Mozilla: >> Firefox >> 15.1 Security Vulnerabilities
Malicious scripts utilizing repetitive JavaScript alerts could prevent client user interaction in some scenarios and allow for denial of service attacks This vulnerability affects Firefox for iOS < 142.
CVSS Score
6.5
EPSS Score
0.001
Published
2025-08-19
If a user saved a response from the Network tab in Devtools using the Save As context menu option, that file may not have been saved with the `.download` file extension. This could have led to the user inadvertently running a malicious executable. This vulnerability affects Firefox < 140 and Thunderbird < 140.
CVSS Score
8.1
EPSS Score
0.001
Published
2025-06-24
Memory safety bugs present in Firefox 139 and Thunderbird 139. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 140 and Thunderbird < 140.
CVSS Score
8.1
EPSS Score
0.001
Published
2025-06-24
An integer overflow was present in `OrderedHashTable` used by the JavaScript engine This vulnerability affects Firefox < 139.0.4.
CVSS Score
9.8
EPSS Score
0.001
Published
2025-06-11
Certain canvas operations could have lead to memory corruption. This vulnerability affects Firefox < 139.0.4.
CVSS Score
9.8
EPSS Score
0.001
Published
2025-06-11
Memory safety bugs present in Firefox 138 and Thunderbird 138. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 139 and Thunderbird < 139.
CVSS Score
7.3
EPSS Score
0.001
Published
2025-05-27
In certain cases, SNI could have been sent unencrypted even when encrypted DNS was enabled. This vulnerability affects Firefox < 139 and Thunderbird < 139.
CVSS Score
7.5
EPSS Score
0.0
Published
2025-05-27
Previewing a response in Devtools ignored CSP headers, which could have allowed content injection attacks. This vulnerability affects Firefox < 139 and Thunderbird < 139.
CVSS Score
6.5
EPSS Score
0.001
Published
2025-05-27
Opening maliciously-crafted URLs in Firefox from other apps such as Safari could have allowed attackers to spoof website addresses if the URLs utilized non-HTTP schemes used internally by the Firefox iOS client This vulnerability affects Firefox for iOS < 139.
CVSS Score
4.3
EPSS Score
0.002
Published
2025-05-21
A race condition existed in nsHttpTransaction that could have been exploited to cause memory corruption, potentially leading to an exploitable condition. This vulnerability affects Firefox < 137.0.2.
CVSS Score
6.5
EPSS Score
0.002
Published
2025-04-15