Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
firefox esr vulnerabilities and exploits
(subscribe to this query)
5.5
CVSSv3
CVE-2017-7767
The Mozilla Maintenance Service can be invoked by an unprivileged user to overwrite arbitrary files with junk data using the Mozilla Windows Updater, which runs with the Maintenance Service's privileged access. Note: This attack requires local system access and only affects ...
Mozilla Firefox
Mozilla Firefox Esr
5.5
CVSSv3
CVE-2017-7768
The Mozilla Maintenance Service can be invoked by an unprivileged user to read 32 bytes of any arbitrary file on the local system by convincing the service that it is reading a status file provided by the Mozilla Windows Updater. The Mozilla Maintenance Service executes with priv...
Mozilla Firefox
Mozilla Firefox Esr
10
CVSSv3
CVE-2020-12389
The Firefox content processes did not sufficiently lockdown access control which could result in a sandbox escape. *Note: this issue only affects Firefox on Windows operating systems.*. This vulnerability affects Firefox ESR < 68.8 and Firefox < 76.
Mozilla Firefox
Mozilla Firefox Esr
NA
CVE-2011-3062
Off-by-one error in the OpenType Sanitizer in Google Chrome prior to 18.0.1025.142 allows remote malicious users to cause a denial of service or possibly have unspecified other impact via a crafted OpenType file.
Google Chrome
Mozilla Firefox Esr
Mozilla Thunderbird
Mozilla Thunderbird Esr
Mozilla Firefox
Mozilla Seamonkey
5.3
CVSSv3
CVE-2017-5462
A flaw in DRBG number generation within the Network Security Services (NSS) library where the internal state V does not correctly carry bits over. The NSS library has been updated to fix this issue to address this issue and Firefox ESR 52.1 has been updated with NSS version 3.28....
Debian Debian Linux 8.0
Mozilla Thunderbird
Mozilla Firefox
Mozilla Firefox Esr
Mozilla Firefox Esr 52.0
Mozilla Network Security Services
8.8
CVSSv3
CVE-2016-2824
The TSymbolTableLevel class in ANGLE, as used in Mozilla Firefox prior to 47.0 and Firefox ESR 45.x prior to 45.2 on Windows, allows remote malicious users to cause a denial of service (out-of-bounds write and application crash) or possibly have unspecified other impact by trigge...
Mozilla Firefox Esr 45.1.0
Mozilla Firefox Esr 45.1.1
Opensuse Leap 42.1
Opensuse Opensuse 13.1
Opensuse Opensuse 13.2
Mozilla Firefox
NA
CVE-2013-1726
Mozilla Updater in Mozilla Firefox prior to 24.0, Firefox ESR 17.x prior to 17.0.9, Thunderbird prior to 24.0, Thunderbird ESR 17.x prior to 17.0.9, and SeaMonkey prior to 2.21 does not ensure exclusive access to a MAR file, which allows local users to gain privileges by creating...
Mozilla Thunderbird Esr 17.0.8
Mozilla Thunderbird Esr 17.0.1
Mozilla Thunderbird Esr 17.0.2
Mozilla Thunderbird Esr 17.0.3
Mozilla Thunderbird Esr 17.0.7
Mozilla Thunderbird Esr 17.0.5
Mozilla Thunderbird Esr 17.0.6
Mozilla Thunderbird Esr 17.0.4
Mozilla Thunderbird Esr 17.0
Mozilla Thunderbird 17.0.7
Mozilla Thunderbird
Mozilla Thunderbird 17.0.3
Mozilla Thunderbird 17.0.1
Mozilla Thunderbird 17.0.4
Mozilla Thunderbird 17.0
Mozilla Thunderbird 17.0.2
Mozilla Thunderbird 17.0.8
Mozilla Thunderbird 17.0.6
Mozilla Thunderbird 17.0.5
Mozilla Firefox 19.0
Mozilla Firefox 19.0.2
Mozilla Firefox 20.0.1
8.8
CVSSv3
CVE-2020-35113
Mozilla developers reported memory safety bugs present in Firefox 83 and Firefox ESR 78.5. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Fire...
Mozilla Firefox Esr
Mozilla Thunderbird
Mozilla Firefox
8.8
CVSSv3
CVE-2022-28281
If a compromised content process sent an unexpected number of WebAuthN Extensions in a Register command to the parent process, an out of bounds write would have occurred leading to memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird < ...
Mozilla Firefox Esr
Mozilla Thunderbird
Mozilla Firefox
1 Github repository
1 Article
6.5
CVSSv3
CVE-2022-28282
By using a link with <code>rel="localization"</code> a use-after-free could have been triggered by destroying an object during JavaScript execution and then referencing the object through a freed pointer, leading to a potential exploitable crash. This vulner...
Mozilla Firefox Esr
Mozilla Thunderbird
Mozilla Firefox
1 Github repository
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
type confusion
IMAP
CVE-2024-36103
CVE-2024-28995
CVE-2024-37325
CVE-2024-30078
CVE-2024-30082
SQL injection
CVE-2024-30052
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
5
6
7
8
9
10
NEXT »