← Back

Mozilla

mozilla

3,612 CVEs • 44 products

Products (44)

Click to collapse
Toggle
Firefox
firefox
3,177 CVEs
Thunderbird
thunderbird
1,771 CVEs
Seamonkey
seamonkey
704 CVEs
Firefox Esr
firefox_esr
488 CVEs
Thunderbird Esr
thunderbird_esr
228 CVEs
Bugzilla
bugzilla
145 CVEs
Mozilla
mozilla
108 CVEs
Network Security Services
network_security_services
50 CVEs
Mozilla Suite
mozilla_suite
27 CVEs
Firefox Mobile
firefox_mobile
22 CVEs
Firefox Focus
firefox_focus
20 CVEs
Focus
focus
16 CVEs
Firefox Os
firefox_os
14 CVEs
Nss
nss
6 CVEs
Bleach
bleach
5 CVEs
Bonsai
bonsai
4 CVEs
Camino
camino
4 CVEs
Vpn
vpn
4 CVEs
Netscape Portable Runtime
netscape_portable_runtime
3 CVEs
Convict
convict
3 CVEs
Nunjucks
nunjucks
2 CVEs
Mozjpeg
mozjpeg
2 CVEs
Webthings Gateway
webthings_gateway
2 CVEs
Pollbot
pollbot
2 CVEs
Geckodriver
geckodriver
2 CVEs
Gecko
gecko
1 CVE
Durian Web Application Server
durian_web_application_server
1 CVE
Geckb
geckb
1 CVE
Libxul
libxul
1 CVE
Zamboni
zamboni
1 CVE
Firefoxos
firefoxos
1 CVE
Persona
persona
1 CVE
Hubs Cloud Reticulum
hubs_cloud_reticulum
1 CVE
Hubs Cloud
hubs_cloud
1 CVE
Mozilla Vpn
mozilla_vpn
1 CVE
Nss Esr
nss_esr
1 CVE
Hawk
hawk
1 CVE
Common Voice
common_voice
1 CVE
Sccache
sccache
1 CVE
Neqo
neqo
1 CVE
Rhino
rhino
1 CVE
0din Scanner
0din_scanner
1 CVE
Thin Vec
thin-vec
1 CVE
Klar
klar
1 CVE

CVEs (3,612)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2026-0885
1Mozilla
2Firefox
Thunderbird
Jun 17, 2026
Jan 13, 2026
N/A· v4
6.5 MEDIUM· v3
N/A· v2
Use-after-free in the JavaScript: GC component. This vulnerability was fixed in Firefox 147, Firefox ESR 140.7, Thunderbird 147, and Thunderbird 140.7.
CVE-2026-0884
1Mozilla
2Firefox
Thunderbird
Jun 17, 2026
Jan 13, 2026
N/A· v4
9.8 CRITICAL· v3
N/A· v2
Use-after-free in the JavaScript Engine component. This vulnerability was fixed in Firefox 147, Firefox ESR 140.7, Thunderbird 147, and Thunderbird 140.7.
CVE-2026-0883
1Mozilla
2Firefox
Thunderbird
Jun 17, 2026
Jan 13, 2026
N/A· v4
5.3 MEDIUM· v3
N/A· v2
Information disclosure in the Networking component. This vulnerability was fixed in Firefox 147, Firefox ESR 140.7, Thunderbird 147, and Thunderbird 140.7.
CVE-2026-0882
1Mozilla
2Firefox
Thunderbird
Jun 17, 2026
Jan 13, 2026
N/A· v4
8.8 HIGH· v3
N/A· v2
Use-after-free in the IPC component. This vulnerability was fixed in Firefox 147, Firefox ESR 115.32, Firefox ESR 140.7, Thunderbird 147, and Thunderbird 140.7.
CVE-2026-0881
1Mozilla
2Firefox
Thunderbird
Jun 17, 2026
Jan 13, 2026
N/A· v4
10.0 CRITICAL· v3
N/A· v2
Sandbox escape in the Messaging System component. This vulnerability was fixed in Firefox 147 and Thunderbird 147.
CVE-2026-0880
1Mozilla
2Firefox
Thunderbird
Jun 17, 2026
Jan 13, 2026
N/A· v4
8.8 HIGH· v3
N/A· v2
Sandbox escape due to integer overflow in the Graphics component. This vulnerability was fixed in Firefox 147, Firefox ESR 115.32, Firefox ESR 140.7, Thunderbird 147, and Thunderbird 140.7.
CVE-2026-0879
1Mozilla
2Firefox
Thunderbird
Jun 17, 2026
Jan 13, 2026
N/A· v4
9.8 CRITICAL· v3
N/A· v2
Sandbox escape due to incorrect boundary conditions in the Graphics component. This vulnerability was fixed in Firefox 147, Firefox ESR 115.32, Firefox ESR 140.7, Thunderbird 147, and Thunderbird 140.7.
CVE-2026-0878
1Mozilla
2Firefox
Thunderbird
Jun 17, 2026
Jan 13, 2026
N/A· v4
8.0 HIGH· v3
N/A· v2
Sandbox escape due to incorrect boundary conditions in the Graphics: CanvasWebGL component. This vulnerability was fixed in Firefox 147, Firefox ESR 140.7, Thunderbird 147, and Thunderbird 140.7.
CVE-2026-0877
1Mozilla
2Firefox
Thunderbird
Jun 17, 2026
Jan 13, 2026
N/A· v4
8.1 HIGH· v3
N/A· v2
Mitigation bypass in the DOM: Security component. This vulnerability was fixed in Firefox 147, Firefox ESR 115.32, Firefox ESR 140.7, Thunderbird 147, and Thunderbird 140.7.
CVE-2025-14861
1Mozilla
1Firefox
Jun 17, 2026
Dec 18, 2025
N/A· v4
8.8 HIGH· v3
N/A· v2
Memory safety bugs present in Firefox 146. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability...Show more
Memory safety bugs present in Firefox 146. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 146.0.1.Show less
CVE-2025-14860
1Mozilla
1Firefox
Jun 17, 2026
Dec 18, 2025
N/A· v4
9.8 CRITICAL· v3
N/A· v2
Use-after-free in the Disability Access APIs component. This vulnerability was fixed in Firefox 146.0.1.
CVE-2025-14744
1Mozilla
1Firefox
Jun 17, 2026
Dec 18, 2025
N/A· v4
6.5 MEDIUM· v3
N/A· v2
Unicode RTLO characters could allow malicious websites to spoof filenames in the downloads UI for Firefox for iOS, potentially tricking users into saving files of an unexpected file type. This vulnerability was fixed in...Show more
Unicode RTLO characters could allow malicious websites to spoof filenames in the downloads UI for Firefox for iOS, potentially tricking users into saving files of an unexpected file type. This vulnerability was fixed in Firefox for iOS 144.0.Show less
CVE-2025-14333
1Mozilla
2Firefox
Thunderbird
Jun 17, 2026
Dec 9, 2025
N/A· v4
8.1 HIGH· v3
N/A· v2
Memory safety bugs present in Firefox ESR 140.5, Thunderbird ESR 140.5, Firefox 145 and Thunderbird 145. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could...Show more
Memory safety bugs present in Firefox ESR 140.5, Thunderbird ESR 140.5, Firefox 145 and Thunderbird 145. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 146, Firefox ESR 140.6, Thunderbird 146, and Thunderbird 140.6.Show less
CVE-2025-14332
1Mozilla
2Firefox
Thunderbird
Jun 17, 2026
Dec 9, 2025
N/A· v4
7.3 HIGH· v3
N/A· v2
Memory safety bugs present in Firefox 145 and Thunderbird 145. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code....Show more
Memory safety bugs present in Firefox 145 and Thunderbird 145. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 146 and Thunderbird 146.Show less
CVE-2025-14331
1Mozilla
2Firefox
Thunderbird
Jun 17, 2026
Dec 9, 2025
N/A· v4
6.5 MEDIUM· v3
N/A· v2
Same-origin policy bypass in the Request Handling component. This vulnerability was fixed in Firefox 146, Firefox ESR 115.31, Firefox ESR 140.6, Thunderbird 146, and Thunderbird 140.6.
CVE-2025-14330
1Mozilla
2Firefox
Thunderbird
Jun 17, 2026
Dec 9, 2025
N/A· v4
9.8 CRITICAL· v3
N/A· v2
JIT miscompilation in the JavaScript Engine: JIT component. This vulnerability was fixed in Firefox 146, Firefox ESR 140.6, Thunderbird 146, and Thunderbird 140.6.
CVE-2025-14329
1Mozilla
2Firefox
Thunderbird
Jun 17, 2026
Dec 9, 2025
N/A· v4
8.8 HIGH· v3
N/A· v2
Privilege escalation in the Netmonitor component. This vulnerability was fixed in Firefox 146, Firefox ESR 140.6, Thunderbird 146, and Thunderbird 140.6.
CVE-2025-14328
1Mozilla
2Firefox
Thunderbird
Jun 17, 2026
Dec 9, 2025
N/A· v4
8.8 HIGH· v3
N/A· v2
Privilege escalation in the Netmonitor component. This vulnerability was fixed in Firefox 146, Firefox ESR 140.6, Thunderbird 146, and Thunderbird 140.6.
CVE-2025-14327
1Mozilla
2Firefox
Thunderbird
Jun 17, 2026
Dec 9, 2025
N/A· v4
7.5 HIGH· v3
N/A· v2
Spoofing issue in the Downloads Panel component. This vulnerability was fixed in Firefox 146, Thunderbird 146, Firefox ESR 140.7, and Thunderbird 140.7.
CVE-2025-14326
1Mozilla
2Firefox
Thunderbird
Jun 17, 2026
Dec 9, 2025
N/A· v4
9.8 CRITICAL· v3
N/A· v2
Use-after-free in the Audio/Video: GMP component. This vulnerability was fixed in Firefox 146 and Thunderbird 146.