Mozilla Firefox vulnerabilities
3,197 known vulnerabilities affecting mozilla/firefox.
Total CVEs
3,197
CISA KEV
17
actively exploited
Public exploits
122
Exploited in wild
22
Severity breakdown
CRITICAL865HIGH944MEDIUM1312LOW71UNKNOWN5
Vulnerabilities
Page 115 of 160
CVE-2012-1971CRITICALCVSS 9.3≤ 14.0v1.0+129 more2012-08-29
CVE-2012-1971 [CRITICAL] CVE-2012-1971: Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 15.0, Thunderbi
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 15.0, Thunderbird before 15.0, and SeaMonkey before 2.12 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to garbage collection after certain MethodJIT execution, and unknown
nvd
CVE-2012-3968CRITICALCVSS 10.0fixed in 15.0≥ 10.0, < 10.0.72012-08-29
CVE-2012-3968 [CRITICAL] CWE-416 CVE-2012-3968: Use-after-free vulnerability in the WebGL implementation in Mozilla Firefox before 15.0, Firefox ESR
Use-after-free vulnerability in the WebGL implementation in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code via vectors related to deletion of a fragment shader by its accessor.
nvd
CVE-2012-3960CRITICALCVSS 10.0fixed in 15.0≥ 10.0, < 10.0.72012-08-29
CVE-2012-3960 [CRITICAL] CWE-416 CVE-2012-3960: Use-after-free vulnerability in the mozSpellChecker::SetCurrentDictionary function in Mozilla Firefo
Use-after-free vulnerability in the mozSpellChecker::SetCurrentDictionary function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecifi
nvd
CVE-2012-3957CRITICALCVSS 10.0fixed in 15.0≥ 10.0, < 10.0.72012-08-29
CVE-2012-3957 [CRITICAL] CWE-787 CVE-2012-3957: Heap-based buffer overflow in the nsBlockFrame::MarkLineDirty function in Mozilla Firefox before 15.
Heap-based buffer overflow in the nsBlockFrame::MarkLineDirty function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code via unspecified vectors.
nvd
CVE-2012-3965CRITICALCVSS 9.3≤ 14.0v1.0+129 more2012-08-29
CVE-2012-3965 [CRITICAL] CWE-264 CVE-2012-3965: Mozilla Firefox before 15.0 does not properly restrict navigation to the about:newtab page, which al
Mozilla Firefox before 15.0 does not properly restrict navigation to the about:newtab page, which allows remote attackers to execute arbitrary JavaScript code with chrome privileges via a crafted web site that triggers creation of a new tab and then a new window.
nvd
CVE-2012-3961CRITICALCVSS 10.0fixed in 15.0≥ 10.0, < 10.0.72012-08-29
CVE-2012-3961 [CRITICAL] CWE-416 CVE-2012-3961: Use-after-free vulnerability in the RangeData implementation in Mozilla Firefox before 15.0, Firefox
Use-after-free vulnerability in the RangeData implementation in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors.
nvd
CVE-2012-3956CRITICALCVSS 10.0fixed in 15.0≥ 10.0, < 10.0.72012-08-29
CVE-2012-3956 [CRITICAL] CWE-416 CVE-2012-3956: Use-after-free vulnerability in the MediaStreamGraphThreadRunnable::Run function in Mozilla Firefox
Use-after-free vulnerability in the MediaStreamGraphThreadRunnable::Run function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified
nvd
CVE-2012-3971CRITICALCVSS 10.0≤ 14.0v1.0+129 more2012-08-29
CVE-2012-3971 [CRITICAL] CWE-119 CVE-2012-3971: Summer Institute of Linguistics (SIL) Graphite 2, as used in Mozilla Firefox before 15.0, Thunderbir
Summer Institute of Linguistics (SIL) Graphite 2, as used in Mozilla Firefox before 15.0, Thunderbird before 15.0, and SeaMonkey before 2.12, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via vectors related to the (1) Silf::readClassMap and (2) Pass::readPass functions.
nvd
CVE-2012-3963CRITICALCVSS 10.0fixed in 15.0≥ 10.0, < 10.0.72012-08-29
CVE-2012-3963 [CRITICAL] CWE-416 CVE-2012-3963: Use-after-free vulnerability in the js::gc::MapAllocToTraceKind function in Mozilla Firefox before 1
Use-after-free vulnerability in the js::gc::MapAllocToTraceKind function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code via unspecified vectors.
nvd
CVE-2012-3970CRITICALCVSS 10.0v10.0v10.0.1+133 more2012-08-29
CVE-2012-3970 [CRITICAL] CWE-399 CVE-2012-3970: Use-after-free vulnerability in the nsTArray_base::Length function in Mozilla Firefox before 15.0, F
Use-after-free vulnerability in the nsTArray_base::Length function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via vectors involving movemen
nvd
CVE-2012-3959CRITICALCVSS 10.0fixed in 15.0≥ 10.0, < 10.0.72012-08-29
CVE-2012-3959 [CRITICAL] CWE-416 CVE-2012-3959: Use-after-free vulnerability in the nsRangeUpdater::SelAdjDeleteNode function in Mozilla Firefox bef
Use-after-free vulnerability in the nsRangeUpdater::SelAdjDeleteNode function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified ve
nvd
CVE-2012-1974CRITICALCVSS 10.0fixed in 15.0≥ 10.0, < 10.0.72012-08-29
CVE-2012-1974 [CRITICAL] CWE-416 CVE-2012-1974: Use-after-free vulnerability in the gfxTextRun::CanBreakLineBefore function in Mozilla Firefox befor
Use-after-free vulnerability in the gfxTextRun::CanBreakLineBefore function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vect
nvd
CVE-2012-3973HIGHCVSS 7.6≤ 14.0v1.0+129 more2012-08-29
CVE-2012-3973 [HIGH] CWE-264 CVE-2012-3973: The debugger in the developer-tools subsystem in Mozilla Firefox before 15.0, when remote debugging
The debugger in the developer-tools subsystem in Mozilla Firefox before 15.0, when remote debugging is disabled, does not properly restrict access to the remote-debugging service, which allows remote attackers to execute arbitrary code by leveraging the presence of the HTTPMonitor extension and connecting to that service through the HTTPMonitor port.
nvd
CVE-2012-3972MEDIUMCVSS 5.0fixed in 15.0≥ 10.0, < 10.0.72012-08-29
CVE-2012-3972 [MEDIUM] CWE-200 CVE-2012-3972: The format-number functionality in the XSLT implementation in Mozilla Firefox before 15.0, Firefox E
The format-number functionality in the XSLT implementation in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to obtain sensitive information via unspecified vectors that trigger a heap-based buffer over-read.
nvd
CVE-2012-3975MEDIUMCVSS 4.3≤ 14.0v1.0+129 more2012-08-29
CVE-2012-3975 [MEDIUM] CWE-200 CVE-2012-3975: The DOMParser component in Mozilla Firefox before 15.0, Thunderbird before 15.0, and SeaMonkey befor
The DOMParser component in Mozilla Firefox before 15.0, Thunderbird before 15.0, and SeaMonkey before 2.12 loads subresources during parsing of text/html data within an extension, which allows remote attackers to obtain sensitive information by providing crafted data to privileged extension code.
nvd
CVE-2012-3976MEDIUMCVSS 4.3fixed in 15.0≥ 10.0, < 10.0.72012-08-29
CVE-2012-3976 [MEDIUM] CWE-200 CVE-2012-3976: Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, and SeaMonkey before 2.12 do not proper
Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, and SeaMonkey before 2.12 do not properly handle onLocationChange events during navigation between different https sites, which allows remote attackers to spoof the X.509 certificate information in the address bar via a crafted web page.
nvd
CVE-2012-3974MEDIUMCVSS 6.9≤ 14.0v1.0+133 more2012-08-29
CVE-2012-3974 [MEDIUM] CWE-399 CVE-2012-3974: Untrusted search path vulnerability in the installer in Mozilla Firefox before 15.0, Firefox ESR 10.
Untrusted search path vulnerability in the installer in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, and Thunderbird ESR 10.x before 10.0.7 on Windows allows local users to gain privileges via a Trojan horse executable file in a root directory.
nvd
CVE-2012-1956MEDIUMCVSS 4.3≤ 14.0v1.0+129 more2012-08-29
CVE-2012-1956 [MEDIUM] CWE-79 CVE-2012-1956: Mozilla Firefox before 15.0, Thunderbird before 15.0, and SeaMonkey before 2.12 do not prevent use o
Mozilla Firefox before 15.0, Thunderbird before 15.0, and SeaMonkey before 2.12 do not prevent use of the Object.defineProperty method to shadow the location object (aka window.location), which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via vectors involving a plugin.
nvd
CVE-2012-3978MEDIUMCVSS 6.8v10.0v10.0.1+133 more2012-08-29
CVE-2012-3978 [MEDIUM] CWE-264 CVE-2012-3978: The nsLocation::CheckURL function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Th
The nsLocation::CheckURL function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 does not properly follow the security model of the location object, which allows remote attackers to bypass intended content-loading restrictions or possibly have unspe
nvd
CVE-2012-3979MEDIUMCVSS 6.8≤ 14.0v0.1+149 more2012-08-29
CVE-2012-3979 [MEDIUM] CVE-2012-3979: Mozilla Firefox before 15.0 on Android does not properly implement unspecified callers of the __andr
Mozilla Firefox before 15.0 on Android does not properly implement unspecified callers of the __android_log_print function, which allows remote attackers to execute arbitrary code via a crafted web page that calls the JavaScript dump function.
nvd