cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2025-23720,https://securityvulnerability.io/vulnerability/CVE-2025-23720,Cross-Site Request Forgery in Mozilla Web Push leading to Stored XSS Exploit,"A Cross-Site Request Forgery (CSRF) vulnerability exists in Mozilla Web Push, which can be exploited to execute Stored Cross-Site Scripting (XSS) attacks. This flaw affects versions from n/a up to 1.4.0, allowing an attacker to craft malicious requests that can lead to unauthorized actions on behalf of the user, compromising web application security.",Mozilla,Web Push,7.1,HIGH,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-01-16T20:06:48.634Z,0
CVE-2025-0247,https://securityvulnerability.io/vulnerability/CVE-2025-0247,Memory Safety Vulnerability in Firefox and Thunderbird Products by Mozilla,"A set of memory safety issues have been identified in Firefox and Thunderbird versions prior to 134. These issues enable the potential for memory corruption, which could be exploited maliciously to execute arbitrary code if sufficiently exploited. Mozilla has addressed these vulnerabilities in the updated releases, 134, for both products. Users are highly encouraged to update their software to the latest version to mitigate the risks associated with these memory safety bugs.",Mozilla,"Firefox,Thunderbird",8.8,HIGH,0.00044999999227002263,false,,false,false,false,,false,false,false,,2025-01-07T16:15:00.000Z,0
CVE-2025-0241,https://securityvulnerability.io/vulnerability/CVE-2025-0241,Memory Corruption Issue in Firefox and Thunderbird by Mozilla,"Mozilla's Firefox and Thunderbird products have a vulnerability where specially crafted text can cause memory corruption during segmentation. This exploitation might lead to crashes in affected versions, creating a potential attack vector for malicious actors. Security updates are recommended to mitigate this issue.",Mozilla,"Firefox,Firefox Esr,Thunderbird",7.7,HIGH,0.00044999999227002263,false,,false,false,false,,false,false,false,,2025-01-07T16:15:00.000Z,0
CVE-2024-11704,https://securityvulnerability.io/vulnerability/CVE-2024-11704,Memory Corruption Vulnerability Affects Firefox and Thunderbird,"A double-free vulnerability exists within the `sec_pkcs7_decoder_start_decrypt()` function in Firefox and Thunderbird. This issue arises during error handling, where, under certain conditions, the same symmetric key could be incorrectly freed twice. This flaw exposes the applications to potential memory corruption risks, affecting performance and stability. Users of Firefox versions prior to 133 and Thunderbird versions prior to 133 should take immediate action to update their software to mitigate this risk.",Mozilla,"Firefox,Thunderbird,Firefox Esr",9.8,CRITICAL,0.00044999999227002263,false,,false,false,false,,,false,false,,2024-11-26T13:33:59.991Z,0
CVE-2024-10467,https://securityvulnerability.io/vulnerability/CVE-2024-10467,Memory Safety Bugs Affecting Firefox and Thunderbird,"This vulnerability arises from memory safety issues detected in specific versions of Firefox and Thunderbird. The identified bugs contain evidence of memory corruption, indicating the possibility of exploitation that could allow attackers to execute arbitrary code. The affected versions, including Firefox 131, Firefox ESR 128.3, and Thunderbird 128.3, expose users to risks if not updated to the latest versions, which address these vulnerabilities. Users are strongly advised to upgrade to Firefox 132, Firefox ESR 128.4, or Thunderbird 132 to mitigate the potential risks associated with these vulnerabilities.",Mozilla,"Firefox,Firefox Esr,Thunderbird",8.8,HIGH,0.0006799999973736703,false,,false,false,false,,,false,false,,2024-10-29T12:19:18.057Z,0
CVE-2024-10466,https://securityvulnerability.io/vulnerability/CVE-2024-10466,Mozilla Discloses Firefox Push Message Vulnerability,"A vulnerability in Mozilla's Firefox and Thunderbird allows remote attackers to cause the parent process to hang by sending specially crafted push messages. This can result in unresponsive browser behavior, impacting user experience and workflow. Affected are specific versions of Firefox and Thunderbird, which need immediate updates to mitigate the risk posed by this exploit.",Mozilla,"Firefox,Firefox Esr,Thunderbird",7.5,HIGH,0.0005600000149570405,false,,false,false,false,,,false,false,,2024-10-29T12:19:17.005Z,0
CVE-2024-10459,https://securityvulnerability.io/vulnerability/CVE-2024-10459,Mozilla Firefox Vulnerability Affects Several Versions,"A vulnerability in Mozilla's Firefox and Thunderbird products allows for a use-after-free condition that can be triggered when accessibility features are enabled. This flaw may lead to a crash that could be exploited by an attacker to achieve arbitrary code execution or other malicious outcomes. It is essential for users of affected versions, including Firefox versions below 132 and Thunderbird versions below 128.4, to apply the latest security updates to mitigate potential threats.",Mozilla,"Firefox,Firefox Esr,Thunderbird",7.5,HIGH,0.0008800000068731606,false,,false,false,false,,,false,false,,2024-10-29T12:19:09.637Z,0
CVE-2024-10458,https://securityvulnerability.io/vulnerability/CVE-2024-10458,Firefox Vulnerability: Permission Leak Due to Embed or Object Elements,"A vulnerability exists in Mozilla products that may allow a permission leak from a trusted site to an untrusted site when using `embed` or `object` HTML elements. This flaw affects several versions of Firefox and Thunderbird, potentially exposing sensitive user permissions to malicious external content. Users of affected versions are encouraged to review security advisories and apply necessary updates to mitigate the risks associated with this vulnerability.",Mozilla,"Firefox,Firefox Esr,Thunderbird",7.5,HIGH,0.0006500000017695129,false,,false,false,false,,,false,false,,2024-10-29T12:19:08.505Z,0
CVE-2024-9680,https://securityvulnerability.io/vulnerability/CVE-2024-9680,Mozilla Firefox Vulnerability: Code Execution through Animation Timelines,"A vulnerability has been identified in Firefox and Thunderbird, resulting from a use-after-free scenario within the Animation timelines component. This flaw allows attackers to execute arbitrary code in the content process, which has been observed to be actively exploited in the wild. Affected users are urged to upgrade their software to mitigate risks associated with this vulnerability. The impacted versions of both Firefox and Thunderbird span multiple releases, emphasizing the importance of prompt updates for users to ensure their systems remain secure.",Mozilla,"Firefox,Firefox Esr,Thunderbird",9.8,CRITICAL,0.0036200000904500484,true,2024-10-15T00:00:00.000Z,true,true,true,2024-10-10T01:00:00.000Z,,true,true,2024-10-11T16:25:09.527Z,2024-10-09T13:15:00.000Z,15755
CVE-2024-9399,https://securityvulnerability.io/vulnerability/CVE-2024-9399,Mozilla Firefox Crashes Due to Initiating Specially Crafted WebTransport Session,"A vulnerability exists in the Firefox and Thunderbird applications that allows a specially crafted WebTransport session to crash the application process. This incident results in a denial of service, potentially leaving users unable to access their browsers or email clients. The affected versions include all Firefox versions prior to 131 and all Thunderbird versions prior to 128.3. Users are encouraged to upgrade to the latest versions to mitigate this risk.",Mozilla,"Firefox,Firefox Esr,Thunderbird",7.5,HIGH,0.0005600000149570405,false,,false,false,false,,,false,false,,2024-10-01T15:13:20.769Z,0
CVE-2024-9394,https://securityvulnerability.io/vulnerability/CVE-2024-9394,Mozilla Firefox Vulnerability Allows Cross-Origin JavaScript Execution,"A significant flaw has been identified in Mozilla Firefox and Thunderbird that allows an attacker to execute arbitrary JavaScript within the `resource://devtools` origin. Specifically, this vulnerability enables unauthorized access to cross-origin JSON content. On desktop clients, the Site Isolation feature restricts this access to 'same site' documents; however, on Android versions, attackers can achieve full cross-origin access, raising serious security concerns. Users are urged to update to the latest versions of Firefox and Thunderbird to mitigate associated risks.",Mozilla,"Firefox,Firefox Esr,Thunderbird",7.5,HIGH,0.000910000002477318,false,,false,false,false,,,false,false,,2024-10-01T15:13:19.407Z,0
CVE-2024-9393,https://securityvulnerability.io/vulnerability/CVE-2024-9393,Specially Crafted Multipart Response Could Allow Arbitrary JavaScript Execution in Firefox,"A vulnerability exists that enables an attacker to execute arbitrary JavaScript under the `resource://pdf.js` origin by sending a specially crafted multipart response. This could potentially lead to unauthorized access to cross-origin PDF content. While desktop clients limit access to 'same site' documents due to the Site Isolation feature, the risk is heightened on Android versions where full cross-origin access is possible. The vulnerability impacts various versions of Firefox and Thunderbird, making it critical for users running outdated software to take immediate action.",Mozilla,"Firefox,Firefox Esr,Thunderbird",7.5,HIGH,0.0008800000068731606,false,,false,false,false,,,false,false,,2024-10-01T15:13:19.123Z,0
CVE-2024-8900,https://securityvulnerability.io/vulnerability/CVE-2024-8900,Clipboard Data Manipulation in Firefox and Thunderbird,"A security vulnerability allows attackers to manipulate data on a user's clipboard by writing data without displaying a user prompt during a specific sequence of navigational actions. This affects certain versions of Firefox and Thunderbird, creating a potential risk for users unaware of the threat.",Mozilla,"Firefox,Firefox Esr,Thunderbird",7.5,HIGH,0.000539999979082495,false,,false,false,false,,,false,false,,2024-09-17T19:15:00.000Z,0
CVE-2024-8389,https://securityvulnerability.io/vulnerability/CVE-2024-8389,"Memory Safety Bugs Affect Firefox, Could Lead to Code Execution","Memory safety vulnerabilities in Firefox versions prior to 130 expose the browser to risks associated with memory corruption. These vulnerabilities could potentially allow an attacker to execute arbitrary code by exploiting memory management flaws. Users are urged to update their browsers to mitigate these risks, as the vulnerabilities have been addressed in the latest release.",Mozilla,Firefox,9.8,CRITICAL,0.000910000002477318,false,,false,false,false,,,false,false,,2024-09-03T12:32:20.303Z,0
CVE-2024-8387,https://securityvulnerability.io/vulnerability/CVE-2024-8387,Memory Safety Bugs Affect Firefox and Thunderbird,"Memory safety vulnerabilities have been identified in Mozilla Firefox versions 129 and ESR 128.1, as well as Thunderbird 128.1. These vulnerabilities may lead to memory corruption, creating a potential attack vector for arbitrary code execution. Users on affected versions should consider upgrading to Firefox 130, Firefox ESR 128.2, or Thunderbird 128.2 to mitigate the risk associated with these memory safety issues.",Mozilla,"Firefox,Firefox Esr,Thunderbird",9.8,CRITICAL,0.0006699999794363976,false,,false,false,false,,,false,false,,2024-09-03T12:32:19.490Z,0
CVE-2024-8385,https://securityvulnerability.io/vulnerability/CVE-2024-8385,Firefox Vulnerability Affects Users of < 130 and Firefox ESR < 128.2,"The reported vulnerability arises from inconsistencies in the management of StructFields and ArrayTypes within WebAssembly (WASM), leading to a type confusion scenario. This flaw may allow an attacker to execute arbitrary code or manipulate data structures, potentially compromising user data integrity and security. The affected versions of Firefox and Thunderbird are particularly vulnerable due to the inadequacies in the WASM handling process, necessitating prompt updates to mitigate risks associated with this issue.",Mozilla,"Firefox,Firefox Esr,Thunderbird",9.8,CRITICAL,0.0006799999973736703,false,,false,false,false,,,false,false,,2024-09-03T12:32:18.964Z,0
CVE-2024-8384,https://securityvulnerability.io/vulnerability/CVE-2024-8384,"Memory Corruption Vulnerability in Firefox (< 130, < 128.2, < 115.15)","The JavaScript garbage collector in affected versions of Firefox and Thunderbird exhibits a flaw that can lead to memory corruption under specific out-of-memory (OOM) conditions. When OOM scenarios are encountered during the garbage collection process, cross-compartment objects may be incorrectly colored, resulting in potentially unstable application behavior. This vulnerability targets users of Firefox and Thunderbird, necessitating urgent updates to mitigate the risk of exploitation.",Mozilla,"Firefox,Firefox Esr,Thunderbird",9.8,CRITICAL,0.001069999998435378,false,,false,false,false,,,false,false,,2024-09-03T12:32:18.656Z,0
CVE-2024-8383,https://securityvulnerability.io/vulnerability/CVE-2024-8383,Mozilla Fixes Vulnerability in Firefox Allowing Unscrupulous Websites to Launch Applications Without User Permission,"A vulnerability exists in Firefox due to improper input handling for Usenet-related schemes (news: and snews:). The browser fails to prompt users for confirmation before delegating the handling of unsupported schemes to the operating system. This can lead to potential exploitation where an untrusted application is activated without user consent, especially since many operating systems lack a pre-installed trusted newsreader. This issue poses significant risks as malicious websites could leverage this flaw to execute unauthorized programs, potentially compromising user security. Affected versions include Firefox versions before 130, Firefox ESR versions before 128.2, and Firefox ESR versions before 115.15.",Mozilla,"Firefox,Firefox Esr,Thunderbird",7.5,HIGH,0.000539999979082495,false,,false,false,false,,,false,false,,2024-09-03T12:32:18.363Z,0
CVE-2024-8382,https://securityvulnerability.io/vulnerability/CVE-2024-8382,Firefox Vulnerability Affects Internal Browser Event Interfaces,"A vulnerability exists in Mozilla's Firefox and Thunderbird products where internal browser event interfaces are exposed to web content due to privileged EventHandler listener callbacks. While web content cannot leverage these interfaces with elevated privileges, their exposure signals the usage of certain browser features, such as the Dev Tools console. This scenario can lead to information leakage and may indicate underlying security risks. Users of affected versions are encouraged to update to the latest releases to mitigate potential threats.",Mozilla,"Firefox,Firefox Esr,Thunderbird",8.8,HIGH,0.0007999999797903001,false,,false,false,false,,,false,false,,2024-09-03T12:32:18.066Z,0
CVE-2024-8381,https://securityvulnerability.io/vulnerability/CVE-2024-8381,Possible Type Confusion Vulnerability in Firefox,"A type confusion vulnerability has been identified in Firefox and Thunderbird that may be exploited when accessing a property name on an object within a `with` statement. This issue affects multiple versions of Firefox and Thunderbird, potentially leading to unexpected behavior or security flaws. Users of affected versions are urged to upgrade to the latest releases to mitigate any risks associated with this vulnerability.",Mozilla,"Firefox,Firefox Esr,Thunderbird",9.8,CRITICAL,0.0010900000343099236,false,,false,false,true,2025-01-30T20:31:51.000Z,true,false,false,,2024-09-03T12:32:17.682Z,601
CVE-2024-7530,https://securityvulnerability.io/vulnerability/CVE-2024-7530,Use-After-Free Vulnerability in Firefox Prior to Version 129,"A vulnerability in Mozilla Firefox has surfaced due to an improper interaction in garbage collection, potentially allowing a use-after-free condition. This flaw affects all versions of Firefox prior to 129, creating a risk for users regarding memory safety and application stability. It is crucial for users to take measures to update their browsers to prevent exploitation of this vulnerability.",Mozilla,Firefox,8.8,HIGH,0.000910000002477318,false,,false,false,false,,,false,false,,2024-08-06T12:38:16.077Z,0
CVE-2024-7523,https://securityvulnerability.io/vulnerability/CVE-2024-7523,Mozilla Fixes Partial Obscuration of Security Prompts Vulnerability in Firefox,"A vulnerability in Firefox for Android allows a malicious website to partially obscure security prompts, potentially tricking users into unintentionally granting permissions. This issue specifically impacts versions of Firefox below 129, compromising user security and privacy by enabling attackers to manipulate how permissions are presented to users.",Mozilla,Firefox,8.1,HIGH,0.000910000002477318,false,,false,false,false,,,false,false,,2024-08-06T12:38:15.776Z,0
CVE-2024-7528,https://securityvulnerability.io/vulnerability/CVE-2024-7528,Mozilla Firefox Vulnerability Could Lead to Use-After-Free Security Risk,"A vulnerability in Mozilla's Firefox and Thunderbird arises from improper garbage collection interactions with IndexedDB, leading to potential use-after-free scenarios. This flaw primarily affects previous versions of Firefox and Thunderbird, specifically versions below 129 for Firefox, below 128.1 for Firefox ESR, and below 128.1 for Thunderbird. Exploitation of this vulnerability could allow an attacker to execute arbitrary code, highlighting the importance of updating to the latest version to mitigate potential risks.",Mozilla,"Firefox,Firefox Esr,Thunderbird",8.8,HIGH,0.0006799999973736703,false,,false,false,false,,,false,false,,2024-08-06T12:38:14.946Z,0
CVE-2024-7527,https://securityvulnerability.io/vulnerability/CVE-2024-7527,"Possible Use-After-Free Vulnerability Affecting Firefox < 129, Firefox ESR < 115.14, and Firefox ESR < 128.1","A vulnerability identified in Firefox and Thunderbird arises from unexpected marking actions at the beginning of a sweeping process, which may lead to a use-after-free condition. This flaw could potentially be exploited to manipulate memory, leading to unpredictable behavior or crashes. Users of affected versions of both Firefox and Thunderbird are advised to apply available security updates to mitigate this risk.",Mozilla,"Firefox,Firefox Esr",8.8,HIGH,0.0008399999933317304,false,,false,false,false,,,false,false,,2024-08-06T12:38:14.698Z,0
CVE-2024-7525,https://securityvulnerability.io/vulnerability/CVE-2024-7525,Firefox Vulnerability Allows Minimal Priviledged Extension to Modify Request Bodies,"A vulnerability exists in certain versions of Firefox and Thunderbird where a web extension could utilize minimal permissions to establish a StreamFilter. This could potentially allow unauthorized access to manipulate and read the response body of HTTP requests across any visited site. The affected versions include Firefox prior to version 129, as well as specific releases of Firefox ESR and Thunderbird. Organizations using these versions are advised to review security measures and consider updates to mitigate potential risks.",Mozilla,"Firefox,Firefox Esr",8.1,HIGH,0.0007099999929778278,false,,false,false,false,,,false,false,,2024-08-06T12:38:14.195Z,0