack buffer could overflow in nrappkit when doing WebRTC signaling. This resulted in a potentially exploitable crash in some…
CVE-2022-38477 — CVSS 8.8 (high): Mozilla developer Nika Layzell and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 103 and Firefox ESR 102.1. Some…
CVE-2022-38473 — CVSS 8.8 (high): A cross-origin iframe referencing an XSLT document would inherit the parent domain's permissions (such as microphone or camera access)…
CVE-2019-11764 — CVSS 8.8 (high): Mozilla developers and community members reported memory safety bugs present in Firefox 69 and Firefox ESR 68.1. Some of these bugs showed…
CVE-2022-34484 — CVSS 8.8 (high): The Mozilla Fuzzing Team reported potential vulnerabilities present in Thunderbird 91.10. Some of these bugs showed evidence of memory…
CVE-2019-17005 — CVSS 8.8 (high): The plain text serializer used a fixed-size array for the number of <ol> elements it could process; however it was possible to overflow the…
CVE-2019-17008 — CVSS 8.8 (high): When using nested workers, a use-after-free could occur during worker destruction. This resulted in a potentially exploitable crash. This…
CVE-2023-32215 — CVSS 8.8 (high): Mozilla developers and community members Gabriele Svelto, Andrew Osmond, Emily McDonough, Sebastian Hengst, Andrew McCreight and the…
CVE-2023-32213 — CVSS 8.8 (high): When reading a file, an uninitialized value could have been used as read limit. This vulnerability affects Firefox < 113, Firefox ESR <…
CVE-2019-17012 — CVSS 8.8 (high): Mozilla developers reported memory safety bugs present in Firefox 70 and Firefox ESR 68.2. Some of these bugs showed evidence of memory…
CVE-2019-17015 — CVSS 8.8 (high): During the initialization of a new content process, a pointer offset can be manipulated leading to memory corruption and a potentially…
CVE-2022-34483 — CVSS 8.8 (high): An attacker who could have convinced a user to drag and drop an image to a filesystem could have manipulated the resulting filename to…
CVE-2019-17017 — CVSS 8.8 (high): Due to a missing case handling object types, a type confusion vulnerability could occur, resulting in a crash. We presume that with enough…
CVE-2022-34482 — CVSS 8.8 (high): An attacker who could have convinced a user to drag and drop an image to a filesystem could have manipulated the resulting filename to…
CVE-2022-34481 — CVSS 8.8 (high): In the <code>nsTArray_Impl::ReplaceElementsAt()</code> function, an integer overflow could have occurred when the number of elements to…
CVE-2019-17024 — CVSS 8.8 (high): Mozilla developers reported memory safety bugs present in Firefox 71 and Firefox ESR 68.3. Some of these bugs showed evidence of memory…
CVE-2022-34480 — CVSS 8.8 (high): Within the <code>lg_init()</code> function, if several allocations succeed but then one fails, an uninitialized pointer would have been…
CVE-2022-34468 — CVSS 8.8 (high): An iframe that was not permitted to run scripts could do so if the user clicked on a <code>javascript:</code> link. This vulnerability…
CVE-2019-9810 — CVSS 8.8 (high): Incorrect alias information in IonMonkey JIT compiler for Array.prototype.slice method may lead to missing bounds check and a buffer…
CVE-2019-9813 — CVSS 8.8 (high): Incorrect handling of __proto__ mutations may lead to type confusion in IonMonkey JIT code and can be leveraged for arbitrary memory read…
CVE-2022-31741 — CVSS 8.8 (high): A crafted CMS message could have been processed incorrectly, leading to an invalid memory read, and potentially further memory corruption…
CVE-2021-23954 — CVSS 8.8 (high): Using the new logical assignment operators in a JavaScript switch statement could have caused a type confusion, leading to a memory…
CVE-2021-30547 — CVSS 8.8 (high): Out of bounds write in ANGLE in Google Chrome prior to 91.0.4472.101 allowed a remote attacker to potentially perform out of bounds memory…
CVE-2021-23964 — CVSS 8.8 (high): Mozilla developers reported memory safety bugs present in Firefox 84 and Firefox ESR 78.6. Some of these bugs showed evidence of memory…
CVE-2021-29990 — CVSS 8.8 (high): Mozilla developers and community members reported memory safety bugs present in Firefox 90. Some of these bugs showed evidence of memory…
CVE-2021-29989 — CVSS 8.8 (high): Mozilla developers reported memory safety bugs present in Firefox 90 and Firefox ESR 78.12. Some of these bugs showed evidence of memory…
CVE-2021-23978 — CVSS 8.8 (high): Mozilla developers reported memory safety bugs present in Firefox 85 and Firefox ESR 78.7. Some of these bugs showed evidence of memory…
CVE-2021-29988 — CVSS 8.8 (high): Firefox incorrectly treated an inline list-item element as a block element, resulting in an out of bounds read or memory corruption, and a…
CVE-2021-23987 — CVSS 8.8 (high): Mozilla developers and community members reported memory safety bugs present in Firefox 86 and Firefox ESR 78.8. Some of these bugs showed…
CVE-2021-23994 — CVSS 8.8 (high): A WebGL framebuffer was not initialized early enough, resulting in memory corruption and an out of bound write. This vulnerability affects…
CVE-2021-23995 — CVSS 8.8 (high): When Responsive Design Mode was enabled, it used references to objects that were previously freed. We presume that with enough effort this…
CVE-2021-29985 — CVSS 8.8 (high): A use-after-free vulnerability in media channels could have led to memory corruption and a potentially exploitable crash. This…
CVE-2021-23999 — CVSS 8.8 (high): If a Blob URL was loaded through some unusual user interaction, it could have been loaded by the System Principal and granted additional…
CVE-2021-24002 — CVSS 8.8 (high): When a user clicked on an FTP URL containing encoded newline characters (%0A and %0D), the newlines would have been interpreted as such and…
CVE-2021-29984 — CVSS 8.8 (high): Instruction reordering resulted in a sequence of instructions that would cause an object to be incorrectly considered during garbage…
CVE-2021-29946 — CVSS 8.8 (high): Ports that were written as an integer overflow above the bounds of a 16-bit integer could have bypassed port blocking restrictions when…
CVE-2021-29981 — CVSS 8.8 (high): An issue present in lowering/register allocation could have led to obscure but deterministic register confusion failures in JITted code…
CVE-2021-29980 — CVSS 8.8 (high): Uninitialized memory in a canvas object could have caused an incorrect free() leading to memory corruption and a potentially exploitable…
CVE-2021-29967 — CVSS 8.8 (high): Mozilla developers reported memory safety bugs present in Firefox 88 and Firefox ESR 78.11. Some of these bugs showed evidence of memory…
CVE-2021-29970 — CVSS 8.8 (high): A malicious webpage could have triggered a use-after-free, memory corruption, and a potentially exploitable crash. *This bug could only be…
CVE-2021-29976 — CVSS 8.8 (high): Mozilla developers reported memory safety bugs present in code shared between Firefox and Thunderbird. Some of these bugs showed evidence…
CVE-2018-12389 — CVSS 8.8 (high): Mozilla developers and community members reported memory safety bugs present in Firefox ESR 60.2. Some of these bugs showed evidence of…
CVE-2023-37211 — CVSS 8.8 (high): Memory safety bugs present in Firefox 114, Firefox ESR 102.12, and Thunderbird 102.12. Some of these bugs showed evidence of memory…
CVE-2023-29550 — CVSS 8.8 (high): Memory safety bugs present in Firefox 111 and Firefox ESR 102.9. Some of these bugs showed evidence of memory corruption and we presume…
CVE-2023-29541 — CVSS 8.8 (high): Firefox did not properly handle downloads of files ending in <code>.desktop</code>, which can be interpreted to run attacker-controlled…
CVE-2018-17466 — CVSS 8.8 (high): Incorrect texture handling in Angle in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to perform an out of bounds memory…
CVE-2018-18335 — CVSS 8.8 (high): Heap buffer overflow in Skia in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a…
CVE-2018-18356 — CVSS 8.8 (high): An integer overflow in path handling lead to a use after free in Skia in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to…
CVE-2023-29539 — CVSS 8.8 (high): When handling the filename directive in the Content-Disposition header, the filename would be truncated if the filename contained a NULL…
CVE-2023-29536 — CVSS 8.8 (high): An attacker could cause the memory manager to incorrectly free a pointer that addresses attacker-controlled memory, resulting in an…
CVE-2018-5158 — CVSS 8.8 (high): The PDF viewer does not sufficiently sanitize PostScript calculator functions, allowing malicious JavaScript to be injected through a…
CVE-2023-37209 — CVSS 8.8 (high): A use-after-free condition existed in `NotifyOnHistoryReload` where a `LoadingSessionHistoryEntry` object was freed and a reference to that…
CVE-2023-28177 — CVSS 8.8 (high): Memory safety bugs present in Firefox 110. Some of these bugs showed evidence of memory corruption and we presume that with enough effort…
CVE-2023-28176 — CVSS 8.8 (high): Memory safety bugs present in Firefox 110 and Firefox ESR 102.8. Some of these bugs showed evidence of memory corruption and we presume…
CVE-2023-37212 — CVSS 8.8 (high): Memory safety bugs present in Firefox 114. Some of these bugs showed evidence of memory corruption and we presume that with enough effort…
CVE-2023-28162 — CVSS 8.8 (high): While implementing AudioWorklets, some code may have casted one type to another, invalid, dynamic type. This could have led to a…
CVE-2023-28161 — CVSS 8.8 (high): If temporary "one-time" permissions, such as the ability to use the Camera, were granted to a document loaded using a file: URL, that…
CVE-2023-25746 — CVSS 8.8 (high): Memory safety bugs present in Firefox ESR 102.7. Some of these bugs showed evidence of memory corruption and we presume that with enough…
CVE-2023-25744 — CVSS 8.8 (high): Mmemory safety bugs present in Firefox 109 and Firefox ESR 102.7. Some of these bugs showed evidence of memory corruption and we presume…
CVE-2023-25739 — CVSS 8.8 (high): Module load requests that failed were not being checked as to whether or not they were cancelled causing a use-after-free in…
CVE-2023-25737 — CVSS 8.8 (high): An invalid downcast from <code>nsTextNode</code> to <code>SVGElement</code> could have lead to undefined behavior. This vulnerability…
CVE-2023-25735 — CVSS 8.8 (high): Cross-compartment wrappers wrapping a scripted proxy could have caused objects from other compartments to be stored in the main compartment…
CVE-2023-37202 — CVSS 8.8 (high): Cross-compartment wrappers wrapping a scripted proxy could have caused objects from other compartments to be stored in the main compartment…
CVE-2023-37201 — CVSS 8.8 (high): An attacker could have triggered a use-after-free condition when creating a WebRTC connection over HTTPS. This vulnerability affects…
CVE-2023-3600 — CVSS 8.8 (high): During the worker lifecycle, a use-after-free condition could have occurred, which could have led to a potentially exploitable crash. This…
CVE-2019-11711 — CVSS 8.8 (high): When an inner window is reused, it does not consider the use of document.domain for cross-origin protections. If pages on different…
CVE-2019-11712 — CVSS 8.8 (high): POST requests made by NPAPI plugins, such as Flash, that receive a status 308 redirect response can bypass CORS requirements. This can…
CVE-2023-25732 — CVSS 8.8 (high): When encoding data from an <code>inputStream</code> in <code>xpcom</code> the size of the input being encoded was not correctly calculated…
CVE-2023-25729 — CVSS 8.8 (high): Permission prompts for opening external schemes were only shown for <code>ContentPrincipals</code> resulting in extensions being able to…
CVE-2023-23605 — CVSS 8.8 (high): Mozilla developers and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 108 and Firefox ESR 102.6. Some of these…
CVE-2023-0767 — CVSS 8.8 (high): An attacker could construct a PKCS 12 cert bundle in such a way that could allow for arbitrary memory writes via PKCS 12 Safe Bag…
CVE-2022-46881 — CVSS 8.8 (high): An optimization in WebGL was incorrect in some cases, and could have led to memory corruption and a potentially exploitable crash. *Note*…
CVE-2022-46878 — CVSS 8.8 (high): Mozilla developers Randell Jesup, Valentin Gosu, Olli Pettay, and the Mozilla Fuzzing Team reported memory safety bugs present in…
CVE-2022-46874 — CVSS 8.8 (high): A file with a long filename could have had its filename truncated to remove the valid extension, leaving a malicious extension in its…
CVE-2022-46871 — CVSS 8.8 (high): An out of date library (libusrsctp) contained vulnerabilities that could potentially be exploited. This vulnerability affects Firefox < 108.
CVE-2019-11735 — CVSS 8.8 (high): Mozilla developers and community members reported memory safety bugs present in Firefox 68 and Firefox ESR 68. Some of these bugs showed…
CVE-2022-45421 — CVSS 8.8 (high): Mozilla developers Andrew McCreight and Gabriele Svelto reported memory safety bugs present in Thunderbird 102.4. Some of these bugs showed…
CVE-2022-45412 — CVSS 8.8 (high): When resolving a symlink such as <code>file:///proc/self/fd/1</code>, an error message may be produced where the symlink was resolved to a…
CVE-2019-11740 — CVSS 8.8 (high): Mozilla developers and community members reported memory safety bugs present in Firefox 68, Firefox ESR 68, and Firefox 60.8. Some of these…
CVE-2022-45409 — CVSS 8.8 (high): The garbage collector could have been aborted in several states and zones and <code>GCRuntime::finishCollection</code> may not have been…
CVE-2022-42932 — CVSS 8.8 (high): Mozilla developers Ashley Hale and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 105 and Firefox ESR 102.3. Some…
CVE-2019-11745 — CVSS 8.8 (high): When encrypting with a block cipher, if a call to NSC_EncryptUpdate was made with data smaller than the block size, a small out of bounds…
CVE-2019-11746 — CVSS 8.8 (high): A use-after-free vulnerability can occur while manipulating video elements if the body is freed while still in use. This results in a…
CVE-2022-42928 — CVSS 8.8 (high): Certain types of allocations were missing annotations that, if the Garbage Collector was in a specific state, could have lead to memory…
CVE-2022-40962 — CVSS 8.8 (high): Mozilla developers Nika Layzell, Timothy Nikkel, Sebastian Hengst, Andreas Pehrson, and the Mozilla Fuzzing Team reported memory safety…
CVE-2022-38478 — CVSS 8.8 (high): Members the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 103, Firefox ESR 102.1, and Firefox ESR 91.12. Some of…
CVE-2019-11751 — CVSS 8.8 (high): Logging-related command line parameters are not properly sanitized when Firefox is launched by another program, such as when a user clicks…
CVE-2019-11752 — CVSS 8.8 (high): It is possible to delete an IndexedDB key value and subsequently try to extract it during conversion. This results in a use-after-free and…
CVE-2022-1529 — CVSS 8.8 (high): An attacker could have sent a message to the parent process where the contents were used to double-index into a JavaScript object, leading…
CVE-2020-26968 — CVSS 8.8 (high): Mozilla developers reported memory safety bugs present in Firefox 82 and Firefox ESR 78.4. Some of these bugs showed evidence of memory…
CVE-2020-26971 — CVSS 8.8 (high): Certain blit values provided by the user were not properly constrained leading to a heap buffer overflow on some video drivers. This…
CVE-2020-26973 — CVSS 8.8 (high): Certain input to the CSS Sanitizer confused it, resulting in incorrect components being removed. This could have been used as a sanitizer…
CVE-2020-26974 — CVSS 8.8 (high): When flex-basis was used on a table wrapper, a StyleGenericFlexBasis object could have been incorrectly cast to the wrong type. This…
CVE-2021-43539 — CVSS 8.8 (high): Failure to correctly record the location of live pointers across wasm instance calls resulted in a GC occurring within the call not tracing…
CVE-2021-43537 — CVSS 8.8 (high): An incorrect type conversion of sizes from 64bit to 32bit integers allowed an attacker to corrupt memory leading to a potentially…
CVE-2020-35112 — CVSS 8.8 (high): If a user downloaded a file lacking an extension on Windows, and then "Open"-ed it from the downloads panel, if there was an executable…
CVE-2020-35113 — CVSS 8.8 (high): Mozilla developers reported memory safety bugs present in Firefox 83 and Firefox ESR 78.5. Some of these bugs showed evidence of memory…
CVE-2020-6463 — CVSS 8.8 (high): Use after free in ANGLE in Google Chrome prior to 81.0.4044.122 allowed a remote attacker to potentially exploit heap corruption via a…
CVE-2021-38510 — CVSS 8.8 (high): The executable file warning was not presented when downloading .inetloc files, which, due to a flaw in Mac OS, can run commands on a user's…
CVE-2020-6796 — CVSS 8.8 (high): A content process could have modified shared memory relating to crash reporting information, crash itself, and cause an out-of-bound write…
CVE-2021-38504 — CVSS 8.8 (high): When interacting with an HTML input element's file picker dialog with webkitdirectory set, a use-after-free could have resulted, leading to…
CVE-2020-6799 — CVSS 8.8 (high): Command line arguments could have been injected during Firefox invocation as a shell handler for certain unsupported file types. This…
CVE-2020-6800 — CVSS 8.8 (high): Mozilla developers and community members reported memory safety bugs present in Firefox 72 and Firefox ESR 68.4. Some of these bugs showed…
CVE-2020-6805 — CVSS 8.8 (high): When removing data about an origin whose tab was recently closed, a use-after-free could occur in the Quota manager, resulting in a…
CVE-2020-6806 — CVSS 8.8 (high): By carefully crafting promise resolutions, it was possible to cause an out-of-bounds read off the end of an array resized during script…
CVE-2020-6807 — CVSS 8.8 (high): When a device was changed while a stream was about to be destroyed, the <code>stream-reinit</code> task may have been executed after the…
CVE-2020-6811 — CVSS 8.8 (high): The 'Copy as cURL' feature of Devtools' network tab did not properly escape the HTTP method of a request, which can be controlled by the…
CVE-2021-38501 — CVSS 8.8 (high): Mozilla developers reported memory safety bugs present in Firefox 92 and Firefox ESR 91.1. Some of these bugs showed evidence of memory…
CVE-2021-38500 — CVSS 8.8 (high): Mozilla developers reported memory safety bugs present in Firefox 92 and Firefox ESR 91.1. Some of these bugs showed evidence of memory…
CVE-2023-32207 — CVSS 8.8 (high): A missing delay in popup notifications could have made it possible for an attacker to trick a user into granting permissions. This…
CVE-2020-6822 — CVSS 8.8 (high): On 32-bit builds, an out of bounds write could have occurred when processing an image larger than 4 GB in <code>GMPDecodeData</code>. It is…
CVE-2021-38496 — CVSS 8.8 (high): During operations on MessageTasks, a task may have been removed while it was still scheduled, resulting in memory corruption and a…
CVE-2021-38495 — CVSS 8.8 (high): Mozilla developers reported memory safety bugs present in Thunderbird 78.13.0. Some of these bugs showed evidence of memory corruption and…
CVE-2021-23960 — CVSS 8.8 (high): Performing garbage collection on re-declared JavaScript variables resulted in a user-after-poison, and a potentially exploitable crash…
CVE-2022-31740 — CVSS 8.8 (high): On arm64, WASM code could have resulted in incorrect assembly generation leading to a register allocation problem, and a potentially…
CVE-2022-31739 — CVSS 8.8 (high): When downloading files on Windows, the % character was not escaped, which could have lead to a download incorrectly being saved to…
CVE-2020-12406 — CVSS 8.8 (high): Mozilla Developer Iain Ireland discovered a missing type check during unboxed objects removal, resulting in a crash. We presume that with…
CVE-2020-12410 — CVSS 8.8 (high): Mozilla developers reported memory safety bugs present in Firefox 76 and Firefox ESR 68.8. Some of these bugs showed evidence of memory…
CVE-2020-12416 — CVSS 8.8 (high): A VideoStreamEncoder may have been freed in a race condition with VideoBroadcaster::AddOrUpdateSink, resulting in a use-after-free, memory…
CVE-2020-12417 — CVSS 8.8 (high): Due to confusion about ValueTags on JavaScript Objects, an object may pass through the type barrier, resulting in memory corruption and a…
CVE-2020-12419 — CVSS 8.8 (high): When processing callbacks that occurred during window flushing in the parent process, the associated window may die; causing a…
CVE-2020-12420 — CVSS 8.8 (high): When trying to connect to a STUN server, a race condition could have caused a use-after-free of a pointer, leading to memory corruption and…
CVE-2022-29909 — CVSS 8.8 (high): Documents in deeply-nested cross-origin browsing contexts could have obtained permissions granted to the top-level origin, bypassing the…
CVE-2020-12422 — CVSS 8.8 (high): In non-standard configurations, a JPEG image created by JavaScript could have caused an internal variable to overflow, resulting in an out…
CVE-2022-28289 — CVSS 8.8 (high): Mozilla developers and community members Nika Layzell, Andrew McCreight, Gabriele Svelto, and the Mozilla Fuzzing Team reported memory…
CVE-2022-28281 — CVSS 8.8 (high): If a compromised content process sent an unexpected number of WebAuthN Extensions in a Register command to the parent process, an out of…
CVE-2020-12426 — CVSS 8.8 (high): Mozilla developers and community members reported memory safety bugs present in Firefox 77. Some of these bugs showed evidence of memory…