MozillaFirefox (SUSE:OpenStack Cloud 8) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the SUSE:OpenStack Cloud 8 package MozillaFirefox, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVE-2020-12389 — CVSS 10.0 (critical): The Firefox content processes did not sufficiently lockdown access control which could result in a sandbox escape. *Note: this issue only…
CVE-2021-38503 — CVSS 10.0 (critical): The iframe sandbox rules were not correctly applied to XSLT stylesheets, allowing an iframe to bypass restrictions such as executing…
CVE-2020-12388 — CVSS 10.0 (critical): The Firefox content processes did not sufficiently lockdown access control which could result in a sandbox escape. *Note: this issue only…
CVE-2021-4140 — CVSS 10.0 (critical): It was possible to construct specific XSLT markup that would be able to bypass an iframe sandbox. This vulnerability affects Firefox ESR <…
CVE-2020-6825 — CVSS 9.8 (critical): Mozilla developers and community members Tyson Smith and Christian Holler reported memory safety bugs present in Firefox 74 and Firefox ESR…
CVE-2022-31737 — CVSS 9.8 (critical): A malicious webpage could have caused an out-of-bounds write in WebGL, leading to memory corruption and a potentially exploitable crash…
CVE-2019-11713 — CVSS 9.8 (critical): A use-after-free vulnerability can occur in HTTP/2 when a cached HTTP/2 stream is closed while still in use, resulting in a potentially…
CVE-2019-11714 — CVSS 9.8 (critical): Necko can access a child on the wrong thread during UDP connections, resulting in a potentially exploitable crash in some instances. This…
CVE-2020-12395 — CVSS 9.8 (critical): Mozilla developers and community members reported memory safety bugs present in Firefox 75 and Firefox ESR 68.7. Some of these bugs showed…
CVE-2022-31747 — CVSS 9.8 (critical): Mozilla developers Andrew McCreight, Nicolas B. Pierron, and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 100…
CVE-2018-5183 — CVSS 9.8 (critical): Mozilla developers backported selected changes in the Skia library. These changes correct memory corruption issues including invalid buffer…
CVE-2019-11709 — CVSS 9.8 (critical): Mozilla developers and community members reported memory safety bugs present in Firefox 67 and Firefox ESR 60.7. Some of these bugs showed…
CVE-2019-11710 — CVSS 9.8 (critical): Mozilla developers and community members reported memory safety bugs present in Firefox 67. Some of these bugs showed evidence of memory…
CVE-2018-5151 — CVSS 9.8 (critical): Memory safety bugs were reported in Firefox 59. Some of these bugs showed evidence of memory corruption and we presume that with enough…
CVE-2016-5289 — CVSS 9.8 (critical): Memory safety bugs were reported in Firefox 49. Some of these bugs showed evidence of memory corruption and we presume that with enough…
CVE-2021-32810 — CVSS 9.8 (critical): crossbeam-deque is a package of work-stealing deques for building task schedulers when programming in Rust. In versions prior to 0.7.4 and…
CVE-2019-11733 — CVSS 9.8 (critical): When a master password is set, it is required to be entered again before stored passwords can be accessed in the 'Saved Logins' dialog. It…
CVE-2016-9075 — CVSS 9.8 (critical): An issue where WebExtensions can use the mozAddonManager API to elevate privilege due to privileged pages being allowed in the permissions…
CVE-2020-15683 — CVSS 9.8 (critical): Mozilla developers and community members reported memory safety bugs present in Firefox 81 and Firefox ESR 78.3. Some of these bugs showed…
CVE-2022-31736 — CVSS 9.8 (critical): A malicious website could have learned the size of a cross-origin resource that supported Range requests. This vulnerability affects…
CVE-2022-29917 — CVSS 9.8 (critical): Mozilla developers Andrew McCreight, Gabriele Svelto, Tom Ritter and the Mozilla Fuzzing Team reported memory safety bugs present in…
CVE-2018-5155 — CVSS 9.8 (critical): A use-after-free vulnerability can occur while adjusting layout during SVG animations with text paths. This results in a potentially…
CVE-2020-6831 — CVSS 9.8 (critical): A buffer overflow could occur when parsing and validating SCTP chunks in WebRTC. This could have led to memory corruption and a potentially…
CVE-2018-5150 — CVSS 9.8 (critical): Memory safety bugs were reported in Firefox 59, Firefox ESR 52.7, and Thunderbird 52.7. Some of these bugs showed evidence of memory…
CVE-2020-6814 — CVSS 9.8 (critical): Mozilla developers reported memory safety bugs present in Firefox and Thunderbird 68.5. Some of these bugs showed evidence of memory…
CVE-2022-34470 — CVSS 9.8 (critical): Session history navigations may have led to a use-after-free and potentially exploitable crash. This vulnerability affects Firefox < 102…
CVE-2018-5159 — CVSS 9.8 (critical): An integer overflow can occur in the Skia library due to 32-bit integer use in an array without integer overflow checks, resulting in…
CVE-2016-9063 — CVSS 9.8 (critical): An integer overflow during the parsing of XML using the Expat library. This vulnerability affects Firefox < 50.
CVE-2018-5154 — CVSS 9.8 (critical): A use-after-free vulnerability can occur while enumerating attributes during SVG animations with clip paths. This results in a potentially…
CVE-2022-26384 — CVSS 9.6 (critical): If an attacker could control the contents of an iframe sandboxed with <code>allow-popups</code> but not <code>allow-scripts</code>, they…
CVE-2022-22759 — CVSS 9.6 (critical): If a document created a sandboxed iframe without <code>allow-scripts</code>, and subsequently appended an element to the iframe's document…
CVE-2019-9812 — CVSS 9.3 (critical): Given a compromised sandboxed content process due to a separate vulnerability, it is possible to escape that sandbox by loading…
CVE-2022-22738 — CVSS 8.8 (high): Applying a CSS filter effect could have accessed out of bounds memory. This could have lead to a heap-buffer-overflow causing a potentially…
CVE-2019-11735 — CVSS 8.8 (high): Mozilla developers and community members reported memory safety bugs present in Firefox 68 and Firefox ESR 68. Some of these bugs showed…
CVE-2022-2200 — CVSS 8.8 (high): If an object prototype was corrupted by an attacker, they would have been able to set undesired attributes on a JavaScript object, leading…
CVE-2022-1802 — CVSS 8.8 (high): If an attacker was able to corrupt the methods of an Array object in JavaScript via prototype pollution, they could have achieved execution…
CVE-2019-11740 — CVSS 8.8 (high): Mozilla developers and community members reported memory safety bugs present in Firefox 68, Firefox ESR 68, and Firefox 60.8. Some of these…
CVE-2022-1529 — CVSS 8.8 (high): An attacker could have sent a message to the parent process where the contents were used to double-index into a JavaScript object, leading…
CVE-2021-43539 — CVSS 8.8 (high): Failure to correctly record the location of live pointers across wasm instance calls resulted in a GC occurring within the call not tracing…
CVE-2021-43537 — CVSS 8.8 (high): An incorrect type conversion of sizes from 64bit to 32bit integers allowed an attacker to corrupt memory leading to a potentially…
CVE-2019-11745 — CVSS 8.8 (high): When encrypting with a block cipher, if a call to NSC_EncryptUpdate was made with data smaller than the block size, a small out of bounds…
CVE-2019-11746 — CVSS 8.8 (high): A use-after-free vulnerability can occur while manipulating video elements if the body is freed while still in use. This results in a…
CVE-2021-38510 — CVSS 8.8 (high): The executable file warning was not presented when downloading .inetloc files, which, due to a flaw in Mac OS, can run commands on a user's…
CVE-2021-38504 — CVSS 8.8 (high): When interacting with an HTML input element's file picker dialog with webkitdirectory set, a use-after-free could have resulted, leading to…
CVE-2019-11751 — CVSS 8.8 (high): Logging-related command line parameters are not properly sanitized when Firefox is launched by another program, such as when a user clicks…
CVE-2019-11752 — CVSS 8.8 (high): It is possible to delete an IndexedDB key value and subsequently try to extract it during conversion. This results in a use-after-free and…
CVE-2019-11757 — CVSS 8.8 (high): When following the value's prototype chain, it was possible to retain a reference to a locale, delete it, and subsequently reference it…
CVE-2019-11758 — CVSS 8.8 (high): Mozilla community member Philipp reported a memory safety bug present in Firefox 68 when 360 Total Security was installed. This bug showed…
CVE-2019-11759 — CVSS 8.8 (high): An attacker could have caused 4 bytes of HMAC output to be written past the end of a buffer stored on the stack. This could be used by an…
CVE-2019-11760 — CVSS 8.8 (high): A fixed-size stack buffer could overflow in nrappkit when doing WebRTC signaling. This resulted in a potentially exploitable crash in some…
CVE-2021-38501 — CVSS 8.8 (high): Mozilla developers reported memory safety bugs present in Firefox 92 and Firefox ESR 91.1. Some of these bugs showed evidence of memory…
CVE-2021-38500 — CVSS 8.8 (high): Mozilla developers reported memory safety bugs present in Firefox 92 and Firefox ESR 91.1. Some of these bugs showed evidence of memory…
CVE-2021-38496 — CVSS 8.8 (high): During operations on MessageTasks, a task may have been removed while it was still scheduled, resulting in memory corruption and a…
CVE-2019-11764 — CVSS 8.8 (high): Mozilla developers and community members reported memory safety bugs present in Firefox 69 and Firefox ESR 68.1. Some of these bugs showed…
CVE-2021-38495 — CVSS 8.8 (high): Mozilla developers reported memory safety bugs present in Thunderbird 78.13.0. Some of these bugs showed evidence of memory corruption and…
CVE-2022-31740 — CVSS 8.8 (high): On arm64, WASM code could have resulted in incorrect assembly generation leading to a register allocation problem, and a potentially…
CVE-2019-17005 — CVSS 8.8 (high): The plain text serializer used a fixed-size array for the number of <ol> elements it could process; however it was possible to overflow the…
CVE-2019-17008 — CVSS 8.8 (high): When using nested workers, a use-after-free could occur during worker destruction. This resulted in a potentially exploitable crash. This…
CVE-2019-17012 — CVSS 8.8 (high): Mozilla developers reported memory safety bugs present in Firefox 70 and Firefox ESR 68.2. Some of these bugs showed evidence of memory…
CVE-2019-17015 — CVSS 8.8 (high): During the initialization of a new content process, a pointer offset can be manipulated leading to memory corruption and a potentially…
CVE-2019-17017 — CVSS 8.8 (high): Due to a missing case handling object types, a type confusion vulnerability could occur, resulting in a crash. We presume that with enough…
CVE-2021-30547 — CVSS 8.8 (high): Out of bounds write in ANGLE in Google Chrome prior to 91.0.4472.101 allowed a remote attacker to potentially perform out of bounds memory…
CVE-2021-23995 — CVSS 8.8 (high): When Responsive Design Mode was enabled, it used references to objects that were previously freed. We presume that with enough effort this…
CVE-2020-26968 — CVSS 8.8 (high): Mozilla developers reported memory safety bugs present in Firefox 82 and Firefox ESR 78.4. Some of these bugs showed evidence of memory…
CVE-2020-26971 — CVSS 8.8 (high): Certain blit values provided by the user were not properly constrained leading to a heap buffer overflow on some video drivers. This…
CVE-2020-26973 — CVSS 8.8 (high): Certain input to the CSS Sanitizer confused it, resulting in incorrect components being removed. This could have been used as a sanitizer…
CVE-2020-26974 — CVSS 8.8 (high): When flex-basis was used on a table wrapper, a StyleGenericFlexBasis object could have been incorrectly cast to the wrong type. This…
CVE-2020-6811 — CVSS 8.8 (high): The 'Copy as cURL' feature of Devtools' network tab did not properly escape the HTTP method of a request, which can be controlled by the…
CVE-2020-35112 — CVSS 8.8 (high): If a user downloaded a file lacking an extension on Windows, and then "Open"-ed it from the downloads panel, if there was an executable…
CVE-2020-35113 — CVSS 8.8 (high): Mozilla developers reported memory safety bugs present in Firefox 83 and Firefox ESR 78.5. Some of these bugs showed evidence of memory…
CVE-2020-6463 — CVSS 8.8 (high): Use after free in ANGLE in Google Chrome prior to 81.0.4044.122 allowed a remote attacker to potentially exploit heap corruption via a…
CVE-2020-6807 — CVSS 8.8 (high): When a device was changed while a stream was about to be destroyed, the <code>stream-reinit</code> task may have been executed after the…
CVE-2020-6796 — CVSS 8.8 (high): A content process could have modified shared memory relating to crash reporting information, crash itself, and cause an out-of-bound write…
CVE-2020-6806 — CVSS 8.8 (high): By carefully crafting promise resolutions, it was possible to cause an out-of-bounds read off the end of an array resized during script…
CVE-2020-6805 — CVSS 8.8 (high): When removing data about an origin whose tab was recently closed, a use-after-free could occur in the Quota manager, resulting in a…
CVE-2020-6799 — CVSS 8.8 (high): Command line arguments could have been injected during Firefox invocation as a shell handler for certain unsupported file types. This…
CVE-2020-6800 — CVSS 8.8 (high): Mozilla developers and community members reported memory safety bugs present in Firefox 72 and Firefox ESR 68.4. Some of these bugs showed…
CVE-2022-34481 — CVSS 8.8 (high): In the <code>nsTArray_Impl::ReplaceElementsAt()</code> function, an integer overflow could have occurred when the number of elements to…
CVE-2018-5158 — CVSS 8.8 (high): The PDF viewer does not sufficiently sanitize PostScript calculator functions, allowing malicious JavaScript to be injected through a…
CVE-2022-31739 — CVSS 8.8 (high): When downloading files on Windows, the % character was not escaped, which could have lead to a download incorrectly being saved to…
CVE-2022-29909 — CVSS 8.8 (high): Documents in deeply-nested cross-origin browsing contexts could have obtained permissions granted to the top-level origin, bypassing the…
CVE-2022-28289 — CVSS 8.8 (high): Mozilla developers and community members Nika Layzell, Andrew McCreight, Gabriele Svelto, and the Mozilla Fuzzing Team reported memory…
CVE-2022-28281 — CVSS 8.8 (high): If a compromised content process sent an unexpected number of WebAuthN Extensions in a Register command to the parent process, an out of…
CVE-2022-34484 — CVSS 8.8 (high): The Mozilla Fuzzing Team reported potential vulnerabilities present in Thunderbird 91.10. Some of these bugs showed evidence of memory…
CVE-2022-34468 — CVSS 8.8 (high): An iframe that was not permitted to run scripts could do so if the user clicked on a <code>javascript:</code> link. This vulnerability…
CVE-2019-11711 — CVSS 8.8 (high): When an inner window is reused, it does not consider the use of document.domain for cross-origin protections. If pages on different…
CVE-2019-11712 — CVSS 8.8 (high): POST requests made by NPAPI plugins, such as Flash, that receive a status 308 redirect response can bypass CORS requirements. This can…
CVE-2022-26381 — CVSS 8.8 (high): An attacker could have caused a use-after-free by forcing a text reflow in an SVG object leading to a potentially exploitable crash. This…
CVE-2022-22764 — CVSS 8.8 (high): Mozilla developers Paul Adenot and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 96 and Firefox ESR 91.5. Some of…
CVE-2022-22763 — CVSS 8.8 (high): When a worker is shutdown, it was possible to cause script to run late in the lifecycle, at a point after where it should not be possible…
CVE-2022-31741 — CVSS 8.8 (high): A crafted CMS message could have been processed incorrectly, leading to an invalid memory read, and potentially further memory corruption…
CVE-2022-22761 — CVSS 8.8 (high): Web-accessible extension pages (pages with a moz-extension:// scheme) were not correctly enforcing the frame-ancestors directive when it…
CVE-2022-22756 — CVSS 8.8 (high): If a user was convinced to drag and drop an image to their desktop or other folder, the resulting object could have been changed into an…
CVE-2022-22751 — CVSS 8.8 (high): Mozilla developers Calixte Denizet, Kershaw Chang, Christian Holler, Jason Kratzer, Gabriele Svelto, Tyson Smith, Simon Giesecke, and Steve…
CVE-2022-22744 — CVSS 8.8 (high): The constructed curl command from the "Copy as curl" feature in DevTools was not properly escaped for PowerShell. This could have lead to…
CVE-2022-22740 — CVSS 8.8 (high): Certain network request objects were freed too early when releasing a network request handle. This could have lead to a use-after-free…
CVE-2020-15663 — CVSS 8.8 (high): If Firefox is installed to a user-writable directory, the Mozilla Maintenance Service would execute updater.exe from the install location…
CVE-2020-6822 — CVSS 8.8 (high): On 32-bit builds, an out of bounds write could have occurred when processing an image larger than 4 GB in <code>GMPDecodeData</code>. It is…
CVE-2020-15670 — CVSS 8.8 (high): Mozilla developers reported memory safety bugs present in Firefox for Android 79. Some of these bugs showed evidence of memory corruption…
CVE-2020-15673 — CVSS 8.8 (high): Mozilla developers reported memory safety bugs present in Firefox 80 and Firefox ESR 78.2. Some of these bugs showed evidence of memory…
CVE-2021-23994 — CVSS 8.8 (high): A WebGL framebuffer was not initialized early enough, resulting in memory corruption and an out of bound write. This vulnerability affects…
CVE-2021-23987 — CVSS 8.8 (high): Mozilla developers and community members reported memory safety bugs present in Firefox 86 and Firefox ESR 78.8. Some of these bugs showed…
CVE-2020-15678 — CVSS 8.8 (high): When recursing through graphical layers while scrolling, an iterator may have become invalid, resulting in a potential use-after-free. This…
CVE-2020-15969 — CVSS 8.8 (high): Use after free in WebRTC in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to potentially exploit heap corruption via a…
CVE-2021-23978 — CVSS 8.8 (high): Mozilla developers reported memory safety bugs present in Firefox 85 and Firefox ESR 78.7. Some of these bugs showed evidence of memory…
CVE-2020-16044 — CVSS 8.8 (high): Use after free in WebRTC in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to potentially exploit heap corruption via a…
CVE-2020-26950 — CVSS 8.8 (high): In certain circumstances, the MCallGetProperty opcode can be emitted with unmet assumptions resulting in an exploitable use-after-free…
CVE-2021-23964 — CVSS 8.8 (high): Mozilla developers reported memory safety bugs present in Firefox 84 and Firefox ESR 78.6. Some of these bugs showed evidence of memory…
CVE-2021-23960 — CVSS 8.8 (high): Performing garbage collection on re-declared JavaScript variables resulted in a user-after-poison, and a potentially exploitable crash…
CVE-2021-23954 — CVSS 8.8 (high): Using the new logical assignment operators in a JavaScript switch statement could have caused a type confusion, leading to a memory…
CVE-2020-26959 — CVSS 8.8 (high): During browser shutdown, reference decrementing could have occured on a previously freed object, resulting in a use-after-free, memory…
CVE-2020-26960 — CVSS 8.8 (high): If the Compact() method was called on an nsTArray, the array could have been reallocated without updating other pointers, leading to a…
CVE-2019-17024 — CVSS 8.8 (high): Mozilla developers reported memory safety bugs present in Firefox 71 and Firefox ESR 68.3. Some of these bugs showed evidence of memory…
CVE-2021-29990 — CVSS 8.8 (high): Mozilla developers and community members reported memory safety bugs present in Firefox 90. Some of these bugs showed evidence of memory…
CVE-2021-29989 — CVSS 8.8 (high): Mozilla developers reported memory safety bugs present in Firefox 90 and Firefox ESR 78.12. Some of these bugs showed evidence of memory…
CVE-2021-29988 — CVSS 8.8 (high): Firefox incorrectly treated an inline list-item element as a block element, resulting in an out of bounds read or memory corruption, and a…
CVE-2020-12406 — CVSS 8.8 (high): Mozilla Developer Iain Ireland discovered a missing type check during unboxed objects removal, resulting in a crash. We presume that with…
CVE-2020-12410 — CVSS 8.8 (high): Mozilla developers reported memory safety bugs present in Firefox 76 and Firefox ESR 68.8. Some of these bugs showed evidence of memory…
CVE-2021-29985 — CVSS 8.8 (high): A use-after-free vulnerability in media channels could have led to memory corruption and a potentially exploitable crash. This…
CVE-2020-12416 — CVSS 8.8 (high): A VideoStreamEncoder may have been freed in a race condition with VideoBroadcaster::AddOrUpdateSink, resulting in a use-after-free, memory…
CVE-2020-12417 — CVSS 8.8 (high): Due to confusion about ValueTags on JavaScript Objects, an object may pass through the type barrier, resulting in memory corruption and a…
CVE-2021-29984 — CVSS 8.8 (high): Instruction reordering resulted in a sequence of instructions that would cause an object to be incorrectly considered during garbage…
CVE-2020-12419 — CVSS 8.8 (high): When processing callbacks that occurred during window flushing in the parent process, the associated window may die; causing a…
CVE-2020-12420 — CVSS 8.8 (high): When trying to connect to a STUN server, a race condition could have caused a use-after-free of a pointer, leading to memory corruption and…
CVE-2021-29981 — CVSS 8.8 (high): An issue present in lowering/register allocation could have led to obscure but deterministic register confusion failures in JITted code…
CVE-2020-12422 — CVSS 8.8 (high): In non-standard configurations, a JPEG image created by JavaScript could have caused an internal variable to overflow, resulting in an out…
CVE-2021-29980 — CVSS 8.8 (high): Uninitialized memory in a canvas object could have caused an incorrect free() leading to memory corruption and a potentially exploitable…
CVE-2021-29976 — CVSS 8.8 (high): Mozilla developers reported memory safety bugs present in code shared between Firefox and Thunderbird. Some of these bugs showed evidence…
CVE-2020-12426 — CVSS 8.8 (high): Mozilla developers and community members reported memory safety bugs present in Firefox 77. Some of these bugs showed evidence of memory…
CVE-2021-29970 — CVSS 8.8 (high): A malicious webpage could have triggered a use-after-free, memory corruption, and a potentially exploitable crash. *This bug could only be…
CVE-2021-29967 — CVSS 8.8 (high): Mozilla developers reported memory safety bugs present in Firefox 88 and Firefox ESR 78.11. Some of these bugs showed evidence of memory…
CVE-2021-29946 — CVSS 8.8 (high): Ports that were written as an integer overflow above the bounds of a 16-bit integer could have bypassed port blocking restrictions when…
CVE-2021-24002 — CVSS 8.8 (high): When a user clicked on an FTP URL containing encoded newline characters (%0A and %0D), the newlines would have been interpreted as such and…
CVE-2020-15656 — CVSS 8.8 (high): JIT optimizations involving the Javascript arguments object could confuse later optimizations. This risk was already mitigated by various…
CVE-2021-23999 — CVSS 8.8 (high): If a Blob URL was loaded through some unusual user interaction, it could have been loaded by the System Principal and granted additional…
CVE-2020-15659 — CVSS 8.8 (high): Mozilla developers and community members reported memory safety bugs present in Firefox 78 and Firefox ESR 78.0. Some of these bugs showed…
CVE-2019-11716 — CVSS 8.3 (high): Until explicitly accessed by script, window.globalThis is not enumerable and, as a result, is not visible to code such as…
CVE-2019-9811 — CVSS 8.3 (high): As part of a winning Pwn2Own entry, a researcher demonstrated a sandbox escape by installing a malicious language pack and then opening a…
CVE-2018-5163 — CVSS 8.1 (high): If a malicious attacker has used another vulnerability to gain full control over a content process, they may be able to replace the…
CVE-2021-23981 — CVSS 8.1 (high): A texture upload of a Pixel Buffer Object could have confused the WebGL code to skip binding the buffer used to unpack it, resulting in…
CVE-2020-12387 — CVSS 8.1 (high): A race condition when running shutdown code for Web Worker led to a use-after-free vulnerability. This resulted in a potentially…
CVE-2018-5178 — CVSS 8.1 (high): A buffer overflow was found during UTF8 to Unicode string conversion within JavaScript with extremely large amounts of data. This…
CVE-2021-29986 — CVSS 8.1 (high): A suspected race condition when calling getaddrinfo led to memory corruption and a potentially exploitable crash. *Note: This issue only…
CVE-2021-29991 — CVSS 8.1 (high): Firefox incorrectly accepted a newline in a HTTP/3 header, interpretting it as two separate headers. This allowed for a header splitting…
CVE-2020-12393 — CVSS 7.8 (high): The 'Copy as cURL' feature of Devtools' network tab did not properly escape the HTTP method of a request, which can be controlled by the…
CVE-2019-17009 — CVSS 7.8 (high): When running, the updater service wrote status and log files to an unrestricted location; potentially allowing an unprivileged process to…
CVE-2020-15657 — CVSS 7.8 (high): Firefox could be made to load attacker-supplied DLL files from the installation directory. This required an attacker that is already…
CVE-2019-11753 — CVSS 7.8 (high): The Firefox installer allows Firefox to be installed to a custom user writable location, leaving it unprotected from manipulation by…
CVE-2020-12423 — CVSS 7.8 (high): When the Windows DLL "webauthn.dll" was missing from the Operating System, and a malicious one was placed in a folder in the user's %PATH%…
CVE-2016-9069 — CVSS 7.8 (high): A use-after-free in nsINode::ReplaceOrInsertBefore during DOM operations resulting in potentially exploitable crashes. This vulnerability…
CVE-2018-5181 — CVSS 7.5 (high): If a URL using the "file:" protocol is dragged and dropped onto an open tab that is running in a different child process the tab will open…
CVE-2016-9068 — CVSS 7.5 (high): A use-after-free during web animations when working with timelines resulting in a potentially exploitable crash. This vulnerability affects…
CVE-2016-9073 — CVSS 7.5 (high): WebExtensions can bypass security checks to load privileged URLs and potentially escape the WebExtension sandbox. This vulnerability…
CVE-2018-5153 — CVSS 7.5 (high): If websocket data is sent with mixed text and binary in a single message, the binary data can be corrupted. This can result in an…
CVE-2018-5157 — CVSS 7.5 (high): Same-origin protections for the PDF viewer can be bypassed, allowing a malicious site to intercept messages meant for the viewer. This…
CVE-2018-5160 — CVSS 7.5 (high): WebRTC can use a "WrappedI420Buffer" pixel buffer but the owning image object can be freed while it is still in use. This can result in the…
CVE-2018-5166 — CVSS 7.5 (high): WebExtensions can use request redirection and a "filterReponseData" filter to bypass host permission settings to redirect network traffic…
CVE-2018-5174 — CVSS 7.5 (high): In the Windows 10 April 2018 Update, Windows Defender SmartScreen honors the "SEE_MASK_FLAG_NO_UI" flag associated with downloaded files…
CVE-2018-5177 — CVSS 7.5 (high): A vulnerability exists in XSLT during number formatting where a negative buffer size may be allocated in some instances, leading to a…
CVE-2018-5179 — CVSS 7.5 (high): A service worker can send the activate event on itself periodically which allows it to run perpetually, allowing it to monitor activity by…
CVE-2018-5180 — CVSS 7.5 (high): A use-after-free vulnerability can occur during WebGL operations. While this results in a potentially exploitable crash, the vulnerability…
CVE-2018-5182 — CVSS 7.5 (high): If a text string that happens to be a filename in the operating system's native format is dragged and dropped onto the addressbar the…
CVE-2019-11719 — CVSS 7.5 (high): When importing a curve25519 private key in PKCS#8format with leading 0x00 bytes, it is possible to trigger an out-of-bounds read in the…
CVE-2019-11723 — CVSS 7.5 (high): A vulnerability exists during the installation of add-ons where the initial fetch ignored the origin attributes of the browsing context…
CVE-2019-11729 — CVSS 7.5 (high): Empty or malformed p256-ECDH public keys may trigger a segmentation fault due values being improperly sanitized before being copied into…
CVE-2019-15903 — CVSS 7.5 (high): In libexpat before 2.2.8, crafted XML input could fool the parser into changing from DTD parsing to document parsing too early; a…
CVE-2019-17010 — CVSS 7.5 (high): Under certain conditions, when checking the Resist Fingerprinting preference during device orientation checks, a race condition could have…
CVE-2019-17011 — CVSS 7.5 (high): Under certain conditions, when retrieving a document from a DocShell in the antitracking code, a race condition could cause a…
CVE-2020-6821 — CVSS 7.5 (high): When reading from areas partially or fully outside the source resource with WebGL's <code>copyTexSubImage</code> method, the specification…
CVE-2020-6828 — CVSS 7.5 (high): A malicious Android application could craft an Intent that would have been processed by Firefox for Android and potentially result in a…
CVE-2021-38498 — CVSS 7.5 (high): During process shutdown, a document could have caused a use-after-free of a languages service object, leading to memory corruption and a…
CVE-2022-22737 — CVSS 7.5 (high): Constructing audio sinks could have lead to a race condition when playing audio files and closing windows. This could have lead to a…
CVE-2022-22741 — CVSS 7.5 (high): When resizing a popup while requesting fullscreen access, the popup would have become unable to leave fullscreen mode. This vulnerability…
CVE-2022-24713 — CVSS 7.5 (high): regex is an implementation of regular expressions for the Rust language. The regex crate features built-in mitigations to prevent denial of…
CVE-2022-26387 — CVSS 7.5 (high): When installing an add-on, Firefox verified the signature before prompting the user; but while the user was confirming the prompt, the…
CVE-2021-23961 — CVSS 7.4 (high): Further techniques that built on the slipstream research combined with a malicious webpage could have exposed both an internal network's…
CVE-2022-22753 — CVSS 7.1 (high): A Time-of-Check Time-of-Use bug existed in the Maintenance (Updater) Service that could be abused to grant Users write access to an…
CVE-2021-29964 — CVSS 7.1 (high): A locally-installed hostile program could send `WM_COPYDATA` messages that Firefox would process incorrectly, leading to an out-of-bounds…
CVE-2019-11736 — CVSS 7.0 (high): The Mozilla Maintenance Service does not guard against files being hardlinked to another file in the updates directory, allowing for the…
CVE-2016-9077 — CVSS 7.0 (high): Canvas allows the use of the "feDisplacementMap" filter on images loaded cross-origin. The rendering by the filter is variable depending on…
CVE-2020-12425 — CVSS 6.5 (medium): Due to confusion processing a hyphen character in Date.parse(), a one-byte out of bounds read could have occurred, leading to potential…
CVE-2020-26966 — CVSS 6.5 (medium): Searching for a single word from the address bar caused an mDNS request to be sent on the local network searching for a hostname consisting…
CVE-2020-26965 — CVSS 6.5 (medium): Some websites have a feature "Show Password" where clicking a button will change a password field into a textbook field, revealing the…
CVE-2020-26961 — CVSS 6.5 (medium): When DNS over HTTPS is in use, it intentionally filters RFC1918 and related IP ranges from the responses as these do not make sense coming…
CVE-2021-23973 — CVSS 6.5 (medium): When trying to load a cross-origin resource in an audio/video context a decoding error may have resulted, and the content of that error may…
CVE-2020-16042 — CVSS 6.5 (medium): Uninitialized Use in V8 in Google Chrome prior to 87.0.4280.88 allowed a remote attacker to obtain potentially sensitive information from…
CVE-2021-23982 — CVSS 6.5 (medium): Using techniques that built on the slipstream research, a malicious webpage could have scanned both an internal network's hosts as well as…
CVE-2021-23984 — CVSS 6.5 (medium): A malicious extension could have opened a popup window lacking an address bar. The title of the popup lacking an address bar should not be…
CVE-2020-15664 — CVSS 6.5 (medium): By holding a reference to the eval() function from an about:blank window, a malicious webpage could have gained access to the…
CVE-2021-23998 — CVSS 6.5 (medium): Through complicated navigations with new windows, an HTTP page could have inherited a secure lock icon from an HTTPS page. This…
CVE-2020-15658 — CVSS 6.5 (medium): The code for downloading files did not properly take care of special characters, which led to an attacker being able to cut off the file…
CVE-2020-15655 — CVSS 6.5 (medium): A redirected HTTP request which is observed or modified through a web extension could bypass existing CORS checks, leading to potential…
CVE-2021-29945 — CVSS 6.5 (medium): The WebAssembly JIT could miscalculate the size of a return type, which could lead to a null read and result in a crash. *Note: This issue…