Total
1634 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-6613 | 1 Mozilla | 2 Firefox, Thunderbird | 2025-04-04 | N/A | 5.5 MEDIUM |
|
The frame iterator could get stuck in a loop when encountering certain wasm frames leading to incorrect stack traces. This vulnerability affects Firefox < 128 and Thunderbird < 128.
|
|||||
| CVE-2024-6614 | 1 Mozilla | 2 Firefox, Thunderbird | 2025-04-04 | N/A | 4.3 MEDIUM |
|
The frame iterator could get stuck in a loop when encountering certain wasm frames leading to incorrect stack traces. This vulnerability affects Firefox < 128 and Thunderbird < 128.
|
|||||
| CVE-2024-6615 | 1 Mozilla | 2 Firefox, Thunderbird | 2025-04-04 | N/A | 8.8 HIGH |
|
Memory safety bugs present in Firefox 127 and Thunderbird 127. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 128 and Thunderbird < 128.
|
|||||
| CVE-2024-5702 | 1 Mozilla | 2 Firefox, Thunderbird | 2025-04-04 | N/A | 7.5 HIGH |
|
Memory corruption in the networking stack could have led to a potentially exploitable crash. This vulnerability affects Firefox < 125, Firefox ESR < 115.12, and Thunderbird < 115.12.
|
|||||
| CVE-2024-5700 | 1 Mozilla | 2 Firefox, Thunderbird | 2025-04-04 | N/A | 7.0 HIGH |
|
Memory safety bugs present in Firefox 126, Firefox ESR 115.11, and Thunderbird 115.11. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 127, Firefox ESR < 115.12, and Thunderbird < 115.12.
|
|||||
| CVE-2024-9396 | 1 Mozilla | 2 Firefox, Thunderbird | 2025-04-04 | N/A | 8.8 HIGH |
|
It is currently unknown if this issue is exploitable but a condition may arise where the structured clone of certain objects could lead to memory corruption. This vulnerability affects Firefox < 131, Firefox ESR < 128.3, Thunderbird < 128.3, and Thunderbird < 131.
|
|||||
| CVE-2024-9400 | 1 Mozilla | 2 Firefox, Thunderbird | 2025-04-04 | N/A | 8.8 HIGH |
|
A potential memory corruption vulnerability could be triggered if an attacker had the ability to trigger an OOM at a specific moment during JIT compilation. This vulnerability affects Firefox < 131, Firefox ESR < 128.3, Thunderbird < 128.3, and Thunderbird < 131.
|
|||||
| CVE-2024-9402 | 1 Mozilla | 2 Firefox, Thunderbird | 2025-04-04 | N/A | 9.8 CRITICAL |
|
Memory safety bugs present in Firefox 130, Firefox ESR 128.2, and Thunderbird 128.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 131, Firefox ESR < 128.3, Thunderbird < 128.3, and Thunderbird < 131.
|
|||||
| CVE-2024-7652 | 1 Mozilla | 2 Firefox, Thunderbird | 2025-04-04 | N/A | 7.5 HIGH |
|
An error in the ECMA-262 specification relating to Async Generators could have resulted in a type confusion, potentially leading to memory corruption and an exploitable crash. This vulnerability affects Firefox < 128, Firefox ESR < 115.13, Thunderbird < 115.13, and Thunderbird < 128.
|
|||||
| CVE-2025-0247 | 1 Mozilla | 2 Firefox, Thunderbird | 2025-04-03 | N/A | 9.8 CRITICAL |
|
Memory safety bugs present in Firefox 133 and Thunderbird 133. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 134 and Thunderbird < 134.
|
|||||
| CVE-2024-11700 | 1 Mozilla | 2 Firefox, Thunderbird | 2025-04-03 | N/A | 8.1 HIGH |
|
Malicious websites may have been able to perform user intent confirmation through tapjacking. This could have led to users unknowingly approving the launch of external applications, potentially exposing them to underlying vulnerabilities. This vulnerability affects Firefox < 133 and Thunderbird < 133.
|
|||||
| CVE-2024-11693 | 1 Mozilla | 2 Firefox, Thunderbird | 2025-04-03 | N/A | 9.8 CRITICAL |
|
The executable file warning was not presented when downloading .library-ms files.
*Note: This issue only affected Windows operating systems. Other operating systems are unaffected.* This vulnerability affects Firefox < 133, Firefox ESR < 128.5, Thunderbird < 133, and Thunderbird < 128.5.
|
|||||
| CVE-2025-1943 | 1 Mozilla | 2 Firefox, Thunderbird | 2025-04-03 | N/A | 8.2 HIGH |
|
Memory safety bugs present in Firefox 135 and Thunderbird 135. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 136 and Thunderbird < 136.
|
|||||
| CVE-2025-26695 | 1 Mozilla | 1 Thunderbird | 2025-04-03 | N/A | 5.3 MEDIUM |
|
When requesting an OpenPGP key from a WKD server, an incorrect padding size was used and a network observer could have learned the length of the requested email address. This vulnerability affects Thunderbird < 136 and Thunderbird < 128.8.
|
|||||
| CVE-2025-26696 | 1 Mozilla | 1 Thunderbird | 2025-04-03 | N/A | 7.0 HIGH |
|
Certain crafted MIME email messages that claimed to contain an encrypted OpenPGP message, which instead contained an OpenPGP signed message, were wrongly shown as being encrypted. This vulnerability affects Thunderbird < 136 and Thunderbird < 128.8.
|
|||||
| CVE-2004-0765 | 1 Mozilla | 3 Firefox, Mozilla, Thunderbird | 2025-04-03 | 7.5 HIGH | N/A |
|
The cert_TestHostName function in Mozilla before 1.7, Firefox before 0.9, and Thunderbird before 0.7, only checks the hostname portion of a certificate when the hostname portion of the URI is not a fully qualified domain name (FQDN), which allows remote attackers to spoof trusted certificates.
|
|||||
| CVE-2004-1449 | 2 Firebirdsql, Mozilla | 3 Firebird, Mozilla, Thunderbird | 2025-04-03 | 2.6 LOW | N/A |
|
Mozilla before 1.7, Firefox before 0.9, and Thunderbird before 0.7 allows remote attackers to determine the location of files on a user's hard drive by obscuring a file upload control and tricking the user into dragging text into that control.
|
|||||
| CVE-2004-0903 | 4 Conectiva, Mozilla, Redhat and 1 more | 9 Linux, Mozilla, Thunderbird and 6 more | 2025-04-03 | 10.0 HIGH | N/A |
|
Stack-based buffer overflow in the writeGroup function in nsVCardObj.cpp for Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 allows remote attackers to execute arbitrary code via malformed VCard attachments that are not properly handled when previewing a message.
|
|||||
| CVE-2006-3807 | 1 Mozilla | 3 Firefox, Seamonkey, Thunderbird | 2025-04-03 | 7.5 HIGH | N/A |
|
Mozilla Firefox before 1.5.0.5, Thunderbird before 1.5.0.5, and SeaMonkey before 1.0.3 allows remote attackers to execute arbitrary code via script that changes the standard Object() constructor to return a reference to a privileged object and calling "named JavaScript functions" that use the constructor.
|
|||||
| CVE-2006-2779 | 1 Mozilla | 2 Firefox, Thunderbird | 2025-04-03 | 9.3 HIGH | N/A |
|
Mozilla Firefox and Thunderbird before 1.5.0.4 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via (1) nested <option> tags in a select tag, (2) a DOMNodeRemoved mutation event, (3) "Content-implemented tree views," (4) BoxObjects, (5) the XBL implementation, (6) an iframe that attempts to remove itself, which leads to memory corruption.
|
|||||
| CVE-2006-2776 | 1 Mozilla | 2 Firefox, Thunderbird | 2025-04-03 | 7.5 HIGH | N/A |
|
Certain privileged UI code in Mozilla Firefox and Thunderbird before 1.5.0.4 calls content-defined setters on an object prototype, which allows remote attackers to execute code at a higher privilege than intended.
|
|||||
| CVE-2006-0836 | 1 Mozilla | 1 Thunderbird | 2025-04-03 | 2.6 LOW | N/A |
|
Mozilla Thunderbird 1.5 allows user-assisted attackers to cause an unspecified denial of service by tricking the user into importing an LDIF file with a long field into the address book, as demonstrated by a long homePhone field.
|
|||||
| CVE-2006-3810 | 1 Mozilla | 3 Firefox, Seamonkey, Thunderbird | 2025-04-03 | 6.8 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in Mozilla Firefox 1.5 before 1.5.0.5, Thunderbird before 1.5.0.5, and SeaMonkey before 1.0.3 allows remote attackers to inject arbitrary web script or HTML via the XPCNativeWrapper(window).Function construct.
|
|||||
| CVE-2005-2602 | 1 Mozilla | 2 Firefox, Thunderbird | 2025-04-03 | 2.6 LOW | N/A |
|
Mozilla Thunderbird 1.0 and Firefox 1.0.6 allows remote attackers to obfuscate URIs via a long URI, which causes the address bar to go blank and could facilitate phishing attacks.
|
|||||
| CVE-2006-0748 | 1 Mozilla | 3 Firefox, Seamonkey, Thunderbird | 2025-04-03 | 9.3 HIGH | N/A |
|
Mozilla Firefox and Thunderbird 1.x before 1.5.0.2 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0.1 allows remote attackers to execute arbitrary code via "an invalid and non-sensical ordering of table-related tags" that results in a negative array index.
|
|||||
| CVE-2006-1742 | 1 Mozilla | 4 Firefox, Mozilla Suite, Seamonkey and 1 more | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The JavaScript engine in Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 does not properly handle temporary variables that are not garbage collected, which might allow remote attackers to trigger operations on freed memory and cause memory corruption.
|
|||||
| CVE-2006-0297 | 1 Mozilla | 3 Firefox, Seamonkey, Thunderbird | 2025-04-03 | 5.1 MEDIUM | N/A |
|
Multiple integer overflows in Mozilla Firefox 1.5, Thunderbird 1.5 if Javascript is enabled in mail, and SeaMonkey before 1.0 might allow remote attackers to execute arbitrary code via the (1) EscapeAttributeValue in jsxml.c for E4X, (2) nsSVGCairoSurface::Init in SVG, and (3) nsCanvasRenderingContext2D.cpp in Canvas.
|
|||||
| CVE-2006-2787 | 1 Mozilla | 2 Firefox, Thunderbird | 2025-04-03 | 9.3 HIGH | N/A |
|
EvalInSandbox in Mozilla Firefox and Thunderbird before 1.5.0.4 allows remote attackers to gain privileges via javascript that calls the valueOf method on objects that were created outside of the sandbox.
|
|||||
| CVE-2006-0295 | 1 Mozilla | 3 Firefox, Seamonkey, Thunderbird | 2025-04-03 | 5.1 MEDIUM | N/A |
|
Mozilla Firefox 1.5, Thunderbird 1.5 if Javascript is enabled in mail, and SeaMonkey before 1.0 might allow remote attackers to execute arbitrary code via the QueryInterface method of the built-in Location and Navigator objects, which leads to memory corruption.
|
|||||
| CVE-2006-1730 | 1 Mozilla | 4 Firefox, Mozilla Suite, Seamonkey and 1 more | 2025-04-03 | 9.3 HIGH | N/A |
|
Integer overflow in Mozilla Firefox and Thunderbird 1.x before 1.5.0.2 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0.1 allows remote attackers to execute arbitrary code via a large number in the CSS letter-spacing property that leads to a heap-based buffer overflow.
|
|||||
| CVE-2006-1727 | 2 Canonical, Mozilla | 5 Ubuntu Linux, Firefox, Mozilla Suite and 2 more | 2025-04-03 | 7.6 HIGH | N/A |
|
Unspecified vulnerability in Mozilla Firefox and Thunderbird 1.x before 1.5.0.2 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0.1 allows remote attackers to gain chrome privileges via multiple attack vectors related to the use of XBL scripts with "Print Preview".
|
|||||
| CVE-2006-4566 | 1 Mozilla | 3 Firefox, Seamonkey, Thunderbird | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Mozilla Firefox before 1.5.0.7, Thunderbird before 1.5.0.7, and SeaMonkey before 1.0.5 allows remote attackers to cause a denial of service (crash) via a malformed JavaScript regular expression that ends with a backslash in an unterminated character set ("[\\"), which leads to a buffer over-read.
|
|||||
| CVE-2006-2775 | 1 Mozilla | 2 Firefox, Thunderbird | 2025-04-03 | 7.5 HIGH | N/A |
|
Mozilla Firefox and Thunderbird before 1.5.0.4 associates XUL attributes with the wrong URL under certain unspecified circumstances, which might allow remote attackers to bypass restrictions by causing a persisted string to be associated with the wrong URL.
|
|||||
| CVE-2006-0299 | 1 Mozilla | 3 Firefox, Seamonkey, Thunderbird | 2025-04-03 | 6.4 MEDIUM | N/A |
|
The E4X implementation in Mozilla Firefox before 1.5.0.1, Thunderbird 1.5 if running Javascript in mail, and SeaMonkey before 1.0 exposes the internal "AnyName" object to external interfaces, which allows multiple cooperating domains to exchange information in violation of the same origin restrictions.
|
|||||
| CVE-2004-2226 | 1 Mozilla | 1 Thunderbird | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Mozilla Mail 1.7.1 and 1.7.3, and Thunderbird before 0.9, when HTML-Mails is enabled, allows remote attackers to determine valid e-mail addresses via an HTML e-mail that references a Cascading Style Sheets (CSS) document on the attacker's server.
|
|||||
| CVE-2004-0909 | 1 Mozilla | 2 Mozilla, Thunderbird | 2025-04-03 | 5.1 MEDIUM | N/A |
|
Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 may allow remote attackers to trick users into performing unexpected actions, including installing software, via signed scripts that request enhanced abilities using the enablePrivilege parameter, then modify the meaning of certain security-relevant dialog messages.
|
|||||
| CVE-2005-2261 | 1 Mozilla | 3 Firefox, Mozilla, Thunderbird | 2025-04-03 | 7.5 HIGH | N/A |
|
Firefox before 1.0.5, Thunderbird before 1.0.5, Mozilla before 1.7.9, Netscape 8.0.2, and K-Meleon 0.9 runs XBL scripts even when Javascript has been disabled, which makes it easier for remote attackers to bypass such protection.
|
|||||
| CVE-2005-0148 | 1 Mozilla | 1 Thunderbird | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Thunderbird before 0.9, when running on Windows systems, uses the default handler when processing javascript: links, which invokes Internet Explorer and may expose the Thunderbird user to vulnerabilities in the version of Internet Explorer that is installed on the user's system. NOTE: since the invocation between multiple products is a common practice, and the vulnerabilities inherent in multi-product interactions are not easily enumerable, this issue might be REJECTED in the future.
|
|||||
| CVE-2006-1740 | 1 Mozilla | 4 Firefox, Mozilla Suite, Seamonkey and 1 more | 2025-04-03 | 2.6 LOW | N/A |
|
Mozilla Firefox 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to spoof secure site indicators such as the locked icon by opening the trusted site in a popup window, then changing the location to a malicious site.
|
|||||
| CVE-2005-0399 | 1 Mozilla | 3 Firefox, Mozilla, Thunderbird | 2025-04-03 | 5.1 MEDIUM | N/A |
|
Heap-based buffer overflow in GIF2.cpp in Firefox before 1.0.2, Mozilla before to 1.7.6, and Thunderbird before 1.0.2, and possibly other applications that use the same library, allows remote attackers to execute arbitrary code via a GIF image with a crafted Netscape extension 2 block and buffer size.
|
|||||