Filtered by vendor Mozilla
Subscriptions
Filtered by product Thunderbird
Subscriptions
Total
1737 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-6785 | 1 Mozilla | 2 Firefox, Thunderbird | 2026-05-27 | 7.5 High |
| Memory safety bugs present in Firefox ESR 115.34, Firefox ESR 140.9, Thunderbird ESR 140.9, Firefox 149 and Thunderbird 149. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 150, Firefox ESR 115.35, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10. | ||||
| CVE-2015-4000 | 13 Apple, Canonical, Debian and 10 more | 31 Iphone Os, Mac Os X, Safari and 28 more | 2026-05-27 | 3.7 Low |
| The TLS protocol 1.2 and earlier, when a DHE_EXPORT ciphersuite is enabled on a server but not on a client, does not properly convey a DHE_EXPORT choice, which allows man-in-the-middle attackers to conduct cipher-downgrade attacks by rewriting a ClientHello with DHE replaced by DHE_EXPORT and then rewriting a ServerHello with DHE_EXPORT replaced by DHE, aka the "Logjam" issue. | ||||
| CVE-2026-5731 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2026-05-26 | 9.8 Critical |
| Memory safety bugs present in Firefox ESR 115.34.0, Firefox ESR 140.9.0, Thunderbird ESR 140.9.0, Firefox 149.0.1 and Thunderbird 149.0.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 149.0.2, Firefox ESR 115.34.1, Firefox ESR 140.9.1, Thunderbird 149.0.2, and Thunderbird 140.9.1. | ||||
| CVE-2026-8973 | 1 Mozilla | 2 Firefox, Thunderbird | 2026-05-26 | 8.8 High |
| Memory safety bugs present in Firefox 150. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 151 and Thunderbird 151. | ||||
| CVE-2026-8975 | 1 Mozilla | 2 Firefox, Thunderbird | 2026-05-26 | 8.8 High |
| Memory safety bugs present in Firefox ESR 115.35, Firefox ESR 140.10 and Firefox 150. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 151, Firefox ESR 115.36, Firefox ESR 140.11, Thunderbird 151, and Thunderbird 140.11. | ||||
| CVE-2026-8974 | 1 Mozilla | 2 Firefox, Thunderbird | 2026-05-26 | 8.8 High |
| Memory safety bugs present in Firefox ESR 140.10 and Firefox 150. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 151, Firefox ESR 140.11, Thunderbird 151, and Thunderbird 140.11. | ||||
| CVE-2013-2566 | 4 Canonical, Fujitsu, Mozilla and 1 more | 24 Ubuntu Linux, M10-1, M10-1 Firmware and 21 more | 2026-05-22 | 5.9 Medium |
| The RC4 algorithm, as used in the TLS protocol and SSL protocol, has many single-byte biases, which makes it easier for remote attackers to conduct plaintext-recovery attacks via statistical analysis of ciphertext in a large number of sessions that use the same plaintext. | ||||
| CVE-2026-8961 | 1 Mozilla | 2 Firefox, Thunderbird | 2026-05-20 | 6.5 Medium |
| Spoofing issue in the Form Autofill component. This vulnerability was fixed in Firefox 151, Firefox ESR 140.11, Thunderbird 151, and Thunderbird 140.11. | ||||
| CVE-2026-8962 | 1 Mozilla | 2 Firefox, Thunderbird | 2026-05-20 | 8.1 High |
| Mitigation bypass in the DOM: Security component. This vulnerability was fixed in Firefox 151, Firefox ESR 140.11, Thunderbird 151, and Thunderbird 140.11. | ||||
| CVE-2026-8955 | 1 Mozilla | 2 Firefox, Thunderbird | 2026-05-20 | 8.8 High |
| Privilege escalation in the DOM: Workers component. This vulnerability was fixed in Firefox 151, Firefox ESR 140.11, Thunderbird 151, and Thunderbird 140.11. | ||||
| CVE-2026-8957 | 1 Mozilla | 2 Firefox, Thunderbird | 2026-05-20 | 8.8 High |
| Privilege escalation in the Enterprise Policies component. This vulnerability was fixed in Firefox 151, Firefox ESR 140.11, Thunderbird 151, and Thunderbird 140.11. | ||||
| CVE-2026-8967 | 1 Mozilla | 2 Firefox, Thunderbird | 2026-05-20 | 7.5 High |
| Information disclosure in the Graphics: WebGPU component. This vulnerability was fixed in Firefox 151 and Thunderbird 151. | ||||
| CVE-2026-8965 | 1 Mozilla | 2 Firefox, Thunderbird | 2026-05-20 | 7.5 High |
| Information disclosure in the DOM: Security component. This vulnerability was fixed in Firefox 151 and Thunderbird 151. | ||||
| CVE-2026-8966 | 1 Mozilla | 2 Firefox, Thunderbird | 2026-05-20 | 7.5 High |
| Information disclosure in the IP Protection component. This vulnerability was fixed in Firefox 151 and Thunderbird 151. | ||||
| CVE-2026-8970 | 1 Mozilla | 2 Firefox, Thunderbird | 2026-05-20 | 8.8 High |
| Privilege escalation in the Security component. This vulnerability was fixed in Firefox 151, Firefox ESR 140.11, Thunderbird 151, and Thunderbird 140.11. | ||||
| CVE-2026-8958 | 1 Mozilla | 2 Firefox, Thunderbird | 2026-05-20 | 8.6 High |
| Information disclosure, sandbox escape in the Security: Process Sandboxing component. This vulnerability was fixed in Firefox 151, Firefox ESR 140.11, Thunderbird 151, and Thunderbird 140.11. | ||||
| CVE-2026-8950 | 1 Mozilla | 2 Firefox, Thunderbird | 2026-05-20 | 9.3 Critical |
| Same-origin policy bypass in the Networking: HTTP component. This vulnerability was fixed in Firefox 151, Firefox ESR 140.11, Thunderbird 151, and Thunderbird 140.11. | ||||
| CVE-2026-8963 | 1 Mozilla | 2 Firefox, Thunderbird | 2026-05-20 | 7.5 High |
| Spoofing issue in the Web Speech component. This vulnerability was fixed in Firefox 151 and Thunderbird 151. | ||||
| CVE-2026-8964 | 1 Mozilla | 2 Firefox, Thunderbird | 2026-05-20 | 7.5 High |
| Spoofing issue in the Popup Blocker component. This vulnerability was fixed in Firefox 151 and Thunderbird 151. | ||||
| CVE-2026-8968 | 1 Mozilla | 2 Firefox, Thunderbird | 2026-05-20 | 7.5 High |
| Denial-of-service due to invalid pointer in the Audio/Video: Web Codecs component. This vulnerability was fixed in Firefox 151, Firefox ESR 140.11, Thunderbird 151, and Thunderbird 140.11. | ||||