Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2015-0836

Summary
Assigner-mozilla
Assigner Org ID-f16b083a-5664-49f3-a51e-8d479e5ed7fe
Published At-25 Feb, 2015 | 11:00
Updated At-06 Aug, 2024 | 04:26
Rejected At-
Credits

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 36.0, Firefox ESR 31.x before 31.5, and Thunderbird before 31.5 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mozilla
Assigner Org ID:f16b083a-5664-49f3-a51e-8d479e5ed7fe
Published At:25 Feb, 2015 | 11:00
Updated At:06 Aug, 2024 | 04:26
Rejected At:
▼CVE Numbering Authority (CNA)

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 36.0, Firefox ESR 31.x before 31.5, and Thunderbird before 31.5 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://bugzilla.mozilla.org/show_bug.cgi?id=1117406
x_refsource_CONFIRM
http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00006.html
vendor-advisory
x_refsource_SUSE
https://bugzilla.mozilla.org/show_bug.cgi?id=1115776
x_refsource_CONFIRM
https://bugzilla.mozilla.org/show_bug.cgi?id=1107009
x_refsource_CONFIRM
http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00007.html
vendor-advisory
x_refsource_SUSE
http://rhn.redhat.com/errata/RHSA-2015-0642.html
vendor-advisory
x_refsource_REDHAT
http://www.securityfocus.com/bid/72742
vdb-entry
x_refsource_BID
http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00008.html
vendor-advisory
x_refsource_SUSE
http://www.mozilla.org/security/announce/2015/mfsa2015-11.html
x_refsource_CONFIRM
http://www.ubuntu.com/usn/USN-2506-1
vendor-advisory
x_refsource_UBUNTU
http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00026.html
vendor-advisory
x_refsource_SUSE
https://security.gentoo.org/glsa/201504-01
vendor-advisory
x_refsource_GENTOO
http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00000.html
vendor-advisory
x_refsource_SUSE
http://rhn.redhat.com/errata/RHSA-2015-0265.html
vendor-advisory
x_refsource_REDHAT
http://www.securitytracker.com/id/1031792
vdb-entry
x_refsource_SECTRACK
https://bugzilla.mozilla.org/show_bug.cgi?id=1128196
x_refsource_CONFIRM
http://www.debian.org/security/2015/dsa-3174
vendor-advisory
x_refsource_DEBIAN
https://bugzilla.mozilla.org/show_bug.cgi?id=1111248
x_refsource_CONFIRM
https://bugzilla.mozilla.org/show_bug.cgi?id=1111243
x_refsource_CONFIRM
http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html
x_refsource_CONFIRM
https://bugzilla.mozilla.org/show_bug.cgi?id=1119579
x_refsource_CONFIRM
http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00031.html
vendor-advisory
x_refsource_SUSE
http://www.debian.org/security/2015/dsa-3179
vendor-advisory
x_refsource_DEBIAN
https://bugzilla.mozilla.org/show_bug.cgi?id=1096138
x_refsource_CONFIRM
http://rhn.redhat.com/errata/RHSA-2015-0266.html
vendor-advisory
x_refsource_REDHAT
http://www.securitytracker.com/id/1031791
vdb-entry
x_refsource_SECTRACK
https://bugzilla.mozilla.org/show_bug.cgi?id=1123882
x_refsource_CONFIRM
http://lists.opensuse.org/opensuse-updates/2015-03/msg00067.html
vendor-advisory
x_refsource_SUSE
http://www.ubuntu.com/usn/USN-2505-1
vendor-advisory
x_refsource_UBUNTU
http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00001.html
vendor-advisory
x_refsource_SUSE
https://bugzilla.mozilla.org/show_bug.cgi?id=1124018
x_refsource_CONFIRM
Hyperlink: https://bugzilla.mozilla.org/show_bug.cgi?id=1117406
Resource:
x_refsource_CONFIRM
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00006.html
Resource:
vendor-advisory
x_refsource_SUSE
Hyperlink: https://bugzilla.mozilla.org/show_bug.cgi?id=1115776
Resource:
x_refsource_CONFIRM
Hyperlink: https://bugzilla.mozilla.org/show_bug.cgi?id=1107009
Resource:
x_refsource_CONFIRM
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00007.html
Resource:
vendor-advisory
x_refsource_SUSE
Hyperlink: http://rhn.redhat.com/errata/RHSA-2015-0642.html
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: http://www.securityfocus.com/bid/72742
Resource:
vdb-entry
x_refsource_BID
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00008.html
Resource:
vendor-advisory
x_refsource_SUSE
Hyperlink: http://www.mozilla.org/security/announce/2015/mfsa2015-11.html
Resource:
x_refsource_CONFIRM
Hyperlink: http://www.ubuntu.com/usn/USN-2506-1
Resource:
vendor-advisory
x_refsource_UBUNTU
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00026.html
Resource:
vendor-advisory
x_refsource_SUSE
Hyperlink: https://security.gentoo.org/glsa/201504-01
Resource:
vendor-advisory
x_refsource_GENTOO
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00000.html
Resource:
vendor-advisory
x_refsource_SUSE
Hyperlink: http://rhn.redhat.com/errata/RHSA-2015-0265.html
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: http://www.securitytracker.com/id/1031792
Resource:
vdb-entry
x_refsource_SECTRACK
Hyperlink: https://bugzilla.mozilla.org/show_bug.cgi?id=1128196
Resource:
x_refsource_CONFIRM
Hyperlink: http://www.debian.org/security/2015/dsa-3174
Resource:
vendor-advisory
x_refsource_DEBIAN
Hyperlink: https://bugzilla.mozilla.org/show_bug.cgi?id=1111248
Resource:
x_refsource_CONFIRM
Hyperlink: https://bugzilla.mozilla.org/show_bug.cgi?id=1111243
Resource:
x_refsource_CONFIRM
Hyperlink: http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html
Resource:
x_refsource_CONFIRM
Hyperlink: https://bugzilla.mozilla.org/show_bug.cgi?id=1119579
Resource:
x_refsource_CONFIRM
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00031.html
Resource:
vendor-advisory
x_refsource_SUSE
Hyperlink: http://www.debian.org/security/2015/dsa-3179
Resource:
vendor-advisory
x_refsource_DEBIAN
Hyperlink: https://bugzilla.mozilla.org/show_bug.cgi?id=1096138
Resource:
x_refsource_CONFIRM
Hyperlink: http://rhn.redhat.com/errata/RHSA-2015-0266.html
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: http://www.securitytracker.com/id/1031791
Resource:
vdb-entry
x_refsource_SECTRACK
Hyperlink: https://bugzilla.mozilla.org/show_bug.cgi?id=1123882
Resource:
x_refsource_CONFIRM
Hyperlink: http://lists.opensuse.org/opensuse-updates/2015-03/msg00067.html
Resource:
vendor-advisory
x_refsource_SUSE
Hyperlink: http://www.ubuntu.com/usn/USN-2505-1
Resource:
vendor-advisory
x_refsource_UBUNTU
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00001.html
Resource:
vendor-advisory
x_refsource_SUSE
Hyperlink: https://bugzilla.mozilla.org/show_bug.cgi?id=1124018
Resource:
x_refsource_CONFIRM
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://bugzilla.mozilla.org/show_bug.cgi?id=1117406
x_refsource_CONFIRM
x_transferred
http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00006.html
vendor-advisory
x_refsource_SUSE
x_transferred
https://bugzilla.mozilla.org/show_bug.cgi?id=1115776
x_refsource_CONFIRM
x_transferred
https://bugzilla.mozilla.org/show_bug.cgi?id=1107009
x_refsource_CONFIRM
x_transferred
http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00007.html
vendor-advisory
x_refsource_SUSE
x_transferred
http://rhn.redhat.com/errata/RHSA-2015-0642.html
vendor-advisory
x_refsource_REDHAT
x_transferred
http://www.securityfocus.com/bid/72742
vdb-entry
x_refsource_BID
x_transferred
http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00008.html
vendor-advisory
x_refsource_SUSE
x_transferred
http://www.mozilla.org/security/announce/2015/mfsa2015-11.html
x_refsource_CONFIRM
x_transferred
http://www.ubuntu.com/usn/USN-2506-1
vendor-advisory
x_refsource_UBUNTU
x_transferred
http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00026.html
vendor-advisory
x_refsource_SUSE
x_transferred
https://security.gentoo.org/glsa/201504-01
vendor-advisory
x_refsource_GENTOO
x_transferred
http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00000.html
vendor-advisory
x_refsource_SUSE
x_transferred
http://rhn.redhat.com/errata/RHSA-2015-0265.html
vendor-advisory
x_refsource_REDHAT
x_transferred
http://www.securitytracker.com/id/1031792
vdb-entry
x_refsource_SECTRACK
x_transferred
https://bugzilla.mozilla.org/show_bug.cgi?id=1128196
x_refsource_CONFIRM
x_transferred
http://www.debian.org/security/2015/dsa-3174
vendor-advisory
x_refsource_DEBIAN
x_transferred
https://bugzilla.mozilla.org/show_bug.cgi?id=1111248
x_refsource_CONFIRM
x_transferred
https://bugzilla.mozilla.org/show_bug.cgi?id=1111243
x_refsource_CONFIRM
x_transferred
http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html
x_refsource_CONFIRM
x_transferred
https://bugzilla.mozilla.org/show_bug.cgi?id=1119579
x_refsource_CONFIRM
x_transferred
http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00031.html
vendor-advisory
x_refsource_SUSE
x_transferred
http://www.debian.org/security/2015/dsa-3179
vendor-advisory
x_refsource_DEBIAN
x_transferred
https://bugzilla.mozilla.org/show_bug.cgi?id=1096138
x_refsource_CONFIRM
x_transferred
http://rhn.redhat.com/errata/RHSA-2015-0266.html
vendor-advisory
x_refsource_REDHAT
x_transferred
http://www.securitytracker.com/id/1031791
vdb-entry
x_refsource_SECTRACK
x_transferred
https://bugzilla.mozilla.org/show_bug.cgi?id=1123882
x_refsource_CONFIRM
x_transferred
http://lists.opensuse.org/opensuse-updates/2015-03/msg00067.html
vendor-advisory
x_refsource_SUSE
x_transferred
http://www.ubuntu.com/usn/USN-2505-1
vendor-advisory
x_refsource_UBUNTU
x_transferred
http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00001.html
vendor-advisory
x_refsource_SUSE
x_transferred
https://bugzilla.mozilla.org/show_bug.cgi?id=1124018
x_refsource_CONFIRM
x_transferred
Hyperlink: https://bugzilla.mozilla.org/show_bug.cgi?id=1117406
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00006.html
Resource:
vendor-advisory
x_refsource_SUSE
x_transferred
Hyperlink: https://bugzilla.mozilla.org/show_bug.cgi?id=1115776
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: https://bugzilla.mozilla.org/show_bug.cgi?id=1107009
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00007.html
Resource:
vendor-advisory
x_refsource_SUSE
x_transferred
Hyperlink: http://rhn.redhat.com/errata/RHSA-2015-0642.html
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: http://www.securityfocus.com/bid/72742
Resource:
vdb-entry
x_refsource_BID
x_transferred
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00008.html
Resource:
vendor-advisory
x_refsource_SUSE
x_transferred
Hyperlink: http://www.mozilla.org/security/announce/2015/mfsa2015-11.html
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://www.ubuntu.com/usn/USN-2506-1
Resource:
vendor-advisory
x_refsource_UBUNTU
x_transferred
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00026.html
Resource:
vendor-advisory
x_refsource_SUSE
x_transferred
Hyperlink: https://security.gentoo.org/glsa/201504-01
Resource:
vendor-advisory
x_refsource_GENTOO
x_transferred
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00000.html
Resource:
vendor-advisory
x_refsource_SUSE
x_transferred
Hyperlink: http://rhn.redhat.com/errata/RHSA-2015-0265.html
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: http://www.securitytracker.com/id/1031792
Resource:
vdb-entry
x_refsource_SECTRACK
x_transferred
Hyperlink: https://bugzilla.mozilla.org/show_bug.cgi?id=1128196
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://www.debian.org/security/2015/dsa-3174
Resource:
vendor-advisory
x_refsource_DEBIAN
x_transferred
Hyperlink: https://bugzilla.mozilla.org/show_bug.cgi?id=1111248
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: https://bugzilla.mozilla.org/show_bug.cgi?id=1111243
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: https://bugzilla.mozilla.org/show_bug.cgi?id=1119579
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00031.html
Resource:
vendor-advisory
x_refsource_SUSE
x_transferred
Hyperlink: http://www.debian.org/security/2015/dsa-3179
Resource:
vendor-advisory
x_refsource_DEBIAN
x_transferred
Hyperlink: https://bugzilla.mozilla.org/show_bug.cgi?id=1096138
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://rhn.redhat.com/errata/RHSA-2015-0266.html
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: http://www.securitytracker.com/id/1031791
Resource:
vdb-entry
x_refsource_SECTRACK
x_transferred
Hyperlink: https://bugzilla.mozilla.org/show_bug.cgi?id=1123882
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://lists.opensuse.org/opensuse-updates/2015-03/msg00067.html
Resource:
vendor-advisory
x_refsource_SUSE
x_transferred
Hyperlink: http://www.ubuntu.com/usn/USN-2505-1
Resource:
vendor-advisory
x_refsource_UBUNTU
x_transferred
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00001.html
Resource:
vendor-advisory
x_refsource_SUSE
x_transferred
Hyperlink: https://bugzilla.mozilla.org/show_bug.cgi?id=1124018
Resource:
x_refsource_CONFIRM
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:security@mozilla.org
Published At:25 Feb, 2015 | 11:59
Updated At:12 Apr, 2025 | 10:46

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 36.0, Firefox ESR 31.x before 31.5, and Thunderbird before 31.5 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary2.07.5HIGH
AV:N/AC:L/Au:N/C:P/I:P/A:P
Type: Primary
Version: 2.0
Base score: 7.5
Base severity: HIGH
Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P
CPE Matches
Mozilla Corporation
mozilla
>>firefox>>31.0
cpe:2.3:a:mozilla:firefox:31.0:*:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>firefox>>31.1.1
cpe:2.3:a:mozilla:firefox:31.1.1:*:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>firefox_esr>>31.1
cpe:2.3:a:mozilla:firefox_esr:31.1:*:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>firefox_esr>>31.2
cpe:2.3:a:mozilla:firefox_esr:31.2:*:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>firefox_esr>>31.3
cpe:2.3:a:mozilla:firefox_esr:31.3:*:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>firefox_esr>>31.4
cpe:2.3:a:mozilla:firefox_esr:31.4:*:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>firefox_esr>>31.5
cpe:2.3:a:mozilla:firefox_esr:31.5:*:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>thunderbird>>Versions up to 31.4(inclusive)
cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>thunderbird>>31.0
cpe:2.3:a:mozilla:thunderbird:31.0:*:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>thunderbird>>31.1.2
cpe:2.3:a:mozilla:thunderbird:31.1.2:*:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>thunderbird>>31.2
cpe:2.3:a:mozilla:thunderbird:31.2:*:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>thunderbird>>31.3
cpe:2.3:a:mozilla:thunderbird:31.3:*:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>firefox>>Versions up to 35.0.1(inclusive)
cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>firefox>>0.1
cpe:2.3:a:mozilla:firefox:0.1:*:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>firefox>>0.2
cpe:2.3:a:mozilla:firefox:0.2:*:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>firefox>>0.3
cpe:2.3:a:mozilla:firefox:0.3:*:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>firefox>>0.4
cpe:2.3:a:mozilla:firefox:0.4:*:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>firefox>>0.5
cpe:2.3:a:mozilla:firefox:0.5:*:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>firefox>>0.6
cpe:2.3:a:mozilla:firefox:0.6:*:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>firefox>>0.6.1
cpe:2.3:a:mozilla:firefox:0.6.1:*:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>firefox>>0.7
cpe:2.3:a:mozilla:firefox:0.7:*:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>firefox>>0.7.1
cpe:2.3:a:mozilla:firefox:0.7.1:*:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>firefox>>0.8
cpe:2.3:a:mozilla:firefox:0.8:*:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>firefox>>0.9
cpe:2.3:a:mozilla:firefox:0.9:*:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>firefox>>0.9
cpe:2.3:a:mozilla:firefox:0.9:rc:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>firefox>>0.9.1
cpe:2.3:a:mozilla:firefox:0.9.1:*:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>firefox>>0.9.2
cpe:2.3:a:mozilla:firefox:0.9.2:*:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>firefox>>0.9.3
cpe:2.3:a:mozilla:firefox:0.9.3:*:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>firefox>>0.10
cpe:2.3:a:mozilla:firefox:0.10:*:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>firefox>>0.10.1
cpe:2.3:a:mozilla:firefox:0.10.1:*:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>firefox>>1.0
cpe:2.3:a:mozilla:firefox:1.0:*:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>firefox>>1.0
cpe:2.3:a:mozilla:firefox:1.0:preview_release:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>firefox>>1.0.1
cpe:2.3:a:mozilla:firefox:1.0.1:*:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>firefox>>1.0.2
cpe:2.3:a:mozilla:firefox:1.0.2:*:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>firefox>>1.0.3
cpe:2.3:a:mozilla:firefox:1.0.3:*:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>firefox>>1.0.4
cpe:2.3:a:mozilla:firefox:1.0.4:*:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>firefox>>1.0.5
cpe:2.3:a:mozilla:firefox:1.0.5:*:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>firefox>>1.0.6
cpe:2.3:a:mozilla:firefox:1.0.6:*:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>firefox>>1.0.7
cpe:2.3:a:mozilla:firefox:1.0.7:*:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>firefox>>1.0.8
cpe:2.3:a:mozilla:firefox:1.0.8:*:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>firefox>>1.4.1
cpe:2.3:a:mozilla:firefox:1.4.1:*:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>firefox>>1.5
cpe:2.3:a:mozilla:firefox:1.5:*:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>firefox>>1.5
cpe:2.3:a:mozilla:firefox:1.5:beta1:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>firefox>>1.5
cpe:2.3:a:mozilla:firefox:1.5:beta2:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>firefox>>1.5.0.1
cpe:2.3:a:mozilla:firefox:1.5.0.1:*:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>firefox>>1.5.0.2
cpe:2.3:a:mozilla:firefox:1.5.0.2:*:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>firefox>>1.5.0.3
cpe:2.3:a:mozilla:firefox:1.5.0.3:*:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>firefox>>1.5.0.4
cpe:2.3:a:mozilla:firefox:1.5.0.4:*:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>firefox>>1.5.0.5
cpe:2.3:a:mozilla:firefox:1.5.0.5:*:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>firefox>>1.5.0.6
cpe:2.3:a:mozilla:firefox:1.5.0.6:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
NVD-CWE-noinfoPrimarynvd@nist.gov
CWE ID: NVD-CWE-noinfo
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00000.htmlsecurity@mozilla.org
N/A
http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00001.htmlsecurity@mozilla.org
N/A
http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00006.htmlsecurity@mozilla.org
N/A
http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00007.htmlsecurity@mozilla.org
N/A
http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00008.htmlsecurity@mozilla.org
N/A
http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00026.htmlsecurity@mozilla.org
N/A
http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00031.htmlsecurity@mozilla.org
N/A
http://lists.opensuse.org/opensuse-updates/2015-03/msg00067.htmlsecurity@mozilla.org
N/A
http://rhn.redhat.com/errata/RHSA-2015-0265.htmlsecurity@mozilla.org
N/A
http://rhn.redhat.com/errata/RHSA-2015-0266.htmlsecurity@mozilla.org
N/A
http://rhn.redhat.com/errata/RHSA-2015-0642.htmlsecurity@mozilla.org
N/A
http://www.debian.org/security/2015/dsa-3174security@mozilla.org
N/A
http://www.debian.org/security/2015/dsa-3179security@mozilla.org
N/A
http://www.mozilla.org/security/announce/2015/mfsa2015-11.htmlsecurity@mozilla.org
Vendor Advisory
http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.htmlsecurity@mozilla.org
N/A
http://www.securityfocus.com/bid/72742security@mozilla.org
N/A
http://www.securitytracker.com/id/1031791security@mozilla.org
N/A
http://www.securitytracker.com/id/1031792security@mozilla.org
N/A
http://www.ubuntu.com/usn/USN-2505-1security@mozilla.org
N/A
http://www.ubuntu.com/usn/USN-2506-1security@mozilla.org
N/A
https://bugzilla.mozilla.org/show_bug.cgi?id=1096138security@mozilla.org
N/A
https://bugzilla.mozilla.org/show_bug.cgi?id=1107009security@mozilla.org
N/A
https://bugzilla.mozilla.org/show_bug.cgi?id=1111243security@mozilla.org
N/A
https://bugzilla.mozilla.org/show_bug.cgi?id=1111248security@mozilla.org
N/A
https://bugzilla.mozilla.org/show_bug.cgi?id=1115776security@mozilla.org
N/A
https://bugzilla.mozilla.org/show_bug.cgi?id=1117406security@mozilla.org
N/A
https://bugzilla.mozilla.org/show_bug.cgi?id=1119579security@mozilla.org
N/A
https://bugzilla.mozilla.org/show_bug.cgi?id=1123882security@mozilla.org
N/A
https://bugzilla.mozilla.org/show_bug.cgi?id=1124018security@mozilla.org
N/A
https://bugzilla.mozilla.org/show_bug.cgi?id=1128196security@mozilla.org
N/A
https://security.gentoo.org/glsa/201504-01security@mozilla.org
N/A
http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00000.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00001.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00006.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00007.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00008.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00026.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00031.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://lists.opensuse.org/opensuse-updates/2015-03/msg00067.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://rhn.redhat.com/errata/RHSA-2015-0265.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://rhn.redhat.com/errata/RHSA-2015-0266.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://rhn.redhat.com/errata/RHSA-2015-0642.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://www.debian.org/security/2015/dsa-3174af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.debian.org/security/2015/dsa-3179af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.mozilla.org/security/announce/2015/mfsa2015-11.htmlaf854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://www.securityfocus.com/bid/72742af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.securitytracker.com/id/1031791af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.securitytracker.com/id/1031792af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.ubuntu.com/usn/USN-2505-1af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.ubuntu.com/usn/USN-2506-1af854a3a-2127-422b-91ae-364da2661108
N/A
https://bugzilla.mozilla.org/show_bug.cgi?id=1096138af854a3a-2127-422b-91ae-364da2661108
N/A
https://bugzilla.mozilla.org/show_bug.cgi?id=1107009af854a3a-2127-422b-91ae-364da2661108
N/A
https://bugzilla.mozilla.org/show_bug.cgi?id=1111243af854a3a-2127-422b-91ae-364da2661108
N/A
https://bugzilla.mozilla.org/show_bug.cgi?id=1111248af854a3a-2127-422b-91ae-364da2661108
N/A
https://bugzilla.mozilla.org/show_bug.cgi?id=1115776af854a3a-2127-422b-91ae-364da2661108
N/A
https://bugzilla.mozilla.org/show_bug.cgi?id=1117406af854a3a-2127-422b-91ae-364da2661108
N/A
https://bugzilla.mozilla.org/show_bug.cgi?id=1119579af854a3a-2127-422b-91ae-364da2661108
N/A
https://bugzilla.mozilla.org/show_bug.cgi?id=1123882af854a3a-2127-422b-91ae-364da2661108
N/A
https://bugzilla.mozilla.org/show_bug.cgi?id=1124018af854a3a-2127-422b-91ae-364da2661108
N/A
https://bugzilla.mozilla.org/show_bug.cgi?id=1128196af854a3a-2127-422b-91ae-364da2661108
N/A
https://security.gentoo.org/glsa/201504-01af854a3a-2127-422b-91ae-364da2661108
N/A
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00000.html
Source: security@mozilla.org
Resource: N/A
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00001.html
Source: security@mozilla.org
Resource: N/A
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00006.html
Source: security@mozilla.org
Resource: N/A
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00007.html
Source: security@mozilla.org
Resource: N/A
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00008.html
Source: security@mozilla.org
Resource: N/A
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00026.html
Source: security@mozilla.org
Resource: N/A
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00031.html
Source: security@mozilla.org
Resource: N/A
Hyperlink: http://lists.opensuse.org/opensuse-updates/2015-03/msg00067.html
Source: security@mozilla.org
Resource: N/A
Hyperlink: http://rhn.redhat.com/errata/RHSA-2015-0265.html
Source: security@mozilla.org
Resource: N/A
Hyperlink: http://rhn.redhat.com/errata/RHSA-2015-0266.html
Source: security@mozilla.org
Resource: N/A
Hyperlink: http://rhn.redhat.com/errata/RHSA-2015-0642.html
Source: security@mozilla.org
Resource: N/A
Hyperlink: http://www.debian.org/security/2015/dsa-3174
Source: security@mozilla.org
Resource: N/A
Hyperlink: http://www.debian.org/security/2015/dsa-3179
Source: security@mozilla.org
Resource: N/A
Hyperlink: http://www.mozilla.org/security/announce/2015/mfsa2015-11.html
Source: security@mozilla.org
Resource:
Vendor Advisory
Hyperlink: http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html
Source: security@mozilla.org
Resource: N/A
Hyperlink: http://www.securityfocus.com/bid/72742
Source: security@mozilla.org
Resource: N/A
Hyperlink: http://www.securitytracker.com/id/1031791
Source: security@mozilla.org
Resource: N/A
Hyperlink: http://www.securitytracker.com/id/1031792
Source: security@mozilla.org
Resource: N/A
Hyperlink: http://www.ubuntu.com/usn/USN-2505-1
Source: security@mozilla.org
Resource: N/A
Hyperlink: http://www.ubuntu.com/usn/USN-2506-1
Source: security@mozilla.org
Resource: N/A
Hyperlink: https://bugzilla.mozilla.org/show_bug.cgi?id=1096138
Source: security@mozilla.org
Resource: N/A
Hyperlink: https://bugzilla.mozilla.org/show_bug.cgi?id=1107009
Source: security@mozilla.org
Resource: N/A
Hyperlink: https://bugzilla.mozilla.org/show_bug.cgi?id=1111243
Source: security@mozilla.org
Resource: N/A
Hyperlink: https://bugzilla.mozilla.org/show_bug.cgi?id=1111248
Source: security@mozilla.org
Resource: N/A
Hyperlink: https://bugzilla.mozilla.org/show_bug.cgi?id=1115776
Source: security@mozilla.org
Resource: N/A
Hyperlink: https://bugzilla.mozilla.org/show_bug.cgi?id=1117406
Source: security@mozilla.org
Resource: N/A
Hyperlink: https://bugzilla.mozilla.org/show_bug.cgi?id=1119579
Source: security@mozilla.org
Resource: N/A
Hyperlink: https://bugzilla.mozilla.org/show_bug.cgi?id=1123882
Source: security@mozilla.org
Resource: N/A
Hyperlink: https://bugzilla.mozilla.org/show_bug.cgi?id=1124018
Source: security@mozilla.org
Resource: N/A
Hyperlink: https://bugzilla.mozilla.org/show_bug.cgi?id=1128196
Source: security@mozilla.org
Resource: N/A
Hyperlink: https://security.gentoo.org/glsa/201504-01
Source: security@mozilla.org
Resource: N/A
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00000.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00001.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00006.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00007.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00008.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00026.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00031.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://lists.opensuse.org/opensuse-updates/2015-03/msg00067.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://rhn.redhat.com/errata/RHSA-2015-0265.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://rhn.redhat.com/errata/RHSA-2015-0266.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://rhn.redhat.com/errata/RHSA-2015-0642.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.debian.org/security/2015/dsa-3174
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.debian.org/security/2015/dsa-3179
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.mozilla.org/security/announce/2015/mfsa2015-11.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory
Hyperlink: http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.securityfocus.com/bid/72742
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.securitytracker.com/id/1031791
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.securitytracker.com/id/1031792
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.ubuntu.com/usn/USN-2505-1
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.ubuntu.com/usn/USN-2506-1
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://bugzilla.mozilla.org/show_bug.cgi?id=1096138
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://bugzilla.mozilla.org/show_bug.cgi?id=1107009
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://bugzilla.mozilla.org/show_bug.cgi?id=1111243
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://bugzilla.mozilla.org/show_bug.cgi?id=1111248
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://bugzilla.mozilla.org/show_bug.cgi?id=1115776
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://bugzilla.mozilla.org/show_bug.cgi?id=1117406
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://bugzilla.mozilla.org/show_bug.cgi?id=1119579
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://bugzilla.mozilla.org/show_bug.cgi?id=1123882
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://bugzilla.mozilla.org/show_bug.cgi?id=1124018
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://bugzilla.mozilla.org/show_bug.cgi?id=1128196
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://security.gentoo.org/glsa/201504-01
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

383Records found
CVE-2020-6826
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.48% / 64.31%
||
7 Day CHG~0.00%
Published-24 Apr, 2020 | 15:51
Updated-04 Aug, 2024 | 09:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Mozilla developers Tyson Smith, Bob Clary, and Alexandru Michis reported memory safety bugs present in Firefox 74. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 75.

Action-Not Available
Vendor-Mozilla Corporation
Product-firefoxFirefox
CWE ID-CWE-787
Out-of-bounds Write
CVE-2020-6831
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-9.8||CRITICAL
EPSS-10.15% / 92.81%
||
7 Day CHG~0.00%
Published-26 May, 2020 | 17:05
Updated-04 Aug, 2024 | 09:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A buffer overflow could occur when parsing and validating SCTP chunks in WebRTC. This could have led to memory corruption and a potentially exploitable crash. This vulnerability affects Firefox ESR < 68.8, Firefox < 76, and Thunderbird < 68.8.0.

Action-Not Available
Vendor-Canonical Ltd.openSUSEMozilla CorporationDebian GNU/Linux
Product-ubuntu_linuxdebian_linuxthunderbirdfirefoxfirefox_esrleapFirefoxFirefox ESRThunderbird
CWE ID-CWE-787
Out-of-bounds Write
CVE-2001-1404
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.53% / 66.12%
||
7 Day CHG~0.00%
Published-31 Aug, 2002 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Bugzilla before 2.14 stores user passwords in plaintext and sends password requests in an email message, which could allow attackers to gain privileges.

Action-Not Available
Vendor-n/aMozilla Corporation
Product-bugzillan/a
CVE-2001-0330
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.85% / 73.91%
||
7 Day CHG~0.00%
Published-18 Sep, 2001 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Bugzilla 2.10 allows remote attackers to access sensitive information, including the database username and password, via an HTTP request for the globals.pl file, which is normally returned by the web server without being executed.

Action-Not Available
Vendor-n/aMozilla Corporation
Product-bugzillan/a
CVE-2009-0486
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.14% / 34.64%
||
7 Day CHG~0.00%
Published-09 Feb, 2009 | 17:00
Updated-07 Aug, 2024 | 04:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Bugzilla 3.2.1, 3.0.7, and 3.3.2, when running under mod_perl, calls the srand function at startup time, which causes Apache children to have the same seed and produce insufficiently random numbers for random tokens, which allows remote attackers to bypass cross-site request forgery (CSRF) protection mechanisms and conduct unauthorized activities as other users.

Action-Not Available
Vendor-n/aMozilla Corporation
Product-bugzillan/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2019-11713
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-9.8||CRITICAL
EPSS-2.29% / 84.06%
||
7 Day CHG~0.00%
Published-23 Jul, 2019 | 13:18
Updated-04 Aug, 2024 | 23:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A use-after-free vulnerability can occur in HTTP/2 when a cached HTTP/2 stream is closed while still in use, resulting in a potentially exploitable crash. This vulnerability affects Firefox ESR < 60.8, Firefox < 68, and Thunderbird < 60.8.

Action-Not Available
Vendor-Mozilla Corporation
Product-firefoxthunderbirdfirefox_esrFirefoxFirefox ESRThunderbird
CWE ID-CWE-416
Use After Free
CVE-2019-11705
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-9.8||CRITICAL
EPSS-8.71% / 92.11%
||
7 Day CHG~0.00%
Published-23 Jul, 2019 | 13:20
Updated-04 Aug, 2024 | 23:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A flaw in Thunderbird's implementation of iCal causes a stack buffer overflow in icalrecur_add_bydayrules when processing certain email messages, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird < 60.7.1.

Action-Not Available
Vendor-Mozilla Corporation
Product-thunderbirdThunderbird
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-11714
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.76% / 72.28%
||
7 Day CHG~0.00%
Published-23 Jul, 2019 | 13:18
Updated-04 Aug, 2024 | 23:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Necko can access a child on the wrong thread during UDP connections, resulting in a potentially exploitable crash in some instances. This vulnerability affects Firefox < 68.

Action-Not Available
Vendor-Mozilla Corporation
Product-firefoxFirefox
CWE ID-CWE-20
Improper Input Validation
CVE-2019-11692
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.52% / 65.67%
||
7 Day CHG~0.00%
Published-23 Jul, 2019 | 13:23
Updated-04 Aug, 2024 | 23:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A use-after-free vulnerability can occur when listeners are removed from the event listener manager while still in use, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird < 60.7, Firefox < 67, and Firefox ESR < 60.7.

Action-Not Available
Vendor-Mozilla Corporation
Product-firefoxthunderbirdfirefox_esrThunderbirdFirefox ESRFirefox
CWE ID-CWE-416
Use After Free
CVE-2019-11691
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.52% / 65.67%
||
7 Day CHG~0.00%
Published-23 Jul, 2019 | 13:23
Updated-04 Aug, 2024 | 23:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A use-after-free vulnerability can occur when working with XMLHttpRequest (XHR) in an event loop, causing the XHR main thread to be called after it has been freed. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 60.7, Firefox < 67, and Firefox ESR < 60.7.

Action-Not Available
Vendor-Mozilla Corporation
Product-firefoxthunderbirdfirefox_esrThunderbirdFirefox ESRFirefox
CWE ID-CWE-416
Use After Free
CVE-2019-11734
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.43% / 61.94%
||
7 Day CHG~0.00%
Published-27 Sep, 2019 | 17:21
Updated-04 Aug, 2024 | 23:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Mozilla developers and community members reported memory safety bugs present in Firefox 68. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 69.

Action-Not Available
Vendor-Mozilla Corporation
Product-firefoxFirefox
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-11709
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-9.8||CRITICAL
EPSS-3.93% / 87.85%
||
7 Day CHG~0.00%
Published-23 Jul, 2019 | 13:19
Updated-04 Aug, 2024 | 23:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Mozilla developers and community members reported memory safety bugs present in Firefox 67 and Firefox ESR 60.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox ESR < 60.8, Firefox < 68, and Thunderbird < 60.8.

Action-Not Available
Vendor-Mozilla CorporationDebian GNU/LinuxopenSUSESUSE
Product-debian_linuxthunderbirdfirefoxfirefox_esrlinux_enterprisepackage_hubleapFirefoxFirefox ESRThunderbird
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-11703
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-9.8||CRITICAL
EPSS-8.30% / 91.90%
||
7 Day CHG~0.00%
Published-23 Jul, 2019 | 13:20
Updated-04 Aug, 2024 | 23:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A flaw in Thunderbird's implementation of iCal causes a heap buffer overflow in parser_get_next_char when processing certain email messages, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird < 60.7.1.

Action-Not Available
Vendor-Mozilla Corporation
Product-thunderbirdThunderbird
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-11710
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-9.8||CRITICAL
EPSS-1.31% / 78.98%
||
7 Day CHG~0.00%
Published-23 Jul, 2019 | 13:19
Updated-04 Aug, 2024 | 23:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Mozilla developers and community members reported memory safety bugs present in Firefox 67. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 68.

Action-Not Available
Vendor-openSUSEMozilla Corporation
Product-firefoxleapFirefox
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-11707
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-8.8||HIGH
EPSS-82.69% / 99.19%
||
7 Day CHG~0.00%
Published-23 Jul, 2019 | 13:20
Updated-30 Jul, 2025 | 01:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2022-06-13||Apply updates per vendor instructions.

A type confusion vulnerability can occur when manipulating JavaScript objects due to issues in Array.pop. This can allow for an exploitable crash. We are aware of targeted attacks in the wild abusing this flaw. This vulnerability affects Firefox ESR < 60.7.1, Firefox < 67.0.3, and Thunderbird < 60.7.2.

Action-Not Available
Vendor-Mozilla Corporation
Product-firefoxthunderbirdThunderbirdFirefoxFirefox ESRFirefox and Thunderbird
CWE ID-CWE-843
Access of Resource Using Incompatible Type ('Type Confusion')
CVE-2016-9901
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-9.8||CRITICAL
EPSS-2.22% / 83.83%
||
7 Day CHG~0.00%
Published-11 Jun, 2018 | 21:00
Updated-06 Aug, 2024 | 03:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

HTML tags received from the Pocket server will be processed without sanitization and any JavaScript code executed will be run in the "about:pocket-saved" (unprivileged) page, giving it access to Pocket's messaging API through HTML injection. This vulnerability affects Firefox ESR < 45.6 and Firefox < 50.1.

Action-Not Available
Vendor-Red Hat, Inc.Mozilla Corporation
Product-enterprise_linux_serverfirefoxfirefox_esrenterprise_linux_workstationenterprise_linux_ausenterprise_linux_eusenterprise_linux_desktopFirefoxFirefox ESR
CWE ID-CWE-20
Improper Input Validation
CVE-2016-9893
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-9.8||CRITICAL
EPSS-3.55% / 87.24%
||
7 Day CHG~0.00%
Published-11 Jun, 2018 | 21:00
Updated-06 Aug, 2024 | 03:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Memory safety bugs were reported in Thunderbird 45.5. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 50.1, Firefox ESR < 45.6, and Thunderbird < 45.6.

Action-Not Available
Vendor-Debian GNU/LinuxRed Hat, Inc.Mozilla Corporation
Product-enterprise_linux_serverdebian_linuxthunderbirdenterprise_linux_server_eusfirefoxfirefox_esrenterprise_linux_server_ausenterprise_linux_workstationenterprise_linuxenterprise_linux_desktopFirefoxFirefox ESRThunderbird
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2016-9898
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-9.8||CRITICAL
EPSS-3.45% / 87.05%
||
7 Day CHG~0.00%
Published-11 Jun, 2018 | 21:00
Updated-06 Aug, 2024 | 03:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use-after-free resulting in potentially exploitable crash when manipulating DOM subtrees in the Editor. This vulnerability affects Firefox < 50.1, Firefox ESR < 45.6, and Thunderbird < 45.6.

Action-Not Available
Vendor-Debian GNU/LinuxRed Hat, Inc.Mozilla Corporation
Product-enterprise_linux_serverdebian_linuxthunderbirdenterprise_linux_server_eusfirefoxfirefox_esrenterprise_linux_server_ausenterprise_linux_workstationenterprise_linuxenterprise_linux_desktopFirefoxFirefox ESRThunderbird
CWE ID-CWE-416
Use After Free
CVE-2016-9075
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-9.8||CRITICAL
EPSS-3.30% / 86.71%
||
7 Day CHG~0.00%
Published-11 Jun, 2018 | 21:00
Updated-06 Aug, 2024 | 02:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue where WebExtensions can use the mozAddonManager API to elevate privilege due to privileged pages being allowed in the permissions list. This allows a malicious extension to then install additional extensions without explicit user permission. This vulnerability affects Firefox < 50.

Action-Not Available
Vendor-Mozilla Corporation
Product-firefoxFirefox
CWE ID-CWE-264
Not Available
CVE-2016-9063
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-9.8||CRITICAL
EPSS-1.91% / 82.50%
||
7 Day CHG~0.00%
Published-11 Jun, 2018 | 21:00
Updated-06 Aug, 2024 | 02:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An integer overflow during the parsing of XML using the Expat library. This vulnerability affects Firefox < 50.

Action-Not Available
Vendor-Python Software FoundationDebian GNU/LinuxMozilla Corporation
Product-firefoxdebian_linuxpythonFirefox
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2016-9899
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-9.8||CRITICAL
EPSS-39.48% / 97.19%
||
7 Day CHG~0.00%
Published-11 Jun, 2018 | 21:00
Updated-21 Oct, 2024 | 13:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use-after-free while manipulating DOM events and removing audio elements due to errors in the handling of node adoption. This vulnerability affects Firefox < 50.1, Firefox ESR < 45.6, and Thunderbird < 45.6.

Action-Not Available
Vendor-Debian GNU/LinuxRed Hat, Inc.Mozilla Corporation
Product-enterprise_linux_serverdebian_linuxthunderbirdenterprise_linux_server_eusfirefoxfirefox_esrenterprise_linux_server_ausenterprise_linux_workstationenterprise_linuxenterprise_linux_desktopFirefoxFirefox ESRThunderbird
CWE ID-CWE-416
Use After Free
CVE-2016-9080
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-9.8||CRITICAL
EPSS-2.91% / 85.83%
||
7 Day CHG~0.00%
Published-11 Jun, 2018 | 21:00
Updated-06 Aug, 2024 | 02:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Memory safety bugs were reported in Firefox 50.0.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 50.1.

Action-Not Available
Vendor-Mozilla Corporation
Product-firefoxFirefox
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2018-5148
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-9.8||CRITICAL
EPSS-1.91% / 82.56%
||
7 Day CHG~0.00%
Published-11 Jun, 2018 | 21:00
Updated-05 Aug, 2024 | 05:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A use-after-free vulnerability can occur in the compositor during certain graphics operations when a raw pointer is used instead of a reference counted one. This results in a potentially exploitable crash. This vulnerability affects Firefox ESR < 52.7.3 and Firefox < 59.0.2.

Action-Not Available
Vendor-Canonical Ltd.Red Hat, Inc.Mozilla CorporationDebian GNU/Linux
Product-enterprise_linux_serverubuntu_linuxdebian_linuxenterprise_linux_server_eusfirefoxfirefox_esrenterprise_linux_workstationenterprise_linux_desktopFirefoxFirefox ESR
CWE ID-CWE-416
Use After Free
CVE-2018-5098
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-9.8||CRITICAL
EPSS-2.61% / 85.07%
||
7 Day CHG~0.00%
Published-11 Jun, 2018 | 21:00
Updated-05 Aug, 2024 | 05:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A use-after-free vulnerability can occur when form input elements, focus, and selections are manipulated by script content. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.6, Firefox ESR < 52.6, and Firefox < 58.

Action-Not Available
Vendor-Canonical Ltd.Red Hat, Inc.Mozilla CorporationDebian GNU/Linux
Product-enterprise_linux_serverubuntu_linuxdebian_linuxthunderbirdenterprise_linux_server_eusfirefoxfirefox_esrenterprise_linux_server_ausenterprise_linux_workstationenterprise_linux_desktopThunderbirdFirefox ESRFirefox
CWE ID-CWE-416
Use After Free
CVE-2018-7753
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.54% / 66.58%
||
7 Day CHG~0.00%
Published-07 Mar, 2018 | 23:00
Updated-17 Sep, 2024 | 01:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Bleach 2.1.x before 2.1.3. Attributes that have URI values weren't properly sanitized if the values contained character entities. Using character entities, it was possible to construct a URI value with a scheme that was not allowed that would slide through unsanitized.

Action-Not Available
Vendor-n/aMozilla Corporation
Product-bleachn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2018-5097
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-9.8||CRITICAL
EPSS-22.11% / 95.57%
||
7 Day CHG~0.00%
Published-11 Jun, 2018 | 21:00
Updated-05 Aug, 2024 | 05:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A use-after-free vulnerability can occur during XSL transformations when the source document for the transformation is manipulated by script content during the transformation. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.6, Firefox ESR < 52.6, and Firefox < 58.

Action-Not Available
Vendor-Canonical Ltd.Red Hat, Inc.Mozilla CorporationDebian GNU/Linux
Product-enterprise_linux_serverubuntu_linuxdebian_linuxthunderbirdenterprise_linux_server_eusfirefoxfirefox_esrenterprise_linux_server_ausenterprise_linux_workstationenterprise_linux_desktopThunderbirdFirefox ESRFirefox
CWE ID-CWE-416
Use After Free
CVE-2018-5144
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-7.3||HIGH
EPSS-4.42% / 88.58%
||
7 Day CHG~0.00%
Published-11 Jun, 2018 | 21:00
Updated-05 Aug, 2024 | 05:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An integer overflow can occur during conversion of text to some Unicode character sets due to an unchecked length parameter. This vulnerability affects Firefox ESR < 52.7 and Thunderbird < 52.7.

Action-Not Available
Vendor-Canonical Ltd.Red Hat, Inc.Mozilla CorporationDebian GNU/Linux
Product-enterprise_linux_serverubuntu_linuxdebian_linuxthunderbirdenterprise_linux_server_eusfirefox_esrenterprise_linux_server_ausenterprise_linux_workstationenterprise_linux_desktopThunderbirdFirefox ESR
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2018-5128
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-9.8||CRITICAL
EPSS-2.77% / 85.47%
||
7 Day CHG~0.00%
Published-11 Jun, 2018 | 21:00
Updated-05 Aug, 2024 | 05:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A use-after-free vulnerability can occur when manipulating elements, events, and selection ranges during editor operations. This results in a potentially exploitable crash. This vulnerability affects Firefox < 59.

Action-Not Available
Vendor-Mozilla CorporationCanonical Ltd.
Product-firefoxubuntu_linuxFirefox
CWE ID-CWE-416
Use After Free
CVE-2007-0981
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-17.45% / 94.81%
||
7 Day CHG-18.51%
Published-16 Feb, 2007 | 01:00
Updated-07 Aug, 2024 | 12:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Mozilla based browsers, including Firefox before 1.5.0.10 and 2.x before 2.0.0.2, and SeaMonkey before 1.0.8, allow remote attackers to bypass the same origin policy, steal cookies, and conduct other attacks by writing a URI with a null byte to the hostname (location.hostname) DOM property, due to interactions with DNS resolver code.

Action-Not Available
Vendor-n/aMozilla Corporation
Product-firefoxseamonkeyn/a
CWE ID-CWE-264
Not Available
CVE-2018-5091
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-9.8||CRITICAL
EPSS-2.31% / 84.12%
||
7 Day CHG~0.00%
Published-11 Jun, 2018 | 21:00
Updated-05 Aug, 2024 | 05:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A use-after-free vulnerability can occur during WebRTC connections when interacting with the DTMF timers. This results in a potentially exploitable crash. This vulnerability affects Firefox ESR < 52.6 and Firefox < 58.

Action-Not Available
Vendor-Canonical Ltd.Red Hat, Inc.Mozilla CorporationDebian GNU/Linux
Product-enterprise_linux_serverubuntu_linuxdebian_linuxenterprise_linux_server_eusfirefoxfirefox_esrenterprise_linux_server_ausenterprise_linux_workstationenterprise_linuxenterprise_linux_desktopFirefoxFirefox ESR
CWE ID-CWE-416
Use After Free
CVE-2018-5103
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-9.8||CRITICAL
EPSS-2.61% / 85.07%
||
7 Day CHG~0.00%
Published-11 Jun, 2018 | 21:00
Updated-05 Aug, 2024 | 05:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A use-after-free vulnerability can occur during mouse event handling due to issues with multiprocess support. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.6, Firefox ESR < 52.6, and Firefox < 58.

Action-Not Available
Vendor-Canonical Ltd.Red Hat, Inc.Mozilla CorporationDebian GNU/Linux
Product-enterprise_linux_serverubuntu_linuxdebian_linuxthunderbirdenterprise_linux_server_eusfirefoxfirefox_esrenterprise_linux_server_ausenterprise_linux_workstationenterprise_linux_desktopThunderbirdFirefox ESRFirefox
CWE ID-CWE-416
Use After Free
CVE-2018-5104
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-9.8||CRITICAL
EPSS-22.11% / 95.57%
||
7 Day CHG~0.00%
Published-11 Jun, 2018 | 21:00
Updated-05 Aug, 2024 | 05:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A use-after-free vulnerability can occur during font face manipulation when a font face is freed while still in use, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.6, Firefox ESR < 52.6, and Firefox < 58.

Action-Not Available
Vendor-Canonical Ltd.Red Hat, Inc.Mozilla CorporationDebian GNU/Linux
Product-enterprise_linux_serverubuntu_linuxdebian_linuxthunderbirdenterprise_linux_server_eusfirefoxfirefox_esrenterprise_linux_server_ausenterprise_linux_workstationenterprise_linux_desktopThunderbirdFirefox ESRFirefox
CWE ID-CWE-416
Use After Free
CVE-2018-5126
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-9.8||CRITICAL
EPSS-2.77% / 85.47%
||
7 Day CHG~0.00%
Published-11 Jun, 2018 | 21:00
Updated-05 Aug, 2024 | 05:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Memory safety bugs were reported in Firefox 58. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 59.

Action-Not Available
Vendor-Mozilla CorporationCanonical Ltd.
Product-firefoxubuntu_linuxFirefox
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2018-5122
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-9.8||CRITICAL
EPSS-3.24% / 86.58%
||
7 Day CHG~0.00%
Published-11 Jun, 2018 | 21:00
Updated-05 Aug, 2024 | 05:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A potential integer overflow in the "DoCrypt" function of WebCrypto was identified. If a means was found of exploiting it, it could result in an out-of-bounds write. This vulnerability affects Firefox < 58.

Action-Not Available
Vendor-Mozilla CorporationCanonical Ltd.
Product-firefoxubuntu_linuxFirefox
CWE ID-CWE-787
Out-of-bounds Write
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2018-5150
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-9.8||CRITICAL
EPSS-3.79% / 87.61%
||
7 Day CHG~0.00%
Published-11 Jun, 2018 | 21:00
Updated-05 Aug, 2024 | 05:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Memory safety bugs were reported in Firefox 59, Firefox ESR 52.7, and Thunderbird 52.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 52.8, Thunderbird ESR < 52.8, Firefox < 60, and Firefox ESR < 52.8.

Action-Not Available
Vendor-Canonical Ltd.Red Hat, Inc.Mozilla CorporationDebian GNU/Linux
Product-enterprise_linux_serverubuntu_linuxdebian_linuxthunderbirdenterprise_linux_server_eusfirefoxfirefox_esrenterprise_linux_server_ausenterprise_linux_workstationenterprise_linux_server_tusenterprise_linux_desktopthunderbird_esrThunderbirdThunderbird ESRFirefoxFirefox ESR
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2018-5159
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-9.8||CRITICAL
EPSS-38.81% / 97.16%
||
7 Day CHG~0.00%
Published-11 Jun, 2018 | 21:00
Updated-05 Aug, 2024 | 05:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An integer overflow can occur in the Skia library due to 32-bit integer use in an array without integer overflow checks, resulting in possible out-of-bounds writes. This could lead to a potentially exploitable crash triggerable by web content. This vulnerability affects Thunderbird < 52.8, Thunderbird ESR < 52.8, Firefox < 60, and Firefox ESR < 52.8.

Action-Not Available
Vendor-Canonical Ltd.Red Hat, Inc.Mozilla CorporationDebian GNU/Linux
Product-enterprise_linux_serverubuntu_linuxdebian_linuxthunderbirdenterprise_linux_server_eusfirefoxfirefox_esrenterprise_linux_server_ausenterprise_linux_workstationenterprise_linux_server_tusenterprise_linux_desktopthunderbird_esrThunderbirdThunderbird ESRFirefoxFirefox ESR
CWE ID-CWE-787
Out-of-bounds Write
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2018-5092
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-9.8||CRITICAL
EPSS-3.24% / 86.58%
||
7 Day CHG~0.00%
Published-11 Jun, 2018 | 21:00
Updated-05 Aug, 2024 | 05:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A use-after-free vulnerability can occur when the thread for a Web Worker is freed from memory prematurely instead of from memory in the main thread while cancelling fetch operations. This vulnerability affects Firefox < 58.

Action-Not Available
Vendor-Mozilla CorporationCanonical Ltd.
Product-firefoxubuntu_linuxFirefox
CWE ID-CWE-416
Use After Free
CVE-2018-5116
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.70% / 71.13%
||
7 Day CHG~0.00%
Published-11 Jun, 2018 | 21:00
Updated-05 Aug, 2024 | 05:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

WebExtensions with the "ActiveTab" permission are able to access frames hosted within the active tab even if the frames are cross-origin. Malicious extensions can inject frames from arbitrary origins into the loaded page and then interact with them, bypassing same-origin user expectations with this permission. This vulnerability affects Firefox < 58.

Action-Not Available
Vendor-Mozilla CorporationCanonical Ltd.
Product-firefoxubuntu_linuxFirefox
CWE ID-CWE-346
Origin Validation Error
CVE-2018-5155
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-9.8||CRITICAL
EPSS-3.79% / 87.61%
||
7 Day CHG~0.00%
Published-11 Jun, 2018 | 21:00
Updated-05 Aug, 2024 | 05:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A use-after-free vulnerability can occur while adjusting layout during SVG animations with text paths. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.8, Thunderbird ESR < 52.8, Firefox < 60, and Firefox ESR < 52.8.

Action-Not Available
Vendor-Canonical Ltd.Red Hat, Inc.Mozilla CorporationDebian GNU/Linux
Product-enterprise_linux_serverubuntu_linuxdebian_linuxthunderbirdenterprise_linux_server_eusfirefoxfirefox_esrenterprise_linux_server_ausenterprise_linux_workstationenterprise_linux_server_tusenterprise_linux_desktopthunderbird_esrThunderbirdThunderbird ESRFirefoxFirefox ESR
CWE ID-CWE-416
Use After Free
CVE-2018-5187
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-9.8||CRITICAL
EPSS-3.69% / 87.45%
||
7 Day CHG~0.00%
Published-18 Oct, 2018 | 13:00
Updated-05 Aug, 2024 | 05:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Memory safety bugs present in Firefox 60 and Firefox ESR 60. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 60, Firefox ESR < 60.1, and Firefox < 61.

Action-Not Available
Vendor-Canonical Ltd.Mozilla CorporationDebian GNU/Linux
Product-ubuntu_linuxdebian_linuxthunderbirdfirefoxfirefox_esrThunderbirdFirefox ESRFirefox
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2018-5096
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-9.8||CRITICAL
EPSS-1.65% / 81.23%
||
7 Day CHG~0.00%
Published-11 Jun, 2018 | 21:00
Updated-05 Aug, 2024 | 05:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A use-after-free vulnerability can occur while editing events in form elements on a page, resulting in a potentially exploitable crash. This vulnerability affects Firefox ESR < 52.6 and Thunderbird < 52.6.

Action-Not Available
Vendor-Debian GNU/LinuxRed Hat, Inc.Mozilla Corporation
Product-enterprise_linux_serverdebian_linuxthunderbirdenterprise_linux_server_eusfirefox_esrenterprise_linux_server_ausenterprise_linux_workstationenterprise_linuxenterprise_linux_desktopThunderbirdFirefox ESR
CWE ID-CWE-416
Use After Free
CVE-2018-5095
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-9.8||CRITICAL
EPSS-2.61% / 85.07%
||
7 Day CHG~0.00%
Published-11 Jun, 2018 | 21:00
Updated-05 Aug, 2024 | 05:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An integer overflow vulnerability in the Skia library when allocating memory for edge builders on some systems with at least 8 GB of RAM. This results in the use of uninitialized memory, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.6, Firefox ESR < 52.6, and Firefox < 58.

Action-Not Available
Vendor-Canonical Ltd.Red Hat, Inc.Mozilla CorporationDebian GNU/Linux
Product-enterprise_linux_serverubuntu_linuxdebian_linuxthunderbirdenterprise_linux_server_eusfirefoxfirefox_esrenterprise_linux_server_ausenterprise_linux_workstationenterprise_linuxenterprise_linux_desktopThunderbirdFirefox ESRFirefox
CWE ID-CWE-908
Use of Uninitialized Resource
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2018-5156
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-9.8||CRITICAL
EPSS-2.67% / 85.22%
||
7 Day CHG~0.00%
Published-18 Oct, 2018 | 13:00
Updated-21 Oct, 2024 | 13:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability can occur when capturing a media stream when the media source type is changed as the capture is occurring. This can result in stream data being cast to the wrong type causing a potentially exploitable crash. This vulnerability affects Thunderbird < 60, Firefox ESR < 60.1, Firefox ESR < 52.9, and Firefox < 61.

Action-Not Available
Vendor-Canonical Ltd.Red Hat, Inc.Mozilla CorporationDebian GNU/Linux
Product-enterprise_linux_serverubuntu_linuxdebian_linuxthunderbirdenterprise_linux_server_eusfirefoxfirefox_esrenterprise_linux_server_ausenterprise_linux_workstationenterprise_linux_server_tusenterprise_linux_desktopThunderbirdFirefox ESRFirefox
CWE ID-CWE-20
Improper Input Validation
CVE-2014-1532
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-9.8||CRITICAL
EPSS-3.61% / 87.33%
||
7 Day CHG~0.00%
Published-30 Apr, 2014 | 10:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use-after-free vulnerability in the nsHostResolver::ConditionallyRefreshRecord function in libxul.so in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via vectors related to host resolution.

Action-Not Available
Vendor-n/aMozilla CorporationopenSUSESUSERed Hat, Inc.Fedora ProjectDebian GNU/LinuxCanonical Ltd.
Product-enterprise_linux_serverenterprise_linux_eusfirefoxenterprise_linux_server_eusthunderbirddebian_linuxenterprise_linux_server_ausfedoraseamonkeyfirefox_esrubuntu_linuxenterprise_linux_desktopopensusesuse_linux_enterprise_serverenterprise_linux_server_tusenterprise_linux_workstationn/a
CWE ID-CWE-416
Use After Free
CVE-2014-1568
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-7.5||HIGH
EPSS-41.42% / 97.31%
||
7 Day CHG~0.00%
Published-25 Sep, 2014 | 17:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Mozilla Network Security Services (NSS) before 3.16.2.1, 3.16.x before 3.16.5, and 3.17.x before 3.17.1, as used in Mozilla Firefox before 32.0.3, Mozilla Firefox ESR 24.x before 24.8.1 and 31.x before 31.1.1, Mozilla Thunderbird before 24.8.1 and 31.x before 31.1.2, Mozilla SeaMonkey before 2.29.1, Google Chrome before 37.0.2062.124 on Windows and OS X, and Google Chrome OS before 37.0.2062.120, does not properly parse ASN.1 values in X.509 certificates, which makes it easier for remote attackers to spoof RSA signatures via a crafted certificate, aka a "signature malleability" issue.

Action-Not Available
Vendor-n/aMozilla CorporationGoogle LLCApple Inc.Microsoft Corporation
Product-thunderbirdchrome_osfirefoxseamonkeyfirefox_esrnetwork_security_serviceschromewindowsmac_os_xn/a
CVE-2018-18498
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-9.8||CRITICAL
EPSS-2.06% / 83.19%
||
7 Day CHG~0.00%
Published-28 Feb, 2019 | 18:00
Updated-05 Aug, 2024 | 11:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A potential vulnerability leading to an integer overflow can occur during buffer size calculations for images when a raw value is used instead of the checked value. This leads to a possible out-of-bounds write. This vulnerability affects Thunderbird < 60.4, Firefox ESR < 60.4, and Firefox < 64.

Action-Not Available
Vendor-Canonical Ltd.Red Hat, Inc.Mozilla CorporationDebian GNU/Linux
Product-enterprise_linux_serverubuntu_linuxdebian_linuxthunderbirdenterprise_linux_server_eusfirefoxfirefox_esrenterprise_linux_server_ausenterprise_linux_workstationenterprise_linux_server_tusenterprise_linux_desktopThunderbirdFirefox ESRFirefox
CWE ID-CWE-787
Out-of-bounds Write
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2018-18512
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.44% / 62.39%
||
7 Day CHG~0.00%
Published-26 Apr, 2019 | 16:13
Updated-05 Aug, 2024 | 11:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A use-after-free vulnerability can occur while playing a sound notification in Thunderbird. The memory storing the sound data is immediately freed, although the sound is still being played asynchronously, leading to a potentially exploitable crash. This vulnerability affects Thunderbird < 60.5.

Action-Not Available
Vendor-Mozilla Corporation
Product-thunderbirdThunderbird
CWE ID-CWE-416
Use After Free
CVE-2018-18505
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-10||CRITICAL
EPSS-4.04% / 88.03%
||
7 Day CHG~0.00%
Published-05 Feb, 2019 | 21:00
Updated-05 Aug, 2024 | 11:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An earlier fix for an Inter-process Communication (IPC) vulnerability, CVE-2011-3079, added authentication to communication between IPC endpoints and server parents during IPC process creation. This authentication is insufficient for channels created after the IPC process is started, leading to the authentication not being correctly applied to later channels. This could allow for a sandbox escape through IPC channels due to lack of message validation in the listener process. This vulnerability affects Thunderbird < 60.5, Firefox ESR < 60.5, and Firefox < 65.

Action-Not Available
Vendor-Canonical Ltd.Red Hat, Inc.Mozilla CorporationDebian GNU/Linux
Product-enterprise_linux_serverubuntu_linuxthunderbirddebian_linuxenterprise_linux_server_eusfirefoxfirefox_esrenterprise_linux_server_ausenterprise_linux_workstationenterprise_linux_server_tusenterprise_linux_desktopThunderbirdFirefox ESRFirefox
CWE ID-CWE-287
Improper Authentication
CVE-2018-18504
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-9.8||CRITICAL
EPSS-3.11% / 86.29%
||
7 Day CHG~0.00%
Published-05 Feb, 2019 | 21:00
Updated-05 Aug, 2024 | 11:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A crash and out-of-bounds read can occur when the buffer of a texture client is freed while it is still in use during graphic operations. This results is a potentially exploitable crash and the possibility of reading from the memory of the freed buffers. This vulnerability affects Firefox < 65.

Action-Not Available
Vendor-n/aMozilla CorporationCanonical Ltd.
Product-firefoxubuntu_linuxn/a
CWE ID-CWE-125
Out-of-bounds Read
CVE-2018-18493
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-9.8||CRITICAL
EPSS-7.84% / 91.62%
||
7 Day CHG~0.00%
Published-28 Feb, 2019 | 18:00
Updated-05 Aug, 2024 | 11:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A buffer overflow can occur in the Skia library during buffer offset calculations with hardware accelerated canvas 2D actions due to the use of 32-bit calculations instead of 64-bit. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 60.4, Firefox ESR < 60.4, and Firefox < 64.

Action-Not Available
Vendor-Canonical Ltd.Red Hat, Inc.Mozilla CorporationDebian GNU/Linux
Product-enterprise_linux_serverubuntu_linuxdebian_linuxthunderbirdenterprise_linux_server_eusfirefoxfirefox_esrenterprise_linux_server_ausenterprise_linux_workstationenterprise_linux_server_tusenterprise_linux_desktopThunderbirdFirefox ESRFirefox
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
  • Previous
  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • Next
Details not found