Filtered by vendor Mozilla
Subscriptions
Filtered by product Firefox Esr
Subscriptions
Total
679 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-4716 | 1 Mozilla | 2 Firefox, Firefox Esr | 2026-04-14 | 9.1 Critical |
| Incorrect boundary conditions, uninitialized memory in the JavaScript Engine component. This vulnerability was fixed in Firefox 149, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9. | ||||
| CVE-2026-4717 | 1 Mozilla | 2 Firefox, Firefox Esr | 2026-04-14 | 9.8 Critical |
| Privilege escalation in the Netmonitor component. This vulnerability was fixed in Firefox 149, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9. | ||||
| CVE-2026-4718 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2026-04-14 | 8.1 High |
| Undefined behavior in the WebRTC: Signaling component. This vulnerability was fixed in Firefox 149, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9. | ||||
| CVE-2026-4719 | 1 Mozilla | 2 Firefox, Firefox Esr | 2026-04-14 | 7.5 High |
| Incorrect boundary conditions in the Graphics: Text component. This vulnerability was fixed in Firefox 149, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9. | ||||
| CVE-2026-4720 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2026-04-14 | 9.8 Critical |
| Memory safety bugs present in Firefox ESR 140.8, Thunderbird ESR 140.8, Firefox 148 and Thunderbird 148. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 149, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9. | ||||
| CVE-2026-4721 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2026-04-14 | 9.8 Critical |
| Memory safety bugs present in Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird ESR 140.8, Firefox 148 and Thunderbird 148. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 149, Firefox ESR 115.34, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9. | ||||
| CVE-2026-5732 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2026-04-14 | 8.8 High |
| Incorrect boundary conditions, integer overflow in the Graphics: Text component. This vulnerability was fixed in Firefox 149.0.2, Firefox ESR 140.9.1, Thunderbird 149.0.2, and Thunderbird 140.9.1. | ||||
| CVE-2026-5734 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2026-04-14 | 8.1 High |
| Memory safety bugs present in Firefox ESR 140.9.0, Thunderbird ESR 140.9.0, Firefox 149.0.1 and Thunderbird 149.0.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 149.0.2, Firefox ESR 140.9.1, Thunderbird 149.0.2, and Thunderbird 140.9.1. | ||||
| CVE-2026-2777 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2026-04-13 | 9.8 Critical |
| Privilege escalation in the Messaging System component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8. | ||||
| CVE-2026-2772 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2026-04-13 | 8.8 High |
| Use-after-free in the Audio/Video: Playback component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8. | ||||
| CVE-2025-9185 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2026-04-13 | 8.1 High |
| Memory safety bugs present in Firefox ESR 115.26, Firefox ESR 128.13, Thunderbird ESR 128.13, Firefox ESR 140.1, Thunderbird ESR 140.1, Firefox 141 and Thunderbird 141. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 142, Firefox ESR 115.27, Firefox ESR 128.14, Firefox ESR 140.2, Thunderbird 142, Thunderbird 128.14, and Thunderbird 140.2. | ||||
| CVE-2025-9184 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2026-04-13 | 8.1 High |
| Memory safety bugs present in Firefox ESR 140.1, Thunderbird ESR 140.1, Firefox 141 and Thunderbird 141. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 142, Firefox ESR 140.2, Thunderbird 142, and Thunderbird 140.2. | ||||
| CVE-2025-9183 | 1 Mozilla | 2 Firefox, Firefox Esr | 2026-04-13 | 6.5 Medium |
| Spoofing issue in the Address Bar component. This vulnerability was fixed in Firefox 142 and Firefox ESR 140.2. | ||||
| CVE-2025-9182 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2026-04-13 | 7.5 High |
| Denial-of-service due to out-of-memory in the Graphics: WebRender component. This vulnerability was fixed in Firefox 142, Firefox ESR 140.2, Thunderbird 142, and Thunderbird 140.2. | ||||
| CVE-2025-9181 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2026-04-13 | 6.5 Medium |
| Uninitialized memory in the JavaScript Engine component. This vulnerability was fixed in Firefox 142, Firefox ESR 128.14, Firefox ESR 140.2, Thunderbird 142, Thunderbird 128.14, and Thunderbird 140.2. | ||||
| CVE-2025-9180 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2026-04-13 | 8.1 High |
| Same-origin policy bypass in the Graphics: Canvas2D component. This vulnerability was fixed in Firefox 142, Firefox ESR 115.27, Firefox ESR 128.14, Firefox ESR 140.2, Thunderbird 142, Thunderbird 128.14, and Thunderbird 140.2. | ||||
| CVE-2025-9179 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2026-04-13 | 9.8 Critical |
| An attacker was able to perform memory corruption in the GMP process which processes encrypted media. This process is also heavily sandboxed, but represents slightly different privileges from the content process. This vulnerability was fixed in Firefox 142, Firefox ESR 115.27, Firefox ESR 128.14, Firefox ESR 140.2, Thunderbird 142, Thunderbird 128.14, and Thunderbird 140.2. | ||||
| CVE-2025-8040 | 1 Mozilla | 4 Firefox, Firefox Esr, Thunderbird and 1 more | 2026-04-13 | 8.8 High |
| Memory safety bugs present in Firefox ESR 140.0, Thunderbird ESR 140.0, Firefox 140 and Thunderbird 140. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 141, Firefox ESR 140.1, Thunderbird 141, and Thunderbird 140.1. | ||||
| CVE-2025-8039 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2026-04-13 | 8.1 High |
| In some cases search terms persisted in the URL bar even after navigating away from the search page. This vulnerability was fixed in Firefox 141, Firefox ESR 140.1, Thunderbird 141, and Thunderbird 140.1. | ||||
| CVE-2025-8038 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2026-04-13 | 9.8 Critical |
| Thunderbird ignored paths when checking the validity of navigations in a frame. This vulnerability was fixed in Firefox 141, Firefox ESR 140.1, Thunderbird 141, and Thunderbird 140.1. | ||||