mozilla

3,564 tracked vulnerabilities.

CVE-2025-1414 MEDIUM
Firefox < 135.0.1 - Out-of-bounds Write
Feb 18, 2025
CVSS 6.5
EPSS 0.00
CVE-2025-1020 CRITICAL
Firefox < 135.0 and Thunderbird 131.0-134.0 - Out-of-bounds Write
Feb 04, 2025
CVSS 9.8
EPSS 0.01
CVE-2025-1019 MEDIUM
Firefox < 135.0 and Thunderbird 131.0-134.0 - UI Spoofing via Fullscreen Notification Z-Order Manipulation
Feb 04, 2025
CVSS 4.3
EPSS 0.00
CVE-2025-1018 MEDIUM
Firefox < 135.0 - UI Spoofing via Premature Fullscreen Notification Hiding
Feb 04, 2025
CVSS 5.3
EPSS 0.00
CVE-2025-1017 CRITICAL
Firefox <135, Thunderbird <135 - Memory Corruption
Feb 04, 2025
CVSS 9.8
EPSS 0.00
CVE-2025-1016 CRITICAL
Firefox < 115.20.0, 115.20-115.*, 128.7-128.*, >=135 - Out-of-bounds Write
Feb 04, 2025
CVSS 9.8
EPSS 0.00
CVE-2025-1015 MEDIUM
Thunderbird 128.0.1-128.6.9, 128.7-128.*, >=135 - Stored Cross-Site Scripting via Address Book URI Field Import
Feb 04, 2025
CVSS 5.4
EPSS 0.24
CVE-2025-1014 HIGH
Firefox < 128.7.0 and < 135.0 - Improper Certificate Validation
Feb 04, 2025
CVSS 8.8
EPSS 0.00
CVE-2025-1013 MEDIUM
Firefox < 135.0 and 128.7-128.* - Privacy Leak via Race Condition in Private Browsing Tab Handling
Feb 04, 2025
CVSS 6.5
EPSS 0.00
CVE-2025-1012 HIGH
Firefox < 115.20.0, 115.20-115.*, 128.7-128.*, >=135 - Use-After-Free via Concurrent Delazification
Feb 04, 2025
CVSS 7.5
EPSS 0.00
CVE-2025-1011 HIGH
Firefox < 135.0 and Thunderbird < 135.0 - Remote Code Execution via WebAssembly Code Generation
Feb 04, 2025
CVSS 8.8
EPSS 0.00
CVE-2025-1010 HIGH
Firefox < 115.20.0, < 135.0 and Thunderbird >=128.0.1 <128.7.0, >=131.0 <135.0 - Use-After-Free via Custom Highlight API
Feb 04, 2025
CVSS 8.8
EPSS 0.00
CVE-2025-1009 CRITICAL
Firefox < 115.20.0 and < 135.0 - Use-After-Free via Crafted XSLT Data
Feb 04, 2025
CVSS 9.8
EPSS 0.01
CVE-2025-0510 MEDIUM
Thunderbird <128.7 - Info Disclosure
Feb 04, 2025
CVSS 6.5
EPSS 0.01
CVE-2025-23720 HIGH
Web Push <= 1.4.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting
Jan 16, 2025
CVSS 7.1
EPSS 0.00
CVE-2025-23109 MEDIUM
Firefox < 134.0 - URL Spoofing via Long Hostnames
Jan 11, 2025
CVSS 6.5
EPSS 0.01
CVE-2025-23108 MEDIUM
Firefox for iOS < 134 - URL Spoofing via JavaScript Link Long-Press
Jan 11, 2025
CVSS 4.3
EPSS 0.01
CVE-2025-0247 CRITICAL
Firefox and Thunderbird < 134.0 - Out-of-bounds Write
Jan 07, 2025
CVSS 9.8
EPSS 0.15
CVE-2025-0246 MEDIUM
Firefox < 134.0 - Address Bar Spoofing via Invalid Protocol Scheme
Jan 07, 2025
CVSS 6.5
EPSS 0.00
CVE-2025-0245 LOW
Firefox < 134.0 - Authentication Bypass in Focus Mode
Jan 07, 2025
CVSS 3.3
EPSS 0.00
CVE-2025-0244 MEDIUM
Firefox < 134.0 - Address Bar Spoofing via Invalid Protocol Scheme Redirect
Jan 07, 2025
CVSS 5.3
EPSS 0.07
CVE-2025-0243 MEDIUM
Firefox <134 - Firefox ESR <128.6 - Memory Corruption
Jan 07, 2025
CVSS 5.1
EPSS 0.00
CVE-2025-0242 MEDIUM
Firefox <115.19.0, 115.19-115.*, <128.6.0, 128.6-128.*, >=134 & Thunderbird <128.6.0, 128.6-128.*, >=134 OOB Write
Jan 07, 2025
CVSS 6.5
EPSS 0.02
CVE-2025-0241 HIGH
Firefox < 134.0 and 128.6-128.* - Use-After-Free via Text Segmentation
Jan 07, 2025
CVSS 7.7
EPSS 0.00
CVE-2025-0240 MEDIUM
Firefox < 134 & Thunderbird < 134 - Use After Free
Jan 07, 2025
CVSS 4.0
EPSS 0.00
Products
firefox 3,130 thunderbird 1,729 seamonkey 704 firefox_esr 488 Firefox 387 Thunderbird 359 thunderbird_esr 228 bugzilla 145 mozilla 108 network_security_services 50 Firefox ESR 44 mozilla_suite 27 firefox_focus 20 firefox_mobile 20 Firefox for iOS 18 focus 15 firefox_os 14 nss 6 Focus for iOS 5 bleach 5 bonsai 4 camino 4 vpn 4 convict 3 netscape_portable_runtime 3 geckodriver 2 mozjpeg 2 nunjucks 2 pollbot 2 webthings_gateway 2
Quick Filters
Critical CVEs With Exploits In CISA KEV