Vulnerabilities
Vulnerable Software
Mitigation bypass in the Networking: Cookies component. This vulnerability was fixed in Firefox 150 and Thunderbird 150.
CVSS Score
9.8
EPSS Score
0.003
Published
2026-04-21
Use-after-free in the JavaScript: WebAssembly component. This vulnerability was fixed in Firefox 150 and Thunderbird 150.
CVSS Score
7.5
EPSS Score
0.004
Published
2026-04-21
Undefined behavior in the Audio/Video component. This vulnerability was fixed in Firefox 149 and Thunderbird 149.
CVSS Score
9.1
EPSS Score
0.003
Published
2026-03-24
Spoofing issue in the Privacy: Anti-Tracking component. This vulnerability was fixed in Firefox 149 and Thunderbird 149.
CVSS Score
6.5
EPSS Score
0.002
Published
2026-03-24
Memory safety bugs present in Firefox ESR 140.5, Thunderbird ESR 140.5, Firefox 145 and Thunderbird 145. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 146, Firefox ESR 140.6, Thunderbird 146, and Thunderbird 140.6.
CVSS Score
8.1
EPSS Score
0.004
Published
2025-12-09
A compromised web process was able to trigger out of bounds reads and writes in a more privileged process using manipulated WebGL textures. This vulnerability was fixed in Firefox 144, Firefox ESR 115.29, Firefox ESR 140.4, Thunderbird 144, and Thunderbird 140.4.
CVSS Score
9.8
EPSS Score
0.004
Published
2025-10-14
Links in a sandboxed iframe could open an external app on Android without the required "allow-" permission. This vulnerability was fixed in Firefox 144 and Thunderbird 144.
CVSS Score
6.5
EPSS Score
0.002
Published
2025-10-14
Spoofing issue in the Site Permissions component. This vulnerability was fixed in Firefox 143 and Thunderbird 143.
CVSS Score
8.1
EPSS Score
0.003
Published
2025-09-16
Spoofing issue in the WebAuthn component in Firefox for Android. This vulnerability was fixed in Firefox 143 and Thunderbird 143.
CVSS Score
6.5
EPSS Score
0.003
Published
2025-09-16
Mitigation bypass in the Web Compatibility: Tooling component. This vulnerability was fixed in Firefox 143 and Thunderbird 143.
CVSS Score
5.4
EPSS Score
0.003
Published
2025-09-16


Contact Us

Shodan ® - All rights reserved