CVSS: 10.0EPSS: 0%CPEs: 3EXPL: 0CVE-2025-6433
https://notcve.org/view.php?id=CVE-2025-6433
24 Jun 2025 — This vulnerability affects Firefox < 140. • https://bugzilla.mozilla.org/show_bug.cgi?id=1954033 • CWE-295: Improper Certificate Validation •
CVSS: 9.4EPSS: 0%CPEs: 3EXPL: 0CVE-2025-6427
https://notcve.org/view.php?id=CVE-2025-6427
24 Jun 2025 — This vulnerability affects Firefox < 140. • https://bugzilla.mozilla.org/show_bug.cgi?id=1966927 • CWE-693: Protection Mechanism Failure •
CVSS: 10.0EPSS: 0%CPEs: 14EXPL: 0CVE-2025-6426
https://notcve.org/view.php?id=CVE-2025-6426
24 Jun 2025 — *This bug only affects Firefox for macOS. Other versions of Firefox are unaffected.* This vulnerability affects Firefox < 140 and Firefox ESR < 128.12. • https://bugzilla.mozilla.org/show_bug.cgi?id=1964385 • CWE-345: Insufficient Verification of Data Authenticity •
CVSS: 10.0EPSS: 0%CPEs: 15EXPL: 0CVE-2025-6424 – firefox: Use-after-free in FontFaceSet
https://notcve.org/view.php?id=CVE-2025-6424
24 Jun 2025 — This vulnerability affects Firefox < 140, Firefox ESR < 115.25, and Firefox ESR < 128.12. A flaw was found in Firefox. • https://bugzilla.mozilla.org/show_bug.cgi?id=1966423 • CWE-416: Use After Free •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2025-49710
https://notcve.org/view.php?id=CVE-2025-49710
11 Jun 2025 — An integer overflow was present in `OrderedHashTable` used by the JavaScript engine This vulnerability affects Firefox < 139.0.4. ... Esta vulnerabilidad afecta a Firefox < 139.0.4. • https://bugzilla.mozilla.org/show_bug.cgi?id=1970095 • CWE-190: Integer Overflow or Wraparound •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2025-49709
https://notcve.org/view.php?id=CVE-2025-49709
11 Jun 2025 — This vulnerability affects Firefox < 139.0.4. ... Esta vulnerabilidad afecta a Firefox anterior a la versión 139.0.4. • https://bugzilla.mozilla.org/show_bug.cgi?id=1966083 • CWE-787: Out-of-bounds Write •
CVSS: 10.0EPSS: 0%CPEs: 12EXPL: 1CVE-2025-4919 – Mozilla Firefox SpiderMonkey Out-Of-Bounds Write Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2025-4919
17 May 2025 — This vulnerability affects Firefox ESR < 115.23.1. ... This vulnerability affects Firefox < 138.0.4, Firefox ESR < 128.10.1, Firefox ESR < 115.23.1, Thunderbird < 128.10.2, and Thunderbird < 138.0.2. A flaw was found in Firefox and Thunderbird. ... This vulnerability allows remote attackers to execute arbitrary code on affected installations of Mozilla Firefox. • https://github.com/HExploited/CVE-2025-4919-Exploit • CWE-125: Out-of-bounds Read CWE-787: Out-of-bounds Write •
CVSS: 10.0EPSS: 0%CPEs: 12EXPL: 0CVE-2025-4918 – firefox: thunderbird: Out-of-bounds access when resolving Promise objects
https://notcve.org/view.php?id=CVE-2025-4918
17 May 2025 — This vulnerability affects Firefox ESR < 115.23.1. ... This vulnerability affects Firefox < 138.0.4, Firefox ESR < 128.10.1, Firefox ESR < 115.23.1, Thunderbird < 128.10.2, and Thunderbird < 138.0.2. A flaw was found in Firefox and Thunderbird. • https://bugzilla.mozilla.org/show_bug.cgi?id=1966612 • CWE-125: Out-of-bounds Read CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2025-4085 – openSUSE Security Advisory - openSUSE-SU-2025:15045-1
https://notcve.org/view.php?id=CVE-2025-4085
29 Apr 2025 — This vulnerability affects Firefox < 138 and Thunderbird < 138. • https://bugzilla.mozilla.org/show_bug.cgi?id=1915280 • CWE-269: Improper Privilege Management •
CVSS: 9.4EPSS: 0%CPEs: 6EXPL: 0CVE-2025-4083 – firefox: thunderbird: Process isolation bypass using "javascript:" URI links in cross-origin frames
https://notcve.org/view.php?id=CVE-2025-4083
29 Apr 2025 — A process isolation vulnerability in Firefox stemmed from improper handling of javascript: URIs, which could allow content to execute in the top-level document's process instead of the intended frame, potentially enabling a sandbox escape. This vulnerability affects Firefox < 138, Firefox ESR < 128.10, Firefox ESR < 115.23, Thunderbird < 138, and Thunderbird ESR < 128.10. ... This vulnerability affects Firefox < 138, Firefox ESR < 128.10, Firefox ESR < 115.23... • https://bugzilla.mozilla.org/show_bug.cgi?id=1958350 • CWE-653: Improper Isolation or Compartmentalization •