Firefox

Incorrect boundary conditions, integer overflow in the Audio/Video component. This vulnerability was fixed in Firefox 151, Firefox ESR 140.11, Thunderbird 151, and Thunderbird 140.11.

Published: 2026-05-19T12:29:48.213Z
Updated: 2026-05-19T17:10:48.872Z

Sandbox escape due to use-after-free in the Disability Access APIs component. This vulnerability was fixed in Firefox 151, Firefox ESR 115.36, Firefox ESR 140.11, Thunderbird 151, and Thunderbird 140.11.

Published: 2026-05-19T12:29:46.724Z
Updated: 2026-05-19T17:10:48.519Z

Use-after-free in the DOM: Bindings (WebIDL) component. This vulnerability was fixed in Firefox 151, Firefox ESR 115.36, Firefox ESR 140.11, Thunderbird 151, and Thunderbird 140.11.

Published: 2026-05-19T12:29:37.800Z
Updated: 2026-05-19T17:10:46.663Z

Incorrect boundary conditions in the Audio/Video: Web Codecs component. This vulnerability was fixed in Firefox 151, Firefox ESR 115.36, Firefox ESR 140.11, Thunderbird 151, and Thunderbird 140.11.

Published: 2026-05-19T12:29:36.254Z
Updated: 2026-05-19T17:10:45.651Z

Other issue in the WebRTC component. This vulnerability was fixed in Firefox ESR 140.10.2 and Thunderbird 140.10.2.

Published: 2026-05-07T12:45:08.185Z
Updated: 2026-05-19T16:48:52.171Z

Memory safety bugs present in Firefox ESR 115.35.1, Firefox ESR 140.10.1 and Firefox 150.0.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 150.0.2, Firefox ESR 140.10.2, Firefox ESR 115.35.2, Thunderbird 150.0.2, and Thunderbird 140.10.2.

Published: 2026-05-07T12:45:06.716Z
Updated: 2026-05-19T16:48:31.003Z

Incorrect boundary conditions in the Audio/Video: Playback component. This vulnerability was fixed in Firefox 150, Thunderbird 150, Firefox ESR 140.10.1, Thunderbird 140.10.1, and Firefox ESR 115.35.2.

Published: 2026-05-07T12:45:05.530Z
Updated: 2026-05-08T22:33:49.148Z

Use-after-free in the DOM: Networking component. This vulnerability was fixed in Firefox 150.0.2, Firefox ESR 140.10.2, Firefox ESR 115.35.2, Thunderbird 150.0.2, and Thunderbird 140.10.2.

Published: 2026-05-07T12:45:04.609Z
Updated: 2026-05-08T12:19:00.246Z

Memory safety bugs present in Thunderbird ESR 140.10.0 and Thunderbird 150.0.0. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 150.0.1, Firefox ESR 140.10.1, Thunderbird 150.0.1, and Thunderbird 140.10.1.

Published: 2026-04-28T13:49:10.299Z
Updated: 2026-05-07T15:22:40.336Z

Memory safety bugs present in Thunderbird ESR 140.10.0 and Thunderbird 150.0.0. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 150.0.1, Firefox ESR 140.10.1, Firefox ESR 115.35.1, Thunderbird 150.0.1, and Thunderbird 140.10.1.

Published: 2026-04-28T13:49:09.314Z
Updated: 2026-05-07T15:22:40.028Z

Sandbox escape due to incorrect boundary conditions in the WebRTC: Networking component. This vulnerability was fixed in Firefox 150, Thunderbird 150, Firefox ESR 140.10.1, and Thunderbird 140.10.1.

Published: 2026-04-28T13:49:12.432Z
Updated: 2026-04-30T17:19:49.963Z

Information disclosure due to incorrect boundary conditions in the Audio/Video component. This vulnerability was fixed in Firefox 150.0.1, Firefox ESR 140.10.1, Firefox ESR 115.35.1, Thunderbird 150.0.1, and Thunderbird 140.10.1.

Published: 2026-04-28T13:49:08.262Z
Updated: 2026-04-30T17:19:50.682Z

Memory safety bugs present in Firefox ESR 140.9, Thunderbird ESR 140.9, Firefox 149 and Thunderbird 149. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10.

Published: 2026-04-21T12:41:14.629Z
Updated: 2026-05-26T18:54:11.439Z

Memory safety bugs present in Firefox ESR 115.34, Firefox ESR 140.9, Thunderbird ESR 140.9, Firefox 149 and Thunderbird 149. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 150, Firefox ESR 115.35, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10.

Published: 2026-04-21T12:41:13.980Z
Updated: 2026-05-27T16:52:47.901Z

Incorrect boundary conditions in the WebRTC: Networking component. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10.

Published: 2026-04-21T12:41:07.745Z
Updated: 2026-05-27T16:56:48.340Z

Incorrect boundary conditions in the Libraries component in NSS. This vulnerability was fixed in Firefox 150, Firefox ESR 115.35, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10.

Published: 2026-04-21T12:41:04.596Z
Updated: 2026-05-26T18:14:40.204Z

Mitigation bypass in the DOM: Security component. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10.

Published: 2026-04-21T12:41:03.920Z
Updated: 2026-05-27T16:51:29.513Z

Other issue in the Storage: IndexedDB component. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10.

Published: 2026-04-21T12:41:03.257Z
Updated: 2026-05-27T17:05:28.546Z

Privilege escalation in the Debugger component. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10.

Published: 2026-04-21T12:41:02.147Z
Updated: 2026-05-26T17:52:37.408Z

Other issue in the Libraries component in NSS. This vulnerability was fixed in Firefox 150, Firefox ESR 115.35, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10.

Published: 2026-04-21T12:41:00.326Z
Updated: 2026-05-27T17:09:44.359Z

Incorrect boundary conditions in the Libraries component in NSS. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10.

Published: 2026-04-21T12:40:59.634Z
Updated: 2026-05-26T18:39:03.263Z

Information disclosure in the Form Autofill component. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10.

Published: 2026-04-21T12:40:58.955Z
Updated: 2026-05-27T17:10:37.958Z

Incorrect boundary conditions in the DOM: Device Interfaces component. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10.

Published: 2026-04-21T12:40:58.297Z
Updated: 2026-05-27T17:00:36.069Z

Mitigation bypass in the File Handling component. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10.

Published: 2026-04-21T12:40:57.591Z
Updated: 2026-05-26T17:51:53.896Z

Spoofing issue in the DOM: Core & HTML component. This vulnerability was fixed in Firefox 150, Firefox ESR 115.35, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10.

Published: 2026-04-21T12:40:56.838Z
Updated: 2026-05-26T18:40:29.784Z

Privilege escalation in the Networking component. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10.

Published: 2026-04-21T12:40:56.138Z
Updated: 2026-05-27T17:06:19.059Z

Use-after-free in the Widget: Cocoa component. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10.

Published: 2026-04-21T12:40:54.329Z
Updated: 2026-05-26T18:29:30.970Z

Invalid pointer in the JavaScript: WebAssembly component. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10.

Published: 2026-04-21T12:40:52.961Z
Updated: 2026-05-26T18:07:08.301Z

Use-after-free in the JavaScript Engine component. This vulnerability was fixed in Firefox 150, Firefox ESR 115.35, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10.

Published: 2026-04-21T12:40:50.577Z
Updated: 2026-05-26T18:13:24.356Z

Incorrect boundary conditions in the WebRTC component. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10.

Published: 2026-04-21T12:40:49.893Z
Updated: 2026-05-27T17:11:08.892Z

Incorrect boundary conditions in the WebRTC component. This vulnerability was fixed in Firefox 150, Firefox ESR 115.35, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10.

Published: 2026-04-21T12:40:49.079Z
Updated: 2026-05-26T18:31:28.379Z

Uninitialized memory in the Audio/Video: Web Codecs component. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10.

Published: 2026-04-21T12:40:48.315Z
Updated: 2026-05-27T16:56:22.052Z

Privilege escalation in the Graphics: WebRender component. This vulnerability was fixed in Firefox 150, Firefox ESR 115.35, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10.

Published: 2026-04-21T12:40:47.476Z
Updated: 2026-05-27T17:12:31.767Z

Information disclosure due to uninitialized memory in the Graphics: Canvas2D component. This vulnerability was fixed in Firefox 150, Firefox ESR 115.35, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10.

Published: 2026-04-21T12:40:46.800Z
Updated: 2026-05-27T17:08:01.576Z

Uninitialized memory in the Audio/Video: Web Codecs component. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10.

Published: 2026-04-21T12:40:45.923Z
Updated: 2026-05-27T17:04:34.858Z

Use-after-free in the WebRTC component. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10.

Published: 2026-04-21T12:40:45.203Z
Updated: 2026-05-26T18:37:57.655Z

Use-after-free in the DOM: Core & HTML component. This vulnerability was fixed in Firefox 150, Firefox ESR 115.35, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10.

Published: 2026-04-21T12:40:44.148Z
Updated: 2026-05-26T18:53:00.465Z

Memory safety bugs present in Firefox ESR 140.9.0, Thunderbird ESR 140.9.0, Firefox 149.0.1 and Thunderbird 149.0.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 149.0.2, Firefox ESR 140.9.1, Thunderbird 149.0.2, and Thunderbird 140.9.1.

Published: 2026-04-07T12:43:14.833Z
Updated: 2026-05-26T18:14:09.229Z

Incorrect boundary conditions, integer overflow in the Graphics: Text component. This vulnerability was fixed in Firefox 149.0.2, Firefox ESR 140.9.1, Thunderbird 149.0.2, and Thunderbird 140.9.1.

Published: 2026-04-07T12:43:12.829Z
Updated: 2026-05-26T18:07:30.209Z

Memory safety bugs present in Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird ESR 140.8, Firefox 148 and Thunderbird 148. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 149, Firefox ESR 115.34, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9.

Published: 2026-03-24T12:30:44.312Z
Updated: 2026-04-13T13:51:21.639Z

Memory safety bugs present in Firefox ESR 140.8, Thunderbird ESR 140.8, Firefox 148 and Thunderbird 148. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 149, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9.

Published: 2026-03-24T12:30:43.271Z
Updated: 2026-04-13T13:51:17.655Z

Incorrect boundary conditions in the Graphics: Text component. This vulnerability was fixed in Firefox 149, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9.

Published: 2026-03-24T12:30:42.762Z
Updated: 2026-04-13T13:51:15.420Z

Undefined behavior in the WebRTC: Signaling component. This vulnerability was fixed in Firefox 149, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9.

Published: 2026-03-24T12:30:42.279Z
Updated: 2026-04-13T13:51:12.032Z

Privilege escalation in the Netmonitor component. This vulnerability was fixed in Firefox 149, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9.

Published: 2026-03-24T12:30:40.175Z
Updated: 2026-04-13T13:51:03.533Z

Incorrect boundary conditions, uninitialized memory in the JavaScript Engine component. This vulnerability was fixed in Firefox 149, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9.

Published: 2026-03-24T12:30:39.453Z
Updated: 2026-04-13T13:51:01.318Z

Uninitialized memory in the Graphics: Canvas2D component. This vulnerability was fixed in Firefox 149, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9.

Published: 2026-03-24T12:30:38.831Z
Updated: 2026-04-13T13:50:59.102Z

Incorrect boundary conditions in the Audio/Video component. This vulnerability was fixed in Firefox 149, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9.

Published: 2026-03-24T12:30:38.311Z
Updated: 2026-04-13T13:50:56.854Z

Incorrect boundary conditions in the Graphics component. This vulnerability was fixed in Firefox 149, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9.

Published: 2026-03-24T12:30:37.800Z
Updated: 2026-04-13T13:50:54.808Z

Information disclosure in the Widget: Cocoa component. This vulnerability was fixed in Firefox 149, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9.

Published: 2026-03-24T12:30:37.333Z
Updated: 2026-04-13T13:50:52.664Z

Use-after-free in the Widget: Cocoa component. This vulnerability was fixed in Firefox 149, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9.

Published: 2026-03-24T12:30:36.392Z
Updated: 2026-04-13T13:50:48.884Z

Incorrect boundary conditions in the Audio/Video component. This vulnerability was fixed in Firefox 149, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9.

Published: 2026-03-24T12:30:35.852Z
Updated: 2026-04-13T13:50:46.845Z

Incorrect boundary conditions in the Audio/Video: GMP component. This vulnerability was fixed in Firefox 149, Firefox ESR 115.34, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9.

Published: 2026-03-24T12:30:35.375Z
Updated: 2026-04-13T13:50:44.839Z

Incorrect boundary conditions in the Graphics component. This vulnerability was fixed in Firefox 149, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9.

Published: 2026-03-24T12:30:34.423Z
Updated: 2026-04-13T13:50:42.608Z

Incorrect boundary conditions in the Graphics: Canvas2D component. This vulnerability was fixed in Firefox 149, Firefox ESR 115.34, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9.

Published: 2026-03-24T12:30:33.906Z
Updated: 2026-04-13T13:50:40.488Z

Incorrect boundary conditions in the Graphics: Canvas2D component. This vulnerability was fixed in Firefox 149, Firefox ESR 115.34, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9.

Published: 2026-03-24T12:30:33.263Z
Updated: 2026-04-13T13:50:38.452Z

Undefined behavior in the WebRTC: Signaling component. This vulnerability was fixed in Firefox 149, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9.

Published: 2026-03-24T12:30:32.731Z
Updated: 2026-04-13T13:50:36.275Z

Denial-of-service in the WebRTC: Signaling component. This vulnerability was fixed in Firefox 149, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9.

Published: 2026-03-24T12:30:32.214Z
Updated: 2026-04-13T13:50:34.107Z

JIT miscompilation in the JavaScript Engine component. This vulnerability was fixed in Firefox 149, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9.

Published: 2026-03-24T12:30:30.743Z
Updated: 2026-04-13T13:50:24.307Z

Use-after-free in the JavaScript Engine component. This vulnerability was fixed in Firefox 149, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9.

Published: 2026-03-24T12:30:29.700Z
Updated: 2026-05-12T16:54:17.477Z

Mitigation bypass in the Networking: HTTP component. This vulnerability was fixed in Firefox 149, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9.

Published: 2026-03-24T12:30:28.913Z
Updated: 2026-05-12T16:53:52.206Z

Incorrect boundary conditions in the Layout: Text and Fonts component. This vulnerability was fixed in Firefox 149, Firefox ESR 115.34, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9.

Published: 2026-03-24T12:30:28.441Z
Updated: 2026-05-12T16:52:31.472Z

JIT miscompilation in the JavaScript Engine: JIT component. This vulnerability was fixed in Firefox 149, Firefox ESR 115.34, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9.

Published: 2026-03-24T12:30:27.865Z
Updated: 2026-05-22T12:47:58.654Z

Incorrect boundary conditions in the Audio/Video: Web Codecs component. This vulnerability was fixed in Firefox 149, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9.

Published: 2026-03-24T12:30:27.383Z
Updated: 2026-05-07T14:52:47.420Z

Use-after-free in the Layout: Text and Fonts component. This vulnerability was fixed in Firefox 149, Firefox ESR 115.34, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9.

Published: 2026-03-24T12:30:26.919Z
Updated: 2026-05-07T14:52:22.615Z

Incorrect boundary conditions in the Audio/Video: Web Codecs component. This vulnerability was fixed in Firefox 149, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9.

Published: 2026-03-24T12:30:26.409Z
Updated: 2026-05-07T14:51:53.337Z

Incorrect boundary conditions, integer overflow in the Graphics component. This vulnerability was fixed in Firefox 149, Firefox ESR 115.34, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9.

Published: 2026-03-24T12:30:25.919Z
Updated: 2026-05-07T14:51:31.763Z

Incorrect boundary conditions in the Audio/Video: Playback component. This vulnerability was fixed in Firefox 149, Firefox ESR 115.34, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9.

Published: 2026-03-24T12:30:25.391Z
Updated: 2026-05-07T14:51:09.853Z

Sandbox escape in the Responsive Design Mode component. This vulnerability was fixed in Firefox 149, Firefox ESR 115.34, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9.

Published: 2026-03-24T12:30:24.864Z
Updated: 2026-04-13T13:48:45.652Z

Use-after-free in the CSS Parsing and Computation component. This vulnerability was fixed in Firefox 149, Firefox ESR 115.34, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9.

Published: 2026-03-24T12:30:24.376Z
Updated: 2026-05-07T14:50:45.605Z

Sandbox escape due to incorrect boundary conditions, integer overflow in the XPCOM component. This vulnerability was fixed in Firefox 149, Firefox ESR 115.34, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9.

Published: 2026-03-24T12:30:23.812Z
Updated: 2026-04-13T13:48:40.559Z

Sandbox escape due to incorrect boundary conditions, integer overflow in the XPCOM component. This vulnerability was fixed in Firefox 149, Firefox ESR 115.34, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9.

Published: 2026-03-24T12:30:23.260Z
Updated: 2026-04-13T13:48:38.103Z

Sandbox escape due to use-after-free in the Disability Access APIs component. This vulnerability was fixed in Firefox 149, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9.

Published: 2026-03-24T12:30:22.710Z
Updated: 2026-04-13T13:48:35.360Z

Sandbox escape due to incorrect boundary conditions in the Telemetry component. This vulnerability was fixed in Firefox 149, Firefox ESR 115.34, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9.

Published: 2026-03-24T12:30:22.179Z
Updated: 2026-04-13T13:48:33.096Z

Incorrect boundary conditions in the Graphics: Canvas2D component. This vulnerability was fixed in Firefox 149, Firefox ESR 115.34, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9.

Published: 2026-03-24T12:30:21.639Z
Updated: 2026-05-07T14:50:23.927Z

Incorrect boundary conditions in the Graphics: Canvas2D component. This vulnerability was fixed in Firefox 149, Firefox ESR 115.34, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9.

Published: 2026-03-24T12:30:21.064Z
Updated: 2026-05-07T14:49:55.459Z

Race condition, use-after-free in the Graphics: WebRender component. This vulnerability was fixed in Firefox 149, Firefox ESR 115.34, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9.

Published: 2026-03-24T12:30:20.420Z
Updated: 2026-04-13T13:46:22.818Z

Memory safety bugs present in Firefox ESR 115.32, Firefox ESR 140.7, Thunderbird ESR 140.7, Firefox 147 and Thunderbird 147. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8.

Published: 2026-02-24T13:33:23.571Z
Updated: 2026-04-13T13:53:03.837Z

Memory safety bugs present in Firefox ESR 140.7, Thunderbird ESR 140.7, Firefox 147 and Thunderbird 147. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 148, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8.

Published: 2026-02-24T13:33:22.842Z
Updated: 2026-04-13T13:53:50.518Z

Mitigation bypass in the Networking: Cache component. This vulnerability was fixed in Firefox 148, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8.

Published: 2026-02-24T13:33:22.237Z
Updated: 2026-04-21T02:40:55.797Z

Same-origin policy bypass in the Networking: JAR component. This vulnerability was fixed in Firefox 148, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8.

Published: 2026-02-24T13:33:21.600Z
Updated: 2026-04-13T13:53:42.980Z

Use-after-free in the Graphics: ImageLib component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8.

Published: 2026-02-24T13:33:20.961Z
Updated: 2026-04-13T13:53:00.745Z

Incorrect boundary conditions in the Audio/Video: GMP component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8.

Published: 2026-02-24T13:33:20.287Z
Updated: 2026-04-21T02:40:29.432Z

Use-after-free in the DOM: Window and Location component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8.

Published: 2026-02-24T13:33:19.579Z
Updated: 2026-04-13T13:52:56.351Z

Use-after-free in the JavaScript Engine component. This vulnerability was fixed in Firefox 148, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8.

Published: 2026-02-24T13:33:18.980Z
Updated: 2026-05-10T12:54:19.009Z

Invalid pointer in the JavaScript Engine component. This vulnerability was fixed in Firefox 148, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8.

Published: 2026-02-24T13:33:18.254Z
Updated: 2026-04-13T13:53:37.061Z

Mitigation bypass in the DOM: Security component. This vulnerability was fixed in Firefox 148, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8.

Published: 2026-02-24T13:33:17.554Z
Updated: 2026-04-16T14:32:57.551Z

Information disclosure due to JIT miscompilation in the JavaScript Engine: JIT component. This vulnerability was fixed in Firefox 148, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8.

Published: 2026-02-24T13:33:16.921Z
Updated: 2026-04-13T13:53:30.360Z

Privilege escalation in the Netmonitor component. This vulnerability was fixed in Firefox 148, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8.

Published: 2026-02-24T13:33:16.262Z
Updated: 2026-04-13T13:53:27.919Z

Integer overflow in the Libraries component in NSS. This vulnerability was fixed in Firefox 148, Firefox ESR 140.8, Thunderbird 148, Thunderbird 140.8, and Firefox ESR 115.35.

Published: 2026-02-24T13:33:15.551Z
Updated: 2026-04-21T12:40:43.312Z

Privilege escalation in the Netmonitor component. This vulnerability was fixed in Firefox 148, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8.

Published: 2026-02-24T13:33:14.850Z
Updated: 2026-04-13T13:53:23.298Z

Incorrect boundary conditions in the Networking: JAR component. This vulnerability was fixed in Firefox 148, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8.

Published: 2026-02-24T13:33:14.195Z
Updated: 2026-04-16T14:32:33.729Z

Sandbox escape due to incorrect boundary conditions in the DOM: Core & HTML component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8.

Published: 2026-02-24T13:33:13.564Z
Updated: 2026-04-16T14:32:14.511Z

Privilege escalation in the Messaging System component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8.

Published: 2026-02-24T13:33:12.869Z
Updated: 2026-04-13T13:52:51.037Z

Sandbox escape due to incorrect boundary conditions in the Telemetry component in External Software. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8.

Published: 2026-02-24T13:33:12.247Z
Updated: 2026-04-16T14:31:49.143Z

Mitigation bypass in the DOM: HTML Parser component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8.

Published: 2026-02-24T13:33:11.553Z
Updated: 2026-04-16T14:31:30.683Z

Integer overflow in the Audio/Video component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8.

Published: 2026-02-24T13:33:10.821Z
Updated: 2026-04-13T13:52:44.181Z

Incorrect boundary conditions in the Web Audio component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8.

Published: 2026-02-24T13:33:10.177Z
Updated: 2026-04-16T14:31:07.312Z

Use-after-free in the Audio/Video: Playback component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8.

Published: 2026-02-24T13:33:09.181Z
Updated: 2026-04-13T13:52:39.456Z

Undefined behavior in the DOM: Core & HTML component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8.

Published: 2026-02-24T13:33:08.538Z
Updated: 2026-04-16T14:30:39.225Z

Use-after-free in the DOM: Bindings (WebIDL) component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8.

Published: 2026-02-24T13:33:07.898Z
Updated: 2026-04-13T13:52:34.610Z

Use-after-free in the Storage: IndexedDB component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8.

Published: 2026-02-24T13:33:06.912Z
Updated: 2026-04-13T13:52:32.795Z

Sandbox escape in the Storage: IndexedDB component. This vulnerability was fixed in Firefox 148, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8.

Published: 2026-02-24T13:33:06.258Z
Updated: 2026-04-13T13:53:18.772Z

Use-after-free in the JavaScript: WebAssembly component. This vulnerability was fixed in Firefox 148, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8.

Published: 2026-02-24T13:33:05.551Z
Updated: 2026-04-13T13:53:16.679Z

Use-after-free in the JavaScript Engine: JIT component. This vulnerability was fixed in Firefox 148, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8.

Published: 2026-02-24T13:33:04.946Z
Updated: 2026-04-16T14:28:29.474Z

Use-after-free in the JavaScript Engine component. This vulnerability was fixed in Firefox 148, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8.

Published: 2026-02-24T13:33:03.943Z
Updated: 2026-04-16T14:27:42.110Z

JIT miscompilation, use-after-free in the JavaScript Engine: JIT component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8.

Published: 2026-02-24T13:33:03.207Z
Updated: 2026-04-16T14:27:18.103Z

Use-after-free in the JavaScript Engine component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8.

Published: 2026-02-24T13:33:02.514Z
Updated: 2026-04-15T15:39:44.974Z

Integer overflow in the JavaScript: Standard Library component. This vulnerability was fixed in Firefox 148, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8.

Published: 2026-02-24T13:33:01.761Z
Updated: 2026-04-15T15:39:20.955Z

Sandbox escape in the Graphics: WebRender component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8.

Published: 2026-02-24T13:33:01.011Z
Updated: 2026-04-15T15:38:48.489Z

Sandbox escape due to incorrect boundary conditions in the Graphics: WebRender component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8.

Published: 2026-02-24T13:33:00.290Z
Updated: 2026-04-15T15:38:19.407Z

Incorrect boundary conditions in the Graphics: ImageLib component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8.

Published: 2026-02-24T13:32:59.173Z
Updated: 2026-04-15T15:38:00.858Z

Use-after-free in the JavaScript: GC component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8.

Published: 2026-02-24T13:32:58.501Z
Updated: 2026-04-15T15:37:39.628Z

Incorrect boundary conditions in the WebRTC: Audio/Video component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8.

Published: 2026-02-24T13:32:57.740Z
Updated: 2026-04-14T15:11:01.347Z

Heap buffer overflow in libvpx. This vulnerability was fixed in Firefox 147.0.4, Firefox ESR 140.7.1, Firefox ESR 115.32.1, Thunderbird 140.7.2, and Thunderbird 147.0.2.

Published: 2026-02-16T14:13:23.559Z
Updated: 2026-04-13T13:53:57.597Z

Memory safety bugs present in Firefox ESR 140.6, Thunderbird ESR 140.6, Firefox 146 and Thunderbird 146. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 147, Firefox ESR 140.7, Thunderbird 147, and Thunderbird 140.7.

Published: 2026-01-13T13:30:59.454Z
Updated: 2026-04-13T13:52:10.334Z

Spoofing issue in the DOM: Copy & Paste and Drag & Drop component. This vulnerability was fixed in Firefox 147, Firefox ESR 140.7, Thunderbird 147, and Thunderbird 140.7.

Published: 2026-01-13T13:30:59.089Z
Updated: 2026-04-13T13:52:07.852Z

Clickjacking issue, information disclosure in the PDF Viewer component. This vulnerability was fixed in Firefox 147, Firefox ESR 140.7, Thunderbird 147, and Thunderbird 140.7.

Published: 2026-01-13T13:30:57.847Z
Updated: 2026-04-13T13:51:59.523Z

Incorrect boundary conditions in the Graphics component. This vulnerability was fixed in Firefox 147, Firefox ESR 115.32, Firefox ESR 140.7, Thunderbird 147, and Thunderbird 140.7.

Published: 2026-01-13T13:30:57.400Z
Updated: 2026-04-13T13:51:57.056Z

Use-after-free in the JavaScript: GC component. This vulnerability was fixed in Firefox 147, Firefox ESR 140.7, Thunderbird 147, and Thunderbird 140.7.

Published: 2026-01-13T13:30:56.939Z
Updated: 2026-04-13T13:51:54.970Z

Use-after-free in the JavaScript Engine component. This vulnerability was fixed in Firefox 147, Firefox ESR 140.7, Thunderbird 147, and Thunderbird 140.7.

Published: 2026-01-13T13:30:56.543Z
Updated: 2026-04-13T13:51:52.987Z

Information disclosure in the Networking component. This vulnerability was fixed in Firefox 147, Firefox ESR 140.7, Thunderbird 147, and Thunderbird 140.7.

Published: 2026-01-13T13:30:56.043Z
Updated: 2026-04-13T13:51:51.032Z

Use-after-free in the IPC component. This vulnerability was fixed in Firefox 147, Firefox ESR 115.32, Firefox ESR 140.7, Thunderbird 147, and Thunderbird 140.7.

Published: 2026-01-13T13:30:55.562Z
Updated: 2026-04-13T13:51:48.764Z

Sandbox escape due to integer overflow in the Graphics component. This vulnerability was fixed in Firefox 147, Firefox ESR 115.32, Firefox ESR 140.7, Thunderbird 147, and Thunderbird 140.7.

Published: 2026-01-13T13:30:54.679Z
Updated: 2026-04-13T13:51:44.559Z

Sandbox escape due to incorrect boundary conditions in the Graphics component. This vulnerability was fixed in Firefox 147, Firefox ESR 115.32, Firefox ESR 140.7, Thunderbird 147, and Thunderbird 140.7.

Published: 2026-01-13T13:30:54.207Z
Updated: 2026-04-13T13:51:42.642Z

Sandbox escape due to incorrect boundary conditions in the Graphics: CanvasWebGL component. This vulnerability was fixed in Firefox 147, Firefox ESR 140.7, Thunderbird 147, and Thunderbird 140.7.

Published: 2026-01-13T13:30:53.697Z
Updated: 2026-04-13T13:51:40.607Z

Mitigation bypass in the DOM: Security component. This vulnerability was fixed in Firefox 147, Firefox ESR 115.32, Firefox ESR 140.7, Thunderbird 147, and Thunderbird 140.7.

Published: 2026-01-13T13:30:52.979Z
Updated: 2026-04-13T13:51:38.648Z

Memory safety bugs present in Firefox ESR 115.26, Firefox ESR 128.13, Thunderbird ESR 128.13, Firefox ESR 140.1, Thunderbird ESR 140.1, Firefox 141 and Thunderbird 141. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 142, Firefox ESR 115.27, Firefox ESR 128.14, Firefox ESR 140.2, Thunderbird 142, Thunderbird 128.14, and Thunderbird 140.2.

Published: 2025-08-19T20:33:55.556Z
Updated: 2026-04-13T14:25:52.926Z

Memory safety bugs present in Firefox ESR 140.1, Thunderbird ESR 140.1, Firefox 141 and Thunderbird 141. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 142, Firefox ESR 140.2, Thunderbird 142, and Thunderbird 140.2.

Published: 2025-08-19T20:33:58.037Z
Updated: 2026-04-13T14:28:41.568Z

Spoofing issue in the Address Bar component. This vulnerability was fixed in Firefox 142 and Firefox ESR 140.2.

Published: 2025-08-19T20:33:57.019Z
Updated: 2026-04-13T14:28:39.668Z

Denial-of-service due to out-of-memory in the Graphics: WebRender component. This vulnerability was fixed in Firefox 142, Firefox ESR 140.2, Thunderbird 142, and Thunderbird 140.2.

Published: 2025-08-19T20:33:56.512Z
Updated: 2026-04-13T14:28:37.915Z

Uninitialized memory in the JavaScript Engine component. This vulnerability was fixed in Firefox 142, Firefox ESR 128.14, Firefox ESR 140.2, Thunderbird 142, Thunderbird 128.14, and Thunderbird 140.2.

Published: 2025-08-19T20:33:55.063Z
Updated: 2026-04-13T14:25:51.187Z

Same-origin policy bypass in the Graphics: Canvas2D component. This vulnerability was fixed in Firefox 142, Firefox ESR 115.27, Firefox ESR 128.14, Firefox ESR 140.2, Thunderbird 142, Thunderbird 128.14, and Thunderbird 140.2.

Published: 2025-08-19T20:33:54.532Z
Updated: 2026-04-13T14:25:49.457Z

An attacker was able to perform memory corruption in the GMP process which processes encrypted media. This process is also heavily sandboxed, but represents slightly different privileges from the content process. This vulnerability was fixed in Firefox 142, Firefox ESR 115.27, Firefox ESR 128.14, Firefox ESR 140.2, Thunderbird 142, Thunderbird 128.14, and Thunderbird 140.2.

Published: 2025-08-19T20:33:53.949Z
Updated: 2026-04-13T14:25:47.601Z

Memory safety bugs present in Firefox ESR 140.0, Thunderbird ESR 140.0, Firefox 140 and Thunderbird 140. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 141, Firefox ESR 140.1, Thunderbird 141, and Thunderbird 140.1.

Published: 2025-07-22T20:49:28.310Z
Updated: 2026-04-13T14:27:10.161Z

In some cases search terms persisted in the URL bar even after navigating away from the search page. This vulnerability was fixed in Firefox 141, Firefox ESR 140.1, Thunderbird 141, and Thunderbird 140.1.

Published: 2025-07-22T20:49:27.191Z
Updated: 2026-04-13T14:27:04.816Z

Thunderbird ignored paths when checking the validity of navigations in a frame. This vulnerability was fixed in Firefox 141, Firefox ESR 140.1, Thunderbird 141, and Thunderbird 140.1.

Published: 2025-07-22T20:49:26.764Z
Updated: 2026-04-13T14:27:01.276Z

Setting a nameless cookie with an equals sign in the value shadowed other cookies. Even if the nameless cookie was set over HTTP and the shadowed cookie included the `Secure` attribute. This vulnerability was fixed in Firefox 141, Firefox ESR 140.1, Thunderbird 141, and Thunderbird 140.1.

Published: 2025-07-22T20:49:25.621Z
Updated: 2026-04-13T14:26:53.773Z

Thunderbird cached CORS preflight responses across IP address changes. This allowed circumventing CORS with DNS rebinding. This vulnerability was fixed in Firefox 141, Firefox ESR 140.1, Thunderbird 141, and Thunderbird 140.1.

Published: 2025-07-22T20:49:25.303Z
Updated: 2026-04-13T14:26:51.977Z

Memory safety bugs present in Firefox ESR 128.12, Thunderbird ESR 128.12, Firefox ESR 140.0, Thunderbird ESR 140.0, Firefox 140 and Thunderbird 140. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 141, Firefox ESR 128.13, Firefox ESR 140.1, Thunderbird 141, Thunderbird 128.13, and Thunderbird 140.1.

Published: 2025-07-22T20:49:28.660Z
Updated: 2026-04-13T14:27:11.988Z

Memory safety bugs present in Firefox ESR 115.25, Firefox ESR 128.12, Thunderbird ESR 128.12, Firefox ESR 140.0, Thunderbird ESR 140.0, Firefox 140 and Thunderbird 140. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 141, Firefox ESR 115.26, Firefox ESR 128.13, Firefox ESR 140.1, Thunderbird 141, Thunderbird 128.13, and Thunderbird 140.1.

Published: 2025-07-22T20:49:27.749Z
Updated: 2026-04-13T14:27:08.421Z

The JavaScript engine did not handle closed generators correctly and it was possible to resume them leading to a nullptr deref. This vulnerability was fixed in Firefox 141, Firefox ESR 115.26, Firefox ESR 128.13, Firefox ESR 140.1, Thunderbird 141, Thunderbird 128.13, and Thunderbird 140.1.

Published: 2025-07-22T20:49:27.477Z
Updated: 2026-04-13T14:27:06.664Z

XSLT document loading did not correctly propagate the source document which bypassed its CSP. This vulnerability was fixed in Firefox 141, Firefox ESR 128.13, Firefox ESR 140.1, Thunderbird 141, Thunderbird 128.13, and Thunderbird 140.1.

Published: 2025-07-22T20:49:26.507Z
Updated: 2026-04-13T14:26:59.396Z

The `username:password` part was not correctly stripped from URLs in CSP reports potentially leaking HTTP Basic Authentication credentials. This vulnerability was fixed in Firefox 141, Firefox ESR 128.13, Firefox ESR 140.1, Thunderbird 141, Thunderbird 128.13, and Thunderbird 140.1.

Published: 2025-07-22T20:49:26.243Z
Updated: 2026-04-13T14:26:57.626Z

Insufficient escaping in the “Copy as cURL” feature could potentially be used to trick a user into executing unexpected code. This vulnerability was fixed in Firefox 141, Firefox ESR 128.13, Firefox ESR 140.1, Thunderbird 141, Thunderbird 128.13, and Thunderbird 140.1.

Published: 2025-07-22T20:49:25.931Z
Updated: 2026-04-13T14:26:55.584Z

Thunderbird executed `javascript:` URLs when used in `object` and `embed` tags. This vulnerability was fixed in Firefox 141, Firefox ESR 128.13, Firefox ESR 140.1, Thunderbird 141, Thunderbird 128.13, and Thunderbird 140.1.

Published: 2025-07-22T20:49:24.898Z
Updated: 2026-04-13T14:26:50.157Z

On arm64, a WASM `br_table` instruction with a lot of entries could lead to the label being too far from the instruction causing truncation and incorrect computation of the branch address. This vulnerability was fixed in Firefox 141, Firefox ESR 115.26, Firefox ESR 128.13, Firefox ESR 140.1, Thunderbird 141, Thunderbird 128.13, and Thunderbird 140.1.

Published: 2025-07-22T20:49:24.592Z
Updated: 2026-04-13T14:26:48.394Z

On 64-bit platforms IonMonkey-JIT only wrote 32 bits of the 64-bit return value space on the stack. Baseline-JIT, however, read the entire 64 bits. This vulnerability was fixed in Firefox 141, Firefox ESR 115.26, Firefox ESR 128.13, Firefox ESR 140.1, Thunderbird 141, Thunderbird 128.13, and Thunderbird 140.1.

Published: 2025-07-22T20:49:24.039Z
Updated: 2026-04-13T14:26:46.624Z

When a file download is specified via the `Content-Disposition` header, that directive would be ignored if the file was included via a `<embed>` or `<object>` tag, potentially making a website vulnerable to a cross-site scripting attack. This vulnerability was fixed in Firefox 140, Firefox ESR 128.12, Thunderbird 140, and Thunderbird 128.12.

Published: 2025-06-24T12:28:01.020Z
Updated: 2026-04-13T14:30:45.145Z

Firefox could have incorrectly parsed a URL and rewritten it to the youtube.com domain when parsing the URL specified in an `embed` tag. This could have bypassed website security checks that restricted which domains users were allowed to embed. This vulnerability was fixed in Firefox 140, Firefox ESR 128.12, Thunderbird 140, and Thunderbird 128.12.

Published: 2025-06-24T12:28:00.819Z
Updated: 2026-04-13T14:30:42.931Z

The executable file warning did not warn users before opening files with the `terminal` extension. *This bug only affects Firefox for macOS. Other versions of Firefox are unaffected.*. This vulnerability was fixed in Firefox 140, Firefox ESR 128.12, Thunderbird 140, and Thunderbird 128.12.

Published: 2025-06-24T12:28:00.614Z
Updated: 2026-04-13T14:30:40.735Z

An attacker who enumerated resources from the WebCompat extension could have obtained a persistent UUID that identified the browser, and persisted between containers and normal/private browsing mode, but not profiles. This vulnerability was fixed in Firefox 140, Firefox ESR 115.25, Firefox ESR 128.12, Thunderbird 140, and Thunderbird 128.12.

Published: 2025-06-24T12:27:59.987Z
Updated: 2026-04-13T14:26:06.659Z

A use-after-free in FontFaceSet resulted in a potentially exploitable crash. This vulnerability was fixed in Firefox 140, Firefox ESR 115.25, Firefox ESR 128.12, Thunderbird 140, and Thunderbird 128.12.

Published: 2025-06-24T12:27:59.669Z
Updated: 2026-04-13T14:26:04.861Z

Memory safety bug present in Firefox ESR 128.10, and Thunderbird 128.10. This bug showed evidence of memory corruption and we presume that with enough effort this could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox ESR 128.11 and Thunderbird 128.11.

Published: 2025-05-27T12:29:27.780Z
Updated: 2026-04-13T14:29:15.660Z

Memory safety bugs present in Firefox 138, Thunderbird 138, Firefox ESR 128.10, and Thunderbird 128.10. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 139, Firefox ESR 128.11, Thunderbird 139, and Thunderbird 128.11.

Published: 2025-05-27T12:29:26.941Z
Updated: 2026-04-13T14:29:13.932Z

A clickjacking vulnerability could have been used to trick a user into leaking saved payment card details to a malicious page. This vulnerability was fixed in Firefox 139, Firefox ESR 128.11, Thunderbird 139, and Thunderbird 128.11.

Published: 2025-05-27T12:29:25.942Z
Updated: 2026-04-13T14:29:10.584Z

Script elements loading cross-origin resources generated load and error events which leaked information enabling XS-Leaks attacks. This vulnerability was fixed in Firefox 139, Firefox ESR 128.11, Thunderbird 139, and Thunderbird 128.11.

Published: 2025-05-27T12:29:25.084Z
Updated: 2026-04-13T14:29:08.538Z

Due to insufficient escaping of the ampersand character in the “Copy as cURL” feature, an attacker could trick a user into using this command, potentially leading to local code execution on the user's system. *This bug only affects Firefox for Windows. Other versions of Firefox are unaffected.*. This vulnerability was fixed in Firefox 139, Firefox ESR 115.24, Firefox ESR 128.11, Thunderbird 139, and Thunderbird 128.11.

Published: 2025-05-27T12:29:24.338Z
Updated: 2026-04-13T14:28:00.476Z

Due to insufficient escaping of the newline character in the “Copy as cURL” feature, an attacker could trick a user into using this command, potentially leading to local code execution on the user's system. This vulnerability was fixed in Firefox 139, Firefox ESR 115.24, Firefox ESR 128.11, Thunderbird 139, and Thunderbird 128.11.

Published: 2025-05-27T12:29:23.513Z
Updated: 2026-04-13T14:27:58.589Z

Error handling for script execution was incorrectly isolated from web content, which could have allowed cross-origin leak attacks. This vulnerability was fixed in Firefox 139, Firefox ESR 115.24, Firefox ESR 128.11, Thunderbird 139, and Thunderbird 128.11.

Published: 2025-05-27T12:29:22.686Z
Updated: 2026-04-13T14:27:56.730Z

An attacker was able to perform an out-of-bounds read or write on a JavaScript object by confusing array index sizes. This vulnerability was fixed in Firefox 138.0.4, Firefox ESR 128.10.1, Firefox ESR 115.23.1, Thunderbird 128.10.2, and Thunderbird 138.0.2.

Published: 2025-05-17T21:07:27.734Z
Updated: 2026-04-13T14:25:56.780Z

An attacker was able to perform an out-of-bounds read or write on a JavaScript `Promise` object. This vulnerability was fixed in Firefox 138.0.4, Firefox ESR 128.10.1, Firefox ESR 115.23.1, Thunderbird 128.10.2, and Thunderbird 138.0.2.

Published: 2025-05-17T21:07:26.745Z
Updated: 2026-04-13T14:25:54.968Z

Memory safety bug present in Firefox ESR 128.9, and Thunderbird 128.9. This bug showed evidence of memory corruption and we presume that with enough effort this could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox ESR 128.10 and Thunderbird 128.10.

Published: 2025-04-29T13:13:50.917Z
Updated: 2026-04-13T14:27:25.816Z

Memory safety bugs present in Firefox 137, Thunderbird 137, Firefox ESR 128.9, and Thunderbird 128.9. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 138, Firefox ESR 128.10, Thunderbird 138, and Thunderbird 128.10.

Published: 2025-04-29T13:13:48.089Z
Updated: 2026-04-13T14:27:22.909Z

A vulnerability was identified in Thunderbird where XPath parsing could trigger undefined behavior due to missing null checks during attribute access. This could lead to out-of-bounds read access and potentially, memory corruption. This vulnerability was fixed in Firefox 138, Firefox ESR 128.10, Thunderbird 138, and Thunderbird 128.10.

Published: 2025-04-29T13:13:42.302Z
Updated: 2026-04-13T14:27:21.172Z

Due to insufficient escaping of the special characters in the "copy as cURL" feature, an attacker could trick a user into using this command, potentially leading to local code execution on the user's system. *This bug only affects Firefox for Windows. Other versions of Firefox are unaffected.*. This vulnerability was fixed in Firefox ESR 128.10, Firefox ESR 115.23, and Thunderbird 128.10.

Published: 2025-04-29T13:13:38.073Z
Updated: 2026-04-13T14:27:19.237Z

A process isolation vulnerability in Thunderbird stemmed from improper handling of javascript: URIs, which could allow content to execute in the top-level document's process instead of the intended frame, potentially enabling a sandbox escape. This vulnerability was fixed in Firefox 138, Firefox ESR 128.10, Firefox ESR 115.23, Thunderbird 138, and Thunderbird 128.10.

Published: 2025-04-29T13:13:36.578Z
Updated: 2026-04-13T14:27:17.492Z

Modification of specific WebGL shader attributes could trigger an out-of-bounds read, which, when chained with other vulnerabilities, could be used to escalate privileges. *This bug only affects Thunderbird for macOS. Other versions of Thunderbird are unaffected.*. This vulnerability was fixed in Firefox 138, Firefox ESR 128.10, Firefox ESR 115.23, Thunderbird 138, and Thunderbird 128.10.

Published: 2025-04-29T13:13:35.242Z
Updated: 2026-04-13T14:27:15.646Z

Memory safety bugs present in Firefox 136, Thunderbird 136, Firefox ESR 128.8, and Thunderbird 128.8. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 137, Firefox ESR 128.9, Thunderbird 137, and Thunderbird 128.9.

Published: 2025-04-01T12:29:00.640Z
Updated: 2026-04-13T14:26:02.951Z

A crafted URL containing specific Unicode characters could have hidden the true origin of the page, resulting in a potential spoofing attack. This vulnerability was fixed in Firefox 137, Firefox ESR 128.9, Thunderbird 137, and Thunderbird 128.9.

Published: 2025-04-01T12:28:59.386Z
Updated: 2026-04-13T14:26:00.288Z

JavaScript code running while transforming a document with the XSLTProcessor could lead to a use-after-free. This vulnerability was fixed in Firefox 137, Firefox ESR 115.22, Firefox ESR 128.9, Thunderbird 137, and Thunderbird 128.9.

Published: 2025-04-01T12:28:58.303Z
Updated: 2026-04-13T14:25:58.540Z

Following the recent Chrome sandbox escape (CVE-2025-2783), various Firefox developers identified a similar pattern in our IPC code. A compromised child process could cause the parent process to return an unintentionally powerful handle, leading to a sandbox escape. The original vulnerability was being exploited in the wild. *This only affects Firefox on Windows. Other operating systems are unaffected.*. This vulnerability was fixed in Firefox 136.0.4, Firefox ESR 128.8.1, and Firefox ESR 115.21.1.

Published: 2025-03-27T13:27:57.377Z
Updated: 2026-04-13T14:30:19.981Z

Thunderbird's update mechanism allowed a medium-integrity user process to interfere with the SYSTEM-level updater by manipulating the file-locking behavior. By injecting code into the user-privileged process, an attacker could bypass intended access controls, allowing SYSTEM-level file operations on paths controlled by a non-privileged user and enabling privilege escalation. This vulnerability was fixed in Firefox 138, Firefox ESR 128.10, Firefox ESR 115.23, Thunderbird 138, and Thunderbird 128.10.

Published: 2025-04-29T13:13:33.783Z
Updated: 2026-04-13T14:27:13.873Z

Memory safety bugs present in Firefox 135, Thunderbird 135, Firefox ESR 128.7, and Thunderbird 128.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 136, Firefox ESR 128.8, Thunderbird 136, and Thunderbird 128.8.

Published: 2025-03-04T13:31:27.167Z
Updated: 2026-04-13T14:27:47.492Z

Memory safety bugs present in Firefox 135, Thunderbird 135, Firefox ESR 115.20, Firefox ESR 128.7, and Thunderbird 128.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 136, Firefox ESR 115.21, Firefox ESR 128.8, Thunderbird 136, and Thunderbird 128.8.

Published: 2025-03-04T13:31:26.780Z
Updated: 2026-04-13T14:27:45.714Z

jar: URLs retrieve local file content packaged in a ZIP archive. The null and everything after it was ignored when retrieving the content from the archive, but the fake extension after the null was used to determine the type of content. This could have been used to hide code in a web extension disguised as something else like an image. This vulnerability was fixed in Firefox 136, Firefox ESR 128.8, Thunderbird 136, and Thunderbird 128.8.

Published: 2025-03-04T13:31:26.282Z
Updated: 2026-04-13T14:27:43.945Z

A web page could trick a user into setting that site as the default handler for a custom URL protocol. This vulnerability was fixed in Firefox 136, Firefox ESR 128.8, Thunderbird 136, and Thunderbird 128.8.

Published: 2025-03-04T13:31:25.890Z
Updated: 2026-04-13T14:27:42.195Z

It was possible to interrupt the processing of a RegExp bailout and run additional JavaScript, potentially triggering garbage collection when the engine was not expecting it. This vulnerability was fixed in Firefox 136, Firefox ESR 128.8, Thunderbird 136, and Thunderbird 128.8.

Published: 2025-03-04T13:31:24.734Z
Updated: 2026-04-13T14:27:40.069Z

On 64-bit CPUs, when the JIT compiles WASM i32 return values they can pick up bits from left over memory. This can potentially cause them to be treated as a different type. This vulnerability was fixed in Firefox 136, Firefox ESR 115.21, Firefox ESR 128.8, Thunderbird 136, and Thunderbird 128.8.

Published: 2025-03-04T13:31:23.856Z
Updated: 2026-04-13T14:27:38.226Z

An inconsistent comparator in xslt/txNodeSorter could have resulted in potentially exploitable out-of-bounds access. Only affected version 122 and later. This vulnerability was fixed in Firefox 136, Firefox ESR 128.8, Thunderbird 136, and Thunderbird 128.8.

Published: 2025-03-04T13:31:23.551Z
Updated: 2026-04-13T14:27:35.026Z

It was possible to cause a use-after-free in the content process side of a WebTransport connection, leading to a potentially exploitable crash. This vulnerability was fixed in Firefox 136, Firefox ESR 115.21, Firefox ESR 128.8, Thunderbird 136, and Thunderbird 128.8.

Published: 2025-03-04T13:31:23.221Z
Updated: 2026-04-13T14:27:33.349Z

On Windows, a compromised content process could use bad StreamData sent over AudioIPC to trigger a use-after-free in the Browser process. This could have led to a sandbox escape. This vulnerability was fixed in Firefox 136, Firefox ESR 115.21, Firefox ESR 128.8, Thunderbird 136, and Thunderbird 128.8.

Published: 2025-03-04T13:31:22.418Z
Updated: 2026-04-13T14:27:31.484Z

Memory safety bugs present in Firefox 134, Thunderbird 134, Firefox ESR 128.6, and Thunderbird 128.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 135, Firefox ESR 128.7, Thunderbird 128.7, and Thunderbird 135.

Published: 2025-02-04T13:58:56.028Z
Updated: 2026-04-13T14:25:23.811Z

Memory safety bugs present in Firefox 134, Thunderbird 134, Firefox ESR 115.19, Firefox ESR 128.6, Thunderbird 115.19, and Thunderbird 128.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 135, Firefox ESR 115.20, Firefox ESR 128.7, Thunderbird 128.7, and Thunderbird 135.

Published: 2025-02-04T13:58:55.672Z
Updated: 2026-04-13T14:25:22.068Z

Certificate length was not properly checked when added to a certificate store. In practice only trusted data was processed. This vulnerability was fixed in Firefox 135, Firefox ESR 128.7, Thunderbird 128.7, and Thunderbird 135.

Published: 2025-02-04T13:58:54.940Z
Updated: 2026-04-13T14:25:20.384Z

A race condition could have led to private browsing tabs being opened in normal browsing windows. This could have resulted in a potential privacy leak. This vulnerability was fixed in Firefox 135, Firefox ESR 128.7, Thunderbird 128.7, and Thunderbird 135.

Published: 2025-02-04T13:58:54.445Z
Updated: 2026-04-13T14:25:18.645Z

A race during concurrent delazification could have led to a use-after-free. This vulnerability was fixed in Firefox 135, Firefox ESR 115.20, Firefox ESR 128.7, Thunderbird 128.7, and Thunderbird 135.

Published: 2025-02-04T13:58:53.687Z
Updated: 2026-04-13T14:25:14.718Z

A bug in WebAssembly code generation could have lead to a crash. It may have been possible for an attacker to leverage this to achieve code execution. This vulnerability was fixed in Firefox 135, Firefox ESR 128.7, Thunderbird 128.7, and Thunderbird 135.

Published: 2025-02-04T13:58:53.239Z
Updated: 2026-04-13T14:25:12.907Z

An attacker could have caused a use-after-free via the Custom Highlight API, leading to a potentially exploitable crash. This vulnerability was fixed in Firefox 135, Firefox ESR 115.20, Firefox ESR 128.7, Thunderbird 128.7, and Thunderbird 135.

Published: 2025-02-04T13:58:52.357Z
Updated: 2026-04-13T14:25:08.956Z

An attacker could have caused a use-after-free via crafted XSLT data, leading to a potentially exploitable crash. This vulnerability was fixed in Firefox 135, Firefox ESR 115.20, Firefox ESR 128.7, Thunderbird 128.7, and Thunderbird 135.

Published: 2025-02-04T13:58:51.928Z
Updated: 2026-04-13T14:25:07.080Z

Memory safety bugs present in Firefox ESR 140.5, Thunderbird ESR 140.5, Firefox 145 and Thunderbird 145. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 146, Firefox ESR 140.6, Thunderbird 146, and Thunderbird 140.6.

Published: 2025-12-09T13:38:09.979Z
Updated: 2026-04-13T14:25:45.424Z

Same-origin policy bypass in the Request Handling component. This vulnerability was fixed in Firefox 146, Firefox ESR 115.31, Firefox ESR 140.6, Thunderbird 146, and Thunderbird 140.6.

Published: 2025-12-09T13:38:07.191Z
Updated: 2026-04-13T14:25:43.540Z

JIT miscompilation in the JavaScript Engine: JIT component. This vulnerability was fixed in Firefox 146, Firefox ESR 140.6, Thunderbird 146, and Thunderbird 140.6.

Published: 2025-12-09T13:38:05.995Z
Updated: 2026-04-13T14:25:41.657Z

Privilege escalation in the Netmonitor component. This vulnerability was fixed in Firefox 146, Firefox ESR 140.6, Thunderbird 146, and Thunderbird 140.6.

Published: 2025-12-09T13:38:04.796Z
Updated: 2026-04-13T14:25:39.463Z

Privilege escalation in the Netmonitor component. This vulnerability was fixed in Firefox 146, Firefox ESR 140.6, Thunderbird 146, and Thunderbird 140.6.

Published: 2025-12-09T13:38:03.509Z
Updated: 2026-04-13T14:25:37.532Z

JIT miscompilation in the JavaScript Engine: JIT component. This vulnerability was fixed in Firefox 146, Firefox ESR 140.6, Thunderbird 146, and Thunderbird 140.6.

Published: 2025-12-09T13:37:58.843Z
Updated: 2026-04-13T14:25:35.644Z

JIT miscompilation in the JavaScript Engine: JIT component. This vulnerability was fixed in Firefox 146, Firefox ESR 115.31, Firefox ESR 140.6, Thunderbird 146, and Thunderbird 140.6.

Published: 2025-12-09T13:37:57.533Z
Updated: 2026-04-13T14:25:33.489Z

Privilege escalation in the DOM: Notifications component. This vulnerability was fixed in Firefox 146, Firefox ESR 115.31, Firefox ESR 140.6, Thunderbird 146, and Thunderbird 140.6.

Published: 2025-12-09T13:37:56.358Z
Updated: 2026-04-13T14:25:31.606Z

Sandbox escape due to incorrect boundary conditions in the Graphics: CanvasWebGL component. This vulnerability was fixed in Firefox 146, Firefox ESR 115.31, Firefox ESR 140.6, Thunderbird 146, and Thunderbird 140.6.

Published: 2025-12-09T13:37:55.159Z
Updated: 2026-04-13T14:25:29.901Z

Use-after-free in the WebRTC: Signaling component. This vulnerability was fixed in Firefox 146, Firefox ESR 140.6, Thunderbird 146, and Thunderbird 140.6.

Published: 2025-12-09T13:37:53.872Z
Updated: 2026-04-13T14:25:27.309Z

Use-after-free in the WebRTC: Audio/Video component. This vulnerability was fixed in Firefox 145, Firefox ESR 140.5, Thunderbird 145, and Thunderbird 140.5.

Published: 2025-11-11T15:47:17.203Z
Updated: 2026-04-13T14:26:35.933Z

Same-origin policy bypass in the DOM: Workers component. This vulnerability was fixed in Firefox 145, Firefox ESR 140.5, Thunderbird 145, and Thunderbird 140.5.

Published: 2025-11-11T15:47:16.759Z
Updated: 2026-04-13T14:26:31.931Z

Mitigation bypass in the DOM: Security component. This vulnerability was fixed in Firefox 145, Firefox ESR 140.5, Thunderbird 145, and Thunderbird 140.5.

Published: 2025-11-11T15:47:16.458Z
Updated: 2026-04-13T14:26:30.229Z

Same-origin policy bypass in the DOM: Notifications component. This vulnerability was fixed in Firefox 145, Firefox ESR 140.5, Thunderbird 145, and Thunderbird 140.5.

Published: 2025-11-11T15:47:16.109Z
Updated: 2026-04-13T14:26:28.500Z

Incorrect boundary conditions in the JavaScript: WebAssembly component. This vulnerability was fixed in Firefox 145, Firefox ESR 140.5, Thunderbird 145, and Thunderbird 140.5.

Published: 2025-11-11T15:47:14.370Z
Updated: 2026-04-13T14:26:21.119Z

Spoofing issue in Firefox. This vulnerability was fixed in Firefox 145, Firefox ESR 140.5, and Firefox ESR 115.30.

Published: 2025-11-11T15:47:12.707Z
Updated: 2026-04-13T14:26:40.252Z

Use-after-free in the Audio/Video component. This vulnerability was fixed in Firefox 145, Firefox ESR 140.5, Firefox ESR 115.30, Thunderbird 145, and Thunderbird 140.5.

Published: 2025-11-11T15:47:12.313Z
Updated: 2026-04-13T14:26:38.013Z

Mitigation bypass in the DOM: Core & HTML component. This vulnerability was fixed in Firefox 145, Firefox ESR 140.5, Firefox ESR 115.30, Thunderbird 145, and Thunderbird 140.5.

Published: 2025-11-11T15:47:11.849Z
Updated: 2026-04-13T14:26:34.039Z

Race condition in the Graphics component. This vulnerability was fixed in Firefox 145, Firefox ESR 140.5, Firefox ESR 115.30, Thunderbird 145, and Thunderbird 140.5.

Published: 2025-11-11T15:47:11.434Z
Updated: 2026-04-13T14:26:13.190Z

Memory safety bugs present in Firefox ESR 140.3, Thunderbird ESR 140.3, Firefox 143 and Thunderbird 143. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 144, Firefox ESR 140.4, Thunderbird 144, and Thunderbird 140.4.

Published: 2025-10-14T12:27:36.209Z
Updated: 2026-04-13T14:29:45.602Z

Memory safety bugs present in Firefox ESR 115.28, Firefox ESR 140.3, Thunderbird ESR 140.3, Firefox 143 and Thunderbird 143. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 144, Firefox ESR 115.29, Firefox ESR 140.4, Thunderbird 144, and Thunderbird 140.4.

Published: 2025-10-14T12:27:34.820Z
Updated: 2026-04-13T14:29:23.290Z

Insufficient escaping in the “Copy as cURL” feature could have been used to trick a user into executing unexpected code on Windows. This did not affect the application when running on other operating systems. This vulnerability was fixed in Firefox 144, Firefox ESR 140.4, Thunderbird 144, and Thunderbird 140.4.

Published: 2025-10-14T12:27:35.913Z
Updated: 2026-04-13T14:29:43.716Z

A malicious page could have used the type attribute of an OBJECT tag to override the default browser behavior when encountering a web resource served without a content-type. This could have contributed to an XSS on a site that unsafely serves files without a content-type header. This vulnerability was fixed in Firefox 144, Firefox ESR 140.4, Thunderbird 144, and Thunderbird 140.4.

Published: 2025-10-14T12:27:35.544Z
Updated: 2026-04-13T14:29:40.795Z

There was a way to change the value of JavaScript Object properties that were supposed to be non-writeable. This vulnerability was fixed in Firefox 144, Firefox ESR 115.29, Firefox ESR 140.4, Thunderbird 144, and Thunderbird 140.4.

Published: 2025-10-14T12:27:34.470Z
Updated: 2026-04-13T14:29:21.552Z

A compromised web process using malicious IPC messages could have caused the privileged browser process to reveal blocks of its memory to the compromised process. This vulnerability was fixed in Firefox 144, Firefox ESR 115.29, Firefox ESR 140.4, Thunderbird 144, and Thunderbird 140.4.

Published: 2025-10-14T12:27:34.065Z
Updated: 2026-04-13T14:29:19.863Z

A compromised web process was able to trigger out of bounds reads and writes in a more privileged process using manipulated WebGL textures. This vulnerability was fixed in Firefox 144, Firefox ESR 115.29, Firefox ESR 140.4, Thunderbird 144, and Thunderbird 140.4.

Published: 2025-10-14T12:27:33.692Z
Updated: 2026-04-13T14:29:18.098Z

Use-after-free in MediaTrackGraphImpl::GetInstance(). This vulnerability was fixed in Firefox 144, Firefox ESR 140.4, Thunderbird 144, and Thunderbird 140.4.

Published: 2025-10-14T12:27:35.228Z
Updated: 2026-04-13T14:29:38.732Z

Memory safety bugs present in Firefox ESR 140.2, Thunderbird ESR 140.2, Firefox 142 and Thunderbird 142. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 143, Firefox ESR 140.3, Thunderbird 143, and Thunderbird 140.3.

Published: 2025-09-16T12:26:37.029Z
Updated: 2026-04-13T14:28:25.818Z

Information disclosure in the Networking: Cache component. This vulnerability was fixed in Firefox 143, Firefox ESR 140.3, Thunderbird 143, and Thunderbird 140.3.

Published: 2025-09-16T12:26:36.546Z
Updated: 2026-04-13T14:28:24.046Z

Integer overflow in the SVG component. This vulnerability was fixed in Firefox 143, Firefox ESR 115.28, Firefox ESR 140.3, Thunderbird 143, and Thunderbird 140.3.

Published: 2025-09-16T12:26:34.655Z
Updated: 2026-04-13T14:28:19.829Z

Incorrect boundary conditions in the JavaScript: GC component. This vulnerability was fixed in Firefox 143, Firefox ESR 140.3, Thunderbird 143, and Thunderbird 140.3.

Published: 2025-09-16T12:26:36.188Z
Updated: 2026-04-13T14:28:17.996Z

Same-origin policy bypass in the Layout component. This vulnerability was fixed in Firefox 143, Firefox ESR 140.3, Thunderbird 143, and Thunderbird 140.3.

Published: 2025-09-16T12:26:35.822Z
Updated: 2026-04-13T14:28:12.191Z

Sandbox escape due to undefined behavior, invalid pointer in the Graphics: Canvas2D component. This vulnerability was fixed in Firefox 143, Firefox ESR 140.3, Thunderbird 143, and Thunderbird 140.3.

Published: 2025-09-16T12:26:35.394Z
Updated: 2026-04-13T14:28:09.906Z

Sandbox escape due to use-after-free in the Graphics: Canvas2D component. This vulnerability was fixed in Firefox 143, Firefox ESR 140.3, Thunderbird 143, and Thunderbird 140.3.

Published: 2025-09-16T12:26:35.079Z
Updated: 2026-04-13T14:28:08.186Z

Memory safety bugs present in Firefox 133, Thunderbird 133, Firefox ESR 128.5, and Thunderbird 128.5. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 134, Firefox ESR 128.6, Thunderbird 134, and Thunderbird 128.6.

Published: 2025-01-07T16:07:07.372Z
Updated: 2026-04-13T14:30:10.438Z

Memory safety bugs present in Firefox 133, Thunderbird 133, Firefox ESR 115.18, Firefox ESR 128.5, Thunderbird 115.18, and Thunderbird 128.5. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 134, Firefox ESR 128.6, Firefox ESR 115.19, Thunderbird 134, and Thunderbird 128.6.

Published: 2025-01-07T16:07:07.093Z
Updated: 2026-04-13T14:28:55.810Z

When segmenting specially crafted text, segmentation would corrupt memory leading to a potentially exploitable crash. This vulnerability was fixed in Firefox 134, Firefox ESR 128.6, Thunderbird 134, and Thunderbird 128.6.

Published: 2025-01-07T16:07:06.824Z
Updated: 2026-04-13T14:30:08.648Z

Parsing a JavaScript module as JSON could, under some circumstances, cause cross-compartment access, which may result in a use-after-free. This vulnerability was fixed in Firefox 134, Firefox ESR 128.6, Thunderbird 134, and Thunderbird 128.6.

Published: 2025-01-07T16:07:06.551Z
Updated: 2026-04-13T14:30:06.768Z

When using Alt-Svc, ALPN did not properly validate certificates when the original server is redirecting to an insecure site. This vulnerability was fixed in Firefox 134, Firefox ESR 128.6, Thunderbird 134, and Thunderbird 128.6.

Published: 2025-01-07T16:07:06.317Z
Updated: 2026-04-13T14:30:01.233Z

Assuming a controlled failed memory allocation, an attacker could have caused a use-after-free, leading to a potentially exploitable crash. This vulnerability was fixed in Firefox 134, Firefox ESR 128.6, Firefox ESR 115.19, Thunderbird 134, and Thunderbird 128.6.

Published: 2025-01-07T16:07:06.043Z
Updated: 2026-04-13T14:28:53.814Z

The WebChannel API, which is used to transport various information across processes, did not check the sending principal but rather accepted the principal being sent. This could have led to privilege escalation attacks. This vulnerability was fixed in Firefox 134, Firefox ESR 128.6, Thunderbird 134, and Thunderbird 128.6.

Published: 2025-01-07T16:07:05.787Z
Updated: 2026-04-13T14:29:59.516Z

An attacker was able to achieve code execution in the content process by exploiting a use-after-free in Animation timelines. We have had reports of this vulnerability being exploited in the wild. This vulnerability affects Firefox < 131.0.2, Firefox ESR < 128.3.1, Firefox ESR < 115.16.1, Thunderbird < 131.0.1, Thunderbird < 128.3.1, and Thunderbird < 115.16.0.

Published: 2024-10-09T12:59:07.108Z
Updated: 2025-11-03T22:33:32.973Z

Memory safety bugs present in Firefox 130, Firefox ESR 128.2, and Thunderbird 128.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 131, Firefox ESR < 128.3, Thunderbird < 128.3, and Thunderbird < 131.

Published: 2024-10-01T15:13:21.493Z
Updated: 2024-10-01T18:37:41.130Z

Memory safety bugs present in Firefox 130, Firefox ESR 115.15, Firefox ESR 128.2, and Thunderbird 128.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 131, Firefox ESR < 128.3, Firefox ESR < 115.16, Thunderbird < 128.3, and Thunderbird < 131.

Published: 2024-10-01T15:13:21.229Z
Updated: 2025-11-03T22:33:31.442Z

A potential memory corruption vulnerability could be triggered if an attacker had the ability to trigger an OOM at a specific moment during JIT compilation. This vulnerability affects Firefox < 131, Firefox ESR < 128.3, Thunderbird < 128.3, and Thunderbird < 131.

Published: 2024-10-01T15:13:20.979Z
Updated: 2024-10-01T18:43:38.722Z

It is currently unknown if this issue is exploitable but a condition may arise where the structured clone of certain objects could lead to memory corruption. This vulnerability affects Firefox < 131, Firefox ESR < 128.3, Thunderbird < 128.3, and Thunderbird < 131.

Published: 2024-10-01T15:13:20.007Z
Updated: 2024-10-01T19:14:43.201Z

A compromised content process could have allowed for the arbitrary loading of cross-origin pages. This vulnerability affects Firefox < 131, Firefox ESR < 128.3, Firefox ESR < 115.16, Thunderbird < 128.3, and Thunderbird < 131.

Published: 2024-10-01T15:13:18.862Z
Updated: 2025-11-03T22:33:24.026Z

An error in the ECMA-262 specification relating to Async Generators could have resulted in a type confusion, potentially leading to memory corruption and an exploitable crash. This vulnerability affects Firefox < 128, Firefox ESR < 115.13, Thunderbird < 115.13, and Thunderbird < 128.

Published: 2024-09-06T18:18:28.692Z
Updated: 2025-10-30T16:14:30.001Z

Memory safety bugs present in Firefox 127, Firefox ESR 115.12, and Thunderbird 115.12. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 128, Firefox ESR < 115.13, Thunderbird < 115.13, and Thunderbird < 128.

Published: 2024-07-09T14:25:57.691Z
Updated: 2025-10-30T16:16:17.696Z

In an out-of-memory scenario an allocation could fail but free would have been called on the pointer afterwards leading to memory corruption. This vulnerability affects Firefox < 128, Firefox ESR < 115.13, Thunderbird < 115.13, and Thunderbird < 128.

Published: 2024-07-09T14:25:57.402Z
Updated: 2025-10-30T16:14:59.829Z

A mismatch between allocator and deallocator could have led to memory corruption. This vulnerability affects Firefox < 128, Firefox ESR < 115.13, Thunderbird < 115.13, and Thunderbird < 128.

Published: 2024-07-09T14:25:57.026Z
Updated: 2025-11-03T22:32:44.098Z

A race condition could lead to a cross-origin container obtaining permissions of the top-level origin. This vulnerability affects Firefox < 128, Firefox ESR < 115.13, Thunderbird < 115.13, and Thunderbird < 128.

Published: 2024-07-09T14:25:56.733Z
Updated: 2025-10-30T16:14:52.710Z

Due to large allocation checks in Angle for GLSL shaders being too lenient an out-of-bounds access could occur when allocating more than 8192 ints in private shader memory on macOS. This vulnerability affects Firefox < 128, Firefox ESR < 115.13, Thunderbird < 115.13, and Thunderbird < 128.

Published: 2024-07-09T14:25:56.437Z
Updated: 2025-10-30T16:14:47.510Z

Memory corruption in the networking stack could have led to a potentially exploitable crash. This vulnerability affects Firefox < 125, Firefox ESR < 115.12, and Thunderbird < 115.12.

Published: 2024-06-11T12:40:12.176Z
Updated: 2024-08-12T17:00:57.597Z

Memory safety bugs present in Firefox 126, Firefox ESR 115.11, and Thunderbird 115.11. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 127, Firefox ESR < 115.12, and Thunderbird < 115.12.

Published: 2024-06-11T12:40:14.287Z
Updated: 2024-08-01T21:18:07.031Z

By manipulating the text in an `&lt;input&gt;` tag, an attacker could have caused corrupt memory leading to a potentially exploitable crash. This vulnerability affects Firefox < 127, Firefox ESR < 115.12, and Thunderbird < 115.12.

Published: 2024-06-11T12:40:13.963Z
Updated: 2024-08-01T21:18:07.014Z

Offscreen Canvas did not properly track cross-origin tainting, which could be used to access image data from another site in violation of same-origin policy. This vulnerability affects Firefox < 127, Firefox ESR < 115.12, and Thunderbird < 115.12.

Published: 2024-06-11T12:40:13.675Z
Updated: 2024-08-01T21:18:06.938Z

On Windows 10, when using the 'Save As' functionality, an attacker could have tricked the browser into saving the file with a disallowed extension such as `.url` by including an invalid character in the extension. *Note:* This issue only affected Windows operating systems. Other operating systems are unaffected. This vulnerability affects Firefox < 127, Firefox ESR < 115.12, and Thunderbird < 115.12.

Published: 2024-06-11T12:40:13.370Z
Updated: 2026-02-27T16:40:12.748Z

If a garbage collection was triggered at the right time, a use-after-free could have occurred during object transplant. This vulnerability affects Firefox < 127, Firefox ESR < 115.12, and Thunderbird < 115.12.

Published: 2024-06-11T12:40:12.457Z
Updated: 2024-08-01T21:18:07.039Z

Memory safety bugs present in Firefox 125, Firefox ESR 115.10, and Thunderbird 115.10. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 126, Firefox ESR < 115.11, and Thunderbird < 115.11.

Published: 2024-05-14T17:21:24.864Z
Updated: 2025-03-13T16:28:20.230Z

When saving a page to PDF, certain font styles could have led to a potential use-after-free crash. This vulnerability affects Firefox < 126, Firefox ESR < 115.11, and Thunderbird < 115.11.

Published: 2024-05-14T17:21:24.594Z
Updated: 2025-02-13T17:53:40.744Z

When importing resources using Web Workers, error messages would distinguish the difference between `application/javascript` responses and non-script responses. This could have been abused to learn information cross-origin. This vulnerability affects Firefox < 126, Firefox ESR < 115.11, and Thunderbird < 115.11.

Published: 2024-05-14T17:21:24.318Z
Updated: 2025-02-13T17:53:40.168Z

A bug in popup notifications' interaction with WebAuthn made it easier for an attacker to trick a user into granting permissions. This vulnerability affects Firefox < 126, Firefox ESR < 115.11, and Thunderbird < 115.11.

Published: 2024-05-14T17:21:24.047Z
Updated: 2025-02-13T17:53:39.586Z

If the `browser.privatebrowsing.autostart` preference is enabled, IndexedDB files were not properly deleted when the window was closed. This preference is disabled by default in Firefox. This vulnerability affects Firefox < 126, Firefox ESR < 115.11, and Thunderbird < 115.11.

Published: 2024-05-14T17:21:23.746Z
Updated: 2025-03-28T19:24:10.616Z

A type check was missing when handling fonts in PDF.js, which would allow arbitrary JavaScript execution in the PDF.js context. This vulnerability affects Firefox < 126, Firefox ESR < 115.11, and Thunderbird < 115.11.

Published: 2024-05-14T17:21:23.486Z
Updated: 2026-05-12T11:30:41.220Z

Memory safety bug present in Firefox 124, Firefox ESR 115.9, and Thunderbird 115.9. This bug showed evidence of memory corruption and we presume that with enough effort this could have been exploited to run arbitrary code. This vulnerability affects Firefox < 125, Firefox ESR < 115.10, and Thunderbird < 115.10.

Published: 2024-04-16T15:14:09.552Z
Updated: 2025-03-28T23:27:10.997Z

The executable file warning was not presented when downloading .xrm-ms files. *Note: This issue only affected Windows operating systems. Other operating systems are unaffected.* This vulnerability affects Firefox < 125, Firefox ESR < 115.10, and Thunderbird < 115.10.

Published: 2024-04-16T15:14:08.950Z
Updated: 2025-08-22T03:55:42.389Z

If an AlignedBuffer were assigned to itself, the subsequent self-move could result in an incorrect reference count and later use-after-free. This vulnerability affects Firefox < 125, Firefox ESR < 115.10, and Thunderbird < 115.10.

Published: 2024-04-16T15:14:08.332Z
Updated: 2024-08-01T20:26:57.101Z

On 32-bit versions there were integer-overflows that led to an out-of-bounds-read that potentially could be triggered by a malformed OpenType font. This vulnerability affects Firefox < 125, Firefox ESR < 115.10, and Thunderbird < 115.10.

Published: 2024-04-16T15:14:07.543Z
Updated: 2024-08-01T20:26:56.940Z

The JIT created incorrect code for arguments in certain cases. This led to potential use-after-free crashes during garbage collection. This vulnerability affects Firefox < 125, Firefox ESR < 115.10, and Thunderbird < 115.10.

Published: 2024-04-16T15:14:06.935Z
Updated: 2024-08-01T20:26:56.991Z

In some code patterns the JIT incorrectly optimized switch statements and generated code with out-of-bounds-reads. This vulnerability affects Firefox < 125, Firefox ESR < 115.10, and Thunderbird < 115.10.

Published: 2024-04-16T15:14:05.902Z
Updated: 2024-08-01T20:26:57.045Z

GetBoundName could return the wrong version of an object when JIT optimizations were applied. This vulnerability affects Firefox < 125, Firefox ESR < 115.10, and Thunderbird < 115.10.

Published: 2024-04-16T15:14:05.240Z
Updated: 2024-08-01T20:26:56.409Z

There was no limit to the number of HTTP/2 CONTINUATION frames that would be processed. A server could abuse this to create an Out of Memory condition in the browser. This vulnerability affects Firefox < 125, Firefox ESR < 115.10, and Thunderbird < 115.10.

Published: 2024-04-16T15:14:09.243Z
Updated: 2025-03-28T23:33:26.516Z

To harden ICU against exploitation, the behavior for out-of-memory conditions was changed to crash instead of attempt to continue. This vulnerability affects Firefox ESR < 115.9 and Thunderbird < 115.9.

Published: 2024-03-19T12:02:58.997Z
Updated: 2025-02-13T17:41:08.379Z

Memory safety bugs present in Firefox 123, Firefox ESR 115.8, and Thunderbird 115.8. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 124, Firefox ESR < 115.9, and Thunderbird < 115.9.

Published: 2024-03-19T12:02:57.272Z
Updated: 2025-02-13T17:41:04.244Z

If an attacker could find a way to trigger a particular code path in `SafeRefPtr`, it could have triggered a crash or potentially be leveraged to achieve code execution. This vulnerability affects Firefox < 124, Firefox ESR < 115.9, and Thunderbird < 115.9.

Published: 2024-03-19T12:02:56.196Z
Updated: 2025-02-13T17:41:02.934Z

A missing delay on when pointer lock was used could have allowed a malicious page to trick a user into granting permissions. This vulnerability affects Firefox < 124, Firefox ESR < 115.9, and Thunderbird < 115.9.

Published: 2024-03-19T12:02:55.649Z
Updated: 2025-02-13T17:41:02.264Z

Using a markup injection an attacker could have stolen nonce values. This could have been used to bypass strict content security policies. This vulnerability affects Firefox < 124, Firefox ESR < 115.9, and Thunderbird < 115.9.

Published: 2024-03-19T12:02:55.079Z
Updated: 2025-02-13T17:41:01.598Z

The permission prompt input delay could expire while the window is not in focus. This makes it vulnerable to clickjacking by malicious websites. This vulnerability affects Firefox < 124, Firefox ESR < 115.10, and Thunderbird < 115.10.

Published: 2024-03-19T12:02:54.546Z
Updated: 2025-03-14T19:18:01.610Z

`AppendEncodedAttributeValue(), ExtraSpaceNeededForAttrEncoding()` and `AppendEncodedCharacters()` could have experienced integer overflows, causing underallocation of an output buffer leading to an out of bounds write. This vulnerability affects Firefox < 124, Firefox ESR < 115.9, and Thunderbird < 115.9.

Published: 2024-03-19T12:02:53.467Z
Updated: 2025-03-13T14:40:17.491Z

Return registers were overwritten which could have allowed an attacker to execute arbitrary code. *Note:* This issue only affected Armv7-A systems. Other operating systems are unaffected. This vulnerability affects Firefox < 124, Firefox ESR < 115.9, and Thunderbird < 115.9.

Published: 2024-03-19T12:02:52.932Z
Updated: 2025-02-13T17:40:59.400Z

An attacker could have leveraged the Windows Error Reporter to run arbitrary code on the system escaping the sandbox. *Note:* This issue only affected Windows operating systems. Other operating systems are unaffected. This vulnerability affects Firefox < 124, Firefox ESR < 115.9, and Thunderbird < 115.9.

Published: 2024-03-19T12:02:51.825Z
Updated: 2025-03-13T18:16:41.217Z

An attacker was able to inject an event handler into a privileged object that would allow arbitrary JavaScript execution in the parent process. Note: This vulnerability affects Desktop Firefox only, it does not affect mobile versions of Firefox. This vulnerability affects Firefox < 124.0.1 and Firefox ESR < 115.9.1.

Published: 2024-03-22T12:55:40.451Z
Updated: 2025-03-14T15:08:06.373Z

Memory safety bugs present in Firefox 122, Firefox ESR 115.7, and Thunderbird 115.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 123, Firefox ESR < 115.8, and Thunderbird < 115.8.

Published: 2024-02-20T13:21:37.066Z
Updated: 2025-03-13T14:20:51.105Z

Incorrect code generation could have led to unexpected numeric conversions and potential undefined behavior.*Note:* This issue only affects 32-bit ARM devices. This vulnerability affects Firefox < 123, Firefox ESR < 115.8, and Thunderbird < 115.8.

Published: 2024-02-20T13:21:36.729Z
Updated: 2025-03-27T14:51:49.616Z

Set-Cookie response headers were being incorrectly honored in multipart HTTP responses. If an attacker could control the Content-Type response header, as well as control part of the response body, they could inject Set-Cookie response headers that would have been honored by the browser. This vulnerability affects Firefox < 123, Firefox ESR < 115.8, and Thunderbird < 115.8.

Published: 2024-02-20T13:21:36.343Z
Updated: 2025-02-13T17:27:40.658Z

A malicious website could have used a combination of exiting fullscreen mode and `requestPointerLock` to cause the user's mouse to be re-positioned unexpectedly, which could have led to user confusion and inadvertently granting permissions they did not intend to grant. This vulnerability affects Firefox < 123, Firefox ESR < 115.8, and Thunderbird < 115.8.

Published: 2024-02-20T13:21:35.887Z
Updated: 2025-03-27T20:05:58.389Z

If a website set a large custom cursor, portions of the cursor could have overlapped with the permission dialog, potentially resulting in user confusion and unexpected granted permissions. This vulnerability affects Firefox < 123, Firefox ESR < 115.8, and Thunderbird < 115.8.

Published: 2024-02-20T13:21:35.339Z
Updated: 2025-02-13T17:27:39.512Z

A website could have obscured the fullscreen notification by using a dropdown select input element. This could have led to user confusion and possible spoofing attacks. This vulnerability affects Firefox < 123, Firefox ESR < 115.8, and Thunderbird < 115.8.

Published: 2024-02-20T13:21:34.997Z
Updated: 2025-02-13T17:27:38.998Z

Through a series of API calls and redirects, an attacker-controlled alert dialog could have been displayed on another website (with the victim website's URL shown). This vulnerability affects Firefox < 123, Firefox ESR < 115.8, and Thunderbird < 115.8.

Published: 2024-02-20T13:21:34.611Z
Updated: 2025-03-28T17:34:22.227Z

When storing and re-accessing data on a networking channel, the length of buffers may have been confused, resulting in an out-of-bounds memory read. This vulnerability affects Firefox < 123, Firefox ESR < 115.8, and Thunderbird < 115.8.

Published: 2024-02-20T13:21:34.136Z
Updated: 2025-02-13T17:27:37.804Z

A double-free issue could have occurred in `sec_pkcs7_decoder_start_decrypt()` when handling an error path. Under specific conditions, the same symmetric key could have been freed twice, potentially leading to memory corruption. This vulnerability affects Firefox < 133, Thunderbird < 133, Firefox ESR < 128.7, and Thunderbird < 128.7.

Published: 2024-11-26T13:33:59.991Z
Updated: 2025-11-03T20:36:29.923Z

Memory safety bugs present in Firefox 132, Firefox ESR 128.4, and Thunderbird 128.4. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 133, Firefox ESR < 128.5, Thunderbird < 133, and Thunderbird < 128.5.

Published: 2024-11-26T13:34:02.646Z
Updated: 2025-11-03T21:52:03.576Z

A flaw in handling fullscreen transitions may have inadvertently caused the application to become stuck in fullscreen mode when a modal dialog was opened during the transition. This issue left users unable to exit fullscreen mode using standard actions like pressing "Esc" or accessing right-click menus, resulting in a disrupted browsing experience until the browser is restarted. *This bug only affects the application when running on macOS. Other operating systems are unaffected.* This vulnerability affects Firefox < 133, Firefox ESR < 128.5, Thunderbird < 133, and Thunderbird < 128.5.

Published: 2024-11-26T13:34:00.682Z
Updated: 2024-11-27T15:20:24.730Z

When handling keypress events, an attacker may have been able to trick a user into bypassing the "Open Executable File?" confirmation dialog. This could have led to malicious code execution. This vulnerability affects Firefox < 133, Firefox ESR < 128.5, Thunderbird < 133, and Thunderbird < 128.5.

Published: 2024-11-26T13:33:59.551Z
Updated: 2025-11-03T21:52:01.996Z

The application failed to account for exceptions thrown by the `loadManifestFromFile` method during add-on signature verification. This flaw, triggered by an invalid or unsupported extension manifest, could have caused runtime errors that disrupted the signature validation process. As a result, the enforcement of signature validation for unrelated add-ons may have been bypassed. Signature validation in this context is used to ensure that third-party applications on the user's computer have not tampered with the user's extensions, limiting the impact of this issue. This vulnerability affects Firefox < 133, Firefox ESR < 128.5, Thunderbird < 133, and Thunderbird < 128.5.

Published: 2024-11-26T13:33:59.172Z
Updated: 2025-11-03T21:52:00.429Z

A crafted URL containing Arabic script and whitespace characters could have hidden the true origin of the page, resulting in a potential spoofing attack. This vulnerability affects Firefox < 133, Firefox ESR < 128.5, Thunderbird < 133, and Thunderbird < 128.5.

Published: 2024-11-26T13:33:58.459Z
Updated: 2025-11-03T21:51:58.908Z

Enhanced Tracking Protection's Strict mode may have inadvertently allowed a CSP `frame-src` bypass and DOM-based XSS through the Google SafeFrame shim in the Web Compatibility extension. This issue could have exposed users to malicious frames masquerading as legitimate content. This vulnerability affects Firefox < 133, Firefox ESR < 128.5, Firefox ESR < 115.18, Thunderbird < 133, Thunderbird < 128.5, and Thunderbird < 115.18.

Published: 2024-11-26T13:33:57.989Z
Updated: 2025-11-03T21:51:57.429Z

The executable file warning was not presented when downloading .library-ms files. *Note: This issue only affected Windows operating systems. Other operating systems are unaffected.* This vulnerability affects Firefox < 133, Firefox ESR < 128.5, Thunderbird < 133, and Thunderbird < 128.5.

Published: 2024-11-26T13:33:57.608Z
Updated: 2024-11-27T15:36:35.662Z

An attacker could cause a select dropdown to be shown over another tab; this could have led to user confusion and possible spoofing attacks. This vulnerability affects Firefox < 133, Firefox ESR < 128.5, Thunderbird < 133, and Thunderbird < 128.5.

Published: 2024-11-26T13:33:56.656Z
Updated: 2025-11-03T21:51:55.987Z

Certain WebGL operations on Apple silicon M series devices could have lead to an out-of-bounds write and memory corruption due to a flaw in Apple's GPU driver. *This bug only affected the application on Apple M series hardware. Other platforms were unaffected.* This vulnerability affects Firefox < 133, Firefox ESR < 128.5, Firefox ESR < 115.18, Thunderbird < 133, Thunderbird < 128.5, and Thunderbird < 115.18.

Published: 2024-11-26T13:33:55.946Z
Updated: 2025-01-06T17:47:24.397Z

Memory safety bugs present in Firefox 131, Firefox ESR 128.3, and Thunderbird 128.3. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 132, Firefox ESR < 128.4, Thunderbird < 128.4, and Thunderbird < 132.

Published: 2024-10-29T12:19:18.057Z
Updated: 2025-11-03T21:51:35.485Z

By sending a specially crafted push message, a remote server could have hung the parent process, causing the browser to become unresponsive. This vulnerability affects Firefox < 132, Firefox ESR < 128.4, Thunderbird < 128.4, and Thunderbird < 132.

Published: 2024-10-29T12:19:17.005Z
Updated: 2025-11-03T21:51:32.544Z

A clipboard "paste" button could persist across tabs which allowed a spoofing attack. This vulnerability affects Firefox < 132, Firefox ESR < 128.4, Thunderbird < 128.4, and Thunderbird < 132.

Published: 2024-10-29T12:19:15.936Z
Updated: 2025-11-03T21:51:29.580Z

Repeated writes to history interface attributes could have been used to cause a Denial of Service condition in the browser. This was addressed by introducing rate-limiting to this API. This vulnerability affects Firefox < 132, Firefox ESR < 128.4, Thunderbird < 128.4, and Thunderbird < 132.

Published: 2024-10-29T12:19:14.864Z
Updated: 2025-11-03T21:51:26.386Z