← Back

Mozilla

mozilla

3,612 CVEs • 44 products

Products (44)

Click to collapse
Toggle
Firefox
firefox
3,177 CVEs
Thunderbird
thunderbird
1,771 CVEs
Seamonkey
seamonkey
704 CVEs
Firefox Esr
firefox_esr
488 CVEs
Thunderbird Esr
thunderbird_esr
228 CVEs
Bugzilla
bugzilla
145 CVEs
Mozilla
mozilla
108 CVEs
Network Security Services
network_security_services
50 CVEs
Mozilla Suite
mozilla_suite
27 CVEs
Firefox Mobile
firefox_mobile
22 CVEs
Firefox Focus
firefox_focus
20 CVEs
Focus
focus
16 CVEs
Firefox Os
firefox_os
14 CVEs
Nss
nss
6 CVEs
Bleach
bleach
5 CVEs
Bonsai
bonsai
4 CVEs
Camino
camino
4 CVEs
Vpn
vpn
4 CVEs
Netscape Portable Runtime
netscape_portable_runtime
3 CVEs
Convict
convict
3 CVEs
Nunjucks
nunjucks
2 CVEs
Mozjpeg
mozjpeg
2 CVEs
Webthings Gateway
webthings_gateway
2 CVEs
Pollbot
pollbot
2 CVEs
Geckodriver
geckodriver
2 CVEs
Gecko
gecko
1 CVE
Durian Web Application Server
durian_web_application_server
1 CVE
Geckb
geckb
1 CVE
Libxul
libxul
1 CVE
Zamboni
zamboni
1 CVE
Firefoxos
firefoxos
1 CVE
Persona
persona
1 CVE
Hubs Cloud Reticulum
hubs_cloud_reticulum
1 CVE
Hubs Cloud
hubs_cloud
1 CVE
Mozilla Vpn
mozilla_vpn
1 CVE
Nss Esr
nss_esr
1 CVE
Hawk
hawk
1 CVE
Common Voice
common_voice
1 CVE
Sccache
sccache
1 CVE
Neqo
neqo
1 CVE
Rhino
rhino
1 CVE
0din Scanner
0din_scanner
1 CVE
Thin Vec
thin-vec
1 CVE
Klar
klar
1 CVE

CVEs (3,612)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2026-4695
1Mozilla
1Firefox
Jun 17, 2026
Mar 24, 2026
N/A· v4
7.5 HIGH· v3
N/A· v2
Incorrect boundary conditions in the Audio/Video: Web Codecs component. This vulnerability was fixed in Firefox 149, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9.
CVE-2026-4694
1Mozilla
2Firefox
Thunderbird
Jun 17, 2026
Mar 24, 2026
N/A· v4
7.5 HIGH· v3
N/A· v2
Incorrect boundary conditions, integer overflow in the Graphics component. This vulnerability was fixed in Firefox 149, Firefox ESR 115.34, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9.
CVE-2026-4693
1Mozilla
1Firefox
Jun 17, 2026
Mar 24, 2026
N/A· v4
7.5 HIGH· v3
N/A· v2
Incorrect boundary conditions in the Audio/Video: Playback component. This vulnerability was fixed in Firefox 149, Firefox ESR 115.34, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9.
CVE-2026-4692
1Mozilla
2Firefox
Thunderbird
Jun 17, 2026
Mar 24, 2026
N/A· v4
10.0 CRITICAL· v3
N/A· v2
Sandbox escape in the Responsive Design Mode component. This vulnerability was fixed in Firefox 149, Firefox ESR 115.34, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9.
CVE-2026-4691
1Mozilla
1Firefox
Jun 17, 2026
Mar 24, 2026
N/A· v4
9.8 CRITICAL· v3
N/A· v2
Use-after-free in the CSS Parsing and Computation component. This vulnerability was fixed in Firefox 149, Firefox ESR 115.34, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9.
CVE-2026-4690
1Mozilla
1Firefox
Jun 17, 2026
Mar 24, 2026
N/A· v4
8.6 HIGH· v3
N/A· v2
Sandbox escape due to incorrect boundary conditions, integer overflow in the XPCOM component. This vulnerability was fixed in Firefox 149, Firefox ESR 115.34, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9.
CVE-2026-4689
1Mozilla
2Firefox
Thunderbird
Jun 17, 2026
Mar 24, 2026
N/A· v4
10.0 CRITICAL· v3
N/A· v2
Sandbox escape due to incorrect boundary conditions, integer overflow in the XPCOM component. This vulnerability was fixed in Firefox 149, Firefox ESR 115.34, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9.
CVE-2026-4688
1Mozilla
1Firefox
Jun 17, 2026
Mar 24, 2026
N/A· v4
10.0 CRITICAL· v3
N/A· v2
Sandbox escape due to use-after-free in the Disability Access APIs component. This vulnerability was fixed in Firefox 149, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9.
CVE-2026-4687
1Mozilla
1Firefox
Jun 17, 2026
Mar 24, 2026
N/A· v4
8.6 HIGH· v3
N/A· v2
Sandbox escape due to incorrect boundary conditions in the Telemetry component. This vulnerability was fixed in Firefox 149, Firefox ESR 115.34, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9.
CVE-2026-4686
1Mozilla
1Firefox
Jun 17, 2026
Mar 24, 2026
N/A· v4
7.5 HIGH· v3
N/A· v2
Incorrect boundary conditions in the Graphics: Canvas2D component. This vulnerability was fixed in Firefox 149, Firefox ESR 115.34, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9.
CVE-2026-4685
1Mozilla
1Firefox
Jun 17, 2026
Mar 24, 2026
N/A· v4
7.5 HIGH· v3
N/A· v2
Incorrect boundary conditions in the Graphics: Canvas2D component. This vulnerability was fixed in Firefox 149, Firefox ESR 115.34, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9.
CVE-2026-4684
1Mozilla
1Firefox
Jun 17, 2026
Mar 24, 2026
N/A· v4
7.5 HIGH· v3
N/A· v2
Race condition, use-after-free in the Graphics: WebRender component. This vulnerability was fixed in Firefox 149, Firefox ESR 115.34, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9.
CVE-2026-3847
1Mozilla
1Firefox
Jun 17, 2026
Mar 10, 2026
N/A· v4
8.8 HIGH· v3
N/A· v2
Memory safety bugs present in Firefox 148.0.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerabil...Show more
Memory safety bugs present in Firefox 148.0.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 148.0.2.Show less
CVE-2026-3846
1Mozilla
1Firefox
Jun 17, 2026
Mar 10, 2026
N/A· v4
6.5 MEDIUM· v3
N/A· v2
Same-origin policy bypass in the CSS Parsing and Computation component. This vulnerability was fixed in Firefox 148.0.2.
CVE-2026-3845
1Mozilla
1Firefox
Jun 17, 2026
Mar 10, 2026
N/A· v4
8.8 HIGH· v3
N/A· v2
Heap buffer overflow in the Audio/Video: Playback component in Firefox for Android. This vulnerability was fixed in Firefox 148.0.2.
CVE-2026-2919
1Mozilla
1Firefox Focus
Jun 17, 2026
Mar 9, 2026
N/A· v4
4.3 MEDIUM· v3
N/A· v2
Malicious scripts could display attacker-controlled web content under spoofed domains in Focus for iOS by stalling a _self navigation to an invalid port and triggering an iframe redirect, causing the UI to display a trus...Show more
Malicious scripts could display attacker-controlled web content under spoofed domains in Focus for iOS by stalling a _self navigation to an invalid port and triggering an iframe redirect, causing the UI to display a trusted domain without user interaction. This vulnerability was fixed in Focus for iOS 148.2.Show less
CVE-2026-2807
1Mozilla
2Firefox
Thunderbird
Jun 17, 2026
Feb 24, 2026
N/A· v4
9.8 CRITICAL· v3
N/A· v2
Memory safety bugs present in Firefox 147 and Thunderbird 147. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code....Show more
Memory safety bugs present in Firefox 147 and Thunderbird 147. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 148 and Thunderbird 148.Show less
CVE-2026-2806
1Mozilla
2Firefox
Thunderbird
Jun 17, 2026
Feb 24, 2026
N/A· v4
9.1 CRITICAL· v3
N/A· v2
Uninitialized memory in the Graphics: Text component. This vulnerability was fixed in Firefox 148 and Thunderbird 148.
CVE-2026-2805
1Mozilla
2Firefox
Thunderbird
Jun 17, 2026
Feb 24, 2026
N/A· v4
9.8 CRITICAL· v3
N/A· v2
Invalid pointer in the DOM: Core & HTML component. This vulnerability was fixed in Firefox 148 and Thunderbird 148.
CVE-2026-2804
1Mozilla
2Firefox
Thunderbird
Jun 17, 2026
Feb 24, 2026
N/A· v4
5.4 MEDIUM· v3
N/A· v2
Use-after-free in the JavaScript: WebAssembly component. This vulnerability was fixed in Firefox 148 and Thunderbird 148.