Mozilla Firefox vulnerabilities
3,148 known vulnerabilities affecting mozilla/firefox.
Total CVEs
3,148
CISA KEV
17
actively exploited
Public exploits
122
Exploited in wild
22
Severity breakdown
CRITICAL862HIGH921MEDIUM1295LOW70
Vulnerabilities
Page 68 of 158
CVE-2017-5391CRITICALCVSS 9.8fixed in 51.0≥ unspecified, < 512018-06-11
CVE-2017-5391 [CRITICAL] CVE-2017-5391: Special "about:" pages used by web content, such as RSS feeds, can load privileged "about:" pages in
Special "about:" pages used by web content, such as RSS feeds, can load privileged "about:" pages in an iframe. If a content-injection bug were found in one of those pages this could allow for potential privilege escalation. This vulnerability affects Firefox < 51.
nvdosv
CVE-2017-5471CRITICALCVSS 9.8fixed in 54.0≥ unspecified, < 542018-06-11
CVE-2017-5471 [CRITICAL] CWE-119 CVE-2017-5471: Memory safety bugs were reported in Firefox 53. Some of these bugs showed evidence of memory corrupt
Memory safety bugs were reported in Firefox 53. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 54.
nvdosv
CVE-2017-7753CRITICALCVSS 9.1fixed in 55.0fixed in 52.3.0+1 more2018-06-11
CVE-2017-7753 [CRITICAL] CWE-125 CVE-2017-7753: An out-of-bounds read occurs when applying style rules to pseudo-elements, such as ::first-line, usi
An out-of-bounds read occurs when applying style rules to pseudo-elements, such as ::first-line, using cached style data. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55.
nvdosv
CVE-2016-5289CRITICALCVSS 9.8fixed in 50.0≥ unspecified, < 502018-06-11
CVE-2016-5289 [CRITICAL] CWE-119 CVE-2016-5289: Memory safety bugs were reported in Firefox 49. Some of these bugs showed evidence of memory corrupt
Memory safety bugs were reported in Firefox 49. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 50.
nvdosv
CVE-2017-7751CRITICALCVSS 9.8fixed in 54.0fixed in 52.2.0+1 more2018-06-11
CVE-2017-7751 [CRITICAL] CWE-416 CVE-2017-7751: A use-after-free vulnerability with content viewer listeners that results in a potentially exploitab
A use-after-free vulnerability with content viewer listeners that results in a potentially exploitable crash. This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and Thunderbird < 52.2.
nvd
CVE-2017-5443CRITICALCVSS 9.8fixed in 45.9.0fixed in 53.0+2 more2018-06-11
CVE-2017-5443 [CRITICAL] CWE-787 CVE-2017-5443: An out-of-bounds write vulnerability while decoding improperly formed BinHex format archives. This v
An out-of-bounds write vulnerability while decoding improperly formed BinHex format archives. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53.
nvd
CVE-2016-9893CRITICALCVSS 9.8fixed in 50.1fixed in 45.6.0+1 more2018-06-11
CVE-2016-9893 [CRITICAL] CWE-119 CVE-2016-9893: Memory safety bugs were reported in Thunderbird 45.5. Some of these bugs showed evidence of memory c
Memory safety bugs were reported in Thunderbird 45.5. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 50.1, Firefox ESR < 45.6, and Thunderbird < 45.6.
nvd
CVE-2017-5472CRITICALCVSS 9.8fixed in 54.0fixed in 52.2.0+1 more2018-06-11
CVE-2017-5472 [CRITICAL] CWE-416 CVE-2017-5472: A use-after-free vulnerability with the frameloader during tree reconstruction while regenerating CS
A use-after-free vulnerability with the frameloader during tree reconstruction while regenerating CSS layout when attempting to use a node in the tree that no longer exists. This results in a potentially exploitable crash. This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and Thunderbird < 52.2.
nvd
CVE-2018-5095CRITICALCVSS 9.8fixed in 58.0fixed in 52.6.0+1 more2018-06-11
CVE-2018-5095 [CRITICAL] CWE-190 CVE-2018-5095: An integer overflow vulnerability in the Skia library when allocating memory for edge builders on so
An integer overflow vulnerability in the Skia library when allocating memory for edge builders on some systems with at least 8 GB of RAM. This results in the use of uninitialized memory, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.6, Firefox ESR < 52.6, and Firefox < 58.
nvd
CVE-2017-5377CRITICALCVSS 9.8fixed in 51.0≥ unspecified, < 512018-06-11
CVE-2017-5377 [CRITICAL] CWE-119 CVE-2017-5377: A memory corruption vulnerability in Skia that can occur when using transforms to make gradients, re
A memory corruption vulnerability in Skia that can occur when using transforms to make gradients, resulting in a potentially exploitable crash. This vulnerability affects Firefox < 51.
nvdosv
CVE-2017-5465CRITICALCVSS 9.1PoCfixed in 45.9.0fixed in 53.0+2 more2018-06-11
CVE-2017-5465 [CRITICAL] CWE-125 CVE-2017-5465: An out-of-bounds read while processing SVG content in "ConvolvePixel". This results in a crash and a
An out-of-bounds read while processing SVG content in "ConvolvePixel". This results in a crash and also allows for otherwise inaccessible memory being copied into SVG graphic content, which could then displayed. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53.
nvd
CVE-2017-5397CRITICALCVSS 9.8fixed in 51.0.3≥ unspecified, < 51.0.32018-06-11
CVE-2017-5397 [CRITICAL] CWE-829 CVE-2017-5397: The cache directory on the local file system is set to be world writable. Firefox defaults to extrac
The cache directory on the local file system is set to be world writable. Firefox defaults to extracting libraries from this cache. This allows for the possibility of an installed malicious application or tools with write access to the file system to replace files used by Firefox with their own versions. This vulnerability affects Firefox < 51.0.3.
nvd
CVE-2017-5447CRITICALCVSS 9.1PoCfixed in 45.9.0fixed in 53.0+2 more2018-06-11
CVE-2017-5447 [CRITICAL] CWE-416 CVE-2017-5447: An out-of-bounds read during the processing of glyph widths during text layout. This results in a po
An out-of-bounds read during the processing of glyph widths during text layout. This results in a potentially exploitable crash and could allow an attacker to read otherwise inaccessible memory. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53.
nvd
CVE-2017-7819CRITICALCVSS 9.8fixed in 52.4.0fixed in 56.0+1 more2018-06-11
CVE-2017-7819 [CRITICAL] CWE-416 CVE-2017-7819: A use-after-free vulnerability can occur in design mode when image objects are resized if objects re
A use-after-free vulnerability can occur in design mode when image objects are resized if objects referenced during the resizing have been freed from memory. This results in a potentially exploitable crash. This vulnerability affects Firefox < 56, Firefox ESR < 52.4, and Thunderbird < 52.4.
nvd
CVE-2017-7784CRITICALCVSS 9.8fixed in 55.02018-06-11
CVE-2017-7784 [CRITICAL] CWE-416 CVE-2017-7784: A use-after-free vulnerability can occur when reading an image observer during frame reconstruction
A use-after-free vulnerability can occur when reading an image observer during frame reconstruction after the observer has been freed. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55.
nvd
CVE-2017-5430CRITICALCVSS 9.8fixed in 52.1.0fixed in 53.0+1 more2018-06-11
CVE-2017-5430 [CRITICAL] CWE-119 CVE-2017-5430: Memory safety bugs were reported in Firefox 52, Firefox ESR 52, and Thunderbird 52. Some of these bu
Memory safety bugs were reported in Firefox 52, Firefox ESR 52, and Thunderbird 52. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 52.1, and Firefox < 53.
nvdosv
CVE-2018-5128CRITICALCVSS 9.8fixed in 59.0≥ unspecified, < 592018-06-11
CVE-2018-5128 [CRITICAL] CWE-416 CVE-2018-5128: A use-after-free vulnerability can occur when manipulating elements, events, and selection ranges du
A use-after-free vulnerability can occur when manipulating elements, events, and selection ranges during editor operations. This results in a potentially exploitable crash. This vulnerability affects Firefox < 59.
nvdosv
CVE-2017-5390CRITICALCVSS 9.8fixed in 51.0fixed in 45.7.0+1 more2018-06-11
CVE-2017-5390 [CRITICAL] CVE-2017-5390: The JSON viewer in the Developer Tools uses insecure methods to create a communication channel for c
The JSON viewer in the Developer Tools uses insecure methods to create a communication channel for copying and viewing JSON or HTTP headers data, allowing for potential privilege escalation. This vulnerability affects Thunderbird < 45.7, Firefox ESR < 45.7, and Firefox < 51.
nvd
CVE-2017-7750CRITICALCVSS 9.8fixed in 54.0fixed in 52.2.0+1 more2018-06-11
CVE-2017-7750 [CRITICAL] CWE-416 CVE-2017-7750: A use-after-free vulnerability during video control operations when a "<track>" element holds a refe
A use-after-free vulnerability during video control operations when a "" element holds a reference to an older window if that window has been replaced in the DOM. This results in a potentially exploitable crash. This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and Thunderbird < 52.2.
nvd
CVE-2017-5435CRITICALCVSS 9.8fixed in 53.0v52.0+2 more2018-06-11
CVE-2017-5435 [CRITICAL] CWE-416 CVE-2017-5435: A use-after-free vulnerability occurs during transaction processing in the editor during design mode
A use-after-free vulnerability occurs during transaction processing in the editor during design mode interactions. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53.
nvd