This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Mozilla First view 2012-05-01
Product Firefox Last view 2025-02-04
Version 19.0.2 Type Application
Update *  
Edition *  
Language *  
Sofware Edition *  
Target Software *  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:a:mozilla:firefox

Activity : Overall

Related : CVE

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
  Date Alert Description
9.8 2025-02-04 CVE-2025-1020

Memory safety bugs present in Firefox 134 and Thunderbird 134. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 135 and Thunderbird < 135.
4.3 2025-02-04 CVE-2025-1019

The z-order of the browser windows could be manipulated to hide the fullscreen notification. This could potentially be leveraged to perform a spoofing attack. This vulnerability affects Firefox < 135 and Thunderbird < 135.
5.3 2025-02-04 CVE-2025-1018

The fullscreen notification is prematurely hidden when fullscreen is re-requested quickly by the user. This could have been leveraged to perform a potential spoofing attack. This vulnerability affects Firefox < 135 and Thunderbird < 135.
9.8 2025-02-04 CVE-2025-1017

Memory safety bugs present in Firefox 134, Thunderbird 134, Firefox ESR 128.6, and Thunderbird 128.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 135, Firefox ESR < 128.7, Thunderbird < 128.7, and Thunderbird < 135.
9.8 2025-02-04 CVE-2025-1016

Memory safety bugs present in Firefox 134, Thunderbird 134, Firefox ESR 115.19, Firefox ESR 128.6, Thunderbird 115.19, and Thunderbird 128.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 135, Firefox ESR < 115.20, Firefox ESR < 128.7, Thunderbird < 128.7, and Thunderbird < 135.
8.8 2025-02-04 CVE-2025-1014

Certificate length was not properly checked when added to a certificate store. In practice only trusted data was processed. This vulnerability affects Firefox < 135, Firefox ESR < 128.7, Thunderbird < 128.7, and Thunderbird < 135.
7.5 2025-02-04 CVE-2025-1012

A race during concurrent delazification could have led to a use-after-free. This vulnerability affects Firefox < 135, Firefox ESR < 115.20, Firefox ESR < 128.7, Thunderbird < 128.7, and Thunderbird < 135.
8.8 2025-02-04 CVE-2025-1011

A bug in WebAssembly code generation could have lead to a crash. It may have been possible for an attacker to leverage this to achieve code execution. This vulnerability affects Firefox < 135, Firefox ESR < 128.7, Thunderbird < 128.7, and Thunderbird < 135.
8.8 2025-02-04 CVE-2025-1010

An attacker could have caused a use-after-free via the Custom Highlight API, leading to a potentially exploitable crash. This vulnerability affects Firefox < 135, Firefox ESR < 115.20, Firefox ESR < 128.7, Thunderbird < 128.7, and Thunderbird < 135.
9.8 2025-02-04 CVE-2025-1009

An attacker could have caused a use-after-free via crafted XSLT data, leading to a potentially exploitable crash. This vulnerability affects Firefox < 135, Firefox ESR < 115.20, Firefox ESR < 128.7, Thunderbird < 128.7, and Thunderbird < 135.
6.5 2024-11-06 CVE-2024-10941

A malicious website could have included an iframe with an malformed URI resulting in a non-exploitable browser crash. This vulnerability affects Firefox < 126.
5.3 2024-10-29 CVE-2024-10468

Potential race conditions in IndexedDB could have caused memory corruption, leading to a potentially exploitable crash. This vulnerability affects Firefox < 132 and Thunderbird < 132.
8.8 2024-10-29 CVE-2024-10467

Memory safety bugs present in Firefox 131, Firefox ESR 128.3, and Thunderbird 128.3. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 132, Firefox ESR < 128.4, Thunderbird < 128.4, and Thunderbird < 132.
7.5 2024-10-29 CVE-2024-10466

By sending a specially crafted push message, a remote server could have hung the parent process, causing the browser to become unresponsive. This vulnerability affects Firefox < 132, Firefox ESR < 128.4, Thunderbird < 128.4, and Thunderbird < 132.
6.5 2024-10-29 CVE-2024-10465

A clipboard "paste" button could persist across tabs which allowed a spoofing attack. This vulnerability affects Firefox < 132, Firefox ESR < 128.4, Thunderbird < 128.4, and Thunderbird < 132.
6.5 2024-10-29 CVE-2024-10464

Repeated writes to history interface attributes could have been used to cause a Denial of Service condition in the browser. This was addressed by introducing rate-limiting to this API. This vulnerability affects Firefox < 132, Firefox ESR < 128.4, Thunderbird < 128.4, and Thunderbird < 132.
6.5 2024-10-29 CVE-2024-10463

Video frames could have been leaked between origins in some situations. This vulnerability affects Firefox < 132, Firefox ESR < 128.4, Firefox ESR < 115.17, Thunderbird < 128.4, and Thunderbird < 132.
6.5 2024-10-29 CVE-2024-10462

Truncation of a long URL could have allowed origin spoofing in a permission prompt. This vulnerability affects Firefox < 132, Firefox ESR < 128.4, Thunderbird < 128.4, and Thunderbird < 132.
6.1 2024-10-29 CVE-2024-10461

In multipart/x-mixed-replace responses, `Content-Disposition: attachment` in the response header was not respected and did not force a download, which could allow XSS attacks. This vulnerability affects Firefox < 132, Firefox ESR < 128.4, Thunderbird < 128.4, and Thunderbird < 132.
5.3 2024-10-29 CVE-2024-10460

The origin of an external protocol handler prompt could have been obscured using a data: URL within an `iframe`. This vulnerability affects Firefox < 132, Firefox ESR < 128.4, Thunderbird < 128.4, and Thunderbird < 132.
7.5 2024-10-29 CVE-2024-10459

An attacker could have caused a use-after-free when accessibility was enabled, leading to a potentially exploitable crash. This vulnerability affects Firefox < 132, Firefox ESR < 128.4, Firefox ESR < 115.17, Thunderbird < 128.4, and Thunderbird < 132.
7.5 2024-10-29 CVE-2024-10458

A permission leak could have occurred from a trusted site to an untrusted site via `embed` or `object` elements. This vulnerability affects Firefox < 132, Firefox ESR < 128.4, Firefox ESR < 115.17, Thunderbird < 128.4, and Thunderbird < 132.
9.8 2024-10-09 CVE-2024-9680

An attacker was able to achieve code execution in the content process by exploiting a use-after-free in Animation timelines. We have had reports of this vulnerability being exploited in the wild. This vulnerability affects Firefox < 131.0.2, Firefox ESR < 128.3.1, Firefox ESR < 115.16.1, Thunderbird < 131.0.1, Thunderbird < 128.3.1, and Thunderbird < 115.16.0.
7.5 2024-10-01 CVE-2024-9399

A website configured to initiate a specially crafted WebTransport session could crash the Firefox process leading to a denial of service condition. This vulnerability affects Firefox < 131, Firefox ESR < 128.3, Thunderbird < 128.3, and Thunderbird < 131.
5.3 2024-10-01 CVE-2024-9398

By checking the result of calls to `window.open` with specifically set protocol handlers, an attacker could determine if the application which implements that protocol handler is installed. This vulnerability affects Firefox < 131, Firefox ESR < 128.3, Thunderbird < 128.3, and Thunderbird < 131.

CWE : Common Weakness Enumeration

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
%idName
16% (209) CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer
13% (172) CWE-416 Use After Free
13% (168) CWE-787 Out-of-bounds Write
6% (87) CWE-20 Improper Input Validation
6% (83) CWE-200 Information Exposure
4% (63) CWE-79 Failure to Preserve Web Page Structure ('Cross-site Scripting')
4% (51) CWE-264 Permissions, Privileges, and Access Controls
3% (39) CWE-125 Out-of-bounds Read
2% (38) CWE-362 Race Condition
2% (29) CWE-346 Origin Validation Error
1% (20) CWE-254 Security Features
1% (17) CWE-190 Integer Overflow or Wraparound
1% (16) CWE-399 Resource Management Errors
1% (16) CWE-189 Numeric Errors
1% (16) CWE-17 Code
1% (14) CWE-601 URL Redirection to Untrusted Site ('Open Redirect')
1% (14) CWE-269 Improper Privilege Management
1% (14) CWE-203 Information Exposure Through Discrepancy
1% (13) CWE-284 Access Control (Authorization) Issues
0% (8) CWE-295 Certificate Issues
0% (7) CWE-668 Exposure of Resource to Wrong Sphere
0% (7) CWE-352 Cross-Site Request Forgery (CSRF)
0% (7) CWE-290 Authentication Bypass by Spoofing
0% (7) CWE-276 Incorrect Default Permissions
0% (7) CWE-94 Failure to Control Generation of Code ('Code Injection')

SAINT Exploits

Description Link
Mozilla Firefox onreadystatechange Event Use After Free More info here
Firefox crypto.generateCRMFRequest command execution More info here

ExploitDB Exploits

id Description
34363 Firefox toString console.time Privileged Javascript Injection
30474 Firefox 5.0 - 15.0.1 - __exposedProps__ XCS Code Execution

OpenVAS Exploits

id Description
2012-05-31 Name : FreeBSD Ports: chromium
File : nvt/freebsd_chromium13.nasl
2012-05-07 Name : Google Chrome Multiple Denial of Service Vulnerabilities - May 12 (Linux)
File : nvt/gb_google_chrome_mult_dos_vuln_may12_lin.nasl
2012-05-07 Name : Google Chrome Multiple Denial of Service Vulnerabilities - May 12 (Mac OS X)
File : nvt/gb_google_chrome_mult_dos_vuln_may12_macosx.nasl
2012-05-07 Name : Google Chrome Multiple Denial of Service Vulnerabilities - May 12 (Windows)
File : nvt/gb_google_chrome_mult_dos_vuln_may12_win.nasl

Information Assurance Vulnerability Management (IAVM)

id Description
2015-A-0223 Multiple Security Vulnerabilities in Mozilla Products
Severity: Category I - VMSKEY: V0061473
2014-A-0113 Multiple Vulnerabilities in Mozilla Products
Severity: Category I - VMSKEY: V0053309
2014-A-0082 Multiple Vulnerabilities in Mozilla Products
Severity: Category I - VMSKEY: V0052487
2014-A-0064 Multiple Vulnerabilities in Mozilla Products
Severity: Category I - VMSKEY: V0050011
2014-A-0043 Multiple Vulnerabilities in Mozilla Products
Severity: Category I - VMSKEY: V0046769
2014-B-0024 Multiple Security Vulnerabilities in Apple iOS
Severity: Category I - VMSKEY: V0046157
2014-A-0030 Apple Mac OS X Security Update 2014-001
Severity: Category I - VMSKEY: V0044547
2014-A-0021 Multiple Vulnerabilities in Mozilla Products
Severity: Category I - VMSKEY: V0043921
2013-A-0233 Multiple Vulnerabilities in Mozilla Products
Severity: Category I - VMSKEY: V0042596
2013-A-0220 Multiple Vulnerabilities in Mozilla Products
Severity: Category I - VMSKEY: V0042380
2013-B-0124 Multiple Vulnerabilities in Google Chrome
Severity: Category I - VMSKEY: V0042301
2013-A-0203 Multiple Vulnerabilities in Mozilla Products
Severity: Category I - VMSKEY: V0041365

Snort® IPS/IDS

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
Date Description
2021-01-05 Mozilla Firefox default content process DACL sandbox escape attempt
RuleID : 56542 - Type : BROWSER-FIREFOX - Revision : 1
2021-01-05 Mozilla Firefox default content process DACL sandbox escape attempt
RuleID : 56541 - Type : BROWSER-FIREFOX - Revision : 1
2020-07-23 Mozilla Firefox ReadableStreamCloseInternal out-of-bounds access attempt
RuleID : 54380 - Type : BROWSER-FIREFOX - Revision : 1
2020-07-23 Mozilla Firefox ReadableStreamCloseInternal out-of-bounds access attempt
RuleID : 54379 - Type : BROWSER-FIREFOX - Revision : 1
2020-05-07 Mozilla Firefox potential use after free attempt
RuleID : 53581 - Type : BROWSER-FIREFOX - Revision : 1
2020-05-07 Mozilla Firefox potential use after free attempt
RuleID : 53580 - Type : BROWSER-FIREFOX - Revision : 1
2020-02-11 Mozilla multiple products SharedWorker MessagePort memory corruption attempt
RuleID : 52569 - Type : BROWSER-FIREFOX - Revision : 1
2020-01-14 IonMonkey MArraySlice buffer overflow attempt
RuleID : 52431 - Type : BROWSER-FIREFOX - Revision : 1
2020-01-14 IonMonkey MArraySlice buffer overflow attempt
RuleID : 52430 - Type : BROWSER-FIREFOX - Revision : 1
2020-01-14 Mozilla Firefox RemotePrompt sandbox escape attempt
RuleID : 52425 - Type : BROWSER-FIREFOX - Revision : 1
2020-01-14 Mozilla Firefox RemotePrompt sandbox escape attempt
RuleID : 52424 - Type : BROWSER-FIREFOX - Revision : 1
2019-10-08 Mozilla Firefox Custom Elements write-after-free attempt
RuleID : 51440 - Type : BROWSER-FIREFOX - Revision : 1
2019-10-08 Mozilla Firefox Custom Elements write-after-free attempt
RuleID : 51439 - Type : BROWSER-FIREFOX - Revision : 1
2019-08-13 Mozilla Firefox RemotePrompt sandbox escape attempt
RuleID : 50697 - Type : BROWSER-FIREFOX - Revision : 2
2019-08-13 Mozilla Firefox RemotePrompt sandbox escape attempt
RuleID : 50696 - Type : BROWSER-FIREFOX - Revision : 2
2019-07-31 Mozilla Firefox Array.prototype.pop type confusion attempt
RuleID : 50519 - Type : BROWSER-FIREFOX - Revision : 2
2019-07-31 Mozilla Firefox Array.prototype.pop type confusion attempt
RuleID : 50518 - Type : BROWSER-FIREFOX - Revision : 2
2019-05-24 Mozilla Firefox DOMSVGLength appendItem use after free attempt
RuleID : 49918 - Type : BROWSER-FIREFOX - Revision : 1
2019-05-24 Mozilla Firefox DOMSVGLength appendItem use after free attempt
RuleID : 49917 - Type : BROWSER-FIREFOX - Revision : 1
2019-01-17 Mozilla Firefox method array.prototype.push remote code execution attempt
RuleID : 48626 - Type : BROWSER-FIREFOX - Revision : 2
2019-01-17 Mozilla Firefox method array.prototype.push remote code execution attempt
RuleID : 48625 - Type : BROWSER-FIREFOX - Revision : 2
2019-01-10 Mozilla Firefox javascript type confusion code execution attempt
RuleID : 48565 - Type : BROWSER-FIREFOX - Revision : 1
2019-01-10 Mozilla Firefox javascript type confusion code execution attempt
RuleID : 48564 - Type : BROWSER-FIREFOX - Revision : 1
2018-12-07 out-of-bounds write attempt with malicious MAR file detected
RuleID : 48296 - Type : FILE-OTHER - Revision : 2
2018-12-07 out-of-bounds write attempt with malicious MAR file detected
RuleID : 48295 - Type : FILE-OTHER - Revision : 2

Nessus® Vulnerability Scanner

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
2019-01-03 Name: The remote Fedora host is missing a security update.
File: fedora_2018-34f7f68029.nasl - Type: ACT_GATHER_INFO
2019-01-03 Name: The remote Fedora host is missing a security update.
File: fedora_2018-def329f680.nasl - Type: ACT_GATHER_INFO
2019-01-03 Name: The remote Fedora host is missing a security update.
File: fedora_2018-fd194a1f14.nasl - Type: ACT_GATHER_INFO
2018-12-28 Name: The remote EulerOS host is missing multiple security updates.
File: EulerOS_SA-2018-1414.nasl - Type: ACT_GATHER_INFO
2018-12-27 Name: The remote CentOS host is missing a security update.
File: centos_RHSA-2018-3831.nasl - Type: ACT_GATHER_INFO
2018-12-27 Name: The remote CentOS host is missing a security update.
File: centos_RHSA-2018-3833.nasl - Type: ACT_GATHER_INFO
2018-12-18 Name: A web browser installed on the remote macOS host is affected by multiple vuln...
File: macosx_firefox_62_0.nasl - Type: ACT_GATHER_INFO
2018-12-14 Name: The remote Debian host is missing a security update.
File: debian_DLA-1605.nasl - Type: ACT_GATHER_INFO
2018-12-13 Name: The remote Debian host is missing a security-related update.
File: debian_DSA-4354.nasl - Type: ACT_GATHER_INFO
2018-12-13 Name: The remote FreeBSD host is missing one or more security-related updates.
File: freebsd_pkg_d10b49b28d0249e8afde0844626317af.nasl - Type: ACT_GATHER_INFO
2018-12-12 Name: A web browser installed on the remote macOS host is affected by multiple vuln...
File: macosx_firefox_60_4_esr.nasl - Type: ACT_GATHER_INFO
2018-12-12 Name: A web browser installed on the remote macOS host is affected by multiple vuln...
File: macosx_firefox_64_0.nasl - Type: ACT_GATHER_INFO
2018-12-12 Name: A web browser installed on the remote Windows host is affected by multiple vu...
File: mozilla_firefox_60_4_esr.nasl - Type: ACT_GATHER_INFO
2018-12-12 Name: A web browser installed on the remote Windows host is affected by multiple vu...
File: mozilla_firefox_64_0.nasl - Type: ACT_GATHER_INFO
2018-12-11 Name: The remote EulerOS host is missing multiple security updates.
File: EulerOS_SA-2018-1384.nasl - Type: ACT_GATHER_INFO
2018-11-27 Name: The remote Virtuozzo host is missing a security update.
File: Virtuozzo_VZLSA-2017-2831.nasl - Type: ACT_GATHER_INFO
2018-11-27 Name: The remote Virtuozzo host is missing a security update.
File: Virtuozzo_VZLSA-2017-2885.nasl - Type: ACT_GATHER_INFO
2018-11-26 Name: The remote Gentoo host is missing one or more security-related patches.
File: gentoo_GLSA-201811-10.nasl - Type: ACT_GATHER_INFO
2018-11-26 Name: The remote Gentoo host is missing one or more security-related patches.
File: gentoo_GLSA-201811-13.nasl - Type: ACT_GATHER_INFO
2018-11-21 Name: The remote CentOS host is missing a security update.
File: centos_RHSA-2018-3531.nasl - Type: ACT_GATHER_INFO
2018-11-21 Name: The remote CentOS host is missing a security update.
File: centos_RHSA-2018-3532.nasl - Type: ACT_GATHER_INFO
2018-11-13 Name: The remote Debian host is missing a security update.
File: debian_DLA-1575.nasl - Type: ACT_GATHER_INFO
2018-11-13 Name: The remote Debian host is missing a security-related update.
File: debian_DSA-4337.nasl - Type: ACT_GATHER_INFO
2018-11-09 Name: The remote CentOS host is missing a security update.
File: centos_RHSA-2018-3403.nasl - Type: ACT_GATHER_INFO
2018-11-09 Name: The remote Gentoo host is missing one or more security-related patches.
File: gentoo_GLSA-201811-04.nasl - Type: ACT_GATHER_INFO