Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Firefox
(Mozilla)| Repositories |
• https://github.com/libevent/libevent
• https://github.com/khaledhosny/ots |
| #Vulnerabilities | 2671 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2024-08-06 | CVE-2024-7519 | Insufficient checks when processing graphics shared memory could have led to memory corruption. This could be leveraged by an attacker to perform a sandbox escape. This vulnerability affects Firefox < 129, Firefox ESR < 115.14, Firefox ESR < 128.1, Thunderbird < 128.1, and Thunderbird < 115.14. | Firefox, Firefox_esr, Thunderbird | 9.6 | ||
| 2024-08-06 | CVE-2024-7520 | A type confusion bug in WebAssembly could be leveraged by an attacker to potentially achieve code execution. This vulnerability affects Firefox < 129, Firefox ESR < 128.1, and Thunderbird < 128.1. | Firefox, Firefox_esr, Thunderbird | 8.8 | ||
| 2024-08-06 | CVE-2024-7521 | Incomplete WebAssembly exception handing could have led to a use-after-free. This vulnerability affects Firefox < 129, Firefox ESR < 115.14, Firefox ESR < 128.1, Thunderbird < 128.1, and Thunderbird < 115.14. | Firefox, Firefox_esr, Thunderbird | 8.8 | ||
| 2024-08-06 | CVE-2024-7522 | Editor code failed to check an attribute value. This could have led to an out-of-bounds read. This vulnerability affects Firefox < 129, Firefox ESR < 115.14, Firefox ESR < 128.1, Thunderbird < 128.1, and Thunderbird < 115.14. | Firefox, Firefox_esr, Thunderbird | 8.8 | ||
| 2024-08-06 | CVE-2024-7525 | It was possible for a web extension with minimal permissions to create a `StreamFilter` which could be used to read and modify the response body of requests on any site. This vulnerability affects Firefox < 129, Firefox ESR < 115.14, Firefox ESR < 128.1, Thunderbird < 128.1, and Thunderbird < 115.14. | Firefox, Firefox_esr, Thunderbird | 8.1 | ||
| 2024-08-06 | CVE-2024-7528 | Incorrect garbage collection interaction in IndexedDB could have led to a use-after-free. This vulnerability affects Firefox < 129, Firefox ESR < 128.1, and Thunderbird < 128.1. | Firefox, Firefox_esr, Thunderbird | 8.8 | ||
| 2024-08-06 | CVE-2024-7529 | The date picker could partially obscure security prompts. This could be used by a malicious site to trick a user into granting permissions. This vulnerability affects Firefox < 129, Firefox ESR < 115.14, Firefox ESR < 128.1, Thunderbird < 128.1, and Thunderbird < 115.14. | Firefox, Firefox_esr, Thunderbird | 6.5 | ||
| 2024-08-06 | CVE-2024-7530 | Incorrect garbage collection interaction could have led to a use-after-free. This vulnerability affects Firefox < 129. | Firefox | 8.8 | ||
| 2004-12-31 | CVE-2004-2657 | Mozilla Firefox 1.5.0.1, and possibly other versions, preserves some records of user activity even after uninstalling, which allows local users who share a Windows profile to view the records after a new installation of Firefox, as reported for the list of Passwords Never Saved web sites. NOTE: The vendor has disputed this issue, stating that "The uninstaller is primarily there to uninstall the application. It is not there to uninstall user data. For the moment I will stick by my... | Firefox | N/A | ||
| 2006-10-05 | CVE-2006-5159 | Stack-based buffer overflow in Mozilla Firefox allows remote attackers to execute arbitrary code via unspecified vectors involving JavaScript. NOTE: the vendor and original researchers have released a follow-up comment disputing the severity of this issue, in which the researcher states that "we mentioned that there was a previously known Firefox vulnerability that could result in a stack overflow ending up in remote code execution. However, the code we presented did not in fact do this...... | Firefox | N/A |