Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2026-8968

Summary
Assigner-mozilla
Assigner Org ID-f16b083a-5664-49f3-a51e-8d479e5ed7fe
Published At-19 May, 2026 | 12:30
Updated At-19 May, 2026 | 14:24
Rejected At-
Credits

Denial-of-service due to invalid pointer in the Audio/Video: Web Codecs component

Denial-of-service due to invalid pointer in the Audio/Video: Web Codecs component. This vulnerability was fixed in Firefox 151 and Firefox ESR 140.11.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
â–¼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mozilla
Assigner Org ID:f16b083a-5664-49f3-a51e-8d479e5ed7fe
Published At:19 May, 2026 | 12:30
Updated At:19 May, 2026 | 14:24
Rejected At:
â–¼CVE Numbering Authority (CNA)
Denial-of-service due to invalid pointer in the Audio/Video: Web Codecs component

Denial-of-service due to invalid pointer in the Audio/Video: Web Codecs component. This vulnerability was fixed in Firefox 151 and Firefox ESR 140.11.

Affected Products
Vendor
Mozilla CorporationMozilla
Product
Firefox
Versions
Unaffected
  • From 140.11 through 140.* (rpm)
  • From 151 through * (rpm)
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Tristan Madani
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://bugzilla.mozilla.org/show_bug.cgi?id=2030467
N/A
https://www.mozilla.org/security/advisories/mfsa2026-46/
N/A
https://www.mozilla.org/security/advisories/mfsa2026-48/
N/A
Hyperlink: https://bugzilla.mozilla.org/show_bug.cgi?id=2030467
Resource: N/A
Hyperlink: https://www.mozilla.org/security/advisories/mfsa2026-46/
Resource: N/A
Hyperlink: https://www.mozilla.org/security/advisories/mfsa2026-48/
Resource: N/A
â–¼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Problem Types
TypeCWE IDDescription
CWECWE-400CWE-400 Uncontrolled Resource Consumption
Type: CWE
CWE ID: CWE-400
Description: CWE-400 Uncontrolled Resource Consumption
Metrics
VersionBase scoreBase severityVector
3.17.5HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Version: 3.1
Base score: 7.5
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
â–¼National Vulnerability Database (NVD)
nvd.nist.gov
Source:security@mozilla.org
Published At:19 May, 2026 | 14:16
Updated At:19 May, 2026 | 15:16

Denial-of-service due to invalid pointer in the Audio/Video: Web Codecs component. This vulnerability was fixed in Firefox 151 and Firefox ESR 140.11.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.17.5HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Type: Secondary
Version: 3.1
Base score: 7.5
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CPE Matches
Weaknesses
CWE IDTypeSource
CWE-400Secondary134c704f-9b21-4f2e-91b3-4a467353bcc0
CWE ID: CWE-400
Type: Secondary
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://bugzilla.mozilla.org/show_bug.cgi?id=2030467security@mozilla.org
N/A
https://www.mozilla.org/security/advisories/mfsa2026-46/security@mozilla.org
N/A
https://www.mozilla.org/security/advisories/mfsa2026-48/security@mozilla.org
N/A
Hyperlink: https://bugzilla.mozilla.org/show_bug.cgi?id=2030467
Source: security@mozilla.org
Resource: N/A
Hyperlink: https://www.mozilla.org/security/advisories/mfsa2026-46/
Source: security@mozilla.org
Resource: N/A
Hyperlink: https://www.mozilla.org/security/advisories/mfsa2026-48/
Source: security@mozilla.org
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

1287Records found
CVE-2026-6780
Matching Score-10
Assigner-Mozilla Corporation
ShareView Details
Matching Score-10
Assigner-Mozilla Corporation
CVSS Score-7.5||HIGH
EPSS-0.05% / 16.34%
||
7 Day CHG~0.00%
Published-21 Apr, 2026 | 12:41
Updated-22 Apr, 2026 | 15:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Denial-of-service in the Audio/Video: Playback component

Denial-of-service in the Audio/Video: Playback component. This vulnerability was fixed in Firefox 150 and Thunderbird 150.

Action-Not Available
Vendor-Mozilla Corporation
Product-thunderbirdfirefoxFirefoxThunderbird
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2026-6781
Matching Score-10
Assigner-Mozilla Corporation
ShareView Details
Matching Score-10
Assigner-Mozilla Corporation
CVSS Score-7.5||HIGH
EPSS-0.05% / 16.34%
||
7 Day CHG~0.00%
Published-21 Apr, 2026 | 12:41
Updated-22 Apr, 2026 | 15:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Denial-of-service in the Audio/Video: Playback component

Denial-of-service in the Audio/Video: Playback component. This vulnerability was fixed in Firefox 150 and Thunderbird 150.

Action-Not Available
Vendor-Mozilla Corporation
Product-thunderbirdfirefoxFirefoxThunderbird
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2026-4704
Matching Score-10
Assigner-Mozilla Corporation
ShareView Details
Matching Score-10
Assigner-Mozilla Corporation
CVSS Score-7.5||HIGH
EPSS-0.02% / 6.05%
||
7 Day CHG~0.00%
Published-24 Mar, 2026 | 12:30
Updated-13 Apr, 2026 | 15:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Denial-of-service in the WebRTC: Signaling component

Denial-of-service in the WebRTC: Signaling component. This vulnerability was fixed in Firefox 149, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9.

Action-Not Available
Vendor-Mozilla Corporation
Product-firefoxThunderbirdFirefox
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2026-4726
Matching Score-10
Assigner-Mozilla Corporation
ShareView Details
Matching Score-10
Assigner-Mozilla Corporation
CVSS Score-7.5||HIGH
EPSS-0.02% / 3.70%
||
7 Day CHG~0.00%
Published-24 Mar, 2026 | 12:30
Updated-13 Apr, 2026 | 15:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Denial-of-service in the XML component

Denial-of-service in the XML component. This vulnerability was fixed in Firefox 149 and Thunderbird 149.

Action-Not Available
Vendor-Mozilla Corporation
Product-firefoxthunderbirdThunderbirdFirefox
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2026-4727
Matching Score-10
Assigner-Mozilla Corporation
ShareView Details
Matching Score-10
Assigner-Mozilla Corporation
CVSS Score-7.5||HIGH
EPSS-0.02% / 5.47%
||
7 Day CHG~0.00%
Published-24 Mar, 2026 | 12:30
Updated-13 Apr, 2026 | 15:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Denial-of-service in the Libraries component in NSS

Denial-of-service in the Libraries component in NSS. This vulnerability was fixed in Firefox 149 and Thunderbird 149.

Action-Not Available
Vendor-Mozilla Corporation
Product-firefoxthunderbirdThunderbirdFirefox
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2024-10466
Matching Score-10
Assigner-Mozilla Corporation
ShareView Details
Matching Score-10
Assigner-Mozilla Corporation
CVSS Score-7.5||HIGH
EPSS-0.67% / 71.55%
||
7 Day CHG~0.00%
Published-29 Oct, 2024 | 12:19
Updated-03 Nov, 2025 | 22:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

By sending a specially crafted push message, a remote server could have hung the parent process, causing the browser to become unresponsive. This vulnerability affects Firefox < 132, Firefox ESR < 128.4, Thunderbird < 128.4, and Thunderbird < 132.

Action-Not Available
Vendor-Mozilla Corporation
Product-firefoxthunderbirdFirefoxFirefox ESRThunderbirdfirefoxfirefox_esrthunderbird
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2023-5724
Matching Score-10
Assigner-Mozilla Corporation
ShareView Details
Matching Score-10
Assigner-Mozilla Corporation
CVSS Score-7.5||HIGH
EPSS-0.83% / 74.76%
||
7 Day CHG~0.00%
Published-24 Oct, 2023 | 12:47
Updated-13 Feb, 2025 | 17:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Drivers are not always robust to extremely large draw calls and in some cases this scenario could have led to a crash. This vulnerability affects Firefox < 119, Firefox ESR < 115.4, and Thunderbird < 115.4.1.

Action-Not Available
Vendor-Debian GNU/LinuxMozilla Corporation
Product-firefoxthunderbirddebian_linuxfirefox_esrFirefox ESRFirefoxThunderbird
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2025-9182
Matching Score-10
Assigner-Mozilla Corporation
ShareView Details
Matching Score-10
Assigner-Mozilla Corporation
CVSS Score-7.5||HIGH
EPSS-0.14% / 33.79%
||
7 Day CHG+0.01%
Published-19 Aug, 2025 | 20:33
Updated-13 Apr, 2026 | 15:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Denial-of-service due to out-of-memory in the Graphics: WebRender component

Denial-of-service due to out-of-memory in the Graphics: WebRender component. This vulnerability was fixed in Firefox 142, Firefox ESR 140.2, Thunderbird 142, and Thunderbird 140.2.

Action-Not Available
Vendor-Mozilla Corporation
Product-firefoxthunderbirdThunderbirdFirefox
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2026-0889
Matching Score-10
Assigner-Mozilla Corporation
ShareView Details
Matching Score-10
Assigner-Mozilla Corporation
CVSS Score-7.5||HIGH
EPSS-0.03% / 7.68%
||
7 Day CHG~0.00%
Published-13 Jan, 2026 | 13:30
Updated-13 Apr, 2026 | 15:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Denial-of-service in the DOM: Service Workers component

Denial-of-service in the DOM: Service Workers component. This vulnerability was fixed in Firefox 147 and Thunderbird 147.

Action-Not Available
Vendor-Mozilla Corporation
Product-firefoxthunderbirdThunderbirdFirefox
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2025-55029
Matching Score-10
Assigner-Mozilla Corporation
ShareView Details
Matching Score-10
Assigner-Mozilla Corporation
CVSS Score-7.5||HIGH
EPSS-0.11% / 28.79%
||
7 Day CHG-0.02%
Published-19 Aug, 2025 | 20:52
Updated-13 Apr, 2026 | 15:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Malicious scripts could spam popups for denial of service attacks

Malicious scripts could bypass the popup blocker to spam new tabs, potentially resulting in denial of service attacks. This vulnerability was fixed in Firefox for iOS 142.

Action-Not Available
Vendor-Mozilla Corporation
Product-firefoxFirefox for iOS
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2026-6773
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-7.5||HIGH
EPSS-0.05% / 16.34%
||
7 Day CHG~0.00%
Published-21 Apr, 2026 | 12:41
Updated-22 Apr, 2026 | 15:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Denial-of-service due to integer overflow in the Graphics: WebGPU component

Denial-of-service due to integer overflow in the Graphics: WebGPU component. This vulnerability was fixed in Firefox 150 and Thunderbird 150.

Action-Not Available
Vendor-Mozilla Corporation
Product-thunderbirdfirefoxFirefoxThunderbird
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2026-6758
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-7.5||HIGH
EPSS-0.05% / 16.34%
||
7 Day CHG~0.00%
Published-21 Apr, 2026 | 12:40
Updated-22 Apr, 2026 | 15:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Use-after-free in the JavaScript: WebAssembly component

Use-after-free in the JavaScript: WebAssembly component. This vulnerability was fixed in Firefox 150 and Thunderbird 150.

Action-Not Available
Vendor-Mozilla Corporation
Product-thunderbirdfirefoxFirefoxThunderbird
CWE ID-CWE-416
Use After Free
CVE-2026-6754
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-7.5||HIGH
EPSS-0.06% / 19.58%
||
7 Day CHG~0.00%
Published-21 Apr, 2026 | 12:40
Updated-22 Apr, 2026 | 15:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Use-after-free in the JavaScript Engine component

Use-after-free in the JavaScript Engine component. This vulnerability was fixed in Firefox 150, Firefox ESR 115.35, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10.

Action-Not Available
Vendor-Mozilla Corporation
Product-thunderbirdfirefoxFirefoxThunderbird
CWE ID-CWE-416
Use After Free
CVE-2026-6747
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-7.5||HIGH
EPSS-0.06% / 19.17%
||
7 Day CHG~0.00%
Published-21 Apr, 2026 | 12:40
Updated-22 Apr, 2026 | 15:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Use-after-free in the WebRTC component

Use-after-free in the WebRTC component. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10.

Action-Not Available
Vendor-Mozilla Corporation
Product-thunderbirdfirefoxFirefoxThunderbird
CWE ID-CWE-416
Use After Free
CVE-2026-4695
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-7.5||HIGH
EPSS-0.02% / 6.05%
||
7 Day CHG~0.00%
Published-24 Mar, 2026 | 12:30
Updated-07 May, 2026 | 14:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Incorrect boundary conditions in the Audio/Video: Web Codecs component

Incorrect boundary conditions in the Audio/Video: Web Codecs component. This vulnerability was fixed in Firefox 149, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9.

Action-Not Available
Vendor-Mozilla Corporation
Product-firefoxFirefoxThunderbird
CWE ID-CWE-754
Improper Check for Unusual or Exceptional Conditions
CVE-2026-4713
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-7.5||HIGH
EPSS-0.02% / 6.19%
||
7 Day CHG~0.00%
Published-24 Mar, 2026 | 12:30
Updated-13 Apr, 2026 | 15:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Incorrect boundary conditions in the Graphics component

Incorrect boundary conditions in the Graphics component. This vulnerability was fixed in Firefox 149, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9.

Action-Not Available
Vendor-Mozilla Corporation
Product-firefoxThunderbirdFirefox
CWE ID-CWE-754
Improper Check for Unusual or Exceptional Conditions
CVE-2026-4686
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-7.5||HIGH
EPSS-0.03% / 7.35%
||
7 Day CHG~0.00%
Published-24 Mar, 2026 | 12:30
Updated-07 May, 2026 | 14:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Incorrect boundary conditions in the Graphics: Canvas2D component

Incorrect boundary conditions in the Graphics: Canvas2D component. This vulnerability was fixed in Firefox 149, Firefox ESR 115.34, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9.

Action-Not Available
Vendor-Mozilla Corporation
Product-firefoxFirefoxThunderbird
CWE ID-CWE-754
Improper Check for Unusual or Exceptional Conditions
CVE-2026-4706
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-7.5||HIGH
EPSS-0.03% / 7.35%
||
7 Day CHG~0.00%
Published-24 Mar, 2026 | 12:30
Updated-13 Apr, 2026 | 15:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Incorrect boundary conditions in the Graphics: Canvas2D component

Incorrect boundary conditions in the Graphics: Canvas2D component. This vulnerability was fixed in Firefox 149, Firefox ESR 115.34, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9.

Action-Not Available
Vendor-Mozilla Corporation
Product-firefoxThunderbirdFirefox
CWE ID-CWE-754
Improper Check for Unusual or Exceptional Conditions
CVE-2026-4719
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-7.5||HIGH
EPSS-0.02% / 6.19%
||
7 Day CHG~0.00%
Published-24 Mar, 2026 | 12:30
Updated-13 Apr, 2026 | 15:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Incorrect boundary conditions in the Graphics: Text component

Incorrect boundary conditions in the Graphics: Text component. This vulnerability was fixed in Firefox 149, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9.

Action-Not Available
Vendor-Mozilla Corporation
Product-firefoxThunderbirdFirefox
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-754
Improper Check for Unusual or Exceptional Conditions
CVE-2026-4709
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-7.5||HIGH
EPSS-0.03% / 7.35%
||
7 Day CHG~0.00%
Published-24 Mar, 2026 | 12:30
Updated-13 Apr, 2026 | 15:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Incorrect boundary conditions in the Audio/Video: GMP component

Incorrect boundary conditions in the Audio/Video: GMP component. This vulnerability was fixed in Firefox 149, Firefox ESR 115.34, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9.

Action-Not Available
Vendor-Mozilla Corporation
Product-firefoxThunderbirdFirefox
CWE ID-CWE-754
Improper Check for Unusual or Exceptional Conditions
CVE-2026-4697
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-7.5||HIGH
EPSS-0.02% / 6.05%
||
7 Day CHG~0.00%
Published-24 Mar, 2026 | 12:30
Updated-07 May, 2026 | 14:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Incorrect boundary conditions in the Audio/Video: Web Codecs component

Incorrect boundary conditions in the Audio/Video: Web Codecs component. This vulnerability was fixed in Firefox 149, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9.

Action-Not Available
Vendor-Mozilla Corporation
Product-firefoxFirefoxThunderbird
CWE ID-CWE-754
Improper Check for Unusual or Exceptional Conditions
CVE-2026-4693
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-7.5||HIGH
EPSS-0.03% / 7.35%
||
7 Day CHG~0.00%
Published-24 Mar, 2026 | 12:30
Updated-07 May, 2026 | 14:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Incorrect boundary conditions in the Audio/Video: Playback component

Incorrect boundary conditions in the Audio/Video: Playback component. This vulnerability was fixed in Firefox 149, Firefox ESR 115.34, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9.

Action-Not Available
Vendor-Mozilla Corporation
Product-firefoxFirefoxThunderbird
CWE ID-CWE-754
Improper Check for Unusual or Exceptional Conditions
CVE-2026-4714
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-7.5||HIGH
EPSS-0.02% / 6.19%
||
7 Day CHG~0.00%
Published-24 Mar, 2026 | 12:30
Updated-13 Apr, 2026 | 15:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Incorrect boundary conditions in the Audio/Video component

Incorrect boundary conditions in the Audio/Video component. This vulnerability was fixed in Firefox 149, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9.

Action-Not Available
Vendor-Mozilla Corporation
Product-firefoxThunderbirdFirefox
CWE ID-CWE-754
Improper Check for Unusual or Exceptional Conditions
CVE-2026-4699
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-7.5||HIGH
EPSS-0.03% / 7.35%
||
7 Day CHG~0.00%
Published-24 Mar, 2026 | 12:30
Updated-12 May, 2026 | 16:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Incorrect boundary conditions in the Layout: Text and Fonts component

Incorrect boundary conditions in the Layout: Text and Fonts component. This vulnerability was fixed in Firefox 149, Firefox ESR 115.34, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9.

Action-Not Available
Vendor-Mozilla Corporation
Product-firefoxFirefoxThunderbird
CWE ID-CWE-754
Improper Check for Unusual or Exceptional Conditions
CVE-2026-4707
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-7.5||HIGH
EPSS-0.02% / 5.17%
||
7 Day CHG~0.00%
Published-24 Mar, 2026 | 12:30
Updated-13 Apr, 2026 | 15:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Incorrect boundary conditions in the Graphics: Canvas2D component

Incorrect boundary conditions in the Graphics: Canvas2D component. This vulnerability was fixed in Firefox 149, Firefox ESR 115.34, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9.

Action-Not Available
Vendor-Mozilla Corporation
Product-firefoxThunderbirdFirefox
CWE ID-CWE-754
Improper Check for Unusual or Exceptional Conditions
CVE-2026-4694
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-7.5||HIGH
EPSS-0.02% / 6.34%
||
7 Day CHG~0.00%
Published-24 Mar, 2026 | 12:30
Updated-07 May, 2026 | 14:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Incorrect boundary conditions, integer overflow in the Graphics component

Incorrect boundary conditions, integer overflow in the Graphics component. This vulnerability was fixed in Firefox 149, Firefox ESR 115.34, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9.

Action-Not Available
Vendor-Mozilla Corporation
Product-firefoxthunderbirdFirefoxThunderbird
CWE ID-CWE-754
Improper Check for Unusual or Exceptional Conditions
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2026-6746
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-7.5||HIGH
EPSS-0.06% / 19.58%
||
7 Day CHG~0.00%
Published-21 Apr, 2026 | 12:40
Updated-22 Apr, 2026 | 15:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Use-after-free in the DOM: Core & HTML component

Use-after-free in the DOM: Core & HTML component. This vulnerability was fixed in Firefox 150, Firefox ESR 115.35, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10.

Action-Not Available
Vendor-Mozilla Corporation
Product-thunderbirdfirefoxFirefoxThunderbird
CWE ID-CWE-416
Use After Free
CVE-2026-6759
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-7.5||HIGH
EPSS-0.06% / 19.17%
||
7 Day CHG~0.00%
Published-21 Apr, 2026 | 12:40
Updated-22 Apr, 2026 | 16:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Use-after-free in the Widget: Cocoa component

Use-after-free in the Widget: Cocoa component. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10.

Action-Not Available
Vendor-Mozilla Corporation
Product-thunderbirdfirefoxFirefoxThunderbird
CWE ID-CWE-416
Use After Free
CVE-2026-4685
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-7.5||HIGH
EPSS-0.03% / 7.35%
||
7 Day CHG~0.00%
Published-24 Mar, 2026 | 12:30
Updated-07 May, 2026 | 14:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Incorrect boundary conditions in the Graphics: Canvas2D component

Incorrect boundary conditions in the Graphics: Canvas2D component. This vulnerability was fixed in Firefox 149, Firefox ESR 115.34, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9.

Action-Not Available
Vendor-Mozilla Corporation
Product-firefoxFirefoxThunderbird
CWE ID-CWE-754
Improper Check for Unusual or Exceptional Conditions
CVE-2026-4708
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-7.5||HIGH
EPSS-0.02% / 6.19%
||
7 Day CHG~0.00%
Published-24 Mar, 2026 | 12:30
Updated-13 Apr, 2026 | 15:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Incorrect boundary conditions in the Graphics component

Incorrect boundary conditions in the Graphics component. This vulnerability was fixed in Firefox 149, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9.

Action-Not Available
Vendor-Mozilla Corporation
Product-firefoxThunderbirdFirefox
CWE ID-CWE-754
Improper Check for Unusual or Exceptional Conditions
CVE-2026-2801
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-7.5||HIGH
EPSS-0.06% / 18.57%
||
7 Day CHG~0.00%
Published-24 Feb, 2026 | 13:33
Updated-13 Apr, 2026 | 15:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Incorrect boundary conditions in the JavaScript: WebAssembly component

Incorrect boundary conditions in the JavaScript: WebAssembly component. This vulnerability was fixed in Firefox 148 and Thunderbird 148.

Action-Not Available
Vendor-Mozilla Corporation
Product-firefoxthunderbirdThunderbirdFirefox
CWE ID-CWE-754
Improper Check for Unusual or Exceptional Conditions
CVE-2025-1931
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-7.5||HIGH
EPSS-0.39% / 59.95%
||
7 Day CHG~0.00%
Published-04 Mar, 2025 | 13:31
Updated-13 Apr, 2026 | 15:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Use-after-free in WebTransportChild

It was possible to cause a use-after-free in the content process side of a WebTransport connection, leading to a potentially exploitable crash. This vulnerability was fixed in Firefox 136, Firefox ESR 115.21, Firefox ESR 128.8, Thunderbird 136, and Thunderbird 128.8.

Action-Not Available
Vendor-Mozilla Corporation
Product-firefoxthunderbirdThunderbirdFirefox
CWE ID-CWE-416
Use After Free
CVE-2026-8949
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-7.5||HIGH
EPSS-Not Assigned
Published-19 May, 2026 | 12:29
Updated-19 May, 2026 | 15:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Integer overflow in the Widget: Win32 component

Integer overflow in the Widget: Win32 component. This vulnerability was fixed in Firefox 151 and Firefox ESR 140.11.

Action-Not Available
Vendor-Mozilla Corporation
Product-Firefox
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2024-10464
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-7.5||HIGH
EPSS-0.52% / 67.12%
||
7 Day CHG~0.00%
Published-29 Oct, 2024 | 12:19
Updated-03 Nov, 2025 | 22:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Repeated writes to history interface attributes could have been used to cause a Denial of Service condition in the browser. This was addressed by introducing rate-limiting to this API. This vulnerability affects Firefox < 132, Firefox ESR < 128.4, Thunderbird < 128.4, and Thunderbird < 132.

Action-Not Available
Vendor-Mozilla Corporation
Product-firefoxthunderbirdFirefoxFirefox ESRThunderbirdfirefoxfirefox_esrthunderbird
CWE ID-CWE-125
Out-of-bounds Read
CVE-2024-10459
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.71% / 72.45%
||
7 Day CHG~0.00%
Published-29 Oct, 2024 | 12:19
Updated-03 Nov, 2025 | 22:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An attacker could have caused a use-after-free when accessibility was enabled, leading to a potentially exploitable crash. This vulnerability affects Firefox < 132, Firefox ESR < 128.4, Firefox ESR < 115.17, Thunderbird < 128.4, and Thunderbird < 132.

Action-Not Available
Vendor-Mozilla Corporation
Product-firefoxthunderbirdFirefoxFirefox ESRThunderbird
CWE ID-CWE-416
Use After Free
CVE-2024-0743
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-7.5||HIGH
EPSS-1.57% / 81.74%
||
7 Day CHG~0.00%
Published-23 Jan, 2024 | 13:48
Updated-03 Nov, 2025 | 22:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An unchecked return value in TLS handshake code could have caused a potentially exploitable crash. This vulnerability affects Firefox < 122, Firefox ESR < 115.9, and Thunderbird < 115.9.

Action-Not Available
Vendor-Mozilla Corporation
Product-firefoxFirefoxFirefox ESRThunderbird
CWE ID-CWE-252
Unchecked Return Value
CVE-2023-5728
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-7.5||HIGH
EPSS-0.53% / 67.17%
||
7 Day CHG~0.00%
Published-24 Oct, 2023 | 12:47
Updated-13 Feb, 2025 | 17:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

During garbage collection extra operations were performed on a object that should not be. This could have led to a potentially exploitable crash. This vulnerability affects Firefox < 119, Firefox ESR < 115.4, and Thunderbird < 115.4.1.

Action-Not Available
Vendor-Debian GNU/LinuxMozilla Corporation
Product-firefoxthunderbirddebian_linuxfirefox_esrFirefox ESRFirefoxThunderbird
CWE ID-CWE-416
Use After Free
CVE-2024-9399
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-7.5||HIGH
EPSS-0.26% / 49.34%
||
7 Day CHG~0.00%
Published-01 Oct, 2024 | 15:13
Updated-14 Mar, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A website configured to initiate a specially crafted WebTransport session could crash the Firefox process leading to a denial of service condition. This vulnerability affects Firefox < 131, Firefox ESR < 128.3, Thunderbird < 128.3, and Thunderbird < 131.

Action-Not Available
Vendor-Mozilla Corporation
Product-thunderbirdfirefoxFirefoxThunderbirdFirefox ESR
CWE ID-CWE-404
Improper Resource Shutdown or Release
CVE-2016-5285
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-7.5||HIGH
EPSS-1.63% / 82.07%
||
7 Day CHG~0.00%
Published-15 Nov, 2019 | 15:44
Updated-06 Aug, 2024 | 00:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A Null pointer dereference vulnerability exists in Mozilla Network Security Services due to a missing NULL check in PK11_SignWithSymKey / ssl3_ComputeRecordMACConstantTime, which could let a remote malicious user cause a Denial of Service.

Action-Not Available
Vendor-SUSEDebian GNU/LinuxRed Hat, Inc.Mozilla CorporationAvaya LLC
Product-call_management_systemlinux_enterprise_serveraura_application_server_5300cs1000e\/cs1000m_signaling_server_firmwareaura_communication_managermessage_networkingcs1000m_firmwareproactive_contactiqcs1000e_firmwareaura_system_platformbreeze_platformaura_application_enablement_servicesaura_system_platform_firmwareaura_communication_manager_messagintone-x_client_enablement_servicesip_officeaura_system_manageraura_utility_servicesaura_conferencingaura_experience_portalaura_session_managersession_border_controller_for_enterpriseenterprise_linuxcs1000msession_border_controller_for_enterprise_firmwaremeeting_exchangecs1000edebian_linuxaura_messagingcs1000e\/cs1000m_signaling_servernssNetwork Security Services
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2024-7652
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-7.5||HIGH
EPSS-0.28% / 51.09%
||
7 Day CHG~0.00%
Published-06 Sep, 2024 | 18:18
Updated-30 Oct, 2025 | 16:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Type Confusion in Async Generators in Javascript Engine

An error in the ECMA-262 specification relating to Async Generators could have resulted in a type confusion, potentially leading to memory corruption and an exploitable crash. This vulnerability affects Firefox < 128, Firefox ESR < 115.13, Thunderbird < 115.13, and Thunderbird < 128.

Action-Not Available
Vendor-Mozilla Corporation
Product-thunderbirdfirefoxFirefoxFirefox ESRThunderbirdfirefoxfirefox_esrthunderbird
CWE ID-CWE-476
NULL Pointer Dereference
CWE ID-CWE-843
Access of Resource Using Incompatible Type ('Type Confusion')
CVE-2021-38498
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-7.5||HIGH
EPSS-0.70% / 72.20%
||
7 Day CHG~0.00%
Published-03 Nov, 2021 | 00:03
Updated-04 Aug, 2024 | 01:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

During process shutdown, a document could have caused a use-after-free of a languages service object, leading to memory corruption and a potentially exploitable crash. This vulnerability affects Firefox < 93, Thunderbird < 91.2, and Firefox ESR < 91.2.

Action-Not Available
Vendor-Mozilla Corporation
Product-firefoxthunderbirdfirefox_esrFirefoxFirefox ESRThunderbird
CWE ID-CWE-416
Use After Free
CVE-2024-5702
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-7.5||HIGH
EPSS-1.07% / 77.92%
||
7 Day CHG~0.00%
Published-11 Jun, 2024 | 12:40
Updated-04 Apr, 2025 | 14:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Memory corruption in the networking stack could have led to a potentially exploitable crash. This vulnerability affects Firefox < 125, Firefox ESR < 115.12, and Thunderbird < 115.12.

Action-Not Available
Vendor-Mozilla Corporation
Product-thunderbirdfirefoxFirefoxFirefox ESRThunderbirdfirefoxthunderbirdfirefox_esr
CWE ID-CWE-416
Use After Free
CVE-2020-15681
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-7.5||HIGH
EPSS-0.43% / 63.02%
||
7 Day CHG~0.00%
Published-22 Oct, 2020 | 20:32
Updated-04 Aug, 2024 | 13:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

When multiple WASM threads had a reference to a module, and were looking up exported functions, one WASM thread could have overwritten another's entry in a shared stub table, resulting in a potentially exploitable crash. This vulnerability affects Firefox < 82.

Action-Not Available
Vendor-Mozilla Corporation
Product-firefoxFirefox
CVE-2020-6817
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-7.5||HIGH
EPSS-0.58% / 69.12%
||
7 Day CHG~0.00%
Published-16 Feb, 2023 | 00:00
Updated-19 Mar, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

bleach.clean behavior parsing style attributes could result in a regular expression denial of service (ReDoS). Calls to bleach.clean with an allowed tag with an allowed style attribute are vulnerable to ReDoS. For example, bleach.clean(..., attributes={'a': ['style']}).

Action-Not Available
Vendor-Mozilla Corporation
Product-bleachMozilla Bleach
CWE ID-CWE-1333
Inefficient Regular Expression Complexity
CVE-2024-4773
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-7.5||HIGH
EPSS-0.39% / 59.97%
||
7 Day CHG~0.00%
Published-14 May, 2024 | 17:21
Updated-04 Apr, 2025 | 14:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

When a network error occurred during page load, the prior content could have remained in view with a blank URL bar. This could have been used to obfuscate a spoofed web site. This vulnerability affects Firefox < 126.

Action-Not Available
Vendor-Mozilla Corporation
Product-firefoxFirefoxfirefox
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CVE-2019-17007
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-7.5||HIGH
EPSS-0.27% / 50.73%
||
7 Day CHG~0.00%
Published-22 Oct, 2020 | 20:28
Updated-05 Aug, 2024 | 01:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Network Security Services before 3.44, a malformed Netscape Certificate Sequence can cause NSS to crash, resulting in a denial of service.

Action-Not Available
Vendor-Mozilla CorporationSiemens AG
Product-ruggedcom_rox_rx1511ruggedcom_rox_rx1512_firmwareruggedcom_rox_rx1512network_security_servicesruggedcom_rox_mx5000_firmwareruggedcom_rox_rx1511_firmwareruggedcom_rox_rx1510ruggedcom_rox_rx1500_firmwareruggedcom_rox_rx1400ruggedcom_rox_rx1501ruggedcom_rox_rx1500ruggedcom_rox_rx1510_firmwareruggedcom_rox_rx5000ruggedcom_rox_mx5000ruggedcom_rox_rx1400_firmwareruggedcom_rox_rx1501_firmwareruggedcom_rox_rx5000_firmwareNSS
CWE ID-CWE-295
Improper Certificate Validation
CVE-2019-11706
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-7.5||HIGH
EPSS-4.02% / 88.57%
||
7 Day CHG~0.00%
Published-23 Jul, 2019 | 13:20
Updated-04 Aug, 2024 | 23:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A flaw in Thunderbird's implementation of iCal causes a type confusion in icaltimezone_get_vtimezone_properties when processing certain email messages, resulting in a crash. This vulnerability affects Thunderbird < 60.7.1.

Action-Not Available
Vendor-Mozilla Corporation
Product-thunderbirdThunderbird
CWE ID-CWE-843
Access of Resource Using Incompatible Type ('Type Confusion')
CVE-2023-4050
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-7.5||HIGH
EPSS-3.40% / 87.55%
||
7 Day CHG~0.00%
Published-01 Aug, 2023 | 14:58
Updated-13 Feb, 2025 | 17:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In some cases, an untrusted input stream was copied to a stack buffer without checking its size. This resulted in a potentially exploitable crash which could have led to a sandbox escape. This vulnerability affects Firefox < 116, Firefox ESR < 102.14, and Firefox ESR < 115.1.

Action-Not Available
Vendor-Debian GNU/LinuxMozilla Corporation
Product-firefoxdebian_linuxFirefox ESRFirefoxfirefoxfirefox_esr
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-4048
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-7.5||HIGH
EPSS-0.31% / 54.06%
||
7 Day CHG~0.00%
Published-01 Aug, 2023 | 14:57
Updated-13 Feb, 2025 | 17:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An out-of-bounds read could have led to an exploitable crash when parsing HTML with DOMParser in low memory situations. This vulnerability affects Firefox < 116, Firefox ESR < 102.14, and Firefox ESR < 115.1.

Action-Not Available
Vendor-Debian GNU/LinuxMozilla Corporation
Product-firefoxdebian_linuxFirefox ESRFirefoxfirefoxfirefox_esr
CWE ID-CWE-125
Out-of-bounds Read
CVE-2023-32209
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-7.5||HIGH
EPSS-0.19% / 40.61%
||
7 Day CHG~0.00%
Published-19 Jun, 2023 | 09:36
Updated-27 May, 2025 | 16:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A maliciously crafted favicon could have led to an out of memory crash. This vulnerability affects Firefox < 113.

Action-Not Available
Vendor-Mozilla Corporation
Product-firefoxFirefox
CWE ID-CWE-787
Out-of-bounds Write
  • Previous
  • 1
  • 2
  • 3
  • ...
  • 25
  • 26
  • Next
Details not found