Mozilla

Firefox ESR

866 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.5

CVE-2025-5262

Media report
  • EPSS 0.07%
  • Published 27.05.2025 12:29:21
  • Last modified 19.09.2025 17:18:14

A double-free could have occurred in `vpx_codec_enc_init_multi` after a failed allocation when initializing the encoder for WebRTC. This could have caused memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird <...

8.8

CVE-2025-4919

Media report
  • EPSS 0.05%
  • Published 17.05.2025 21:07:27
  • Last modified 28.05.2025 14:08:29

An attacker was able to perform an out-of-bounds read or write on a JavaScript object by confusing array index sizes. This vulnerability affects Firefox < 138.0.4, Firefox ESR < 128.10.1, Firefox ESR < 115.23.1, Thunderbird < 128.10.2, and Thunderbir...

9.8

CVE-2025-4918

Exploit
  • EPSS 0.07%
  • Published 17.05.2025 21:07:26
  • Last modified 22.09.2025 18:15:43

An attacker was able to perform an out-of-bounds read or write on a JavaScript `Promise` object. This vulnerability affects Firefox < 138.0.4, Firefox ESR < 128.10.1, Firefox ESR < 115.23.1, Thunderbird < 128.10.2, and Thunderbird < 138.0.2.

0

CVE-2025-4921

  • EPSS 0.02%
  • Published 17.05.2025 21:07:25
  • Last modified 18.05.2025 20:15:19

Rejected reason: Duplicate of CVE-2025-4919

0

CVE-2025-4920

  • EPSS 0.02%
  • Published 17.05.2025 21:07:23
  • Last modified 18.05.2025 20:15:19

Rejected reason: Duplicate of CVE-2025-4918

8.1

CVE-2025-4093

  • EPSS 0.04%
  • Published 29.04.2025 13:13:50
  • Last modified 22.09.2025 18:15:43

Memory safety bug present in Firefox ESR 128.9, and Thunderbird 128.9. This bug showed evidence of memory corruption and we presume that with enough effort this could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR <...

8.1

CVE-2025-4091

  • EPSS 0.06%
  • Published 29.04.2025 13:13:48
  • Last modified 22.09.2025 18:15:42

Memory safety bugs present in Firefox 137, Thunderbird 137, Firefox ESR 128.9, and Thunderbird 128.9. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitr...

4.8

CVE-2025-4087

  • EPSS 0.05%
  • Published 29.04.2025 13:13:42
  • Last modified 23.09.2025 15:15:30

A vulnerability was identified in Thunderbird where XPath parsing could trigger undefined behavior due to missing null checks during attribute access. This could lead to out-of-bounds read access and potentially, memory corruption. This vulnerability...

5.7

CVE-2025-4084

  • EPSS 0.03%
  • Published 29.04.2025 13:13:38
  • Last modified 09.05.2025 19:33:28

Due to insufficient escaping of the special characters in the "copy as cURL" feature, an attacker could trick a user into using this command, potentially leading to local code execution on the user's system. *This bug only affects Firefox for Windows...

9.1

CVE-2025-4083

  • EPSS 0.05%
  • Published 29.04.2025 13:13:36
  • Last modified 09.05.2025 19:33:33

A process isolation vulnerability in Thunderbird stemmed from improper handling of javascript: URIs, which could allow content to execute in the top-level document's process instead of the intended frame, potentially enabling a sandbox escape. This v...