Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Firefox_esr
(Mozilla)Repositories | https://github.com/libevent/libevent |
#Vulnerabilities | 1094 |
Date | Id | Summary | Products | Score | Patch | Annotated |
---|---|---|---|---|---|---|
2020-07-09 | CVE-2020-12406 | Mozilla Developer Iain Ireland discovered a missing type check during unboxed objects removal, resulting in a crash. We presume that with enough effort that it could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 68.9.0, Firefox < 77, and Firefox ESR < 68.9. | Ubuntu_linux, Firefox, Firefox_esr, Thunderbird | 8.8 | ||
2020-07-09 | CVE-2020-12418 | Manipulating individual parts of a URL object could have caused an out-of-bounds read, leaking process memory to malicious JavaScript. This vulnerability affects Firefox ESR < 68.10, Firefox < 78, and Thunderbird < 68.10.0. | Ubuntu_linux, Firefox, Firefox_esr, Thunderbird, Leap | 6.5 | ||
2020-07-09 | CVE-2020-12419 | When processing callbacks that occurred during window flushing in the parent process, the associated window may die; causing a use-after-free condition. This could have led to memory corruption and a potentially exploitable crash. This vulnerability affects Firefox ESR < 68.10, Firefox < 78, and Thunderbird < 68.10.0. | Ubuntu_linux, Firefox, Firefox_esr, Thunderbird, Leap | 8.8 | ||
2022-12-22 | CVE-2022-26386 | Previously Firefox for macOS and Linux would download temporary files to a user-specific directory in <code>/tmp</code>, but this behavior was changed to download them to <code>/tmp</code> where they could be affected by other local users. This behavior was reverted to the original, user-specific directory. <br>*This bug only affects Firefox for macOS and Linux. Other operating systems are unaffected.*. This vulnerability affects Firefox ESR < 91.7 and Thunderbird < 91.7. | Firefox_esr, Thunderbird | 6.5 | ||
2013-04-03 | CVE-2013-0796 | The WebGL subsystem in Mozilla Firefox before 20.0, Firefox ESR 17.x before 17.0.5, Thunderbird before 17.0.5, Thunderbird ESR 17.x before 17.0.5, and SeaMonkey before 2.17 on Linux does not properly interact with Mesa drivers, which allows remote attackers to execute arbitrary code or cause a denial of service (free of unallocated memory) via unspecified vectors. | Firefox, Firefox_esr, Seamonkey, Thunderbird, Thunderbird_esr | N/A | ||
2022-12-22 | CVE-2022-31740 | On arm64, WASM code could have resulted in incorrect assembly generation leading to a register allocation problem, and a potentially exploitable crash. This vulnerability affects Thunderbird < 91.10, Firefox < 101, and Firefox ESR < 91.10. | Firefox, Firefox_esr, Thunderbird | 8.8 | ||
2022-12-22 | CVE-2022-45412 | When resolving a symlink such as <code>file:///proc/self/fd/1</code>, an error message may be produced where the symlink was resolved to a string containing unitialized memory in the buffer. <br>*This bug only affects Thunderbird on Unix-based operated systems (Android, Linux, MacOS). Windows is unaffected.*. This vulnerability affects Firefox ESR < 102.5, Thunderbird < 102.5, and Firefox < 107. | Firefox, Firefox_esr, Thunderbird | 8.8 | ||
2022-12-22 | CVE-2021-4127 | An out of date graphics library (Angle) likely contained vulnerabilities that could potentially be exploited. This vulnerability affects Thunderbird < 78.9 and Firefox ESR < 78.9. | Firefox_esr, Thunderbird | 9.8 | ||
2022-12-22 | CVE-2022-29911 | An improper implementation of the new iframe sandbox keyword <code>allow-top-navigation-by-user-activation</code> could lead to script execution without <code>allow-scripts</code> being present. This vulnerability affects Thunderbird < 91.9, Firefox ESR < 91.9, and Firefox < 100. | Firefox, Firefox_esr, Thunderbird | 6.1 | ||
2022-12-22 | CVE-2022-31739 | When downloading files on Windows, the % character was not escaped, which could have lead to a download incorrectly being saved to attacker-influenced paths that used variables such as %HOMEPATH% or %APPDATA%.<br>*This bug only affects Firefox for Windows. Other operating systems are unaffected.*. This vulnerability affects Thunderbird < 91.10, Firefox < 101, and Firefox ESR < 91.10. | Firefox, Firefox_esr, Thunderbird | 8.8 |