Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
firefox_esr vulnerabilities and exploits
(subscribe to this query)
6.6
CVSSv2
CVE-2015-4505
updater.exe in Mozilla Firefox prior to 41.0 and Firefox ESR 38.x prior to 38.3 on Windows allows local users to write to arbitrary files by conducting a junction attack and waiting for an update operation by the Mozilla Maintenance Service.
Mozilla Firefox Esr 38.0.1
Mozilla Firefox Esr 38.0.5
Mozilla Firefox Esr 38.1.0
Mozilla Firefox Esr 38.0
Mozilla Firefox Esr 38.1.1
Mozilla Firefox Esr 38.2.0
Mozilla Firefox Esr 38.2.1
Mozilla Firefox
7.5
CVSSv2
CVE-2015-7178
The ProgramBinary::linkAttributes function in libGLES in ANGLE, as used in Mozilla Firefox prior to 41.0 and Firefox ESR 38.x prior to 38.3 on Windows, mishandles shader access, which allows remote malicious users to execute arbitrary code or cause a denial of service (memory cor...
Mozilla Firefox Esr 38.0.1
Mozilla Firefox Esr 38.0
Mozilla Firefox Esr 38.2.0
Mozilla Firefox Esr 38.1.1
Mozilla Firefox Esr 38.1.0
Mozilla Firefox Esr 38.0.5
Mozilla Firefox Esr 38.2.1
Mozilla Firefox
7.5
CVSSv2
CVE-2015-7179
The VertexBufferInterface::reserveVertexSpace function in libGLES in ANGLE, as used in Mozilla Firefox prior to 41.0 and Firefox ESR 38.x prior to 38.3 on Windows, incorrectly allocates memory for shader attribute arrays, which allows remote malicious users to execute arbitrary c...
Mozilla Firefox
Mozilla Firefox Esr 38.1.1
Mozilla Firefox Esr 38.2.0
Mozilla Firefox Esr 38.0.5
Mozilla Firefox Esr 38.1.0
Mozilla Firefox Esr 38.2.1
Mozilla Firefox Esr 38.0
Mozilla Firefox Esr 38.0.1
2.1
CVSSv2
CVE-2014-1595
Mozilla Firefox prior to 34.0, Firefox ESR 31.x prior to 31.3, and Thunderbird prior to 31.3 on Apple OS X 10.10 omit a CoreGraphics disable-logging action that is needed by jemalloc-based applications, which allows local users to obtain sensitive information by reading /tmp file...
Mozilla Firefox Esr 31.2
Mozilla Firefox Esr 31.1.1
Mozilla Firefox Esr 31.1.0
Mozilla Firefox Esr 31.0
Mozilla Thunderbird
Mozilla Firefox
10
CVSSv2
CVE-2014-1551
Use-after-free vulnerability in the FontTableRec destructor in Mozilla Firefox prior to 31.0, Firefox ESR 24.x prior to 24.7, and Thunderbird prior to 24.7 on Windows allows remote malicious users to execute arbitrary code via crafted use of fonts in MathML content, leading to im...
Mozilla Firefox Esr 24.6
Mozilla Thunderbird 24.2
Mozilla Thunderbird 24.3
Mozilla Firefox Esr 24.2
Mozilla Firefox Esr 24.3
Mozilla Thunderbird 24.0
Mozilla Thunderbird 24.0.1
Mozilla Firefox Esr 24.0.1
Mozilla Firefox Esr 24.0.2
Mozilla Firefox
Mozilla Thunderbird
Mozilla Thunderbird 24.5
Mozilla Thunderbird 24.4
Mozilla Firefox Esr 24.0
Mozilla Firefox Esr 24.4
Mozilla Firefox Esr 24.5
Mozilla Thunderbird 24.1
Mozilla Thunderbird 24.1.1
Mozilla Firefox Esr 24.1.0
Mozilla Firefox Esr 24.1.1
6.8
CVSSv2
CVE-2016-1950
Heap-based buffer overflow in Mozilla Network Security Services (NSS) prior to 3.19.2.3 and 3.20.x and 3.21.x prior to 3.21.1, as used in Mozilla Firefox prior to 45.0 and Firefox ESR 38.x prior to 38.7, allows remote malicious users to execute arbitrary code via crafted ASN.1 da...
Mozilla Network Security Services 3.21
Mozilla Network Security Services 3.19.2
Mozilla Network Security Services 3.20
Mozilla Network Security Services 3.20.1
Mozilla Firefox
Mozilla Firefox Esr 38.6.1
Mozilla Firefox Esr 38.1.1
Mozilla Firefox Esr 38.1.0
Mozilla Firefox Esr 38.2.1
Mozilla Firefox Esr 38.2.0
Mozilla Firefox Esr 38.6.0
Mozilla Firefox Esr 38.5.1
Mozilla Firefox Esr 38.0.5
Mozilla Firefox Esr 38.0.1
Mozilla Firefox Esr 38.5.0
Mozilla Firefox Esr 38.4.0
Mozilla Firefox Esr 38.3.0
Mozilla Firefox Esr 38.0
Oracle Linux 5.0
Oracle Vm Server 3.2
Oracle Linux 7
Oracle Linux 6
3.3
CVSSv2
CVE-2015-4481
Race condition in the Mozilla Maintenance Service in Mozilla Firefox prior to 40.0 and Firefox ESR 38.x prior to 38.2 on Windows allows local users to write to arbitrary files and consequently gain privileges via vectors involving a hard link to a log file during an update.
Mozilla Firefox
Mozilla Firefox Esr 38.0
Mozilla Firefox Esr 38.0.1
Mozilla Firefox Esr 38.0.5
Mozilla Firefox Esr 38.1.0
Opensuse Opensuse 13.1
Opensuse Opensuse 13.2
Oracle Solaris 11.3
1 EDB exploit
7.2
CVSSv2
CVE-2016-2826
The maintenance service in Mozilla Firefox prior to 47.0 and Firefox ESR 45.x prior to 45.2 on Windows does not prevent MAR extracted-file modification during updater execution, which might allow local users to gain privileges via a Trojan horse file.
Mozilla Firefox Esr 45.1.1
Mozilla Firefox Esr 45.1.0
Mozilla Firefox
4.3
CVSSv2
CVE-2020-15649
Given an installed malicious file picker application, an attacker was able to steal and upload local files of their choosing, regardless of the actually files picked. *Note: This issue only affected Firefox for Android. Other operating systems are unaffected.*. This vulnerability...
Mozilla Firefox Esr
4.3
CVSSv2
CVE-2020-15650
Given an installed malicious file picker application, an attacker was able to overwrite local files and thus overwrite Firefox settings (but not access the previous profile). *Note: This issue only affected Firefox for Android. Other operating systems are unaffected.*. This vulne...
Mozilla Firefox Esr
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2021-35000
CVE-2024-4439
unauthorized
CVE-2024-0042
CVE-2024-31848
CVE-2023-40694
cache poisoning
CVE-2024-23707
firmware
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »