CVSS: 9.4EPSS: 0%CPEs: 7EXPL: 0CVE-2025-9180 – Same-origin policy bypass in the Graphics: Canvas2D component
https://notcve.org/view.php?id=CVE-2025-9180
19 Aug 2025 — 'Same-origin policy bypass in the Graphics: Canvas2D component.' This vulnerability affects Firefox < 142, Firefox ESR < 115.27, Firefox ESR < 128.14, Firefox ESR < 140.2, Thunderbird < 142, Thunderbird < 128.14, and Thunderbird < 140.2. Omisión de política de mismo origen en el componente Gráficos: Canvas2D. Esta vulnerabilidad afecta a Firefox < 142, Firefox ESR < 115.27, Firefox ESR < 128.14, Firefox ESR < 140.2, Thunderbird < 142, Thunderbird < 128.14 y Thunderbird < 140.2. Same-ori... • https://bugzilla.mozilla.org/show_bug.cgi?id=1979782 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-346: Origin Validation Error •
CVSS: 10.0EPSS: 0%CPEs: 7EXPL: 0CVE-2025-9179 – Sandbox escape due to invalid pointer in the Audio/Video: GMP component
https://notcve.org/view.php?id=CVE-2025-9179
19 Aug 2025 — An attacker was able to perform memory corruption in the GMP process which processes encrypted media. This process is also heavily sandboxed, but represents slightly different privileges from the content process. This vulnerability affects Firefox < 142, Firefox ESR < 115.27, Firefox ESR < 128.14, Firefox ESR < 140.2, Thunderbird < 142, Thunderbird < 128.14, and Thunderbird < 140.2. Un atacante logró corromper la memoria en el proceso GMP, que procesa medios cifrados. Este proceso también está fuertemente p... • https://bugzilla.mozilla.org/show_bug.cgi?id=1979527 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 0CVE-2025-8041 – openSUSE Security Advisory - openSUSE-SU-2025:15386-1
https://notcve.org/view.php?id=CVE-2025-8041
27 Jul 2025 — In the address bar, Firefox for Android truncated the display of URLs from the end instead of prioritizing the origin. This vulnerability affects Firefox < 141. En la barra de direcciones, Firefox para Android truncaba la visualización de las URL desde el final en lugar de priorizar el origen. Esta vulnerabilidad afecta a Firefox anterior a la versión 141. These are all security issues fixed in the MozillaFirefox-141.0-1.1 package on the GA media of openSUSE Tumbleweed. • https://bugzilla.mozilla.org/show_bug.cgi?id=1670725 • CWE-451: User Interface (UI) Misrepresentation of Critical Information •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2025-8042 – openSUSE Security Advisory - openSUSE-SU-2025:15386-1
https://notcve.org/view.php?id=CVE-2025-8042
27 Jul 2025 — Firefox for Android allowed a sandboxed iframe without the `allow-downloads` attribute to start downloads. This vulnerability affects Firefox < 141. Firefox para Android permitía un iframe de la sandbox sin el atributo `allow-downloads` para iniciar descargas. Esta vulnerabilidad afecta a Firefox anterior a la versión 141. These are all security issues fixed in the MozillaFirefox-141.0-1.1 package on the GA media of openSUSE Tumbleweed. • https://bugzilla.mozilla.org/show_bug.cgi?id=1791322 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-0754 – Ubuntu Security Notice USN-6610-2
https://notcve.org/view.php?id=CVE-2024-0754
23 Jan 2024 — Some WASM source files could have caused a crash when loaded in devtools. This vulnerability affects Firefox < 122. Algunos archivos fuente WASM podrían haber provocado un bloqueo al cargarlos en devtools. Esta vulnerabilidad afecta a Firefox < 122. USN-6610-1 fixed vulnerabilities in Firefox. • https://bugzilla.mozilla.org/show_bug.cgi?id=1871605 • CWE-248: Uncaught Exception •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-0752 – Gentoo Linux Security Advisory 202402-26
https://notcve.org/view.php?id=CVE-2024-0752
23 Jan 2024 — A use-after-free crash could have occurred on macOS if a Firefox update were being applied on a very busy system. This could have resulted in an exploitable crash. This vulnerability affects Firefox < 122. Podría haberse producido un bloqueo de use-after-free en macOS si se estuviera aplicando una actualización de Firefox en un sistema muy ocupado. Esto podría haber resultado en un fallo explotable. • https://bugzilla.mozilla.org/show_bug.cgi?id=1866840 • CWE-416: Use After Free •
CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-0748 – Ubuntu Security Notice USN-6610-2
https://notcve.org/view.php?id=CVE-2024-0748
23 Jan 2024 — A compromised content process could have updated the document URI. This could have allowed an attacker to set an arbitrary URI in the address bar or history. This vulnerability affects Firefox < 122. Un proceso de contenido comprometido podría haber actualizado el URI del documento. Esto podría haber permitido a un atacante establecer un URI arbitrario en la barra de direcciones o en el historial. • https://bugzilla.mozilla.org/show_bug.cgi?id=1783504 •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-0745 – Ubuntu Security Notice USN-6610-1
https://notcve.org/view.php?id=CVE-2024-0745
23 Jan 2024 — The WebAudio `OscillatorNode` object was susceptible to a stack buffer overflow. This could have led to a potentially exploitable crash. This vulnerability affects Firefox < 122. El objeto WebAudio `OscillatorNode` era susceptible a un desbordamiento de búfer en la región stack de la memoria. Esto podría haber provocado un fallo potencialmente explotable. • https://bugzilla.mozilla.org/show_bug.cgi?id=1871838 • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-0744 – Gentoo Linux Security Advisory 202402-26
https://notcve.org/view.php?id=CVE-2024-0744
23 Jan 2024 — In some circumstances, JIT compiled code could have dereferenced a wild pointer value. This could have led to an exploitable crash. This vulnerability affects Firefox < 122. En algunas circunstancias, el código compilado JIT podría haber eliminado la referencia a un valor de puntero salvaje. Esto podría haber provocado un fallo explotable. • https://bugzilla.mozilla.org/show_bug.cgi?id=1871089 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-0743 – Mozilla: Crash in NSS TLS method
https://notcve.org/view.php?id=CVE-2024-0743
23 Jan 2024 — An unchecked return value in TLS handshake code could have caused a potentially exploitable crash. This vulnerability affects Firefox < 122, Firefox ESR < 115.9, and Thunderbird < 115.9. Un valor de retorno no verificado en el código de protocolo de enlace TLS podría haber causado un bloqueo potencialmente explotable. Esta vulnerabilidad afecta a Firefox < 122. The Mozilla Foundation Security Advisory describes this flaw as: An unchecked return value in TLS handshake code could have caused a potentially ... • https://bugzilla.mozilla.org/show_bug.cgi?id=1867408 • CWE-252: Unchecked Return Value •