Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Firefox
(Mozilla)| Repositories |
• https://github.com/libevent/libevent
• https://github.com/khaledhosny/ots |
| #Vulnerabilities | 2608 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2024-09-17 | CVE-2024-8900 | An attacker could write data to the user's clipboard, bypassing the user prompt, during a certain sequence of navigational events. This vulnerability affects Firefox < 129, Firefox ESR < 128.3, and Thunderbird < 128.3. | Firefox | 7.5 | ||
| 2024-10-01 | CVE-2024-9393 | An attacker could, via a specially crafted multipart response, execute arbitrary JavaScript under the `resource://pdf.js` origin. This could allow them to access cross-origin PDF content. This access is limited to "same site" documents by the Site Isolation feature on desktop clients, but full cross-origin access is possible on Android versions. This vulnerability affects Firefox < 131, Firefox ESR < 128.3, Firefox ESR < 115.16, Thunderbird < 128.3, and Thunderbird < 131. | Firefox, Firefox_esr, Thunderbird | 7.5 | ||
| 2024-10-01 | CVE-2024-9394 | An attacker could, via a specially crafted multipart response, execute arbitrary JavaScript under the `resource://devtools` origin. This could allow them to access cross-origin JSON content. This access is limited to "same site" documents by the Site Isolation feature on desktop clients, but full cross-origin access is possible on Android versions. This vulnerability affects Firefox < 131, Firefox ESR < 128.3, Firefox ESR < 115.16, Thunderbird < 128.3, and Thunderbird < 131. | Firefox, Firefox_esr, Thunderbird | 7.5 | ||
| 2024-10-01 | CVE-2024-9398 | By checking the result of calls to `window.open` with specifically set protocol handlers, an attacker could determine if the application which implements that protocol handler is installed. This vulnerability affects Firefox < 131, Firefox ESR < 128.3, Thunderbird < 128.3, and Thunderbird < 131. | Firefox, Firefox_esr, Thunderbird | 5.3 | ||
| 2024-10-01 | CVE-2024-9399 | A website configured to initiate a specially crafted WebTransport session could crash the Firefox process leading to a denial of service condition. This vulnerability affects Firefox < 131, Firefox ESR < 128.3, Thunderbird < 128.3, and Thunderbird < 131. | Firefox, Thunderbird | 7.5 | ||
| 2024-08-06 | CVE-2024-7518 | Select options could obscure the fullscreen notification dialog. This could be used by a malicious site to perform a spoofing attack. This vulnerability affects Firefox < 129, Firefox ESR < 128.1, and Thunderbird < 128.1. | Firefox, Firefox_esr, Thunderbird | 6.5 | ||
| 2024-06-11 | CVE-2024-5689 | In addition to detecting when a user was taking a screenshot (XXX), a website was able to overlay the 'My Shots' button that appeared, and direct the user to a replica Firefox Screenshots page that could be used for phishing. This vulnerability affects Firefox < 127. | Firefox | 4.3 | ||
| 2024-02-05 | CVE-2024-0953 | When a user scans a QR Code with the QR Code Scanner feature, the user is not prompted before being navigated to the page specified in the code. This may surprise the user and potentially direct them to unwanted content. This vulnerability affects Firefox for iOS < 129. | Firefox | 6.1 | ||
| 2015-03-24 | CVE-2015-0817 | The asm.js implementation in Mozilla Firefox before 36.0.3, Firefox ESR 31.x before 31.5.2, and SeaMonkey before 2.33.1 does not properly determine the cases in which bounds checking may be safely skipped during JIT compilation and heap access, which allows remote attackers to read or write to unintended memory locations, and consequently execute arbitrary code, via crafted JavaScript. | Firefox, Firefox_esr, Seamonkey | N/A | ||
| 2015-04-01 | CVE-2015-0801 | Mozilla Firefox before 37.0, Firefox ESR 31.x before 31.6, and Thunderbird before 31.6 allow remote attackers to bypass the Same Origin Policy and execute arbitrary JavaScript code with chrome privileges via vectors involving anchor navigation, a similar issue to CVE-2015-0818. | Firefox, Firefox_esr, Thunderbird | N/A |