mozilla
3,564 tracked vulnerabilities.
CVE-2025-6431
MEDIUM
Firefox for Android < 140.0 - Improper Authorization via External Application Link Handling
Jun 24, 2025
CVSS 6.5
EPSS 0.00
CVE-2025-6430
MEDIUM
Firefox < 140.0 and 128.12-128.* - Cross-Site Scripting via Embed/Object Tag Content-Disposition Bypass
Jun 24, 2025
CVSS 6.1
EPSS 0.00
CVE-2025-6429
MEDIUM
Firefox < 140.0 and 128.12-128.* - URL Parsing Bypass via Embed Tag
Jun 24, 2025
CVSS 6.5
EPSS 0.00
CVE-2025-6428
MEDIUM
Firefox for Android < 140.0 - URL Redirection via Link Querystring Parameter
Jun 24, 2025
CVSS 4.3
EPSS 0.00
CVE-2025-6427
CRITICAL
Firefox < 140.0 - Content Security Policy Bypass via Subdocument Manipulation
Jun 24, 2025
CVSS 9.1
EPSS 0.00
CVE-2025-6426
HIGH
Firefox < 128.12.0 and 128.12-128.* for macOS - Insufficient Executable File Warning for Terminal Extension
Jun 24, 2025
CVSS 8.8
EPSS 0.00
CVE-2025-6425
MEDIUM
Firefox < 115.25.0, 115.25-115.*, 128.12-128.*, >=140 - Exposure of Sensitive Information via WebCompat Extension
Jun 24, 2025
CVSS 4.3
EPSS 0.00
CVE-2025-6424
CRITICAL
Firefox < 115.25.0, 115.25-115.*, 128.12-128.*, >=140 - Use-After-Free in FontFaceSet
Jun 24, 2025
CVSS 9.8
EPSS 0.01
CVE-2025-5986
MEDIUM
Thunderbird < 128.11.1 and 128.11.1-128.* and >=139.0.2 - Unauthenticated Arbitrary File Download via Crafted HTML Email
Jun 11, 2025
CVSS 6.5
EPSS 0.01
CVE-2025-5687
HIGH
Mozilla VPN < 2.28.0 (macOS) - Privilege Escalation
Jun 11, 2025
CVSS 7.8
EPSS 0.00
CVE-2025-49710
CRITICAL
Firefox < 139.0.4 - Integer Overflow in OrderedHashTable
Jun 11, 2025
CVSS 9.8
EPSS 0.00
CVE-2025-49709
CRITICAL
Firefox < 139.0.4 - Out-of-bounds Write via Canvas Operations
Jun 11, 2025
CVSS 9.8
EPSS 0.00
CVE-2025-5272
HIGH
Firefox and Thunderbird < 139.0 - Out-of-bounds Write
May 27, 2025
CVSS 7.3
EPSS 0.00
CVE-2025-5271
MEDIUM
Firefox < 139.0 - Content Injection via Devtools Response Preview
May 27, 2025
CVSS 6.5
EPSS 0.00
CVE-2025-5270
HIGH
Firefox < 139 - Cleartext Transmission of Sensitive Information via SNI
May 27, 2025
CVSS 7.5
EPSS 0.00
CVE-2025-5269
HIGH
Firefox and Thunderbird < 128.11.0 - Out-of-bounds Write
May 27, 2025
CVSS 8.1
EPSS 0.00
CVE-2025-5268
HIGH
Firefox < 139.0 and Thunderbird < 128.11.0 - Memory Corruption
May 27, 2025
CVSS 8.1
EPSS 0.00
CVE-2025-5267
MEDIUM
Firefox < 139 - Thunderbird < 128.11 - Info Disclosure
May 27, 2025
CVSS 5.4
EPSS 0.00
CVE-2025-5266
MEDIUM
Firefox < 128.11.0, 128.11-128.*, < 139.0, >=139 Sensitive Info Exposure via Cross-Origin Script Load Events
May 27, 2025
CVSS 4.3
EPSS 0.00
CVE-2025-5265
MEDIUM
Firefox < 115.24.0, 115.24-115.*, 128.11-128.*, >=139 - Command Injection via Copy as cURL Feature
May 27, 2025
CVSS 4.8
EPSS 0.00
CVE-2025-5264
MEDIUM
Firefox < 115.24.0, 115.24-115.*, 128.11-128.*, >=139 - Command Injection via Copy as cURL Feature
May 27, 2025
CVSS 4.8
EPSS 0.00
CVE-2025-5263
MEDIUM
Firefox < 115.24.0, 115.24-115.*, 128.11-128.*, >=139 - Origin Validation Error
May 27, 2025
CVSS 4.3
EPSS 0.00
CVE-2025-5262
HIGH
Thunderbird < 128.11.0 and < 139.0 - Use-After-Free in vpx_codec_enc_init_multi
May 27, 2025
CVSS 7.5
EPSS 0.00
CVE-2025-5020
MEDIUM
Firefox for iOS < 139 - URL Spoofing via Non-HTTP Scheme Handler
May 21, 2025
CVSS 4.3
EPSS 0.00
CVE-2025-4919
HIGH
Mozilla Firefox < 115.23.1 - Out-of-Bounds Write
May 17, 2025
CVSS 8.8
EPSS 0.00
Products
firefox 3,130
thunderbird 1,729
seamonkey 704
firefox_esr 488
Firefox 387
Thunderbird 359
thunderbird_esr 228
bugzilla 145
mozilla 108
network_security_services 50
Firefox ESR 44
mozilla_suite 27
firefox_focus 20
firefox_mobile 20
Firefox for iOS 18
focus 15
firefox_os 14
nss 6
Focus for iOS 5
bleach 5
bonsai 4
camino 4
vpn 4
convict 3
netscape_portable_runtime 3
geckodriver 2
mozjpeg 2
nunjucks 2
pollbot 2
webthings_gateway 2
Quick Filters