Vulnerabilities > Mozilla > Firefox > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2025-02-04 | CVE-2025-1020 | Out-of-bounds Write vulnerability in Mozilla Firefox Memory safety bugs present in Firefox 134 and Thunderbird 134. | 9.8 |
| 2025-02-04 | CVE-2025-1017 | Out-of-bounds Write vulnerability in Mozilla Firefox Memory safety bugs present in Firefox 134, Thunderbird 134, Firefox ESR 128.6, and Thunderbird 128.6. | 9.8 |
| 2025-02-04 | CVE-2025-1016 | Out-of-bounds Write vulnerability in Mozilla Firefox Memory safety bugs present in Firefox 134, Thunderbird 134, Firefox ESR 115.19, Firefox ESR 128.6, Thunderbird 115.19, and Thunderbird 128.6. | 9.8 |
| 2025-02-04 | CVE-2025-1009 | Use After Free vulnerability in Mozilla Firefox An attacker could have caused a use-after-free via crafted XSLT data, leading to a potentially exploitable crash. | 9.8 |
| 2024-10-09 | CVE-2024-9680 | Use After Free vulnerability in multiple products An attacker was able to achieve code execution in the content process by exploiting a use-after-free in Animation timelines. | 9.8 |
| 2024-09-03 | CVE-2024-8389 | Out-of-bounds Write vulnerability in Mozilla Firefox 129.0 Memory safety bugs present in Firefox 129. | 9.8 |
| 2024-09-03 | CVE-2024-8387 | Out-of-bounds Write vulnerability in Mozilla Firefox, Firefox ESR and Thunderbird Memory safety bugs present in Firefox 129, Firefox ESR 128.1, and Thunderbird 128.1. | 9.8 |
| 2024-09-03 | CVE-2024-8385 | Type Confusion vulnerability in Mozilla Firefox A difference in the handling of StructFields and ArrayTypes in WASM could be used to trigger an exploitable type confusion vulnerability. | 9.8 |
| 2024-09-03 | CVE-2024-8384 | Out-of-bounds Write vulnerability in Mozilla Firefox ESR The JavaScript garbage collector could mis-color cross-compartment objects if OOM conditions were detected at the right point between two passes. | 9.8 |
| 2024-09-03 | CVE-2024-8381 | Type Confusion vulnerability in Mozilla Firefox ESR A potentially exploitable type confusion could be triggered when looking up a property name on an object being used as the `with` environment. | 9.8 |