Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2026-7323

Summary
Assigner-mozilla
Assigner Org ID-f16b083a-5664-49f3-a51e-8d479e5ed7fe
Published At-28 Apr, 2026 | 13:49
Updated At-07 May, 2026 | 15:22
Rejected At-
Credits

Memory safety bugs fixed in Thunderbird ESR 140.10.1 and Thunderbird 150.0.1

Memory safety bugs present in Thunderbird ESR 140.10.0 and Thunderbird 150.0.0. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 150.0.1, Firefox ESR 140.10.1, Thunderbird 150.0.1, and Thunderbird 140.10.1.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
â–¼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mozilla
Assigner Org ID:f16b083a-5664-49f3-a51e-8d479e5ed7fe
Published At:28 Apr, 2026 | 13:49
Updated At:07 May, 2026 | 15:22
Rejected At:
â–¼CVE Numbering Authority (CNA)
Memory safety bugs fixed in Thunderbird ESR 140.10.1 and Thunderbird 150.0.1

Memory safety bugs present in Thunderbird ESR 140.10.0 and Thunderbird 150.0.0. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 150.0.1, Firefox ESR 140.10.1, Thunderbird 150.0.1, and Thunderbird 140.10.1.

Affected Products
Vendor
Mozilla CorporationMozilla
Product
Firefox
Versions
Unaffected
  • From 140.10.1 through 140.* (rpm)
  • From 150.0.1 through * (rpm)
Vendor
Mozilla CorporationMozilla
Product
Thunderbird
Versions
Unaffected
  • From 140.10.1 through 140.* (rpm)
  • From 150.0.1 through * (rpm)
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Ryan Hunt, Steve Fink and the Mozilla Fuzzing Team
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://bugzilla.mozilla.org/buglist.cgi?bug_id=2028537%2C2029911%2C2031121%2C2033602
N/A
https://www.mozilla.org/security/advisories/mfsa2026-35/
N/A
https://www.mozilla.org/security/advisories/mfsa2026-36/
N/A
https://www.mozilla.org/security/advisories/mfsa2026-38/
N/A
https://www.mozilla.org/security/advisories/mfsa2026-39/
N/A
Hyperlink: https://bugzilla.mozilla.org/buglist.cgi?bug_id=2028537%2C2029911%2C2031121%2C2033602
Resource: N/A
Hyperlink: https://www.mozilla.org/security/advisories/mfsa2026-35/
Resource: N/A
Hyperlink: https://www.mozilla.org/security/advisories/mfsa2026-36/
Resource: N/A
Hyperlink: https://www.mozilla.org/security/advisories/mfsa2026-38/
Resource: N/A
Hyperlink: https://www.mozilla.org/security/advisories/mfsa2026-39/
Resource: N/A
â–¼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Problem Types
TypeCWE IDDescription
CWECWE-119CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
CWECWE-787CWE-787 Out-of-bounds Write
Type: CWE
CWE ID: CWE-119
Description: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
Type: CWE
CWE ID: CWE-787
Description: CWE-787 Out-of-bounds Write
Metrics
VersionBase scoreBase severityVector
3.17.3HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Version: 3.1
Base score: 7.3
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
â–¼National Vulnerability Database (NVD)
nvd.nist.gov
Source:security@mozilla.org
Published At:28 Apr, 2026 | 15:16
Updated At:30 Apr, 2026 | 18:38

Memory safety bugs present in Thunderbird ESR 140.10.0 and Thunderbird 150.0.0. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 150.0.1, Firefox ESR 140.10.1, Thunderbird 150.0.1, and Thunderbird 140.10.1.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.17.3HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Type: Secondary
Version: 3.1
Base score: 7.3
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
CPE Matches
Mozilla Corporation
mozilla
>>firefox>>Versions before 140.10.1(exclusive)
cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*
Mozilla Corporation
mozilla
>>firefox>>Versions before 150.0.1(exclusive)
cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:*
Mozilla Corporation
mozilla
>>thunderbird>>Versions before 140.10.1(exclusive)
cpe:2.3:a:mozilla:thunderbird:*:*:*:*:esr:*:*:*
Mozilla Corporation
mozilla
>>thunderbird>>Versions before 150.0.1(exclusive)
cpe:2.3:a:mozilla:thunderbird:*:*:*:*:-:*:*:*
Weaknesses
CWE IDTypeSource
CWE-119Secondary134c704f-9b21-4f2e-91b3-4a467353bcc0
CWE-787Secondary134c704f-9b21-4f2e-91b3-4a467353bcc0
CWE ID: CWE-119
Type: Secondary
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0
CWE ID: CWE-787
Type: Secondary
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://bugzilla.mozilla.org/buglist.cgi?bug_id=2028537%2C2029911%2C2031121%2C2033602security@mozilla.org
Broken Link
https://www.mozilla.org/security/advisories/mfsa2026-35/security@mozilla.org
Vendor Advisory
https://www.mozilla.org/security/advisories/mfsa2026-36/security@mozilla.org
Vendor Advisory
https://www.mozilla.org/security/advisories/mfsa2026-38/security@mozilla.org
Vendor Advisory
https://www.mozilla.org/security/advisories/mfsa2026-39/security@mozilla.org
Vendor Advisory
Hyperlink: https://bugzilla.mozilla.org/buglist.cgi?bug_id=2028537%2C2029911%2C2031121%2C2033602
Source: security@mozilla.org
Resource:
Broken Link
Hyperlink: https://www.mozilla.org/security/advisories/mfsa2026-35/
Source: security@mozilla.org
Resource:
Vendor Advisory
Hyperlink: https://www.mozilla.org/security/advisories/mfsa2026-36/
Source: security@mozilla.org
Resource:
Vendor Advisory
Hyperlink: https://www.mozilla.org/security/advisories/mfsa2026-38/
Source: security@mozilla.org
Resource:
Vendor Advisory
Hyperlink: https://www.mozilla.org/security/advisories/mfsa2026-39/
Source: security@mozilla.org
Resource:
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

765Records found
CVE-2022-29918
Matching Score-6
Assigner-Mozilla Corporation
ShareView Details
Matching Score-6
Assigner-Mozilla Corporation
CVSS Score-8.8||HIGH
EPSS-0.40% / 60.91%
||
7 Day CHG~0.00%
Published-22 Dec, 2022 | 00:00
Updated-15 Apr, 2025 | 15:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Mozilla developers Gabriele Svelto, Randell Jesup and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 99. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 100.

Action-Not Available
Vendor-Mozilla Corporation
Product-firefoxFirefox
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-13027
Matching Score-6
Assigner-Mozilla Corporation
ShareView Details
Matching Score-6
Assigner-Mozilla Corporation
CVSS Score-8.1||HIGH
EPSS-0.05% / 16.10%
||
7 Day CHG~0.00%
Published-11 Nov, 2025 | 15:47
Updated-13 Apr, 2026 | 15:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Memory safety bugs fixed in Firefox 145 and Thunderbird 145

Memory safety bugs present in Firefox 144 and Thunderbird 144. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 145 and Thunderbird 145.

Action-Not Available
Vendor-Mozilla Corporation
Product-firefoxThunderbirdFirefox
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2020-6831
Matching Score-6
Assigner-Mozilla Corporation
ShareView Details
Matching Score-6
Assigner-Mozilla Corporation
CVSS Score-9.8||CRITICAL
EPSS-6.27% / 90.98%
||
7 Day CHG~0.00%
Published-26 May, 2020 | 17:05
Updated-04 Aug, 2024 | 09:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A buffer overflow could occur when parsing and validating SCTP chunks in WebRTC. This could have led to memory corruption and a potentially exploitable crash. This vulnerability affects Firefox ESR < 68.8, Firefox < 76, and Thunderbird < 68.8.0.

Action-Not Available
Vendor-Canonical Ltd.openSUSEMozilla CorporationDebian GNU/Linux
Product-ubuntu_linuxdebian_linuxthunderbirdfirefoxfirefox_esrleapFirefoxFirefox ESRThunderbird
CWE ID-CWE-787
Out-of-bounds Write
CVE-2026-2792
Matching Score-6
Assigner-Mozilla Corporation
ShareView Details
Matching Score-6
Assigner-Mozilla Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.07% / 21.77%
||
7 Day CHG~0.00%
Published-24 Feb, 2026 | 13:33
Updated-13 Apr, 2026 | 15:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Memory safety bugs fixed in Firefox ESR 140.8, Thunderbird ESR 140.8, Firefox 148 and Thunderbird 148

Memory safety bugs present in Firefox ESR 140.7, Thunderbird ESR 140.7, Firefox 147 and Thunderbird 147. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 148, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8.

Action-Not Available
Vendor-Mozilla Corporation
Product-firefoxthunderbirdThunderbirdFirefox
CWE ID-CWE-787
Out-of-bounds Write
CVE-2026-2773
Matching Score-6
Assigner-Mozilla Corporation
ShareView Details
Matching Score-6
Assigner-Mozilla Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.03% / 8.26%
||
7 Day CHG~0.00%
Published-24 Feb, 2026 | 13:33
Updated-16 Apr, 2026 | 14:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Incorrect boundary conditions in the Web Audio component

Incorrect boundary conditions in the Web Audio component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8.

Action-Not Available
Vendor-Mozilla Corporation
Product-firefoxthunderbirdThunderbirdFirefox
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2018-5159
Matching Score-6
Assigner-Mozilla Corporation
ShareView Details
Matching Score-6
Assigner-Mozilla Corporation
CVSS Score-9.8||CRITICAL
EPSS-37.56% / 97.21%
||
7 Day CHG~0.00%
Published-11 Jun, 2018 | 21:00
Updated-25 Nov, 2025 | 17:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An integer overflow can occur in the Skia library due to 32-bit integer use in an array without integer overflow checks, resulting in possible out-of-bounds writes. This could lead to a potentially exploitable crash triggerable by web content. This vulnerability affects Thunderbird < 52.8, Thunderbird ESR < 52.8, Firefox < 60, and Firefox ESR < 52.8.

Action-Not Available
Vendor-Mozilla CorporationCanonical Ltd.Debian GNU/LinuxRed Hat, Inc.
Product-thunderbirdenterprise_linux_server_tusthunderbird_esrfirefoxubuntu_linuxenterprise_linux_desktopenterprise_linux_server_eusenterprise_linux_serverdebian_linuxenterprise_linux_workstationenterprise_linux_server_ausThunderbirdThunderbird ESRFirefoxFirefox ESR
CWE ID-CWE-190
Integer Overflow or Wraparound
CWE ID-CWE-787
Out-of-bounds Write
CVE-2018-5094
Matching Score-6
Assigner-Mozilla Corporation
ShareView Details
Matching Score-6
Assigner-Mozilla Corporation
CVSS Score-7.5||HIGH
EPSS-35.43% / 97.08%
||
7 Day CHG~0.00%
Published-11 Jun, 2018 | 21:00
Updated-05 Aug, 2024 | 05:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A heap buffer overflow vulnerability may occur in WebAssembly when "shrinkElements" is called followed by garbage collection on memory that is now uninitialized. This results in a potentially exploitable crash. This vulnerability affects Firefox < 58.

Action-Not Available
Vendor-Mozilla CorporationCanonical Ltd.
Product-firefoxubuntu_linuxFirefox
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2018-5146
Matching Score-6
Assigner-Mozilla Corporation
ShareView Details
Matching Score-6
Assigner-Mozilla Corporation
CVSS Score-8.8||HIGH
EPSS-55.64% / 98.10%
||
7 Day CHG~0.00%
Published-11 Jun, 2018 | 21:00
Updated-25 Nov, 2025 | 17:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An out of bounds memory write while processing Vorbis audio data was reported through the Pwn2Own contest. This vulnerability affects Firefox < 59.0.1, Firefox ESR < 52.7.2, and Thunderbird < 52.7.

Action-Not Available
Vendor-Mozilla CorporationCanonical Ltd.Debian GNU/LinuxRed Hat, Inc.
Product-thunderbirdenterprise_linux_server_tusfirefoxubuntu_linuxenterprise_linux_desktopenterprise_linux_server_eusenterprise_linux_serverdebian_linuxenterprise_linux_workstationenterprise_linux_server_ausFirefoxFirefox ESRThunderbird
CWE ID-CWE-787
Out-of-bounds Write
CVE-2018-5093
Matching Score-6
Assigner-Mozilla Corporation
ShareView Details
Matching Score-6
Assigner-Mozilla Corporation
CVSS Score-7.5||HIGH
EPSS-21.88% / 95.79%
||
7 Day CHG~0.00%
Published-11 Jun, 2018 | 21:00
Updated-05 Aug, 2024 | 05:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A heap buffer overflow vulnerability may occur in WebAssembly during Memory/Table resizing, resulting in a potentially exploitable crash. This vulnerability affects Firefox < 58.

Action-Not Available
Vendor-Mozilla CorporationCanonical Ltd.
Product-firefoxubuntu_linuxFirefox
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2018-5178
Matching Score-6
Assigner-Mozilla Corporation
ShareView Details
Matching Score-6
Assigner-Mozilla Corporation
CVSS Score-8.1||HIGH
EPSS-18.16% / 95.22%
||
7 Day CHG~0.00%
Published-11 Jun, 2018 | 21:00
Updated-25 Nov, 2025 | 17:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A buffer overflow was found during UTF8 to Unicode string conversion within JavaScript with extremely large amounts of data. This vulnerability requires the use of a malicious or vulnerable legacy extension in order to occur. This vulnerability affects Thunderbird ESR < 52.8, Thunderbird < 52.8, and Firefox ESR < 52.8.

Action-Not Available
Vendor-Mozilla CorporationCanonical Ltd.Debian GNU/LinuxRed Hat, Inc.
Product-thunderbird_esrthunderbirdenterprise_linux_server_tusfirefoxubuntu_linuxenterprise_linux_desktopenterprise_linux_serverdebian_linuxenterprise_linux_server_eusenterprise_linux_workstationenterprise_linux_server_ausThunderbird ESRFirefox ESRThunderbird
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2026-2778
Matching Score-6
Assigner-Mozilla Corporation
ShareView Details
Matching Score-6
Assigner-Mozilla Corporation
CVSS Score-10||CRITICAL
EPSS-0.03% / 8.07%
||
7 Day CHG~0.00%
Published-24 Feb, 2026 | 13:33
Updated-16 Apr, 2026 | 14:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Sandbox escape due to incorrect boundary conditions in the DOM: Core & HTML component

Sandbox escape due to incorrect boundary conditions in the DOM: Core & HTML component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8.

Action-Not Available
Vendor-Mozilla Corporation
Product-firefoxthunderbirdThunderbirdFirefox
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2018-5186
Matching Score-6
Assigner-Mozilla Corporation
ShareView Details
Matching Score-6
Assigner-Mozilla Corporation
CVSS Score-9.8||CRITICAL
EPSS-1.62% / 81.91%
||
7 Day CHG-0.09%
Published-18 Oct, 2018 | 13:00
Updated-05 Aug, 2024 | 05:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Memory safety bugs present in Firefox 60. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 61.

Action-Not Available
Vendor-Mozilla CorporationCanonical Ltd.
Product-firefoxubuntu_linuxFirefox
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2018-5145
Matching Score-6
Assigner-Mozilla Corporation
ShareView Details
Matching Score-6
Assigner-Mozilla Corporation
CVSS Score-9.8||CRITICAL
EPSS-2.02% / 83.84%
||
7 Day CHG~0.00%
Published-11 Jun, 2018 | 21:00
Updated-25 Nov, 2025 | 17:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Memory safety bugs were reported in Firefox ESR 52.6. These bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox ESR < 52.7 and Thunderbird < 52.7.

Action-Not Available
Vendor-Mozilla CorporationCanonical Ltd.Debian GNU/LinuxRed Hat, Inc.
Product-thunderbirdenterprise_linux_server_tusfirefoxubuntu_linuxenterprise_linux_desktopenterprise_linux_server_eusenterprise_linux_serverdebian_linuxenterprise_linux_workstationenterprise_linux_server_ausThunderbirdFirefox ESR
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2013-1732
Matching Score-6
Assigner-Mozilla Corporation
ShareView Details
Matching Score-6
Assigner-Mozilla Corporation
CVSS Score-9.3||HIGH
EPSS-33.16% / 96.93%
||
7 Day CHG~0.00%
Published-18 Sep, 2013 | 10:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in the nsFloatManager::GetFlowArea function in Mozilla Firefox before 24.0, Firefox ESR 17.x before 17.0.9, Thunderbird before 24.0, Thunderbird ESR 17.x before 17.0.9, and SeaMonkey before 2.21 allows remote attackers to execute arbitrary code via crafted use of lists and floats within a multi-column layout.

Action-Not Available
Vendor-n/aMozilla Corporation
Product-thunderbird_esrfirefoxthunderbirdseamonkeyn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2022-28281
Matching Score-6
Assigner-Mozilla Corporation
ShareView Details
Matching Score-6
Assigner-Mozilla Corporation
CVSS Score-8.8||HIGH
EPSS-14.57% / 94.50%
||
7 Day CHG~0.00%
Published-22 Dec, 2022 | 00:00
Updated-15 Apr, 2025 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

If a compromised content process sent an unexpected number of WebAuthN Extensions in a Register command to the parent process, an out of bounds write would have occurred leading to memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird < 91.8, Firefox < 99, and Firefox ESR < 91.8.

Action-Not Available
Vendor-Mozilla Corporation
Product-firefox_esrthunderbirdfirefoxThunderbirdFirefox ESRFirefox
CWE ID-CWE-787
Out-of-bounds Write
CVE-2013-1705
Matching Score-6
Assigner-Mozilla Corporation
ShareView Details
Matching Score-6
Assigner-Mozilla Corporation
CVSS Score-10||HIGH
EPSS-5.28% / 90.05%
||
7 Day CHG~0.00%
Published-07 Aug, 2013 | 01:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Heap-based buffer underflow in the cryptojs_interpret_key_gen_type function in Mozilla Firefox before 23.0 and SeaMonkey before 2.20 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted Certificate Request Message Format (CRMF) request.

Action-Not Available
Vendor-n/aMozilla Corporation
Product-firefoxseamonkeyn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2022-28289
Matching Score-6
Assigner-Mozilla Corporation
ShareView Details
Matching Score-6
Assigner-Mozilla Corporation
CVSS Score-8.8||HIGH
EPSS-0.40% / 60.37%
||
7 Day CHG~0.00%
Published-22 Dec, 2022 | 00:00
Updated-16 Apr, 2025 | 14:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Mozilla developers and community members Nika Layzell, Andrew McCreight, Gabriele Svelto, and the Mozilla Fuzzing Team reported memory safety bugs present in Thunderbird 91.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird < 91.8, Firefox < 99, and Firefox ESR < 91.8.

Action-Not Available
Vendor-Mozilla Corporation
Product-thunderbirdfirefox_esrfirefoxFirefox ESRFirefoxThunderbird
CWE ID-CWE-787
Out-of-bounds Write
CVE-2018-5127
Matching Score-6
Assigner-Mozilla Corporation
ShareView Details
Matching Score-6
Assigner-Mozilla Corporation
CVSS Score-8.8||HIGH
EPSS-20.18% / 95.53%
||
7 Day CHG~0.00%
Published-11 Jun, 2018 | 21:00
Updated-25 Nov, 2025 | 17:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A buffer overflow can occur when manipulating the SVG "animatedPathSegList" through script. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.7, Firefox ESR < 52.7, and Firefox < 59.

Action-Not Available
Vendor-Mozilla CorporationCanonical Ltd.Debian GNU/LinuxRed Hat, Inc.
Product-thunderbirdfirefoxubuntu_linuxenterprise_linux_desktopenterprise_linux_server_eusenterprise_linux_serverdebian_linuxenterprise_linux_workstationenterprise_linux_server_ausThunderbirdFirefox ESRFirefox
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2018-5126
Matching Score-6
Assigner-Mozilla Corporation
ShareView Details
Matching Score-6
Assigner-Mozilla Corporation
CVSS Score-9.8||CRITICAL
EPSS-2.04% / 83.94%
||
7 Day CHG~0.00%
Published-11 Jun, 2018 | 21:00
Updated-05 Aug, 2024 | 05:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Memory safety bugs were reported in Firefox 58. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 59.

Action-Not Available
Vendor-Mozilla CorporationCanonical Ltd.
Product-firefoxubuntu_linuxFirefox
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2018-5122
Matching Score-6
Assigner-Mozilla Corporation
ShareView Details
Matching Score-6
Assigner-Mozilla Corporation
CVSS Score-9.8||CRITICAL
EPSS-2.39% / 85.09%
||
7 Day CHG~0.00%
Published-11 Jun, 2018 | 21:00
Updated-05 Aug, 2024 | 05:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A potential integer overflow in the "DoCrypt" function of WebCrypto was identified. If a means was found of exploiting it, it could result in an out-of-bounds write. This vulnerability affects Firefox < 58.

Action-Not Available
Vendor-Mozilla CorporationCanonical Ltd.
Product-firefoxubuntu_linuxFirefox
CWE ID-CWE-787
Out-of-bounds Write
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2018-5090
Matching Score-6
Assigner-Mozilla Corporation
ShareView Details
Matching Score-6
Assigner-Mozilla Corporation
CVSS Score-9.8||CRITICAL
EPSS-2.03% / 83.88%
||
7 Day CHG~0.00%
Published-11 Jun, 2018 | 21:00
Updated-05 Aug, 2024 | 05:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Memory safety bugs were reported in Firefox 57. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 58.

Action-Not Available
Vendor-Mozilla CorporationCanonical Ltd.
Product-firefoxubuntu_linuxFirefox
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2018-5187
Matching Score-6
Assigner-Mozilla Corporation
ShareView Details
Matching Score-6
Assigner-Mozilla Corporation
CVSS Score-9.8||CRITICAL
EPSS-2.22% / 84.58%
||
7 Day CHG-0.12%
Published-18 Oct, 2018 | 13:00
Updated-25 Nov, 2025 | 17:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Memory safety bugs present in Firefox 60 and Firefox ESR 60. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 60, Firefox ESR < 60.1, and Firefox < 61.

Action-Not Available
Vendor-Mozilla CorporationCanonical Ltd.Debian GNU/Linux
Product-firefoxthunderbirddebian_linuxubuntu_linuxThunderbirdFirefox ESRFirefox
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2018-5188
Matching Score-6
Assigner-Mozilla Corporation
ShareView Details
Matching Score-6
Assigner-Mozilla Corporation
CVSS Score-9.8||CRITICAL
EPSS-4.71% / 89.42%
||
7 Day CHG-0.24%
Published-18 Oct, 2018 | 13:00
Updated-21 Oct, 2024 | 13:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Memory safety bugs present in Firefox 60, Firefox ESR 60, and Firefox ESR 52.8. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 60, Thunderbird < 52.9, Firefox ESR < 60.1, Firefox ESR < 52.9, and Firefox < 61.

Action-Not Available
Vendor-Canonical Ltd.Red Hat, Inc.Mozilla CorporationDebian GNU/Linux
Product-enterprise_linux_serverubuntu_linuxdebian_linuxthunderbirdenterprise_linux_server_eusfirefoxfirefox_esrenterprise_linux_server_ausenterprise_linux_workstationenterprise_linux_server_tusenterprise_linux_desktopThunderbirdFirefox ESRFirefox
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2018-5129
Matching Score-6
Assigner-Mozilla Corporation
ShareView Details
Matching Score-6
Assigner-Mozilla Corporation
CVSS Score-8.6||HIGH
EPSS-2.33% / 84.91%
||
7 Day CHG~0.00%
Published-11 Jun, 2018 | 21:00
Updated-25 Nov, 2025 | 17:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A lack of parameter validation on IPC messages results in a potential out-of-bounds write through malformed IPC messages. This can potentially allow for sandbox escape through memory corruption in the parent process. This vulnerability affects Thunderbird < 52.7, Firefox ESR < 52.7, and Firefox < 59.

Action-Not Available
Vendor-Mozilla CorporationCanonical Ltd.Debian GNU/LinuxRed Hat, Inc.
Product-thunderbirdfirefoxubuntu_linuxenterprise_linux_desktopenterprise_linux_serverdebian_linuxenterprise_linux_server_eusenterprise_linux_workstationenterprise_linux_server_ausThunderbirdFirefox ESRFirefox
CWE ID-CWE-787
Out-of-bounds Write
CVE-2018-5125
Matching Score-6
Assigner-Mozilla Corporation
ShareView Details
Matching Score-6
Assigner-Mozilla Corporation
CVSS Score-8.8||HIGH
EPSS-1.07% / 77.83%
||
7 Day CHG~0.00%
Published-11 Jun, 2018 | 21:00
Updated-25 Nov, 2025 | 17:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Memory safety bugs were reported in Firefox 58 and Firefox ESR 52.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 52.7, Firefox ESR < 52.7, and Firefox < 59.

Action-Not Available
Vendor-Mozilla CorporationCanonical Ltd.Debian GNU/LinuxRed Hat, Inc.
Product-thunderbirdfirefoxubuntu_linuxenterprise_linux_desktopenterprise_linux_serverdebian_linuxenterprise_linux_workstationThunderbirdFirefox ESRFirefox
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2018-5089
Matching Score-6
Assigner-Mozilla Corporation
ShareView Details
Matching Score-6
Assigner-Mozilla Corporation
CVSS Score-9.8||CRITICAL
EPSS-2.99% / 86.61%
||
7 Day CHG~0.00%
Published-11 Jun, 2018 | 21:00
Updated-25 Nov, 2025 | 17:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Memory safety bugs were reported in Firefox 57 and Firefox ESR 52.5. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 52.6, Firefox ESR < 52.6, and Firefox < 58.

Action-Not Available
Vendor-Mozilla CorporationCanonical Ltd.Debian GNU/LinuxRed Hat, Inc.
Product-thunderbirdfirefoxubuntu_linuxenterprise_linux_desktopenterprise_linux_serverdebian_linuxenterprise_linux_workstationThunderbirdFirefox ESRFirefox
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2018-5147
Matching Score-6
Assigner-Mozilla Corporation
ShareView Details
Matching Score-6
Assigner-Mozilla Corporation
CVSS Score-9.8||CRITICAL
EPSS-1.43% / 80.72%
||
7 Day CHG~0.00%
Published-11 Jun, 2018 | 21:00
Updated-25 Nov, 2025 | 17:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The libtremor library has the same flaw as CVE-2018-5146. This library is used by Firefox in place of libvorbis on Android and ARM platforms. This vulnerability affects Firefox ESR < 52.7.2 and Firefox < 59.0.1.

Action-Not Available
Vendor-Debian GNU/LinuxMozilla Corporation
Product-debian_linuxfirefoxFirefoxFirefox ESR
CWE ID-CWE-787
Out-of-bounds Write
CVE-2018-5150
Matching Score-6
Assigner-Mozilla Corporation
ShareView Details
Matching Score-6
Assigner-Mozilla Corporation
CVSS Score-9.8||CRITICAL
EPSS-3.92% / 88.35%
||
7 Day CHG~0.00%
Published-11 Jun, 2018 | 21:00
Updated-25 Nov, 2025 | 17:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Memory safety bugs were reported in Firefox 59, Firefox ESR 52.7, and Thunderbird 52.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 52.8, Thunderbird ESR < 52.8, Firefox < 60, and Firefox ESR < 52.8.

Action-Not Available
Vendor-Mozilla CorporationCanonical Ltd.Debian GNU/LinuxRed Hat, Inc.
Product-thunderbirdenterprise_linux_server_tusthunderbird_esrfirefoxubuntu_linuxenterprise_linux_desktopenterprise_linux_server_eusenterprise_linux_serverdebian_linuxenterprise_linux_workstationenterprise_linux_server_ausThunderbirdThunderbird ESRFirefoxFirefox ESR
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2018-5183
Matching Score-6
Assigner-Mozilla Corporation
ShareView Details
Matching Score-6
Assigner-Mozilla Corporation
CVSS Score-9.8||CRITICAL
EPSS-3.92% / 88.35%
||
7 Day CHG~0.00%
Published-11 Jun, 2018 | 21:00
Updated-25 Nov, 2025 | 17:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Mozilla developers backported selected changes in the Skia library. These changes correct memory corruption issues including invalid buffer reads and writes during graphic operations. This vulnerability affects Thunderbird ESR < 52.8, Thunderbird < 52.8, and Firefox ESR < 52.8.

Action-Not Available
Vendor-Mozilla CorporationCanonical Ltd.Debian GNU/LinuxRed Hat, Inc.
Product-thunderbirdenterprise_linux_server_tusthunderbird_esrfirefoxubuntu_linuxenterprise_linux_desktopenterprise_linux_server_eusenterprise_linux_serverdebian_linuxenterprise_linux_workstationenterprise_linux_server_ausThunderbird ESRFirefox ESRThunderbird
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2013-1728
Matching Score-6
Assigner-Mozilla Corporation
ShareView Details
Matching Score-6
Assigner-Mozilla Corporation
CVSS Score-4.3||MEDIUM
EPSS-1.07% / 77.85%
||
7 Day CHG~0.00%
Published-18 Sep, 2013 | 10:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The IonMonkey JavaScript engine in Mozilla Firefox before 24.0, Thunderbird before 24.0, and SeaMonkey before 2.21, when Valgrind mode is used, does not properly initialize memory, which makes it easier for remote attackers to obtain sensitive information via unspecified vectors.

Action-Not Available
Vendor-n/aMozilla Corporation
Product-thunderbirdfirefoxseamonkeyn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2013-1678
Matching Score-6
Assigner-Mozilla Corporation
ShareView Details
Matching Score-6
Assigner-Mozilla Corporation
CVSS Score-10||HIGH
EPSS-3.74% / 88.05%
||
7 Day CHG~0.00%
Published-16 May, 2013 | 10:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The _cairo_xlib_surface_add_glyph function in Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6, and Thunderbird ESR 17.x before 17.0.6 allows remote attackers to execute arbitrary code or cause a denial of service (invalid write operation) via unspecified vectors.

Action-Not Available
Vendor-n/aMozilla Corporation
Product-thunderbirdfirefoxthunderbird_esrn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2013-1721
Matching Score-6
Assigner-Mozilla Corporation
ShareView Details
Matching Score-6
Assigner-Mozilla Corporation
CVSS Score-9.3||HIGH
EPSS-0.89% / 75.61%
||
7 Day CHG~0.00%
Published-18 Sep, 2013 | 10:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Integer overflow in the drawLineLoop function in the libGLESv2 library in Almost Native Graphics Layer Engine (ANGLE), as used in Mozilla Firefox before 24.0 and SeaMonkey before 2.21, allows remote attackers to execute arbitrary code via a crafted web site.

Action-Not Available
Vendor-n/aMozilla Corporation
Product-firefoxseamonkeyn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2018-5177
Matching Score-6
Assigner-Mozilla Corporation
ShareView Details
Matching Score-6
Assigner-Mozilla Corporation
CVSS Score-7.5||HIGH
EPSS-0.92% / 76.01%
||
7 Day CHG~0.00%
Published-11 Jun, 2018 | 21:00
Updated-05 Aug, 2024 | 05:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability exists in XSLT during number formatting where a negative buffer size may be allocated in some instances, leading to a buffer overflow and crash if it occurs. This vulnerability affects Firefox < 60.

Action-Not Available
Vendor-Mozilla CorporationCanonical Ltd.
Product-firefoxubuntu_linuxFirefox
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2018-5151
Matching Score-6
Assigner-Mozilla Corporation
ShareView Details
Matching Score-6
Assigner-Mozilla Corporation
CVSS Score-9.8||CRITICAL
EPSS-2.74% / 86.05%
||
7 Day CHG~0.00%
Published-11 Jun, 2018 | 21:00
Updated-05 Aug, 2024 | 05:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Memory safety bugs were reported in Firefox 59. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 60.

Action-Not Available
Vendor-Mozilla CorporationCanonical Ltd.
Product-firefoxubuntu_linuxFirefox
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2026-2793
Matching Score-6
Assigner-Mozilla Corporation
ShareView Details
Matching Score-6
Assigner-Mozilla Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.07% / 22.10%
||
7 Day CHG~0.00%
Published-24 Feb, 2026 | 13:33
Updated-13 Apr, 2026 | 15:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Memory safety bugs fixed in Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird ESR 140.8, Firefox 148 and Thunderbird 148

Memory safety bugs present in Firefox ESR 115.32, Firefox ESR 140.7, Thunderbird ESR 140.7, Firefox 147 and Thunderbird 147. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8.

Action-Not Available
Vendor-Mozilla Corporation
Product-firefoxthunderbirdThunderbirdFirefox
CWE ID-CWE-787
Out-of-bounds Write
CVE-2007-0777
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-9.3||HIGH
EPSS-42.76% / 97.49%
||
7 Day CHG~0.00%
Published-26 Feb, 2007 | 19:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The JavaScript engine in Mozilla Firefox before 1.5.0.10 and 2.x before 2.0.0.2, Thunderbird before 1.5.0.10, and SeaMonkey before 1.0.8 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via certain vectors that trigger memory corruption.

Action-Not Available
Vendor-n/aMozilla CorporationCanonical Ltd.
Product-thunderbirdfirefoxubuntu_linuxseamonkeyn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2025-11715
Matching Score-6
Assigner-Mozilla Corporation
ShareView Details
Matching Score-6
Assigner-Mozilla Corporation
CVSS Score-8.8||HIGH
EPSS-0.06% / 17.94%
||
7 Day CHG~0.00%
Published-14 Oct, 2025 | 12:27
Updated-13 Apr, 2026 | 15:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Memory safety bugs fixed in Firefox ESR 140.4, Thunderbird ESR 140.4, Firefox 144 and Thunderbird 144

Memory safety bugs present in Firefox ESR 140.3, Thunderbird ESR 140.3, Firefox 143 and Thunderbird 143. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 144, Firefox ESR 140.4, Thunderbird 144, and Thunderbird 140.4.

Action-Not Available
Vendor-Mozilla Corporation
Product-firefoxthunderbirdThunderbirdFirefox
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2025-11709
Matching Score-6
Assigner-Mozilla Corporation
ShareView Details
Matching Score-6
Assigner-Mozilla Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.10% / 26.37%
||
7 Day CHG~0.00%
Published-14 Oct, 2025 | 12:27
Updated-13 Apr, 2026 | 15:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Out of bounds read/write in a privileged process triggered by WebGL textures

A compromised web process was able to trigger out of bounds reads and writes in a more privileged process using manipulated WebGL textures. This vulnerability was fixed in Firefox 144, Firefox ESR 115.29, Firefox ESR 140.4, Thunderbird 144, and Thunderbird 140.4.

Action-Not Available
Vendor-Mozilla Corporation
Product-firefoxthunderbirdThunderbirdFirefox
CWE ID-CWE-787
Out-of-bounds Write
CVE-2007-0776
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-9.3||HIGH
EPSS-30.97% / 96.77%
||
7 Day CHG~0.00%
Published-26 Feb, 2007 | 19:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Heap-based buffer overflow in the _cairo_pen_init function in Mozilla Firefox 2.x before 2.0.0.2, Thunderbird before 1.5.0.10, and SeaMonkey before 1.0.8 allows remote attackers to execute arbitrary code via a large stroke-width attribute in the clipPath element in an SVG file.

Action-Not Available
Vendor-n/aMozilla Corporation
Product-thunderbirdfirefoxseamonkeyn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2022-2505
Matching Score-6
Assigner-Mozilla Corporation
ShareView Details
Matching Score-6
Assigner-Mozilla Corporation
CVSS Score-8.8||HIGH
EPSS-0.24% / 46.72%
||
7 Day CHG~0.00%
Published-22 Dec, 2022 | 00:00
Updated-15 Apr, 2025 | 15:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Mozilla developers and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 102. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR < 102.1, Firefox < 103, and Thunderbird < 102.1.

Action-Not Available
Vendor-Mozilla Corporation
Product-firefox_esrthunderbirdfirefoxThunderbirdFirefox ESRFirefox
CWE ID-CWE-787
Out-of-bounds Write
CVE-2020-35113
Matching Score-6
Assigner-Mozilla Corporation
ShareView Details
Matching Score-6
Assigner-Mozilla Corporation
CVSS Score-8.8||HIGH
EPSS-0.53% / 67.50%
||
7 Day CHG~0.00%
Published-07 Jan, 2021 | 13:49
Updated-04 Aug, 2024 | 16:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Mozilla developers reported memory safety bugs present in Firefox 83 and Firefox ESR 78.5. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 84, Thunderbird < 78.6, and Firefox ESR < 78.6.

Action-Not Available
Vendor-Mozilla Corporation
Product-firefoxthunderbirdfirefox_esrFirefoxFirefox ESRThunderbird
CWE ID-CWE-787
Out-of-bounds Write
CVE-2026-2807
Matching Score-6
Assigner-Mozilla Corporation
ShareView Details
Matching Score-6
Assigner-Mozilla Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.06% / 19.54%
||
7 Day CHG~0.00%
Published-24 Feb, 2026 | 13:33
Updated-13 Apr, 2026 | 15:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Memory safety bugs fixed in Firefox 148 and Thunderbird 148

Memory safety bugs present in Firefox 147 and Thunderbird 147. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 148 and Thunderbird 148.

Action-Not Available
Vendor-Mozilla Corporation
Product-firefoxthunderbirdThunderbirdFirefox
CWE ID-CWE-787
Out-of-bounds Write
CVE-2026-2779
Matching Score-6
Assigner-Mozilla Corporation
ShareView Details
Matching Score-6
Assigner-Mozilla Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.02% / 6.68%
||
7 Day CHG~0.00%
Published-24 Feb, 2026 | 13:33
Updated-16 Apr, 2026 | 14:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Incorrect boundary conditions in the Networking: JAR component

Incorrect boundary conditions in the Networking: JAR component. This vulnerability was fixed in Firefox 148, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8.

Action-Not Available
Vendor-Mozilla Corporation
Product-firefoxthunderbirdThunderbirdFirefox
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2025-11721
Matching Score-6
Assigner-Mozilla Corporation
ShareView Details
Matching Score-6
Assigner-Mozilla Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.06% / 18.71%
||
7 Day CHG~0.00%
Published-14 Oct, 2025 | 12:27
Updated-13 Apr, 2026 | 15:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Memory safety bug fixed in Firefox 144 and Thunderbird 144

Memory safety bug present in Firefox 143 and Thunderbird 143. This bug showed evidence of memory corruption and we presume that with enough effort this could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 144 and Thunderbird 144.

Action-Not Available
Vendor-Mozilla Corporation
Product-firefoxthunderbirdThunderbirdFirefox
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2025-11714
Matching Score-6
Assigner-Mozilla Corporation
ShareView Details
Matching Score-6
Assigner-Mozilla Corporation
CVSS Score-8.8||HIGH
EPSS-0.06% / 17.09%
||
7 Day CHG~0.00%
Published-14 Oct, 2025 | 12:27
Updated-13 Apr, 2026 | 15:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Memory safety bugs fixed in Firefox ESR 115.29, Firefox ESR 140.4, Thunderbird ESR 140.4, Firefox 144 and Thunderbird 144

Memory safety bugs present in Firefox ESR 115.28, Firefox ESR 140.3, Thunderbird ESR 140.3, Firefox 143 and Thunderbird 143. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 144, Firefox ESR 115.29, Firefox ESR 140.4, Thunderbird 144, and Thunderbird 140.4.

Action-Not Available
Vendor-Mozilla Corporation
Product-firefoxthunderbirdThunderbirdFirefox
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-125
Out-of-bounds Read
CWE ID-CWE-787
Out-of-bounds Write
CVE-2013-1723
Matching Score-6
Assigner-Mozilla Corporation
ShareView Details
Matching Score-6
Assigner-Mozilla Corporation
CVSS Score-4.3||MEDIUM
EPSS-1.80% / 82.86%
||
7 Day CHG~0.00%
Published-18 Sep, 2013 | 10:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The NativeKey widget in Mozilla Firefox before 24.0, Thunderbird before 24.0, and SeaMonkey before 2.21 processes key messages after destruction by a dispatched event listener, which allows remote attackers to cause a denial of service (application crash) by leveraging incorrect event usage after widget-memory reallocation.

Action-Not Available
Vendor-n/aMozilla Corporation
Product-thunderbirdfirefoxseamonkeyn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2013-1719
Matching Score-6
Assigner-Mozilla Corporation
ShareView Details
Matching Score-6
Assigner-Mozilla Corporation
CVSS Score-10||HIGH
EPSS-3.29% / 87.26%
||
7 Day CHG~0.00%
Published-18 Sep, 2013 | 10:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 24.0, Thunderbird before 24.0, and SeaMonkey before 2.21 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

Action-Not Available
Vendor-n/aMozilla Corporation
Product-thunderbirdfirefoxseamonkeyn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2013-1706
Matching Score-6
Assigner-Mozilla Corporation
ShareView Details
Matching Score-6
Assigner-Mozilla Corporation
CVSS Score-7.2||HIGH
EPSS-0.05% / 15.52%
||
7 Day CHG~0.00%
Published-07 Aug, 2013 | 01:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Stack-based buffer overflow in maintenanceservice.exe in the Mozilla Maintenance Service in Mozilla Firefox before 23.0, Firefox ESR 17.x before 17.0.8, Thunderbird before 17.0.8, and Thunderbird ESR 17.x before 17.0.8 allows local users to gain privileges via a long pathname on the command line.

Action-Not Available
Vendor-n/aMozilla Corporation
Product-thunderbirdfirefoxthunderbird_esrn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2013-5596
Matching Score-6
Assigner-Mozilla Corporation
ShareView Details
Matching Score-6
Assigner-Mozilla Corporation
CVSS Score-6.8||MEDIUM
EPSS-1.77% / 82.78%
||
7 Day CHG~0.00%
Published-30 Oct, 2013 | 10:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The cycle collection (CC) implementation in Mozilla Firefox before 25.0, Firefox ESR 24.x before 24.1, Thunderbird before 24.1, and SeaMonkey before 2.22 does not properly determine the thread for release of an image object, which allows remote attackers to execute arbitrary code or cause a denial of service (race condition and application crash) via a large HTML document containing IMG elements, as demonstrated by the Never-Ending Reddit on reddit.com.

Action-Not Available
Vendor-n/aMozilla Corporation
Product-thunderbirdfirefoxthunderbird_esrseamonkeyn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2018-12405
Matching Score-6
Assigner-Mozilla Corporation
ShareView Details
Matching Score-6
Assigner-Mozilla Corporation
CVSS Score-9.8||CRITICAL
EPSS-10.29% / 93.21%
||
7 Day CHG~0.00%
Published-28 Feb, 2019 | 18:00
Updated-25 Nov, 2025 | 17:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Mozilla developers and community members reported memory safety bugs present in Firefox 63 and Firefox ESR 60.3. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 60.4, Firefox ESR < 60.4, and Firefox < 64.

Action-Not Available
Vendor-Mozilla CorporationCanonical Ltd.Debian GNU/LinuxRed Hat, Inc.
Product-thunderbirdenterprise_linux_server_tusfirefoxubuntu_linuxenterprise_linux_desktopenterprise_linux_serverdebian_linuxenterprise_linux_server_eusenterprise_linux_workstationenterprise_linux_server_ausThunderbirdFirefox ESRFirefox
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
  • Previous
  • 1
  • 2
  • 3
  • 4
  • ...
  • 15
  • 16
  • Next
Details not found