Export limit exceeded: 359549 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (3655 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2009-3370 | 2 Mozilla, Redhat | 2 Firefox, Enterprise Linux | 2026-04-23 | N/A |
| Mozilla Firefox before 3.0.15, and 3.5.x before 3.5.4, allows remote attackers to read form history by forging mouse and keyboard events that leverage the auto-fill feature to populate form fields, in an attacker-readable form, with history entries. | ||||
| CVE-2008-5501 | 3 Canonical, Mozilla, Redhat | 4 Ubuntu Linux, Firefox, Seamonkey and 1 more | 2026-04-23 | N/A |
| The layout engine in Mozilla Firefox 3.x before 3.0.5, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 allows remote attackers to cause a denial of service via vectors that trigger an assertion failure. | ||||
| CVE-2008-2103 | 1 Mozilla | 1 Bugzilla | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in Bugzilla 2.17.2 and later allows remote attackers to inject arbitrary web script or HTML via the id parameter to the "Format for Printing" view or "Long Format" bug list. | ||||
| CVE-2008-6098 | 1 Mozilla | 1 Bugzilla | 2026-04-23 | N/A |
| Bugzilla 3.2 before 3.2 RC2, 3.0 before 3.0.6, 2.22 before 2.22.6, 2.20 before 2.20.7, and other versions after 2.17.4 allows remote authenticated users to bypass moderation to approve and disapprove quips via a direct request to quips.cgi with the action parameter set to "approve." | ||||
| CVE-2026-6772 | 1 Mozilla | 2 Firefox, Thunderbird | 2026-04-22 | 7.5 High |
| Incorrect boundary conditions in the Libraries component in NSS. This vulnerability was fixed in Firefox 150, Firefox ESR 115.35, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10. | ||||
| CVE-2026-6777 | 1 Mozilla | 2 Firefox, Thunderbird | 2026-04-22 | 5.3 Medium |
| Other issue in the Networking: DNS component. This vulnerability was fixed in Firefox 150 and Thunderbird 150. | ||||
| CVE-2026-6756 | 1 Mozilla | 1 Firefox | 2026-04-22 | 7.5 High |
| Mitigation bypass in Firefox for Android. This vulnerability was fixed in Firefox 150. | ||||
| CVE-2026-6757 | 1 Mozilla | 2 Firefox, Thunderbird | 2026-04-22 | 6.3 Medium |
| Invalid pointer in the JavaScript: WebAssembly component. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10. | ||||
| CVE-2026-6763 | 1 Mozilla | 2 Firefox, Thunderbird | 2026-04-22 | 6.5 Medium |
| Mitigation bypass in the File Handling component. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10. | ||||
| CVE-2026-6767 | 1 Mozilla | 2 Firefox, Thunderbird | 2026-04-22 | 5.3 Medium |
| Other issue in the Libraries component in NSS. This vulnerability was fixed in Firefox 150, Firefox ESR 115.35, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10. | ||||
| CVE-2013-1690 | 6 Canonical, Debian, Mozilla and 3 more | 17 Ubuntu Linux, Debian Linux, Firefox and 14 more | 2026-04-22 | 8.8 High |
| Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbird before 17.0.7, and Thunderbird ESR 17.x before 17.0.7 do not properly handle onreadystatechange events in conjunction with page reloading, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted web site that triggers an attempt to execute data at an unmapped memory location. | ||||
| CVE-2013-1675 | 5 Canonical, Debian, Mozilla and 2 more | 20 Ubuntu Linux, Debian Linux, Firefox and 17 more | 2026-04-22 | 6.5 Medium |
| Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6, and Thunderbird ESR 17.x before 17.0.6 do not properly initialize data structures for the nsDOMSVGZoomEvent::mPreviousScale and nsDOMSVGZoomEvent::mNewScale functions, which allows remote attackers to obtain sensitive information from process memory via a crafted web site. | ||||
| CVE-2026-6751 | 1 Mozilla | 2 Firefox, Thunderbird | 2026-04-22 | 7.3 High |
| Uninitialized memory in the Audio/Video: Web Codecs component. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10. | ||||
| CVE-2026-6752 | 1 Mozilla | 2 Firefox, Thunderbird | 2026-04-22 | 7.3 High |
| Incorrect boundary conditions in the WebRTC component. This vulnerability was fixed in Firefox 150, Firefox ESR 115.35, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10. | ||||
| CVE-2026-6755 | 1 Mozilla | 2 Firefox, Thunderbird | 2026-04-22 | 6.5 Medium |
| Mitigation bypass in the DOM: postMessage component. This vulnerability was fixed in Firefox 150 and Thunderbird 150. | ||||
| CVE-2026-6759 | 1 Mozilla | 2 Firefox, Thunderbird | 2026-04-22 | 7.5 High |
| Use-after-free in the Widget: Cocoa component. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10. | ||||
| CVE-2026-6764 | 1 Mozilla | 2 Firefox, Thunderbird | 2026-04-22 | 6.5 Medium |
| Incorrect boundary conditions in the DOM: Device Interfaces component. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10. | ||||
| CVE-2026-6771 | 1 Mozilla | 2 Firefox, Thunderbird | 2026-04-22 | 9.8 Critical |
| Mitigation bypass in the DOM: Security component. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10. | ||||
| CVE-2026-6747 | 1 Mozilla | 2 Firefox, Thunderbird | 2026-04-22 | 7.5 High |
| Use-after-free in the WebRTC component. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10. | ||||
| CVE-2026-6782 | 1 Mozilla | 2 Firefox, Thunderbird | 2026-04-22 | 7.5 High |
| Information disclosure in the IP Protection component. This vulnerability was fixed in Firefox 150 and Thunderbird 150. | ||||