mozilla
3,619 tracked vulnerabilities.
CVE-2025-2830
MEDIUM
Thunderbird < 128.9.2 and 128.9.2-137.0.2 - Path Traversal and Information Disclosure via Malformed Attachment Filename
Apr 15, 2025
CVSS 6.3
EPSS 0.00
CVE-2025-3608
MEDIUM
Firefox < 137.0.2 - Memory Corruption via Race Condition in nsHttpTransaction
Apr 15, 2025
CVSS 6.5
EPSS 0.00
CVE-2025-3035
MEDIUM
Firefox < 137.0 - Unauthorized Document Title Exposure via AI Chatbot
Apr 01, 2025
CVSS 5.3
EPSS 0.00
CVE-2025-3034
HIGH
Firefox < 137.0 and Thunderbird < 137.0 - Out-of-bounds Write
Apr 01, 2025
CVSS 8.1
EPSS 0.00
CVE-2025-3033
HIGH
Firefox < 137.0 - Arbitrary File Upload via Malicious .url Shortcut
Apr 01, 2025
CVSS 7.7
EPSS 0.00
CVE-2025-3032
HIGH
Firefox < 137.0 and Thunderbird < 137.0 - File Descriptor Leak via Fork Server
Apr 01, 2025
CVSS 7.4
EPSS 0.00
CVE-2025-3031
MEDIUM
Firefox < 137.0 - Exposure of Sensitive Information via JIT Stack Spill
Apr 01, 2025
CVSS 6.5
EPSS 0.00
CVE-2025-3030
HIGH
Firefox < 136.0 and 128.9-128.* - Use-After-Free
Apr 01, 2025
CVSS 8.1
EPSS 0.00
CVE-2025-3029
HIGH
Firefox < 128.9.0 and < 137.0 - Authentication Bypass by Spoofing via Unicode URL
Apr 01, 2025
CVSS 7.3
EPSS 0.00
CVE-2025-3028
MEDIUM
Firefox < 115.22.0, 115.22-115.*, < 128.9.0, 128.9-128.*, >=137 - Use-After-Free via XSLTProcessor
Apr 01, 2025
CVSS 6.5
EPSS 0.01
CVE-2025-2857
CRITICAL
Firefox < 136.0.4, 115.21.1, 128.8.1-128.*, 136.0.4-136.* - Sandbox Escape via IPC Handle Mismanagement
Mar 27, 2025
CVSS 10.0
EPSS 0.02
CVE-2025-26696
HIGH
Thunderbird < 128.8.0 and 128.8-128.* and >=136 - Authentication Bypass by Spoofing via OpenPGP Message Type
Mar 10, 2025
CVSS 7.0
EPSS 0.00
CVE-2025-26695
MEDIUM
Thunderbird < 136 - Info Disclosure
Mar 10, 2025
CVSS 5.3
EPSS 0.00
CVE-2025-27426
MEDIUM
Firefox < 136.0 - URL Spoofing via Server-Side Redirect
Mar 04, 2025
CVSS 5.4
EPSS 0.00
CVE-2025-27425
MEDIUM
Firefox for iOS < 136 - Info Disclosure
Mar 04, 2025
CVSS 4.3
EPSS 0.00
CVE-2025-27424
MEDIUM
Firefox for iOS < 136 - Open Redirect
Mar 04, 2025
CVSS 4.3
EPSS 0.00
CVE-2025-1943
HIGH
Firefox < 136.0 - Heap-based Buffer Overflow
Mar 04, 2025
CVSS 8.2
EPSS 0.00
CVE-2025-1942
CRITICAL
Firefox < 136.0 - Use of Uninitialized Resource via String.toUpperCase()
Mar 04, 2025
CVSS 9.8
EPSS 0.00
CVE-2025-1941
CRITICAL
Firefox < 136.0 - Improper Access Control via Focus Authentication Bypass
Mar 04, 2025
CVSS 9.1
EPSS 0.00
CVE-2025-1940
HIGH
Firefox < 136.0 - UI Spoofing via Select Option Overlay
Mar 04, 2025
CVSS 7.1
EPSS 0.00
CVE-2025-1939
LOW
Firefox < 136.0 - Permission Spoofing via Custom Tabs Transition Animation
Mar 04, 2025
CVSS 3.9
EPSS 0.00
CVE-2025-1938
MEDIUM
Firefox < 136 and Firefox ESR < 128.8 - Out-of-bounds Write
Mar 04, 2025
CVSS 6.5
EPSS 0.00
CVE-2025-1937
HIGH
Firefox < 135.0 and 115.21.0-115.* and Thunderbird < 128.8.0 and 128.8-128.* - Memory Corruption
Mar 04, 2025
CVSS 7.5
EPSS 0.01
CVE-2025-1936
HIGH
Firefox < 136 and Firefox ESR < 128.8 - Web Extension Code Concealment via Null Byte in jar: URL
Mar 04, 2025
CVSS 7.3
EPSS 0.00
CVE-2025-1935
MEDIUM
Firefox < 128.8.0 and < 136.0 - Cross-Site Scripting via Default URL Protocol Handler
Mar 04, 2025
CVSS 4.3
EPSS 0.00
Products
firefox 3,179
thunderbird 1,773
seamonkey 704
firefox_esr 488
Firefox 432
Thunderbird 403
thunderbird_esr 228
bugzilla 145
mozilla 108
network_security_services 50
Firefox ESR 44
mozilla_suite 27
Firefox for iOS 25
firefox_mobile 22
firefox_focus 20
focus 16
firefox_os 14
Focus for iOS 6
nss 6
bleach 5
bonsai 4
camino 4
vpn 4
convict 3
netscape_portable_runtime 3
geckodriver 2
mozjpeg 2
nunjucks 2
pollbot 2
webthings_gateway 2
Quick Filters