mozilla
3,619 tracked vulnerabilities.
CVE-2025-5264
MEDIUM
Firefox < 115.24.0, 115.24-115.*, 128.11-128.*, >=139 - Command Injection via Copy as cURL Feature
May 27, 2025
CVSS 4.8
EPSS 0.00
CVE-2025-5263
MEDIUM
Firefox < 115.24.0, 115.24-115.*, 128.11-128.*, >=139 - Origin Validation Error
May 27, 2025
CVSS 4.3
EPSS 0.00
CVE-2025-5262
HIGH
Thunderbird < 128.11.0 and < 139.0 - Use-After-Free in vpx_codec_enc_init_multi
May 27, 2025
CVSS 7.5
EPSS 0.00
CVE-2025-5020
MEDIUM
Firefox for iOS < 139 - URL Spoofing via Non-HTTP Scheme Handler
May 21, 2025
CVSS 4.3
EPSS 0.00
CVE-2025-4919
HIGH
Mozilla Firefox < 115.23.1 - Out-of-Bounds Write
May 17, 2025
CVSS 8.8
EPSS 0.06
CVE-2025-4918
CRITICAL
Mozilla Firefox < 115.23.1 - Out-of-Bounds Write
May 17, 2025
CVSS 9.8
EPSS 0.09
CVE-2025-3932
MEDIUM
Thunderbird < 128.10.1, < 138.0.1 - XSS
May 14, 2025
CVSS 6.5
EPSS 0.00
CVE-2025-3909
HIGH
Thunderbird <128.10.1, 128.10.1-128.*, >=138.0.1 - JavaScript Execution via X-Mozilla-External-Attachment-URL
May 14, 2025
CVSS 8.1
EPSS 0.00
CVE-2025-3875
HIGH
Thunderbird < 128.10.0, 128.10.1-128.*, >=138.0.1 - Sender Spoofing via Invalid From Header Parsing
May 14, 2025
CVSS 7.5
EPSS 0.00
CVE-2025-3859
MEDIUM
Mozilla Firefox Focus < 138.0 - User Interface Misrepresentation via URL Eliding
Apr 30, 2025
CVSS 6.1
EPSS 0.00
CVE-2025-4093
HIGH
Firefox ESR 128.9 and Thunderbird 128.9 - Memory Corruption
Apr 29, 2025
CVSS 8.1
EPSS 0.00
CVE-2025-4092
MEDIUM
Firefox < 138.0 and Thunderbird < 138.0 - Memory Corruption
Apr 29, 2025
CVSS 6.5
EPSS 0.00
CVE-2025-4091
HIGH
Firefox < 138.0 and < 128.10 - Memory Corruption
Apr 29, 2025
CVSS 8.1
EPSS 0.00
CVE-2025-4090
MEDIUM
Firefox and Thunderbird < 138.0 - Sensitive Information Exposure via Logcat
Apr 29, 2025
CVSS 5.3
EPSS 0.00
CVE-2025-4089
MEDIUM
Firefox < 138.0 - Command Injection via Copy as cURL Feature
Apr 29, 2025
CVSS 5.1
EPSS 0.00
CVE-2025-4088
MEDIUM
Firefox and Thunderbird < 138.0 - Cross-Site Request Forgery via Storage Access API Redirect
Apr 29, 2025
CVSS 6.5
EPSS 0.00
CVE-2025-4087
MEDIUM
Firefox < 138.0 and < 128.10 - Out-of-bounds Read in XPath Parser
Apr 29, 2025
CVSS 4.8
EPSS 0.00
CVE-2025-4086
MEDIUM
Thunderbird for Android - Info Disclosure
Apr 29, 2025
CVSS 6.5
EPSS 0.00
CVE-2025-4085
HIGH
Firefox < 138.0 and Thunderbird < 138.0 - Privilege Escalation via UITour Actor
Apr 29, 2025
CVSS 7.1
EPSS 0.00
CVE-2025-4084
MEDIUM
Firefox <128.10 - Local Code Execution
Apr 29, 2025
CVSS 5.7
EPSS 0.00
CVE-2025-4083
CRITICAL
Thunderbird <138 - Sandbox Escape
Apr 29, 2025
CVSS 9.1
EPSS 0.00
CVE-2025-4082
MEDIUM
Firefox <115.23, 115.23-115.*, <138.0, >=138; Thunderbird <128.10.0, 128.10-128.*, >=138 - Out-of-bounds Read via WebGL
Apr 29, 2025
CVSS 5.9
EPSS 0.00
CVE-2025-2817
HIGH
Firefox <115.23.0, 115.23-115.*, <128.10.0, 128.10-128.*, >=138 Privilege Escalation via Update Mechanism
Apr 29, 2025
CVSS 8.8
EPSS 0.01
CVE-2025-3523
MEDIUM
Thunderbird < 137.0.2-< 128.9.2 - Info Disclosure
Apr 15, 2025
CVSS 6.4
EPSS 0.00
CVE-2025-3522
MEDIUM
Thunderbird < 128.9.2 and 128.9.2-137.0.1 - URL Redirection via X-Mozilla-External-Attachment-URL
Apr 15, 2025
CVSS 6.3
EPSS 0.00
Products
firefox 3,179
thunderbird 1,773
seamonkey 704
firefox_esr 488
Firefox 432
Thunderbird 403
thunderbird_esr 228
bugzilla 145
mozilla 108
network_security_services 50
Firefox ESR 44
mozilla_suite 27
Firefox for iOS 25
firefox_mobile 22
firefox_focus 20
focus 16
firefox_os 14
Focus for iOS 6
nss 6
bleach 5
bonsai 4
camino 4
vpn 4
convict 3
netscape_portable_runtime 3
geckodriver 2
mozjpeg 2
nunjucks 2
pollbot 2
webthings_gateway 2
Quick Filters