cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2025-1020,https://securityvulnerability.io/vulnerability/CVE-2025-1020,Memory Safety Vulnerabilities in Firefox and Thunderbird by Mozilla,"Memory safety vulnerabilities in Firefox and Thunderbird versions prior to 135 have been identified, showcasing evidence of potential memory corruption issues. These vulnerabilities may allow for arbitrary code execution if successfully exploited. Users are strongly urged to upgrade to the latest versions to mitigate risks and ensure enhanced security.",Mozilla,"Firefox,Thunderbird",,,0.01,false,,false,false,false,,false,false,false,,2025-02-04T13:58:56.390Z,0
CVE-2025-1017,https://securityvulnerability.io/vulnerability/CVE-2025-1017,Memory Safety Bugs in Firefox and Thunderbird Products by Mozilla,"The vulnerability involves memory safety bugs identified in multiple versions of Firefox and Thunderbird, including Firefox 134 and Thunderbird 134. These memory corruption issues present a significant risk, as they potentially allow attackers to execute arbitrary code through specially crafted content. Users are advised to upgrade to the latest versions, Firefox 135 and Thunderbird 135, to mitigate this risk. Mozilla has released patches that address these vulnerabilities in its advisory, urging users to protect their systems by maintaining the latest software updates.",Mozilla,"Firefox,Firefox Esr,Thunderbird",,,0.01,false,,false,false,false,,false,false,false,,2025-02-04T13:58:56.028Z,0
CVE-2025-1016,https://securityvulnerability.io/vulnerability/CVE-2025-1016,Memory Safety Bugs in Firefox and Thunderbird Affecting Multiple Versions,"Memory safety vulnerabilities have been identified in Firefox and Thunderbird that may allow attackers to exploit memory corruption issues. These flaws exist in versions before Firefox 135, Firefox ESR 115.20, Firefox ESR 128.7, and corresponding Thunderbird versions. If successfully exploited, these vulnerabilities could potentially lead to arbitrary code execution, posing a significant risk to user security. Users are advised to update their software to the latest versions to mitigate these risks.",Mozilla,"Firefox,Firefox Esr,Thunderbird",,,0.01,false,,false,false,false,,false,false,false,,2025-02-04T13:58:55.672Z,0
CVE-2025-1014,https://securityvulnerability.io/vulnerability/CVE-2025-1014,Insufficient Certificate Length Validation in Mozilla Products,"This vulnerability arises from the failure to validate certificate lengths when added to the certificate store in Mozilla products. Trusted data should ideally be checked thoroughly; however, in this case, the lack of proper length validation led to potential security risks for users operating versions of Firefox and Thunderbird below the specified thresholds. Users are advised to upgrade their software to mitigate potential exploitation.",Mozilla,"Firefox,Firefox Esr,Thunderbird",,,0.01,false,,false,false,false,,false,false,false,,2025-02-04T13:58:54.940Z,0
CVE-2025-1013,https://securityvulnerability.io/vulnerability/CVE-2025-1013,Race Condition Leads to Privacy Leak in Mozilla Products,"A race condition in Mozilla's Firefox and Thunderbird products may allow private browsing tabs to unintentionally open in standard browsing windows. This behavior can result in confidential information being exposed, potentially compromising user privacy. Affected versions include Firefox versions prior to 135, Firefox ESR below 128.7, and Thunderbird versions under 128.7 and 135. Users are advised to update their applications to the latest versions to mitigate this risk.",Mozilla,"Firefox,Firefox Esr,Thunderbird",6.5,MEDIUM,0.01,false,,false,false,false,,false,false,false,,2025-02-04T13:58:54.445Z,0
CVE-2025-1019,https://securityvulnerability.io/vulnerability/CVE-2025-1019,Spoofing Vulnerability in Firefox and Thunderbird,"A vulnerability allows for the manipulation of the z-order of browser windows, which can conceal fullscreen notifications. This condition may enable attackers to exploit the flaw by conducting spoofing attacks, potentially deceiving users into believing they are interacting with legitimate interfaces. Affected versions include Firefox and Thunderbird prior to version 135.",Mozilla,"Firefox,Thunderbird",,,0.01,false,,false,false,false,,false,false,false,,2025-02-04T13:58:54.064Z,0
CVE-2025-1012,https://securityvulnerability.io/vulnerability/CVE-2025-1012,Use-After-Free Vulnerability in Mozilla Firefox and Thunderbird Products,"A race condition during concurrent delazification in Mozilla Firefox and Thunderbird can result in a use-after-free scenario. This flaw occurs when specific versions of these products process certain memory operations simultaneously, leading to unpredictable behavior and potential exploitation. Users of Firefox versions earlier than 135 and specific versions of Firefox ESR and Thunderbird should be aware of this vulnerability and consider updating to secure versions available to mitigate possible risks.",Mozilla,"Firefox,Firefox Esr,Thunderbird",,,0.01,false,,false,false,false,,false,false,false,,2025-02-04T13:58:53.687Z,0
CVE-2025-1011,https://securityvulnerability.io/vulnerability/CVE-2025-1011,WebAssembly Code Generation Flaw in Mozilla Firefox and Thunderbird,"A flaw in the WebAssembly code generation process affects multiple versions of Mozilla Firefox and Thunderbird. Exploitation of this weakness may allow attackers to execute arbitrary code, potentially leading to crashes or unauthorized actions within the affected applications. Users of Firefox versions prior to 135 and Thunderbird versions prior to 135 or 128.7 are particularly at risk and should take immediate action to update their software to mitigate this vulnerability.",Mozilla,"Firefox,Firefox Esr,Thunderbird",,,0.01,false,,false,false,false,,false,false,false,,2025-02-04T13:58:53.239Z,0
CVE-2025-1018,https://securityvulnerability.io/vulnerability/CVE-2025-1018,Spoofing Issue in Mozilla Firefox and Thunderbird,"A vulnerability exists in Mozilla Firefox and Thunderbird where the fullscreen notification is hidden too quickly when the user re-requests fullscreen mode. This flaw could be exploited to execute potential spoofing attacks, compromising user trust and security. Users of Firefox version 135 and earlier, as well as Thunderbird version 135 and earlier, should take precautions to safeguard their systems from possible exploitation.",Mozilla,"Firefox,Thunderbird",,,0.01,false,,false,false,false,,false,false,false,,2025-02-04T13:58:52.807Z,0
CVE-2025-1010,https://securityvulnerability.io/vulnerability/CVE-2025-1010,Use-After-Free Vulnerability in Mozilla Firefox and Thunderbird,"A vulnerability exists in the Custom Highlight API of Firefox and Thunderbird that allows an attacker to exploit a use-after-free condition. This flaw may result in a crash, potentially leading to further exploitation. Affected versions include specific releases of Firefox and Thunderbird prior to indicated versions. Users are urged to update their applications to mitigate the risks associated with this vulnerability.",Mozilla,"Firefox,Firefox Esr,Thunderbird",,,0.01,false,,false,false,false,,false,false,false,,2025-02-04T13:58:52.357Z,0
CVE-2025-1009,https://securityvulnerability.io/vulnerability/CVE-2025-1009,Use-After-Free Vulnerability in Firefox and Thunderbird Products by Mozilla,"A vulnerability exists in Mozilla's Firefox and Thunderbird products that could be exploited through crafted XSLT data, potentially leading to application crashes. Attackers may leverage this condition to disrupt services, highlighting the importance of maintaining updated versions to mitigate risks associated with this insecure implementation.",Mozilla,"Firefox,Firefox Esr,Thunderbird",,,0.01,false,,false,false,false,,false,false,false,,2025-02-04T13:58:51.928Z,0
CVE-2025-23109,https://securityvulnerability.io/vulnerability/CVE-2025-23109,Website Spoofing Vulnerability in Firefox for iOS,"This vulnerability allows malicious actors to exploit long hostnames within URLs, potentially disguising the true host of a website. By leveraging this technique, attackers can create deceptive links that may confuse users, leading them to believe they are engaging with legitimate websites when they are not. This issue specifically affects Firefox for iOS versions prior to 134, highlighting the need for users to ensure their software is up to date to mitigate the associated risks. Mozilla has released an advisory detailing this vulnerability and recommended updates.",Mozilla,Firefox For iOS,,,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-01-11T03:36:55.235Z,0
CVE-2025-23108,https://securityvulnerability.io/vulnerability/CVE-2025-23108,URL Spoofing Vulnerability in Firefox for iOS,"A security vulnerability in the Firefox for iOS browser allows malicious scripts to spoof the URL of new tabs when users open JavaScript links via long-press. This issue primarily affects versions of Firefox for iOS prior to version 134, potentially misleading users and exposing them to phishing attacks. Users are encouraged to update their browsers to the latest version to mitigate the risk associated with this vulnerability.",Mozilla,Firefox For iOS,,,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-01-11T03:36:53.989Z,0
CVE-2025-0240,https://securityvulnerability.io/vulnerability/CVE-2025-0240,Cross-Site Scripting Vulnerability in Mozilla Firefox and Thunderbird,"A potential security vulnerability exists in Mozilla Firefox and Thunderbird where parsing a JavaScript module as JSON may cause cross-compartment access. This flaw can lead to a use-after-free condition, creating risks for users of affected versions. Specifically, versions of Firefox prior to 134, Firefox ESR prior to 128.6, and Thunderbird versions prior to 134 and 128.6 are vulnerable. Users are urged to update their software promptly to mitigate potential risks.",Mozilla,"Firefox,Firefox Esr,Thunderbird",4,MEDIUM,0.00044999999227002263,false,,false,false,false,,false,false,false,,2025-01-07T16:15:00.000Z,0
CVE-2025-0241,https://securityvulnerability.io/vulnerability/CVE-2025-0241,Memory Corruption Issue in Firefox and Thunderbird by Mozilla,"Mozilla's Firefox and Thunderbird products have a vulnerability where specially crafted text can cause memory corruption during segmentation. This exploitation might lead to crashes in affected versions, creating a potential attack vector for malicious actors. Security updates are recommended to mitigate this issue.",Mozilla,"Firefox,Firefox Esr,Thunderbird",7.7,HIGH,0.00044999999227002263,false,,false,false,false,,false,false,false,,2025-01-07T16:15:00.000Z,0
CVE-2025-0243,https://securityvulnerability.io/vulnerability/CVE-2025-0243,Memory Safety Vulnerability in Mozilla's Firefox and Thunderbird Products,"Multiple memory safety bugs found in Firefox and Thunderbird could potentially be exploited for arbitrary code execution. These vulnerabilities are present in versions of Firefox 133 and earlier, Firefox ESR 128.5 and earlier, Thunderbird 133 and earlier, and Thunderbird ESR 128.5 and earlier. It is critical for users to update to the latest versions (Firefox 134, Firefox ESR 128.6, Thunderbird 134, and Thunderbird ESR 128.6) to mitigate potential security risks associated with these bugs.",Mozilla,"Firefox,Firefox Esr,Thunderbird,Thunderbird Esr",5.1,MEDIUM,0.00044999999227002263,false,,false,false,false,,false,false,false,,2025-01-07T16:15:00.000Z,0
CVE-2025-0239,https://securityvulnerability.io/vulnerability/CVE-2025-0239,Certificate Validation Flaw in Mozilla Products Affects Firefox and Thunderbird,A vulnerability affecting Mozilla's Firefox and Thunderbird involves improper validation of certificates triggered by Alt-Svc and ALPN when redirecting from a secure to an insecure server. This flaw potentially exposes users to risks as it might allow malicious entities to intercept or manipulate data without being detected. Users of affected versions are advised to prioritize upgrades to protect themselves against potential exploitation.,Mozilla,"Firefox,Firefox Esr,Thunderbird,Thunderbird Esr",4,MEDIUM,0.00044999999227002263,false,,false,false,false,,false,false,false,,2025-01-07T16:15:00.000Z,0
CVE-2025-0247,https://securityvulnerability.io/vulnerability/CVE-2025-0247,Memory Safety Vulnerability in Firefox and Thunderbird Products by Mozilla,"A set of memory safety issues have been identified in Firefox and Thunderbird versions prior to 134. These issues enable the potential for memory corruption, which could be exploited maliciously to execute arbitrary code if sufficiently exploited. Mozilla has addressed these vulnerabilities in the updated releases, 134, for both products. Users are highly encouraged to update their software to the latest version to mitigate the risks associated with these memory safety bugs.",Mozilla,"Firefox,Thunderbird",8.8,HIGH,0.00044999999227002263,false,,false,false,false,,false,false,false,,2025-01-07T16:15:00.000Z,0
CVE-2025-0237,https://securityvulnerability.io/vulnerability/CVE-2025-0237,Privilege Escalation Vulnerability in Firefox and Thunderbird by Mozilla,"A security flaw has been identified in the WebChannel API used by Mozilla products such as Firefox and Thunderbird. The vulnerability arises due to the API's failure to properly verify the sending principal, allowing for potential privilege escalation attacks. This issue affects multiple versions of Firefox and Thunderbird, making it crucial for users to update their software to maintain security. Notably impacted versions include Firefox versions below 134 and Thunderbird versions below 134. Preventing unauthorized actions through this API is essential to safeguard user data and maintain system integrity.",Mozilla,"Firefox,Firefox Esr,Thunderbird,Thunderbird Esr",5.4,MEDIUM,0.00044999999227002263,false,,false,false,false,,false,false,false,,2025-01-07T16:15:00.000Z,0
CVE-2025-0242,https://securityvulnerability.io/vulnerability/CVE-2025-0242,Memory Safety Bugs in Firefox and Thunderbird Affecting Mozilla Products,"Multiple memory safety vulnerabilities have been identified in Mozilla Firefox and Thunderbird, specifically in versions 133 and earlier. These vulnerabilities can lead to memory corruption, and while exploitation of these bugs is not guaranteed, they possess the potential to allow attackers to execute arbitrary code if successfully manipulated. The affected versions include Firefox and Thunderbird prior to version 134, as well as specific extended support releases (ESR) prior to versions 115.19 and 128.6. Users and administrators are recommended to upgrade to the latest versions to mitigate these risks.",Mozilla,"Firefox,Firefox Esr,Thunderbird,Thunderbird Esr",6.5,MEDIUM,0.0004400000034365803,false,,false,false,false,,false,false,false,,2025-01-07T16:15:00.000Z,0
CVE-2025-0238,https://securityvulnerability.io/vulnerability/CVE-2025-0238,Firefox Vulnerability Could Lead to Exploitable Crash,"Assuming a controlled failed memory allocation, an attacker could have caused a use-after-free, leading to a potentially exploitable crash. This vulnerability affects Firefox < 134, Firefox ESR < 128.6, Firefox ESR < 115.19, Thunderbird < 134, and Thunderbird ESR < 128.6.",Mozilla,"Firefox,Firefox Esr,Thunderbird,Thunderbird Esr",5.3,MEDIUM,0.0004400000034365803,false,,false,false,false,,false,false,false,,2025-01-07T16:15:00.000Z,142
CVE-2024-53976,https://securityvulnerability.io/vulnerability/CVE-2024-53976,Firefox for iOS Vulnerability Affects Address Visibility in Location URL Bar,"Under certain circumstances, navigating to a webpage would result in the address missing from the location URL bar, making it unclear what the URL was for the loaded webpage. This vulnerability affects Firefox for iOS < 133.",Mozilla,Firefox For iOS,,,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-11-26T13:34:07.977Z,0
CVE-2024-53975,https://securityvulnerability.io/vulnerability/CVE-2024-53975,Non-Existent Port Vulnerability in Firefox for iOS Prior to 133,"Accessing a non-secure HTTP site that uses a non-existent port may cause the SSL padlock icon in the location URL bar to, misleadingly, appear secure. This vulnerability affects Firefox for iOS < 133.",Mozilla,Firefox For iOS,,,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-11-26T13:34:07.725Z,0
CVE-2024-11699,https://securityvulnerability.io/vulnerability/CVE-2024-11699,Memory Safety Bugs Affect Firefox and Thunderbird,"Memory safety bugs present in Firefox 132, Firefox ESR 128.4, and Thunderbird 128.4. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 133, Firefox ESR < 128.5, Thunderbird < 133, and Thunderbird < 128.5.",Mozilla,"Firefox,Firefox Esr,Thunderbird",,,0.00044999999227002263,false,,false,false,false,,,false,false,,2024-11-26T13:34:02.646Z,0
CVE-2024-11708,https://securityvulnerability.io/vulnerability/CVE-2024-11708,Data Race Vulnerability in Firefox < 133,"A vulnerability has been identified in Mozilla Firefox and Thunderbird caused by missing thread synchronization primitives. This issue can lead to a data race condition on members of the PlaybackParams structure, potentially compromising data integrity during operational processing. Users of Firefox versions earlier than 133 and Thunderbird versions earlier than 133 are advised to update to mitigate associated risks.",Mozilla,"Firefox,Thunderbird",,,0.00044999999227002263,false,,false,false,false,,,false,false,,2024-11-26T13:34:02.250Z,0