CVE-2026-12292
- EPSS 0.4%
- Veröffentlicht 16.06.2026 11:52:25
- Zuletzt bearbeitet 09.07.2026 13:16:48
Incorrect boundary conditions in the Web Audio component. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Thunderbird 152, and Thunderbird 140.12.
CVE-2026-12291
- EPSS 0.38%
- Veröffentlicht 16.06.2026 11:52:24
- Zuletzt bearbeitet 09.07.2026 13:16:48
Use-after-free in the Networking: HTTP component. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Firefox ESR 115.37, Thunderbird 152, and Thunderbird 140.12.
CVE-2026-12290
- EPSS 0.4%
- Veröffentlicht 16.06.2026 11:52:23
- Zuletzt bearbeitet 09.07.2026 13:16:48
Memory safety bug fixed in Firefox 152. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Firefox ESR 115.37, Thunderbird 152, and Thunderbird 140.12.
CVE-2026-12289
- EPSS 0.4%
- Veröffentlicht 16.06.2026 11:52:22
- Zuletzt bearbeitet 09.07.2026 13:16:47
Privilege escalation in the Graphics: WebRender component. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Firefox ESR 115.37, Thunderbird 152, and Thunderbird 140.12.
CVE-2026-12068
- EPSS 0.26%
- Veröffentlicht 12.06.2026 22:19:18
- Zuletzt bearbeitet 15.06.2026 20:49:19
Information disclosure vulnerability in Avira Password Manager when used with Mozilla Firefox may allow a remote attacker operating a cross-origin iframe to obtain credentials autofilled for the parent web page via incorrect autofill field selection....
CVE-2026-10702
- EPSS 0.29%
- Veröffentlicht 02.06.2026 17:16:00
- Zuletzt bearbeitet 30.06.2026 03:17:07
JIT miscompilation in the JavaScript Engine: JIT component. This vulnerability was fixed in Firefox 151.0.3.
CVE-2026-10701
- EPSS 0.3%
- Veröffentlicht 02.06.2026 17:15:59
- Zuletzt bearbeitet 30.06.2026 03:17:07
Incorrect boundary conditions in the Graphics: Text component. This vulnerability was fixed in Firefox 151.0.3.
CVE-2026-9309
- EPSS 0.16%
- Veröffentlicht 01.06.2026 11:24:10
- Zuletzt bearbeitet 03.06.2026 20:02:29
Firefox for iOS Reader View did not properly escape HTML tags in JSON-LD metadata. A malicious page could inject markup that changed Reader View behavior and leaked sensitive URL parameters. These parameters could then be used to access internal page...
CVE-2026-9308
- EPSS 0.16%
- Veröffentlicht 01.06.2026 11:24:09
- Zuletzt bearbeitet 03.06.2026 20:02:52
Firefox for iOS Reader View replaced page content in its HTML template before replacing other internal placeholders. A malicious page could include a placeholder string that was later substituted with JSON-LD data, potentially resulting in arbitrary ...
CVE-2026-9078
- EPSS 0.2%
- Veröffentlicht 25.05.2026 14:05:47
- Zuletzt bearbeitet 28.05.2026 20:20:06
Firefox for iOS displayed specially crafted right-to-left (RTL) and internationalized domain names (IDNs) incorrectly in link preview UI surfaces. A crafted RTL hostname could visually reorder portions of the displayed domain, causing attacker-contro...