← Back

Mozilla

mozilla

3,612 CVEs • 44 products

Products (44)

Click to collapse
Toggle
Firefox
firefox
3,177 CVEs
Thunderbird
thunderbird
1,771 CVEs
Seamonkey
seamonkey
704 CVEs
Firefox Esr
firefox_esr
488 CVEs
Thunderbird Esr
thunderbird_esr
228 CVEs
Bugzilla
bugzilla
145 CVEs
Mozilla
mozilla
108 CVEs
Network Security Services
network_security_services
50 CVEs
Mozilla Suite
mozilla_suite
27 CVEs
Firefox Mobile
firefox_mobile
22 CVEs
Firefox Focus
firefox_focus
20 CVEs
Focus
focus
16 CVEs
Firefox Os
firefox_os
14 CVEs
Nss
nss
6 CVEs
Bleach
bleach
5 CVEs
Bonsai
bonsai
4 CVEs
Camino
camino
4 CVEs
Vpn
vpn
4 CVEs
Netscape Portable Runtime
netscape_portable_runtime
3 CVEs
Convict
convict
3 CVEs
Nunjucks
nunjucks
2 CVEs
Mozjpeg
mozjpeg
2 CVEs
Webthings Gateway
webthings_gateway
2 CVEs
Pollbot
pollbot
2 CVEs
Geckodriver
geckodriver
2 CVEs
Gecko
gecko
1 CVE
Durian Web Application Server
durian_web_application_server
1 CVE
Geckb
geckb
1 CVE
Libxul
libxul
1 CVE
Zamboni
zamboni
1 CVE
Firefoxos
firefoxos
1 CVE
Persona
persona
1 CVE
Hubs Cloud Reticulum
hubs_cloud_reticulum
1 CVE
Hubs Cloud
hubs_cloud
1 CVE
Mozilla Vpn
mozilla_vpn
1 CVE
Nss Esr
nss_esr
1 CVE
Hawk
hawk
1 CVE
Common Voice
common_voice
1 CVE
Sccache
sccache
1 CVE
Neqo
neqo
1 CVE
Rhino
rhino
1 CVE
0din Scanner
0din_scanner
1 CVE
Thin Vec
thin-vec
1 CVE
Klar
klar
1 CVE

CVEs (3,612)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2025-1011
1Mozilla
2Firefox
Thunderbird
Jun 17, 2026
Feb 4, 2025
N/A· v4
8.8 HIGH· v3
N/A· v2
A bug in WebAssembly code generation could have lead to a crash. It may have been possible for an attacker to leverage this to achieve code execution. This vulnerability was fixed in Firefox 135, Firefox ESR 128.7, Thund...Show more
A bug in WebAssembly code generation could have lead to a crash. It may have been possible for an attacker to leverage this to achieve code execution. This vulnerability was fixed in Firefox 135, Firefox ESR 128.7, Thunderbird 128.7, and Thunderbird 135.Show less
CVE-2025-1010
1Mozilla
2Firefox
Thunderbird
Jun 17, 2026
Feb 4, 2025
N/A· v4
8.8 HIGH· v3
N/A· v2
An attacker could have caused a use-after-free via the Custom Highlight API, leading to a potentially exploitable crash. This vulnerability was fixed in Firefox 135, Firefox ESR 115.20, Firefox ESR 128.7, Thunderbird 128...Show more
An attacker could have caused a use-after-free via the Custom Highlight API, leading to a potentially exploitable crash. This vulnerability was fixed in Firefox 135, Firefox ESR 115.20, Firefox ESR 128.7, Thunderbird 128.7, and Thunderbird 135.Show less
CVE-2025-1009
1Mozilla
2Firefox
Thunderbird
Jun 17, 2026
Feb 4, 2025
N/A· v4
9.8 CRITICAL· v3
N/A· v2
An attacker could have caused a use-after-free via crafted XSLT data, leading to a potentially exploitable crash. This vulnerability was fixed in Firefox 135, Firefox ESR 115.20, Firefox ESR 128.7, Thunderbird 128.7, and...Show more
An attacker could have caused a use-after-free via crafted XSLT data, leading to a potentially exploitable crash. This vulnerability was fixed in Firefox 135, Firefox ESR 115.20, Firefox ESR 128.7, Thunderbird 128.7, and Thunderbird 135.Show less
CVE-2025-0510
1Mozilla
1Thunderbird
Jun 17, 2026
Feb 4, 2025
N/A· v4
6.5 MEDIUM· v3
N/A· v2
Thunderbird displayed an incorrect sender address if the From field of an email used the invalid group name syntax that is described in CVE-2024-49040. This vulnerability was fixed in Thunderbird 128.7 and Thunderbird 13...Show more
Thunderbird displayed an incorrect sender address if the From field of an email used the invalid group name syntax that is described in CVE-2024-49040. This vulnerability was fixed in Thunderbird 128.7 and Thunderbird 135.Show less
CVE-2025-23109
1Mozilla
1Firefox
Jun 17, 2026
Jan 11, 2025
N/A· v4
6.5 MEDIUM· v3
N/A· v2
Long hostnames in URLs could be leveraged to obscure the actual host of the website or spoof the website address. This vulnerability was fixed in Firefox for iOS 134.
CVE-2025-23108
1Mozilla
1Firefox
Jun 17, 2026
Jan 11, 2025
N/A· v4
4.3 MEDIUM· v3
N/A· v2
Opening Javascript links in a new tab via long-press in the Firefox iOS client could result in a malicious script spoofing the URL of the new tab. This vulnerability was fixed in Firefox for iOS 134.
CVE-2025-0247
1Mozilla
2Firefox
Thunderbird
Jun 17, 2026
Jan 7, 2025
N/A· v4
9.8 CRITICAL· v3
N/A· v2
Memory safety bugs present in Firefox 133 and Thunderbird 133. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code....Show more
Memory safety bugs present in Firefox 133 and Thunderbird 133. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 134 and Thunderbird 134.Show less
CVE-2025-0246
1Mozilla
1Firefox
Jun 17, 2026
Jan 7, 2025
N/A· v4
6.5 MEDIUM· v3
N/A· v2
When using an invalid protocol scheme, an attacker could spoof the address bar. *Note: This issue only affected Android operating systems. Other operating systems are unaffected.* *Note: This issue is a different issue...Show more
When using an invalid protocol scheme, an attacker could spoof the address bar. *Note: This issue only affected Android operating systems. Other operating systems are unaffected.* *Note: This issue is a different issue from CVE-2025-0244. This vulnerability was fixed in Firefox 134.Show less
CVE-2025-0245
1Mozilla
1Firefox
Jun 17, 2026
Jan 7, 2025
N/A· v4
3.3 LOW· v3
N/A· v2
Under certain circumstances, a user opt-in setting that Focus should require authentication before use could have been be bypassed. This vulnerability was fixed in Firefox 134.
CVE-2025-0244
1Mozilla
1Firefox
Jun 17, 2026
Jan 7, 2025
N/A· v4
5.3 MEDIUM· v3
N/A· v2
When redirecting to an invalid protocol scheme, an attacker could spoof the address bar. *Note: This issue only affected Android operating systems. Other operating systems are unaffected.*. This vulnerability was fixed...Show more
When redirecting to an invalid protocol scheme, an attacker could spoof the address bar. *Note: This issue only affected Android operating systems. Other operating systems are unaffected.*. This vulnerability was fixed in Firefox 134.Show less
CVE-2025-0243
1Mozilla
2Firefox
Thunderbird
Jun 17, 2026
Jan 7, 2025
N/A· v4
5.1 MEDIUM· v3
N/A· v2
Memory safety bugs present in Firefox 133, Thunderbird 133, Firefox ESR 128.5, and Thunderbird 128.5. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could hav...Show more
Memory safety bugs present in Firefox 133, Thunderbird 133, Firefox ESR 128.5, and Thunderbird 128.5. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 134, Firefox ESR 128.6, Thunderbird 134, and Thunderbird 128.6.Show less
CVE-2025-0242
1Mozilla
2Firefox
Thunderbird
Jun 17, 2026
Jan 7, 2025
N/A· v4
6.5 MEDIUM· v3
N/A· v2
Memory safety bugs present in Firefox 133, Thunderbird 133, Firefox ESR 115.18, Firefox ESR 128.5, Thunderbird 115.18, and Thunderbird 128.5. Some of these bugs showed evidence of memory corruption and we presume that wi...Show more
Memory safety bugs present in Firefox 133, Thunderbird 133, Firefox ESR 115.18, Firefox ESR 128.5, Thunderbird 115.18, and Thunderbird 128.5. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 134, Firefox ESR 128.6, Firefox ESR 115.19, Thunderbird 134, and Thunderbird 128.6.Show less
CVE-2025-0241
1Mozilla
2Firefox
Thunderbird
Jun 17, 2026
Jan 7, 2025
N/A· v4
7.7 HIGH· v3
N/A· v2
When segmenting specially crafted text, segmentation would corrupt memory leading to a potentially exploitable crash. This vulnerability was fixed in Firefox 134, Firefox ESR 128.6, Thunderbird 134, and Thunderbird 128.6...Show more
When segmenting specially crafted text, segmentation would corrupt memory leading to a potentially exploitable crash. This vulnerability was fixed in Firefox 134, Firefox ESR 128.6, Thunderbird 134, and Thunderbird 128.6.Show less
CVE-2025-0240
1Mozilla
2Firefox
Thunderbird
Jun 17, 2026
Jan 7, 2025
N/A· v4
4.0 MEDIUM· v3
N/A· v2
Parsing a JavaScript module as JSON could, under some circumstances, cause cross-compartment access, which may result in a use-after-free. This vulnerability was fixed in Firefox 134, Firefox ESR 128.6, Thunderbird 134,...Show more
Parsing a JavaScript module as JSON could, under some circumstances, cause cross-compartment access, which may result in a use-after-free. This vulnerability was fixed in Firefox 134, Firefox ESR 128.6, Thunderbird 134, and Thunderbird 128.6.Show less
CVE-2025-0239
1Mozilla
2Firefox
Thunderbird
Jun 17, 2026
Jan 7, 2025
N/A· v4
4.0 MEDIUM· v3
N/A· v2
When using Alt-Svc, ALPN did not properly validate certificates when the original server is redirecting to an insecure site. This vulnerability was fixed in Firefox 134, Firefox ESR 128.6, Thunderbird 134, and Thunderbir...Show more
When using Alt-Svc, ALPN did not properly validate certificates when the original server is redirecting to an insecure site. This vulnerability was fixed in Firefox 134, Firefox ESR 128.6, Thunderbird 134, and Thunderbird 128.6.Show less
CVE-2025-0238
1Mozilla
2Firefox
Thunderbird
Jun 17, 2026
Jan 7, 2025
N/A· v4
5.3 MEDIUM· v3
N/A· v2
Assuming a controlled failed memory allocation, an attacker could have caused a use-after-free, leading to a potentially exploitable crash. This vulnerability was fixed in Firefox 134, Firefox ESR 128.6, Firefox ESR 115....Show more
Assuming a controlled failed memory allocation, an attacker could have caused a use-after-free, leading to a potentially exploitable crash. This vulnerability was fixed in Firefox 134, Firefox ESR 128.6, Firefox ESR 115.19, Thunderbird 134, and Thunderbird 128.6.Show less
CVE-2025-0237
1Mozilla
2Firefox
Thunderbird
Jun 17, 2026
Jan 7, 2025
N/A· v4
5.4 MEDIUM· v3
N/A· v2
The WebChannel API, which is used to transport various information across processes, did not check the sending principal but rather accepted the principal being sent. This could have led to privilege escalation attacks....Show more
The WebChannel API, which is used to transport various information across processes, did not check the sending principal but rather accepted the principal being sent. This could have led to privilege escalation attacks. This vulnerability was fixed in Firefox 134, Firefox ESR 128.6, Thunderbird 134, and Thunderbird 128.6.Show less
CVE-2024-53976
1Mozilla
1Firefox
Jun 17, 2026
Nov 26, 2024
N/A· v4
5.4 MEDIUM· v3
N/A· v2
Under certain circumstances, navigating to a webpage would result in the address missing from the location URL bar, making it unclear what the URL was for the loaded webpage. This vulnerability affects Firefox for iOS <...Show more
Under certain circumstances, navigating to a webpage would result in the address missing from the location URL bar, making it unclear what the URL was for the loaded webpage. This vulnerability affects Firefox for iOS < 133.Show less
CVE-2024-53975
1Mozilla
1Firefox
Jun 17, 2026
Nov 26, 2024
N/A· v4
5.4 MEDIUM· v3
N/A· v2
Accessing a non-secure HTTP site that uses a non-existent port may cause the SSL padlock icon in the location URL bar to, misleadingly, appear secure. This vulnerability affects Firefox for iOS < 133.
CVE-2024-11708
1Mozilla
2Firefox
Thunderbird
Jun 17, 2026
Nov 26, 2024
N/A· v4
6.5 MEDIUM· v3
N/A· v2
Missing thread synchronization primitives could have led to a data race on members of the PlaybackParams structure. This vulnerability affects Firefox < 133 and Thunderbird < 133.