| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1 |
CVE-2018-12383 |
200 |
|
+Info |
2018-10-18 |
2018-12-04 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
If a user saved passwords before Firefox 58 and then later set a master password, an unencrypted copy of these passwords is still accessible. This is because the older stored password file was not deleted when the data was copied to a new format starting in Firefox 58. The new master password is added only on the new file. This could allow the exposure of stored password data outside of user expectations. This vulnerability affects Firefox < 62, Firefox ESR < 60.2.1, and Thunderbird < 60.2.1. |
|
2 |
CVE-2017-7768 |
200 |
|
+Priv Bypass +Info |
2018-06-11 |
2018-08-13 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
The Mozilla Maintenance Service can be invoked by an unprivileged user to read 32 bytes of any arbitrary file on the local system by convincing the service that it is reading a status file provided by the Mozilla Windows Updater. The Mozilla Maintenance Service executes with privileged access, bypassing system protections against unprivileged users. Note: This attack requires local system access and only affects Windows. Other operating systems are not affected. This vulnerability affects Firefox ESR < 52.2 and Firefox < 54. |
|
3 |
CVE-2017-7767 |
264 |
|
|
2018-06-11 |
2018-08-13 |
2.1 |
None |
Local |
Low |
Not required |
None |
Partial |
None |
|
The Mozilla Maintenance Service can be invoked by an unprivileged user to overwrite arbitrary files with junk data using the Mozilla Windows Updater, which runs with the Maintenance Service's privileged access. Note: This attack requires local system access and only affects Windows. Other operating systems are not affected. This vulnerability affects Firefox ESR < 52.2 and Firefox < 54. |
|
4 |
CVE-2017-5387 |
538 |
|
|
2018-06-11 |
2018-08-07 |
2.1 |
None |
Local |
Low |
Not required |
None |
Partial |
None |
|
The existence of a specifically requested local file can be found due to the double firing of the "onerror" when the "source" attribute on a "<track>" tag refers to a file that does not exist if the source page is loaded locally. This vulnerability affects Firefox < 51. |
|
5 |
CVE-2016-9062 |
200 |
|
+Info |
2018-06-11 |
2018-07-30 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
Private browsing mode leaves metadata information, such as URLs, for sites visited in "browser.db" and "browser.db-wal" files within the Firefox profile after the mode is exited. Note: This issue only affects Firefox for Android. Other versions and operating systems are unaffected. This vulnerability affects Firefox < 50. |
|
6 |
CVE-2016-5294 |
20 |
|
|
2018-06-11 |
2018-07-30 |
2.1 |
None |
Local |
Low |
Not required |
None |
Partial |
None |
|
The Mozilla Updater can be made to choose an arbitrary target working directory for output files resulting from the update process. This vulnerability requires local system access. Note: this issue only affects Windows operating systems. This vulnerability affects Thunderbird < 45.5, Firefox ESR < 45.5, and Firefox < 50. |
|
7 |
CVE-2016-5293 |
20 |
|
|
2018-06-11 |
2018-07-30 |
2.1 |
None |
Local |
Low |
Not required |
None |
Partial |
None |
|
When the Mozilla Updater is run, if the Updater's log file in the working directory points to a hardlink, data can be appended to an arbitrary local file. This vulnerability requires local system access. Note: this issue only affects Windows operating systems. This vulnerability affects Firefox ESR < 45.5 and Firefox < 50. |
|
8 |
CVE-2015-8512 |
284 |
|
|
2016-01-08 |
2016-01-14 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
The lockscreen feature in Mozilla Firefox OS before 2.5 does not properly restrict failed authentication attempts, which makes it easier for physically proximate attackers to obtain access by entering many passcode guesses. |
|
9 |
CVE-2015-8508 |
79 |
|
XSS |
2016-01-03 |
2016-12-07 |
2.6 |
None |
Remote |
High |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in showdependencygraph.cgi in Bugzilla 2.x, 3.x, and 4.x before 4.2.16, 4.3.x and 4.4.x before 4.4.11, and 4.5.x and 5.0.x before 5.0.2, when a local dot configuration is used, allows remote attackers to inject arbitrary web script or HTML via a crafted bug summary. |
|
10 |
CVE-2015-4508 |
254 |
|
|
2015-09-24 |
2016-12-21 |
2.6 |
None |
Remote |
High |
Not required |
None |
Partial |
None |
|
Mozilla Firefox before 41.0, when reader mode is enabled, allows remote attackers to spoof the relationship between address-bar URLs and web content via a crafted web site. |
|
11 |
CVE-2015-2714 |
264 |
|
+Info |
2015-05-14 |
2017-01-02 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
Mozilla Firefox before 38.0 on Android does not properly restrict writing URL data to the Android logging system, which allows attackers to obtain sensitive information via a crafted application that has a required permission for reading a log, as demonstrated by the READ_LOGS permission for the mixed-content violation log on Android 4.0 and earlier. |
|
12 |
CVE-2015-0820 |
284 |
|
Bypass |
2015-02-25 |
2018-10-30 |
2.6 |
None |
Remote |
High |
Not required |
None |
Partial |
None |
|
Mozilla Firefox before 36.0 does not properly restrict transitions of JavaScript objects from a non-extensible state to an extensible state, which allows remote attackers to bypass a Caja Compiler sandbox protection mechanism or a Secure EcmaScript sandbox protection mechanism via a crafted web site. |
|
13 |
CVE-2014-1595 |
199 |
|
+Info |
2014-12-11 |
2016-10-03 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
Mozilla Firefox before 34.0, Firefox ESR 31.x before 31.3, and Thunderbird before 31.3 on Apple OS X 10.10 omit a CoreGraphics disable-logging action that is needed by jemalloc-based applications, which allows local users to obtain sensitive information by reading /tmp files, as demonstrated by credential information. |
|
14 |
CVE-2014-1504 |
264 |
|
XSS |
2014-03-19 |
2016-12-21 |
2.6 |
None |
Remote |
High |
Not required |
None |
Partial |
None |
|
The session-restore feature in Mozilla Firefox before 28.0 and SeaMonkey before 2.25 does not consider the Content Security Policy of a data: URL, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via a crafted document that is accessed after a browser restart. |
|
15 |
CVE-2013-1729 |
200 |
|
+Info |
2013-09-18 |
2013-10-02 |
2.6 |
None |
Remote |
High |
Not required |
Partial |
None |
None |
|
The WebGL implementation in Mozilla Firefox before 24.0, when NVIDIA graphics drivers are used on Mac OS X, allows remote attackers to obtain desktop-screenshot data by reading from a CANVAS element. |
|
16 |
CVE-2012-4930 |
310 |
|
|
2012-09-15 |
2013-01-29 |
2.6 |
None |
Remote |
High |
Not required |
Partial |
None |
None |
|
The SPDY protocol 3 and earlier, as used in Mozilla Firefox, Google Chrome, and other products, can perform TLS encryption of compressed data without properly obfuscating the length of the unencrypted data, which allows man-in-the-middle attackers to obtain plaintext HTTP headers by observing length differences during a series of guesses in which a string in an HTTP request potentially matches an unknown string in an HTTP header, aka a "CRIME" attack. |
|
17 |
CVE-2012-4929 |
310 |
|
|
2012-09-15 |
2018-04-21 |
2.6 |
None |
Remote |
High |
Not required |
Partial |
None |
None |
|
The TLS protocol 1.2 and earlier, as used in Mozilla Firefox, Google Chrome, Qt, and other products, can encrypt compressed data without properly obfuscating the length of the unencrypted data, which allows man-in-the-middle attackers to obtain plaintext HTTP headers by observing length differences during a series of guesses in which a string in an HTTP request potentially matches an unknown string in an HTTP header, aka a "CRIME" attack. |
|
18 |
CVE-2012-1945 |
200 |
|
+Info |
2012-06-05 |
2017-12-28 |
2.9 |
None |
Local Network |
Medium |
Not required |
Partial |
None |
None |
|
Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey before 2.10 allow local users to obtain sensitive information via an HTML document that loads a shortcut (aka .lnk) file for display within an IFRAME element, as demonstrated by a network share implemented by (1) Microsoft Windows or (2) Samba. |
|
19 |
CVE-2012-0475 |
264 |
|
Bypass |
2012-04-25 |
2017-12-18 |
2.6 |
None |
Remote |
High |
Not required |
None |
Partial |
None |
|
Mozilla Firefox 4.x through 11.0, Thunderbird 5.0 through 11.0, and SeaMonkey before 2.9 do not properly construct the Origin and Sec-WebSocket-Origin HTTP headers, which might allow remote attackers to bypass an IPv6 literal ACL via a cross-site (1) XMLHttpRequest or (2) WebSocket operation involving a nonstandard port number and an IPv6 address that contains certain zero fields. |
|
20 |
CVE-2012-0450 |
264 |
|
|
2012-02-01 |
2017-09-18 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
Mozilla Firefox 4.x through 9.0 and SeaMonkey before 2.7 on Linux and Mac OS X set weak permissions for Firefox Recovery Key.html, which might allow local users to read a Firefox Sync key via standard filesystem operations. |
|
21 |
CVE-2011-3649 |
200 |
|
Bypass +Info |
2011-11-09 |
2017-09-18 |
2.6 |
None |
Remote |
High |
Not required |
Partial |
None |
None |
|
Mozilla Firefox 7.0 and Thunderbird 7.0, when the Direct2D (aka D2D) API is used on Windows in conjunction with the Azure graphics back-end, allow remote attackers to bypass the Same Origin Policy, and obtain sensitive image data from a different domain, by inserting this data into a canvas. NOTE: this issue exists because of a CVE-2011-2986 regression. |
|
22 |
CVE-2011-2977 |
|
|
+Info |
2011-08-09 |
2017-08-28 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
Bugzilla 3.6.x before 3.6.6, 3.7.x, 4.0.x before 4.0.2, and 4.1.x before 4.1.3 on Windows does not delete the temporary files associated with uploaded attachments, which allows local users to obtain sensitive information by reading these files. NOTE: this issue exists because of a regression in 3.6. |
|
23 |
CVE-2010-3172 |
94 |
|
Http R.Spl. |
2010-11-05 |
2010-12-16 |
2.6 |
None |
Remote |
High |
Not required |
None |
Partial |
None |
|
CRLF injection vulnerability in Bugzilla before 3.2.9, 3.4.x before 3.4.9, 3.6.x before 3.6.3, and 4.0.x before 4.0rc1, when Server Push is enabled in a web browser, allows remote attackers to inject arbitrary HTTP headers and content, and conduct HTTP response splitting attacks, via a crafted URL. |
|
24 |
CVE-2010-2751 |
264 |
|
|
2010-07-30 |
2017-09-18 |
2.6 |
None |
Remote |
High |
Not required |
None |
Partial |
None |
|
The nsDocShell::OnRedirectStateChange function in docshell/base/nsDocShell.cpp in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, and SeaMonkey before 2.0.6, allows remote attackers to spoof the SSL security status of a document via vectors involving multiple requests, a redirect, and the history.back and history.forward JavaScript functions. |
|
25 |
CVE-2009-0354 |
79 |
|
XSS Bypass |
2009-02-04 |
2017-09-28 |
2.6 |
None |
Remote |
High |
Not required |
None |
Partial |
None |
|
Cross-domain vulnerability in js/src/jsobj.cpp in Mozilla Firefox 3.x before 3.0.6 allows remote attackers to bypass the Same Origin Policy, and access the properties of an arbitrary window and conduct cross-site scripting (XSS) attacks, via vectors involving a chrome XBL method and the window.eval function. |
|
26 |
CVE-2009-0071 |
399 |
|
DoS |
2009-01-08 |
2017-09-28 |
2.6 |
None |
Remote |
High |
Not required |
None |
None |
Partial |
|
Mozilla Firefox 3.0.5 and earlier 3.0.x versions, when designMode is enabled, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a certain (a) replaceChild or (b) removeChild call, followed by a (1) queryCommandValue, (2) queryCommandState, or (3) queryCommandIndeterm call. NOTE: it was later reported that 3.0.6 and 3.0.7 are also affected. |
|
27 |
CVE-2008-7292 |
200 |
|
+Info |
2011-08-09 |
2012-08-02 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
Bugzilla 2.20.x before 2.20.5, 2.22.x before 2.22.3, and 3.0.x before 3.0.3 on Windows does not delete the temporary files associated with uploaded attachments, which allows local users to obtain sensitive information by reading these files, a different vulnerability than CVE-2011-2977. |
|
28 |
CVE-2008-5503 |
|
|
|
2008-12-17 |
2018-10-03 |
2.6 |
None |
Remote |
High |
Not required |
Partial |
None |
None |
|
The loadBindingDocument function in Mozilla Firefox 2.x before 2.0.0.19, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 does not perform any security checks related to the same-domain policy, which allows remote attackers to read or access data from other domains via crafted XBL bindings. |
|
29 |
CVE-2008-2933 |
20 |
|
|
2008-07-17 |
2018-10-11 |
2.6 |
None |
Remote |
High |
Not required |
Partial |
None |
None |
|
Mozilla Firefox before 2.0.0.16, and 3.x before 3.0.1, interprets '|' (pipe) characters in a command-line URI as requests to open multiple tabs, which allows remote attackers to access chrome:i URIs, or read arbitrary local files via manipulations involving a series of URIs that is not entirely handled by a vector application, as exploited in conjunction with CVE-2008-2540. NOTE: this issue exists because of an insufficient fix for CVE-2005-2267. |
|
30 |
CVE-2007-5414 |
79 |
|
XSS |
2007-10-12 |
2018-10-15 |
2.6 |
None |
Remote |
High |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in Mozilla Firefox before 2.0, when UTF-7 document content is rendered directly in UTF-7, allows remote attackers to inject arbitrary web script or HTML via a gopher URI that uses single quote characters to delimit a literal string within an XSS sequence, a related issue to CVE-2007-5415. |
|
31 |
CVE-2006-5455 |
|
|
CSRF |
2006-10-23 |
2018-10-17 |
2.6 |
None |
Remote |
High |
Not required |
None |
Partial |
None |
|
Cross-site request forgery (CSRF) vulnerability in editversions.cgi in Bugzilla before 2.22.1 and 2.23.x before 2.23.3 allows user-assisted remote attackers to create, modify, or delete arbitrary bug reports via a crafted URL. |
|
32 |
CVE-2006-4570 |
|
|
Bypass |
2006-09-15 |
2017-10-10 |
2.6 |
None |
Remote |
High |
Not required |
None |
Partial |
None |
|
Mozilla Thunderbird before 1.5.0.7 and SeaMonkey before 1.0.5, with "Load Images" enabled, allows remote user-assisted attackers to bypass settings that disable JavaScript via a remote XBL file in a message that is loaded when the user views, forwards, or replies to the original message. |
|
33 |
CVE-2006-4569 |
|
|
XSS |
2006-09-15 |
2018-10-17 |
2.6 |
None |
Remote |
High |
Not required |
None |
Partial |
None |
|
The popup blocker in Mozilla Firefox before 1.5.0.7 opens the "blocked popups" display in the context of the Location bar instead of the subframe from which the popup originated, which might make it easier for remote user-assisted attackers to conduct cross-site scripting (XSS) attacks. |
|
34 |
CVE-2006-4567 |
|
|
|
2006-09-15 |
2018-10-17 |
2.6 |
None |
Remote |
High |
Not required |
None |
Partial |
None |
|
Mozilla Firefox before 1.5.0.7 and Thunderbird before 1.5.0.7 makes it easy for users to accept self-signed certificates for the auto-update mechanism, which might allow remote user-assisted attackers to use DNS spoofing to trick users into visiting a malicious site and accepting a malicious certificate for the Mozilla update site, which can then be used to install arbitrary code on the next update. |
|
35 |
CVE-2006-3812 |
|
|
|
2006-07-28 |
2018-10-17 |
2.6 |
None |
Remote |
High |
Not required |
None |
Partial |
None |
|
Mozilla Firefox before 1.5.0.5, Thunderbird before 1.5.0.5, and SeaMonkey before 1.0.3 allows remote attackers to reference remote files and possibly load chrome: URLs by tricking the user into copying or dragging links. |
|
36 |
CVE-2006-3731 |
|
|
DoS |
2006-07-21 |
2018-10-17 |
2.6 |
None |
Remote |
High |
Not required |
None |
None |
Partial |
|
Mozilla Firefox 1.5.0.4 and earlier allows remote user-assisted attackers to cause a denial of service (crash) via a form with a multipart/form-data encoding and a user-uploaded file. NOTE: a third party has claimed that this issue might be related to the LiveHTTPHeaders extension. |
|
37 |
CVE-2006-2786 |
|
|
|
2006-06-02 |
2018-10-18 |
2.6 |
None |
Remote |
High |
Not required |
None |
Partial |
None |
|
HTTP response smuggling vulnerability in Mozilla Firefox and Thunderbird before 1.5.0.4, when used with certain proxy servers, allows remote attackers to cause Firefox to interpret certain responses as if they were responses from two different sites via (1) invalid HTTP response headers with spaces between the header name and the colon, which might not be ignored in some cases, or (2) HTTP 1.1 headers through an HTTP 1.0 proxy, which are ignored by the proxy but processed by the client. |
|
38 |
CVE-2006-2538 |
|
|
DoS |
2006-05-22 |
2018-10-18 |
2.6 |
None |
Remote |
High |
Not required |
None |
None |
Partial |
|
IE Tab 1.0.9 plugin for Mozilla Firefox 1.5.0.3 allows remote user-assisted attackers to cause a denial of service (application crash), possibly due to a null dereference, via certain Javascript, as demonstrated using a url parameter to the content/reloaded.html page in a chrome:// URI. Some third-party researchers claim that they are unable to reproduce this vulnerability. |
|
39 |
CVE-2006-2332 |
|
|
DoS |
2006-05-11 |
2018-10-18 |
2.6 |
None |
Remote |
High |
Not required |
None |
None |
Partial |
|
Mozilla Firefox 1.5.0.3 allows remote attackers to cause a denial of service via a web page with a large number of IMG elements in which the SRC attribute is a mailto URI. NOTE: another researcher found that the web page caused a temporary browser slowdown instead of a crash. |
|
40 |
CVE-2006-1740 |
|
|
|
2006-04-14 |
2018-10-18 |
2.6 |
None |
Remote |
High |
Not required |
None |
Partial |
None |
|
Mozilla Firefox 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to spoof secure site indicators such as the locked icon by opening the trusted site in a popup window, then changing the location to a malicious site. |
|
41 |
CVE-2006-1736 |
|
|
|
2006-04-14 |
2018-10-18 |
2.6 |
None |
Remote |
High |
Not required |
None |
Partial |
None |
|
Mozilla Firefox 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to trick users into downloading and saving an executable file via an image that is overlaid by a transparent image link that points to the executable, which causes the executable to be saved when the user clicks the "Save image as..." option. NOTE: this attack is made easier due to a GUI truncation issue that prevents the user from seeing the malicious extension when there is extra whitespace in the filename. |
|
42 |
CVE-2006-1725 |
264 |
|
|
2006-04-14 |
2018-10-18 |
2.6 |
None |
Remote |
High |
Not required |
None |
Partial |
None |
|
Mozilla Firefox 1.5 before 1.5.0.2 and SeaMonkey before 1.0.1 causes certain windows to become translucent due to an interaction between XUL content windows and the history mechanism, which might allow user-assisted remote attackers to trick users into executing arbitrary code. |
|
43 |
CVE-2006-1045 |
|
|
+Info |
2006-03-07 |
2018-10-18 |
2.6 |
None |
Remote |
High |
Not required |
Partial |
None |
None |
|
The HTML rendering engine in Mozilla Thunderbird 1.5, when "Block loading of remote images in mail messages" is enabled, does not properly block external images from inline HTML attachments, which could allow remote attackers to obtain sensitive information, such as application version or IP address, when the user reads the email and the external image is accessed. |
|
44 |
CVE-2006-0836 |
|
|
DoS |
2006-02-21 |
2018-10-18 |
2.6 |
None |
Remote |
High |
Not required |
None |
None |
Partial |
|
Mozilla Thunderbird 1.5 allows user-assisted attackers to cause an unspecified denial of service by tricking the user into importing an LDIF file with a long field into the address book, as demonstrated by a long homePhone field. |
|
45 |
CVE-2005-3402 |
|
|
Bypass +Info |
2005-11-01 |
2016-10-17 |
2.6 |
None |
Remote |
High |
Not required |
Partial |
None |
None |
|
The SMTP client in Mozilla Thunderbird 1.0.5 BETA, 1.0.7, and possibly other versions, does not notify users when it cannot establish a secure channel with the server, which allows remote attackers to obtain authentication information without detection via a man-in-the-middle (MITM) attack that bypasses TLS authentication or downgrades CRAM-MD5 authentication to plain authentication. |
|
46 |
CVE-2005-3089 |
|
|
DoS |
2005-09-28 |
2017-10-10 |
2.6 |
None |
Remote |
High |
Not required |
None |
None |
Partial |
|
Firefox 1.0.6 allows attackers to cause a denial of service (crash) via a Proxy Auto-Config (PAC) script that uses an eval statement. NOTE: it is not clear whether an untrusted party has any role in triggering this issue, so it might not be a vulnerability. |
|
47 |
CVE-2005-2602 |
|
|
|
2005-08-17 |
2008-09-05 |
2.6 |
None |
Remote |
High |
Not required |
None |
Partial |
None |
|
Mozilla Thunderbird 1.0 and Firefox 1.0.6 allows remote attackers to obfuscate URIs via a long URI, which causes the address bar to go blank and could facilitate phishing attacks. |
|
48 |
CVE-2005-2353 |
|
|
|
2005-08-05 |
2018-10-03 |
2.1 |
None |
Local |
Low |
Not required |
None |
Partial |
None |
|
run-mozilla.sh in Thunderbird, with debugging enabled, allows local users to create or overwrite arbitrary files via a symlink attack on temporary files. |
|
49 |
CVE-2005-2268 |
|
|
|
2005-07-13 |
2017-10-10 |
2.6 |
None |
Remote |
High |
Not required |
None |
Partial |
None |
|
Firefox before 1.0.5 and Mozilla before 1.7.9 does not clearly associate a Javascript dialog box with the web page that generated it, which allows remote attackers to spoof a dialog box from a trusted site and facilitates phishing attacks, aka the "Dialog Origin Spoofing Vulnerability." |
|
50 |
CVE-2005-2174 |
|
|
|
2005-07-08 |
2008-09-05 |
2.6 |
None |
Remote |
High |
Not required |
Partial |
None |
None |
|
Bugzilla 2.17.x, 2.18 before 2.18.2, 2.19.x, and 2.20 before 2.20rc1 inserts a bug into the database before it is marked private, which introduces a race condition and allows attackers to access information about the bug via buglist.cgi before MySQL replication is complete. |
