Mozilla ≫ Firefox

An error in argument length checking in JavaScript, leading to potential integer overflows or other bounds checking issues. This vulnerability affects Thunderbird < 45.5, Firefox ESR < 45.5, and Firefox < 50.

A mechanism where disruption of the loading of a new web page can cause the previous page's favicon and SSL indicator to not be reset when the new page is loaded. Note: this issue only affects Firefox for Android. Desktop Firefox is unaffected. This ...

A previously installed malicious Android application with same signature-level permissions as Firefox can intercept AuthTokens meant for Firefox only. Note: This issue only affects Firefox for Android. Other versions and operating systems are unaffec...

A previously installed malicious Android application which defines a specific signature-level permissions used by Firefox can access API keys meant for Firefox only. Note: This issue only affects Firefox for Android. Other versions and operating syst...

Private browsing mode leaves metadata information, such as URLs, for sites visited in "browser.db" and "browser.db-wal" files within the Firefox profile after the mode is exited. Note: This issue only affects Firefox for Android. Other versions and o...

An integer overflow during the parsing of XML using the Expat library. This vulnerability affects Firefox < 50.

A hardware vulnerability in GPU memory modules allows attackers to accelerate micro-architectural attacks through the use of the JavaScript WebGL API.

Remote code execution in the Venkman script debugger in Mozilla Firefox before 2.0.0.8.

Stack-based buffer overflow in the evutil_parse_sockaddr_port function in evutil.c in libevent before 2.1.6-beta allows attackers to cause a denial of service (segmentation fault) via vectors involving a long string in brackets in the ip_as_string ar...

Mozilla Firefox before 49.0 allows remote attackers to bypass the Same Origin Policy via a crafted fragment identifier in the SRC attribute of an IFRAME element, leading to insufficient restrictions on link-color information after a document is resiz...