Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
firefox esr vulnerabilities and exploits
(subscribe to this query)
9.6
CVSSv3
CVE-2022-26384
If an attacker could control the contents of an iframe sandboxed with <code>allow-popups</code> but not <code>allow-scripts</code>, they were able to craft a link that, when clicked, would lead to JavaScript execution in violation of the sandbox. This vuln...
Mozilla Firefox
Mozilla Firefox Esr
Mozilla Thunderbird
9.6
CVSSv3
CVE-2022-0097
Inappropriate implementation in DevTools in Google Chrome before 97.0.4692.71 allowed an attacker who convinced a user to install a malicious extension to to potentially allow extension to escape the sandbox via a crafted HTML page.
Google Chrome
Fedoraproject Fedora 34
Fedoraproject Fedora 35
Fedoraproject Fedora 36
9.6
CVSSv3
CVE-2021-38013
Heap buffer overflow in fingerprint recognition in Google Chrome on ChromeOS before 96.0.4664.45 allowed a remote attacker who had compromised a WebUI renderer process to potentially perform a sandbox escape via a crafted HTML page.
Google Chrome
Fedoraproject Fedora 34
Debian Debian Linux 10.0
Debian Debian Linux 11.0
9.6
CVSSv3
CVE-2021-38002
Use after free in Web Transport in Google Chrome before 95.0.4638.69 allowed a remote malicious user to potentially perform a sandbox escape via a crafted HTML page.
Google Chrome
Fedoraproject Fedora 34
Debian Debian Linux 10.0
Debian Debian Linux 11.0
9.6
CVSSv3
CVE-2021-37981
Heap buffer overflow in Skia in Google Chrome before 95.0.4638.54 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.
Google Chrome
Debian Debian Linux 10.0
Debian Debian Linux 11.0
9.6
CVSSv3
CVE-2021-37973
Use after free in Portals in Google Chrome before 94.0.4606.61 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.
Google Chrome
Fedoraproject Fedora 33
Fedoraproject Fedora 35
Debian Debian Linux 10.0
Debian Debian Linux 11.0
1 Github repository
1 Article
9.3
CVSSv3
CVE-2019-9812
Given a compromised sandboxed content process due to a separate vulnerability, it is possible to escape that sandbox by loading accounts.firefox.com in that process and forcing a log-in to a malicious Firefox Sync account. Preference settings that disable the sandbox are then syn...
Mozilla Firefox
Mozilla Firefox Esr
9.1
CVSSv3
CVE-2020-12403
A flaw was found in the way CHACHA20-POLY1305 was implemented in NSS in versions prior to 3.55. When using multi-part Chacha20, it could cause out-of-bounds reads. This issue was fixed by explicitly disabling multi-part ChaCha20 (which was not functioning correctly) and strictly ...
Mozilla Nss
2 Github repositories
9.1
CVSSv3
CVE-2017-7774
Out-of-bounds read in Graphite2 Library in Firefox prior to 54 in graphite2::Silf::readGraphite function.
Mozilla Firefox
Sil Graphite2
9.1
CVSSv3
CVE-2014-1508
The libxul.so!gfxContext::Polygon function in Mozilla Firefox prior to 28.0, Firefox ESR 24.x prior to 24.4, Thunderbird prior to 24.4, and SeaMonkey prior to 2.25 allows remote malicious users to obtain sensitive information from process memory, cause a denial of service (out-of...
Mozilla Firefox
Mozilla Firefox Esr
Mozilla Seamonkey
Mozilla Thunderbird
Redhat Enterprise Linux Desktop 5.0
Redhat Enterprise Linux Desktop 6.0
Redhat Enterprise Linux Eus 6.5
Redhat Enterprise Linux Server 5.0
Redhat Enterprise Linux Server 6.0
Redhat Enterprise Linux Server Aus 6.5
Redhat Enterprise Linux Server Eus 6.5
Redhat Enterprise Linux Server Tus 6.5
Redhat Enterprise Linux Workstation 5.0
Redhat Enterprise Linux Workstation 6.0
Debian Debian Linux 7.0
Debian Debian Linux 8.0
Canonical Ubuntu Linux 12.04
Canonical Ubuntu Linux 12.10
Canonical Ubuntu Linux 13.10
Suse Suse Linux Enterprise Software Development Kit 11.0
Opensuse Opensuse 11.4
Opensuse Opensuse 12.3
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-7028
memory leak
log injection
CVE-2024-3400
CVE-2022-48695
CVE-2022-48675
CVE-2024-34487
CVE-2024-33792
spoof
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
3
4
5
6
7
8
9
10
NEXT »