mozilla

3,564 tracked vulnerabilities.

CVE-2026-8951 MEDIUM
Spoofing issue in the Toolbar component in Firefox for Android
May 19, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-8950 CRITICAL
Same-origin policy bypass in the Networking: HTTP component
May 19, 2026
CVSS 9.3
EPSS 0.00
CVE-2026-8949 HIGH
Integer overflow in the Widget: Win32 component
May 19, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-8948 CRITICAL
Same-origin policy bypass in the DOM: Networking component
May 19, 2026
CVSS 9.1
EPSS 0.00
CVE-2026-8947 HIGH
Use-after-free in the DOM: Bindings (WebIDL) component
May 19, 2026
CVSS 7.3
EPSS 0.00
CVE-2026-8946 HIGH
Incorrect boundary conditions in the Audio/Video: Web Codecs component
May 19, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-8945 HIGH
Sandbox escape in Firefox and Firefox Focus for Android
May 19, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-8401 CRITICAL
Firefox < 150.0.3 - Sandbox Escape via Profile Backup Component
May 12, 2026
CVSS 9.8
EPSS 0.00
CVE-2026-8391 MEDIUM
Firefox < 150.0.3 - Memory Corruption in JavaScript Engine
May 12, 2026
CVSS 5.3
EPSS 0.00
CVE-2026-8390 HIGH
Use-after-free in the JavaScript: WebAssembly component
May 12, 2026
CVSS 7.3
EPSS 0.00
CVE-2026-8389 HIGH
JIT miscompilation in the JavaScript Engine: JIT component
May 12, 2026
CVSS 7.3
EPSS 0.00
CVE-2026-8388 MEDIUM
Incorrect boundary conditions in the JavaScript Engine: JIT component
May 12, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-41512 CRITICAL
Remote code execution via JavaScript injection in `BrowserAutomation::PlaywrightService`
May 08, 2026
CVSS 9.9
EPSS 0.00
CVE-2026-8094 CRITICAL
Mozilla Firefox and Thunderbird 140.10.2 - WebRTC Code Injection
May 07, 2026
CVSS 9.8
EPSS 0.00
CVE-2026-8093 HIGH
Memory safety bugs fixed in Firefox 150.0.2
May 07, 2026
CVSS 8.1
EPSS 0.00
CVE-2026-8092 HIGH
Memory safety bugs fixed in Firefox ESR 115.35.2, Firefox ESR 140.10.2 and Firefox 150.0.2
May 07, 2026
CVSS 8.1
EPSS 0.00
CVE-2026-8091 CRITICAL
Incorrect boundary conditions in the Audio/Video: Playback component
May 07, 2026
CVSS 9.8
EPSS 0.00
CVE-2026-8090 HIGH
Use-after-free in the DOM: Networking component
May 07, 2026
CVSS 7.3
EPSS 0.00
CVE-2026-7324 HIGH
Memory safety bugs fixed in Firefox 150.0.1 and Thunderbird 150.0.1
Apr 28, 2026
CVSS 7.3
EPSS 0.00
CVE-2026-7323 HIGH
Memory safety bugs fixed in Firefox ESR 140.10.1, Thunderbird ESR 140.10.1, Firefox 150.0.1 and Thunderbird 150.0.1
Apr 28, 2026
CVSS 7.3
EPSS 0.00
CVE-2026-7322 HIGH
Memory safety bugs fixed in Firefox ESR 115.35.1, Firefox ESR 140.10.1, Thunderbird ESR 140.10.1, Firefox 150.0.1 and Thunderbird 150.0.1
Apr 28, 2026
CVSS 7.3
EPSS 0.00
CVE-2026-7321 CRITICAL
Sandbox escape due to incorrect boundary conditions in the WebRTC: Networking component
Apr 28, 2026
CVSS 9.6
EPSS 0.00
CVE-2026-7320 HIGH
Information disclosure due to incorrect boundary conditions in the Audio/Video component
Apr 28, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-6786 HIGH
Memory safety bugs fixed in Firefox ESR 140.10, Thunderbird ESR 140.10, Firefox 150 and Thunderbird 150
Apr 26, 2026
CVSS 8.1
EPSS 0.00
CVE-2026-6785 HIGH
Memory safety bugs fixed in Firefox ESR 115.35, Firefox ESR 140.10, Thunderbird ESR 140.10, Firefox 150 and Thunderbird 150
Apr 26, 2026
CVSS 8.1
EPSS 0.00
Products
firefox 3,130 thunderbird 1,729 seamonkey 704 firefox_esr 488 Firefox 387 Thunderbird 359 thunderbird_esr 228 bugzilla 145 mozilla 108 network_security_services 50 Firefox ESR 44 mozilla_suite 27 firefox_focus 20 firefox_mobile 20 Firefox for iOS 18 focus 15 firefox_os 14 nss 6 Focus for iOS 5 bleach 5 bonsai 4 camino 4 vpn 4 convict 3 netscape_portable_runtime 3 geckodriver 2 mozjpeg 2 nunjucks 2 pollbot 2 webthings_gateway 2
Quick Filters
Critical CVEs With Exploits In CISA KEV