Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
mozilla firefox esr vulnerabilities and exploits
(subscribe to this query)
6.5
CVSSv3
CVE-2019-11748
WebRTC in Firefox will honor persisted permissions given to sites for access to microphone and camera resources even when in a third-party context. In light of recent high profile vulnerabilities in other software, a decision was made to no longer persist these permissions. This ...
Mozilla Firefox
Mozilla Firefox Esr
4.3
CVSSv3
CVE-2019-11749
A vulnerability exists in WebRTC where malicious web content can use probing techniques on the getUserMedia API using constraints to reveal device properties of cameras on the system without triggering a user prompt or notification. This allows for the potential fingerprinting of...
Mozilla Firefox Esr
Mozilla Firefox
6.5
CVSSv3
CVE-2019-11750
A type confusion vulnerability exists in Spidermonkey, which results in a non-exploitable crash. This vulnerability affects Firefox < 69 and Firefox ESR < 68.1.
Mozilla Firefox
Mozilla Firefox Esr
9.3
CVSSv3
CVE-2019-9812
Given a compromised sandboxed content process due to a separate vulnerability, it is possible to escape that sandbox by loading accounts.firefox.com in that process and forcing a log-in to a malicious Firefox Sync account. Preference settings that disable the sandbox are then syn...
Mozilla Firefox
Mozilla Firefox Esr
5.3
CVSSv3
CVE-2021-29955
A transient execution vulnerability, named Floating Point Value Injection (FPVI) allowed an malicious user to leak arbitrary memory addresses and may have also enabled JIT type confusion attacks. (A related vulnerability, Speculative Code Store Bypass (SCSB), did not affect Firef...
Mozilla Firefox
Mozilla Firefox Esr
NA
CVE-2015-4475
The mozilla::AudioSink function in Mozilla Firefox prior to 40.0 and Firefox ESR 38.x prior to 38.2 mishandles inconsistent sample formats within MP3 audio data, which allows remote malicious users to execute arbitrary code or cause a denial of service (out-of-bounds read) via a ...
Mozilla Firefox Esr 38.0.1
Mozilla Firefox Esr 38.0.5
Mozilla Firefox Esr 38.1.0
Mozilla Firefox
Mozilla Firefox Esr 38.0
Canonical Ubuntu Linux 15.04
Opensuse Opensuse 13.1
Opensuse Opensuse 13.2
Canonical Ubuntu Linux 12.04
Canonical Ubuntu Linux 14.04
5.3
CVSSv3
CVE-2017-5462
A flaw in DRBG number generation within the Network Security Services (NSS) library where the internal state V does not correctly carry bits over. The NSS library has been updated to fix this issue to address this issue and Firefox ESR 52.1 has been updated with NSS version 3.28....
Debian Debian Linux 8.0
Mozilla Firefox Esr
Mozilla Thunderbird
Mozilla Firefox
Mozilla Network Security Services
Mozilla Firefox Esr 52.0
NA
CVE-2015-4488
Use-after-free vulnerability in the StyleAnimationValue class in Mozilla Firefox prior to 40.0, Firefox ESR 38.x prior to 38.2, and Firefox OS prior to 2.2 allows remote malicious users to have an unspecified impact by leveraging a StyleAnimationValue::operator self assignment.
Oracle Solaris 11.3
Opensuse Opensuse 13.1
Opensuse Opensuse 13.2
Canonical Ubuntu Linux 15.04
Canonical Ubuntu Linux 12.04
Canonical Ubuntu Linux 14.04
Mozilla Firefox Esr 38.1.0
Mozilla Firefox Os 2.1.0
Mozilla Firefox Esr 38.0.1
Mozilla Firefox Esr 38.0.5
Mozilla Firefox Esr 38.0
Mozilla Firefox
8.8
CVSSv3
CVE-2022-26485
Removing an XSLT parameter during processing could have lead to an exploitable use-after-free. We have had reports of attacks in the wild abusing this flaw. This vulnerability affects Firefox < 97.0.2, Firefox ESR < 91.6.1, Firefox for Android < 97.3.0, Thunderbird < ...
Mozilla Firefox Focus
Mozilla Firefox
Mozilla Firefox Esr
Mozilla Thunderbird
1 Github repository
9.6
CVSSv3
CVE-2022-26486
An unexpected message in the WebGPU IPC framework could lead to a use-after-free and exploitable sandbox escape. We have had reports of attacks in the wild abusing this flaw. This vulnerability affects Firefox < 97.0.2, Firefox ESR < 91.6.1, Firefox for Android < 97.3.0,...
Mozilla Firefox Focus
Mozilla Firefox
Mozilla Firefox Esr
Mozilla Thunderbird
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
privilege escalation
CVE-2024-20696
CVE-2024-29829
CVE-2024-33999
CVE-2024-35646
physical
CVE-2024-24919
CVE-2024-31030
local users
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
2
3
4
5
6
7
8
9
10
NEXT »