Mozilla: >> Firefox >> 128.12.0 Security Vulnerabilities
On 64-bit platforms IonMonkey-JIT only wrote 32 bits of the 64-bit return value space on the stack. Baseline-JIT, however, read the entire 64 bits. This vulnerability affects Firefox < 141, Firefox ESR < 115.26, Firefox ESR < 128.13, Firefox ESR < 140.1, Thunderbird < 141, Thunderbird < 128.13, and Thunderbird < 140.1.
CVSS Score
6.5
EPSS Score
0.0
Published
2025-07-22
On arm64, a WASM `br_table` instruction with a lot of entries could lead to the label being too far from the instruction causing truncation and incorrect computation of the branch address. This vulnerability affects Firefox < 141, Firefox ESR < 115.26, Firefox ESR < 128.13, Firefox ESR < 140.1, Thunderbird < 141, Thunderbird < 128.13, and Thunderbird < 140.1.
CVSS Score
9.8
EPSS Score
0.001
Published
2025-07-22
An integer overflow was present in `OrderedHashTable` used by the JavaScript engine This vulnerability affects Firefox < 139.0.4.
CVSS Score
9.8
EPSS Score
0.001
Published
2025-06-11
Certain canvas operations could have lead to memory corruption. This vulnerability affects Firefox < 139.0.4.
CVSS Score
9.8
EPSS Score
0.001
Published
2025-06-11
Memory safety bugs present in Firefox 138 and Thunderbird 138. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 139 and Thunderbird < 139.
CVSS Score
7.3
EPSS Score
0.001
Published
2025-05-27
In certain cases, SNI could have been sent unencrypted even when encrypted DNS was enabled. This vulnerability affects Firefox < 139 and Thunderbird < 139.
CVSS Score
7.5
EPSS Score
0.0
Published
2025-05-27
Previewing a response in Devtools ignored CSP headers, which could have allowed content injection attacks. This vulnerability affects Firefox < 139 and Thunderbird < 139.
CVSS Score
6.5
EPSS Score
0.001
Published
2025-05-27
A race condition existed in nsHttpTransaction that could have been exploited to cause memory corruption, potentially leading to an exploitable condition. This vulnerability affects Firefox < 137.0.2.
CVSS Score
6.5
EPSS Score
0.0
Published
2025-04-15
An attacker could read 32 bits of values spilled onto the stack in a JIT compiled function. This vulnerability affects Firefox < 137 and Thunderbird < 137.
CVSS Score
6.5
EPSS Score
0.0
Published
2025-04-01
Leaking of file descriptors from the fork server to web content processes could allow for privilege escalation attacks. This vulnerability affects Firefox < 137 and Thunderbird < 137.
CVSS Score
7.4
EPSS Score
0.0
Published
2025-04-01