Vulnerabilities (CVE)

Filtered by vendor Mozilla Subscribe
Filtered by product Firefox
Total 2525 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2024-7525 1 Mozilla 3 Firefox, Firefox Esr, Thunderbird 2024-08-12 N/A 8.1 HIGH
It was possible for a web extension with minimal permissions to create a `StreamFilter` which could be used to read and modify the response body of requests on any site. This vulnerability affects Firefox < 129, Firefox ESR < 115.14, Firefox ESR < 128.1, Thunderbird < 128.1, and Thunderbird < 115.14.
CVE-2024-7522 1 Mozilla 3 Firefox, Firefox Esr, Thunderbird 2024-08-12 N/A 8.8 HIGH
Editor code failed to check an attribute value. This could have led to an out-of-bounds read. This vulnerability affects Firefox < 129, Firefox ESR < 115.14, Firefox ESR < 128.1, Thunderbird < 128.1, and Thunderbird < 115.14.
CVE-2024-7521 1 Mozilla 3 Firefox, Firefox Esr, Thunderbird 2024-08-12 N/A 8.8 HIGH
Incomplete WebAssembly exception handing could have led to a use-after-free. This vulnerability affects Firefox < 129, Firefox ESR < 115.14, Firefox ESR < 128.1, Thunderbird < 128.1, and Thunderbird < 115.14.
CVE-2024-7520 1 Mozilla 3 Firefox, Firefox Esr, Thunderbird 2024-08-12 N/A 8.8 HIGH
A type confusion bug in WebAssembly could be leveraged by an attacker to potentially achieve code execution. This vulnerability affects Firefox < 129, Firefox ESR < 128.1, and Thunderbird < 128.1.
CVE-2024-7519 1 Mozilla 3 Firefox, Firefox Esr, Thunderbird 2024-08-12 N/A 9.6 CRITICAL
Insufficient checks when processing graphics shared memory could have led to memory corruption. This could be leveraged by an attacker to perform a sandbox escape. This vulnerability affects Firefox < 129, Firefox ESR < 115.14, Firefox ESR < 128.1, Thunderbird < 128.1, and Thunderbird < 115.14.