mozilla
3,619 tracked vulnerabilities.
CVE-2025-1934
MEDIUM
Firefox < 136.0 and 128.8-128.* - Remote Code Execution via RegExp Bailout Interruption
Mar 04, 2025
CVSS 6.5
EPSS 0.00
CVE-2025-1933
HIGH
Firefox <115.21.0, 115.21-115.*, <136.0, >=136; Thunderbird <128.8, >=128.8-128.*, >=136 Type Confusion
Mar 04, 2025
CVSS 7.6
EPSS 0.00
CVE-2025-1932
HIGH
Firefox < 136 and Firefox ESR < 128.8 - Out-of-bounds Read in XSLT Node Sorter
Mar 04, 2025
CVSS 8.1
EPSS 0.00
CVE-2025-1931
HIGH
Firefox <136-0 & Thunderbird <128.8 - Use After Free
Mar 04, 2025
CVSS 7.5
EPSS 0.00
CVE-2025-1930
HIGH
Firefox <115.21.0, 115.21-115.*, <128.8, 128.8-128.*, >=136 & Thunderbird <128.8, 128.8-128.*, >=136 Use-After-Free
Mar 04, 2025
CVSS 8.8
EPSS 0.00
CVE-2025-1414
MEDIUM
Firefox < 135.0.1 - Out-of-bounds Write
Feb 18, 2025
CVSS 6.5
EPSS 0.00
CVE-2025-1020
CRITICAL
Firefox < 135.0 and Thunderbird 131.0-134.0 - Out-of-bounds Write
Feb 04, 2025
CVSS 9.8
EPSS 0.01
CVE-2025-1019
MEDIUM
Firefox < 135.0 and Thunderbird 131.0-134.0 - UI Spoofing via Fullscreen Notification Z-Order Manipulation
Feb 04, 2025
CVSS 4.3
EPSS 0.00
CVE-2025-1018
MEDIUM
Firefox < 135.0 - UI Spoofing via Premature Fullscreen Notification Hiding
Feb 04, 2025
CVSS 5.3
EPSS 0.00
CVE-2025-1017
CRITICAL
Firefox <135, Thunderbird <135 - Memory Corruption
Feb 04, 2025
CVSS 9.8
EPSS 0.01
CVE-2025-1016
CRITICAL
Firefox < 115.20.0, 115.20-115.*, 128.7-128.*, >=135 - Out-of-bounds Write
Feb 04, 2025
CVSS 9.8
EPSS 0.01
CVE-2025-1015
MEDIUM
Thunderbird 128.0.1-128.6.9, 128.7-128.*, >=135 - Stored Cross-Site Scripting via Address Book URI Field Import
Feb 04, 2025
CVSS 5.4
EPSS 0.01
CVE-2025-1014
HIGH
Firefox < 128.7.0 and < 135.0 - Improper Certificate Validation
Feb 04, 2025
CVSS 8.8
EPSS 0.00
CVE-2025-1013
MEDIUM
Firefox < 135.0 and 128.7-128.* - Privacy Leak via Race Condition in Private Browsing Tab Handling
Feb 04, 2025
CVSS 6.5
EPSS 0.00
CVE-2025-1012
HIGH
Firefox < 115.20.0, 115.20-115.*, 128.7-128.*, >=135 - Use-After-Free via Concurrent Delazification
Feb 04, 2025
CVSS 7.5
EPSS 0.00
CVE-2025-1011
HIGH
Firefox < 135.0 and Thunderbird < 135.0 - Remote Code Execution via WebAssembly Code Generation
Feb 04, 2025
CVSS 8.8
EPSS 0.01
CVE-2025-1010
HIGH
Firefox < 115.20.0, < 135.0 and Thunderbird >=128.0.1 <128.7.0, >=131.0 <135.0 - Use-After-Free via Custom Highlight API
Feb 04, 2025
CVSS 8.8
EPSS 0.00
CVE-2025-1009
CRITICAL
Firefox < 115.20.0 and < 135.0 - Use-After-Free via Crafted XSLT Data
Feb 04, 2025
CVSS 9.8
EPSS 0.01
CVE-2025-0510
MEDIUM
Thunderbird <128.7 - Info Disclosure
Feb 04, 2025
CVSS 6.5
EPSS 0.00
CVE-2025-23720
HIGH
Web Push <= 1.4.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting
Jan 16, 2025
CVSS 7.1
EPSS 0.00
CVE-2025-23109
MEDIUM
Firefox < 134.0 - URL Spoofing via Long Hostnames
Jan 11, 2025
CVSS 6.5
EPSS 0.00
CVE-2025-23108
MEDIUM
Firefox for iOS < 134 - URL Spoofing via JavaScript Link Long-Press
Jan 11, 2025
CVSS 4.3
EPSS 0.00
CVE-2025-0247
CRITICAL
Firefox and Thunderbird < 134.0 - Out-of-bounds Write
Jan 07, 2025
CVSS 9.8
EPSS 0.09
CVE-2025-0246
MEDIUM
Firefox < 134.0 - Address Bar Spoofing via Invalid Protocol Scheme
Jan 07, 2025
CVSS 6.5
EPSS 0.00
CVE-2025-0245
LOW
Firefox < 134.0 - Authentication Bypass in Focus Mode
Jan 07, 2025
CVSS 3.3
EPSS 0.00
Products
firefox 3,179
thunderbird 1,773
seamonkey 704
firefox_esr 488
Firefox 432
Thunderbird 403
thunderbird_esr 228
bugzilla 145
mozilla 108
network_security_services 50
Firefox ESR 44
mozilla_suite 27
Firefox for iOS 25
firefox_mobile 22
firefox_focus 20
focus 16
firefox_os 14
Focus for iOS 6
nss 6
bleach 5
bonsai 4
camino 4
vpn 4
convict 3
netscape_portable_runtime 3
geckodriver 2
mozjpeg 2
nunjucks 2
pollbot 2
webthings_gateway 2
Quick Filters