Every CVE whose affected-product data names Mozilla Firefox, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (200)
CVE-2015-4474 — CVSS 10.0 (critical): Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 40.0 allow remote attackers to cause a denial of…
CVE-2013-1680 — CVSS 10.0 (critical): Use-after-free vulnerability in the nsFrameList::FirstChild function in Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6…
CVE-2013-1679 — CVSS 10.0 (critical): Use-after-free vulnerability in the mozilla::plugins::child::_geturlnotify function in Mozilla Firefox before 21.0, Firefox ESR 17.x before…
CVE-2013-1678 — CVSS 10.0 (critical): The _cairo_xlib_surface_add_glyph function in Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6, and…
CVE-2013-1736 — CVSS 10.0 (critical): The nsGfxScrollFrameInner::IsLTR function in Mozilla Firefox before 24.0, Firefox ESR 17.x before 17.0.9, Thunderbird before 24.0…
CVE-2026-0881 — CVSS 10.0 (critical): Sandbox escape in the Messaging System component. This vulnerability was fixed in Firefox 147 and Thunderbird 147.
CVE-2013-1677 — CVSS 10.0 (critical): The gfxSkipCharsIterator::SetOffsets function in Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6…
CVE-2011-0072 — CVSS 10.0 (critical): Unspecified vulnerability in the browser engine in Mozilla Firefox 3.5.x before 3.5.19 and 3.6.x before 3.6.17, Thunderbird before 3.1.10…
CVE-2009-0775 — CVSS 10.0 (critical): Double free vulnerability in Mozilla Firefox before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey before 1.1.15 allows remote attackers…
CVE-2011-2992 — CVSS 10.0 (critical): The Ogg reader in the browser engine in Mozilla Firefox 4.x through 5, SeaMonkey 2.x before 2.3, Thunderbird before 6, and possibly other…
CVE-2011-2989 — CVSS 10.0 (critical): The browser engine in Mozilla Firefox 4.x through 5, SeaMonkey 2.x before 2.3, Thunderbird before 6, and possibly other products does not…
CVE-2004-0764 — CVSS 10.0 (critical): Mozilla before 1.7, Firefox before 0.9, and Thunderbird before 0.7, allow remote web sites to hijack the user interface via the "chrome"…
CVE-2014-1562 — CVSS 10.0 (critical): Unspecified vulnerability in the browser engine in Mozilla Firefox before 32.0, Firefox ESR 24.x before 24.8 and 31.x before 31.1, and…
CVE-2013-1676 — CVSS 10.0 (critical): The SelectionIterator::GetNextSegment function in Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6…
CVE-2009-2464 — CVSS 10.0 (critical): The nsXULTemplateQueryProcessorRDF::CheckIsSeparator function in Mozilla Firefox before 3.0.12, SeaMonkey 2.0a1pre, and Thunderbird allows…
CVE-2009-2665 — CVSS 10.0 (critical): The nsDocument::SetScriptGlobalObject function in content/base/src/nsDocument.cpp in Mozilla Firefox 3.5.x before 3.5.2, when certain…
CVE-2009-2462 — CVSS 10.0 (critical): The browser engine in Mozilla Firefox before 3.0.12 and Thunderbird allows remote attackers to cause a denial of service (memory corruption…
CVE-2009-3373 — CVSS 10.0 (critical): Heap-based buffer overflow in the GIF image parser in Mozilla Firefox before 3.0.15 and 3.5.x before 3.5.4, and SeaMonkey before 2.0…
CVE-2009-2463 — CVSS 10.0 (critical): Multiple integer overflows in the (1) PL_Base64Decode and (2) PL_Base64Encode functions in nsprpub/lib/libc/src/base64.c in Mozilla Firefox…
CVE-2014-1538 — CVSS 10.0 (critical): Use-after-free vulnerability in the nsTextEditRules::CreateMozBR function in Mozilla Firefox before 30.0, Firefox ESR 24.x before 24.6, and…
CVE-2014-1550 — CVSS 10.0 (critical): Use-after-free vulnerability in the MediaInputPort class in Mozilla Firefox before 31.0 and Thunderbird before 31.0 allows remote attackers…
CVE-2009-3382 — CVSS 10.0 (critical): layout/base/nsCSSFrameConstructor.cpp in the browser engine in Mozilla Firefox 3.0.x before 3.0.15 does not properly handle first-letter…
CVE-2011-0073 — CVSS 10.0 (critical): Mozilla Firefox before 3.5.19 and 3.6.x before 3.6.17, and SeaMonkey before 2.0.14, does not properly use nsTreeRange data structures…
CVE-2004-0648 — CVSS 10.0 (critical): Mozilla (Suite) before 1.7.1, Firefox before 0.9.2, and Thunderbird before 0.7.2 allow remote attackers to launch arbitrary programs via a…
CVE-2014-1551 — CVSS 10.0 (critical): Use-after-free vulnerability in the FontTableRec destructor in Mozilla Firefox before 31.0, Firefox ESR 24.x before 24.7, and Thunderbird…
CVE-2009-3383 — CVSS 10.0 (critical): Multiple unspecified vulnerabilities in the JavaScript engine in Mozilla Firefox 3.5.x before 3.5.4 allow remote attackers to cause a…
CVE-2015-7201 — CVSS 10.0 (critical): Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.5 allow remote…
CVE-2016-1931 — CVSS 10.0 (critical): Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 44.0 allow remote attackers to cause a denial of…
CVE-2011-0074 — CVSS 10.0 (critical): Unspecified vulnerability in the browser engine in Mozilla Firefox 3.5.x before 3.5.19 and 3.6.x before 3.6.17, Thunderbird before 3.1.10…
CVE-2011-0075 — CVSS 10.0 (critical): Unspecified vulnerability in the browser engine in Mozilla Firefox 3.5.x before 3.5.19 and 3.6.x before 3.6.17, Thunderbird before 3.1.10…
CVE-2025-2857 — CVSS 10.0 (critical): Following the recent Chrome sandbox escape (CVE-2025-2783), various Firefox developers identified a similar pattern in our IPC code. A…
CVE-2012-3968 — CVSS 10.0 (critical): Use-after-free vulnerability in the WebGL implementation in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before…
CVE-2009-2465 — CVSS 10.0 (critical): Mozilla Firefox before 3.0.12 and Thunderbird allow remote attackers to cause a denial of service (memory corruption and application crash)…
CVE-2010-4508 — CVSS 10.0 (critical): The WebSockets implementation in Mozilla Firefox 4 through 4.0 Beta 7 does not properly perform proxy upgrade negotiation, which has…
CVE-2014-1537 — CVSS 10.0 (critical): Use-after-free vulnerability in the mozilla::dom::workers::WorkerPrivateParent function in Mozilla Firefox before 30.0 allows remote…
CVE-2011-0077 — CVSS 10.0 (critical): Unspecified vulnerability in the browser engine in Mozilla Firefox 3.5.x before 3.5.19 and 3.6.x before 3.6.17, Thunderbird before 3.1.10…
CVE-2011-2988 — CVSS 10.0 (critical): Buffer overflow in an unspecified string class in the WebGL shader implementation in Mozilla Firefox 4.x through 5, Thunderbird before 6…
CVE-2015-2738 — CVSS 10.0 (critical): The YCbCrImageDataDeserializer::ToDataSourceSurface function in the YCbCr implementation in Mozilla Firefox before 39.0, Firefox ESR 31.x…
CVE-2012-3970 — CVSS 10.0 (critical): Use-after-free vulnerability in the nsTArray_base::Length function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7…
CVE-2012-3971 — CVSS 10.0 (critical): Summer Institute of Linguistics (SIL) Graphite 2, as used in Mozilla Firefox before 15.0, Thunderbird before 15.0, and SeaMonkey before…
CVE-2011-0078 — CVSS 10.0 (critical): Unspecified vulnerability in the browser engine in Mozilla Firefox 3.5.x before 3.5.19 and 3.6.x before 3.6.17, Thunderbird before 3.1.10…
CVE-2013-1669 — CVSS 10.0 (critical): Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 21.0 allow remote attackers to cause a denial of…
CVE-2011-2995 — CVSS 10.0 (critical): Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.6.23 and 4.x through 6, Thunderbird before 7.0, and…
CVE-2010-1121 — CVSS 10.0 (critical): Mozilla Firefox 3.6.x before 3.6.3 does not properly manage the scopes of DOM nodes that are moved from one document to another, which…
CVE-2010-1122 — CVSS 10.0 (critical): Unspecified vulnerability in Mozilla Firefox 3.5.x through 3.5.8 allows remote attackers to cause a denial of service (memory corruption…
CVE-2009-3074 — CVSS 10.0 (critical): Unspecified vulnerability in the JavaScript engine in Mozilla Firefox before 3.0.14 allows remote attackers to cause a denial of service…
CVE-2013-0796 — CVSS 10.0 (critical): The WebGL subsystem in Mozilla Firefox before 20.0, Firefox ESR 17.x before 17.0.5, Thunderbird before 17.0.5, Thunderbird ESR 17.x before…
CVE-2011-0079 — CVSS 10.0 (critical): Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 4.x before 4.0.1 allow remote attackers to cause a denial of…
CVE-2011-0080 — CVSS 10.0 (critical): Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 3.5.x before 3.5.19 and 3.6.x before 3.6.17, Thunderbird…
CVE-2013-0795 — CVSS 10.0 (critical): The System Only Wrapper (SOW) implementation in Mozilla Firefox before 20.0, Firefox ESR 17.x before 17.0.5, Thunderbird before 17.0.5…
CVE-2010-1988 — CVSS 10.0 (critical): Mozilla Firefox 3.6.3 on Windows XP SP3 allows remote attackers to cause a denial of service (NULL pointer dereference and application…
CVE-2011-0081 — CVSS 10.0 (critical): Unspecified vulnerability in the browser engine in Mozilla Firefox 3.6.x before 3.6.17 and 4.x before 4.0.1, and Thunderbird 3.1.x before…
CVE-2019-25136 — CVSS 10.0 (critical): A compromised child process could have injected XBL Bindings into privileged CSS rules, resulting in arbitrary code execution and a sandbox…
CVE-2015-2725 — CVSS 10.0 (critical): Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 39.0, Firefox ESR 38.x before 38.1, and Thunderbird…
CVE-2009-3069 — CVSS 10.0 (critical): Unspecified vulnerability in the browser engine in Mozilla Firefox 3.5.x before 3.5.3 allows remote attackers to cause a denial of service…
CVE-2009-2662 — CVSS 10.0 (critical): The browser engine in Mozilla Firefox 3.5.x before 3.5.2 allows remote attackers to cause a denial of service (memory corruption and…
CVE-2012-4190 — CVSS 10.0 (critical): The FT2FontEntry::CreateFontEntry function in FreeType, as used in the Android build of Mozilla Firefox before 16.0.1 on CyanogenMod 10…
CVE-2011-0062 — CVSS 10.0 (critical): Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 3.6.x before 3.6.14 and Thunderbird 3.1.x before 3.1.8 allow…
CVE-2013-5591 — CVSS 10.0 (critical): Unspecified vulnerability in the browser engine in Mozilla Firefox before 25.0, Firefox ESR 24.x before 24.1, Thunderbird before 24.1, and…
CVE-2013-0790 — CVSS 10.0 (critical): Unspecified vulnerability in the browser engine in Mozilla Firefox before 20.0 on Android allows remote attackers to cause a denial of…
CVE-2014-1536 — CVSS 10.0 (critical): The PropertyProvider::FindJustificationRange function in Mozilla Firefox before 30.0 allows remote attackers to execute arbitrary code or…
CVE-2013-0789 — CVSS 10.0 (critical): Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 20.0 and SeaMonkey before 2.17 allow remote attackers…
CVE-2013-0788 — CVSS 10.0 (critical): Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 20.0, Firefox ESR 17.x before 17.0.5, Thunderbird…
CVE-2014-1563 — CVSS 10.0 (critical): Use-after-free vulnerability in the mozilla::DOMSVGLength::GetTearOff function in Mozilla Firefox before 32.0, Firefox ESR 31.x before…
CVE-2011-0083 — CVSS 10.0 (critical): Use-after-free vulnerability in the nsSVGPathSegList::ReplaceItem function in the implementation of SVG element lists in Mozilla Firefox…
CVE-2011-3651 — CVSS 10.0 (critical): Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 7.0 and Thunderbird 7.0 allow remote attackers to cause a…
CVE-2014-1478 — CVSS 10.0 (critical): Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 27.0 and SeaMonkey before 2.24 allow remote attackers…
CVE-2026-4725 — CVSS 10.0 (critical): Sandbox escape due to use-after-free in the Graphics: Canvas2D component. This vulnerability was fixed in Firefox 149 and Thunderbird 149.
CVE-2011-0084 — CVSS 10.0 (critical): The SVGTextElement.getCharNumAtPosition function in Mozilla Firefox before 3.6.20, and 4.x through 5; Thunderbird 3.x before 3.1.12 and…
CVE-2011-0085 — CVSS 10.0 (critical): Use-after-free vulnerability in the nsXULCommandDispatcher function in Mozilla Firefox before 3.6.18, Thunderbird before 3.1.11, and…
CVE-2011-1300 — CVSS 10.0 (critical): The Program::getActiveUniformMaxLength function in libGLESv2/Program.cpp in libGLESv2.dll in the WebGLES library in Almost Native Graphics…
CVE-2011-2985 — CVSS 10.0 (critical): Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 4.x through 5, Thunderbird before 6, SeaMonkey 2.x before…
CVE-2011-2984 — CVSS 10.0 (critical): Mozilla Firefox before 3.6.20, SeaMonkey 2.x, Thunderbird 3.x before 3.1.12, and possibly other products does not properly handle the…
CVE-2004-0757 — CVSS 10.0 (critical): Heap-based buffer overflow in the SendUidl in the POP3 capability for Mozilla before 1.7, Firefox before 0.9, and Thunderbird before 0.7…
CVE-2011-3652 — CVSS 10.0 (critical): The browser engine in Mozilla Firefox before 8.0 and Thunderbird before 8.0 does not properly allocate memory, which allows remote…
CVE-2011-2982 — CVSS 10.0 (critical): Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.6.20, Thunderbird 2.x and 3.x before 3.1.12…
CVE-2011-2991 — CVSS 10.0 (critical): The browser engine in Mozilla Firefox 4.x through 5, SeaMonkey 2.x before 2.3, Thunderbird before 6, and possibly other products does not…
CVE-2009-1571 — CVSS 10.0 (critical): Use-after-free vulnerability in the HTML parser in Mozilla Firefox 3.0.x before 3.0.18 and 3.5.x before 3.5.8, Thunderbird before 3.0.2…
CVE-2011-2363 — CVSS 10.0 (critical): Use-after-free vulnerability in the nsSVGPointList::AppendElement function in the implementation of SVG element lists in Mozilla Firefox…
CVE-2011-2364 — CVSS 10.0 (critical): Unspecified vulnerability in the browser engine in Mozilla Firefox 3.6.x before 3.6.18 and Thunderbird before 3.1.11 allows remote…
CVE-2021-38503 — CVSS 10.0 (critical): The iframe sandbox rules were not correctly applied to XSLT stylesheets, allowing an iframe to bypass restrictions such as executing…
CVE-2011-2365 — CVSS 10.0 (critical): Unspecified vulnerability in the browser engine in Mozilla Firefox 3.6.x before 3.6.18 and Thunderbird before 3.1.11 allows remote…
CVE-2011-3654 — CVSS 10.0 (critical): The browser engine in Mozilla Firefox before 8.0 and Thunderbird before 8.0 does not properly handle links from SVG mpath elements to…
CVE-2014-1553 — CVSS 10.0 (critical): Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 32.0, Firefox ESR 31.x before 31.1, and Thunderbird…
CVE-2009-2471 — CVSS 10.0 (critical): The setTimeout function in Mozilla Firefox before 3.0.12 does not properly preserve object wrapping, which allows remote attackers to…
CVE-2009-3073 — CVSS 10.0 (critical): Unspecified vulnerability in the JavaScript engine in Mozilla Firefox 3.5.x before 3.5.3 allows remote attackers to cause a denial of…
CVE-2009-2469 — CVSS 10.0 (critical): Mozilla Firefox before 3.0.12 does not properly handle an SVG element that has a property with a watch function and an __defineSetter__…
CVE-2015-2739 — CVSS 10.0 (critical): The ArrayBufferBuilder::append function in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and Thunderbird…
CVE-2018-18505 — CVSS 10.0 (critical): An earlier fix for an Inter-process Communication (IPC) vulnerability, CVE-2011-3079, added authentication to communication between IPC…
CVE-2009-2468 — CVSS 10.0 (critical): Integer overflow in Apple CoreGraphics, as used in Safari before 4.0.3, Mozilla Firefox before 3.0.12, and Mac OS X 10.4.11 and 10.5.8…
CVE-2009-2467 — CVSS 10.0 (critical): Mozilla Firefox before 3.0.12 and 3.5 before 3.5.1 allows remote attackers to cause a denial of service (application crash) or possibly…
CVE-2014-1547 — CVSS 10.0 (critical): Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 31.0, Firefox ESR 24.x before 24.7, and Thunderbird…
CVE-2026-2778 — CVSS 10.0 (critical): Sandbox escape due to incorrect boundary conditions in the DOM: Core & HTML component. This vulnerability was fixed in Firefox 148, Firefox…
CVE-2012-0443 — CVSS 10.0 (critical): Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 4.x through 9.0, Thunderbird 5.0 through 9.0, and SeaMonkey…
CVE-2012-0444 — CVSS 10.0 (critical): Mozilla Firefox before 3.6.26 and 4.x through 9.0, Thunderbird before 3.1.18 and 5.0 through 9.0, and SeaMonkey before 2.7 do not properly…
CVE-2012-0467 — CVSS 10.0 (critical): Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird…
CVE-2008-0016 — CVSS 10.0 (critical): Stack-based buffer overflow in the URL parsing implementation in Mozilla Firefox before 2.0.0.17 and SeaMonkey before 1.1.12 allows remote…
CVE-2010-0159 — CVSS 10.0 (critical): The browser engine in Mozilla Firefox 3.0.x before 3.0.18 and 3.5.x before 3.5.8, Thunderbird before 3.0.2, and SeaMonkey before 2.0.3…
CVE-2011-2368 — CVSS 10.0 (critical): The WebGL implementation in Mozilla Firefox 4.x through 4.0.1 does not properly restrict write operations, which allows remote attackers to…
CVE-2013-5590 — CVSS 10.0 (critical): Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 25.0, Firefox ESR 17.x before 17.0.10 and 24.x before…
CVE-2026-2776 — CVSS 10.0 (critical): Sandbox escape due to incorrect boundary conditions in the Telemetry component in External Software. This vulnerability was fixed in…
CVE-2014-1554 — CVSS 10.0 (critical): Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 32.0 allow remote attackers to cause a denial of…
CVE-2009-2466 — CVSS 10.0 (critical): The JavaScript engine in Mozilla Firefox before 3.0.12 and Thunderbird allows remote attackers to cause a denial of service (memory…
CVE-2012-0468 — CVSS 10.0 (critical): The browser engine in Mozilla Firefox 4.x through 11.0, Thunderbird 5.0 through 11.0, and SeaMonkey before 2.9 allows remote attackers to…
CVE-2008-4062 — CVSS 10.0 (critical): Multiple unspecified vulnerabilities in Mozilla Firefox before 2.0.0.17 and 3.x before 3.0.2, Thunderbird before 2.0.0.17, and SeaMonkey…
CVE-2009-3072 — CVSS 10.0 (critical): Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.0.14 and 3.5.x before 3.5.3, Thunderbird before…
CVE-2011-0053 — CVSS 10.0 (critical): Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.5.17 and 3.6.x before 3.6.14, Thunderbird before…
CVE-2010-0160 — CVSS 10.0 (critical): The Web Worker functionality in Mozilla Firefox 3.0.x before 3.0.18 and 3.5.x before 3.5.8, and SeaMonkey before 2.0.3, does not properly…
CVE-2012-0469 — CVSS 10.0 (critical): Use-after-free vulnerability in the mozilla::dom::indexedDB::IDBKeyRange::cycleCollection::Trace function in Mozilla Firefox 4.x through…
CVE-2012-0470 — CVSS 10.0 (critical): Heap-based buffer overflow in the nsSVGFEDiffuseLightingElement::LightPixel function in Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x…
CVE-2009-0773 — CVSS 10.0 (critical): The JavaScript engine in Mozilla Firefox before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey 1.1.15 allows remote attackers to cause a…
CVE-2009-3377 — CVSS 10.0 (critical): Multiple unspecified vulnerabilities in liboggz before cf5feeaab69b05e24, as used in Mozilla Firefox 3.5.x before 3.5.4, allow remote…
CVE-2008-2786 — CVSS 10.0 (critical): Buffer overflow in Firefox 3.0 and 2.0.x has unknown impact and attack vectors. NOTE: due to lack of details as of 20080619, it is not…
CVE-2015-2726 — CVSS 10.0 (critical): Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 39.0 allow remote attackers to cause a denial of…
CVE-2015-7205 — CVSS 10.0 (critical): Integer underflow in the RTPReceiverVideo::ParseRtpPacket function in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.5 might…
CVE-2012-5835 — CVSS 10.0 (critical): Integer overflow in the WebGL subsystem in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0…
CVE-2015-7203 — CVSS 10.0 (critical): Buffer overflow in the DirectWriteFontInfo::LoadFontFamilyData function in gfx/thebes/gfxDWriteFontList.cpp in Mozilla Firefox before 43.0…
CVE-2015-7202 — CVSS 10.0 (critical): Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 43.0 allow remote attackers to cause a denial of…
CVE-2012-3983 — CVSS 10.0 (critical): Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 16.0, Thunderbird before 16.0, and SeaMonkey before…
CVE-2012-1951 — CVSS 10.0 (critical): Use-after-free vulnerability in the nsSMILTimeValueSpec::IsEventBased function in Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before…
CVE-2012-1954 — CVSS 10.0 (critical): Use-after-free vulnerability in the nsDocument::AdoptNode function in Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6…
CVE-2012-1962 — CVSS 10.0 (critical): Use-after-free vulnerability in the JSDependentString::undepend function in Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before…
CVE-2013-0767 — CVSS 10.0 (critical): The nsSVGPathElement::GetPathLengthScale function in Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.1…
CVE-2012-1967 — CVSS 10.0 (critical): Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and…
CVE-2012-1970 — CVSS 10.0 (critical): Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird…
CVE-2009-0771 — CVSS 10.0 (critical): The layout engine in Mozilla Firefox before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey 1.1.15 allows remote attackers to cause a…
CVE-2012-1972 — CVSS 10.0 (critical): Use-after-free vulnerability in the nsHTMLEditor::CollapseAdjacentTextNodes function in Mozilla Firefox before 15.0, Firefox ESR 10.x…
CVE-2012-1973 — CVSS 10.0 (critical): Use-after-free vulnerability in the nsObjectLoadingContent::LoadObject function in Mozilla Firefox before 15.0, Firefox ESR 10.x before…
CVE-2012-1974 — CVSS 10.0 (critical): Use-after-free vulnerability in the gfxTextRun::CanBreakLineBefore function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7…
CVE-2012-1975 — CVSS 10.0 (critical): Use-after-free vulnerability in the PresShell::CompleteMove function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7…
CVE-2015-7220 — CVSS 10.0 (critical): Buffer overflow in the XDRBuffer::grow function in js/src/vm/Xdr.cpp in Mozilla Firefox before 43.0 might allow remote attackers to cause a…
CVE-2013-1701 — CVSS 10.0 (critical): Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 23.0, Firefox ESR 17.x before 17.0.8, Thunderbird…
CVE-2013-1702 — CVSS 10.0 (critical): Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 23.0 and SeaMonkey before 2.20 allow remote attackers…
CVE-2012-1976 — CVSS 10.0 (critical): Use-after-free vulnerability in the nsHTMLSelectElement::SubmitNamesValues function in Mozilla Firefox before 15.0, Firefox ESR 10.x before…
CVE-2013-1705 — CVSS 10.0 (critical): Heap-based buffer underflow in the cryptojs_interpret_key_gen_type function in Mozilla Firefox before 23.0 and SeaMonkey before 2.20 allows…
CVE-2015-7221 — CVSS 10.0 (critical): Buffer overflow in the nsDeque::GrowCapacity function in xpcom/glue/nsDeque.cpp in Mozilla Firefox before 43.0 might allow remote attackers…
CVE-2021-4140 — CVSS 10.0 (critical): It was possible to construct specific XSLT markup that would be able to bypass an iframe sandbox. This vulnerability affects Firefox ESR <…
CVE-2012-3956 — CVSS 10.0 (critical): Use-after-free vulnerability in the MediaStreamGraphThreadRunnable::Run function in Mozilla Firefox before 15.0, Firefox ESR 10.x before…
CVE-2013-5592 — CVSS 10.0 (critical): Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 25.0 allow remote attackers to cause a denial of…
CVE-2006-1790 — CVSS 10.0 (critical): A regression fix in Mozilla Firefox 1.0.7 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code…
CVE-2015-4497 — CVSS 10.0 (critical): Use-after-free vulnerability in the CanvasRenderingContext2D implementation in Mozilla Firefox before 40.0.3 and Firefox ESR 38.x before…
CVE-2012-3957 — CVSS 10.0 (critical): Heap-based buffer overflow in the nsBlockFrame::MarkLineDirty function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7…
CVE-2015-4486 — CVSS 10.0 (critical): The decrease_ref_count function in libvpx in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 allows remote attackers to…
CVE-2013-5597 — CVSS 10.0 (critical): Use-after-free vulnerability in the nsDocLoader::doStopDocumentLoad function in Mozilla Firefox before 25.0, Firefox ESR 17.x before…
CVE-2008-2811 — CVSS 10.0 (critical): The block reflow implementation in Mozilla Firefox before 2.0.0.15, Thunderbird 2.0.0.14 and earlier, and SeaMonkey before 1.1.10 allows…
CVE-2013-5599 — CVSS 10.0 (critical): Use-after-free vulnerability in the nsIPresShell::GetPresContext function in the PresShell (aka presentation shell) implementation in…
CVE-2013-5600 — CVSS 10.0 (critical): Use-after-free vulnerability in the nsIOService::NewChannelFromURIWithProxyFlags function in Mozilla Firefox before 25.0, Firefox ESR 17.x…
CVE-2013-5601 — CVSS 10.0 (critical): Use-after-free vulnerability in the nsEventListenerManager::SetEventHandler function in Mozilla Firefox before 25.0, Firefox ESR 17.x…
CVE-2013-5602 — CVSS 10.0 (critical): The Worker::SetEventListener function in the Web workers implementation in Mozilla Firefox before 25.0, Firefox ESR 17.x before 17.0.10 and…
CVE-2013-5603 — CVSS 10.0 (critical): Use-after-free vulnerability in the nsContentUtils::ContentIsHostIncludingDescendantOf function in Mozilla Firefox before 25.0, Firefox ESR…
CVE-2015-4485 — CVSS 10.0 (critical): Heap-based buffer overflow in the resize_context_buffers function in libvpx in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2…
CVE-2012-3958 — CVSS 10.0 (critical): Use-after-free vulnerability in the nsHTMLEditRules::DeleteNonTableElements function in Mozilla Firefox before 15.0, Firefox ESR 10.x…
CVE-2012-3959 — CVSS 10.0 (critical): Use-after-free vulnerability in the nsRangeUpdater::SelAdjDeleteNode function in Mozilla Firefox before 15.0, Firefox ESR 10.x before…
CVE-2013-1719 — CVSS 10.0 (critical): Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 24.0, Thunderbird before 24.0, and SeaMonkey before…
CVE-2012-3960 — CVSS 10.0 (critical): Use-after-free vulnerability in the mozSpellChecker::SetCurrentDictionary function in Mozilla Firefox before 15.0, Firefox ESR 10.x before…
CVE-2011-2371 — CVSS 10.0 (critical): Integer overflow in the Array.reduceRight method in Mozilla Firefox before 3.6.18 and 4.x through 4.0.1, Thunderbird before 3.1.11, and…
CVE-2026-2768 — CVSS 10.0 (critical): Sandbox escape in the Storage: IndexedDB component. This vulnerability was fixed in Firefox 148, Firefox ESR 140.8, Thunderbird 148, and…
CVE-2013-1718 — CVSS 10.0 (critical): Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 24.0, Firefox ESR 17.x before 17.0.9, Thunderbird…
CVE-2014-1512 — CVSS 10.0 (critical): Use-after-free vulnerability in the TypeObject class in the JavaScript engine in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4…
CVE-2012-3961 — CVSS 10.0 (critical): Use-after-free vulnerability in the RangeData implementation in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird…
CVE-2009-3381 — CVSS 10.0 (critical): Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 3.5.x before 3.5.4 allow remote attackers to cause a denial…
CVE-2015-4479 — CVSS 10.0 (critical): Multiple integer overflows in libstagefright in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 allow remote attackers to…
CVE-2015-4477 — CVSS 10.0 (critical): Use-after-free vulnerability in the MediaStream playback feature in Mozilla Firefox before 40.0 allows remote attackers to execute…
CVE-2012-3963 — CVSS 10.0 (critical): Use-after-free vulnerability in the js::gc::MapAllocToTraceKind function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7…
CVE-2014-1488 — CVSS 10.0 (critical): The Web workers implementation in Mozilla Firefox before 27.0 and SeaMonkey before 2.24 allows remote attackers to execute arbitrary code…
CVE-2012-3964 — CVSS 10.0 (critical): Use-after-free vulnerability in the gfxTextRun::GetUserData function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7…
CVE-2009-3071 — CVSS 10.0 (critical): Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.0.14, and 3.5.x before 3.5.2, allow remote attackers…
CVE-2012-3966 — CVSS 10.0 (critical): Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey…
CVE-2015-2740 — CVSS 10.0 (critical): Buffer overflow in the nsXMLHttpRequest::AppendToResponseText function in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and…
CVE-2015-2737 — CVSS 10.0 (critical): The rx::d3d11::SetBufferData function in the Direct3D 11 implementation in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and…
CVE-2014-1528 — CVSS 10.0 (critical): The sse2_composite_src_x888_8888 function in Pixman, as used in Cairo in Mozilla Firefox 28.0 and SeaMonkey 2.25 on Windows, allows remote…
CVE-2015-2734 — CVSS 10.0 (critical): The CairoTextureClientD3D9::BorrowDrawTarget function in the Direct3D 9 implementation in Mozilla Firefox before 39.0, Firefox ESR 31.x…
CVE-2015-2733 — CVSS 10.0 (critical): Use-after-free vulnerability in the CanonicalizeXPCOMParticipant function in Mozilla Firefox before 39.0 and Firefox ESR 31.x before 31.8…
CVE-2015-2731 — CVSS 10.0 (critical): Use-after-free vulnerability in the CSPService::ShouldLoad function in the microtask implementation in Mozilla Firefox before 39.0, Firefox…
CVE-2009-3380 — CVSS 10.0 (critical): Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 3.0.x before 3.0.15 and 3.5.x before 3.5.4 allow remote…
CVE-2014-1533 — CVSS 10.0 (critical): Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 30.0, Firefox ESR 24.x before 24.6, and Thunderbird…
CVE-2014-1534 — CVSS 10.0 (critical): Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 30.0 allow remote attackers to cause a denial of…
CVE-2015-2724 — CVSS 10.0 (critical): Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before…
CVE-2015-2722 — CVSS 10.0 (critical): Use-after-free vulnerability in the CanonicalizeXPCOMParticipant function in Mozilla Firefox before 39.0 and Firefox ESR 31.x before 31.8…
CVE-2014-1541 — CVSS 10.0 (critical): Use-after-free vulnerability in the RefreshDriverTimer::TickDriver function in the SMIL Animation Controller in Mozilla Firefox before…
CVE-2012-4212 — CVSS 10.0 (critical): Use-after-free vulnerability in the XPCWrappedNative::Mark function in Mozilla Firefox before 17.0, Thunderbird before 17.0, and SeaMonkey…
CVE-2015-4473 — CVSS 10.0 (critical): Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 allow remote…
CVE-2014-1544 — CVSS 10.0 (critical): Use-after-free vulnerability in the CERT_DestroyCertificate function in libnss3.so in Mozilla Network Security Services (NSS) 3.x, as used…
CVE-2012-4218 — CVSS 10.0 (critical): Use-after-free vulnerability in the BuildTextRunsScanner::BreakSink::SetBreaks function in Mozilla Firefox before 17.0, Thunderbird before…
CVE-2009-3079 — CVSS 10.0 (critical): Unspecified vulnerability in Mozilla Firefox before 3.0.14, and 3.5.x before 3.5.3, allows remote attackers to execute arbitrary JavaScript…
CVE-2011-0054 — CVSS 10.0 (critical): Buffer overflow in the JavaScript engine in Mozilla Firefox before 3.5.17 and 3.6.x before 3.6.14, and SeaMonkey before 2.0.12, might allow…
CVE-2011-0055 — CVSS 10.0 (critical): Use-after-free vulnerability in the JSON.stringify method in js3250.dll in Mozilla Firefox before 3.5.17 and 3.6.x before 3.6.14, and…
CVE-2011-2374 — CVSS 10.0 (critical): Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.6.18 and 4.x through 4.0.1, and Thunderbird before…
CVE-2011-2375 — CVSS 10.0 (critical): Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 5.0 and Thunderbird through 3.1.11 allow remote…
CVE-2008-2798 — CVSS 10.0 (critical): Multiple unspecified vulnerabilities in Mozilla Firefox before 2.0.0.15, Thunderbird 2.0.0.14 and earlier, and SeaMonkey before 1.1.10…
CVE-2011-2376 — CVSS 10.0 (critical): Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.6.18 and Thunderbird before 3.1.11 allow remote…
CVE-2013-1710 — CVSS 10.0 (critical): The crypto.generateCRMFRequest function in Mozilla Firefox before 23.0, Firefox ESR 17.x before 17.0.8, Thunderbird before 17.0.8…
CVE-2026-2761 — CVSS 10.0 (critical): Sandbox escape in the Graphics: WebRender component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8…
CVE-2011-2378 — CVSS 10.0 (critical): The appendChild function in Mozilla Firefox before 3.6.20, Thunderbird 3.x before 3.1.12, SeaMonkey 2.x, and possibly other products does…
CVE-2008-4064 — CVSS 10.0 (critical): Multiple unspecified vulnerabilities in Mozilla Firefox 3.x before 3.0.2 allow remote attackers to cause a denial of service (memory…
CVE-2026-2760 — CVSS 10.0 (critical): Sandbox escape due to incorrect boundary conditions in the Graphics: WebRender component. This vulnerability was fixed in Firefox 148…
CVE-2008-5014 — CVSS 10.0 (critical): jslock.cpp in Mozilla Firefox 3.x before 3.0.2, Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before…
CVE-2010-0174 — CVSS 10.0 (critical): Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.0.19, 3.5.x before 3.5.9, and 3.6.x before 3.6.2…
CVE-2010-2755 — CVSS 10.0 (critical): layout/generic/nsObjectFrame.cpp in Mozilla Firefox 3.6.7 does not properly free memory in the parameter array of a plugin instance, which…