mozilla

3,619 tracked vulnerabilities.

CVE-2026-2758 CRITICAL
Firefox < 115.33.0, < 148.0 and Thunderbird < 140.8.0, < 148.0 - Use-After-Free in JavaScript GC
Feb 24, 2026
CVSS 9.8
EPSS 0.00
CVE-2026-2757 CRITICAL
Firefox < 115.33.0, < 148.0 and Thunderbird < 140.8.0, < 148.0 - WebRTC Audio/Video Boundary Error
Feb 24, 2026
CVSS 9.8
EPSS 0.00
CVE-2026-2634 CRITICAL
Firefox for iOS < 147.4 - Address Bar Spoofing via Desynchronization
Feb 24, 2026
CVSS 9.8
EPSS 0.00
CVE-2026-2447 HIGH
Firefox < 115.32.1, 140.7.1-140.*, < 147.0.4 and Thunderbird < 140.7.2, 147.0.2 - Heap-based Buffer Overflow in libvpx
Feb 16, 2026
CVSS 8.8
EPSS 0.01
CVE-2026-2032 MEDIUM
Firefox < 147.2.1 and Firefox for iOS >= 147.2.1 - Address Bar Spoofing via New Tab Page Loading Interruption
Feb 16, 2026
CVSS 4.3
EPSS 0.00
CVE-2026-0818 MEDIUM
Thunderbird < 140.7.1 and 140.* < 140.7.1 and < 147.0.1 - Information Disclosure via CSS and Remote Content
Jan 28, 2026
CVSS 4.3
EPSS 0.00
CVE-2026-24869 HIGH
Firefox < 147.0.2 - Use-After-Free in Layout Scrolling and Overflow
Jan 27, 2026
CVSS 8.8
EPSS 0.00
CVE-2026-24868 MEDIUM
Firefox < 147.0.2 - Privilege Escalation
Jan 27, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-0892 CRITICAL
Firefox and Thunderbird < 147.0 - Memory Corruption
Jan 13, 2026
CVSS 9.8
EPSS 0.00
CVE-2026-0891 HIGH
Firefox and Thunderbird < 147 - Memory Corruption
Jan 13, 2026
CVSS 8.1
EPSS 0.00
CVE-2026-0890 MEDIUM
Firefox < 147.0 and Thunderbird < 147.0 - Authentication Bypass by Spoofing via DOM Copy & Paste and Drag & Drop
Jan 13, 2026
CVSS 5.4
EPSS 0.00
CVE-2026-0889 HIGH
Firefox < 147.0 - Denial of Service in DOM Service Workers
Jan 13, 2026
CVSS 7.5
EPSS 0.01
CVE-2026-0888 MEDIUM
Firefox < 147.0 - Information Disclosure in XML Component
Jan 13, 2026
CVSS 5.3
EPSS 0.00
CVE-2026-0887 MEDIUM
Firefox and Thunderbird < 140.7.0 and < 147.0 - Information Disclosure in PDF Viewer
Jan 13, 2026
CVSS 4.3
EPSS 0.00
CVE-2026-0886 MEDIUM
Firefox < 115.32.0, 140.7-140.*, >=147 - Memory Corruption in Graphics Component
Jan 13, 2026
CVSS 5.3
EPSS 0.00
CVE-2026-0885 MEDIUM
Firefox < 140.7.0 and < 147.0 - Use-After-Free in JavaScript GC
Jan 13, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-0884 CRITICAL
Firefox < 147.0 and < 140.7.0 - Use-After-Free in JavaScript Engine
Jan 13, 2026
CVSS 9.8
EPSS 0.00
CVE-2026-0883 MEDIUM
Firefox < 147 and 140.7-140.* - Information Disclosure in Networking Component
Jan 13, 2026
CVSS 5.3
EPSS 0.00
CVE-2026-0882 HIGH
Firefox <115.32.0, 140.7-140.*, <147.0, >=147 & Thunderbird <140.7.0, 140.7-140.*, <147.0, >=147 - Use-After-Free in IPC
Jan 13, 2026
CVSS 8.8
EPSS 0.00
CVE-2026-0881 CRITICAL
Firefox and Thunderbird < 147.0 - Sandbox Escape via Messaging System Component
Jan 13, 2026
CVSS 10.0
EPSS 0.00
CVE-2026-0880 HIGH
Firefox < 115.32.0 and 140.7-147.0 - Sandbox Escape via Graphics Integer Overflow
Jan 13, 2026
CVSS 8.8
EPSS 0.01
CVE-2026-0879 CRITICAL
Firefox < 115.32.0, 140.7-140.*, <147.0, >=147 - Sandbox Escape via Graphics Component Boundary Condition
Jan 13, 2026
CVSS 9.8
EPSS 0.01
CVE-2026-0878 HIGH
Firefox < 147.0 and 140.7-140.* - Sandbox Escape via CanvasWebGL Boundary Condition Mismanagement
Jan 13, 2026
CVSS 8.0
EPSS 0.00
CVE-2026-0877 HIGH
Firefox <147- Thunderbird <140.7 - Mitigation Bypass
Jan 13, 2026
CVSS 8.1
EPSS 0.00
CVE-2025-14861 HIGH
Firefox < 146.0.1 - Memory Corruption
Dec 18, 2025
CVSS 8.8
EPSS 0.00