Mozilla

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2025-14325 1Mozilla 2Firefox Thunderbird Jun 17, 2026 Dec 9, 2025 N/A· v4 7.3 HIGH· v3 N/A· v2 JIT miscompilation in the JavaScript Engine: JIT component. This vulnerability was fixed in Firefox 146, Firefox ESR 140.6, Thunderbird 146, and Thunderbird 140.6.
CVE-2025-14324 1Mozilla 2Firefox Thunderbird Jun 17, 2026 Dec 9, 2025 N/A· v4 9.8 CRITICAL· v3 N/A· v2 JIT miscompilation in the JavaScript Engine: JIT component. This vulnerability was fixed in Firefox 146, Firefox ESR 115.31, Firefox ESR 140.6, Thunderbird 146, and Thunderbird 140.6.
CVE-2025-14323 1Mozilla 2Firefox Thunderbird Jun 17, 2026 Dec 9, 2025 N/A· v4 8.8 HIGH· v3 N/A· v2 Privilege escalation in the DOM: Notifications component. This vulnerability was fixed in Firefox 146, Firefox ESR 115.31, Firefox ESR 140.6, Thunderbird 146, and Thunderbird 140.6.
CVE-2025-14322 1Mozilla 2Firefox Thunderbird Jun 17, 2026 Dec 9, 2025 N/A· v4 8.0 HIGH· v3 N/A· v2 Sandbox escape due to incorrect boundary conditions in the Graphics: CanvasWebGL component. This vulnerability was fixed in Firefox 146, Firefox ESR 115.31, Firefox ESR 140.6, Thunderbird 146, and Thunderbird 140.6.
CVE-2025-14321 1Mozilla 2Firefox Thunderbird Jun 17, 2026 Dec 9, 2025 N/A· v4 9.8 CRITICAL· v3 N/A· v2 Use-after-free in the WebRTC: Signaling component. This vulnerability was fixed in Firefox 146, Firefox ESR 140.6, Thunderbird 146, and Thunderbird 140.6.
CVE-2025-66453 1Mozilla 1Rhino Jun 17, 2026 Dec 3, 2025 5.5 MEDIUM· v4 7.5 HIGH· v3 N/A· v2 Rhino is an open-source implementation of JavaScript written entirely in Java. Prior to 1.8.1, 1.7.15.1, and 1.7.14.1, when an application passed an attacker controlled float poing number into the toFixed() function, it...Show more Rhino is an open-source implementation of JavaScript written entirely in Java. Prior to 1.8.1, 1.7.15.1, and 1.7.14.1, when an application passed an attacker controlled float poing number into the toFixed() function, it might lead to high CPU consumption and a potential Denial of Service. Small numbers go through this call stack: NativeNumber.numTo > DToA.JS_dtostr > DToA.JS_dtoa > DToA.pow5mult where pow5mult attempts to raise 5 to a ridiculous power. This vulnerability is fixed in 1.8.1, 1.7.15.1, and 1.7.14.1.Show less
CVE-2025-13027 1Mozilla 1Firefox Jun 17, 2026 Nov 11, 2025 N/A· v4 8.1 HIGH· v3 N/A· v2 Memory safety bugs present in Firefox 144 and Thunderbird 144. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code....Show more Memory safety bugs present in Firefox 144 and Thunderbird 144. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 145 and Thunderbird 145.Show less
CVE-2025-13026 1Mozilla 1Firefox Jun 17, 2026 Nov 11, 2025 N/A· v4 9.8 CRITICAL· v3 N/A· v2 Sandbox escape due to incorrect boundary conditions in the Graphics: WebGPU component. This vulnerability was fixed in Firefox 145 and Thunderbird 145.
CVE-2025-13025 1Mozilla 1Firefox Jun 17, 2026 Nov 11, 2025 N/A· v4 7.5 HIGH· v3 N/A· v2 Incorrect boundary conditions in the Graphics: WebGPU component. This vulnerability was fixed in Firefox 145 and Thunderbird 145.
CVE-2025-13024 1Mozilla 1Firefox Jun 17, 2026 Nov 11, 2025 N/A· v4 9.8 CRITICAL· v3 N/A· v2 JIT miscompilation in the JavaScript Engine: JIT component. This vulnerability was fixed in Firefox 145 and Thunderbird 145.
CVE-2025-13023 1Mozilla 1Firefox Jun 17, 2026 Nov 11, 2025 N/A· v4 9.8 CRITICAL· v3 N/A· v2 Sandbox escape due to incorrect boundary conditions in the Graphics: WebGPU component. This vulnerability was fixed in Firefox 145 and Thunderbird 145.
CVE-2025-13022 1Mozilla 1Firefox Jun 17, 2026 Nov 11, 2025 N/A· v4 9.8 CRITICAL· v3 N/A· v2 Incorrect boundary conditions in the Graphics: WebGPU component. This vulnerability was fixed in Firefox 145 and Thunderbird 145.
CVE-2025-13021 1Mozilla 1Firefox Jun 17, 2026 Nov 11, 2025 N/A· v4 9.8 CRITICAL· v3 N/A· v2 Incorrect boundary conditions in the Graphics: WebGPU component. This vulnerability was fixed in Firefox 145 and Thunderbird 145.
CVE-2025-13020 1Mozilla 1Firefox Jun 17, 2026 Nov 11, 2025 N/A· v4 8.8 HIGH· v3 N/A· v2 Use-after-free in the WebRTC: Audio/Video component. This vulnerability was fixed in Firefox 145, Firefox ESR 140.5, Thunderbird 145, and Thunderbird 140.5.
CVE-2025-13019 1Mozilla 1Firefox Jun 17, 2026 Nov 11, 2025 N/A· v4 8.1 HIGH· v3 N/A· v2 Same-origin policy bypass in the DOM: Workers component. This vulnerability was fixed in Firefox 145, Firefox ESR 140.5, Thunderbird 145, and Thunderbird 140.5.
CVE-2025-13018 1Mozilla 1Firefox Jun 17, 2026 Nov 11, 2025 N/A· v4 8.1 HIGH· v3 N/A· v2 Mitigation bypass in the DOM: Security component. This vulnerability was fixed in Firefox 145, Firefox ESR 140.5, Thunderbird 145, and Thunderbird 140.5.
CVE-2025-13017 1Mozilla 1Firefox Jun 17, 2026 Nov 11, 2025 N/A· v4 8.1 HIGH· v3 N/A· v2 Same-origin policy bypass in the DOM: Notifications component. This vulnerability was fixed in Firefox 145, Firefox ESR 140.5, Thunderbird 145, and Thunderbird 140.5.
CVE-2025-13016 1Mozilla 1Firefox Jun 17, 2026 Nov 11, 2025 N/A· v4 7.5 HIGH· v3 N/A· v2 Incorrect boundary conditions in the JavaScript: WebAssembly component. This vulnerability was fixed in Firefox 145, Firefox ESR 140.5, Thunderbird 145, and Thunderbird 140.5.
CVE-2025-13015 1Mozilla 1Firefox Jun 17, 2026 Nov 11, 2025 N/A· v4 3.4 LOW· v3 N/A· v2 Spoofing issue in Firefox. This vulnerability was fixed in Firefox 145, Firefox ESR 140.5, and Firefox ESR 115.30.
CVE-2025-13014 1Mozilla 1Firefox Jun 17, 2026 Nov 11, 2025 N/A· v4 8.8 HIGH· v3 N/A· v2 Use-after-free in the Audio/Video component. This vulnerability was fixed in Firefox 145, Firefox ESR 140.5, Firefox ESR 115.30, Thunderbird 145, and Thunderbird 140.5.

Previous 1...141516...181 Next