Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Firefox
(Mozilla)| Repositories |
• https://github.com/libevent/libevent
• https://github.com/khaledhosny/ots |
| #Vulnerabilities | 2689 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2023-09-12 | CVE-2023-4863 | Heap buffer overflow in libwebp in Google Chrome prior to 116.0.5845.187 and libwebp 1.3.2 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: Critical) | Honeyview, Seequent_leapfrog, Debian_linux, Fedora, Chrome, Edge_chromium, Teams, Webp_image_extension, Firefox, Thunderbird, Active_iq_unified_manager, Libwebp | 8.8 | ||
| 2024-05-14 | CVE-2024-4367 | A type check was missing when handling fonts in PDF.js, which would allow arbitrary JavaScript execution in the PDF.js context. This vulnerability affects Firefox < 126, Firefox ESR < 115.11, and Thunderbird < 115.11. | Debian_linux, Firefox, Thunderbird, Open\-Xchange_appsuite_frontend | 8.8 | ||
| 2024-05-14 | CVE-2024-4777 | Memory safety bugs present in Firefox 125, Firefox ESR 115.10, and Thunderbird 115.10. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 126, Firefox ESR < 115.11, and Thunderbird < 115.11. | Debian_linux, Firefox, Thunderbird | 8.8 | ||
| 2024-06-11 | CVE-2024-5697 | A website was able to detect when a user took a screenshot of a page using the built-in Screenshot functionality in Firefox. This vulnerability affects Firefox < 127. | Firefox | 4.3 | ||
| 2024-07-09 | CVE-2024-6609 | When almost out-of-memory an elliptic curve key which was never allocated could have been freed again. This vulnerability affects Firefox < 128 and Thunderbird < 128. | Firefox, Thunderbird | 8.8 | ||
| 2022-12-22 | CVE-2022-26485 | Removing an XSLT parameter during processing could have lead to an exploitable use-after-free. We have had reports of attacks in the wild abusing this flaw. This vulnerability affects Firefox < 97.0.2, Firefox ESR < 91.6.1, Firefox for Android < 97.3.0, Thunderbird < 91.6.2, and Focus < 97.3.0. | Firefox, Firefox_esr, Firefox_focus, Thunderbird | 8.8 | ||
| 2024-03-19 | CVE-2024-2613 | Data was not properly sanitized when decoding a QUIC ACK frame; this could have led to unrestricted memory consumption and a crash. This vulnerability affects Firefox < 124. | Firefox | 7.5 | ||
| 2024-03-19 | CVE-2024-2614 | Memory safety bugs present in Firefox 123, Firefox ESR 115.8, and Thunderbird 115.8. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 124, Firefox ESR < 115.9, and Thunderbird < 115.9. | Debian_linux, Firefox, Thunderbird | 8.8 | ||
| 2024-03-19 | CVE-2024-2616 | To harden ICU against exploitation, the behavior for out-of-memory conditions was changed to crash instead of attempt to continue. This vulnerability affects Firefox ESR < 115.9 and Thunderbird < 115.9. | Firefox, Thunderbird | 2.7 | ||
| 2023-06-19 | CVE-2023-34416 | Memory safety bugs present in Firefox 113, Firefox ESR 102.11, and Thunderbird 102.12. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR < 102.12, Firefox < 114, and Thunderbird < 102.12. | Firefox, Firefox_esr, Thunderbird | 9.8 |