mozilla
3,619 tracked vulnerabilities.
CVE-2026-8956
CRITICAL
Integer overflow in the Networking: JAR component
May 19, 2026
CVSS 9.8
EPSS 0.01
CVE-2026-8955
HIGH
Privilege escalation in the DOM: Workers component
May 19, 2026
CVSS 8.8
EPSS 0.00
CVE-2026-8954
HIGH
Incorrect boundary conditions, integer overflow in the Audio/Video component
May 19, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-8953
CRITICAL
Sandbox escape due to use-after-free in the Disability Access APIs component
May 19, 2026
CVSS 9.6
EPSS 0.01
CVE-2026-8952
HIGH
Firefox < 151.0.0 and Thunderbird < 151.0.0 - Privilege Escalation in Application Update Component
May 19, 2026
CVSS 8.8
EPSS 0.00
CVE-2026-8951
MEDIUM
Spoofing issue in the Toolbar component in Firefox for Android
May 19, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-8950
CRITICAL
Same-origin policy bypass in the Networking: HTTP component
May 19, 2026
CVSS 9.3
EPSS 0.00
CVE-2026-8949
HIGH
Integer overflow in the Widget: Win32 component
May 19, 2026
CVSS 7.5
EPSS 0.01
CVE-2026-8948
CRITICAL
Same-origin policy bypass in the DOM: Networking component
May 19, 2026
CVSS 9.1
EPSS 0.00
CVE-2026-8947
HIGH
Use-after-free in the DOM: Bindings (WebIDL) component
May 19, 2026
CVSS 7.3
EPSS 0.00
CVE-2026-8946
HIGH
Incorrect boundary conditions in the Audio/Video: Web Codecs component
May 19, 2026
CVSS 7.5
EPSS 0.01
CVE-2026-8945
HIGH
Sandbox escape in Firefox and Firefox Focus for Android
May 19, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-8401
CRITICAL
Firefox < 150.0.3 - Sandbox Escape via Profile Backup Component
May 12, 2026
CVSS 9.8
EPSS 0.00
CVE-2026-8391
MEDIUM
Firefox < 150.0.3 - Memory Corruption in JavaScript Engine
May 12, 2026
CVSS 5.3
EPSS 0.00
CVE-2026-8390
HIGH
Use-after-free in the JavaScript: WebAssembly component
May 12, 2026
CVSS 7.3
EPSS 0.00
CVE-2026-8389
HIGH
JIT miscompilation in the JavaScript Engine: JIT component
May 12, 2026
CVSS 8.8
EPSS 0.00
CVE-2026-8388
MEDIUM
Incorrect boundary conditions in the JavaScript Engine: JIT component
May 12, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-41512
CRITICAL
Remote code execution via JavaScript injection in `BrowserAutomation::PlaywrightService`
May 08, 2026
CVSS 9.9
EPSS 0.01
CVE-2026-8094
CRITICAL
Mozilla Firefox and Thunderbird 140.10.2 - WebRTC Code Injection
May 07, 2026
CVSS 9.8
EPSS 0.00
CVE-2026-8093
HIGH
Memory safety bugs fixed in Firefox 150.0.2
May 07, 2026
CVSS 8.1
EPSS 0.00
CVE-2026-8092
HIGH
Memory safety bugs fixed in Firefox ESR 115.35.2, Firefox ESR 140.10.2 and Firefox 150.0.2
May 07, 2026
CVSS 8.1
EPSS 0.00
CVE-2026-8091
CRITICAL
Incorrect boundary conditions in the Audio/Video: Playback component
May 07, 2026
CVSS 9.8
EPSS 0.00
CVE-2026-8090
HIGH
Use-after-free in the DOM: Networking component
May 07, 2026
CVSS 7.3
EPSS 0.00
CVE-2026-7324
HIGH
Memory safety bugs fixed in Firefox 150.0.1 and Thunderbird 150.0.1
Apr 28, 2026
CVSS 7.3
EPSS 0.00
CVE-2026-7323
HIGH
Memory safety bugs fixed in Firefox ESR 140.10.1, Thunderbird ESR 140.10.1, Firefox 150.0.1 and Thunderbird 150.0.1
Apr 28, 2026
CVSS 7.3
EPSS 0.00
Products
firefox 3,179
thunderbird 1,773
seamonkey 704
firefox_esr 488
Firefox 432
Thunderbird 403
thunderbird_esr 228
bugzilla 145
mozilla 108
network_security_services 50
Firefox ESR 44
mozilla_suite 27
Firefox for iOS 25
firefox_mobile 22
firefox_focus 20
focus 16
firefox_os 14
Focus for iOS 6
nss 6
bleach 5
bonsai 4
camino 4
vpn 4
convict 3
netscape_portable_runtime 3
geckodriver 2
mozjpeg 2
nunjucks 2
pollbot 2
webthings_gateway 2
Quick Filters