Mozilla

Firefox

2867 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
0

CVE-2025-4920

  • EPSS 0.02%
  • Published 17.05.2025 21:07:23
  • Last modified 18.05.2025 20:15:19

Rejected reason: Duplicate of CVE-2025-4918

8.1

CVE-2025-4093

  • EPSS 0.04%
  • Published 29.04.2025 13:13:50
  • Last modified 22.09.2025 18:15:43

Memory safety bug present in Firefox ESR 128.9, and Thunderbird 128.9. This bug showed evidence of memory corruption and we presume that with enough effort this could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR <...

6.5

CVE-2025-4092

  • EPSS 0.04%
  • Published 29.04.2025 13:13:49
  • Last modified 09.05.2025 19:32:00

Memory safety bugs present in Firefox 137 and Thunderbird 137. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Fi...

8.1

CVE-2025-4091

  • EPSS 0.06%
  • Published 29.04.2025 13:13:48
  • Last modified 22.09.2025 18:15:42

Memory safety bugs present in Firefox 137, Thunderbird 137, Firefox ESR 128.9, and Thunderbird 128.9. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitr...

5.3

CVE-2025-4090

  • EPSS 0.04%
  • Published 29.04.2025 13:13:46
  • Last modified 23.09.2025 15:15:30

A vulnerability existed in Thunderbird for Android where potentially sensitive library locations were logged via Logcat. This vulnerability affects Firefox < 138 and Thunderbird < 138.

5.1

CVE-2025-4089

  • EPSS 0.02%
  • Published 29.04.2025 13:13:45
  • Last modified 09.05.2025 19:32:53

Due to insufficient escaping of special characters in the "copy as cURL" feature, an attacker could trick a user into using this command, potentially leading to local code execution on the user's system. This vulnerability affects Firefox < 138 and T...

6.5

CVE-2025-4088

  • EPSS 0.02%
  • Published 29.04.2025 13:13:43
  • Last modified 09.05.2025 19:33:06

A security vulnerability in Thunderbird allowed malicious sites to use redirects to send credentialed requests to arbitrary endpoints on any site that had invoked the Storage Access API. This enabled potential Cross-Site Request Forgery attacks acros...

4.8

CVE-2025-4087

  • EPSS 0.05%
  • Published 29.04.2025 13:13:42
  • Last modified 23.09.2025 15:15:30

A vulnerability was identified in Thunderbird where XPath parsing could trigger undefined behavior due to missing null checks during attribute access. This could lead to out-of-bounds read access and potentially, memory corruption. This vulnerability...

6.5

CVE-2025-4086

  • EPSS 0.04%
  • Published 29.04.2025 13:13:40
  • Last modified 09.05.2025 19:33:18

A specially crafted filename containing a large number of encoded newline characters could obscure the file's extension when displayed in the download dialog. *This bug only affects Thunderbird for Android. Other versions of Thunderbird are unaffecte...

7.1

CVE-2025-4085

  • EPSS 0.04%
  • Published 29.04.2025 13:13:39
  • Last modified 09.05.2025 19:33:24

An attacker with control over a content process could potentially leverage the privileged UITour actor to leak sensitive information or escalate privileges. This vulnerability affects Firefox < 138 and Thunderbird < 138.