cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2025-1017,https://securityvulnerability.io/vulnerability/CVE-2025-1017,Memory Safety Bugs in Firefox and Thunderbird Products by Mozilla,"The vulnerability involves memory safety bugs identified in multiple versions of Firefox and Thunderbird, including Firefox 134 and Thunderbird 134. These memory corruption issues present a significant risk, as they potentially allow attackers to execute arbitrary code through specially crafted content. Users are advised to upgrade to the latest versions, Firefox 135 and Thunderbird 135, to mitigate this risk. Mozilla has released patches that address these vulnerabilities in its advisory, urging users to protect their systems by maintaining the latest software updates.",Mozilla,"Firefox,Firefox Esr,Thunderbird",,,0.01,false,,false,false,false,,false,false,false,,2025-02-04T13:58:56.028Z,0
CVE-2025-1016,https://securityvulnerability.io/vulnerability/CVE-2025-1016,Memory Safety Bugs in Firefox and Thunderbird Affecting Multiple Versions,"Memory safety vulnerabilities have been identified in Firefox and Thunderbird that may allow attackers to exploit memory corruption issues. These flaws exist in versions before Firefox 135, Firefox ESR 115.20, Firefox ESR 128.7, and corresponding Thunderbird versions. If successfully exploited, these vulnerabilities could potentially lead to arbitrary code execution, posing a significant risk to user security. Users are advised to update their software to the latest versions to mitigate these risks.",Mozilla,"Firefox,Firefox Esr,Thunderbird",,,0.01,false,,false,false,false,,false,false,false,,2025-02-04T13:58:55.672Z,0
CVE-2025-1014,https://securityvulnerability.io/vulnerability/CVE-2025-1014,Insufficient Certificate Length Validation in Mozilla Products,"This vulnerability arises from the failure to validate certificate lengths when added to the certificate store in Mozilla products. Trusted data should ideally be checked thoroughly; however, in this case, the lack of proper length validation led to potential security risks for users operating versions of Firefox and Thunderbird below the specified thresholds. Users are advised to upgrade their software to mitigate potential exploitation.",Mozilla,"Firefox,Firefox Esr,Thunderbird",,,0.01,false,,false,false,false,,false,false,false,,2025-02-04T13:58:54.940Z,0
CVE-2025-1013,https://securityvulnerability.io/vulnerability/CVE-2025-1013,Race Condition Leads to Privacy Leak in Mozilla Products,"A race condition in Mozilla's Firefox and Thunderbird products may allow private browsing tabs to unintentionally open in standard browsing windows. This behavior can result in confidential information being exposed, potentially compromising user privacy. Affected versions include Firefox versions prior to 135, Firefox ESR below 128.7, and Thunderbird versions under 128.7 and 135. Users are advised to update their applications to the latest versions to mitigate this risk.",Mozilla,"Firefox,Firefox Esr,Thunderbird",6.5,MEDIUM,0.01,false,,false,false,false,,false,false,false,,2025-02-04T13:58:54.445Z,0
CVE-2025-1012,https://securityvulnerability.io/vulnerability/CVE-2025-1012,Use-After-Free Vulnerability in Mozilla Firefox and Thunderbird Products,"A race condition during concurrent delazification in Mozilla Firefox and Thunderbird can result in a use-after-free scenario. This flaw occurs when specific versions of these products process certain memory operations simultaneously, leading to unpredictable behavior and potential exploitation. Users of Firefox versions earlier than 135 and specific versions of Firefox ESR and Thunderbird should be aware of this vulnerability and consider updating to secure versions available to mitigate possible risks.",Mozilla,"Firefox,Firefox Esr,Thunderbird",,,0.01,false,,false,false,false,,false,false,false,,2025-02-04T13:58:53.687Z,0
CVE-2025-1011,https://securityvulnerability.io/vulnerability/CVE-2025-1011,WebAssembly Code Generation Flaw in Mozilla Firefox and Thunderbird,"A flaw in the WebAssembly code generation process affects multiple versions of Mozilla Firefox and Thunderbird. Exploitation of this weakness may allow attackers to execute arbitrary code, potentially leading to crashes or unauthorized actions within the affected applications. Users of Firefox versions prior to 135 and Thunderbird versions prior to 135 or 128.7 are particularly at risk and should take immediate action to update their software to mitigate this vulnerability.",Mozilla,"Firefox,Firefox Esr,Thunderbird",,,0.01,false,,false,false,false,,false,false,false,,2025-02-04T13:58:53.239Z,0
CVE-2025-1010,https://securityvulnerability.io/vulnerability/CVE-2025-1010,Use-After-Free Vulnerability in Mozilla Firefox and Thunderbird,"A vulnerability exists in the Custom Highlight API of Firefox and Thunderbird that allows an attacker to exploit a use-after-free condition. This flaw may result in a crash, potentially leading to further exploitation. Affected versions include specific releases of Firefox and Thunderbird prior to indicated versions. Users are urged to update their applications to mitigate the risks associated with this vulnerability.",Mozilla,"Firefox,Firefox Esr,Thunderbird",,,0.01,false,,false,false,false,,false,false,false,,2025-02-04T13:58:52.357Z,0
CVE-2025-1009,https://securityvulnerability.io/vulnerability/CVE-2025-1009,Use-After-Free Vulnerability in Firefox and Thunderbird Products by Mozilla,"A vulnerability exists in Mozilla's Firefox and Thunderbird products that could be exploited through crafted XSLT data, potentially leading to application crashes. Attackers may leverage this condition to disrupt services, highlighting the importance of maintaining updated versions to mitigate risks associated with this insecure implementation.",Mozilla,"Firefox,Firefox Esr,Thunderbird",,,0.01,false,,false,false,false,,false,false,false,,2025-02-04T13:58:51.928Z,0
CVE-2025-0238,https://securityvulnerability.io/vulnerability/CVE-2025-0238,Firefox Vulnerability Could Lead to Exploitable Crash,"Assuming a controlled failed memory allocation, an attacker could have caused a use-after-free, leading to a potentially exploitable crash. This vulnerability affects Firefox < 134, Firefox ESR < 128.6, Firefox ESR < 115.19, Thunderbird < 134, and Thunderbird ESR < 128.6.",Mozilla,"Firefox,Firefox Esr,Thunderbird,Thunderbird Esr",5.3,MEDIUM,0.0004400000034365803,false,,false,false,false,,false,false,false,,2025-01-07T16:15:00.000Z,142
CVE-2025-0241,https://securityvulnerability.io/vulnerability/CVE-2025-0241,Memory Corruption Issue in Firefox and Thunderbird by Mozilla,"Mozilla's Firefox and Thunderbird products have a vulnerability where specially crafted text can cause memory corruption during segmentation. This exploitation might lead to crashes in affected versions, creating a potential attack vector for malicious actors. Security updates are recommended to mitigate this issue.",Mozilla,"Firefox,Firefox Esr,Thunderbird",7.7,HIGH,0.00044999999227002263,false,,false,false,false,,false,false,false,,2025-01-07T16:15:00.000Z,0
CVE-2025-0243,https://securityvulnerability.io/vulnerability/CVE-2025-0243,Memory Safety Vulnerability in Mozilla's Firefox and Thunderbird Products,"Multiple memory safety bugs found in Firefox and Thunderbird could potentially be exploited for arbitrary code execution. These vulnerabilities are present in versions of Firefox 133 and earlier, Firefox ESR 128.5 and earlier, Thunderbird 133 and earlier, and Thunderbird ESR 128.5 and earlier. It is critical for users to update to the latest versions (Firefox 134, Firefox ESR 128.6, Thunderbird 134, and Thunderbird ESR 128.6) to mitigate potential security risks associated with these bugs.",Mozilla,"Firefox,Firefox Esr,Thunderbird,Thunderbird Esr",5.1,MEDIUM,0.00044999999227002263,false,,false,false,false,,false,false,false,,2025-01-07T16:15:00.000Z,0
CVE-2025-0240,https://securityvulnerability.io/vulnerability/CVE-2025-0240,Cross-Site Scripting Vulnerability in Mozilla Firefox and Thunderbird,"A potential security vulnerability exists in Mozilla Firefox and Thunderbird where parsing a JavaScript module as JSON may cause cross-compartment access. This flaw can lead to a use-after-free condition, creating risks for users of affected versions. Specifically, versions of Firefox prior to 134, Firefox ESR prior to 128.6, and Thunderbird versions prior to 134 and 128.6 are vulnerable. Users are urged to update their software promptly to mitigate potential risks.",Mozilla,"Firefox,Firefox Esr,Thunderbird",4,MEDIUM,0.00044999999227002263,false,,false,false,false,,false,false,false,,2025-01-07T16:15:00.000Z,0
CVE-2025-0242,https://securityvulnerability.io/vulnerability/CVE-2025-0242,Memory Safety Bugs in Firefox and Thunderbird Affecting Mozilla Products,"Multiple memory safety vulnerabilities have been identified in Mozilla Firefox and Thunderbird, specifically in versions 133 and earlier. These vulnerabilities can lead to memory corruption, and while exploitation of these bugs is not guaranteed, they possess the potential to allow attackers to execute arbitrary code if successfully manipulated. The affected versions include Firefox and Thunderbird prior to version 134, as well as specific extended support releases (ESR) prior to versions 115.19 and 128.6. Users and administrators are recommended to upgrade to the latest versions to mitigate these risks.",Mozilla,"Firefox,Firefox Esr,Thunderbird,Thunderbird Esr",6.5,MEDIUM,0.0004400000034365803,false,,false,false,false,,false,false,false,,2025-01-07T16:15:00.000Z,0
CVE-2025-0239,https://securityvulnerability.io/vulnerability/CVE-2025-0239,Certificate Validation Flaw in Mozilla Products Affects Firefox and Thunderbird,A vulnerability affecting Mozilla's Firefox and Thunderbird involves improper validation of certificates triggered by Alt-Svc and ALPN when redirecting from a secure to an insecure server. This flaw potentially exposes users to risks as it might allow malicious entities to intercept or manipulate data without being detected. Users of affected versions are advised to prioritize upgrades to protect themselves against potential exploitation.,Mozilla,"Firefox,Firefox Esr,Thunderbird,Thunderbird Esr",4,MEDIUM,0.00044999999227002263,false,,false,false,false,,false,false,false,,2025-01-07T16:15:00.000Z,0
CVE-2025-0237,https://securityvulnerability.io/vulnerability/CVE-2025-0237,Privilege Escalation Vulnerability in Firefox and Thunderbird by Mozilla,"A security flaw has been identified in the WebChannel API used by Mozilla products such as Firefox and Thunderbird. The vulnerability arises due to the API's failure to properly verify the sending principal, allowing for potential privilege escalation attacks. This issue affects multiple versions of Firefox and Thunderbird, making it crucial for users to update their software to maintain security. Notably impacted versions include Firefox versions below 134 and Thunderbird versions below 134. Preventing unauthorized actions through this API is essential to safeguard user data and maintain system integrity.",Mozilla,"Firefox,Firefox Esr,Thunderbird,Thunderbird Esr",5.4,MEDIUM,0.00044999999227002263,false,,false,false,false,,false,false,false,,2025-01-07T16:15:00.000Z,0
CVE-2024-11699,https://securityvulnerability.io/vulnerability/CVE-2024-11699,Memory Safety Bugs Affect Firefox and Thunderbird,"Memory safety bugs present in Firefox 132, Firefox ESR 128.4, and Thunderbird 128.4. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 133, Firefox ESR < 128.5, Thunderbird < 133, and Thunderbird < 128.5.",Mozilla,"Firefox,Firefox Esr,Thunderbird",,,0.00044999999227002263,false,,false,false,false,,,false,false,,2024-11-26T13:34:02.646Z,0
CVE-2024-11698,https://securityvulnerability.io/vulnerability/CVE-2024-11698,Firefox Flaw Causes Stuck Fullscreen Mode on macOS,"A flaw in handling fullscreen transitions may have inadvertently caused the application to become stuck in fullscreen mode when a modal dialog was opened during the transition. This issue left users unable to exit fullscreen mode using standard actions like pressing ""Esc"" or accessing right-click menus, resulting in a disrupted browsing experience until the browser is restarted.  
*This bug only affects the application when running on macOS. Other operating systems are unaffected.* This vulnerability affects Firefox < 133, Firefox ESR < 128.5, Thunderbird < 133, and Thunderbird < 128.5.",Mozilla,"Firefox,Firefox Esr,Thunderbird",,,0.00044999999227002263,false,,false,false,false,,,false,false,,2024-11-26T13:34:00.682Z,0
CVE-2024-11704,https://securityvulnerability.io/vulnerability/CVE-2024-11704,Memory Corruption Vulnerability Affects Firefox and Thunderbird,"A double-free vulnerability exists within the `sec_pkcs7_decoder_start_decrypt()` function in Firefox and Thunderbird. This issue arises during error handling, where, under certain conditions, the same symmetric key could be incorrectly freed twice. This flaw exposes the applications to potential memory corruption risks, affecting performance and stability. Users of Firefox versions prior to 133 and Thunderbird versions prior to 133 should take immediate action to update their software to mitigate this risk.",Mozilla,"Firefox,Thunderbird,Firefox Esr",9.8,CRITICAL,0.00044999999227002263,false,,false,false,false,,,false,false,,2024-11-26T13:33:59.991Z,0
CVE-2024-11697,https://securityvulnerability.io/vulnerability/CVE-2024-11697,Firefox Vulnerability Allows Malicious Code Execution Through Manipulation of Keypress Events,"When handling keypress events, an attacker may have been able to trick a user into bypassing the ""Open Executable File?"" confirmation dialog. This could have led to malicious code execution. This vulnerability affects Firefox < 133, Firefox ESR < 128.5, Thunderbird < 133, and Thunderbird < 128.5.",Mozilla,"Firefox,Firefox Esr,Thunderbird",,,0.00044999999227002263,false,,false,false,false,,,false,false,,2024-11-26T13:33:59.551Z,0
CVE-2024-11696,https://securityvulnerability.io/vulnerability/CVE-2024-11696,Invalid Manifest File Could Disrupt Signature Validation in Firefox,"The application failed to account for exceptions thrown by the `loadManifestFromFile` method during add-on signature verification. This flaw, triggered by an invalid or unsupported extension manifest, could have caused runtime errors that disrupted the signature validation process. As a result, the enforcement of signature validation for unrelated add-ons may have been bypassed.  Signature validation in this context is used to ensure that third-party applications on the user's computer have not tampered with the user's extensions, limiting the impact of this issue. This vulnerability affects Firefox < 133, Firefox ESR < 128.5, Thunderbird < 133, and Thunderbird < 128.5.",Mozilla,"Firefox,Firefox Esr,Thunderbird",,,0.00044999999227002263,false,,false,false,false,,,false,false,,2024-11-26T13:33:59.172Z,0
CVE-2024-11695,https://securityvulnerability.io/vulnerability/CVE-2024-11695,Mozilla Firefox and Thunderbird vulnerability affects URL spoofing,"A crafted URL containing Arabic script and whitespace characters could have hidden the true origin of the page, resulting in a potential spoofing attack. This vulnerability affects Firefox < 133, Firefox ESR < 128.5, Thunderbird < 133, and Thunderbird < 128.5.",Mozilla,"Firefox,Firefox Esr,Thunderbird",,,0.00044999999227002263,false,,false,false,false,,,false,false,,2024-11-26T13:33:58.459Z,0
CVE-2024-11694,https://securityvulnerability.io/vulnerability/CVE-2024-11694,Inadvertent Bypass of Cross-Site Protection in Firefox,"Enhanced Tracking Protection's Strict mode may have inadvertently allowed a CSP `frame-src` bypass and DOM-based XSS through the Google SafeFrame shim in the Web Compatibility extension. This issue could have exposed users to malicious frames masquerading as legitimate content. This vulnerability affects Firefox < 133, Firefox ESR < 128.5, Firefox ESR < 115.18, Thunderbird < 133, Thunderbird < 128.5, and Thunderbird < 115.18.",Mozilla,"Firefox,Firefox Esr,Thunderbird",,,0.0004400000034365803,false,,false,false,false,,,false,false,,2024-11-26T13:33:57.989Z,0
CVE-2024-11693,https://securityvulnerability.io/vulnerability/CVE-2024-11693,Firefox Vulnerability Affects Users of Earlier Versions,"The executable file warning was not presented when downloading .library-ms files.  
*Note: This issue only affected Windows operating systems. Other operating systems are unaffected.* This vulnerability affects Firefox < 133, Firefox ESR < 128.5, Thunderbird < 133, and Thunderbird < 128.5.",Mozilla,"Firefox,Firefox Esr,Thunderbird",,,0.00044999999227002263,false,,false,false,false,,,false,false,,2024-11-26T13:33:57.608Z,0
CVE-2024-11692,https://securityvulnerability.io/vulnerability/CVE-2024-11692,Mozilla Firefox Vulnerability Affects Select Dropdown Disclosure,"An attacker could cause a select dropdown to be shown over another tab; this could have led to user confusion and possible spoofing attacks. This vulnerability affects Firefox < 133, Firefox ESR < 128.5, Thunderbird < 133, and Thunderbird < 128.5.",Mozilla,"Firefox,Firefox Esr,Thunderbird",,,0.00044999999227002263,false,,false,false,false,,,false,false,,2024-11-26T13:33:56.656Z,0
CVE-2024-11691,https://securityvulnerability.io/vulnerability/CVE-2024-11691,Arbitrary Memory Manipulation Flaw in Apple GPU Driver Affecting Mozilla Applications,"A flaw has been discovered in the GPU driver for Apple M series devices that can lead to arbitrary memory manipulation through certain WebGL operations. This vulnerability primarily affects Mozilla applications including Firefox and Thunderbird running on Apple silicon, permitting potentially malicious actors to exploit the memory corruption risk. Users of affected Firefox and Thunderbird versions should update to the latest releases to mitigate this risk and ensure their data remains secure. Other platforms remain unaffected by this issue.",Mozilla,"Firefox,Firefox Esr,Thunderbird",,,0.0004400000034365803,false,,false,false,false,,,false,false,,2024-11-26T13:33:55.946Z,0