Shodan
Vulnerabilities
Vulnerable Software
Mozilla:  >> Firefox  >> 140.3.0  Security Vulnerabilities
CVE-2025-11708
Use-after-free in MediaTrackGraphImpl::GetInstance() This vulnerability affects Firefox < 144, Firefox ESR < 140.4, Thunderbird < 144, and Thunderbird < 140.4.
CVSS Score
9.8
EPSS Score
0.001
Published
2025-10-14
CVE-2025-11152
Sandbox escape due to integer overflow in the Graphics: Canvas2D component. This vulnerability affects Firefox < 143.0.3.
CVSS Score
8.6
EPSS Score
0.001
Published
2025-09-30
CVE-2025-11153
JIT miscompilation in the JavaScript Engine: JIT component. This vulnerability affects Firefox < 143.0.3.
CVSS Score
7.5
EPSS Score
0.0
Published
2025-09-30
CVE-2025-10534
Spoofing issue in the Site Permissions component. This vulnerability affects Firefox < 143 and Thunderbird < 143.
CVSS Score
8.1
EPSS Score
0.0
Published
2025-09-16
CVE-2025-10535
Information disclosure, mitigation bypass in the Privacy component in Firefox for Android. This vulnerability affects Firefox < 143.
CVSS Score
7.5
EPSS Score
0.0
Published
2025-09-16
CVE-2025-10530
Spoofing issue in the WebAuthn component in Firefox for Android. This vulnerability affects Firefox < 143 and Thunderbird < 143.
CVSS Score
6.5
EPSS Score
0.0
Published
2025-09-16
CVE-2025-10531
Mitigation bypass in the Web Compatibility: Tooling component. This vulnerability affects Firefox < 143 and Thunderbird < 143.
CVSS Score
5.4
EPSS Score
0.0
Published
2025-09-16
CVE-2016-7153
The HTTP/2 protocol does not consider the role of the TCP congestion window in providing information about content length, which makes it easier for remote attackers to obtain cleartext data by leveraging a web-browser configuration in which third-party cookies are sent, aka a "HEIST" attack.
CVSS Score
5.3
EPSS Score
0.013
Published
2016-09-06
CVE-2016-7152
The HTTPS protocol does not consider the role of the TCP congestion window in providing information about content length, which makes it easier for remote attackers to obtain cleartext data by leveraging a web-browser configuration in which third-party cookies are sent, aka a "HEIST" attack.
CVSS Score
5.3
EPSS Score
0.013
Published
2016-09-06
CVE-2013-6853
Cross-site scripting (XSS) vulnerability in clickstream.js in Y! Toolbar plugin for FireFox 3.1.0.20130813024103 for Mac, and 2.5.9.2013418100420 for Windows, allows remote attackers to inject arbitrary web script or HTML via a crafted URL that is stored by the victim.
CVSS Score
4.3
EPSS Score
0.003
Published
2014-01-26


Products
Pricing
Contact Us

Shodan ® - All rights reserved