Vulnerabilities > Mozilla > Medium

DATE CVE VULNERABILITY TITLE RISK
2025-04-30 CVE-2025-3859 Open Redirect vulnerability in Mozilla Firefox Focus
Websites directing users to long URLs that caused eliding to occur in the location view could leverage the truncating behavior to potentially trick users into thinking they were on a different webpage This vulnerability affects Focus < 138.
network
low complexity
mozilla CWE-601
6.1
2025-02-04 CVE-2025-0510 Unspecified vulnerability in Mozilla Thunderbird
Thunderbird displayed an incorrect sender address if the From field of an email used the invalid group name syntax that is described in CVE-2024-49040.
network
low complexity
mozilla
6.5
2025-02-04 CVE-2025-1015 Unspecified vulnerability in Mozilla Thunderbird
The Thunderbird Address Book URI fields contained unsanitized links.
network
low complexity
mozilla
5.4
2025-02-04 CVE-2025-1018 Improper Restriction of Rendered UI Layers or Frames vulnerability in Mozilla Firefox
The fullscreen notification is prematurely hidden when fullscreen is re-requested quickly by the user.
network
low complexity
mozilla CWE-1021
5.3
2025-02-04 CVE-2025-1019 Improper Restriction of Rendered UI Layers or Frames vulnerability in Mozilla Firefox
The z-order of the browser windows could be manipulated to hide the fullscreen notification.
network
low complexity
mozilla CWE-1021
4.3
2024-11-13 CVE-2024-11159 Unspecified vulnerability in Mozilla Thunderbird
Using remote content in OpenPGP encrypted messages can lead to the disclosure of plaintext.
network
low complexity
mozilla
4.3
2024-11-06 CVE-2024-10941 Unspecified vulnerability in Mozilla Firefox
A malicious website could have included an iframe with an malformed URI resulting in a non-exploitable browser crash.
network
low complexity
mozilla
6.5
2024-10-29 CVE-2024-10460 Unspecified vulnerability in Mozilla Firefox and Thunderbird
The origin of an external protocol handler prompt could have been obscured using a data: URL within an `iframe`.
network
low complexity
mozilla
5.3
2024-10-29 CVE-2024-10461 Cross-site Scripting vulnerability in Mozilla Thunderbird
In multipart/x-mixed-replace responses, `Content-Disposition: attachment` in the response header was not respected and did not force a download, which could allow XSS attacks.
network
low complexity
mozilla CWE-79
6.1
2024-10-29 CVE-2024-10462 Authentication Bypass by Spoofing vulnerability in Mozilla Thunderbird
Truncation of a long URL could have allowed origin spoofing in a permission prompt.
network
low complexity
mozilla CWE-290
6.5