← Back

Mozilla

mozilla

3,612 CVEs • 44 products

Products (44)

Click to collapse
Toggle
Firefox
firefox
3,177 CVEs
Thunderbird
thunderbird
1,771 CVEs
Seamonkey
seamonkey
704 CVEs
Firefox Esr
firefox_esr
488 CVEs
Thunderbird Esr
thunderbird_esr
228 CVEs
Bugzilla
bugzilla
145 CVEs
Mozilla
mozilla
108 CVEs
Network Security Services
network_security_services
50 CVEs
Mozilla Suite
mozilla_suite
27 CVEs
Firefox Mobile
firefox_mobile
22 CVEs
Firefox Focus
firefox_focus
20 CVEs
Focus
focus
16 CVEs
Firefox Os
firefox_os
14 CVEs
Nss
nss
6 CVEs
Bleach
bleach
5 CVEs
Bonsai
bonsai
4 CVEs
Camino
camino
4 CVEs
Vpn
vpn
4 CVEs
Netscape Portable Runtime
netscape_portable_runtime
3 CVEs
Convict
convict
3 CVEs
Nunjucks
nunjucks
2 CVEs
Mozjpeg
mozjpeg
2 CVEs
Webthings Gateway
webthings_gateway
2 CVEs
Pollbot
pollbot
2 CVEs
Geckodriver
geckodriver
2 CVEs
Gecko
gecko
1 CVE
Durian Web Application Server
durian_web_application_server
1 CVE
Geckb
geckb
1 CVE
Libxul
libxul
1 CVE
Zamboni
zamboni
1 CVE
Firefoxos
firefoxos
1 CVE
Persona
persona
1 CVE
Hubs Cloud Reticulum
hubs_cloud_reticulum
1 CVE
Hubs Cloud
hubs_cloud
1 CVE
Mozilla Vpn
mozilla_vpn
1 CVE
Nss Esr
nss_esr
1 CVE
Hawk
hawk
1 CVE
Common Voice
common_voice
1 CVE
Sccache
sccache
1 CVE
Neqo
neqo
1 CVE
Rhino
rhino
1 CVE
0din Scanner
0din_scanner
1 CVE
Thin Vec
thin-vec
1 CVE
Klar
klar
1 CVE

CVEs (3,612)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2026-6764
1Mozilla
2Firefox
Thunderbird
Jun 17, 2026
Apr 21, 2026
N/A· v4
6.5 MEDIUM· v3
N/A· v2
Incorrect boundary conditions in the DOM: Device Interfaces component. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10.
CVE-2026-6763
1Mozilla
2Firefox
Thunderbird
Jun 17, 2026
Apr 21, 2026
N/A· v4
6.5 MEDIUM· v3
N/A· v2
Mitigation bypass in the File Handling component. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10.
CVE-2026-6762
1Mozilla
2Firefox
Thunderbird
Jun 17, 2026
Apr 21, 2026
N/A· v4
6.3 MEDIUM· v3
N/A· v2
Spoofing issue in the DOM: Core & HTML component. This vulnerability was fixed in Firefox 150, Firefox ESR 115.35, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10.
CVE-2026-6761
1Mozilla
2Firefox
Thunderbird
Jun 17, 2026
Apr 21, 2026
N/A· v4
8.8 HIGH· v3
N/A· v2
Privilege escalation in the Networking component. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10.
CVE-2026-6760
1Mozilla
2Firefox
Thunderbird
Jun 17, 2026
Apr 21, 2026
N/A· v4
9.8 CRITICAL· v3
N/A· v2
Mitigation bypass in the Networking: Cookies component. This vulnerability was fixed in Firefox 150 and Thunderbird 150.
CVE-2026-6759
1Mozilla
2Firefox
Thunderbird
Jun 17, 2026
Apr 21, 2026
N/A· v4
7.5 HIGH· v3
N/A· v2
Use-after-free in the Widget: Cocoa component. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10.
CVE-2026-6758
1Mozilla
2Firefox
Thunderbird
Jun 17, 2026
Apr 21, 2026
N/A· v4
7.5 HIGH· v3
N/A· v2
Use-after-free in the JavaScript: WebAssembly component. This vulnerability was fixed in Firefox 150 and Thunderbird 150.
CVE-2026-6757
1Mozilla
2Firefox
Thunderbird
Jun 17, 2026
Apr 21, 2026
N/A· v4
6.3 MEDIUM· v3
N/A· v2
Invalid pointer in the JavaScript: WebAssembly component. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10.
CVE-2026-6756
1Mozilla
1Firefox
Jun 17, 2026
Apr 21, 2026
N/A· v4
7.5 HIGH· v3
N/A· v2
Mitigation bypass in Firefox for Android. This vulnerability was fixed in Firefox 150.
CVE-2026-6755
1Mozilla
2Firefox
Thunderbird
Jun 17, 2026
Apr 21, 2026
N/A· v4
6.5 MEDIUM· v3
N/A· v2
Mitigation bypass in the DOM: postMessage component. This vulnerability was fixed in Firefox 150 and Thunderbird 150.
CVE-2026-6754
1Mozilla
2Firefox
Thunderbird
Jun 17, 2026
Apr 21, 2026
N/A· v4
7.5 HIGH· v3
N/A· v2
Use-after-free in the JavaScript Engine component. This vulnerability was fixed in Firefox 150, Firefox ESR 115.35, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10.
CVE-2026-6753
1Mozilla
2Firefox
Thunderbird
Jun 17, 2026
Apr 21, 2026
N/A· v4
7.3 HIGH· v3
N/A· v2
Incorrect boundary conditions in the WebRTC component. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10.
CVE-2026-6752
1Mozilla
2Firefox
Thunderbird
Jun 17, 2026
Apr 21, 2026
N/A· v4
7.3 HIGH· v3
N/A· v2
Incorrect boundary conditions in the WebRTC component. This vulnerability was fixed in Firefox 150, Firefox ESR 115.35, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10.
CVE-2026-6751
1Mozilla
2Firefox
Thunderbird
Jun 17, 2026
Apr 21, 2026
N/A· v4
7.3 HIGH· v3
N/A· v2
Uninitialized memory in the Audio/Video: Web Codecs component. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10.
CVE-2026-6750
1Mozilla
2Firefox
Thunderbird
Jun 17, 2026
Apr 21, 2026
N/A· v4
8.8 HIGH· v3
N/A· v2
Privilege escalation in the Graphics: WebRender component. This vulnerability was fixed in Firefox 150, Firefox ESR 115.35, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10.
CVE-2026-6749
1Mozilla
2Firefox
Thunderbird
Jun 17, 2026
Apr 21, 2026
N/A· v4
7.5 HIGH· v3
N/A· v2
Information disclosure due to uninitialized memory in the Graphics: Canvas2D component. This vulnerability was fixed in Firefox 150, Firefox ESR 115.35, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10.
CVE-2026-6748
1Mozilla
2Firefox
Thunderbird
Jun 17, 2026
Apr 21, 2026
N/A· v4
9.8 CRITICAL· v3
N/A· v2
Uninitialized memory in the Audio/Video: Web Codecs component. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10.
CVE-2026-6747
1Mozilla
2Firefox
Thunderbird
Jun 17, 2026
Apr 21, 2026
N/A· v4
7.5 HIGH· v3
N/A· v2
Use-after-free in the WebRTC component. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10.
CVE-2026-6746
1Mozilla
2Firefox
Thunderbird
Jun 17, 2026
Apr 21, 2026
N/A· v4
7.5 HIGH· v3
N/A· v2
Use-after-free in the DOM: Core & HTML component. This vulnerability was fixed in Firefox 150, Firefox ESR 115.35, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10.
CVE-2026-6654
1Mozilla
1Thin Vec
Jun 17, 2026
Apr 20, 2026
N/A· v4
5.1 MEDIUM· v3
N/A· v2
Double-Free / Use-After-Free (UAF) in the `IntoIter::drop` and `ThinVec::clear` functions in the thin_vec crate. A panic in `ptr::drop_in_place` skips setting the length to zero.