Firefox - Vulncode-DB

Note:

This project will be discontinued after December 13, 2021. [more]

Product:
Firefox
(Mozilla)

Repositories	• https://github.com/libevent/libevent • https://github.com/khaledhosny/ots
#Vulnerabilities	2544

Date	Id	Summary	Products	Score	Patch	Annotated
2013-01-13	CVE-2013-0754	Use-after-free vulnerability in the ListenerManager implementation in Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.2, and SeaMonkey before 2.15 allows remote attackers to execute arbitrary code via vectors involving the triggering of garbage collection after memory allocation for listener objects.	Ubuntu_linux, Firefox, Firefox_esr, Seamonkey, Thunderbird, Thunderbird_esr, Opensuse, Enterprise_linux_desktop, Enterprise_linux_eus, Enterprise_linux_server, Enterprise_linux_server_aus, Enterprise_linux_workstation, Linux_enterprise_desktop, Linux_enterprise_server, Linux_enterprise_software_development_kit	N/A
2014-02-06	CVE-2014-1491	Mozilla Network Security Services (NSS) before 3.15.4, as used in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, SeaMonkey before 2.24, and other products, does not properly restrict public values in Diffie-Hellman key exchanges, which makes it easier for remote attackers to bypass cryptographic protection mechanisms in ticket handling by leveraging use of a certain value.	Ubuntu_linux, Debian_linux, Fedora, Firefox, Firefox_esr, Network_security_services, Seamonkey, Thunderbird, Opensuse, Enterprise_manager_ops_center, Vm_server, Linux_enterprise_desktop, Linux_enterprise_server, Linux_enterprise_software_development_kit	N/A
2020-07-09	CVE-2020-12414	IndexedDB should be cleared when leaving private browsing mode and it is not, the API for WKWebViewConfiguration was being used incorrectly and requires the private instance of this object be deleted when leaving private mode. This vulnerability affects Firefox for iOS < 27.	Firefox	N/A
2020-07-09	CVE-2020-12412	By navigating a tab using the history API, an attacker could cause the address bar to display the incorrect domain (with the https:// scheme, a blocked port number such as '1', and without a lock icon) while controlling the page contents. This vulnerability affects Firefox < 70.	Firefox	N/A
2020-07-09	CVE-2020-12409	When using certain blank characters in a URL, they where incorrectly rendered as spaces instead of an encoded URL. This vulnerability affects Firefox < 77.	Firefox	N/A
2020-07-09	CVE-2018-12371	An integer overflow vulnerability in the Skia library when allocating memory for edge builders on some systems with at least 16 GB of RAM. This results in the use of uninitialized memory, resulting in a potentially exploitable crash. This vulnerability affects Firefox ESR < 60.1, Thunderbird < 60, and Firefox < 61.	Firefox, Firefox_esr, Thunderbird	N/A
2011-03-11	CVE-2011-1187	Google Chrome before 10.0.648.127 allows remote attackers to bypass the Same Origin Policy via unspecified vectors, related to an "error message leak."	Chrome, Firefox, Seamonkey, Thunderbird	N/A
2020-05-26	CVE-2020-12390	Incorrect origin serialization of URLs with IPv6 addresses could lead to incorrect security checks. This vulnerability affects Firefox < 76.	Firefox	N/A
2020-05-26	CVE-2020-6830	For native-to-JS bridging, the app requires a unique token to be passed that ensures non-app code can't call the bridging functions. That token was being used for JS-to-native also, but it isn't needed in this case, and its usage was also leaking this token. This vulnerability affects Firefox for iOS < 25.	Firefox	N/A
2020-05-26	CVE-2020-12389	The Firefox content processes did not sufficiently lockdown access control which could result in a sandbox escape. Note: this issue only affects Firefox on Windows operating systems.. This vulnerability affects Firefox ESR < 68.8 and Firefox < 76.	Firefox, Firefox_esr	N/A