mozilla
3,619 tracked vulnerabilities.
CVE-2026-2758
CRITICAL
Firefox < 115.33.0, < 148.0 and Thunderbird < 140.8.0, < 148.0 - Use-After-Free in JavaScript GC
Feb 24, 2026
CVSS 9.8
EPSS 0.00
CVE-2026-2757
CRITICAL
Firefox < 115.33.0, < 148.0 and Thunderbird < 140.8.0, < 148.0 - WebRTC Audio/Video Boundary Error
Feb 24, 2026
CVSS 9.8
EPSS 0.00
CVE-2026-2634
CRITICAL
Firefox for iOS < 147.4 - Address Bar Spoofing via Desynchronization
Feb 24, 2026
CVSS 9.8
EPSS 0.00
CVE-2026-2447
HIGH
Firefox < 115.32.1, 140.7.1-140.*, < 147.0.4 and Thunderbird < 140.7.2, 147.0.2 - Heap-based Buffer Overflow in libvpx
Feb 16, 2026
CVSS 8.8
EPSS 0.01
CVE-2026-2032
MEDIUM
Firefox < 147.2.1 and Firefox for iOS >= 147.2.1 - Address Bar Spoofing via New Tab Page Loading Interruption
Feb 16, 2026
CVSS 4.3
EPSS 0.00
CVE-2026-0818
MEDIUM
Thunderbird < 140.7.1 and 140.* < 140.7.1 and < 147.0.1 - Information Disclosure via CSS and Remote Content
Jan 28, 2026
CVSS 4.3
EPSS 0.00
CVE-2026-24869
HIGH
Firefox < 147.0.2 - Use-After-Free in Layout Scrolling and Overflow
Jan 27, 2026
CVSS 8.8
EPSS 0.00
CVE-2026-24868
MEDIUM
Firefox < 147.0.2 - Privilege Escalation
Jan 27, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-0892
CRITICAL
Firefox and Thunderbird < 147.0 - Memory Corruption
Jan 13, 2026
CVSS 9.8
EPSS 0.00
CVE-2026-0891
HIGH
Firefox and Thunderbird < 147 - Memory Corruption
Jan 13, 2026
CVSS 8.1
EPSS 0.00
CVE-2026-0890
MEDIUM
Firefox < 147.0 and Thunderbird < 147.0 - Authentication Bypass by Spoofing via DOM Copy & Paste and Drag & Drop
Jan 13, 2026
CVSS 5.4
EPSS 0.00
CVE-2026-0889
HIGH
Firefox < 147.0 - Denial of Service in DOM Service Workers
Jan 13, 2026
CVSS 7.5
EPSS 0.01
CVE-2026-0888
MEDIUM
Firefox < 147.0 - Information Disclosure in XML Component
Jan 13, 2026
CVSS 5.3
EPSS 0.00
CVE-2026-0887
MEDIUM
Firefox and Thunderbird < 140.7.0 and < 147.0 - Information Disclosure in PDF Viewer
Jan 13, 2026
CVSS 4.3
EPSS 0.00
CVE-2026-0886
MEDIUM
Firefox < 115.32.0, 140.7-140.*, >=147 - Memory Corruption in Graphics Component
Jan 13, 2026
CVSS 5.3
EPSS 0.00
CVE-2026-0885
MEDIUM
Firefox < 140.7.0 and < 147.0 - Use-After-Free in JavaScript GC
Jan 13, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-0884
CRITICAL
Firefox < 147.0 and < 140.7.0 - Use-After-Free in JavaScript Engine
Jan 13, 2026
CVSS 9.8
EPSS 0.00
CVE-2026-0883
MEDIUM
Firefox < 147 and 140.7-140.* - Information Disclosure in Networking Component
Jan 13, 2026
CVSS 5.3
EPSS 0.00
CVE-2026-0882
HIGH
Firefox <115.32.0, 140.7-140.*, <147.0, >=147 & Thunderbird <140.7.0, 140.7-140.*, <147.0, >=147 - Use-After-Free in IPC
Jan 13, 2026
CVSS 8.8
EPSS 0.00
CVE-2026-0881
CRITICAL
Firefox and Thunderbird < 147.0 - Sandbox Escape via Messaging System Component
Jan 13, 2026
CVSS 10.0
EPSS 0.00
CVE-2026-0880
HIGH
Firefox < 115.32.0 and 140.7-147.0 - Sandbox Escape via Graphics Integer Overflow
Jan 13, 2026
CVSS 8.8
EPSS 0.01
CVE-2026-0879
CRITICAL
Firefox < 115.32.0, 140.7-140.*, <147.0, >=147 - Sandbox Escape via Graphics Component Boundary Condition
Jan 13, 2026
CVSS 9.8
EPSS 0.01
CVE-2026-0878
HIGH
Firefox < 147.0 and 140.7-140.* - Sandbox Escape via CanvasWebGL Boundary Condition Mismanagement
Jan 13, 2026
CVSS 8.0
EPSS 0.00
CVE-2026-0877
HIGH
Firefox <147- Thunderbird <140.7 - Mitigation Bypass
Jan 13, 2026
CVSS 8.1
EPSS 0.00
CVE-2025-14861
HIGH
Firefox < 146.0.1 - Memory Corruption
Dec 18, 2025
CVSS 8.8
EPSS 0.00
Products
firefox 3,179
thunderbird 1,773
seamonkey 704
firefox_esr 488
Firefox 432
Thunderbird 403
thunderbird_esr 228
bugzilla 145
mozilla 108
network_security_services 50
Firefox ESR 44
mozilla_suite 27
Firefox for iOS 25
firefox_mobile 22
firefox_focus 20
focus 16
firefox_os 14
Focus for iOS 6
nss 6
bleach 5
bonsai 4
camino 4
vpn 4
convict 3
netscape_portable_runtime 3
geckodriver 2
mozjpeg 2
nunjucks 2
pollbot 2
webthings_gateway 2
Quick Filters