Mozilla Firefox vulnerabilities

CVE-2012-4182 [CRITICAL] CWE-416 CVE-2012-4182: Use-after-free vulnerability in the nsTextEditRules::WillInsert function in Mozilla Firefox before 1 Use-after-free vulnerability in the nsTextEditRules::WillInsert function in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors

CVE-2025-4918 [CRITICAL] CWE-125 CVE-2025-4918: An attacker was able to perform an out-of-bounds read or write on a JavaScript `Promise` object. Thi An attacker was able to perform an out-of-bounds read or write on a JavaScript `Promise` object. This vulnerability was fixed in Firefox 138.0.4, Firefox ESR 128.10.1, Firefox ESR 115.23.1, Thunderbird 128.10.2, and Thunderbird 138.0.2.

CVE-2013-1704 [CRITICAL] CWE-399 CVE-2013-1704: Use-after-free vulnerability in the nsINode::GetParentNode function in Mozilla Firefox before 23.0 a Use-after-free vulnerability in the nsINode::GetParentNode function in Mozilla Firefox before 23.0 and SeaMonkey before 2.20 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption and application crash) via vectors involving a DOM modification at the time of a SetBody mutation event.

CVE-2017-5435 [CRITICAL] CWE-416 CVE-2017-5435: A use-after-free vulnerability occurs during transaction processing in the editor during design mode A use-after-free vulnerability occurs during transaction processing in the editor during design mode interactions. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53.

CVE-2019-9796 [CRITICAL] CWE-416 CVE-2019-9796: A use-after-free vulnerability can occur when the SMIL animation controller incorrectly registers wi A use-after-free vulnerability can occur when the SMIL animation controller incorrectly registers with the refresh driver twice when only a single registration is expected. When a registration is later freed with the removal of the animation controller element, the refresh driver incorrectly leaves a dangling pointer to the driver's observer array.

CVE-2019-9795 [CRITICAL] CWE-617 CVE-2019-9795: A vulnerability where type-confusion in the IonMonkey just-in-time (JIT) compiler could potentially A vulnerability where type-confusion in the IonMonkey just-in-time (JIT) compiler could potentially be used by malicious JavaScript to trigger a potentially exploitable crash. This vulnerability affects Thunderbird < 60.6, Firefox ESR < 60.6, and Firefox < 66.

CVE-2019-9790 [CRITICAL] CWE-416 CVE-2019-9790: A use-after-free vulnerability can occur when a raw pointer to a DOM element on a page is obtained u A use-after-free vulnerability can occur when a raw pointer to a DOM element on a page is obtained using JavaScript and the element is then removed while still in use. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 60.6, Firefox ESR < 60.6, and Firefox < 66.

CVE-2016-5257 [CRITICAL] CWE-119 CVE-2016-5257: Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 49.0, Firefox E Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4 and Thunderbird < 45.4 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

CVE-2009-3981 [CRITICAL] CVE-2009-3981: Unspecified vulnerability in the browser engine in Mozilla Firefox before 3.0.16, SeaMonkey before 2 Unspecified vulnerability in the browser engine in Mozilla Firefox before 3.0.16, SeaMonkey before 2.0.1, and Thunderbird allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

CVE-2009-1838 [CRITICAL] CWE-94 CVE-2009-1838: The garbage-collection implementation in Mozilla Firefox before 3.0.11, Thunderbird before 2.0.0.22, The garbage-collection implementation in Mozilla Firefox before 3.0.11, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.17 sets an element's owner document to null in unspecified circumstances, which allows remote attackers to execute arbitrary JavaScript with chrome privileges via a crafted event handler, related to an incorrect context for th

CVE-2010-3767 [CRITICAL] CWE-189 CVE-2010-3767: Integer overflow in the NewIdArray function in Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13 Integer overflow in the NewIdArray function in Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13, and SeaMonkey before 2.0.11, allows remote attackers to execute arbitrary code via a JavaScript array with many elements.

CVE-2013-1738 [CRITICAL] CWE-399 CVE-2013-1738: Use-after-free vulnerability in the JS_GetGlobalForScopeChain function in Mozilla Firefox before 24. Use-after-free vulnerability in the JS_GetGlobalForScopeChain function in Mozilla Firefox before 24.0, Thunderbird before 24.0, and SeaMonkey before 2.21 allows remote attackers to execute arbitrary code by leveraging incorrect garbage collection in situations involving default compartments and frame-chain restoration.

CVE-2019-11693 [CRITICAL] CWE-787 CVE-2019-11693: The bufferdata function in WebGL is vulnerable to a buffer overflow with specific graphics drivers o The bufferdata function in WebGL is vulnerable to a buffer overflow with specific graphics drivers on Linux. This could result in malicious content freezing a tab or triggering a potentially exploitable crash. *Note: this issue only occurs on Linux. Other operating systems are unaffected.*. This vulnerability affects Thunderbird < 60.7, Firefox <

CVE-2014-1477 [CRITICAL] CVE-2014-1477: Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 27.0, Firefox E Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, and SeaMonkey before 2.24 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

CVE-2010-1201 [CRITICAL] CVE-2010-1201: Unspecified vulnerability in the browser engine in Mozilla Firefox 3.5.x before 3.5.10, Thunderbird Unspecified vulnerability in the browser engine in Mozilla Firefox 3.5.x before 3.5.10, Thunderbird before 3.0.5, and SeaMonkey before 2.0.5 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

CVE-2020-6814 [CRITICAL] CWE-787 CVE-2020-6814: Mozilla developers reported memory safety bugs present in Firefox and Thunderbird 68.5. Some of thes Mozilla developers reported memory safety bugs present in Firefox and Thunderbird 68.5. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird < 68.6, Firefox < 74, Firefox < ESR68.6, and Firefox ESR < 68.6.

CVE-2017-5433 [CRITICAL] CWE-416 CVE-2017-5433: A use-after-free vulnerability in SMIL animation functions occurs when pointers to animation element A use-after-free vulnerability in SMIL animation functions occurs when pointers to animation elements in an array are dropped from the animation controller while still in use. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53.

CVE-2017-5443 [CRITICAL] CWE-787 CVE-2017-5443: An out-of-bounds write vulnerability while decoding improperly formed BinHex format archives. This v An out-of-bounds write vulnerability while decoding improperly formed BinHex format archives. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53.

CVE-2017-5460 [CRITICAL] CWE-416 CVE-2017-5460: A use-after-free vulnerability in frame selection triggered by a combination of malicious script con A use-after-free vulnerability in frame selection triggered by a combination of malicious script content and key presses by a user. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53.

CVE-2012-5829 [CRITICAL] CWE-787 CVE-2012-5829: Heap-based buffer overflow in the nsWindow::OnExposeEvent function in Mozilla Firefox before 17.0, F Heap-based buffer overflow in the nsWindow::OnExposeEvent function in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 allows remote attackers to execute arbitrary code via unspecified vectors.