Every CVE whose affected-product data names Mozilla Firefox Esr, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (200)
CVE-2015-2738 — CVSS 10.0 (critical): The YCbCrImageDataDeserializer::ToDataSourceSurface function in the YCbCr implementation in Mozilla Firefox before 39.0, Firefox ESR 31.x…
CVE-2015-2739 — CVSS 10.0 (critical): The ArrayBufferBuilder::append function in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and Thunderbird…
CVE-2015-2740 — CVSS 10.0 (critical): Buffer overflow in the nsXMLHttpRequest::AppendToResponseText function in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and…
CVE-2014-1533 — CVSS 10.0 (critical): Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 30.0, Firefox ESR 24.x before 24.6, and Thunderbird…
CVE-2014-1538 — CVSS 10.0 (critical): Use-after-free vulnerability in the nsTextEditRules::CreateMozBR function in Mozilla Firefox before 30.0, Firefox ESR 24.x before 24.6, and…
CVE-2014-1541 — CVSS 10.0 (critical): Use-after-free vulnerability in the RefreshDriverTimer::TickDriver function in the SMIL Animation Controller in Mozilla Firefox before…
CVE-2014-1544 — CVSS 10.0 (critical): Use-after-free vulnerability in the CERT_DestroyCertificate function in libnss3.so in Mozilla Network Security Services (NSS) 3.x, as used…
CVE-2014-1547 — CVSS 10.0 (critical): Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 31.0, Firefox ESR 24.x before 24.7, and Thunderbird…
CVE-2014-1551 — CVSS 10.0 (critical): Use-after-free vulnerability in the FontTableRec destructor in Mozilla Firefox before 31.0, Firefox ESR 24.x before 24.7, and Thunderbird…
CVE-2021-38503 — CVSS 10.0 (critical): The iframe sandbox rules were not correctly applied to XSLT stylesheets, allowing an iframe to bypass restrictions such as executing…
CVE-2020-12388 — CVSS 10.0 (critical): The Firefox content processes did not sufficiently lockdown access control which could result in a sandbox escape. *Note: this issue only…
CVE-2020-12389 — CVSS 10.0 (critical): The Firefox content processes did not sufficiently lockdown access control which could result in a sandbox escape. *Note: this issue only…
CVE-2014-1562 — CVSS 10.0 (critical): Unspecified vulnerability in the browser engine in Mozilla Firefox before 32.0, Firefox ESR 24.x before 24.8 and 31.x before 31.1, and…
CVE-2015-2722 — CVSS 10.0 (critical): Use-after-free vulnerability in the CanonicalizeXPCOMParticipant function in Mozilla Firefox before 39.0 and Firefox ESR 31.x before 31.8…
CVE-2015-2724 — CVSS 10.0 (critical): Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before…
CVE-2015-2725 — CVSS 10.0 (critical): Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 39.0, Firefox ESR 38.x before 38.1, and Thunderbird…
CVE-2021-4140 — CVSS 10.0 (critical): It was possible to construct specific XSLT markup that would be able to bypass an iframe sandbox. This vulnerability affects Firefox ESR <…
CVE-2015-2731 — CVSS 10.0 (critical): Use-after-free vulnerability in the CSPService::ShouldLoad function in the microtask implementation in Mozilla Firefox before 39.0, Firefox…
CVE-2015-2733 — CVSS 10.0 (critical): Use-after-free vulnerability in the CanonicalizeXPCOMParticipant function in Mozilla Firefox before 39.0 and Firefox ESR 31.x before 31.8…
CVE-2015-2734 — CVSS 10.0 (critical): The CairoTextureClientD3D9::BorrowDrawTarget function in the Direct3D 9 implementation in Mozilla Firefox before 39.0, Firefox ESR 31.x…
CVE-2015-2737 — CVSS 10.0 (critical): The rx::d3d11::SetBufferData function in the Direct3D 11 implementation in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and…
CVE-2022-29917 — CVSS 9.8 (critical): Mozilla developers Andrew McCreight, Gabriele Svelto, Tom Ritter and the Mozilla Fuzzing Team reported memory safety bugs present in…
CVE-2024-8387 — CVSS 9.8 (critical): Memory safety bugs present in Firefox 129, Firefox ESR 128.1, and Thunderbird 128.1. Some of these bugs showed evidence of memory…
CVE-2017-7784 — CVSS 9.8 (critical): A use-after-free vulnerability can occur when reading an image observer during frame reconstruction after the observer has been freed. This…
CVE-2017-7786 — CVSS 9.8 (critical): A buffer overflow can occur when the image renderer attempts to paint non-displayable SVG elements. This results in a potentially…
CVE-2023-5174 — CVSS 9.8 (critical): If Windows failed to duplicate a handle during process creation, the sandbox code may have inadvertently freed a pointer twice, resulting…
CVE-2020-6825 — CVSS 9.8 (critical): Mozilla developers and community members Tyson Smith and Christian Holler reported memory safety bugs present in Firefox 74 and Firefox ESR…
CVE-2022-31737 — CVSS 9.8 (critical): A malicious webpage could have caused an out-of-bounds write in WebGL, leading to memory corruption and a potentially exploitable crash…
CVE-2023-34416 — CVSS 9.8 (critical): Memory safety bugs present in Firefox 113, Firefox ESR 102.11, and Thunderbird 102.12. Some of these bugs showed evidence of memory…
CVE-2023-5730 — CVSS 9.8 (critical): Memory safety bugs present in Firefox 118, Firefox ESR 115.3, and Thunderbird 115.3. Some of these bugs showed evidence of memory…
CVE-2022-31747 — CVSS 9.8 (critical): Mozilla developers Andrew McCreight, Nicolas B. Pierron, and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 100…
CVE-2023-4057 — CVSS 9.8 (critical): Memory safety bugs present in Firefox 115, Firefox ESR 115.0, and Thunderbird 115.0. Some of these bugs showed evidence of memory…
CVE-2019-9795 — CVSS 9.8 (critical): A vulnerability where type-confusion in the IonMonkey just-in-time (JIT) compiler could potentially be used by malicious JavaScript to…
CVE-2019-9800 — CVSS 9.8 (critical): Mozilla developers and community members reported memory safety bugs present in Firefox 66, Firefox ESR 60.6, and Thunderbird 60.6. Some of…
CVE-2021-4129 — CVSS 9.8 (critical): Mozilla developers and community members Julian Hector, Randell Jesup, Gabriele Svelto, Tyson Smith, Christian Holler, and Masayuki Nakano…
CVE-2020-6814 — CVSS 9.8 (critical): Mozilla developers reported memory safety bugs present in Firefox and Thunderbird 68.5. Some of these bugs showed evidence of memory…
CVE-2023-29542 — CVSS 9.8 (critical): A newline in a filename could have been used to bypass the file extension security mechanisms that replace malicious file extensions such…
CVE-2019-9819 — CVSS 9.8 (critical): A vulnerability where a JavaScript compartment mismatch can occur while working with the fetch API, resulting in a potentially exploitable…
CVE-2019-9820 — CVSS 9.8 (critical): A use-after-free vulnerability can occur in the chrome event handler when it is freed while still in use. This results in a potentially…
CVE-2020-6831 — CVSS 9.8 (critical): A buffer overflow could occur when parsing and validating SCTP chunks in WebRTC. This could have led to memory corruption and a potentially…
CVE-2024-8381 — CVSS 9.8 (critical): A potentially exploitable type confusion could be triggered when looking up a property name on an object being used as the `with`…
CVE-2020-15683 — CVSS 9.8 (critical): Mozilla developers and community members reported memory safety bugs present in Firefox 81 and Firefox ESR 78.3. Some of these bugs showed…
CVE-2023-5168 — CVSS 9.8 (critical): A compromised content process could have provided malicious data to `FilterNodeD2D1` resulting in an out-of-bounds write, leading to a…
CVE-2020-12395 — CVSS 9.8 (critical): Mozilla developers and community members reported memory safety bugs present in Firefox 75 and Firefox ESR 68.7. Some of these bugs showed…
CVE-2022-31736 — CVSS 9.8 (critical): A malicious website could have learned the size of a cross-origin resource that supported Range requests. This vulnerability affects…
CVE-2023-29531 — CVSS 9.8 (critical): An attacker could have caused an out of bounds memory access using WebGL APIs, leading to memory corruption and a potentially exploitable…
CVE-2018-18498 — CVSS 9.8 (critical): A potential vulnerability leading to an integer overflow can occur during buffer size calculations for images when a raw value is used…
CVE-2022-46882 — CVSS 9.8 (critical): A use-after-free in WebGL extensions could have led to a potentially exploitable crash. This vulnerability affects Firefox < 107, Firefox…
CVE-2022-34470 — CVSS 9.8 (critical): Session history navigations may have led to a use-after-free and potentially exploitable crash. This vulnerability affects Firefox < 102…
CVE-2018-18500 — CVSS 9.8 (critical): A use-after-free vulnerability can occur while parsing an HTML5 stream in concert with custom HTML elements. This results in the stream…
CVE-2018-18501 — CVSS 9.8 (critical): Mozilla developers and community members reported memory safety bugs present in Firefox 64 and Firefox ESR 60.4. Some of these bugs showed…
CVE-2023-5176 — CVSS 9.8 (critical): Memory safety bugs present in Firefox 117, Firefox ESR 115.2, and Thunderbird 115.2. Some of these bugs showed evidence of memory…
CVE-2018-5188 — CVSS 9.8 (critical): Memory safety bugs present in Firefox 60, Firefox ESR 60, and Firefox ESR 52.8. Some of these bugs showed evidence of memory corruption and…
CVE-2024-8385 — CVSS 9.8 (critical): A difference in the handling of StructFields and ArrayTypes in WASM could be used to trigger an exploitable type confusion vulnerability…
CVE-2021-4127 — CVSS 9.8 (critical): An out of date graphics library (Angle) likely contained vulnerabilities that could potentially be exploited. This vulnerability affects…
CVE-2024-8384 — CVSS 9.8 (critical): The JavaScript garbage collector could mis-color cross-compartment objects if OOM conditions were detected at the right point between two…
CVE-2022-45406 — CVSS 9.8 (critical): If an out-of-memory condition occurred when creating a JavaScript global, a JavaScript realm may be deleted while references to it lived on…
CVE-2019-11691 — CVSS 9.8 (critical): A use-after-free vulnerability can occur when working with XMLHttpRequest (XHR) in an event loop, causing the XHR main thread to be called…
CVE-2017-5428 — CVSS 9.8 (critical): An integer overflow in "createImageBitmap()" was reported through the Pwn2Own contest. The fix for this vulnerability disables the…
CVE-2022-26384 — CVSS 9.6 (critical): If an attacker could control the contents of an iframe sandboxed with <code>allow-popups</code> but not <code>allow-scripts</code>, they…
CVE-2024-7519 — CVSS 9.6 (critical): Insufficient checks when processing graphics shared memory could have led to memory corruption. This could be leveraged by an attacker to…
CVE-2022-22759 — CVSS 9.6 (critical): If a document created a sandboxed iframe without <code>allow-scripts</code>, and subsequently appended an element to the iframe's document…
CVE-2015-2736 — CVSS 9.3 (critical): The nsZipArchive::BuildFileList function in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and Thunderbird…
CVE-2014-1557 — CVSS 9.3 (critical): The ConvolveHorizontally function in Skia, as used in Mozilla Firefox before 31.0, Firefox ESR 24.x before 24.7, and Thunderbird before…
CVE-2014-1555 — CVSS 9.3 (critical): Use-after-free vulnerability in the nsDocLoader::OnProgress function in Mozilla Firefox before 31.0, Firefox ESR 24.x before 24.7, and…
CVE-2014-1556 — CVSS 9.3 (critical): Mozilla Firefox before 31.0, Firefox ESR 24.x before 24.7, and Thunderbird before 24.7 allow remote attackers to execute arbitrary code via…
CVE-2015-2735 — CVSS 9.3 (critical): nsZipArchive.cpp in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and Thunderbird before 38.1 accesses…
CVE-2014-1567 — CVSS 9.3 (critical): Use-after-free vulnerability in DirectionalityUtils.cpp in Mozilla Firefox before 32.0, Firefox ESR 24.x before 24.8 and 31.x before 31.1…
CVE-2024-7527 — CVSS 8.8 (high): Unexpected marking work at the start of sweeping could have led to a use-after-free. This vulnerability affects Firefox < 129, Firefox ESR…
CVE-2022-34484 — CVSS 8.8 (high): The Mozilla Fuzzing Team reported potential vulnerabilities present in Thunderbird 91.10. Some of these bugs showed evidence of memory…
CVE-2022-34481 — CVSS 8.8 (high): In the <code>nsTArray_Impl::ReplaceElementsAt()</code> function, an integer overflow could have occurred when the number of elements to…
CVE-2024-7522 — CVSS 8.8 (high): Editor code failed to check an attribute value. This could have led to an out-of-bounds read. This vulnerability affects Firefox < 129…
CVE-2020-12406 — CVSS 8.8 (high): Mozilla Developer Iain Ireland discovered a missing type check during unboxed objects removal, resulting in a crash. We presume that with…
CVE-2020-12410 — CVSS 8.8 (high): Mozilla developers reported memory safety bugs present in Firefox 76 and Firefox ESR 68.8. Some of these bugs showed evidence of memory…
CVE-2023-6856 — CVSS 8.8 (high): The WebGL `DrawElementsInstanced` method was susceptible to a heap buffer overflow when used on systems with the Mesa VM driver. This issue…
CVE-2020-12417 — CVSS 8.8 (high): Due to confusion about ValueTags on JavaScript Objects, an object may pass through the type barrier, resulting in memory corruption and a…
CVE-2020-12419 — CVSS 8.8 (high): When processing callbacks that occurred during window flushing in the parent process, the associated window may die; causing a…
CVE-2020-12420 — CVSS 8.8 (high): When trying to connect to a STUN server, a race condition could have caused a use-after-free of a pointer, leading to memory corruption and…
CVE-2022-34468 — CVSS 8.8 (high): An iframe that was not permitted to run scripts could do so if the user clicked on a <code>javascript:</code> link. This vulnerability…
CVE-2024-7521 — CVSS 8.8 (high): Incomplete WebAssembly exception handing could have led to a use-after-free. This vulnerability affects Firefox < 129, Firefox ESR <…
CVE-2024-7520 — CVSS 8.8 (high): A type confusion bug in WebAssembly could be leveraged by an attacker to potentially achieve code execution. This vulnerability affects…
CVE-2023-6858 — CVSS 8.8 (high): Firefox was susceptible to a heap buffer overflow in `nsTextFragment` due to insufficient OOM handling. This vulnerability affects Firefox…
CVE-2022-31741 — CVSS 8.8 (high): A crafted CMS message could have been processed incorrectly, leading to an invalid memory read, and potentially further memory corruption…
CVE-2022-31740 — CVSS 8.8 (high): On arm64, WASM code could have resulted in incorrect assembly generation leading to a register allocation problem, and a potentially…
CVE-2020-15656 — CVSS 8.8 (high): JIT optimizations involving the Javascript arguments object could confuse later optimizations. This risk was already mitigated by various…
CVE-2023-4585 — CVSS 8.8 (high): Memory safety bugs present in Firefox 116, Firefox ESR 115.1, and Thunderbird 115.1. Some of these bugs showed evidence of memory…
CVE-2022-31739 — CVSS 8.8 (high): When downloading files on Windows, the % character was not escaped, which could have lead to a download incorrectly being saved to…
CVE-2020-15659 — CVSS 8.8 (high): Mozilla developers and community members reported memory safety bugs present in Firefox 78 and Firefox ESR 78.0. Some of these bugs showed…
CVE-2020-15663 — CVSS 8.8 (high): If Firefox is installed to a user-writable directory, the Mozilla Maintenance Service would execute updater.exe from the install location…
CVE-2020-15669 — CVSS 8.8 (high): When aborting an operation, such as a fetch, an abort signal may be deleted while alerting the objects to be notified. This results in a…
CVE-2020-15670 — CVSS 8.8 (high): Mozilla developers reported memory safety bugs present in Firefox for Android 79. Some of these bugs showed evidence of memory corruption…
CVE-2020-15673 — CVSS 8.8 (high): Mozilla developers reported memory safety bugs present in Firefox 80 and Firefox ESR 78.2. Some of these bugs showed evidence of memory…
CVE-2020-15678 — CVSS 8.8 (high): When recursing through graphical layers while scrolling, an iterator may have become invalid, resulting in a potential use-after-free. This…
CVE-2021-23994 — CVSS 8.8 (high): A WebGL framebuffer was not initialized early enough, resulting in memory corruption and an out of bound write. This vulnerability affects…
CVE-2023-6864 — CVSS 8.8 (high): Memory safety bugs present in Firefox 120, Firefox ESR 115.5, and Thunderbird 115.5. Some of these bugs showed evidence of memory…
CVE-2021-38510 — CVSS 8.8 (high): The executable file warning was not presented when downloading .inetloc files, which, due to a flaw in Mac OS, can run commands on a user's…
CVE-2023-4584 — CVSS 8.8 (high): Memory safety bugs present in Firefox 116, Firefox ESR 102.14, Firefox ESR 115.1, Thunderbird 102.14, and Thunderbird 115.1. Some of these…
CVE-2023-4582 — CVSS 8.8 (high): Due to large allocation checks in Angle for glsl shaders being too lenient a buffer overflow could have occurred when allocating too much…
CVE-2023-37211 — CVSS 8.8 (high): Memory safety bugs present in Firefox 114, Firefox ESR 102.12, and Thunderbird 102.12. Some of these bugs showed evidence of memory…
CVE-2023-37202 — CVSS 8.8 (high): Cross-compartment wrappers wrapping a scripted proxy could have caused objects from other compartments to be stored in the main compartment…
CVE-2023-37201 — CVSS 8.8 (high): An attacker could have triggered a use-after-free condition when creating a WebRTC connection over HTTPS. This vulnerability affects…
CVE-2023-3600 — CVSS 8.8 (high): During the worker lifecycle, a use-after-free condition could have occurred, which could have led to a potentially exploitable crash. This…
CVE-2023-32215 — CVSS 8.8 (high): Mozilla developers and community members Gabriele Svelto, Andrew Osmond, Emily McDonough, Sebastian Hengst, Andrew McCreight and the…
CVE-2023-32213 — CVSS 8.8 (high): When reading a file, an uninitialized value could have been used as read limit. This vulnerability affects Firefox < 113, Firefox ESR <…
CVE-2023-32207 — CVSS 8.8 (high): A missing delay in popup notifications could have made it possible for an attacker to trick a user into granting permissions. This…
CVE-2023-29550 — CVSS 8.8 (high): Memory safety bugs present in Firefox 111 and Firefox ESR 102.9. Some of these bugs showed evidence of memory corruption and we presume…
CVE-2023-29541 — CVSS 8.8 (high): Firefox did not properly handle downloads of files ending in <code>.desktop</code>, which can be interpreted to run attacker-controlled…
CVE-2023-29539 — CVSS 8.8 (high): When handling the filename directive in the Content-Disposition header, the filename would be truncated if the filename contained a NULL…
CVE-2023-29536 — CVSS 8.8 (high): An attacker could cause the memory manager to incorrectly free a pointer that addresses attacker-controlled memory, resulting in an…
CVE-2023-6207 — CVSS 8.8 (high): Ownership mismanagement led to a use-after-free in ReadableByteStreams This vulnerability affects Firefox < 120, Firefox ESR < 115.5.0, and…
CVE-2023-28176 — CVSS 8.8 (high): Memory safety bugs present in Firefox 110 and Firefox ESR 102.8. Some of these bugs showed evidence of memory corruption and we presume…
CVE-2023-28162 — CVSS 8.8 (high): While implementing AudioWorklets, some code may have casted one type to another, invalid, dynamic type. This could have led to a…
CVE-2023-25746 — CVSS 8.8 (high): Memory safety bugs present in Firefox ESR 102.7. Some of these bugs showed evidence of memory corruption and we presume that with enough…
CVE-2023-25744 — CVSS 8.8 (high): Mmemory safety bugs present in Firefox 109 and Firefox ESR 102.7. Some of these bugs showed evidence of memory corruption and we presume…
CVE-2023-25739 — CVSS 8.8 (high): Module load requests that failed were not being checked as to whether or not they were cancelled causing a use-after-free in…
CVE-2023-25737 — CVSS 8.8 (high): An invalid downcast from <code>nsTextNode</code> to <code>SVGElement</code> could have lead to undefined behavior. This vulnerability…
CVE-2018-12359 — CVSS 8.8 (high): A buffer overflow can occur when rendering canvas content while adjusting the height and width of the canvas element dynamically, causing…
CVE-2018-12360 — CVSS 8.8 (high): A use-after-free vulnerability can occur when deleting an input element during a mutation event handler triggered by focusing that element…
CVE-2018-12361 — CVSS 8.8 (high): An integer overflow can occur in the SwizzleData code while calculating buffer sizes. The overflowed value is used for subsequent graphics…
CVE-2018-12362 — CVSS 8.8 (high): An integer overflow can occur during graphics operations done by the Supplemental Streaming SIMD Extensions 3 (SSSE3) scaler, resulting in…
CVE-2018-12363 — CVSS 8.8 (high): A use-after-free vulnerability can occur when script uses mutation events to move DOM nodes between documents, resulting in the old…
CVE-2018-12364 — CVSS 8.8 (high): NPAPI plugins, such as Adobe Flash, can send non-simple cross-origin requests, bypassing CORS by making a same-origin POST that does a 307…
CVE-2023-25735 — CVSS 8.8 (high): Cross-compartment wrappers wrapping a scripted proxy could have caused objects from other compartments to be stored in the main compartment…
CVE-2023-25732 — CVSS 8.8 (high): When encoding data from an <code>inputStream</code> in <code>xpcom</code> the size of the input being encoded was not correctly calculated…
CVE-2023-6208 — CVSS 8.8 (high): When using X11, text selected by the page using the Selection API was erroneously copied into the primary selection, a temporary storage…
CVE-2018-12391 — CVSS 8.8 (high): During HTTP Live Stream playback on Firefox for Android, audio data can be accessed across origins in violation of security policies…
CVE-2023-25729 — CVSS 8.8 (high): Permission prompts for opening external schemes were only shown for <code>ContentPrincipals</code> resulting in extensions being able to…
CVE-2023-23605 — CVSS 8.8 (high): Mozilla developers and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 108 and Firefox ESR 102.6. Some of these…
CVE-2023-0767 — CVSS 8.8 (high): An attacker could construct a PKCS 12 cert bundle in such a way that could allow for arbitrary memory writes via PKCS 12 Safe Bag…
CVE-2022-46881 — CVSS 8.8 (high): An optimization in WebGL was incorrect in some cases, and could have led to memory corruption and a potentially exploitable crash. *Note*…
CVE-2019-11735 — CVSS 8.8 (high): Mozilla developers and community members reported memory safety bugs present in Firefox 68 and Firefox ESR 68. Some of these bugs showed…
CVE-2022-46878 — CVSS 8.8 (high): Mozilla developers Randell Jesup, Valentin Gosu, Olli Pettay, and the Mozilla Fuzzing Team reported memory safety bugs present in…
CVE-2022-46874 — CVSS 8.8 (high): A file with a long filename could have had its filename truncated to remove the valid extension, leaving a malicious extension in its…
CVE-2019-11740 — CVSS 8.8 (high): Mozilla developers and community members reported memory safety bugs present in Firefox 68, Firefox ESR 68, and Firefox 60.8. Some of these…
CVE-2024-8382 — CVSS 8.8 (high): Internal browser event interfaces were exposed to web content when privileged EventHandler listener callbacks ran for those events. Web…
CVE-2019-11745 — CVSS 8.8 (high): When encrypting with a block cipher, if a call to NSC_EncryptUpdate was made with data smaller than the block size, a small out of bounds…
CVE-2019-11746 — CVSS 8.8 (high): A use-after-free vulnerability can occur while manipulating video elements if the body is freed while still in use. This results in a…
CVE-2022-45421 — CVSS 8.8 (high): Mozilla developers Andrew McCreight and Gabriele Svelto reported memory safety bugs present in Thunderbird 102.4. Some of these bugs showed…
CVE-2022-45412 — CVSS 8.8 (high): When resolving a symlink such as <code>file:///proc/self/fd/1</code>, an error message may be produced where the symlink was resolved to a…
CVE-2022-45409 — CVSS 8.8 (high): The garbage collector could have been aborted in several states and zones and <code>GCRuntime::finishCollection</code> may not have been…
CVE-2019-11751 — CVSS 8.8 (high): Logging-related command line parameters are not properly sanitized when Firefox is launched by another program, such as when a user clicks…
CVE-2019-11752 — CVSS 8.8 (high): It is possible to delete an IndexedDB key value and subsequently try to extract it during conversion. This results in a use-after-free and…
CVE-2019-11757 — CVSS 8.8 (high): When following the value's prototype chain, it was possible to retain a reference to a locale, delete it, and subsequently reference it…
CVE-2019-11758 — CVSS 8.8 (high): Mozilla community member Philipp reported a memory safety bug present in Firefox 68 when 360 Total Security was installed. This bug showed…
CVE-2019-11759 — CVSS 8.8 (high): An attacker could have caused 4 bytes of HMAC output to be written past the end of a buffer stored on the stack. This could be used by an…
CVE-2019-11760 — CVSS 8.8 (high): A fixed-size stack buffer could overflow in nrappkit when doing WebRTC signaling. This resulted in a potentially exploitable crash in some…
CVE-2022-42932 — CVSS 8.8 (high): Mozilla developers Ashley Hale and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 105 and Firefox ESR 102.3. Some…
CVE-2022-42928 — CVSS 8.8 (high): Certain types of allocations were missing annotations that, if the Garbage Collector was in a specific state, could have lead to memory…
CVE-2019-11764 — CVSS 8.8 (high): Mozilla developers and community members reported memory safety bugs present in Firefox 69 and Firefox ESR 68.1. Some of these bugs showed…
CVE-2019-17005 — CVSS 8.8 (high): The plain text serializer used a fixed-size array for the number of <ol> elements it could process; however it was possible to overflow the…
CVE-2019-17008 — CVSS 8.8 (high): When using nested workers, a use-after-free could occur during worker destruction. This resulted in a potentially exploitable crash. This…
CVE-2022-40962 — CVSS 8.8 (high): Mozilla developers Nika Layzell, Timothy Nikkel, Sebastian Hengst, Andreas Pehrson, and the Mozilla Fuzzing Team reported memory safety…
CVE-2019-17012 — CVSS 8.8 (high): Mozilla developers reported memory safety bugs present in Firefox 70 and Firefox ESR 68.2. Some of these bugs showed evidence of memory…
CVE-2019-17015 — CVSS 8.8 (high): During the initialization of a new content process, a pointer offset can be manipulated leading to memory corruption and a potentially…
CVE-2022-38478 — CVSS 8.8 (high): Members the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 103, Firefox ESR 102.1, and Firefox ESR 91.12. Some of…
CVE-2019-17017 — CVSS 8.8 (high): Due to a missing case handling object types, a type confusion vulnerability could occur, resulting in a crash. We presume that with enough…
CVE-2022-38477 — CVSS 8.8 (high): Mozilla developer Nika Layzell and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 103 and Firefox ESR 102.1. Some…
CVE-2022-38473 — CVSS 8.8 (high): A cross-origin iframe referencing an XSLT document would inherit the parent domain's permissions (such as microphone or camera access)…
CVE-2019-17024 — CVSS 8.8 (high): Mozilla developers reported memory safety bugs present in Firefox 71 and Firefox ESR 68.3. Some of these bugs showed evidence of memory…
CVE-2023-6212 — CVSS 8.8 (high): Memory safety bugs present in Firefox 119, Firefox ESR 115.4, and Thunderbird 115.4. Some of these bugs showed evidence of memory…
CVE-2024-7528 — CVSS 8.8 (high): Incorrect garbage collection interaction in IndexedDB could have led to a use-after-free. This vulnerability affects Firefox < 129, Firefox…
CVE-2021-29988 — CVSS 8.8 (high): Firefox incorrectly treated an inline list-item element as a block element, resulting in an out of bounds read or memory corruption, and a…
CVE-2021-29989 — CVSS 8.8 (high): Mozilla developers reported memory safety bugs present in Firefox 90 and Firefox ESR 78.12. Some of these bugs showed evidence of memory…
CVE-2023-6863 — CVSS 8.8 (high): The `ShutdownObserver()` was susceptible to potentially undefined behavior due to its reliance on a dynamic type that lacked a virtual…
CVE-2021-38493 — CVSS 8.8 (high): Mozilla developers reported memory safety bugs present in Firefox 91 and Firefox ESR 78.13. Some of these bugs showed evidence of memory…
CVE-2021-38495 — CVSS 8.8 (high): Mozilla developers reported memory safety bugs present in Thunderbird 78.13.0. Some of these bugs showed evidence of memory corruption and…
CVE-2021-38496 — CVSS 8.8 (high): During operations on MessageTasks, a task may have been removed while it was still scheduled, resulting in memory corruption and a…
CVE-2021-43537 — CVSS 8.8 (high): An incorrect type conversion of sizes from 64bit to 32bit integers allowed an attacker to corrupt memory leading to a potentially…
CVE-2021-43535 — CVSS 8.8 (high): A use-after-free could have occured when an HTTP2 session object was released on a different thread, leading to memory corruption and a…
CVE-2021-38500 — CVSS 8.8 (high): Mozilla developers reported memory safety bugs present in Firefox 92 and Firefox ESR 91.1. Some of these bugs showed evidence of memory…
CVE-2021-38501 — CVSS 8.8 (high): Mozilla developers reported memory safety bugs present in Firefox 92 and Firefox ESR 91.1. Some of these bugs showed evidence of memory…
CVE-2021-38504 — CVSS 8.8 (high): When interacting with an HTML input element's file picker dialog with webkitdirectory set, a use-after-free could have resulted, leading to…
CVE-2021-43534 — CVSS 8.8 (high): Mozilla developers and community members reported memory safety bugs present in Firefox 93 and Firefox ESR 91.2. Some of these bugs showed…
CVE-2020-26950 — CVSS 8.8 (high): In certain circumstances, the MCallGetProperty opcode can be emitted with unmet assumptions resulting in an exploitable use-after-free…
CVE-2022-29909 — CVSS 8.8 (high): Documents in deeply-nested cross-origin browsing contexts could have obtained permissions granted to the top-level origin, bypassing the…
CVE-2022-28289 — CVSS 8.8 (high): Mozilla developers and community members Nika Layzell, Andrew McCreight, Gabriele Svelto, and the Mozilla Fuzzing Team reported memory…
CVE-2023-6859 — CVSS 8.8 (high): A use-after-free condition affected TLS socket creation when under memory pressure. This vulnerability affects Firefox ESR < 115.6…
CVE-2020-26959 — CVSS 8.8 (high): During browser shutdown, reference decrementing could have occured on a previously freed object, resulting in a use-after-free, memory…
CVE-2020-26960 — CVSS 8.8 (high): If the Compact() method was called on an nsTArray, the array could have been reallocated without updating other pointers, leading to a…
CVE-2022-28281 — CVSS 8.8 (high): If a compromised content process sent an unexpected number of WebAuthN Extensions in a Register command to the parent process, an out of…
CVE-2022-26381 — CVSS 8.8 (high): An attacker could have caused a use-after-free by forcing a text reflow in an SVG object leading to a potentially exploitable crash. This…
CVE-2020-26968 — CVSS 8.8 (high): Mozilla developers reported memory safety bugs present in Firefox 82 and Firefox ESR 78.4. Some of these bugs showed evidence of memory…
CVE-2020-26971 — CVSS 8.8 (high): Certain blit values provided by the user were not properly constrained leading to a heap buffer overflow on some video drivers. This…
CVE-2020-26973 — CVSS 8.8 (high): Certain input to the CSS Sanitizer confused it, resulting in incorrect components being removed. This could have been used as a sanitizer…
CVE-2020-26974 — CVSS 8.8 (high): When flex-basis was used on a table wrapper, a StyleGenericFlexBasis object could have been incorrectly cast to the wrong type. This…
CVE-2022-2505 — CVSS 8.8 (high): Mozilla developers and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 102. Some of these bugs showed evidence of…
CVE-2022-22764 — CVSS 8.8 (high): Mozilla developers Paul Adenot and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 96 and Firefox ESR 91.5. Some of…
CVE-2020-35112 — CVSS 8.8 (high): If a user downloaded a file lacking an extension on Windows, and then "Open"-ed it from the downloads panel, if there was an executable…
CVE-2020-35113 — CVSS 8.8 (high): Mozilla developers reported memory safety bugs present in Firefox 83 and Firefox ESR 78.5. Some of these bugs showed evidence of memory…
CVE-2020-6796 — CVSS 8.8 (high): A content process could have modified shared memory relating to crash reporting information, crash itself, and cause an out-of-bound write…
CVE-2024-0755 — CVSS 8.8 (high): Memory safety bugs present in Firefox 121, Firefox ESR 115.6, and Thunderbird 115.6. Some of these bugs showed evidence of memory…
CVE-2022-22763 — CVSS 8.8 (high): When a worker is shutdown, it was possible to cause script to run late in the lifecycle, at a point after where it should not be possible…
CVE-2020-6799 — CVSS 8.8 (high): Command line arguments could have been injected during Firefox invocation as a shell handler for certain unsupported file types. This…
CVE-2020-6800 — CVSS 8.8 (high): Mozilla developers and community members reported memory safety bugs present in Firefox 72 and Firefox ESR 68.4. Some of these bugs showed…
CVE-2020-6805 — CVSS 8.8 (high): When removing data about an origin whose tab was recently closed, a use-after-free could occur in the Quota manager, resulting in a…
CVE-2020-6806 — CVSS 8.8 (high): By carefully crafting promise resolutions, it was possible to cause an out-of-bounds read off the end of an array resized during script…
CVE-2020-6807 — CVSS 8.8 (high): When a device was changed while a stream was about to be destroyed, the <code>stream-reinit</code> task may have been executed after the…
CVE-2020-6811 — CVSS 8.8 (high): The 'Copy as cURL' feature of Devtools' network tab did not properly escape the HTTP method of a request, which can be controlled by the…
CVE-2022-22761 — CVSS 8.8 (high): Web-accessible extension pages (pages with a moz-extension:// scheme) were not correctly enforcing the frame-ancestors directive when it…
CVE-2020-6822 — CVSS 8.8 (high): On 32-bit builds, an out of bounds write could have occurred when processing an image larger than 4 GB in <code>GMPDecodeData</code>. It is…