Mozilla Firefox vulnerabilities
3,197 known vulnerabilities affecting mozilla/firefox.
Total CVEs
3,197
CISA KEV
17
actively exploited
Public exploits
122
Exploited in wild
22
Severity breakdown
CRITICAL865HIGH944MEDIUM1312LOW71UNKNOWN5
Vulnerabilities
Page 110 of 160
CVE-2013-0753CRITICALCVSS 9.3PoCfixed in 18.0≥ 10.0, < 10.0.12+1 more2013-01-13
CVE-2013-0753 [CRITICAL] CWE-416 CVE-2013-0753: Use-after-free vulnerability in the serializeToStream implementation in the XMLSerializer component
Use-after-free vulnerability in the serializeToStream implementation in the XMLSerializer component in Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.2, and SeaMonkey before 2.15 allows remote attackers to execute arbitrary code v
nvd
CVE-2013-0746CRITICALCVSS 9.3fixed in 18.0≥ 10.0, < 10.0.12+1 more2013-01-13
CVE-2013-0746 [CRITICAL] CVE-2013-0746: Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.2, Thunderbird bef
Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.2, and SeaMonkey before 2.15 do not properly implement quickstubs that use the jsval data type for their return values, which allows remote attackers to execute arbitrary code or cause a den
nvd
CVE-2013-0754CRITICALCVSS 9.3fixed in 18.0≥ 10.0, < 10.0.12+1 more2013-01-13
CVE-2013-0754 [CRITICAL] CWE-416 CVE-2013-0754: Use-after-free vulnerability in the ListenerManager implementation in Mozilla Firefox before 18.0, F
Use-after-free vulnerability in the ListenerManager implementation in Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.2, and SeaMonkey before 2.15 allows remote attackers to execute arbitrary code via vectors involving the trigger
nvd
CVE-2013-0764CRITICALCVSS 9.3fixed in 17.0.3fixed in 19.02013-01-13
CVE-2013-0764 [CRITICAL] CWE-326 CVE-2013-0764: The nsSOCKSSocketInfo::ConnectToProxy function in Mozilla Firefox before 18.0, Firefox ESR 17.x befo
The nsSOCKSSocketInfo::ConnectToProxy function in Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.2, and SeaMonkey before 2.15 does not ensure thread safety for SSL sessions, which allows remote attackers to execute arbitrary code via crafted data, as demonstrated by e-mail mes
nvd
CVE-2013-0758CRITICALCVSS 9.3PoCfixed in 18.0≥ 10.0, < 10.0.12+1 more2013-01-13
CVE-2013-0758 [CRITICAL] CWE-94 CVE-2013-0758: Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.2, Thunderbird bef
Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.2, and SeaMonkey before 2.15 allow remote attackers to execute arbitrary JavaScript code with chrome privileges by leveraging improper interaction between plugin objects and SVG eleme
nvd
CVE-2013-0757CRITICALCVSS 9.3PoCfixed in 17.0.2fixed in 18.02013-01-13
CVE-2013-0757 [CRITICAL] CWE-20 CVE-2013-0757: The Chrome Object Wrapper (COW) implementation in Mozilla Firefox before 18.0, Firefox ESR 17.x befo
The Chrome Object Wrapper (COW) implementation in Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.2, and SeaMonkey before 2.15 does not prevent modifications to the prototype of an object, which allows remote attackers to execute arbitrary JavaScript code with chrome privileges
nvd
CVE-2013-0755CRITICALCVSS 9.3fixed in 17.0.2fixed in 18.02013-01-13
CVE-2013-0755 [CRITICAL] CWE-416 CVE-2013-0755: Use-after-free vulnerability in the mozVibrate implementation in the Vibrate library in Mozilla Fire
Use-after-free vulnerability in the mozVibrate implementation in the Vibrate library in Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.2, and SeaMonkey before 2.15 allows remote attackers to execute arbitrary code via vectors related to the domDoc pointer.
nvd
CVE-2013-0750CRITICALCVSS 9.3fixed in 18.0≥ 10.0, < 10.0.12+1 more2013-01-13
CVE-2013-0750 [CRITICAL] CWE-190 CVE-2013-0750: Integer overflow in the JavaScript implementation in Mozilla Firefox before 18.0, Firefox ESR 10.x b
Integer overflow in the JavaScript implementation in Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.2, and SeaMonkey before 2.15 allows remote attackers to execute arbitrary code via a crafted string concatenation, leading to imp
nvd
CVE-2013-0771CRITICALCVSS 9.3fixed in 18.0≥ 10.0, < 10.0.12+1 more2013-01-13
CVE-2013-0771 [CRITICAL] CWE-787 CVE-2013-0771: Heap-based buffer overflow in the gfxTextRun::ShrinkToLigatureBoundaries function in Mozilla Firefox
Heap-based buffer overflow in the gfxTextRun::ShrinkToLigatureBoundaries function in Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.1, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.1, and SeaMonkey before 2.15 allows remote attackers to execute arbitrary code via a crafted document.
nvd
CVE-2013-0768CRITICALCVSS 9.3fixed in 17.0.2fixed in 18.02013-01-13
CVE-2013-0768 [CRITICAL] CWE-787 CVE-2013-0768: Stack-based buffer overflow in the Canvas implementation in Mozilla Firefox before 18.0, Firefox ESR
Stack-based buffer overflow in the Canvas implementation in Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.2, and SeaMonkey before 2.15 allows remote attackers to execute arbitrary code via an HTML document that specifies invalid width and height values.
nvd
CVE-2013-0756CRITICALCVSS 9.3fixed in 17.0.2fixed in 18.02013-01-13
CVE-2013-0756 [CRITICAL] CWE-416 CVE-2013-0756: Use-after-free vulnerability in the obj_toSource function in Mozilla Firefox before 18.0, Firefox ES
Use-after-free vulnerability in the obj_toSource function in Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.2, and SeaMonkey before 2.15 allows remote attackers to execute arbitrary code via a crafted web page referencing JavaScript Proxy objects that are not properly handled
nvd
CVE-2013-0770CRITICALCVSS 9.3fixed in 10.0.12fixed in 18.0+1 more2013-01-13
CVE-2013-0770 [CRITICAL] CVE-2013-0770: Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 18.0, Thunderbi
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 18.0, Thunderbird before 17.0.2, and SeaMonkey before 2.15 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
nvd
CVE-2013-0763CRITICALCVSS 9.3fixed in 18.0≥ 10.0, < 10.0.12+1 more2013-01-13
CVE-2013-0763 [CRITICAL] CWE-416 CVE-2013-0763: Use-after-free vulnerability in Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.1, Thunder
Use-after-free vulnerability in Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.1, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.1, and SeaMonkey before 2.15 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via vectors related to Mesa drivers and a resized WebGL canvas.
nvd
CVE-2013-0769CRITICALCVSS 9.3fixed in 18.0≥ 10.0, < 10.0.12+1 more2013-01-13
CVE-2013-0769 [CRITICAL] CVE-2013-0769: Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 18.0, Firefox E
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.1, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.1, and SeaMonkey before 2.15 allow remote attackers to cause a denial of service (memory corruption and application crash) or po
nvd
CVE-2013-0752CRITICALCVSS 9.3fixed in 17.0.2fixed in 18.02013-01-13
CVE-2013-0752 [CRITICAL] CWE-119 CVE-2013-0752: Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird
Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.2, and SeaMonkey before 2.15 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted XBL file with multiple bindings that have SVG content.
nvd
CVE-2013-0744CRITICALCVSS 9.3fixed in 18.0≥ 10.0, < 10.0.12+1 more2013-01-13
CVE-2013-0744 [CRITICAL] CWE-416 CVE-2013-0744: Use-after-free vulnerability in the TableBackgroundPainter::TableBackgroundData::Destroy function in
Use-after-free vulnerability in the TableBackgroundPainter::TableBackgroundData::Destroy function in Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.2, and SeaMonkey before 2.15 allows remote attackers to execute arbitrary code or
nvd
CVE-2013-0760CRITICALCVSS 9.3fixed in 10.0.11fixed in 18.0+1 more2013-01-13
CVE-2013-0760 [CRITICAL] CWE-120 CVE-2013-0760: Buffer overflow in the CharDistributionAnalysis::HandleOneChar function in Mozilla Firefox before 18
Buffer overflow in the CharDistributionAnalysis::HandleOneChar function in Mozilla Firefox before 18.0, Thunderbird before 17.0.2, and SeaMonkey before 2.15 allows remote attackers to execute arbitrary code via a crafted document.
nvd
CVE-2013-0762CRITICALCVSS 9.3fixed in 18.0≥ 10.0, < 10.0.12+1 more2013-01-13
CVE-2013-0762 [CRITICAL] CWE-416 CVE-2013-0762: Use-after-free vulnerability in the imgRequest::OnStopFrame function in Mozilla Firefox before 18.0,
Use-after-free vulnerability in the imgRequest::OnStopFrame function in Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.1, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.1, and SeaMonkey before 2.15 allows remote attackers to execute arbitrary code or cause a denial of service (h
nvd
CVE-2013-0749CRITICALCVSS 9.3fixed in 18.0≥ 10.0, < 10.0.12+1 more2013-01-13
CVE-2013-0749 [CRITICAL] CVE-2013-0749: Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 18.0, Firefox E
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.1, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.1, and SeaMonkey before 2.15 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vector
nvd
CVE-2013-0761CRITICALCVSS 9.3fixed in 18.0≥ 10.0, < 10.0.12+1 more2013-01-13
CVE-2013-0761 [CRITICAL] CWE-416 CVE-2013-0761: Use-after-free vulnerability in the mozilla::TrackUnionStream::EndTrack implementation in Mozilla Fi
Use-after-free vulnerability in the mozilla::TrackUnionStream::EndTrack implementation in Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.1, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.1, and SeaMonkey before 2.15 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via uns
nvd