Vulnerabilities > Mozilla > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2025-04-30 | CVE-2025-3859 | Open Redirect vulnerability in Mozilla Firefox Focus Websites directing users to long URLs that caused eliding to occur in the location view could leverage the truncating behavior to potentially trick users into thinking they were on a different webpage This vulnerability affects Focus < 138. | 6.1 |
| 2025-02-04 | CVE-2025-0510 | Unspecified vulnerability in Mozilla Thunderbird Thunderbird displayed an incorrect sender address if the From field of an email used the invalid group name syntax that is described in CVE-2024-49040. | 6.5 |
| 2025-02-04 | CVE-2025-1015 | Unspecified vulnerability in Mozilla Thunderbird The Thunderbird Address Book URI fields contained unsanitized links. | 5.4 |
| 2025-02-04 | CVE-2025-1018 | Improper Restriction of Rendered UI Layers or Frames vulnerability in Mozilla Firefox The fullscreen notification is prematurely hidden when fullscreen is re-requested quickly by the user. | 5.3 |
| 2025-02-04 | CVE-2025-1019 | Improper Restriction of Rendered UI Layers or Frames vulnerability in Mozilla Firefox The z-order of the browser windows could be manipulated to hide the fullscreen notification. | 4.3 |
| 2024-11-13 | CVE-2024-11159 | Unspecified vulnerability in Mozilla Thunderbird Using remote content in OpenPGP encrypted messages can lead to the disclosure of plaintext. | 4.3 |
| 2024-11-06 | CVE-2024-10941 | Unspecified vulnerability in Mozilla Firefox A malicious website could have included an iframe with an malformed URI resulting in a non-exploitable browser crash. | 6.5 |
| 2024-10-29 | CVE-2024-10460 | Unspecified vulnerability in Mozilla Firefox and Thunderbird The origin of an external protocol handler prompt could have been obscured using a data: URL within an `iframe`. | 5.3 |
| 2024-10-29 | CVE-2024-10461 | Cross-site Scripting vulnerability in Mozilla Thunderbird In multipart/x-mixed-replace responses, `Content-Disposition: attachment` in the response header was not respected and did not force a download, which could allow XSS attacks. | 6.1 |
| 2024-10-29 | CVE-2024-10462 | Authentication Bypass by Spoofing vulnerability in Mozilla Thunderbird Truncation of a long URL could have allowed origin spoofing in a permission prompt. | 6.5 |