Mozilla Firefox Esr
712 CVEs affecting Mozilla Firefox Esr. Latest disclosed: 2024-11-26. Critical: 1, High: 2.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2017-5461 | Critical | 9.8 | 2017-05-11 | Mozilla Network Security Services (NSS) before 3.21.4, 3.22.x through 3.28.x before 3.28.4, 3.29.x before 3.29.5, and 3.30.x before 3.30.1 allows remote attack… |
CVE-2024-4367 | High | 8.8 | 2024-05-14 | A type check was missing when handling fonts in PDF.js, which would allow arbitrary JavaScript execution in the PDF.js context. This vulnerability affects Fire… |
CVE-2017-5031 | High | 8.8 | 2017-04-24 | A use after free in ANGLE in Google Chrome prior to 57.0.2987.98 for Windows allowed a remote attacker to perform an out of bounds memory read via a crafted HT… |
CVE-2024-11699 | | 2024-11-26 | Memory safety bugs present in Firefox 132, Firefox ESR 128.4, and Thunderbird 128.4. Some of these bugs showed evidence of memory corruption and we presume tha… | |
CVE-2024-11698 | | 2024-11-26 | A flaw in handling fullscreen transitions may have inadvertently caused the application to become stuck in fullscreen mode when a modal dialog was opened durin… | |
CVE-2024-11704 | | 2024-11-26 | A double-free issue could have occurred in `sec_pkcs7_decoder_start_decrypt()` when handling an error path. Under specific conditions, the same symmetric key c… | |
CVE-2024-11697 | | 2024-11-26 | When handling keypress events, an attacker may have been able to trick a user into bypassing the "Open Executable File?" confirmation dialog. This could have l… | |
CVE-2024-11696 | | 2024-11-26 | The application failed to account for exceptions thrown by the `loadManifestFromFile` method during add-on signature verification. This flaw, triggered by an i… | |
CVE-2024-11695 | | 2024-11-26 | A crafted URL containing Arabic script and whitespace characters could have hidden the true origin of the page, resulting in a potential spoofing attack. This… | |
CVE-2024-11694 | | 2024-11-26 | Enhanced Tracking Protection's Strict mode may have inadvertently allowed a CSP `frame-src` bypass and DOM-based XSS through the Google SafeFrame shim in the W… | |
CVE-2024-11693 | | 2024-11-26 | The executable file warning was not presented when downloading .library-ms files. *Note: This issue only affected Windows operating systems. Other operating… | |
CVE-2024-11692 | | 2024-11-26 | An attacker could cause a select dropdown to be shown over another tab; this could have led to user confusion and possible spoofing attacks. This vulnerability… | |
CVE-2024-11691 | | 2024-11-26 | Certain WebGL operations on Apple silicon M series devices could have lead to an out-of-bounds write and memory corruption due to a flaw in Apple's GPU driver… | |
CVE-2024-10467 | | 2024-10-29 | Memory safety bugs present in Firefox 131, Firefox ESR 128.3, and Thunderbird 128.3. Some of these bugs showed evidence of memory corruption and we presume tha… | |
CVE-2024-10466 | | 2024-10-29 | By sending a specially crafted push message, a remote server could have hung the parent process, causing the browser to become unresponsive. This vulnerability… | |
CVE-2024-10465 | | 2024-10-29 | A clipboard "paste" button could persist across tabs which allowed a spoofing attack. This vulnerability affects Firefox < 132, Firefox ESR < 128.4, Thunderbir… | |
CVE-2024-10464 | | 2024-10-29 | Repeated writes to history interface attributes could have been used to cause a Denial of Service condition in the browser. This was addressed by introducing r… | |
CVE-2024-10463 | | 2024-10-29 | Video frames could have been leaked between origins in some situations. This vulnerability affects Firefox < 132, Firefox ESR < 128.4, Firefox ESR < 115.17, Th… | |
CVE-2024-10462 | | 2024-10-29 | Truncation of a long URL could have allowed origin spoofing in a permission prompt. This vulnerability affects Firefox < 132, Firefox ESR < 128.4, Thunderbird… | |
CVE-2024-10461 | | 2024-10-29 | In multipart/x-mixed-replace responses, `Content-Disposition: attachment` in the response header was not respected and did not force a download, which could al… |