mozilla

3,564 tracked vulnerabilities.

CVE-2025-3032 HIGH
Firefox < 137.0 and Thunderbird < 137.0 - File Descriptor Leak via Fork Server
Apr 01, 2025
CVSS 7.4
EPSS 0.00
CVE-2025-3031 MEDIUM
Firefox < 137.0 - Exposure of Sensitive Information via JIT Stack Spill
Apr 01, 2025
CVSS 6.5
EPSS 0.00
CVE-2025-3030 HIGH
Firefox < 136.0 and 128.9-128.* - Use-After-Free
Apr 01, 2025
CVSS 8.1
EPSS 0.00
CVE-2025-3029 HIGH
Firefox < 128.9.0 and < 137.0 - Authentication Bypass by Spoofing via Unicode URL
Apr 01, 2025
CVSS 7.3
EPSS 0.00
CVE-2025-3028 MEDIUM
Firefox < 115.22.0, 115.22-115.*, < 128.9.0, 128.9-128.*, >=137 - Use-After-Free via XSLTProcessor
Apr 01, 2025
CVSS 6.5
EPSS 0.00
CVE-2025-2857 CRITICAL
Firefox < 136.0.4, 115.21.1, 128.8.1-128.*, 136.0.4-136.* - Sandbox Escape via IPC Handle Mismanagement
Mar 27, 2025
CVSS 10.0
EPSS 0.00
CVE-2025-26696 HIGH
Thunderbird < 128.8.0 and 128.8-128.* and >=136 - Authentication Bypass by Spoofing via OpenPGP Message Type
Mar 10, 2025
CVSS 7.0
EPSS 0.00
CVE-2025-26695 MEDIUM
Thunderbird < 136 - Info Disclosure
Mar 10, 2025
CVSS 5.3
EPSS 0.00
CVE-2025-27426 MEDIUM
Firefox < 136.0 - URL Spoofing via Server-Side Redirect
Mar 04, 2025
CVSS 5.4
EPSS 0.00
CVE-2025-27425 MEDIUM
Firefox for iOS < 136 - Info Disclosure
Mar 04, 2025
CVSS 4.3
EPSS 0.00
CVE-2025-27424 MEDIUM
Firefox for iOS < 136 - Open Redirect
Mar 04, 2025
CVSS 4.3
EPSS 0.00
CVE-2025-1943 HIGH
Firefox < 136.0 - Heap-based Buffer Overflow
Mar 04, 2025
CVSS 8.2
EPSS 0.00
CVE-2025-1942 CRITICAL
Firefox < 136.0 - Use of Uninitialized Resource via String.toUpperCase()
Mar 04, 2025
CVSS 9.8
EPSS 0.00
CVE-2025-1941 CRITICAL
Firefox < 136.0 - Improper Access Control via Focus Authentication Bypass
Mar 04, 2025
CVSS 9.1
EPSS 0.00
CVE-2025-1940 HIGH
Firefox < 136.0 - UI Spoofing via Select Option Overlay
Mar 04, 2025
CVSS 7.1
EPSS 0.00
CVE-2025-1939 LOW
Firefox < 136.0 - Permission Spoofing via Custom Tabs Transition Animation
Mar 04, 2025
CVSS 3.9
EPSS 0.00
CVE-2025-1938 MEDIUM
Firefox < 136 and Firefox ESR < 128.8 - Out-of-bounds Write
Mar 04, 2025
CVSS 6.5
EPSS 0.00
CVE-2025-1937 HIGH
Firefox < 135.0 and 115.21.0-115.* and Thunderbird < 128.8.0 and 128.8-128.* - Memory Corruption
Mar 04, 2025
CVSS 7.5
EPSS 0.00
CVE-2025-1936 HIGH
Firefox < 136 and Firefox ESR < 128.8 - Web Extension Code Concealment via Null Byte in jar: URL
Mar 04, 2025
CVSS 7.3
EPSS 0.00
CVE-2025-1935 MEDIUM
Firefox < 128.8.0 and < 136.0 - Cross-Site Scripting via Default URL Protocol Handler
Mar 04, 2025
CVSS 4.3
EPSS 0.00
CVE-2025-1934 MEDIUM
Firefox < 136.0 and 128.8-128.* - Remote Code Execution via RegExp Bailout Interruption
Mar 04, 2025
CVSS 6.5
EPSS 0.00
CVE-2025-1933 HIGH
Firefox <115.21.0, 115.21-115.*, <136.0, >=136; Thunderbird <128.8, >=128.8-128.*, >=136 Type Confusion
Mar 04, 2025
CVSS 7.6
EPSS 0.00
CVE-2025-1932 HIGH
Firefox < 136 and Firefox ESR < 128.8 - Out-of-bounds Read in XSLT Node Sorter
Mar 04, 2025
CVSS 8.1
EPSS 0.00
CVE-2025-1931 HIGH
Firefox <136-0 & Thunderbird <128.8 - Use After Free
Mar 04, 2025
CVSS 7.5
EPSS 0.00
CVE-2025-1930 HIGH
Firefox <115.21.0, 115.21-115.*, <128.8, 128.8-128.*, >=136 & Thunderbird <128.8, 128.8-128.*, >=136 Use-After-Free
Mar 04, 2025
CVSS 8.8
EPSS 0.00
Products
firefox 3,130 thunderbird 1,729 seamonkey 704 firefox_esr 488 Firefox 387 Thunderbird 359 thunderbird_esr 228 bugzilla 145 mozilla 108 network_security_services 50 Firefox ESR 44 mozilla_suite 27 firefox_focus 20 firefox_mobile 20 Firefox for iOS 18 focus 15 firefox_os 14 nss 6 Focus for iOS 5 bleach 5 bonsai 4 camino 4 vpn 4 convict 3 netscape_portable_runtime 3 geckodriver 2 mozjpeg 2 nunjucks 2 pollbot 2 webthings_gateway 2
Quick Filters
Critical CVEs With Exploits In CISA KEV