CVE-2016-9079

Known exploited
Public exploit
A use-after-free vulnerability in SVG Animation has been discovered. An exploit built on this vulnerability has been discovered in the wild targeting Firefox and Tor Browser users on Windows. This vulnerability affects Firefox < 50.0.2, Firefox ESR < 45.5.1, and Thunderbird < 45.5.1.
Max CVSS
7.5
EPSS Score
95.25%
Published
2018-06-11
Updated
2018-08-09
CISA KEV Added
2023-06-22

CVE-2014-8636

Public exploit
The XrayWrapper implementation in Mozilla Firefox before 35.0 and SeaMonkey before 2.32 does not properly interact with a DOM object that has a named getter, which might allow remote attackers to execute arbitrary JavaScript code with chrome privileges via unspecified vectors.
Max CVSS
7.5
EPSS Score
93.70%
Published
2015-01-14
Updated
2017-09-08

CVE-2011-3658

Public exploit
The SVG implementation in Mozilla Firefox 8.0, Thunderbird 8.0, and SeaMonkey 2.5 does not properly interact with DOMAttrModified event handlers, which allows remote attackers to cause a denial of service (out-of-bounds memory access) or possibly have unspecified other impact via vectors involving removal of SVG elements.
Max CVSS
7.5
EPSS Score
95.52%
Published
2011-12-21
Updated
2017-12-29

CVE-2006-3677

Public exploit
Mozilla Firefox 1.5 before 1.5.0.5 and SeaMonkey before 1.0.3 allows remote attackers to execute arbitrary code by changing certain properties of the window navigator object (window.navigator) that are accessed when Java starts up, which causes a crash that leads to code execution.
Max CVSS
7.5
EPSS Score
97.34%
Published
2006-07-27
Updated
2018-10-18
In some circumstances, JIT compiled code could have dereferenced a wild pointer value. This could have led to an exploitable crash. This vulnerability affects Firefox < 122.
Max CVSS
7.5
EPSS Score
0.05%
Published
2024-01-23
Updated
2024-01-29
An unchecked return value in TLS handshake code could have caused a potentially exploitable crash. This vulnerability affects Firefox < 122, Firefox ESR < 115.9, and Thunderbird < 115.9.
Max CVSS
7.5
EPSS Score
0.10%
Published
2024-01-23
Updated
2024-03-25
Using a javascript: URI with a setTimeout race condition, an attacker can execute unauthorized scripts on top origin sites in urlbar. This bypasses security measures, potentially leading to arbitrary code execution or unauthorized actions within the user's loaded webpage. This vulnerability affects Focus for iOS < 122.
Max CVSS
7.5
EPSS Score
0.13%
Published
2024-01-22
Updated
2024-01-30
When opening Diagcab files, Firefox did not warn the user that these files may contain malicious code. This vulnerability affects Firefox < 115, Firefox ESR < 102.13, and Thunderbird < 102.13.
Max CVSS
7.8
EPSS Score
0.06%
Published
2023-07-05
Updated
2023-07-12
Insufficient validation in the Drag and Drop API in conjunction with social engineering, may have allowed an attacker to trick end-users into creating a shortcut to local system files. This could have been leveraged to execute arbitrary code. This vulnerability affects Firefox < 115.
Max CVSS
7.8
EPSS Score
0.05%
Published
2023-07-05
Updated
2024-01-07
Protocol handlers `ms-cxh` and `ms-cxh-full` could have been leveraged to trigger a denial of service. *Note: This attack only affects Windows. Other operating systems are not affected.* This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11.
Max CVSS
7.5
EPSS Score
0.08%
Published
2023-06-19
Updated
2024-01-07
A maliciously crafted favicon could have led to an out of memory crash. This vulnerability affects Firefox < 113.
Max CVSS
7.5
EPSS Score
0.05%
Published
2023-06-19
Updated
2024-01-07
Multiple race conditions in the font initialization could have led to memory corruption and execution of attacker-controlled code. This vulnerability affects Firefox for Android < 112, Firefox < 112, and Focus for Android < 112.
Max CVSS
7.5
EPSS Score
0.11%
Published
2023-06-02
Updated
2023-06-09
A potential use-after-free in libaudio was fixed by disabling the AAudio backend when running on Android API below version 30. *This bug only affects Firefox for Android. Other versions of Firefox are unaffected.* This vulnerability affects Firefox for Android < 110.1.0.
Max CVSS
7.5
EPSS Score
0.05%
Published
2023-06-19
Updated
2023-06-27
A lack of in app notification for entering fullscreen mode could have lead to a malicious website spoofing browser chrome.<br>*This bug only affects Firefox Focus. Other versions of Firefox are unaffected.*. This vulnerability affects Firefox < 110 and Firefox ESR < 102.8.
Max CVSS
7.5
EPSS Score
0.07%
Published
2023-06-02
Updated
2023-06-09
The return value from `gfx::SourceSurfaceSkia::Map()` wasn't being verified which could have potentially lead to a null pointer dereference. This vulnerability affects Firefox < 110.
Max CVSS
7.5
EPSS Score
0.05%
Published
2023-06-19
Updated
2023-06-27
During garbage collection extra operations were performed on a object that should not be. This could have led to a potentially exploitable crash. This vulnerability affects Firefox < 119, Firefox ESR < 115.4, and Thunderbird < 115.4.1.
Max CVSS
7.5
EPSS Score
0.08%
Published
2023-10-25
Updated
2023-11-02
Drivers are not always robust to extremely large draw calls and in some cases this scenario could have led to a crash. This vulnerability affects Firefox < 119, Firefox ESR < 115.4, and Thunderbird < 115.4.1.
Max CVSS
7.5
EPSS Score
0.08%
Published
2023-10-25
Updated
2023-11-02
In a non-standard configuration of Firefox, an integer overflow could have occurred based on network traffic (possibly under influence of a local unprivileged webpage), leading to an out-of-bounds write to privileged process memory. *This bug only affects Firefox if a non-standard preference allowing non-HTTPS Alternate Services (`network.http.altsvc.oe`) is enabled.* This vulnerability affects Firefox < 118.
Max CVSS
7.5
EPSS Score
0.05%
Published
2023-09-27
Updated
2024-01-07
In canvas rendering, a compromised content process could have caused a surface to change unexpectedly, leading to a memory leak of a privileged process. This memory leak could be used to effect a sandbox escape if the correct data was leaked. This vulnerability affects Firefox < 118.
Max CVSS
7.4
EPSS Score
0.06%
Published
2023-09-27
Updated
2024-01-07
When checking if the Browsing Context had been discarded in `HttpBaseChannel`, if the load group was not available then it was assumed to have already been discarded which was not always the case for private channels after the private session had ended. This vulnerability affects Firefox < 117, Firefox ESR < 115.2, and Thunderbird < 115.2.
Max CVSS
7.5
EPSS Score
0.05%
Published
2023-09-11
Updated
2023-09-14
When the number of cookies per domain was exceeded in `document.cookie`, the actual cookie jar sent to the host was no longer consistent with expected cookie jar state. This could have caused requests to be sent with some cookies missing. This vulnerability affects Firefox < 116, Firefox ESR < 102.14, and Firefox ESR < 115.1.
Max CVSS
7.5
EPSS Score
0.08%
Published
2023-08-01
Updated
2023-08-09
A website could have obscured the full screen notification by using the file open dialog. This could have led to user confusion and possible spoofing attacks. This vulnerability affects Firefox < 116, Firefox ESR < 115.2, and Thunderbird < 115.2.
Max CVSS
7.5
EPSS Score
0.11%
Published
2023-08-01
Updated
2023-09-11
In some cases, an untrusted input stream was copied to a stack buffer without checking its size. This resulted in a potentially exploitable crash which could have led to a sandbox escape. This vulnerability affects Firefox < 116, Firefox ESR < 102.14, and Firefox ESR < 115.1.
Max CVSS
7.5
EPSS Score
0.12%
Published
2023-08-01
Updated
2023-08-09
An out-of-bounds read could have led to an exploitable crash when parsing HTML with DOMParser in low memory situations. This vulnerability affects Firefox < 116, Firefox ESR < 102.14, and Firefox ESR < 115.1.
Max CVSS
7.5
EPSS Score
0.16%
Published
2023-08-01
Updated
2023-08-11
Thunderbird allowed the Text Direction Override Unicode Character in filenames. An email attachment could be incorrectly shown as being a document file, while in fact it was an executable file. Newer versions of Thunderbird will strip the character and show the correct file extension. This vulnerability affects Thunderbird < 115.0.1 and Thunderbird < 102.13.1.
Max CVSS
7.5
EPSS Score
0.05%
Published
2023-07-24
Updated
2023-08-01
415 vulnerabilities found
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!