Vulnerabilities > Mozilla > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-12-22 | CVE-2022-29917 | Out-of-bounds Write vulnerability in Mozilla Thunderbird Mozilla developers Andrew McCreight, Gabriele Svelto, Tom Ritter and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 99 and Firefox ESR 91.8. | 9.8 |
| 2022-12-22 | CVE-2022-31747 | Use After Free vulnerability in Mozilla Firefox Mozilla developers Andrew McCreight, Nicolas B. | 9.8 |
| 2022-12-22 | CVE-2022-34485 | Out-of-bounds Write vulnerability in Mozilla Firefox 101.0/101.0.1 Mozilla developers Bryce Seager van Dyk and the Mozilla Fuzzing Team reported potential vulnerabilities present in Firefox 101. | 9.8 |
| 2022-12-22 | CVE-2022-45406 | Use After Free vulnerability in Mozilla Firefox If an out-of-memory condition occurred when creating a JavaScript global, a JavaScript realm may be deleted while references to it lived on in a BaseShape. | 9.8 |
| 2022-12-22 | CVE-2022-46882 | Use After Free vulnerability in Mozilla Firefox A use-after-free in WebGL extensions could have led to a potentially exploitable crash. | 9.8 |
| 2021-12-08 | CVE-2021-38503 | Incorrect Authorization vulnerability in multiple products The iframe sandbox rules were not correctly applied to XSLT stylesheets, allowing an iframe to bypass restrictions such as executing scripts or navigating the top-level frame. | 10.0 |
| 2021-12-08 | CVE-2021-43527 | Out-of-bounds Write vulnerability in multiple products NSS (Network Security Services) versions prior to 3.73 or 3.68.1 ESR are vulnerable to a heap overflow when handling DER-encoded DSA or RSA-PSS signatures. | 9.8 |
| 2021-08-05 | CVE-2021-29978 | Unspecified vulnerability in Mozilla VPN Multiple low security issues were discovered and fixed in a security audit of Mozilla VPN 2.x branch as part of a 3rd party security audit. | 10.0 |
| 2021-05-27 | CVE-2020-12403 | Out-of-bounds Read vulnerability in Mozilla NSS A flaw was found in the way CHACHA20-POLY1305 was implemented in NSS in versions before 3.55. | 9.1 |
| 2020-12-09 | CVE-2020-26970 | Out-of-bounds Write vulnerability in Mozilla Thunderbird When reading SMTP server status codes, Thunderbird writes an integer value to a position on the stack that is intended to contain just one byte. | 9.3 |