Export limit exceeded: 46029 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (46029 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2022-22754 2 Mozilla, Redhat 6 Firefox, Firefox Esr, Thunderbird and 3 more 2025-04-16 6.5 Medium
If a user installed an extension of a particular type, the extension could have auto-updated itself and while doing so, bypass the prompt which grants the new version the new requested permissions. This vulnerability affects Firefox < 97, Thunderbird < 91.6, and Firefox ESR < 91.6.
CVE-2022-22751 2 Mozilla, Redhat 6 Firefox, Firefox Esr, Thunderbird and 3 more 2025-04-16 8.8 High
Mozilla developers Calixte Denizet, Kershaw Chang, Christian Holler, Jason Kratzer, Gabriele Svelto, Tyson Smith, Simon Giesecke, and Steve Fink reported memory safety bugs present in Firefox 95 and Firefox ESR 91.4. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR < 91.5, Firefox < 96, and Thunderbird < 91.5.
CVE-2022-22748 2 Mozilla, Redhat 6 Firefox, Firefox Esr, Thunderbird and 3 more 2025-04-16 6.5 Medium
Malicious websites could have confused Firefox into showing the wrong origin when asking to launch a program and handling an external URL protocol. This vulnerability affects Firefox ESR < 91.5, Firefox < 96, and Thunderbird < 91.5.
CVE-2022-22746 2 Microsoft, Mozilla 4 Windows, Firefox, Firefox Esr and 1 more 2025-04-16 5.9 Medium
A race condition could have allowed bypassing the fullscreen notification which could have lead to a fullscreen window spoof being unnoticed.<br>*This bug only affects Firefox for Windows. Other operating systems are unaffected.*. This vulnerability affects Firefox ESR < 91.5, Firefox < 96, and Thunderbird < 91.5.
CVE-2022-22738 2 Mozilla, Redhat 6 Firefox, Firefox Esr, Thunderbird and 3 more 2025-04-16 8.8 High
Applying a CSS filter effect could have accessed out of bounds memory. This could have lead to a heap-buffer-overflow causing a potentially exploitable crash. This vulnerability affects Firefox ESR < 91.5, Firefox < 96, and Thunderbird < 91.5.
CVE-2024-46601 1 Elspec-ltd 2 G5dfr, G5dfr Firmware 2025-04-16 7.5 High
Elspec Engineering G5 Digital Fault Recorder Firmware v1.2.1.12 was discovered to contain a buffer overflow.
CVE-2022-31740 2 Mozilla, Redhat 6 Firefox, Firefox Esr, Thunderbird and 3 more 2025-04-16 8.8 High
On arm64, WASM code could have resulted in incorrect assembly generation leading to a register allocation problem, and a potentially exploitable crash. This vulnerability affects Thunderbird < 91.10, Firefox < 101, and Firefox ESR < 91.10.
CVE-2022-31738 2 Mozilla, Redhat 6 Firefox, Firefox Esr, Thunderbird and 3 more 2025-04-16 6.5 Medium
When exiting fullscreen mode, an iframe could have confused the browser about the current state of fullscreen, resulting in potential user confusion or spoofing attacks. This vulnerability affects Thunderbird < 91.10, Firefox < 101, and Firefox ESR < 91.10.
CVE-2022-31737 2 Mozilla, Redhat 6 Firefox, Firefox Esr, Thunderbird and 3 more 2025-04-16 9.8 Critical
A malicious webpage could have caused an out-of-bounds write in WebGL, leading to memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird < 91.10, Firefox < 101, and Firefox ESR < 91.10.
CVE-2022-29911 2 Mozilla, Redhat 6 Firefox, Firefox Esr, Thunderbird and 3 more 2025-04-16 6.1 Medium
An improper implementation of the new iframe sandbox keyword <code>allow-top-navigation-by-user-activation</code> could lead to script execution without <code>allow-scripts</code> being present. This vulnerability affects Thunderbird < 91.9, Firefox ESR < 91.9, and Firefox < 100.
CVE-2022-28289 2 Mozilla, Redhat 6 Firefox, Firefox Esr, Thunderbird and 3 more 2025-04-16 8.8 High
Mozilla developers and community members Nika Layzell, Andrew McCreight, Gabriele Svelto, and the Mozilla Fuzzing Team reported memory safety bugs present in Thunderbird 91.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird < 91.8, Firefox < 99, and Firefox ESR < 91.8.
CVE-2022-28286 2 Mozilla, Redhat 6 Firefox, Firefox Esr, Thunderbird and 3 more 2025-04-16 5.4 Medium
Due to a layout change, iframe contents could have been rendered outside of its border. This could have led to user confusion or spoofing attacks. This vulnerability affects Thunderbird < 91.8, Firefox < 99, and Firefox ESR < 91.8.
CVE-2022-28285 2 Mozilla, Redhat 6 Firefox, Firefox Esr, Thunderbird and 3 more 2025-04-16 6.5 Medium
When generating the assembly code for <code>MLoadTypedArrayElementHole</code>, an incorrect AliasSet was used. In conjunction with another vulnerability this could have been used for an out of bounds memory read. This vulnerability affects Thunderbird < 91.8, Firefox < 99, and Firefox ESR < 91.8.
CVE-2022-28284 1 Mozilla 1 Firefox 2025-04-16 8.8 High
SVG's <code>&lt;use&gt;</code> element could have been used to load unexpected content that could have executed script in certain circumstances. While the specification seems to allow this, other browsers do not, and web developers relied on this property for script security so gecko's implementation was aligned with theirs. This vulnerability affects Firefox < 99.
CVE-2022-29914 2 Mozilla, Redhat 6 Firefox, Firefox Esr, Thunderbird and 3 more 2025-04-15 6.5 Medium
When reusing existing popups Firefox would have allowed them to cover the fullscreen notification UI, which could have enabled browser spoofing attacks. This vulnerability affects Thunderbird < 91.9, Firefox ESR < 91.9, and Firefox < 100.
CVE-2022-29913 2 Mozilla, Redhat 4 Thunderbird, Enterprise Linux, Rhel E4s and 1 more 2025-04-15 6.5 Medium
The parent process would not properly check whether the Speech Synthesis feature is enabled, when receiving instructions from a child process. This vulnerability affects Thunderbird < 91.9.
CVE-2025-27204 3 Adobe, Apple, Microsoft 3 After Effects, Macos, Windows 2025-04-15 5.5 Medium
After Effects versions 25.1, 24.6.4 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVE-2025-27202 3 Adobe, Apple, Microsoft 3 Animate, Macos, Windows 2025-04-15 5.5 Medium
Animate versions 24.0.7, 23.0.10 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVE-2025-27201 3 Adobe, Apple, Microsoft 3 Animate, Macos, Windows 2025-04-15 5.5 Medium
Animate versions 24.0.7, 23.0.10 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVE-2022-21801 1 Reolink 2 Rlc-410w, Rlc-410w Firmware 2025-04-15 7.5 High
A denial of service vulnerability exists in the netserver recv_command functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted network request can lead to a reboot. An attacker can send a malicious packet to trigger this vulnerability.